If You Don’t Know Your Recovery Time & Recovery Point Objectives You Could Be in Big Trouble


RPO (recovery point objective) and RTO (recovery time objective) are two crucial calculations you need to understand when it comes to disaster recovery and business continuity. Below, we’ll give a definition of both and explore why they’re important to small and medium-sized businesses. 

RPO – Recovery Point Objective

Let’s begin with RPO. At its core, this metric defines the amount of time – in hours and minutes – you have before downtime, a ransomware attack or any other incident that takes you offline causes you to lose an unacceptable amount of data. In layman’s terms, RPO refers to how much data your company can lose before the bottom line is harmed. The amount of data you deem unacceptable within your organization will depend on unique factors. It should also be pre-defined in your business continuity plan. Factors that dictate your RPO include the sector within which you operate, the types of data you store and how frequently you conduct backups. 

RTO – Recovery Time Objective

Next is RTO – a metric that defines the amount of time it should take you to recover from a disaster. Similarly to RPO, your organization’s RTO will be unique to your business. Businesses, for example, in highly-regulated industries like healthcare or finance will have a much shorter RTO than a brick and mortar retailer. Your RTO needs to be clearly stated in your disaster recovery plan. You need to support this metric with clear guidance on how to get back up and running, so you can meet the time objective you’ve set. 

What’s More Important: RPO or RTO?

RPO and RTO are like two sides of the same coin. One isn’t more important than the other, and you shouldn’t only focus on one for the sake of the other. You need to calculate both to ensure a robust disaster recovery plan. 

How to Calculate RPO and RTO for Your Business

As we’ve mentioned, your RPO and RTO will be unique to your business. These metrics vary widely from company to company, depending on the sector, the criticality of the data a company handles and its dependence on IT. If you’re an e-commerce website or application, your RPO and RTO will likely be just a matter of seconds. However, for most businesses, RPO and RTO tend to be between one and three hours as a ballpark figure. Once you’ve figured out your RTO and RPO, you need to add them to your Disaster Recovery Plan – and make sure that everyone involved in incident response, disaster recovery and business continuity within your business is clued up on these objectives.

Why Your Organization Must Have a Disaster Recovery Plan

RPO and RTO are meaningless unless they’re framed within the broader context of a disaster recovery plan. By this, we mean a document that provides guidelines on how to respond to, and recover from, an unforeseen disaster. A disaster could be anything – a natural disaster like a flood, a cyber-attack, power cut or, as we experienced in 2020, a pandemic. If you’re not sure how to get started then don’t fret. You’re not alone. Research shows that 16% of SMBs don’t know their RTO and more than 20% haven’t instituted a disaster recovery plan.

Often, SMBs don’t have the internal ICT and security expertise to feel confident in their disaster recovery efforts. Maybe you have a plan in place, but haven’t thought about RTO and RPO. Alternatively, this might be the first time you’re thinking about disaster recovery! No matter where you are, it’s never too late to get started. In fact, the sooner you figure out your RTO and RPO, and implement a disaster recovery plan, the better! Your disaster recovery plan will help you weather the worst-case scenario, enabling you to bounce back quickly from disruption, reduce financial losses and keep your brand’s reputation. 

Look to Outsourcing to Plug Disaster Recovery Gaps and Bolster Your Defenses 

For SMBs who lack internal IT resources, outsourcing disaster recovery is a great way to go. An outsourced IT provider can help you with a range of processes, including day-to-day management of your IT estate, disaster recovery planning, and management in the event of a disaster. Often, hiring outsourced expertise is much cheaper than employing a full-time member of IT staff. Plus, instead of getting the expertise of one individual, you get access to the brains of a whole team of qualified experts – all of whom will help you to find new efficiencies through IT and stay secure. 

Get Help With Disaster Recovery and Business Continuity 

At Copperband, we have a lot of experience helping southern Kentucky and Middle Tennessee businesses just like yours to implement robust disaster recovery plans. We’re here to help! Get in touch with us anytime and one of our experts will get back to you as soon as possible. Call 931.263.8000 or reach us online.