BCDR Glossary: Working Definitions for GCC Cloud Teams

A working glossary of the terms that come up in business continuity and disaster recovery work, with the operating context that matters for cloud teams in the GCC. Definitions are kept tight; where a concept has its own post, the entry links out for the longer treatment. For the broader architecture context, see our cloud DR in the GCC pillar.

Recovery metrics

Recovery Time Objective (RTO)

The maximum acceptable duration of unavailability for a workload before the business consequence becomes unacceptable. An RTO of four hours means the system must be restored within four hours of an outage. RTO is the input that drives architecture-pattern choice; see our pattern decision guide.

Recovery Point Objective (RPO)

The maximum acceptable amount of data loss, measured in time. An RPO of zero means no transactions can be lost, which requires synchronous replication. An RPO of fifteen minutes means up to fifteen minutes of in-flight transactions may be lost during failover.

Tiered recovery architecture

A classification scheme that assigns different RTO and RPO targets to different workloads based on business impact. Tier 0 systems require zero or near-zero downtime and zero data loss; Tier 1 systems target sub-four-hour recovery; Tier 2 systems accept longer windows. Tier classification should drive every downstream architecture decision.

Architecture patterns

Active-Active Multi-Region (Pattern B)

A pattern where identical workloads run simultaneously in two or more geographically separated regions. Traffic is distributed across regions via global DNS, and databases use synchronous replication for zero RPO. Failover is a routing change rather than a provisioning operation. Suitable for Tier 0 systems.

Hub-and-Spoke with Remote DR (Pattern A)

A pattern where production runs in a primary region and a remote region holds warm-standby DR capacity, receiving asynchronous replication. On failover, infrastructure-as-code provisions full DR compute. More cost-effective than Pattern B; suitable for Tier 1 workloads where multi-hour RTO is acceptable.

Multi-Provider Cross-Region (Pattern C)

A pattern where the primary environment runs on one cloud provider and the DR environment runs on a different provider. Eliminates single-provider dependency, including the case where the primary provider's global control plane is degraded. Most expensive of the three patterns; appropriate for critical national infrastructure or where regulators or contracts require multi-provider resilience.

Multi-AZ (multi-availability zone)

A deployment strategy that spreads workloads across multiple data centers within a single cloud region. Effective against localized hardware or facility failures within a region. Does not protect against region-level events. Multi-AZ is an availability pattern, not a disaster recovery pattern.

Geographic dispersion

The practice of separating primary and DR environments by enough distance that a single physical event cannot affect both. For GCC primary regions, dispersion typically means DR in Europe, APAC, or North America rather than a neighboring Middle East region.

Backup and data protection

Immutable storage

Storage where data, once written, cannot be modified or deleted for a defined retention period — even by the account root user. Uses WORM (write-once-read-many) semantics enforced at the platform layer. Defends against ransomware that compromises administrator credentials before launching encryption. See our backup guide.

Air-gapped backups

Backups that are physically or logically disconnected from the production network. In cloud terms, this means a separate account, in a different region, with independent IAM and no cross-account trust relationship. Prevents ransomware traversal from production into backup infrastructure.

3-2-1-1 backup rule

An evolution of the traditional 3-2-1 rule. Maintain three copies of data, on two different media types or storage classes, with one copy offsite, and one copy immutable. The immutable copy is the addition that addresses modern ransomware tactics.

Synchronous replication

A replication method where each write must be confirmed by both primary and secondary before the application is acknowledged. Guarantees zero RPO but introduces latency proportional to inter-region distance. Used for Tier 0 workloads.

Asynchronous replication

A replication method where writes are confirmed locally and propagated to the secondary with a lag. Tolerates greater inter-region distance without performance impact, at the cost of a non-zero RPO (typically under fifteen minutes). Used for Tier 1 and Tier 2 workloads.

Business continuity planning

Business Continuity Plan (BCP)

A documented strategy that defines how an organization will continue operating during and after a disruptive event. Covers people, processes, and technology: communications, stakeholder notification, alternate work arrangements, third-party dependencies. Distinct from a Disaster Recovery Plan, which addresses the technology side specifically.

Business Impact Analysis (BIA)

A systematic process for quantifying the operational and financial consequences of disruption to each business process. The BIA output establishes which processes are most critical, drives RTO and RPO targets, and supports the tier classification used in architecture decisions.

Disaster Recovery Plan (DRP)

The technical blueprint for restoring applications, databases, and infrastructure after a disaster. Covers failover procedures, backup restoration, and infrastructure provisioning. A complete BCDR program integrates the DRP with the BCP.

Crisis communication framework

Pre-built notification chains and stakeholder communication templates that are activated during an incident. Includes internal escalation paths, customer notification procedures, regulator reporting timelines, and external communications. The artifact most often improvised during real incidents.

GCC regulatory frameworks

SAMA CSF

The Saudi Arabian Monetary Authority Cyber Security Framework. The mandatory cybersecurity framework for financial institutions in Saudi Arabia. Covers governance, risk management, operations, third-party risk, business continuity, and incident response. See our SAMA CSF guide and checklist.

