Recovery Consistency Objective

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

The term Recovery Consistency Objective (RCO) is used in business continuity planning in addition to Recovery Point Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to continuous data protection services. Following the definitions for RPO and RTO, RCO defines a measurement for the consistency of distributed business data within interlinked systems after a disaster incident. Similar terms used in this context are "Recovery Consistency Characteristics" (RCC) and "recovery object granularity" (ROG).

The term RCO focuses on business data consistency across multiple systems in Service-oriented architecture (SOA) driven business applications. It can be defined per business processes and reflects the individual requirements of corresponding business data and cross-system consistency. While RTO and RPO are absolute per-system values, RCO is expressed as percentage measuring the deviation between actual and targeted state of business data across systems for individual business processes or process groups.

The following formula calculates RCO with "n" representing the number of business processes and "entities" representing an abstract value for business data:

<math> RCO = \left ( \frac{(number\ of\ entities)_n - (number\ of\ inconsistent\ entities)_n}{(number\ of\ entities)_n} \right )</math>

Targeting 100% RCO for a business process (distributed across several systems) would mean that no business data deviation is allowed after a disaster incident whereas any target below 100% allows deviation. Target values for RCO increase with the criticality of the underlying business data: logistics and banking-related business processes are often characterized by higher RCO requirements than those of CRM or HR systems.

Including RCO considerations in addition to RTO and RPO in the Business Impact Analysis helps to focus on the integrity of business data and processes in complex application environments. RCO considerations should be included in the disaster recovery architecture by manually defining multiple consistency points across the landscape or by special Disaster Recovery mirroring tools.