Cyber insurance underwriting has tightened dramatically over the past three years. The ransomware crisis that peaked between 2021 and 2023 forced cyber insurance carriers to fundamentally rebuild how they evaluate organizational risk. The most consequential change for IT leaders is that disaster recovery infrastructure has become a primary signal carriers use to assess organizational resilience — and now drives both pricing and coverage decisions in ways that did not exist five years ago.

For organizations renewing cyber insurance in 2026 and beyond, the disaster recovery infrastructure conversation has merged with the cyber insurance conversation. Carriers ask increasingly specific questions about DR facility capabilities, documented failover testing, recovery time objectives, and infrastructure compliance posture. Organizations with inadequate DR infrastructure face significantly higher premiums, narrower coverage scope, or in some cases coverage denials.

Consider this your independent disaster recovery colocation and cyber insurance review — written by an advisor with no financial stake in which provider, facility, or insurance carrier your organization chooses.

Bottom Line: Cyber insurance underwriting has tightened to specifically evaluate disaster recovery infrastructure quality including documented RTO and RPO commitments, geographic separation between primary and DR facilities, annual failover testing requirements, and matching compliance posture across both environments. Organizations with inadequate DR infrastructure face 25-40 percent higher cyber insurance premiums or coverage denials at renewal. The DR facility selection decision has become a cyber insurance decision, not just an IT decision. Metro Colo Advisory evaluates DR colocation alongside cyber insurance underwriting requirements at no cost.

Get My Free DR Insurance Review →

Why DR Infrastructure and Cyber Insurance Are Now Connected

The cyber insurance market underwent fundamental restructuring between 2021 and 2024. Ransomware claim volumes overwhelmed carrier reserves. Several major carriers exited the cyber market entirely. The carriers that remained dramatically tightened underwriting standards as a condition of continued coverage. The shift was not gradual — it was a complete rebuilding of how cyber insurance evaluates organizational risk.

The most significant change for IT infrastructure leaders is that carriers now use specific measurable criteria rather than relying on broad organizational risk profiles. Marsh’s recent cyber insurance market reports document how carrier questionnaires have expanded from approximately 10-15 questions in 2020 to 60-80 specific technical questions in current underwriting cycles. The bulk of the new questions focus on three areas: identity and access management, endpoint protection, and disaster recovery infrastructure.

The DR infrastructure questions are particularly consequential because they require verifiable documentation rather than self-attestation. Carriers now request copies of DR test reports, recovery time objective documentation, facility compliance certifications, and incident response runbooks. Organizations that cannot provide this documentation face material consequences during underwriting.

The connection between DR infrastructure and cyber insurance operates through several specific mechanisms:

• Premium pricing tied to DR documentation quality. Carriers segment risk pools based on documented DR capability. Organizations with comprehensive DR documentation, regular failover testing, and modern colocation infrastructure pay materially lower premiums than organizations with informal or inadequate DR arrangements.
• Coverage scope determined by DR infrastructure. Some carriers exclude business interruption coverage entirely for organizations without documented DR capabilities. Other carriers cap business interruption coverage at amounts that may not match actual exposure for organizations without adequate DR posture.
• Coverage availability constrained by DR adequacy. The most restrictive carriers will not write new policies for organizations without acceptable DR infrastructure. Renewal underwriting frequently demands DR infrastructure improvements as conditions of continued coverage.
• Sublimits on specific cyber claims linked to DR capability. Ransomware coverage sublimits, ransom payment coverage, and forensics expense coverage are increasingly conditioned on documented DR capabilities that would minimize the operational impact of an incident.

For IT leaders, the practical implication is that DR infrastructure decisions and cyber insurance decisions can no longer be evaluated separately. The DR facility you select, the geographic separation you maintain, the testing cadence you commit to, and the compliance posture you document all directly affect your cyber insurance economics.

What Cyber Insurance Carriers Now Specifically Require

The specific requirements vary across carriers but the underlying framework has become remarkably consistent across the major cyber insurance market. The following requirements appear in current underwriting questionnaires from virtually every major cyber insurance carrier.

