RPO (Recovery Point Objective) Explained

By IBM Services

What is an RPO (Recovery Point Objective)?

An RPO is a measurement of time from the failure, disaster or comparable loss-causing event. RPOs measure back in time to when your data was preserved in a usable format, usually to the most recent backup. Recovery processing usually preserves any data changes made before the disaster or failure.   RPOs can also refer to how much data can be lost before your enterprise receives significant harm, also known as your enterprise’s loss tolerance.  

What does an RPO measure?

RPOs can be used to measure:

  • How far back IT must go, stretching back in time from the disaster to the last point where data is in a usable format
  • How frequently you need to back up your data, although an RPO doesn’t represent additional IT needs
  • How much data is lost following a disaster or loss-causing event

RPOs and automatic data backup

If your enterprise backs up its data every 24 hours, then there’s only a risk of losing data within the last 24 hours. The same risk is true for data that backs up every 12 hours, 8 hours and 4 hours ad nauseum.  If you have goals for automatically scheduling your data backups, then the right intervals may be all that’s required to meet your RPO goals. Fortunately, data backups are easily automated, so most automatic RPO strategies are easily implemented.

RPO implementation and frequency

Because data use is largely consistent and has fewer variables, RPOs are generally easier to implement than RTOs. However, because restore times are calculated based on your entire operation and not just your data, the opposite is also true. The time of day or day of the week when the disaster occurred can also affect your restore time.

Higher-priority applications often require more frequent RPOs. For four-hour RPOs, the IT department needs to implement scheduled snapshot replication and near-zero hour backups require continuous replication. When the RPO and RTO are near-zero, continuous replication will be combined with failover services, creating a near-100 percent application and data availability.

It bears noting that having consistent RPO, such as every 12 hours, doesn’t mean you would lose 12 hours’ worth of data during a loss-causing event. For example, if there’s an application failure at 3 AM and IT restores functions by 6 AM, then you may not have lost three hours’ worth of data. This lower risk of data loss can be because 3 AM to 6 AM is a low-traffic period for your application. 

Similarly, say you have an RPO every 10 hours, there’s a disaster a 1 PM and by 1:15 PM your functions are restored. You wouldn’t need to restore all the data from the last 10 hours, only the data from the last 15 minutes. 

Why recovery point objectives (RPOs) are essential for disaster recovery and your business 

Disaster recovery and an RPO

One of the problems with disasters is that people are seldom ready for them. In a perfect world, disasters could be seen from far away, allowing enough time for everyone to prepare and respond. In that world, when a disaster strikes your business, your data protection infrastructure would immediately regenerate, and your data and applications would return back to their normal state before the time and point of failure.

In the real world, it’s possible to failover an application and replicate the data for a near-zero loss, but the operations for these recoveries demand lots of resources. Your IT department must establish different RPO-based on the application priority, and the budget and resources they’ve been allotted. IT needs to create an RPO for your business.  

What is an RTO and how are RPOs different?

RPOs and RTOs are key concepts for maintaining business continuity and function as business metrics for calculating how often your business needs to perform data backups. RPOs are relative to recovery time objectives (RTOs), representing the time it takes for a system to go from loss to recovery, and what must be done to return an application and its data to its pre-disaster state.  

A backup and recovery checklist from an IBM Resiliency leader

The Asia-Pacific leader for IBM® Resiliency Services® Mijee Briana Walker has 20 years of experience in IT and has consulted in resiliency programs for businesses on six contents. She recently wrote the eponymously titled article, A resiliency leader’s checklist for backup and disaster recovery. Therein, Walker cites a recent IBM Institute for Business Value report which concludes that most companies use multiple cloud environments and cloud computing to deliver different services. Contrary to this fact, data backup and disaster recovery aren’t as well understood. She notes the importance of having a security-rich environment and that your businesses must ensure that its data is protected from corruption and cyberattack.

To support resiliency and bolster your business recovery after a disruption or cyberattack, Walker states “it’s important to look at the backup and recovery strategy for each environment, as well as the end-to-end environment.” 

Some excerpts from Walker’s checklist that can help you assess your current backup and disaster recovery plan include:

  • What does our contract include?
  • Does our backup policy align with regulatory and business requirements?
  • Do we know where our data is backed up to?
  • Is the data backup protected from cyber infection?¹

Watch the video


Disaster recovery client case study

In the summer of 2016, earthquakes shook the South Korean cities of Ulsan and Gyeongju. These natural disasters were cause enough to cause concern for several people at Hyundai Heavy Industry (HHI), who quickly realized how a disaster like the earthquakes could seriously damage Hyundai’s mission-critical IT infrastructure.

The HHI IT leadership collaborated with IBM Business Resiliency Services to develop and implement a modern disaster recovery solution with a remote data center.

The HHI headquarters is located in Ulsan and contain a wide range of intelligence ranging from information systems to design blueprints. It’s imperative for Hyundai that these data centers remain undisturbed and fully functional, as they enable Hyundai to continually work with more than 15 corporations, 24x7.

Through this collaboration, HHI was able to implement and administer the Resilient Enterprise Blueprint in just five months. This proactive response framework offered a holistic view for disaster recovery and business continuity that helps HHI monitor and prevent shutdowns and other serious disruptions. 

Beginning with a current state assessment, HHI performed a thorough business impact analysis, sorting mission-critical elements and systems that support the whole business. HHI was then able to successfully test its disaster recovery systems and centers and determine that the disaster recovery center was stable and resilient.

IBM Disaster Recovery as a Service (DRaaS) covers HHI’s 292 application systems with a same-day RTO. DRaaS also provides a near-zero RPO that minimizes data loss and helps ensure successful data recovery. HHI’s Disaster Recovery Center can withstand a greater than seven magnitude earthquake and contains multiple, uninterruptible emergency power supplies that are tiered based on the importance of the system or data.

IBM Business Resiliency Services helped enable HHI to defend against disaster and disruption, and seize a new competitive advantage in today’s market.

1. Mijee Briana Walker. “A resiliency leader’s checklist for backup and disaster recovery.” IT Biz Advisor,  April 16, 2019. https://itbizadvisor.com/2019/04/a-resiliency-leaders-checklist-for-backup-and-disaster-recovery/