IS Disaster Recovery Objectives

This posts is to clarify the different terms related to Information System Disaster Recovery Objectives, and their differences.

These terms appear on both Certified Information System Auditor (CISA) and Certified Information Security Manager (CISM) certifications, both issued by ISACA.

Objective Definitions

Recovery Time Objective (RTO) is the amount of time allowed for the recovery of a business function or resource to an acceptable level after a disaster occurs.

Service Delivery Objective (SDO) is the minimal level of services to be reached during the alternate process mode until the normal situation is restored. It is directly related to business needs.

Recovery Point Objective (RPO) indicates the earliest point in time to which it is acceptable to recover data. It effectively quantifies the permissible amount of data loss in case of interruption.It is determined based on the acceptable data loss in case of disruption of operations.

Maximum Tolerable Outage (MTO) is the maximum time the organization can support processing in alternate mode.

Factors that may affect the MTO: availability of fuel to operate emergency generators, accessibility of a recovery site that might be located remotely and limited operational capacity of the recovery site.

Allowable Interruption Window (AIW) is the amount of time the normal operations can be down before the organization faces major financial difficulties that threaten its existence.

The length of the AIW is defined by buseinss management and determines the acceptable tiem frame between a disaster and ther restoration of criticalservices/applications. AIW is generally based on the downtime before the organization suffers major financial damage. The technical implemenation of the disaster recovery site will be based on this constraint, espeially the choice between a mirrored, hot, warm or cold site.

Relationship between terms

The acceptable level of a RTO is defined by the SDO.

The MTO should in any event be as long as the AIW to minimize the risk to the organization in the event of disaster.


The RTO must be shorter than the allowable interruption windows (AIW).


The RTO must be shorter than the maximum tolerable outage (MTO).

As a conclusion:


IS Disaster Recovery Objectives and CISM

These concepts are explained in “”CISM Review Manual, 15th Edition” (section 2.9. “Operational Risk Management”, pp. 120-121) and in the corresponding glossary pages.

The following questions appearing on book “CISM Review QA&E Manual, 9th Edition” are related to these terms:

  • S4-76
  • S4-100
  • S4-101
  • S4-105
  • S4-113
  • S4-132
  • S4-149
  • S4-154
  • S4-158
  • S4-166
  • S4-168

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *