First is important to note that RTO and RPO are most often defined based on a scenario evaluation, instead of calculated, because calculating them can become very complex and time-consuming.
Considering that, RTO (Recovery Time Objective) is defined based on how fast you want to resume your operations after a disruption, while RPO (Recovery Point Objective) is defined based on how much data you can afford to lose due to a disruption.
For example, if an application has an RTO of 1 day and an RPO of 4 hours, it means that this application can be recovered (resume normal operation) in one day, but the information from the last 4 hours before the interruption occurred will be lost.
This article will provide you a further explanation about RPO and RTO:
- What is the difference between Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/
These materials will also help you regarding RPO and RTO:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Free webinar – Implementing Business Impact Analysis according to ISO 22301 https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/
Comment as guest or Sign in
Jan 27, 2021