Too often, we see many terminologies on recovery objectives such as MTD, MAD, MAO, MAOT, etc . It is observed that most of terms are variations from these two fundamental terms, namely, RTO and RPO.
Recovery Point Objective or RPO is the point in time to which systems and data must be recovered after a disaster has occurred.
- For example, it can be explained as the amount of data that should be restored up till the last backup. This also includes the amount of data needed to be re-constructed after the systems or functions have been recovered which is not input into the system but left onsite but denied access. For less time sensitive industry, it is the amount of data that an organization can afford to lose.
Recovery Time Objective or RTO refers to the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organization. This is the maximum agreed time for the resumption of the critical business functions.
- In my layman explanation, RTO is the time whereby your customer is the maximum amount of time that your customer is willing to wait till they move to your competitor; the time period whereby that a regulator can tolerate before they implement their sanction.
Finally, I thought it is useful to introduce the recovery objective term used in BS 25999-1:2006, MTPD. Maximum Tolerable Period of Disruption or MTPD/MTPoD is the maximum allowable time that the organization’s key products or services is made unavailable or cannot be delivered before its impact is deemed as unacceptable.
Takeaway: Most concepts in BCM is built on fundamentals of which RTO and RPO are such examples. It is also important for professionals explaining these concept to speak “English” to its audience as telling someone without prior knowledge of BCM especially with words like RTO and RPO will definitely turn them away from this project or programme.