CMI Blog

RPO and RTO: What Are They and What Should You Do About Them?


There are all sorts of areas businesses overlook on the cyber security front. And with cyber security being of particular importance in the current climate, we should be leaving no security stone unturned. In the following article we’ll be covering an area many businesses might overlook when it comes to backup. So read on to learn how you can stay safe and ready your business for a disaster recovery situation.


What is RPO?


It stands for Recovery Point Objective, and it’s the maximum amount of data a business can afford to lose before sustaining significant losses. It’s measured in time and will be tied closely to how often you backup your servers. Backing them up once a night means your RPO would be worse than if you backed them up every minute.


What is RTO?

This stands for Recovery Time Objective. This describes how long it will take to get your data back after a failure of some sort. For example, the RTO of a very important email – deleted + trash emptied – would need to be pretty short. Thankfully exchange backs up email data continuously so this should only be a few minutes. Conversely, an online store that changes its inventory no more than weekly might only need an RTO of a day or two. The data will be spread across multiple databases so these can be relied on in such an event.


It’s all about knowing your data and testing your RPO and RTO


Regularly assess your backup. Make sure you always know how much critical data needs to be backed up. If needed increase the frequency of snapshots you take of your critical data. Conferring and collaborating with every department will usually be necessary here to determine what data to prioritise, what will cost more in downtime etc. Make sure you then test to confirm your RPO and RTO are what they need to be in order to save your critical data.


Periodically Review

When you regularly review what’s critical you can also use this time to improve your RPO and RTO. For example, removing more critical data wherever feasible from your RPO can improve it. Plus as technology advances, there may be newer, smarter ways for getting your data back more quickly.

Along with a range of various other measures, getting your RPO and RTO right is one of the most important things you can do for your business’s cyber security. Making sure your team is educated and cyber aware is also paramount. So if your team isn’t educated yet, click below to see how CMI can help strengthen your first - and weakest - line of defence.

Start educating my team


Topics: cyber security, Security and Compliance, SOC, Security Operations Centre

Graham Stead

Written by Graham Stead

Graham joined CMI following the acquisition of his previous business in 2016, having successfully run that for business for 20 years. Graham's absolute focus is on making sure that we consistently hold our clients central to everything that we do, and is often heard repeating our mantra "we exist to make a significant positive impact on our clients business". Graham and his team work closely with our clients to educate, inform, and ultimately to provide technology that delivers that positive impact. Outside of the office, he is a huge supporter of Bone Cancer Research Trust and has raised over £130,000 for them in recent years.

Know someone who
would benefit from CMI?