If you are going to create an RFP today what should be in it, how are the services packaged, Recovery objective capabilities, what are the range of RTO and RPO capabilities. Application and platform support, can the provider support your IT environment? We take a quick look to understand DR as a Service (DRaaS) offering.
Data transfer technologies
What are the replication and backup and disaster recovery solutions, how do you seed the initial copies to the production data. Are you throwing up a line, are you sending it all over, are they nailing you an appliance and then you are going to backup to that and then you send it to your DR as a service provider. How is that going to work – It is important to understand that.
How does the provider ensure data in the cloud is not lost, corrupted etc.? Risk mitigation – How does the provider mitigate oversubscription risk? How does the provider deal with the fact that they have thousands of customers and one geographical location, what is they do if their datacenter goes down, can those thousand feeds be repurposed in less than a minute? You better understand if the vendor can actually meet these requirements.
“How does the provider deal with the fact that they have thousands of customers and one geographical location, how does the provider protect sensitive data? What new enhancements are on the horizon? Can the provider support your IT environment? What is their level of expertise in failovers and failbacks? Can the provider support all the regions where you operate?”
How does the provider protect sensitive data? That is important if you are in heavily regulated environment or even not; Sony wasn’t a heavily regulated environment, but there was probably some stuff that they wanted to keep private. That wasn’t there third party that did that, it was their own fault.
Planned service enhancements
What new enhancements are on the horizon? That is always a good question to ask.
Pricing, SLAs and Contract Terms
What are the range of RTO and RPO capabilities? Scale – again can the provider support your IT environment. Supporting declarations – What is their level of expertise in failovers and failbacks? What is their success level? It is a relevant question to ask, “how good are you at this”.
Install base and Growth
How many customers do they have? Geographical Location – What are the regions in which the provider operates, can the provider support all the regions where you operate?
What are the provider’s technology and business partnerships? Because from a third-party risk management perspective they are now responsible for your ability to recover from a catastrophic event. If they are not, or if they are outsourcing that from another third-party provider, you want to make sure that they have a sound third party risk management program. You can’t reach into their providers and say “I’m coming to audit you”, and in some regulatory cases such as banking, healthcare it is imperative that you do it.
Subscribe to our Awesome Newsletter.