Disaster Recovery | What Is RTO And RPO Disaster Recovery?

Extended periods of downtime are not an option for many businesses, especially those which are performing crucial business for their customers. Nevertheless, unforeseen incidents, such as power outages, natural disasters, and human error can strike at any time leading to a loss in valuable services. Therefore, having business continuity and a disaster recovery in place is very important.

Two of the most important parameters that are part of any disaster recovery plan are Recovery Time Objective (RTO) and Recovery Point Objective (RPO). With these in mind, a business is able to plan the optimal recovery strategy which is unique to the services the business is offering.

What Do RTO and RPO mean?

1. Recovery Time Objective (RTO):
The Recovery Time Objective, or RTO, is all about downtime. In practical terms, it represents the speed at which a service must be up and running again at a normal level of operation following any disruption. This is often defined as the maximum downtime a business can tolerate.

2. Recovery Point Objective (RPO):
The Recovery Point Objective, or RPO, is all about lost data. It represents the amount of time that can pass before the amount of data that has been lost due to a disruption exceeds the tolerable threshold of the business.

What Is the Difference Between RTO and RPO?

While the two parameters might sound similar at first, you can think of them taking place at different points in time – past, or future.


The RPO is all about looking back. It represents the amount of time between failure and last valid backup as a way of quantifying a variable amount of data that has been lost or will have to be re-entered during network downtime.

The RTO, on the other hand, is about looking forward. It represents the amount of real-time that can pass before the disruptions to normal operations begin to seriously affect and harm the business. The RTO should be measured from the point at which users are starting to be affected.

The difference can be best visualised by using an analogy. Imagine you’re writing a report on your computer when suddenly the power dies. The RPC can be thought of as the last time you have saved your document before your computer turned off. So, it takes into consideration how much of your work and data you have lost before it seriously affects you? Having to rewrite a sentence might not be a problem, but once entire pages are lost, it could affect your business significantly.

The RTO describes the amount of time you can handle being offline before it seriously affects you or your business. If you have got a tight deadline to hit, your RTP will be lower as you need it up and running again sooner so you can recover your work, re-enter lost data and continue writing.

How to Define Your RTO and RPO?

The RTO and RPO differ from business to business as there is no universal “correct” answer to how much downtime and data loss a business can tolerate.

Additionally, the RTO and RPO parameters will also differ strongly between different applications or services. Due to that, it is good to practice analysing these and categorise them based on certain criteria to make sure your business can stay operational and keep generating revenue.

The best way to categorise your priorities is the three-tier model for asset recovery prioritisation:

Tier 1: Mission-Critical Applications

These applications are essential for the survival of your business and need to be offline as little as possible, or no time at all if possible. Tier 1 recovery time is typically between 0 – 2 hours. This could, for example, be the electricity supply premise where servers are housed, as it would negatively impact the entire workflow.

Tier 2: Business-Critical Applications

Business-Critical applications are essential to the success of business operations. The longer they are offline, the more financial and reputational damage will be done to the company. Tier 2 recovery time typically lasts between 4 – 24 hours. This could describe, for example, a faulty online payment processing system for an e-commerce site, as it leads to financial and reputational damage, but the business can continue to operate.

Tier 3: Non-Critical Applications:

Non-Critical applications contribute to the normal operating level of a company, but the business can temporarily survive without them. This category forms the lowest priority when it comes to going back online following a disruption. A tier 3 recovery time typically takes over 24 hours. Astec IT will acknowledge a non-critical support request within 4 hours and find a permanent fault correction within 5 business days. An example of such a request includes faulty internal office phone lines.

If you are interested in finding out more about RTO, RPO, and disaster recovery or you are looking into outsourcing your IT department, make sure to contact us now for a free IT consultation.

Latest posts
Anti-trust: OpenAI And Microsoft – The Latest Following the recent boardroom power struggle that led to the sacking and reinstatement of OpenAI boss Sam Altman, Microsoft’s relationship with OpenAI is now...
Microsoft Launches New AI Content Safety Service Microsoft has announced the launch of Azure AI Content Safety, a new content moderation service that uses AI to detect and filter out offensive,...
Safety Considerations Around ChatGPT Image Uploads With one of ChatGPT’s latest features being the ability to upload images to help get answers to queries, here we look at why there...
Navigating the Cybersecurity Landscape: A Guide for Insurance Companies Introduction The insurance sector is built on the foundation of trust and the secure handling of sensitive data. However, the increasing frequency of cyberattacks...
The Imperative of Cybersecurity in the Financial Sector: Addressing Key Pain Points Introduction In an era where data is the new gold, the financial sector remains a prime target for cybercriminals. With the increasing digitisation of...
No Email Backup For Microsoft 365? In this insight, we look at what many users think to be a surprising fact in that Microsoft 365 doesn’t provide a traditional email...
Zoom Data Concerns In this article, we look at why Zoom found itself as the subject of a backlash over an online update to its terms related...

Technologies we work with...

Astec IT Astec IT - Ultimate service through advances in technology 02038026525 [email protected]