Home / Resources / Blog

Business Continuity: Establishing RTO and RPO

Last updated: 13 Apr 2023

Many businesses have backup and disaster recovery plans in place. But often, those traditional strategies are not enough to keep you protected from data and financial loss. An intelligent business continuity plan will help prevent catastrophic losses in the face of disruption.

Business continuity planning (BCP) is not optional. If there is an unplanned service disruption, the BCP will help your organization regain its productivity. The plan typically contains all the information necessary for backups, workarounds, plan administrators, and whom to contact at backup sites.

Planning for big disasters is critical, but business continuity covers a much broader range of threats to your operations than just flood protection or earthquakes. Pretty much anything that can take your business offline or wipe out data is a disaster waiting to strike. Computer viruses, fires, thefts–these all have the potential to spell disaster for your business.

Managing your business continuity is best done proactively. Look at these four situations and see how.

1. Ransomware

Ransomware is a particularly severe form of malware that encrypts files and demands a ransom to decrypt them. Once infected, the files cannot be accessed by anyone. They’re gone – unless you have backed them up. When this happened to our client, we isolated and quarantined the ransomware and restored the files from a backup appliance, causing minimal disruption instead of a full-on disaster.

Check out our recent What To Do When Hit With Ransomware Guide to discover the top things you should do if you suspect your systems were infected by ransomware.

2. Server crashes

Server crashes happen more than you might think. Without adequate backup service, you could find yourself losing data. We know of one situation where a server crashed with no backup in place, and the company had to spend 200 hours (about one week and a half days) recreating their baseline data.

This company was working with a managed IT provider who neglected the company’s backup services. They fired their IT provider and are now one of our many valued clients.

3. Fires, floods, and natural disasters

From the sprinkler system malfunctioning and short-circuiting your server to a building fire or a cataclysmic earthquake, the unexpected can happen at any time. In these cases, you need a virtual copy of your data that can temporarily replace your physical server until you return the damaged hardware. This ensures your information is not lost and prevents downtime, which can be costly.

4. Careless employees

Sometimes employees act out by trashing essential files on their way out the door. It has happened on more than one occasion, leaving an employer with little recourse – and lost data. Even if an employee is not acting maliciously, sometimes files get deleted that should not be. When files are backed up, up to six months of files can be quickly restored.

Business Continuity with Cloud-Based Solutions

BCP emerged from disaster recovery plans, focusing on getting the IT infrastructure back up and running. As data has become the lifeblood for some companies, the need for more comprehensive plans has emerged with a focus on returning to normal business operations.

Business continuity planning can get sticky as businesses transition to the cloud. For many organizations, this represents the first time they have shared security responsibilities with a third party, and it may be challenging to get comfortable with this arrangement. The company must be willing to give over a little control to take full advantage of cloud benefits.

Unfortunately, no cloud provider can save a company from itself. No matter how much responsibility a third-party provider takes, they cannot be responsible for administration errors, lost devices, or bad login practices. The data belongs to your organization. It would help if you had disaster recovery, cybersecurity, and business continuity plans in place for your business.

Essential Elements of a Business Continuity Plan

There are two critical metrics that every organization needs to set when building their BCP – Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

Recovery Point Objective (RPO)

RPO is the maximum acceptable time between the data loss and the last good backup.

Recovery Time Objective (RTO)

RTO is the maximum acceptable time for a business to be up and running after a disaster. RTO is the time it takes, from start to finish, to recover the necessary data and systems for standard business processes.

It might seem like the answer is easy as your organization likely wants to lose the least amount of data possible and be back up and running immediately. The tradeoff is the cost. The closer you get to zero on either of these metrics, the higher the price.

Along with measuring these two areas to determine a company’s business continuity preparedness, it’s also important to classify applications and data according to how critical they are to the company’s operations:

  • Existentially critical applications and data will immediately cause the organization to stop running if they are not available.
  • Mission-critical data and systems are central to employee productivity and business processes, but there are ways to work around them if necessary.
  • Optimal-for-performance systems, if not available, will cause a reduction in productivity, and service may not be as seamless, but the business can function at acceptable levels without them.

Organizations are increasingly aware of ransomware attacks or other cybersecurity attacks that could destroy their business. As a result, more companies have developed specific ransomware response plans.

Changing requirements, increasing cyber threats, and cloud applications make BCP much more complicated. At the same time, in an always-connected, digital economy, an organization’s dependence on its data has never been greater. Does your organization have a robust business continuity plan? If you’re not sure, contact us at BlackPoint IT Services. We can help you assess your business continuity plan and determine what action plan is necessary to protect your assets for the future.