One of the most crucial points to understand in disaster recovery (DR), and disaster planning, is the RPO – Recovery Point Objective. It’s a required element of any current DR plan – one of the lynchpins. We wanted to briefly explain what an RPO is, its importance, and how to determine it.
The Recovery Point Objective
Simply put, an RPO is the longest allowable time period over which a company’s data could be lost. This is an entirely subjective figure, one determined by each business based on its own data usage and regulatory requirements.
Or, put another way, it could be said to describe how much data you CAN afford to lose.
A small business, for example, probably only needs to run a backup once a day. In that case, their RPO would be 24 hours, and they risk losing one day’s worth of data in a disaster. A large firm holding protected data might need to maintain backups every two hours, which would be their RPO.
Broadly speaking, a company could even have an RPO in the minutes if they had the setup to effectively keep constant mirrored backups. However, such an RPO would also be extremely expensive to maintain, rendering it cost-ineffective. As such, the RPO sets a boundary for disaster planning and prevents unnecessary expenditures that add more costs than protections.
The key point here is this: The RPO is defined by business needs, not technology. Inexperienced IT admins may say, “Our backups happen twice every day, so we have an RPO of twelve hours,” but this has it backwards. The backup method and technologies deployed should be chosen to support a pre-calculated RPO, not the other way around.
There is no true “right” or “wrong” answer here. Any RPO will necessarily be a compromise between what is required, what is desired, and what is possible.
1 – Differentiate between critical and non-critical systems. Determine which aspects of your data must be kept up-to-date to maintain continuity of business. This includes software systems, such as your server OS, that would have to be restored in the case of an outage.
2 – Consult with Legal to determine regulatory responsibilities. Data such as customer records fall under strict regulation, and will likely constitute the baseline for your RPO calculations. The RPO has to be at least as short as the law requires.
3 – What can be mirrored and backed up to the cloud? Many applications can have an extremely short RPO if they’re in the cloud and don’t rely on central servers.
4 – What’s within your budget? This is where consulting with trained data specialists can be a boon. Based on the above factors, an expert consultant can quickly suggest several strategies at different price points, with different balances of time and security.
If you need more advice, Bi101 is here to assist. Our decades of experience in data solutions can create the professional disaster recovery plan your business needs for stability.