NCA ECC-2

The Saudi National Cybersecurity Authority's Essential Cybersecurity Controls, applicable to government entities and critical infrastructure operators. Broader in scope than SAMA CSF; institutions covered by both satisfy the more stringent requirement in each domain.

NCEMA 7000

The UAE National Emergency Crisis and Disasters Management Authority's standard for business continuity management systems, aligned with ISO 22301. Emphasizes integration with national emergency planning for critical infrastructure.

UAE Cybersecurity Council and TDRA guidance

Federal-level cybersecurity policy and regulatory guidance in the UAE. Sets baseline controls applicable across regulated sectors and government entities. Operates alongside NCEMA 7000 for civil-emergency continuity.

QCB BCP requirements

Qatar Central Bank's business continuity planning requirements for financial institutions. Combines a structured risk taxonomy with supervisory dialogue. Published text is less prescriptive than SAMA CSF; supervisory expectations are stricter than the text suggests.

DIFC and ADGM data protection

The data protection regimes of the Dubai International Financial Centre and Abu Dhabi Global Market free zones, both closer to GDPR than the UAE federal framework. Institutions licensed in these free zones operate under regimes pulled toward international BCDR standards.

Data residency exception framework

A pre-negotiated arrangement between an organization and its regulator that permits emergency cross-border data movement under defined triggering conditions. Resolves the conflict between residency requirements and survival requirements during a crisis. See our residency guide.

Testing and validation

Level 1: Tabletop exercise

A discussion-based walkthrough lasting two to four hours where leadership walks through a disaster scenario verbally. No systems are failed over. Surfaces communication gaps, unclear responsibilities, and process bottlenecks.

Level 2: Component failover test

A technical test of specific system components. For example, can a database successfully fail over to the DR region and back without data corruption? Validates individual recovery procedures.

Level 3: Full region failover test

A scheduled test where production traffic is served from the DR region for a defined period. Validates that the complete technology stack can run from DR, not just individual components. The minimum bar for Tier 0 systems after the March 2026 Gulf cloud incident.

Level 4: Coincident-scenario simulation

A combined exercise where physical infrastructure loss is simulated alongside concurrent cyber pressure (DDoS, ransomware, control plane degradation). Tests the simultaneity problem and the human-factor decisions that arise when monitoring and communication tools are degraded. See our operational lessons post.

Infrastructure concepts

Infrastructure-as-Code (IaC)

The practice of managing cloud infrastructure through machine-readable configuration files rather than manual processes. Used in Pattern A to provision DR compute on demand rather than maintaining idle standby capacity, reducing cost while preserving the ability to fail over.

Out-of-band monitoring

Monitoring that operates independently of the cloud infrastructure being monitored. If the primary cloud's control plane is degraded, in-band monitoring is degraded with it. Out-of-band monitoring uses external services to detect failures and trigger response without depending on the primary provider's APIs.

Anycast DNS

A network addressing method where a single IP address is announced from multiple geographic locations. Routes users to the nearest healthy region automatically. Removes DNS propagation delays from the failover path.

Cloud shared responsibility model

The principle that cloud providers are responsible for the resilience of the cloud (facilities, hardware, hypervisor) while customers are responsible for resilience in the cloud (data, applications, configurations, recovery architecture). Provider rebuilds the facility; customer's data and recovery plan remain the customer's responsibility.

Warm standby

A DR configuration where core infrastructure (networking, databases) is active and receiving replicated data, while application compute is scaled to minimum. On failover, the environment is scaled up to handle production traffic. Balances recovery speed and cost.

Failover orchestration

The automated or semi-automated process of switching production from a failed primary to a DR environment. Handles DNS updates, database promotion, application routing, and health validation. In Pattern C, orchestration must be independent of any single provider.

Threat landscape

Coincident cyber and physical threat

A scenario where physical disruption to infrastructure occurs alongside cyber pressure (DDoS, ransomware, intrusion attempts). Traditional BCDR plans that treat physical and cyber as separate domains under-prepare for this scenario. The March 2026 Gulf cloud incident is the most-cited recent example.

The simultaneity problem

The architectural challenge that management APIs, security control planes, and monitoring tools are typically hosted on the same infrastructure being affected, so cyber-defense and recovery tooling can be unavailable at the moment they are needed most. Mitigated by provider-independent DNS, IAM, and out-of-band monitoring.

Subsea cable concentration risk

The vulnerability created by the geographic concentration of submarine internet cables in chokepoints, including the Red Sea corridor. Cable degradation or severance can spike latency and disrupt cross-region replication, with material impact on DR pipelines that depend on those routes. Specific traffic-share figures vary by source; institutions should treat this as a real planning risk and verify current figures from authoritative cable-tracking sources when sizing the impact.

For applied uses of these terms, see the cloud DR in the GCC pillar, the pattern decision guide, and the SAMA CSF maturity ladder. To discuss any of these concepts in the context of your organization, get in touch or read more about Dataring's resilience practice.