Is there a relationship with RPO and MTD in regards to RTO? Keeping the math simple, if your MTD is 4 hours and your RPO is 2 hours, does that leave you with under 2 hours for your RTO? Or does RTO just need to be under 4 hours (the MTD)? I also understand you want to leave some time between your RTO and MTD and the reasons behind it, but is there any type of formula or guideline for that time? Would I get a question on the exam ultimately describing an MTD of 4 hours, and give RTO options of 6 hours, 4 hours, 3 hours or 1 hour. Thanks!
CISSP - RTO, RPO and MTD
I hope all is well. Let's see what we can do to simplify these concepts for you.
The best place to begin is with some definitions to ensure we speak about things in the correct manner.
Maximum Tolerable Downtime (MTD)- The amount of time we can be without the asset that is unavailable BEFORE we have to declare a disaster and call into effect our DR plan
Recovery Time Objective (RTO)- The EARLIEST POSSIBLE TIME that we can restore/recover the asset to full functionality IF everything goes as planned, and nothing else goes wrong.
Recovery Point Objective (RPO)- The amount of data, as a measure of time, we are willing to lose during a recovery event.
Now, we need some additional information to make these definitions actually work for us in the context of BCDR.
- While MTD and RTO are often set as SEPARATE items, with different time measures, they can also be set identically to the same time measure.
For instance, you could set RTO to a value of 2 hours, and MTD to a value of 4 hours. This would allow you to say that ASSUMING EVERYTHING GOES AS PLANNED while restoring, you are hoping to hit the 2 hour mark for restoration. HOWEVER, if something(s) go wrong, you are still allowing for a "buffer" of 2 additional hours to troubleshoot and try other things to restore BEFORE you hit the wall at the 4 hour MTD barrier.
- REGARDLESS of RTO/MTD values, RPO is ALWAYS a measure of the amount of data you are willing to lose over that period of time AS A RESULT OF THE WAY YOU HANDLE BACKUP OF THE DATA.
RPO IS NOT CONNECTED TO RTO/MTD. It should be seen as a separate value, measuring a separate thing, and indicating a separate thought process, that while it is related and parallel, is distinct.
For instance, if your MTD/RTO values are set as indicated above in the prior item (#1), then you would have RTO at 2 hours and MTD at 4 hours.
Now, lets add an RPO of 1 hour. What does this actually mean?
This means that:
a. we are shooting for a recovery within 2 hours if all goes well (RTO)
b. we are giving ourselves up to 4 hours to recovery BEFORE we hit the Disaster Barrier at MTD
c. we will POTENTIALLY LOSE UP TO 1 hour worth of data as part of restoration activities (RPO)
RPO means that we could lose up to 1 hour of data because we are backing up once an hour. If the outage occurs at the beginning of the RPO 1 hour cycle, we may lose less than 1 hour of data, as we have just successfully backed up, and the amount of data not backed up will be small. If, on the other hand, the outage occurs near the very end of the 1 hour RPO cycle between backup events, then we will lose almost all, or perhaps all of the data in the system since the last successful backup occurred, approx. 1 hour prior to the outage.
Hope that helps.