Domain 12: Disaster Recovery

RPO/RTO, Backup Testing, Failover Procedures

Ops Bot | Operations | Max 30 Points

0-6
Ad-hoc
7-12
Foundational
13-18
Standardized
19-24
Advanced
25-30
Optimized

Scoring Criteria by Level

LevelCriteria
1No DR plan; backups untested; single region
2Basic backups; DR plan exists but untested
3RPO/RTO defined; backups tested; failover documented
4Regular DR drills; automated failover; multi-region
5Active-active; automated recovery; continuous DR testing

Assessment Questions

#QuestionMax
1Are RPO/RTO defined and met?6
2How often do you test backups?6
3How do you test failover?6
4Do you have multi-region capability?6
5How automated is recovery?6

Focus Areas

  • RPO: Recovery Point Objective (data loss)
  • RTO: Recovery Time Objective (downtime)
  • Backups: Regular testing, not just creation
  • Failover: Tested, documented procedures

Anti-Patterns (Red Flags)

  • Untested backups
  • Unknown RPO/RTO
  • Single point of failure
  • DR plan never tested
  • Manual recovery procedures

Evidence Checklist

  • RPO/RTO documented per service
  • Backup restoration tested quarterly
  • Failover runbooks exist
  • DR drills conducted annually
  • Multi-region deployment (if applicable)

Related Domains

DomainRelationship
ChaosChaos tests DR capabilities
SecurityBackup encryption, access
IncidentsDR invoked during major incidents

Plan for Failure

Test your backups, test your failover.