How Long Can My Company's Technology Afford to be Down During a Disaster?

UPDATED: May 8, 2023

Measuring the possible effects on your business from an unknown catastrophe that could occur at any given time in the unforeseeable future sounds a little overwhelming, right? Not to mention, all of the other unknowns, which may or may not create a domino effect of setbacks in your Incident Response Plan (IRP). So, how do you factor those unknowns into a useful Business Continuity Plan (BCP) for after the disaster happens, but before systems are fully restored and you are back to business as usual?


How to Calculate Your Downtime

First, you have to identify the metrics of your company’s Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for data, hardware and applications. 

  • What is Recovery Point Objective (RPO)?
    Recovery Point Objective (RPO) refers to the last point in time that a valid replication was made and data can be restored from.

    Example: If data is corrupt, lost or unavailable, when was the last point in time that a valid copy or replication was made that data can be restored from? (PROT TIP: Our partners at Veeam can help!) If you or your service provider’s objective is to have a valid backup every 24 hours, and you have a good backup within this window, then your RPO has been met. However, if you have to go back farther in time past this desired window to find a good backup, you have not met your RPO. Now, data loss can occur for any new data created between the last known good backup and the time of the disaster or incident.

    Our team at Centre Technologies will use the RPO most beneficial to your business need to create a Service Level Agreement (SLA) that guarantees at least one good backup within the RPO window. Our default RPO is 24 hours, however we can accommodate a Zero hours RPO if this is what you need. Win win! 
  • What is Recovery Time Objective (RTO)?
    Recovery Time Objective (RTO) is the amount of time after data corruption or hardware failure has occurred in which full restoration is desired.

    Example: If your Exchange server is down, how long can your company afford to continue without it? If the longest your business can run without your Exchange server is four hours, then your RTO for Exchange server is four hours.

    It is paramount to design a system that aligns with your company’s overall recovery needs, and addresses the most important data and applications first to assure they have been assigned the shortest RPO and RTO.

    Your IT department or IT service provider uses these two metrics when configuring backups and offsite replication for your business’ Business Continuity Plan (BCP) and Incident Response Plan (IRP). Diagnosing the RPO and RTO for each application or process is crucial for a successful BCP and DRP.


Now, you will have the information to determine your organization’s Maximum Tolerable Downtime (MTD). 

  • What is Maximum Tolerable Downtime (MTD)?
    Maximum Tolerable Downtime is the absolute maximum length of time that your most important applications, data or hardware can be unavailable before irreversible damage has been done, or you begin to lose business.
  • Your MTD can be calculated based on the following factors:
    • The maximum time period allowed after the initial start of disruption within which each system needs to be recovered.
    • According to necessity of the data, hardware or application, the maximum time each activity or business process needs to be preformed after recovery.
    • The length of time your company can withstand before normal levels of operation must be resumed.

    Identifying your MTD is critical, because if recovery doesn’t occur within projected RTO, we have to make sure there is still a window of time before reaching MTD in an effort to avoid losing business.


Still Need Help? 

At Centre Technologies, we learn about our customers' Recovery Point Objective, Recovery Time Objective and Maximum Tolerable Downtimes by asking questions during initial assessments of their environment.  By performing a Risk Assessment we become aware of the possible risks your business faces due to possible gaps in service. Contact us today to discuss your infrastructure and an effective Business Continuity Plan and Incident Response Plan for your business!

Originally published on February 3, 2014

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Emily Kirk Emily Kirk

Creative content writer and producer for Centre Technologies. I joined Centre after 5 years in Education where I fostered my great love for making learning easier for everyone. While my background may not be in IT, I am driven to engage with others and build lasting relationships on multiple fronts. My greatest passions are helping and showing others that with commitment and a little spark, you can understand foundational concepts and grasp complex ideas no matter their application (because I get to do it every day!). I am a lifelong learner with a genuine zeal to educate, inspire, and motivate all I engage with. I value transparency and community so lean in with me—it’s a good day to start learning something new! Learn more about Emily Kirk »

Follow on LinkedIn »