A local bank has all of its infrastructure in the cloud. An update was applied to the main database server at 5:00 a.m. on Monday morning, and the database was then corrupted and unusable. It had to be restored from backup. The last backup was taken the night before at 10:00 p.m. The database was then restored successfully, but seven hours' worth of data was lost, which is deemed unacceptable. Which of the following needs to be updated in the DR plan?
The Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time before a disaster impacts the data. In this scenario, the organization lost seven hours' worth of data, which is deemed unacceptable. Therefore, the RPO should be updated to ensure that data backup and retention intervals are shorter, thus minimizing potential data loss in the future.
The component that needs to be updated in the Disaster Recovery (DR) plan is: A. Recovery point objective (RPO). The Recovery Point Objective (RPO) defines the maximum amount of data loss that an organization can tolerate in the event of a disaster or system failure. In this scenario, the RPO was set at 7 hours because that was the amount of data lost during the database restore process. To make the DR plan more robust and aligned with business requirements, the RPO should be updated to a lower value, indicating that the organization cannot accept such a significant data loss.
RTO is the goal for the maximum length of time it should take to restore normal operations following an outage or data loss. RPO is the goal for the maximum amount of data the organization can tolerate losing.
Both RTO and RPO need to be addressed in the bank's DR plan update. Focusing on improving RTO through faster recovery processes is essential for minimizing downtime. Additionally, implementing more frequent backups (updating RPO) can significantly reduce potential data loss in future incidents. The ideal solution involves striking a balance between RTO and RPO that meets the bank's specific requirements for acceptable downtime and data loss tolerance.