Recovery Point Objective – Start by Asking the Right Questions

Planning for disaster recovery means knowing what questions to ask.

After living through the business disruptions of the past few years, companies are re-examining their business continuity plans and evaluating how much they contributed to the agility and resiliency of their businesses. Here we outline some of the questions you should be asking yourself around business continuity and setting your RTO (Recovery Time Objective) and RPO (Recovery Point Objective).

Which is more important: Time to recovery or retrieving data and documents?

Business Continuity and IT Disaster Recovery planning tend to focus first on Recovery Time Objective (RTO) then second on Recovery Point Objective (RPO). RTO includes system and application recovery while RTO is focused on data recovery. But does that really make sense? Customer information, financial data, product specifications, research sets, accounts payable metrics, form transactions… the list could go on and on. Data is the life’s blood of any company.

It’s good to point out that not all company data resides in specialized applications monitored by IT. Businesses tend to have a lot of information stored in PDF-formatted documents or even paper that are critical to their day-to-day business functions. These documents may be stored on local servers, on Microsoft, Google, Dropbox, or in any of a dozen other cloud-based applications. Do businesses define in their plan which documents are critical? Do they define when the documents/data are required to be available, or they can’t function?

Who sets a data recovery strategy, and how? 

That said, every piece of data is not critical to recovery. How do you separate what’s critical from the rest? Who sets the Recovery Point Objective? If IT sets the backup time frame for the data recovery, do they ask the business what their need is? How much data they can the business functions afford to lose? Does the business have a way to recreate any lost data?

Then there is all the data that is still in paper form. What is the plan for data that has come in through the mail or fax machine that has not been entered into any electronic systems yet?

Recovery strategies depend on timing. How long it has been since the last backup will tell us how much data could be lost. Is this amount of loss acceptable? Should the data be backed up more frequently or stored in a safe accessible place? What is the timing of the backups and are they full or incremental?

These are just a few of the questions that need to be asked when setting up your recovery point objectives and data recovery strategies. Other considerations include:

• Has the data been analyzed and prioritized into what is critical, necessary or optional to support the business recovery?
• Where is your data? Is it centralized or is it all over the place, on local servers, on SharePoint, in the “cloud”.
• Can just the critical docs be restored in a timely manner or does the whole storage system have to be restored before the business can get to them?
• How much data is lost between backups?
• Can the lost data be recreated?
• Does your BC/DR tool help you make important data available quickly?

These are some of the questions that need to be answered in order to create a recovery point objective (RPO) that the company can live with without losing too much of its “lifeblood”. Where do you and your company stand? Have you asked all the “right” questions?

Learn about SAI360's solutions for disaster recovery and business continuity management.