Cyber Insurance Carrier Underwriting Requirements for DR Infrastructure

Requirement Category	Current Underwriting Standard	Documentation Carriers Request
Recovery Time Objective (RTO)	Documented RTO commitments by application criticality tier	Written RTO policy with tested validation
Recovery Point Objective (RPO)	Documented RPO commitments matching business impact analysis	Backup frequency documentation with restoration testing
Geographic Separation	Minimum 50 mile separation between primary and DR facilities	Facility addresses and geographic distance verification
Annual DR Testing	Documented failover testing minimum once annually	Test reports with success criteria and findings
Compliance Posture Matching	DR facility maintains equivalent compliance certifications to primary	SOC 2 Type II, HIPAA BAA, or other applicable certifications
Air-Gapped Backups	Immutable or air-gapped backup infrastructure protected from ransomware	Backup architecture documentation and protection methodology
Incident Response Runbook	Documented incident response procedures including DR activation	Written runbook with executive sign-off and tested procedures
Business Impact Analysis	Current BIA identifying critical systems and acceptable downtime	BIA document refreshed within past 24 months

Get My Free DR Insurance Review →

The honest reality is that most organizations cannot satisfy all of these requirements with their current DR arrangements. Organizations whose DR strategy was designed before cyber insurance tightening — meaning roughly anything established before 2022 — typically have gaps in at least three of the eight requirement categories above.

The gap analysis between current DR posture and current cyber insurance underwriting requirements is the critical first step. Organizations approaching cyber insurance renewals should complete this analysis 6-9 months before renewal rather than discovering gaps during the underwriting process itself.

DR Architecture Models — The Honest Comparison

Organizations evaluating DR infrastructure face four fundamental architecture choices. Each has distinct cost profiles, recovery characteristics, and cyber insurance implications. The right answer depends on business impact tolerance, budget constraints, and the specific cyber insurance requirements an organization faces.

DR Architecture Models Comparison

DR Model	Typical RTO	Typical RPO	Annual Cost Range	Best Fit For	Cyber Insurance Posture
Hot Site (dedicated colocation, live replication)	Under 1 hour	Under 5 minutes	$200K-$600K annually	Mission critical applications, regulated industries	Strongest underwriting position
Warm Site (dedicated colocation, scheduled replication)	4-24 hours	1-4 hours	$80K-$240K annually	Important applications with moderate downtime tolerance	Strong underwriting position
Cold Site (dedicated colocation, restore from backup)	24-72 hours	4-24 hours	$30K-$90K annually	Lower-priority applications with longer downtime tolerance	Adequate underwriting position
Cloud DR (DRaaS on AWS, Azure, or similar)	1-12 hours	15 minutes-4 hours	$50K-$250K annually	Variable across applications	Variable — depends on configuration

Hot site DR with dedicated colocation infrastructure represents the strongest cyber insurance posture. The combination of dedicated infrastructure, live replication, sub-hour recovery time, and physically separated facility addresses every primary underwriting requirement directly. Organizations with mission-critical applications, regulatory requirements, or significant business interruption exposure typically find hot site DR the right answer despite the higher cost.

Warm site DR provides strong underwriting position at meaningfully lower cost than hot site. The trade-off is recovery time — warm site recovery typically runs 4-24 hours versus hot site sub-hour recovery. For organizations whose business impact analysis indicates 24-hour recovery tolerance, warm site DR delivers strong cyber insurance economics without the cost premium of hot site infrastructure.

Cold site DR works for lower-priority applications but creates underwriting friction for primary business systems. The 24-72 hour recovery window exceeds most cyber insurance carrier comfort zones for mission-critical applications. Cold site DR is appropriate as part of a tiered DR strategy where critical systems use hot or warm site approaches while lower-priority systems use cold site.

Cloud DR through services like AWS Elastic Disaster Recovery, Azure Site Recovery, or similar offerings produces variable cyber insurance outcomes depending on configuration. Properly configured cloud DR with documented recovery objectives, regular testing, and appropriate compliance certifications can satisfy underwriting requirements. Poorly configured cloud DR often does not satisfy specific carrier requirements around geographic separation, compliance scope, or testing documentation.

Organizations building hybrid cloud colocation DR architectures — combining dedicated colocation infrastructure for critical systems with cloud DR for less-critical systems — frequently produce the strongest combination of cyber insurance posture and total cost economics for diverse application portfolios.

The honest enterprise outcome for most organizations is tiered DR strategy combining dedicated colocation DR for critical systems with cloud DR or backup-only protection for lower-priority systems. The mix produces the best combination of cyber insurance positioning and total cost.

