Back to Glossary Home | Recovery Point Objective
Recovery Point Objective (RPO)
What Is Recovery Point Objective (RPO)?
Disaster Recovery (DR) is an aspect of business continuity planning that focuses on the capability to restore IT infrastructure (e.g. applications, cloud services, networks, etc.) to its normal operational state following an unplanned service interruption (e.g. a power outage, application crash, or cybersecurity incident).
When an unplanned event causes a service interruption, data that has not been backed up or replicated may be permanently lost. A Recovery Point Objective (RPO) indicates the maximum acceptable amount of data loss, expressed in units of time, after an unplanned service interruption.
The purpose of establishing RPOs in disaster recovery planning is to implement data back-up or replication processes that can prevent unacceptable data loss in case of unplanned operational downtime. Enterprises account for several factors when determining how much data loss is acceptable for a given application or service, including the criticality of the data, how frequently the data is updated or changed, regulatory and compliance requirements, and customer needs.
Recovery Point Objective vs. Recovery Time Objective - What’s the Difference?
RPO and Recovery Time Objective (RTO) are disaster recovery planning objectives that define business requirements and targets for recovering critical IT systems following an unplanned service interruption.
As described above, an RPO indicates how many hours of data can be lost in a service interruption while avoiding significant negative consequences for the business. If a specific application or service has an RPO of 2 hours, the enterprise has determined that it can accept up to 2 hours of data loss in the event of a service outage. To meet this objective, the enterprise will have to back up data from the application every 2 hours.
In contrast, a Recovery Time Objective represents the targeted time frame to restore an application or service to normal functionality following a service disruption. An RTO of two hours means that the enterprise must restore the service within two hours following a service outage to avoid unacceptable negative consequences. Meeting RTO objectives requires implementing failover and failback processes as part of disaster recovery planning.
How Do Recovery Point Objectives Work?
A recovery point objective can’t be decided in isolation - it needs to be weighed with the criticality of the data and the cost of the backups, and determined in tandem with a Recovery Time Objective (RTO) and a comprehensive disaster recovery plan.
RPOs are Established Through Business Impact Analysis
The process of establishing RPOs begins with conducting a Business Impact Analysis (BIA).
This involves creating an inventory of IT systems or applications that should be protected under the organization’s business continuity plan, predicting the consequences of data loss from those systems, and ultimately determining how much data loss would be acceptable from each system in the event of a service outage.
IT Systems and Applications Can Have Different RPOs
Each IT system or application under an IT organization’s disaster recovery plan can have its own RPO depending on the nature of the application and the importance of the data.
RPOs may be organized in tiers, such as:
- Tier 1: High Criticality Data. RPO = 0-1 hours.
- Tier 2: Medium Criticality Data. RPO = 1-4 hours.
- Tier 3: Low Criticality Data. RPO = 4-12 hours.
- Tier 4: Non-critical Data. RPO = 12-24 hours
An infrequently updated internal database of product specifications for an eCommerce store might have an RPO of up to 24 hours or more. At the same time, a CRM software tool used daily by internal customer success or sales teams might have an RPO of 1-4 hours. A customer-facing banking or Fintech application would likely have an RPO of 0 hours - indicating that any data loss would be unacceptable. Across all applications and IT systems, it is typically advisable to back up data at least daily.
RPOs are Based on Predicting Consequences of Data Loss
IT organizations determine RPOs for each application covered in the disaster recovery plan based on the criticality of the data, the compliance requirements associated with the data, how easily the data can be reconstructed, and the predicted consequences of data loss.
For customer-facing applications, consequences for lost data can include SLA violations, regulatory/compliance breaches, customer dissatisfaction and even customer loss. For financial apps (e.g. banking or stock trading), any data loss would disrupt thousands or millions of transactions and be considered unacceptable. When the predicted consequences of data loss are high, IT organizations will set low RPOs and instantly replicate data to a secure back-up store to prevent data loss.
For infrequently-updated internal databases or communication apps, the consequences for data loss may not be as severe. When the anticipated consequences of data loss are low, IT organizations can set higher RPOs and implement less frequent back-ups to ensure an acceptable level of data loss in an outage.
