๐ What is Disaster Recovery Plan (DRP)?
A Disaster Recovery Plan (DRP) outlines the procedures and resources required to restore IT infrastructure and critical data following a disruptive event. It focuses on technical recovery, including data backups, system restoration, and network failover, aiming to minimize downtime and data loss.
"The key distinction is that a DRP is *technical*. Do not confuse it with a Business Continuity Plan (BCP), which addresses the broader continuation of business functions. Exam questions will test your ability to differentiate between the two and understand their respective scopes and objectives. RTO and RPO are critical concepts."
๐ Certification: Certified Information Systems Security Professional (CISSP)
๐ What are the Key Concepts of Disaster Recovery Plan (DRP)?
- โธ A DRP focuses on restoring *technical* IT infrastructure, unlike a BCP which covers the entire business operation.
- โธ Recovery Time Objective (RTO) defines the maximum acceptable downtime for a system or process after a disaster.
- โธ Recovery Point Objective (RPO) determines the maximum acceptable data loss measured in time โ how old the restored data can be.
- โธ DRP testing (e.g., tabletop exercises, simulations) is crucial to validate plan effectiveness and identify weaknesses.
- โธ Data backups are a core component, but the DRP details *how* those backups are used to restore systems, not just their existence.
๐ฏ How does Disaster Recovery Plan (DRP) appear on the CISSP Exam?
You may be asked to differentiate between a DRP and a BCP in a scenario describing a companyโs response to a building fire and its impact on operations.
A scenario might describe a system outage and ask you to select the appropriate action based on the defined RTO and RPO for that system.
Expect questions about the order of operations in a DRP โ which systems are restored first and why, based on business criticality.
โ Frequently Asked Questions
How do RTO and RPO impact the cost of a DRP?
Lower RTO and RPO generally require more expensive solutions like hot sites or continuous data replication, increasing overall DRP costs. Balancing cost and risk is key.
Whatโs the difference between a hot, warm, and cold site?
Hot sites are fully operational and ready immediately (lowest RTO), warm sites require some configuration, and cold sites need full setup (highest RTO). The choice depends on RTO/RPO requirements and budget.
Is a DRP a one-time document, or does it require updates?
A DRP must be regularly reviewed and updated โ at least annually, or whenever significant changes occur to IT infrastructure or business processes. Outdated plans are ineffective.