Which of the following best defines RPO in a business continuity context?

RPO is about how much data you’re willing to lose in a disruption, expressed as the maximum tolerable data loss in time. It defines the point in time to which data must be restored after an outage, so the goal is to limit data loss to that amount. For example, if the RPO is four hours, your backups or data replication should occur at least every four hours so that, in the worst case, you’d lose no more than four hours of transactions. This focuses on data recovery and the acceptable data gap, not on how long the system is down. That timing concern is covered by the Recovery Time Objective, which deals with how quickly you must recover operations, and the time to detect an incident relates to detection, not data loss.