Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time. If the RPO is one hour, backups must occur at least hourly so that recovery loses no more than one hour of transactions. RPO answers: how much work can we afford to redo?
RPO drives backup frequency and replication strategies. Critical databases with near-zero RPO require synchronous replication or continuous data protection. Less critical systems might tolerate daily backups with 24-hour RPO. The tighter the RPO, the higher the cost.
CISSP Relevance
RPO appears alongside RTO in Domain 1 (Security and Risk Management) coverage of business continuity. Understand how RPO influences backup strategies, the difference between RPO and RTO, and how both derive from BIA. Know that RPO close to zero requires real-time replication, not just frequent backups.
AWS provides a clear explanation at AWS Disaster Recovery.
Related terms: Recovery Time Objective, Business Impact Analysis