Understanding maximum data loss

A recent email from an escalation engineer in England (excuse the alliteration) described a scenario that I think is a great example for understanding data recovery and maximum data loss in DPM. With his permission, let me quote the scenario for you:

Assume an important data file on a protected server that is changing several times an hour.
Assume standard synchronisation schedule of once an hour (assume on the hour).
Assume standard shadow copy schedule of 3 times a day (08:00, 12:00, 18:00).

Scenario 1:
At 13:05 the important data gets corrupted and needs to be recovered.

At that point, the latest data recovery copy available is the 12:00 shadow copy
OR the 13:00 replica. However, to restore from the replica, the administrator would need to force an immediate shadow copy and use that. Administrators who don't fully understand this risk missing being aware of the 13:00 copy and are likely to restore the less up-to-date 12:00 version.

Scenario 2:
At 13:55 the important data gets corrupted,
but this isn't noticed till 14:05.
In this case the latest 14:00 replica is 'bad' as it is a replica of the corrupted data. Hence in this case, the administrator MUST use the 12:00 shadow copy and not the 14:00 replica (or any 14:05 forced shadow copy).

If the forced 14:05 shadow copy is mistakenly restored, then of course as soon as it is noticed that this is also corrupt they can restore from the 12:00 shadow copy. However, their backup is approximately 2 hours out of date compared to what they possibly expected when the system quotes "Maximum data loss: 1 hour".

The moral of this is that it is important that the administrator understands these concepts and is able to determine which is actually the latest valid backup copy of their data they have, and how old it is, whenever they need to do a restore.