RPOs Drive Disaster Recovery Planning
RPOs determine how frequently an enterprise IT organization must replicate the data from a given application or service to avoid unacceptable data loss in the event of an application crash or service disruption.
Achieving an RPO of 24 hours requires just one data back-up per day, while achieving a more ambitious RPO target of 1-4 hours can mean performing up to 24 scheduled data back-ups per day.
Achieving zero data loss (RPO = 0) requires a system of Continuous Data Protection (CDP), also known as real-time data back-up or continuous data replication. Instead of backing up the data on a schedule (e.g. once/hour or twice/day), CDP involves automatically replicating every change to the production database by asynchronously writing changes to a back-up copy of the database in real time.
RPOs Represent a Tradeoff Between Retaining Data and Minimizing Costs
Why don’t enterprise IT organizations simply establish an RPO of 0 hours for all applications and systems? Why allow for any data loss at all? The simple answer is that there’s a trade-off between avoiding data loss and minimizing the cost of maintaining the organization’s disaster recovery capabilities.
Each time a data back-up is performed, the enterprise IT organization incurs costs for things like data storage, egress, compute resources, and administration. In general, achieving lower RPO targets requires more frequent data back-ups, which leads to higher costs associated with fulfilling the disaster recovery plan. And as you might expect, leveraging CDP to achieve an RPO of 0 is even more complex and costly than running scheduled back-ups throughout the day.
This explains why IT organization’s don’t simply set RPO = 0 for all of their networks and systems. In cases where data loss can cause significant damage, it makes sense to protect the business by investing in CDP. But in cases where losing some data won’t hurt the business, it’s better to lose the data than to incur extra costs.
Why is Recovery Point Objective Important?
Determining the RPO that works best for your business will also help you pinpoint your recovery time objective (RTO), as well as the type of backup service you need and how frequently you need it. Forming a backup and recovery plan with the RPO in mind can help protect your organization from excessive data loss, maintain data resiliency, reduce the cost of your recovery, and improve your business continuity.
Disaster Recovery Planning and Strategy
The most important objective of establishing RPOs is to inform disaster recovery planning. By conducting a business impact analysis and predicting the potential consequences of data loss in both critical and non-critical systems and applications, enterprise IT organizations can determine exactly how often back-ups are required and where they should strategically invest in CDP systems to prevent the loss of critical data.
Avoiding Unacceptable Data Loss
The most important objective of establishing RPOs is to avoid the negative consequences of unacceptable data loss, which can include things like:
- Poor customer satisfaction
- Customer loss or churn
- Lost revenue
- Regulatory and compliance violations
- SLA violations
- Lost productivity and/or business efficiency
- Customer litigation
Two Recovery Point Objective Examples in Disaster Recovery
Example One: Online Banking Application
To ensure customer satisfaction and maintain customer trust, an online bank must maintain accurate and complete transaction records for all its customers. Therefore, the bank can never tolerate the loss of transaction data and should set an RPO of 0 for databases where transaction data is stored. Continuous data replication will be required to prevent data loss in all circumstances.
Example Two: Business Communications App
Remote employees of a business keep in touch using a business communication app. However, this app is mainly used for setting meetings and coordinating team activities - not for exchanging critical data. Any data loss from this application would have minimal impact on business operations, so the enterprise might establish an RPO of 12 hours for the application. Achieving this RPO requires just two scheduled back-ups per day.
TierPoint Helps Enterprises Establish and Achieve RPOs in Disaster Recovery
TierPoint offers Business Continuity and Resilience Solutions, including IT disaster recovery services and managed Disaster Recovery-as-a-Service (DRaaS). TierPoint helps enterprise IT organizations establish the right RPOs for critical IT systems, implement data back-up or CDP systems, execute disaster recovery testing to verify that RPOs are achievable, efficiently recover data following an unplanned service disruption, and avoid the potential negative consequences of unacceptable data loss.
Ready to Learn More?
Book an intro call with us and see how TierPoint can help you establish the right RPOs to avoid the negative consequences of unacceptable data loss for your business.
