Before you decide the Business Continuity model, you must understand RTO & RPO to address your company business requirment.
RTO (recovery time objective) is the time that elapses between the loss of access to data and the recovery of data access. The shorter the RTO, the better. RPO (recovery point objective) is the point in time when the data backup took place. In a mission-critical environment such as a real-time order processing system, an acceptable RPO may be one hour after the failure. In a less-critical computer application such as a seldom-accessed storage repository, an RPO of one week after the failure may be acceptable. It is up to you as a security consultant to help your client determine an appropriate RTO and RPO and provide the products and services to meet those objectives.
Our BCServices deliverable suitable RTO and RPO to make your business competitveness in the information avalibility. you can define RTO and RPO below than 2 hour beetwen tier 6 - 7 in the chart below.
The Seven Tiers was defined to help identify the various methods of recovering mission-critical computer systems as required to support business continuity.Business Continuity Planning (BCP) and Disaster Recovery Specialists today continue to use the 7-Tier concept as it is very useful in illustrating continuity capabilities and at a high level, their associated costs. The definitions for the various Tiers have been updated as technology has evolved in support of today's business requirements and their associated Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). The seven tiers of business continuity solutions offer a simple method to define your current service levels, risks and where you really want or need to be.
Tier 0: No off-site dataBusinesses with a Tier 0 business continuity solution have no Business Continuity Plan. There is no saved information, no documentation, no backup hardware, and no contingency plan. The time necessary to recover in this instance is unpredictable. In fact, it may not be possible to recover at all.
Tier 1: Data backup with no hot siteBusinesses that use Tier 1 continuity solutions back up their data and send these backups to an off-site storage facility. The method of transporting these backups is often referred to as "PTAM" - the "Pick-up Truck Access Method." Depending on how often backups are created and shipped, these organizations must be prepared to accept several days to weeks of data loss, but their backups are secure off-site. However, this tier lacks the systems on which to restore data.
Tier 2: Data backup with a hot siteBusinesses using Tier 2 business continuity solutions make regular backups on tape. This is combined with an off-site facility and infrastructure (known as a hot site) in which to restore systems from those tapes in the event of a disaster. This solution will still result in the need to recreate several hours or even days worth of data, but the recovery time is more predictable.
Tier 3: Electronic vaultingTier 3 solutions build on the components of Tier 2. Additionally, some mission critical data is electronically vaulted. This electronically vaulted data is typically more current than that which is shipped via PTAM. As a result there is less data recreation or loss after a disaster occurs.
The facilities for providing Electronic Remote Vaulting consists of high-speed communication circuits, some form of channel extension equipment and either physical or virtual Tape devices and an automated tape library at the remote site.
Tier 4: Point-in-time copiesTier 4 solutions are used by businesses that require both greater data currency and faster recovery than users of lower tiers. Rather than relying largely on shipping tape, as is common on the lower tiers, Tier 4 solutions begin to incorporate more disk based solutions. Several hours of data loss is still possible, but it is easier to make such point-in-time (PiT) copies with greater frequency than tape backups even when electronically vaulted.
Tier 5: Transaction integrityTier 5 solutions are used by businesses with a requirement for consistency of data between the production and recovery data centers. There is little to no data loss in such solutions, however, the presence of this functionality is entirely dependent on the application in use.
Tier 6: Zero or near-Zero data lossTier 6 business continuity solutions maintain the highest levels of data currency. They are used by businesses with little or no tolerance for data loss and who need to restore data to applications rapidly. These solutions have no dependence on the applications or applications staffs to provide data consistency.Tier 6 solutions require some form of Disk Mirroring. There are various synchronous and asynchronous solutions available from the mainframe storage vendors. Each solution is somewhat different, offering different capabilities and providing different Recovery Point and Recovery Time objectives. Often some form of automated tape solution is also required. However, this can vary somewhat depending on the amount and type of data residing on tape.
Tier 7: Highly automated, business integrated solutionTier 7 solutions include all the major components being used for a Tier 6 solution with the additional integration of automation. This allows a Tier 7 solution to ensure consistency of data above that which is granted by Tier 6 solutions. Additionally, recovery of the applications is automated, allowing for restoration of systems and applications much faster and more reliably than would be possible through manual business continuity procedures.
Recovery Objectives The Recovery Time Objective (RTO) and Recovery Point Objective (RPO) along with cost are important criteria when evaluating the right solutions.
The Recovery Time Objective (RTO) describes the time within which business functions or applications must be restored (includes time before disaster declared and time to perform tasks).
The Recovery Point Objective (RPO) describes the point in time to which data must be restored to successfully resume processing (often thought of as time between last backup and when outage occurred). Many solutions are available. Choosing the right ones requires that you balance the cost of the solution against the costs associated with downtime and lost data. Some amount of data loss may be acceptable if the data can be captured from other sources or easily recreated.This is not a one-size fits all solution. The very best practice for any organization is to implement an appropriate blending of these tiers. In this way, you can implement the correct level of Disaster Recovery protection at the lowest possible cost. A single solution or technology isn't usually the best choice for all applications.