Skip to main content

Overview

XDR generates audit-ready reports documenting replication status, achieved RPO/RTO values from DR tests, and complete failover history. These reports satisfy common regulatory requirements (ISO 22301, SOC 2 Type II, HIPAA, PCI-DSS) that mandate documented DR testing and measurable recovery objectives.
Prerequisites
  • Protection plans with at least one completed DR test
  • Administrator access to Disaster Recovery → Reports
  • Compliance reporting period defined (typically monthly, quarterly, or annual)

Report Types

Report TypeContentsTypical Use
RPO/RTO ComplianceAchieved vs configured RPO and RTO per plan per periodRegulatory submission, internal governance
DR Test HistoryAll DR test events — date, plan, measured RTO, pass/failAudit evidence of testing cadence
Failover Audit LogComplete record of all failover and failback eventsIncident investigation, change management
Replication StatusDaily snapshot of replication lag and data currencyOngoing compliance monitoring
Recovery Point InventoryAvailable recovery points per plan at report timeData retention compliance

Generating Reports

Navigate to Disaster Recovery → Reports and select the report type:

Select report type

Select from the report type list. Each report type has configurable parameters for the plan name, date range, and output format.

Set parameters

ParameterDescription
PlanSpecific plan or “All Plans”
From / ToReporting period start and end dates
FormatPDF (for submission) or CSV (for further analysis)
Include raw dataAppend raw metric data as appendix (PDF only)

Generate and download

Click Generate Report. The report is created and available for download within seconds for short periods, or minutes for long reporting periods.
Report downloaded and shows plan name, period, achieved RPO/RTO values, and compliance status.

DR Test Cadence Requirements

Most regulatory frameworks mandate regular DR testing. XDR tracks test history automatically. Use XIMP to alert when testing cadence slips:
RegulationTypical DR Testing Requirement
ISO 22301Annual minimum; test must cover critical systems
SOC 2 Type IIAt least annual; evidence of testing required for audit
HIPAANo explicit cadence; must be “tested and revised” periodically
PCI-DSSAnnual test of incident response / DR procedures
Configure a XIMP alert for xdr_last_test_age_days > 90 to ensure quarterly testing. This exceeds all common regulatory minimums and provides early warning to schedule tests before the annual window closes. See Monitoring for alert rule configuration.

RPO/RTO Compliance Report Contents

The RPO/RTO Compliance report includes the following sections:
One-page summary showing:
  • Protection plans covered
  • Reporting period
  • Overall compliance status (compliant / non-compliant)
  • Number of DR tests performed
  • Number of actual failover events
For each plan:
  • Configured RPO target
  • Average, p95, and maximum replication lag during the period
  • Percentage of time replication lag was within RPO target
  • Number of RPO breach events and total breach duration
From DR test results:
  • Configured RTO target
  • Measured RTO for each DR test performed in the period
  • Pass/fail against configured target
  • Trend (improving, stable, degrading)
Optional detailed data:
  • Replication lag time series
  • All recovery point timestamps
  • Script execution logs from DR tests
  • Failover event timelines

Automated Report Delivery

Schedule compliance reports for automatic generation and delivery. Navigate to Disaster Recovery → Reports → Scheduled Reports and click Create Schedule:
SettingDescription
Report TypeRPO/RTO Compliance, DR Test History, or Failover Audit Log
PlansSpecific plan or all plans
FrequencyMonthly, quarterly, or annual
FormatPDF (for submission) or CSV (for analysis)
RecipientsEmail addresses for automatic delivery
Manage existing schedules from the Scheduled Reports list.

Evidence Preservation

Compliance audits may require evidence that DR testing and monitoring occurred throughout the audit period. XDR retains:
Data TypeRetention PeriodLocation
DR test reportsIndefinite (until manual deletion)XDR controller database
Replication lag metrics90 days raw; 1 year downsampledXIMP metric store
Failover event logsIndefiniteXDR controller audit log
Runbook script output90 daysXDR controller log archive
If your regulatory framework requires longer retention, export reports to an external system immediately after generation. XDR does not enforce retention beyond the defaults listed above.

Next Steps

Monitoring

Configure alerts to maintain compliance proactively

XDR User Guide — DR Testing

Run DR tests to generate the evidence captured in compliance reports

Security

Access control and audit trail for XDR administrative operations

Troubleshooting

Diagnose replication lag that threatens RPO compliance