Geographic Separation — How Much Distance Is Actually Required

The geographic separation requirement between primary and DR infrastructure is one of the most specific and most frequently misunderstood underwriting requirements. The carrier standard has evolved significantly over the past five years.

The current carrier minimum for most commercial cyber policies is approximately 50 miles of physical separation between primary and DR facilities. This minimum addresses the most common risk scenarios — utility grid disruptions, severe weather events affecting metro areas, and physical infrastructure failures that could affect facilities within a single regional area.

The 50 mile minimum is the floor, not the recommended target. NIST Special Publication 800-34 contingency planning guidance recommends 100+ miles separation for organizations with significant business interruption exposure. The practical recommendation from cyber insurance brokers consistently exceeds 100 miles for organizations renewing coverage in current market conditions.

The practical geographic separation conversation for IT leaders involves several specific decisions:

• Same-metro DR is generally inadequate for current cyber insurance standards. Primary infrastructure in Manhattan with DR infrastructure in Brooklyn or Queens, or primary in downtown Chicago with DR in suburban Chicago, typically fails the geographic separation requirement. Same-metro DR also fails to address regional events that could simultaneously affect both facilities.
• Adjacent-metro DR provides moderate separation. Primary infrastructure in NYC metro with DR in Boston, Philadelphia, or Washington DC metro areas typically satisfies the basic geographic separation requirement but may not exceed minimum thresholds for organizations with stricter underwriting requirements.
• Cross-region DR provides strong separation. Primary infrastructure in one major US region with DR infrastructure in a different major US region produces the strongest cyber insurance posture. Examples include NYC metro primary with Chicago, Atlanta, Dallas, or Phoenix DR. The cross-region approach also provides protection against regional events that could affect adjacent metro areas.
• The carrier neutral data center architecture at major colocation facilities supports flexible DR deployment by allowing connectivity to whichever carriers and cloud providers your DR strategy requires — providing operational flexibility that proprietary network facilities cannot match.
• International DR introduces complexity. Some organizations consider international DR infrastructure for maximum separation. The cyber insurance implications become more complex with international DR — data sovereignty requirements, regulatory scope, and operational complications can offset the geographic separation benefits.
• For organizations with NYC metro primary infrastructure specifically, the disaster recovery colocation options that produce the strongest cyber insurance posture typically involve dedicated DR infrastructure in Chicago, Atlanta, Dallas, or other major US metros at sufficient geographic separation. The NYC metro colocation market guide covers facilities suitable for primary infrastructure, while DR infrastructure for NYC-based organizations typically sits outside the NYC metro region entirely.

The Cyber Insurance Cost Impact

The financial impact of DR infrastructure quality on cyber insurance premiums has become substantial. Current market data from cyber insurance brokers indicates that organizations with strong DR posture pay materially lower premiums than organizations with inadequate DR arrangements across comparable risk profiles.

The typical premium variance between strong DR posture and inadequate DR posture for comparable mid-market organizations runs 25-40 percent. For an organization paying $150,000 in annual cyber insurance premiums, the DR infrastructure quality decision can produce $37,500 to $60,000 in annual premium savings — savings that compound across the full insurance relationship and that can offset significant portions of DR infrastructure investment.

The coverage scope variance can be even more consequential than premium pricing. Organizations with strong DR posture typically secure broader coverage including:

• Higher business interruption limits matching actual business impact analysis.
• Broader sublimits on ransomware claims including ransom payment coverage where available.
• Lower retention amounts on cyber incident claims.
• Broader coverage for forensics, notification, and remediation costs.
• Better terms on cyber incident response services covered under the policy.

Organizations with inadequate DR posture frequently face the opposite pattern — narrower coverage, higher retentions, lower sublimits, and exclusions for specific cyber incident scenarios. AM Best cyber market analysis documents that coverage scope variance has become at least as consequential as premium pricing variance in current underwriting cycles.

The renewal dynamics matter particularly. Organizations approaching cyber insurance renewals face two scenarios. Organizations with documented DR improvements between renewals typically secure favorable renewal terms. Organizations with no DR improvements but increased threat exposure typically face premium increases of 15-25 percent or coverage scope reductions even when underwriting questionnaires reveal no specific gaps.

