Disaster Recovery | What Is RTO And RPO Disaster Recovery?

Extended periods of downtime are not an option for many businesses, especially those which are performing crucial business for their customers. Nevertheless, unforeseen incidents, such as power outages, natural disasters, and human error can strike at any time leading to a loss in valuable services. Therefore, having business continuity and a disaster recovery in place is very important.

Two of the most important parameters that are part of any disaster recovery plan are Recovery Time Objective (RTO) and Recovery Point Objective (RPO). With these in mind, a business is able to plan the optimal recovery strategy which is unique to the services the business is offering.

What Do RTO and RPO mean?

1. Recovery Time Objective (RTO):
The Recovery Time Objective, or RTO, is all about downtime. In practical terms, it represents the speed at which a service must be up and running again at a normal level of operation following any disruption. This is often defined as the maximum downtime a business can tolerate.

2. Recovery Point Objective (RPO):
The Recovery Point Objective, or RPO, is all about lost data. It represents the amount of time that can pass before the amount of data that has been lost due to a disruption exceeds the tolerable threshold of the business.

What Is the Difference Between RTO and RPO?

While the two parameters might sound similar at first, you can think of them taking place at different points in time – past, or future.


The RPO is all about looking back. It represents the amount of time between failure and last valid backup as a way of quantifying a variable amount of data that has been lost or will have to be re-entered during network downtime.

The RTO, on the other hand, is about looking forward. It represents the amount of real-time that can pass before the disruptions to normal operations begin to seriously affect and harm the business. The RTO should be measured from the point at which users are starting to be affected.

The difference can be best visualised by using an analogy. Imagine you’re writing a report on your computer when suddenly the power dies. The RPC can be thought of as the last time you have saved your document before your computer turned off. So, it takes into consideration how much of your work and data you have lost before it seriously affects you? Having to rewrite a sentence might not be a problem, but once entire pages are lost, it could affect your business significantly.

The RTO describes the amount of time you can handle being offline before it seriously affects you or your business. If you have got a tight deadline to hit, your RTP will be lower as you need it up and running again sooner so you can recover your work, re-enter lost data and continue writing.

How to Define Your RTO and RPO?

The RTO and RPO differ from business to business as there is no universal “correct” answer to how much downtime and data loss a business can tolerate.

Additionally, the RTO and RPO parameters will also differ strongly between different applications or services. Due to that, it is good to practice analysing these and categorise them based on certain criteria to make sure your business can stay operational and keep generating revenue.

The best way to categorise your priorities is the three-tier model for asset recovery prioritisation:

Tier 1: Mission-Critical Applications

These applications are essential for the survival of your business and need to be offline as little as possible, or no time at all if possible. Tier 1 recovery time is typically between 0 – 2 hours. This could, for example, be the electricity supply premise where servers are housed, as it would negatively impact the entire workflow.

Tier 2: Business-Critical Applications

Business-Critical applications are essential to the success of business operations. The longer they are offline, the more financial and reputational damage will be done to the company. Tier 2 recovery time typically lasts between 4 – 24 hours. This could describe, for example, a faulty online payment processing system for an e-commerce site, as it leads to financial and reputational damage, but the business can continue to operate.

Tier 3: Non-Critical Applications:

Non-Critical applications contribute to the normal operating level of a company, but the business can temporarily survive without them. This category forms the lowest priority when it comes to going back online following a disruption. A tier 3 recovery time typically takes over 24 hours. Astec IT will acknowledge a non-critical support request within 4 hours and find a permanent fault correction within 5 business days. An example of such a request includes faulty internal office phone lines.

If you are interested in finding out more about RTO, RPO, and disaster recovery or you are looking into outsourcing your IT department, make sure to contact us now for a free IT consultation.

Latest posts
Zoom Data Concerns – The Latest In this article, we look at why Zoom found itself as the subject of a backlash over an online update to its terms related...
New Chatbot Attack : “Unstoppable” Researchers at Carnegie Mellon University have reported finding a simple way to exploit a weakness and disrupt major chatbots like ChatGPT, Bard, and others. ...
UK Gov Pushing To Spy On WhatsApp (& Others) The recent amendment to the Online Safety Bill which means a compulsory report must be written for Ofcom by a “skilled person” before encrypted app companies...
What’s Involved In a ‘Pen-Test’? If you’d like to know what a ‘Pen Test’ is and the sorts of things you can expect from one, this article will give...
New Deadline To Remove Huawei Following the UK government’s decision back in June 2020 to remove all Huawei Equipment From 5G Network Cores, the deadline has now been pushed...
Police Facial Recognition With the Metropolitan Police Services’ (MPS) director of intelligence recently defending and pushing for a wider rollout of facial recognition technology, we look the...
NHS Trusts Sharing Personal Data With Facebook An Observer investigation has reported uncovering evidence that 20 NHS Trusts have been collecting data about patients’ medical conditions and sharing it with Facebook. ...

Technologies we work with...

Astec IT Astec IT - Ultimate service through advances in technology 02038026525 [email protected]