Non-functional Requirement - Site Recoverability

Category: Recoverability

Context: Site

Goals: When a site becomes unavailable, the recovery of the systems hosted at the site must occur at an alternate site within a pre-established elapsed time and with an acceptable data loss. The system at the alternate site must be capable of meeting all pre-failure functional and non-functional requirements.

Rationale: If the availability of the system is sufficiently critical, the system must be capable of being recovered at an alternate site within a reasonable time frame and must be capable of running from the alternate site for an extended period of time.

Requirement: Failure of a site shall not cause user detectable loss of business functionality for an elapsed time more than Metric. After an elapsed time no longer than Metric, the user will be able to resume business functionality with data loss no more than Metric.

Metric:

Level A:

A1. The user detectable loss of functionality will be for an elapsed time of no more than one business day.
A2. No more than the most recent thirty minutes of data modifications will be lost.
A3. The system at the alternate site will meet all pre-failure non-functional requirements other than site recoverability.

Level B:

B1. The user detectable loss of business functionality will be an elapsed time of no more than five business days.
B2. No more than the most recent one business day of data modifications will be lost.
B3. The system at the alternate site will meet all pre-failure non-functional requirements other than site recoverability and performance requirements.
B4. The recoverability will be tested annually.

Level C:

C1. The user detectable loss of business functionality will be an elapsed time of no more than fifteen business days.
C2. No more than the most recent five business days of data modification will be lost.
C3. The system at the alternate site will meet all pre-failure functional requirements.
C4. The system at the alternate site will meet all pre-failure non-functional requirements other than site recoverability, resiliency and performance requirements.

Level D:

D1. The system will meet <existing internal standard for backup and recovery>

Scale: Elapsed time, availability: Duration

Stakeholders: ​System Managers, Operations, System Users

Implications: If this requirement is not met, the organization will incur significant risk of extended loss of business functionality in the event of extended site outages. Additionally, if this requirement is not met, the system is subject to extended application outages during site-wide facility maintenance and upgrades.

Applicability: See Enterprise Requirements Framework

Tags: Recovery, Site

Status: Approved, Requirement

Author: <Author>

Revision: <Revision>


Note:

Incorporates traditional concepts of Disaster Recovery, site failover, site replication, off-site backups. A systems 'Availability', RPO and RTO are derived from this and other requirements. 

This NFR sets the minimum Recovery Point Objective (RPO) and Recovery Time Objective (RTO) that systems must meet under site related failures, such as data centers, buildings and campuses.

For more information, see NFR Summary