Major Colocation Provider DR Capability Across National Markets

The colocation providers genuinely capable of supporting strong cyber insurance posture for DR infrastructure operate facilities across all major US metros. The honest comparison reveals distinct positioning across providers.

Major Colocation Provider DR Capability Matrix

Provider	DR Facility Strength	Geographic Separation Options	Compliance Posture	Best Fit For DR Use Case
DataBank	Strong national footprint with healthcare-grade compliance	Facilities across 30+ markets including 165 halsey st newark nj	Strongest combined HIPAA BAA, HITRUST, FedRAMP, SOC 2	Healthcare, compliance-bound regulated workloads
Equinix	Largest national and global footprint	200+ facilities across all major US metros plus international	Strong enterprise compliance program with mature documentation	Multi-site enterprise, financial services with national footprint
CoreSite	Strong national infrastructure with hybrid cloud focus	Facilities across major US metros with cloud connectivity	Strong SOC 2 Type II with HIPAA BAA available	Hybrid cloud DR with significant cloud connectivity requirements
Digital Realty	Extensive national and international footprint	300+ facilities globally including major US metros	Strong enterprise compliance program	International multi-site DR with global presence requirements
Cologix	Strong North American footprint with cost-optimized pricing	Facilities across major US and Canadian markets	Strong SOC 2 with HIPAA BAA available	Cost-optimized DR for organizations with budget constraints

These providers operate DR-capable facilities across major US metros — for example, Equinix data center facilities across the national footprint span 40+ markets, while DataBank operates facilities across 30+ markets. Coverage extends across Chicago, Dallas, Atlanta, Phoenix, Northern Virginia, Silicon Valley, Minneapolis, Kansas City, and other regional markets in addition to NYC metro presence. The right facility match depends on the specific geographic separation requirements, compliance constraints, and cost considerations for each organization. See our DataBank NYC guide for additional depth on the strongest current healthcare DR positioning, and our independent provider comparison for complete side-by-side analysis across all providers.

Industry-Specific DR and Cyber Insurance Implications

The intersection of DR infrastructure and cyber insurance creates distinct considerations across major industry verticals. Each industry context produces specific requirements that affect both DR architecture decisions and cyber insurance underwriting.

Healthcare organizations face the most complex DR requirements. The recently finalized 2026 HIPAA Security Rule update mandates annual incident response testing alongside cyber insurance requirements for documented DR capability. Healthcare cyber insurance underwriting requires both HIPAA BAA coverage at the DR facility and documented compliance with the updated rule requirements. Healthcare organizations running AI workloads with high density colocation requirements face additional considerations — the DR facility must support both healthcare compliance and the specific power density requirements that AI inference and training workloads create. The HIPAA colocation guide covers the complete healthcare framework including DR-specific provisions.

Insurance brokerages and financial services organizations face increasing scrutiny from their own E&O carriers alongside cyber insurance requirements. State cybersecurity regulations including the NY DFS Part 500 cybersecurity regulation create specific DR documentation requirements that go beyond standard cyber insurance underwriting. Financial services organizations should evaluate DR posture against both cyber insurance and regulatory compliance requirements simultaneously.

Manufacturing organizations face DR requirements driven by operational continuity exposure rather than data exposure. Manufacturing cyber insurance increasingly considers operational technology DR alongside IT system DR. Organizations with significant manufacturing operations should ensure DR coverage extends to OT systems, not just IT infrastructure.

Professional services firms including law firms, accounting firms, and consultancies face DR requirements driven by client data protection obligations. State bar cybersecurity guidance, accounting professional standards, and consulting client contracts create DR documentation requirements that interact with cyber insurance underwriting. Professional services firms should evaluate DR posture against both client contract requirements and cyber insurance requirements.

Government contractors face DR requirements driven by FedRAMP, FISMA, or DFARS compliance alongside cyber insurance underwriting. Government contracting cyber insurance requires DR posture matching the federal compliance framework relevant to the specific contracts. The combination of compliance requirements and cyber insurance requirements typically requires dedicated colocation DR rather than cloud DR for government contractor workloads.

For all of these industry contexts, the DR facility selection conversation extends beyond pure cost optimization into compliance fit, cyber insurance positioning, and operational support capability.

What CIOs Should Do This Quarter

The cyber insurance market is tightening further through 2026. Organizations approaching renewals should complete DR posture evaluation 6-9 months before renewal to identify gaps and remediate them before underwriting begins.

