Fundamentals
RTO vs RPO: what's the difference?
RTO and RPO are the two numbers at the heart of every recovery plan. They're easy to confuse and easy to get backwards — so here's the clear version, with examples.
The one-line difference
- RTO (Recovery Time Objective): how fast you must restore a process or system — a duration of downtime you can tolerate.
- RPO (Recovery Point Objective): how much data you can afford to lose — a duration of data, i.e. how far back your last good copy can be.
An example
Suppose your order system has an RTO of 2 hours and an RPO of 15 minutes. If it fails, you must be back within 2 hours, and you can lose at most 15 minutes of orders — so backups/replication must run at least every 15 minutes.
Where MTPD fits
MTPD (Maximum Tolerable Period of Disruption) is the outer limit — the longest the process can be down before the damage is existential. Your RTO must always sit below the MTPD, and your RPO is never larger than your RTO.
Both numbers should come from a business impact analysis, not a meeting. Resilira derives RTO, RPO and MTPD from the BIA matrix automatically.
Frequently asked questions
- What is the difference between RTO and RPO?
- RTO is the maximum acceptable downtime (how fast you must recover); RPO is the maximum acceptable data loss (how much data, measured in time, you can lose). RTO is about time to restore; RPO is about the freshness of your last good copy.
- Can RPO be larger than RTO?
- No. RPO should never exceed RTO — you cannot tolerate losing more data than the time you allow yourself to recover. Both are derived from the business impact analysis.
Keep reading
Get audit-ready before your next due-diligence questionnaire.
Start free — no credit card. 14-day trial with a sample workspace preloaded.