The Difference Between RPO & RTO and Why It Matters

by | Jul 21, 2020 | ZAG Standards

When disaster strikes, be it a cyberattack, an earthquake, or a hurricane, it costs business an average of $4,000 to $8,000 a second in losses; direct, incidental, and recovery costs. With every second costing money, the ability to bring your business back up and running quickly is a crucial asset. That is why it is vital to have a Disaster Recovery Plan in place. A big part of Disaster Recovery planning is understanding the concepts of RPO and RTO, which are the metrics that help you determine acceptable data loss and recovery time.

Illustration of RPO and RTO timeline

What is RPO?

RPO, three little letters that stand for such a big metric when dealing with Disaster Recovery. RPO stands for Recovery Point Objective; It is the measure of how much data is lost as a result of a disaster event, and how much time we can afford to have between the creation of backups.

How Do We Use RPO?

We use the RPO metric for the following:

  • How far back IT must go to obtain functional data.
  • How far back must we backup our data in case we have an actual disaster and need to rely on the backed-up data.
  • How much data is lost following this disaster.

These three things, while similar, are different and very specific in how your RPO is calculated. For example, if you only perform a backup of an application once every night and that application has new data every 4 hours then you will lose 20 hours of new data if you have a disastrous event. Hence your RPO for this application would not be covered. This now causes you to change your backup of the application to every 4 hours to cover the associated RPO.

What is RTO?

Likewise, RTO is a critical metric to your Disaster Recovery Plan.  RTO stands for Recovery Time Objective, i.e. how much time it will take to get back up and running from a disaster. This metric is just as important as RPO because this tells you how long the business will be without IT services.

How Do We Use RTO?

We use RTO to measure the following:

  • How much time IT will need to recover the lost data.
  • What is the targeted duration of time, basically the acceptable limit, that the company can run without IT Infrastructure, Applications and Services.
  • What is the Service Level your Company will be able to run at after the Disaster occurs.

These three metrics, once thought about and carefully measured, will help you develop your RTO to determine the boundaries in your Disaster Recovery Plan, the timeline for how long you have to recover the lost data, and get your company back up and running.

In short, RPO (Recovery Point Objective) and RTO (Recovery Time Objective) are key metrics and vital for Disaster Recovery and Business Continuity Plans in any organization. Knowing how to use them will give your business an advantage over competitors.  Quick recovery is a powerful tool to wield, as it translates to less time and data lost and more money saved.  While the competition struggles to recover, having RPO and RTO documented and implemented in your Disaster Recovery plan will enable your business to survive during tumultuous times.

Related Content