Appendix D: DR Site Map & Network Diagrams

Aligned with NIST SP 800-34r1 (Contingency Planning) and NIST SP 800-115 (Security Testing & Assessment).

This appendix provides visual and descriptive documentation of the Disaster Recovery (DR) architecture, essential for effective response, compliance (e.g., FCA SYSC 13), and audit-readiness.

Purpose

To document the Disaster Recovery (DR) site configuration and associated network topology. This ensures recoverability, supports incident containment and restoration, and provides audit and operational clarity.

DR Site Overview

Attribute

Details

DR Site Name

Xcavate UK – DR Facility

Location

Secure Data Centre, Slough, UK

Site Type

Warm Site (pre-provisioned infrastructure, scaled on-demand)

Power Redundancy

Dual power feeds, UPS, and generator backup

Connectivity

MPLS + Direct Internet Access (DIA) + VPN failover routing

Access Control

Badge-controlled, biometric, and audit-logged physical entry

RTO / RPO

RTO: 4 hours; RPO: 15 minutes (Tier 1 systems)

Data Sync Method

Real-time replication (for Tier 1), daily sync for Tier 2/3

DR Test Frequency

Semi-annually (with documented outcomes and lessons learned)

Logical Network Topology (Diagram)

DR Site Infrastructure Diagram (Layered View)

DR Replication Table

System

Replication Type

Latency (Target)

Replication Tool

Destination (DR VLAN)

Production DB Cluster

Real-Time (async)

<15 min

pgBackRest + rsync

VLAN-DB-DR

Web App Servers

Scheduled Snapshots

Daily

Cron + SSH Snapshot

VLAN-WEB-DR

GitHub Repos

Daily Sync

24 hours

GitHub Actions

Secure Repo Vault

IAM Logs

Immediate forwarding

Real-Time

Syslog + SIEM connector

VLAN-LOGS-DR

DR Testing Notes

  • Test Scenarios Covered: Power loss, data corruption, site failover

  • Last Test Date: 18 March 2025

  • Next Scheduled: 21 September 2025

  • Gaps Identified: DB sync delay due to latency; addressed with tool optimisation

  • Improvements: Reduced DR launch time by 2 hours via automated orchestration

Integration with IAM & Access Control

  • DR Access strictly governed by Least Privilege Model

  • Only DR Team leads + CISO have access to replication configuration

  • SIEM alerts for unauthorised DR access attempts

PreviousAppendix C: Backup Schedules & LocationsNextAppendix E: Incident Response Plan Link

Last updated