Business Continuity Management

The Recovery Time Objective (RTO) means how fast after a disaster an organization wants its business to resume operations, and its definition is made through the Business Impact Analysis, which helps you understand the level of resources are required and the evolution of losses over time (in shorth, the faster the losses increases over time, the shorter the RTO needs to be, and more resources will be required).

As a reference to evaluate how much resources are enough, you should consider the losses to the organization if the operations are not resumed in a given time. For example, if the losses for not returning in 12h are US$ 200k, and the resources required to return operations at this time cost US$ 250k, then it is not practical to define an RTO of 12h. On the other hand, if the losses for not returning in 14h are US$ 1M, and the resources required to return operations at this time cost US$ 750k, then it is practical to define an RTO of 24h.

These articles will provide you with a further explanation about business continuity concepts:

• How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
• Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/
• What is the difference between Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/ 
• Explanation of the most common business continuity terms https://advisera.com/27001academy/blog/2021/01/18/explanation-of-most-common-business-continuity-terms/