RKL eSolutions Blog Trends and Insights

The Difference Between Recovery Point and Recovery Time Objectives


How much data can your company afford to lose? If an incident, such as a cyberattack, brings your system down, how much time can you afford to be down? Defining your company's recovery point objective and recovery time objective will help your IT team manage their systems.

Defining Your Recovery Point Objective

The recovery point objective is the amount of time between a failure in your system and the amount of data (measured in time) that is "acceptable" to lose.

For example, say your server goes down at 12:00 p.m. because your ERP database is corrupted, and you have to restore your most recent backup. Or you've been hacked, and they've encrypted your database with ransomware. If your systems backed up one time every day at 1:00 a.m., you would lose 13 hours worth of data.

With all that data lost, you would have to re-enter all new orders placed that day, reconcile your shipping system with your ERP database, re-enter all AP vouchers, reconcile any payments, and the list goes on and on.

Upper management must decide on an appropriate recovery point objective for your company. SQL Server has considerable flexibility in backing up data and can easily make your recovery point objective in less than 60 minutes. Here are some questions to ask your IT staff about the security of your company's backups:

  • How often do they test restore?
  • How much risk is your company willing to take?
  • Are they storing the data offsite?
  • How updated is the offsite data?
Having answers to these questions will help direct your IT staff.

Defining Your Recovery Time Objective

The recovery time objective is the time between an incident bringing your system down and when you bring it back online. Defining an "acceptable" amount of time between your system being offline and online is essential to avoid unnecessary disruptions.

When calculating and defining your company's recovery time objective, you should consider:

  • The importance of the system to your daily operations (shipping systems, HR systems, etc.)
  • Any potential financial and operational impacts associated with the downtime
  • Any regulatory and compliance obligations with specific requirements
  • The expectations of your customers and business partners

Regular testing of your backups, recovery point objective, and recovery time objective can help you reduce recovery failures to a great extent and help you adhere to your business continuity plan.

Explore how our managed service offerings can help streamline your cybersecurity and data recovery efforts. Our team of experts can assist with setup, configuration, and ongoing support to ensure an easy and seamless transition. Learn more about how our managed services can maximize your company's security.

John Hanrahan

Written by John Hanrahan

John is a Senior Solution Architect on our Sage 500 team. He specializes in database design, crystal reports, and SQL Servers development and administration. He's based out of the Washington area.