About the Project
Industry: Banking
Regulatory context: EU financial regulation
Focus area: Data center resilience, disaster recovery, isolated recovery environments
Scope: Risk assessment, architecture review, peer benchmarking
My involvement: Subject-matter expertise on DR and IRE strategies
Year: 2025
Introduction
This project focused on understanding how well an existing data center setup could support operational resilience under the upcoming requirements of the EU Digital Operational Resilience Act (DORA). The work was carried out ahead of the 2025 applicability deadline, when many design and investment decisions are difficult to reverse.
My task was to assess the current approach, compare it with peer institutions, and help position the bank’s design against realistic Tier-1 European benchmarks.
The Situation
The client operated a multi-site data center architecture with a mix of physical infrastructure and cloud services. While disaster recovery capabilities existed, there was uncertainty about how well the overall design aligned with DORA requirements, especially in areas such as isolated recovery environments, dependency management, and business continuity under stress.
In parallel, industry practices were evolving quickly. Different banks were taking very different paths, ranging from traditional physical DR sites to hybrid and cloud-based recovery models. Understanding where the client stood relative to peers had become critical.
What Was Done
The work included a detailed review of the existing architecture across physical and cloud environments. I assessed disaster recovery and isolated recovery readiness using both technical and operational criteria.
A peer-benchmarking exercise was conducted across leading European banks. The comparison covered areas such as DR operating cost ratios, power usage effectiveness, IT floor utilization, RTO and RPO alignment, minimum viable business coverage, automation levels, and fallback readiness.
Special attention was given to risk mitigation strategies for closely located data centers, including patterns where sites were separated by less than one kilometer. I also analyzed different approaches to third-site usage, public and private cloud adoption, and cost models comparing physical and cloud-based recovery solutions.
Each peer setup was mapped against relevant DORA articles and local guidance from Banco de España to ensure regulatory alignment.
My Role
I was engaged as a subject-matter expert on disaster recovery and isolated recovery environments. My role was to analyze the existing setup, perform the peer comparison, and translate regulatory requirements into practical architectural and operational considerations.
I also focused on connecting technical design choices with business continuity expectations, ensuring that resilience was evaluated in terms of real business impact.
Outcomes
The work resulted in a consolidated benchmarking framework that positioned the client’s current DR and IRE design against Tier-1 European practices.
Clear gaps were identified in relation to DORA requirements, including areas where assumptions needed to be tested more rigorously and where design changes would be required before 2025. The client gained a structured view of how different recovery strategies affected cost, risk, and operational flexibility.
Key Takeaways
This project showed how regulatory requirements expose weaknesses that are not always visible in normal operations. It also highlighted how different recovery models lead to very different cost structures and risk profiles, even among similar institutions.
Most importantly, it demonstrated the value of benchmarking against peers before committing to long-term design decisions.
How This Experience Helps in Similar Situations
Similar questions arise in many organizations preparing for regulatory scrutiny or large-scale resilience reviews. I support teams by assessing existing recovery designs, comparing them with realistic benchmarks, and clarifying which changes are necessary, optional, or misaligned with business priorities.
This helps reduce uncertainty before major investments are made.
Related Tools & Materials
Some of the questions addressed in this project are covered in my document packs related to resilience assessment, regulatory alignment, and recovery architecture evaluation.
Closing
If you are preparing for DORA applicability or reassessing disaster recovery and resilience strategies, this case reflects the type of work and analysis I provide through consulting and practical tools.