Understanding RTO & RPO
How to define recovery targets that match your business reality, not vendor defaults.
RTO and RPO Explained
RTO: Recovery Time Objective
How long can you be down? The maximum acceptable time between the start of a disruption and the restoration of service. An RTO of 15 minutes means your system must be back online within 15 minutes of failure detection.
RPO: Recovery Point Objective
How much data can you lose? The maximum acceptable amount of data loss measured in time. An RPO of 1 hour means you can tolerate losing up to 1 hour of data. An RPO of zero means no data loss is acceptable.
Defining Targets by Workload Tier
Not every system needs the same recovery targets. A payment processing system and an internal reporting dashboard have fundamentally different business impacts. We define RTO/RPO by workload criticality tier:
| Tier | Description | RTO Target | RPO Target | Approach |
|---|---|---|---|---|
| Tier 1: Critical | Revenue-generating, customer-facing | < 15 min | Near-zero | Active-active replication, automated failover |
| Tier 2: Important | Business operations, internal tools | < 1 hour | < 15 min | Active-passive replication, semi-automated failover |
| Tier 3: Standard | Non-critical services, batch processing | < 4 hours | < 1 hour | Regular backups, manual restore procedures |
| Tier 4: Low | Dev/staging, archival systems | < 24 hours | < 24 hours | Daily backups, cold standby |
The Cost-Recovery Tradeoff
Tighter recovery targets cost more. Zero RPO with sub-minute RTO requires synchronous replication, multiple active regions, and automated failover, significantly more expensive than daily backups.
The right investment level is determined by business impact analysis:
- Revenue loss per hour of downtime: direct financial impact
- Customer impact: SLA penalties, churn risk, reputation damage
- Regulatory exposure: compliance violations, reporting requirements
- Operational cost of recovery: engineering hours, war room coordination, post-incident remediation