What is NOT typically included in an organization's Disaster Recovery Plan (DRP)?

A.  Recovery Point Objective (RPO)
B.  Recovery Time Objective (RTO)
C.  Employee Performance Reviews
D.  Data Backup Strategies

Answer: C
Explanation:

A. Recovery Point Objective (RPO)

RPO is a technical metric that defines the maximum amount of data loss the organization can tolerate.

• The Goal: To determine the frequency of backups. If your RPO is 4 hours, you must perform a backup at least every 4 hours.

• The Impact: A shorter RPO (closer to zero) requires more expensive, near-real-time replication technologies.

B. Recovery Time Objective (RTO)

RTO is the maximum amount of time it should take to restore a business process or IT system after a failure.

• The Goal: To define the "speed" of recovery. If a critical server goes down, the RTO tells the IT team how long they have to get it back online before the business suffers unacceptable damage.

• The Impact: Meeting a very short RTO (e.g., 5 minutes) often requires "Hot Site" architectures with redundant hardware ready to take over immediately.

C. Employee Performance Reviews

Performance reviews are a Human Resources (HR) administrative function used to evaluate an individual's job performance over a period of time.

• Why it's the Answer: During a disaster, the priority is Safety (First) and System Restoration (Second). Assessing whether an employee met their quarterly sales goals or behavioral metrics has zero impact on the technical recovery of a database or the failover of a network.

D. Data Backup Strategies

Backup strategies are the "heart" of a DRP.

• The Goal: To ensure that a copy of the data exists in a secure, off-site location.

• The Methods: This includes choosing between Full, Incremental, or Differential backups and deciding on the storage medium (Cloud, Tape, or Disk).

• The Testing: A DRP must not only list the strategy but also include instructions on how to verify and test the restores to ensure the backups actually work.