Recovery Point Objective (RPO)
What is Recovery Point Objective (RPO)?
Recovery Point Objective (RPO)The maximum acceptable amount of data loss, expressed as a time window, that a business can tolerate after a disruption.
RPO defines how far back in time recovered data may be relative to the moment of the incident: an RPO of 15 minutes means losing more than 15 minutes of transactions is unacceptable. It directly shapes backup cadence, replication topology and journaling design — synchronous replication for near-zero RPO, snapshots and log shipping for minutes, daily backups for less critical workloads. RPO is set per critical asset during business impact analysis and reviewed as data sensitivity, regulatory obligations and threat models evolve. Regular restore tests confirm that the achieved RPO matches the declared target.
● Examples
- 01
A trading platform with a 5-second RPO using synchronous database replication.
- 02
Choosing an RPO of 4 hours for analytics warehouses backed up four times per day.
● Frequently asked questions
What is Recovery Point Objective (RPO)?
The maximum acceptable amount of data loss, expressed as a time window, that a business can tolerate after a disruption. It belongs to the Defense & Operations category of cybersecurity.
What does Recovery Point Objective (RPO) mean?
The maximum acceptable amount of data loss, expressed as a time window, that a business can tolerate after a disruption.
How do you defend against Recovery Point Objective (RPO)?
Defences for Recovery Point Objective (RPO) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Recovery Point Objective (RPO)?
Common alternative names include: Recovery point target, Data loss tolerance.