Which step of the BCDR Continual Process uses the RPO and RTO to determine what is needed in BCDR planning?

The step of gathering requirements is crucial in the Business Continuity and Disaster Recovery (BCDR) process, as it directly involves assessing the organization's needs based on Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). The RPO indicates the maximum tolerable period in which data might be lost due to a major incident, while the RTO details the maximum allowable downtime before critical operations must be restored.

During the gathering requirements phase, these metrics guide the decisions on what resources, backup solutions, and recovery strategies should be implemented. By understanding the specific RPO and RTO for different types of data and applications, the organization can outline precise requirements for its BCDR plan, ensuring that resources allocated for recovery are aligned with the practicality of meeting these objectives.

This step creates a foundational understanding for the subsequent planning phases, where specific strategies and actions will be defined and put in place. Therefore, it is essential for establishing a comprehensive and effective BCDR strategy that adequately addresses the organization's needs in the event of a disruption.