Skip to main content

Recovery Point Objective (RPO) Explained

What's a recovery point objective?

Along with recovery time objective (RTO), recovery point objective (RPO) is one of the primary tools for establishing a disaster recovery plan or a data protection plan. It’s also a tool for helping an enterprise select the data backup plan that meets its needs.

RPO and RTO establish the foundation for determining and discerning strong inclusion strategies for the business continuity plan. These strategies should allow for the speedy resumption of business processes within a time frame equal to or close to the RPO and RTO.1  

Although they’re both tied into determining disaster recovery, an RPO must remain independent of an RTO or the minimum estimated time needed to restore regular operations following a system or network failure.

Like RTO, RPO helps determine disaster recovery policies and procedures. The RPO helps administrators choose the best backup and recovery technologies to use, depending on the overall design strategy that data loss shouldn’t delay the RTO.

How’s an RPO different from an RTO?

Both RPOs and RTOs are concepts used for supporting business continuity. They also work as business metrics and can help you calculate how often your business should perform data backups.

RPOs and RTOs are instrumental to a business’ disaster recovery plan or data protection plan. They’re both linked to business impact analysis, a systematic process that can help separate critical and urgent organization-specific functions and activities from non-critical and non-urgent ones. Functions can be considered critical if specified by law.

RPO and RTO are the two values that are assigned for each function. Whereas RPO determines how much data will or will not be recovered after a disruption, RTO determines how much time it takes for a system to transition from disruption to regular operations functioning normally.

How’s an RPO calculated?

RPOs go backwards in time, stretching back from the instance of disruption to the last backup point where the data is usable. They can also measure how often you should regularly back up your data.

In terms of calculation, RPOs are usually calculated in minutes or hours but, depending on the urgency or lack thereof, they can also be calculated in seconds or days. An RPO determines how far back into the data’s history you need to go for backup storage to resume normal operations after a computer, system, or network experiences disruption from a hardware, program, or communications failure.2

An RPO can also be considered the maximum acceptable amount of data loss that’s measured in time. In addition, it can describe how much time passes during a disruption before the amount of data lost during the period of disruption extends beyond the business continuity plan’s maximum allowable “tolerance” or threshold.

For example, if a computer system has an RPO of 30 minutes, that means that the maximum window for data loss following a disruption is 30 minutes. Therefore, a backup of the system must be performed every 30 minutes.

When should you schedule data backups for an RPO?

RPOs are often easier to perform than RTOs. The reason is because data use provides few variables and is generally consistent. However, the opposite can also be true since calculating restore times is usually based on your whole operation and not just your data.

When the disruption happens is also a factor in the restore time. When constructing your data backup schedule, consider what hours your business is the busiest and least busy. For example, if you have a disruption at 3 AM Eastern Standard Time and IT resolves the disruption by 5 AM, did you lose two hours’ worth of data? If this timeframe is a low-traffic period for your business, then probably not.

For another example, let’s say your business backs up its data every 10 hours. There’s a disruption at noon and it’s quickly resolved with your business back to normal by 12:30 PM.  Because there was only a 30-minute window of data loss from 12 PM until 12:30 PM, you don’t need to restore all the data from the previous 10 hours. You only need to restore data from the lost 30 minutes.

Disaster recovery and disaster recovery plans

Not to be confused with emergency management and disaster response, disaster recovery deals with IT infrastructure and systems in support of important business processes. Disaster recovery is a subset of business continuity, which works to maintain all vital aspects of a business despite any disruption.

Disaster recovery includes the policies, tools, and procedures that compose the eponymous restoration or continuation of critical technology infrastructure and systems after a natural or manmade disaster has occurred.

A disaster recovery plan (DRP) is the process or set of procedures that help restore and protect an organization’s IT infrastructure and systems following a disaster.3 This process can be expanded to take place before and during a disaster.4

Resources

  1. Jaspreet Singh. Understanding RPO and RTO, Druva, September 2019.
  2. Recovery Point Objective (RPO), Techopedia, 11 November 2011.
  3. Bill Abram. 5 Tips to Build an Effective Disaster Recovery Plan, Small Business Computing, 14 June 2012.
  4. Geoffrey H. Wold. Disaster Recovery Planning Process, Disaster Recovery Journal, Adapted from Volume 5 #1. Disaster Recovery World. Archived from the original on 15 August 2012.