Currently we have a stated time to:
a) assess an incident and declare a disaster (12 hours)
b) activate Recovery Plans to re-instate customer systems (8 hours)
However, looking at this from a customer perspective, they could argue that this adds up to an RTO of 12+8 = 20 hours.
Can anyone offer advice on how to document (contractually) and manage customer expectations?
Of course, we are putting the microscope on how we can improve the time for a)
From my point of view, the best place to establish these clauses is the Service Level Agreement, and I would specify clearly that the RTO is 20 hours (and I would also include the RPO).
You can also include in the Service Level Agreement the "Response Time", which is the time from you receive an incident until you reply it (it is related only with the response, not with the resolution of the incident).