The practical action framework for CIOs:

• Inventory current DR arrangements against the eight underwriting requirement categories. Document RTO and RPO commitments by application tier. Verify geographic separation distance. Confirm annual testing cadence and documentation. Match compliance certifications between primary and DR facilities.
• Request current cyber insurance carrier underwriting questionnaire 6-9 months before renewal. The questionnaire reveals which specific DR requirements your carrier emphasizes. Some carriers emphasize testing documentation. Others emphasize geographic separation. Others emphasize compliance matching. Knowing your carrier’s specific emphasis allows targeted DR improvements.
• Run a structured colocation site selection process if DR facility upgrades are needed. For organizations with primary infrastructure also approaching end of life, evaluate whether the DR upgrade should be coordinated with a broader data center migration of primary infrastructure to optimize both deployments simultaneously. Compare facilities against your specific compliance requirements, geographic separation needs, and cyber insurance carrier requirements. Most CIOs discover that the DR facility selection process benefits from independent advisory that brings current market intelligence across providers.
• Evaluate the cyber insurance economic case for DR investments. The premium savings and coverage scope improvements from DR upgrades frequently offset significant portions of DR infrastructure investment over multi-year horizons. The honest financial analysis includes both insurance economics and operational resilience benefits.
• Document everything with executive sign-off. Cyber insurance underwriting requires verifiable documentation rather than self-attestation. DR testing reports, recovery procedures, compliance certifications, and incident response runbooks all require written documentation with appropriate executive sign-off to satisfy carrier requirements.
• Coordinate DR planning with cyber insurance broker evaluation. Most organizations work with a cyber insurance broker who can advise on specific carrier requirements and renewal positioning. Coordinating DR infrastructure decisions with broker insight produces better outcomes than treating these as separate workstreams.

Key Questions Enterprise CIOs Are Asking About DR and Cyber Insurance

What specific DR documentation do cyber insurance carriers require?

Current cyber insurance underwriting questionnaires request eight specific categories of DR documentation including written RTO and RPO policies with tested validation, backup architecture documentation with restoration testing reports, geographic separation verification between primary and DR facilities, annual DR testing reports with success criteria and findings, current SOC 2 Type II and applicable industry compliance certifications for both primary and DR facilities, air-gapped or immutable backup infrastructure documentation, written incident response runbooks with executive sign-off, and current business impact analysis refreshed within the past 24 months. Organizations missing any of these categories typically face premium increases, coverage scope reductions, or both during renewal underwriting. Metro Colo Advisory evaluates DR documentation completeness against current cyber insurance underwriting requirements at no cost.

How much geographic separation between primary and DR is enough?

The current cyber insurance carrier minimum is approximately 50 miles of physical separation between primary and DR facilities. NIST Special Publication 800-34 contingency planning guidance recommends 100+ miles for organizations with significant business interruption exposure. The practical recommendation from cyber insurance brokers consistently exceeds 100 miles in current market conditions. Same-metro DR generally fails current underwriting standards. Cross-region DR produces the strongest cyber insurance posture and additionally protects against regional events that could simultaneously affect adjacent metros. Organizations with NYC metro primary infrastructure typically benefit from DR infrastructure in Chicago, Atlanta, Dallas, or Phoenix to maximize both separation distance and cyber insurance positioning. Metro Colo Advisory evaluates geographic separation options for your specific cyber insurance requirements at no cost.

Does cloud DR satisfy cyber insurance requirements?

Cloud DR through services like AWS Elastic Disaster Recovery, Azure Site Recovery, or similar offerings can satisfy cyber insurance underwriting requirements when properly configured with documented recovery objectives, regular failover testing, appropriate compliance certifications, and verifiable geographic separation. However, properly configured cloud DR requires meaningful attention to specific carrier requirements that default cloud DR configurations frequently miss. The most common cloud DR underwriting gaps involve insufficient documentation of geographic separation between cloud regions, inadequate compliance scope coverage at the DR cloud region, and missing or inconsistent failover testing documentation. Organizations using cloud DR should verify that their specific configuration satisfies their cyber insurance carrier requirements before assuming cloud DR provides adequate coverage. Metro Colo Advisory evaluates cloud DR configurations against cyber insurance requirements at no cost.

