The measurement of strong Disaster Recovery Center (DRC) site is simple. It measured in two ways: The RPO (Recovery Point Objective) which means how much data your company willing to lose when things go wrong and the RTO (Recovery Time Objective) which mean how long you're willing to go without service after disaster. The lower number your company has the stronger DRC you have.

However the measurement of cheap DRC can be vary, ranging from simple strategy such as invest in the correct type of equipment, or always improve to achieve the highest possible asset utilization rates. Here are 3 simple strategy to create strong but cheap DRC.

1. Avoid idle compute resources.
Calculate the number of servers needed to host critical interactive sessions, local batch jobs, and additional infrastructure severs, and avoid idle compute resources.

2. Use a tiered storage solution.

What is the cost of non compliances to the regulation? here is the list, from Sarbanes Oxley to HIPAA

Sarbanes Oxley Act
1. Action: Altering, destroying, or concealing any records with the intent of obstructing a federal investigation.
Penalties: Fine and/or up to 10 years’ imprisonment.

2. Action: Failure to maintain audit or review "workpapers" for at least five years.
Penalties: Fine and/or up to 5 years’ imprisonment.

3. Action: Anyone who "knowingly executes, or attempts to execute, a scheme" to defraud a purchaser of securities.
Penalties: Fine and/or up to 10 years’ imprisonment.

4. Action: CEO or CFO who 'recklessly' violates his or her certification of the company’s financial statements.
Penalties: Fine of up to $1 million and/or up to 10 years’ imprisonment.

5. Action: If the violation is 'willful,' the penalty increases. up to 20 years’
Penalties: Fine of up to $5 million and/or imprisonment.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a comprehensive law affecting institutions and departments that deal with protected health information.

Requirements
HIPAA includes requirements to protect the security, integrity, and confidentiality of this health-related information. These requirements apply to departments at Purdue that have been officially designated by the HIPAA Privacy Compliance Office as covered by HIPAA. To be HIPAA compliant, departments must develop, implement, and enforce a comprehensive security program including administrative, technical, and physical safeguards as determined appropriate for the institution and data. In addition to developing their own safeguards, departments are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The Gramm Leach Bliley Act (GLBA) is a comprehensive law affecting institutions and departments that deal with financial information which includes nonpublic personal information such as addresses and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers.

Requirements
The GLBA includes requirements to protect the security, integrity, and confidentiality of this consumer information. To be GLBA compliant, organizations must develop, implement, and enforce a comprehensive information security program including administrative, technical, and physical safeguards as determined appropriate for the institution and data. In addition to developing their own safeguards, organizations are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The Gramm-Leach-Bliley Act of 1999 is also known as the Financial Services Modernization Act. It is intended to protect consumers and customers who obtain "financial products or services to be used primarily for personal or other household purposes". The Risk assessment is an important element of GLBA and the Federal Trade Commission has identified four areas that must be addressed:

(1) Information Systems,
(2) Employee Management and Training,
(3) Managing System Failures and
(4) Service Providers.