Le RTO (Recovery Time Objective) represents the maximum acceptable downtime for a business following an incident, such as a breakdown or attack. This is the time needed to restore systems and resume normal operations.
RTO is crucial to minimising the impact of interruptions on productivity and revenue.
How RTO is calculated
The RTO is calculated in several stages:
- Identification of critical systems : make an inventory of the systems and applications essential to the company's activity.
- Evaluation of potential losses Estimate the financial and operational losses in the event of downtime, including loss of turnover, salary costs for inactive employees and additional expenses..
- Addition of durations The time needed to detect the incident, make a decision, take action and check that the systems are working properly after restoration.
Examples of RTOs
A typical example of an RTO might be a company using Microsoft Exchange Online for its messaging services. If the RTO is set at 8 hours, this means that the company can tolerate a maximum downtime of eight hours before it seriously affects its operations.
► For certain critical applicationsFor example, an RTO can be as short as an hour, requiring rapid backup solutions such as redundant external hard disks.
► For less critical applicationsA longer RTO, such as five days, could be acceptable, allowing the use of tapes or off-site storage.
Relationship with the RPO
Although distinct, the RTO and the RPO (Recovery Point Objective) are complementary in the disaster recovery strategy. Together, they determine the total downtime of a resource after a major incident and influence investment in IT security.
RPO =Recovery Point Objective PDMA=Data Loss Maximum Allowable
DMIA = Maximum Admissible Interruption Duration