How does annual DR testing affect cyber insurance pricing?

Annual DR testing has become one of the most consequential factors in cyber insurance premium pricing. Carriers segment risk pools meaningfully based on testing cadence and documentation quality. Organizations with comprehensive annual DR testing including documented test plans, executed failover procedures, measured recovery time and recovery point outcomes, and written test reports with findings typically pay 15-25 percent lower premiums than comparable organizations without documented testing. Organizations with no documented DR testing or with testing that exceeds 24-month intervals often face coverage exclusions for business interruption claims regardless of premium pricing. The premium savings from establishing annual testing cadence frequently offset the operational cost of testing within the first renewal cycle. Metro Colo Advisory advises on DR testing frameworks that satisfy cyber insurance underwriting requirements at no cost.

How Independent Advisory Changes DR and Cyber Insurance Outcomes

The intersection of DR infrastructure decisions and cyber insurance underwriting involves significant complexity that benefits substantially from independent expertise. The combination of facility capability evaluation, compliance posture analysis, geographic separation planning, cyber insurance carrier requirements, and total cost optimization creates a decision matrix that most internal IT teams have not built before.

Provider sales teams will present their DR capabilities favorably regardless of whether the specific facility actually meets your cyber insurance carrier requirements. Cyber insurance brokers will advise on policy structure but typically do not have current colocation market intelligence to recommend specific facilities. The gap between provider sales and insurance broker expertise is where independent colocation advisory delivers the most value.

Metro Colo Advisory is an independent colocation broker. We work for enterprises, not for any colocation provider or insurance carrier. Think of us the way you would think of a buyer’s agent in real estate. Our commission comes from the colocation provider you choose, paid only when a deal closes. There is no cost to you. We have no financial stake in which provider’s DR capabilities look better — our only interest is identifying the facility that genuinely meets your specific DR requirements and supports your cyber insurance underwriting position.

Metro Colo Advisory serves enterprise clients nationally across all major US colocation markets including NYC metro, Chicago, Dallas, Atlanta, Phoenix, Northern Virginia, Silicon Valley, and other regional markets. Our independent DR colocation analysis applies equally across geographies — facility evaluation, geographic separation planning, compliance posture verification, and cyber insurance alignment transfer cleanly between markets regardless of where your primary and DR infrastructure will be deployed.

For DR colocation and cyber insurance evaluations specifically we provide:

• Current cyber insurance underwriting requirement intelligence across major carriers — knowing which specific DR criteria each carrier emphasizes allows targeted DR improvements that produce maximum insurance benefit.
• Facility capability verification across providers genuinely capable of supporting your specific DR requirements including geographic separation, compliance certifications, and operational support capabilities.
• Compliance posture verification for DR workloads with regulatory constraints including HIPAA BAA scope at the DR facility, SOC 2 Type II coverage, and applicable industry-specific certifications matching primary facility posture.
• DR architecture analysis comparing hot site, warm site, cold site, and cloud DR options against your specific business impact analysis and cyber insurance requirements.
• Total cost analysis including DR infrastructure cost, cyber insurance premium impact, and coverage scope benefits over a 3-5 year horizon.
• Contract negotiation support for DR colocation contracts including specific provisions around testing access, compliance certification maintenance, and capacity expansion.

For complete depth on related infrastructure decisions, see our disaster recovery colocation guide for the broader strategic framework, our HIPAA colocation guide for healthcare DR specifics, our compliance colocation guide for the complete regulatory framework, our colocation pricing guide for current market pricing benchmarks, our colocation contract guide for contract term frameworks that apply to DR infrastructure, and our data center tiers framework for facility tier evaluation. For complete analysis of the NYC market context for DR deployments, see our NYC metro colocation market guide. For organizations also evaluating cloud repatriation alongside DR planning, our cloud repatriation guide covers the broader financial framework.

Get My Free DR Insurance Review →

The DR infrastructure and cyber insurance conversation will define your organizational resilience economics for the next 3-5 years. Cyber insurance market conditions are tightening further through 2026. Dedicated DR colocation infrastructure properly evaluated and properly aligned with cyber insurance requirements delivers materially better outcomes on both dimensions. Get independent guidance before committing to either path.

Want to understand how Metro Colo Advisory works before filling out the assessment? See how Metro Colo Advisory works →