RTO – Recovery Time Objective
This determines how quickly you need your systems back up and running following a disaster. In simple words, a time in future, at which your services will be up and running.
While you might consider all the units / process of your business to be up running always (RTO of few seconds / minutes), there is a cost associated with it, the lesser the RTO, the more cost hungry is the recovery strategy.
For eg: Consider a company running BPO / Call centre operations. Following a disaster, the priority would be to ensure the connectivity restored to resume receiving calls, which may give a lesser RTO(higher priority) to IT Department than HR-Recruiting or Marketing.
RTO is calculated during the BIA process.
This would also help us in understanding the resource requirements for that particular process during the recovery period.
RPO – Recovery Point Objective
RPO is our maximum affordable data loss. This would help us determine the type of site required.
Example:
case 1: affordable data loss
the particular process always has a provision to reconstruct data from last 12 hours from hardcopy (paper) records. In this case, we can have an RPO of 12 hours, thereby a off-site backup every 12 hours. So 12 hours is the maximum data that would be affected, which you can reconstruct with the hardcopies.
case 2: cost factor, profit vs loss
You are making a profit of 10,000Rs/day, and your loss is as below:
for 1 Day data loss = costs you Rs.3000.
for 2 Days data loss = costs you Rs.7000.
for 3 Days data loss = costs you Rs.15000.
In normal cases, if costs is the only dependent factor, you do not opt for an RPO of anything less than 2 days, as till 2 days, your cost due to data loss is much less than the profit.
We consider the cost of data lost against the recovery strategy cost before arriving at an RPO. Remember the saying – its not worth to guard your horse by a golden fence!
MAO – Maximum Acceptable Outage
(as per BS 25999-1:2006, MTPD. Maximum Tolerable Period of Disruption or MTPD/MTPoD)
- is the maximum allowable time that the organization’s key products or services is made unavailable or cannot be delivered before its impact is deemed as unacceptable.
- In normal cases, RTO is always less than MTPD.
- MTPD provides the maximum criticality point for each process or asset / resource.
Any queries, please feel free to post in the comment box below.
I do not see the benefit of identifying and maintaining RTO and MAO separately.
If my MAO is 2 hrs., I will aim to recover within 2 hrs. and provide business continuity for the product or service. Whether my RTO will be 1 hr. or 1.5 hr., how does it matter? Isn’t it I have to recover keeping in mind MAO ?
If RTO and MAO were the same, it would mean no buffer exists between recovery targets and critical failure thresholds.
Example: A banking system may have an RTO of 4 hours (to avoid financial loss) but an MAO of 8 hours (before regulatory penalties occur).
Or a more real life analogy:
In an Emergency Room (ER), a patient with a severe heart attack must be treated quickly, but not all cases are instantly fatal.
Recovery Time Objective (RTO) = 30 minutes → Doctors should start treatment (CPR, oxygen, medication) within 30 minutes to maximize survival chances.
Maximum Allowable Outage (MAO) = 2 hours → If treatment is not started within 2 hours, the patient’s condition may become irreversible (organ failure, coma, or death).
If RTO and MAO were the same (30 minutes), it would create unnecessary panic and overwhelm resources. A separate MAO (2 hours) allows doctors some flexibility to handle multiple critical cases. Even if RTO is exceeded, recovery is still possible within MAO, but urgent backup actions (like ICU transfer or surgery) may be required.
In short – keeping RTO and MAO separate ensures critical recovery is planned effectively, while allowing flexibility before reaching a crisis point.