Standards Group:
YALE-MSS-1: System Classification
YALE-MSS-1.5: Plan for data recovery requirements
Details
Data recovery capabilities help protect the integrity and availability of the data. In the event of a security incident, such as ransomware, data recovery can help:
- Restore lost data
- Determine if data was tampered with or changed
There are two components to this:
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
Data recovery requires an understanding of:
- The amount of time an outage last before causing some sort of hardship
- The amout of data you can lose without impacting the function(s) the IT system supports
- The backup capabilities of the supporting infrastructure the IT System is hosted on
Example: A system is continuously updated with real-time patient information. It's decided that the system cannot afford to lose more than 10 minutes of data in the event of a disruption. As a result, the system has an RPO of 10 minutes and must be backed up every 10 minutes. In the event of an outage, it is determined that being down for more than two hours is unacceptable. This results in an RTO of two hours.
Recovery Point Objective (RPO) is how frequently backups of data are created. For example, if you have an RPO of 24 hours, then a backup is generated once every 24 hours. At most you'll lose one day of data in the event of an outage (i.e., you can go back to a point that is no more than 24 hours from when the system was last functioning).
Recovery Time Objective (RTO) is the maximum amount of time before incurring a significant disruption to operations during an outage. For example, if you determine that your operation can't be offline longer than eight hours before a significant disruption, then your RTO would be eight hours.
A low RPO means frequent data backups, and a low RTO means quick restoration of service.