An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?
A.
Requirements for regularly testing backups
B.
The disaster recovery communication plan
C.
Recovery time objectives (RTOs)
D.
Definition of when a disaster should be declared
My answer is C - RTOs set the expectations for the service provider regarding the maximum allowable downtime, which is directly impact and critical for business continuity. In the event of disaster (even not sure when to declare), but for one thing is that the service provider no matter what need to make sure the system is up and running based on RTO.
C- is the only statement that can be part of an 'agreement'. Choice D should still be at the discretion of the business and decision and its definition is not outsourced only execution is being outsourced.
DRaaS vendor never triggers when DR starts. Vendor usually at a remote location and wouldn’t know if primary site was impacted. Business always declares the disaster for whatever reason.
If the disaster criteria is not defined, there is no way to meet the RTO as disaster would have been potentially missed due to no definition therefore answer D would be more appropriate first and foremost thing.
D- Definitely D. It's no good having RTO's etc if you aren't even sure where your responsibilities end and theirs begin. IE what actually constitutes a disaster.
For anyone who is willing to discuss this further.....
In a disaster, such as fire, the natural tendency of all responders will be to put the fire out as soon as possible, even if there is no RTO. However, if they are not aware of the communication procedures, they will be blind as to who and how to contact for critical decisions like escalation, prioritization of recovery activities, emergency communication etc. Isn't communication the lifeline of a recovery process?
D. Definition of when a disaster should be declared . Don't we need to let them know when a disaster should be declared and at what point recovery should begin ?
Dealing with natural disasters is also "outsourced" - to fire department and emergency services. Yet, you're still the one who's "declaring a disaster by criteria" and call them to come and deal with it. For example, some companies would call firefighters as soon as a single room starts burning, while others would consider using their own personnel and built in technology (like sprinkler systems) to put out the fire.
So I think it's D.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Booict
3 months, 3 weeks agoshootnot
6 months, 1 week agoPOWNED
9 months, 3 weeks agoenk
11 months, 2 weeks agoacf4e9a
1 year, 1 month agoAaronS1990
1 year, 2 months agoCISSPST
1 year, 4 months agowickhaarry
1 year, 3 months agoAlexJacobson
9 months, 3 weeks agorichck102
1 year, 4 months ago