MSPSLABCDR

Which DR SLA to propose to your client

Availability, RTO, RPO, test windows: how to write a DR SLA that protects both customer and MSP. Template included.

2 min read

TL;DR

A balanced DR SLA includes platform availability (e.g. 99.9%), minimum backup frequency, failover RTO target and a mandatory drill window. Without these four elements you are exposed in court.

The 4 pillars of a workable DR SLA

1. Backup platform availability

Not to be confused with customer SLA. It is the uptime of your infrastructure. Typical: 99.9% monthly (43 minutes of accepted downtime per month).

2. Minimum backup frequency

Not to be confused with RPO. Example: "guaranteed backup every 4 hours, target RPO ≤ 6 hours". Leave margin.

3. Failover RTO target

Only for scenarios documented in the runbook. Typical: "30-minute RTO from customer emergency call, for scenarios conforming to runbook X". Explicit exclusions for untested scenarios.

4. Mandatory drill windows

Quarterly, communicated 15 days in advance. Without this clause the customer never tests and you become responsible for the first surprise.

Exclusions that protect you

  • force majeure (floods, earthquakes);
  • nation-state cyber attacks (with documented classification);
  • intentional customer errors (manual backup deletion, shared credential changes);
  • failure to apply recommended patches after written notification.

Realistic penalties

Three options:

  • pro-rata refund of monthly fee per minute of breach (standard cloud SLA model);
  • future credit on fee (more conservative for vendor);
  • free upgrade to next tier for three months (creative, reduces churn).

Penalties above 100% of monthly fee are dangerous. Cap them.

Short template

In a single paragraph:

"The provider guarantees 99.9% monthly platform availability. Backups run at least every 4 hours. For failover requests on scenarios conforming to the documented and signed runbook, the provider guarantees a 30-minute target RTO from the emergency call. A quarterly drill window is mandatory. Force majeure, nation-state attacks and intentional customer actions are excluded."

Three similar paragraphs cover 90% of cases.

FAQ

Can I sign an SLA with 5-minute RTO?

Only if your infrastructure proves it in certified drills. Otherwise no, never.

Should the SLA be reviewed annually?

Yes. Especially after stack changes, cloud vendors, regulation.

For consistent pricing models, BCDR pricing for MSPs. For customer onboarding, DR onboarding in 5 days.

Want to see Sefthy in action?

Same IP, same subnet, RTO in minutes. Try it free for 7 days or talk to one of our specialists.

See pricing Request a demo