Insights

DRP: When Every Minute Counts | SUMāTO

Written by Andrés Lozada | Jul 9, 2026 7:23:39 PM

It is 3:14 in the morning and the billing system has stopped responding. The clock is ticking, orders are piling up and every minute that passes has a price: sales that don't close, customers who cannot operate, teams paralyzed while they wait for something to come back online. The question that defines an organization in that moment is not whether the failure happened, but how long it takes to recover and how much information was lost along the way. That is the underlying conversation in any disaster recovery plan.

In short: recovery time is money. A serious disaster recovery plan (DRP) is not measured by the number of pages it has, but by two numbers agreed with the business: the RTO (how long a service can be down) and the RPO (how much information can be lost). Defining those numbers by criticality, and backing them with replication and hot recovery, is what separates a scare from a crisis.

Why recovery time is money

When a critical service goes down, the cost is not linear: it grows with every hour. There are visible costs, such as unbilled sales or contractual penalties, and silent costs that weigh more over the long term: eroded trust, teams reassigned to firefighting and decisions made blindly because the data is not available.

The frequent mistake is treating all systems the same. Not everything needs to come back in minutes, but some services cannot wait hours. That is why the first discipline of a DRP is to put a value on time: what does an hour of downtime cost for this particular service? That answer, even if approximate, brings order to everything else.

RTO and RPO: the two clocks that matter

There are two metrics worth setting before buying technology or designing architectures. They are the backbone of any disaster recovery strategy:

  • RTO (Recovery Time Objective): the maximum time a service can remain unavailable before the impact becomes unacceptable. It answers the question "how long can I be down?".
  • RPO (Recovery Point Objective): the maximum amount of information the business is willing to lose, measured in time. It answers "how far back in time can I recover the data?". An RPO of five minutes means that, in the worst case, five minutes of transactions are lost.

The key is that both numbers are defined by the business, not by technology. The technical area designs the solution to meet them; the process owner decides how much time and how much data are tolerable. When that conversation does not happen, the organization discovers its real RTO and RPO on the day of the incident, and they are almost always worse than imagined.

How to define RTO and RPO by criticality

This is not about demanding "zero downtime and zero loss" for everything, because that is expensive and, in most cases, unnecessary. It is about calibrating. A practical way to do it:

  • Map the business processes, not just the servers. Billing, dispatching, serving the customer, running payroll.
  • Estimate the impact per unit of time for each process that is halted. You do not need accounting precision; you need an order of magnitude to prioritize.
  • Assign an RTO and RPO to each process based on that impact, and only then drop down to the level of the systems that support it.
  • Validate with whoever suffers the outage. The operational owner usually has a sharper intuition than any spreadsheet.

This exercise is, in reality, an extension of the business impact analysis that lives within a business continuity plan. The DRP is the technological leg of that continuity: it translates the priorities of the business into measurable recovery objectives.

Classifying services by tiers

With the RTOs and RPOs defined, it is wise to group services into tiers. This avoids overspending on what does not warrant it and underspending on what does. A reference scheme, which each organization adjusts to its reality:

  • Critical tier: services whose failure halts the operation or exposes contractual obligations. Very low RTO and RPO. They justify replication and hot recovery.
  • Important tier: services the business needs the same day, but which tolerate a few hours of interruption. Moderate RTO and RPO, with frequent backups and agile procedures.
  • Deferrable tier: supporting services whose recovery can wait one or more days without material harm. Standard backups and on-demand recovery.

The value of this classification is that it turns an emotional discussion ("everything is urgent!") into a reasoned investment decision. Each tier has an associated cost and architecture, and the business can see what it is paying for every minute it saves.

The role of replication and hot recovery

For critical-tier services, traditional backups rarely suffice: restoring from a copy can take hours the RTO does not allow, and last night's copy may violate an RPO of minutes. This is where two capabilities come in:

  • Replication: keeping a copy of the data updating continuously or almost continuously at another site. The closer to real time, the lower the RPO. It is the difference between losing a day of data and losing seconds.
  • Hot recovery: having infrastructure already powered on and ready to take the load when the primary site fails. It drastically reduces the RTO because there is no need to provision or start from scratch; the service fails over.

These capabilities cost more, which is why they are reserved for what truly needs them. The smart decision is not to "replicate everything" but to align each service's level of protection with the RTO and RPO the business has agreed to pay for. A mature DRP is, at its core, an honest negotiation between the cost of time and the cost of prevention.

From document to real capability

One point worth remembering in these year-end months, when budgets are being planned: a DRP is not a deliverable to be filed away. It is a capability that must be kept alive. The RTOs and RPOs defined today must be revisited when the business changes, when systems are added or when an acquisition alters the process map. The number that was tolerable last year may be ruinous today.

Frequently asked questions

What is the difference between RTO and RPO?

The RTO measures downtime: how long a service can be down. The RPO measures data loss: how far back in time you can recover the information. A service can have a high RTO and a low RPO, or vice versa, depending on what the business tolerates.

Does a DRP replace backups?

No. Backups are one piece within the DRP. For deferrable services they may be enough; for critical services you also need replication and hot recovery, because restoring from a copy usually takes longer than the RTO allows.

How do I know which services are truly critical?

By starting from the business, not from technology. Map the processes, estimate the cost of having them halted per unit of time and let that impact define criticality. A server that is important to IT may support a deferrable process, and the other way around.

Wouldn't replicating everything be the safest option?

It would be the most expensive, and not necessarily the most sensible. Protection should be proportional to impact. Replication and hot recovery are justified where every minute costs; for the rest, they make the operation more expensive without a clear return.

The first step

If your organization still does not have an RTO and RPO agreed in writing for its critical services, that is the place to start: a conversation between the business and technology that puts a number on the cost of time. At SUMāTO we support that exercise, from classifying services into tiers to designing the replication and hot recovery each tier requires. Let's talk about how to ensure that, the next time the clock starts ticking, you know exactly how long you can wait and how much you can afford to lose.