Disaster Recovery: RTO, RPO, Recovery Sites, and Testing Your DRP

Disaster recovery is the IT component of business continuity: the set of policies, tools, and procedures that enable an organisation to restore its technology infrastructure and systems after a disruptive event. While business continuity planning (BCP) addresses the broad organisational response to disruption, disaster recovery planning (DRP) focuses specifically on the recovery of IT systems, data, and infrastructure. The CISSP exam tests DRP at both the strategic level (recovery site decisions, RTO/RPO alignment) and the operational level (backup strategies, testing types).

Cold vs Warm vs Hot Sites: Cost and RTO Trade-offs

Recovery sites are alternate facilities where an organisation can move its IT operations in the event that its primary facility becomes unavailable. The three categories — cold, warm, and hot — represent a spectrum of readiness that trades cost against recovery speed.

A cold site is a basic facility with physical space, power, and connectivity, but no pre-installed equipment. To recover at a cold site, the organisation must acquire and install hardware, restore data from backups, and configure systems before operations can resume. Cold sites offer the lowest cost but the longest recovery time — days to weeks depending on the scale of the environment and the availability of replacement hardware.

A warm site has pre-installed infrastructure (servers, networking equipment) but systems are not kept current with production. To recover at a warm site, the organisation must restore recent backups and update configurations. Warm sites balance cost and recovery time — they cost more than cold sites but can typically be activated in hours to days rather than days to weeks.

A hot site is an exact mirror of the production environment, maintained in a continuously synchronised state. Hot sites can take over production operations immediately (or within minutes) following a disaster. They offer the fastest recovery but the highest cost — maintaining a fully equipped, fully staffed, fully synchronised secondary site is expensive.

A reciprocal agreement (or mutual aid agreement) is an arrangement between two organisations to host each other's recovery operations in the event of a disaster. While inexpensive, reciprocal agreements carry risks: the partner organisation's site may also be affected by the same regional disaster, and there is no guarantee that adequate capacity will be available.