A thorough application rationalization and dependency-mapping effort must always precede conversations about recovery of IT infrastructure. Technologists and application owners must perform a business impact analysis to determine each application’s criticality to business operations and to prioritize application recovery if a major service disruption occurs. As part of this analysis, business owners of the services must define their RTO RPO.
Recovery Point Objective (RPO) is the amount of data loss that an application can sustain after a major service outage before causing an unwanted impact on the business. RPO is also measured in time because it is the point in time from which the data must be recovered. RPO focuses on the data or transactions of an IT system.
Recovery Time Objective (RTO) is the duration of time in which the business process must be restored after a disaster occurs. The organization is only able to tolerate the degradation of a service or process for this period before the degradation causes serious consequences.