In previous posts, we highlighted 5 Key Questions to Ask Your Backup as a Service Provider and 5 Key Questions to Ask Your Replication as as Service Provider. In this final post of our BC/DR series, we’ve compiled a list of 5 key questions you should ask a provider being signing up for their DRaaS solution:
1. In the event of a disaster, who is on hand to help?
We’re extremely biased here because we’re always onsite to help, but it’s an important point. In many cases, there isn’t anyone available to provide immediate support. A disaster event would signal a ticket that notifies techs to get to the data center to provide support. Find out whether or not there are actually people onsite who will help should you have an event declaration. If they’re not, be sure you know exactly what the latency/delay will be and whether or not it meets your SLAs.
2. Are there standard RPO/RTO targets we should adhere to?
We’re asked this question every time we talk about BC/DR, replication, and DRaaS, and the answer is no. That said, we do maintain a list of standard RPO/RTO windows that we see most often with customers or prospects. If you’re interested in discussing these, just let us know. The rule of thumb for RPO/RTO targets is whatever one fits your organization’s risk profile. The important thing to note is that you can look at these windows on an application-by-application basis. In many cases, simply stating the objective answers any targeting question.
3. Are hybrid (physical and virtual) environments supported?
Most environments are hybrid, meaning they consist of equal (critical) parts physical and virtual. Be sure that both parts of your hybrid deployment are supported in a recovery. These may be addressed via different technologies, but that won’t matter as someone else (your provider) is on the hook to be sure it works. Just be sure they’re both addressed within your required RPO/RTO windows, as it’s possible that multiple solutions have multiple windows.
4. Do you run full disaster event tests? If so, how frequently?
In most cases, a DRaaS solution will include a predefined number of standard tests each year. Be sure this is clarified and that the frequency and depth of testing meets your compliance requirements. If it doesn’t, be sure you are aware of the costs associated with custom testing procedures. Ask for a sample test result so you can properly evaluate the data you will receive.
5. Are my security & compliance policies adhered to in event of a disaster? Are they adhered to during recovery?
Make sure to make your requirements clear when you ask this question. In most instances, security and compliance policies can be met. The key is that they’re known. If you have requirements, make sure to state them up-front so that a potential provider can provide a useful answer.
If you’re interested in discussing any of these questions in more detail or have new questions of your own, please don’t hesitate to contact us. We also have a host of tools and resources available to help you through the BC/DR planning process. Visit Disaster Recovery to learn more.