What you get:

• Encrypted backup across all infrastructure

• Recovery tested regularly (files) and annually (applications)

• Documented evidence for auditors

• Retention policies enforced

Why testing matters:

Backup that hasn't been tested is an assumption. When you need it, assumptions create risk.

See Backup & Recovery for how backup works.

What you get:

• Workloads replicated to secondary infrastructure

• Documented recovery targets per system

• Annual failover testing with minimal production impact

• Evidence pack for regulators

Why testing matters:

DR plans that haven't been tested don't work when infrastructure fails. Annual testing proves capability.

See Disaster Recovery for how DR works.

What you get:

• Backup isolated from production (network-separated)

• Protected storage with deletion safeguards

• Annual cyber recovery simulation

• Evidence for cyber insurance and boards

Why testing matters:

Ransomware is inevitable. Cyber recovery proves you can restore cleanly, not assume backup is clean.

See Cyber Recovery for how cyber recovery works.

Annual testing cycle:

File Recovery (Regular Testing):

• Select files restored to verify backup works
• Different file types tested (documents, databases, etc.)
• Recovery timing documented
• Issues identified and fixed

Application Recovery (Annual Testing):

• Complete application stack restored
• Functionality validated
• Recovery time measured
• Procedures updated based on results

Disaster Recovery (Annual Testing):

• Critical applications failed over to secondary site
• Business validates applications work
• Recovery targets confirmed or adjusted
• Staff trained on procedures

Cyber Recovery (Annual Testing):

• Ransomware scenario simulated
• Restore from isolated backup
• Clean restore validated
• Timing and procedures documented

What you get every year:

• Evidence pack showing what was tested and results
• Updated recovery documentation
• Confidence recovery works when needed
• Compliance documentation for auditors

What's the difference between backup and disaster recovery?

Backup protects data.

Disaster recovery protects applications.

Example:

Your backup protects:

• Customer database

• Financial records

• Email archives

Your disaster recovery protects:

• Customer portal (the application that uses the database)

• Accounting system (the application that uses the records)

• Email server (the application that provides email)

When you lose data: Backup restores it.

When infrastructure fails: DR keeps applications running.

Most organisations need both. Recovery Confidence provides both, tested annually.

How long does recovery take?

It depends on what failed:

File or folder recovery: Minutes to hours

Application recovery from backup: 8-24 hours typically

Disaster recovery (failover to secondary site): 4-8 hours for critical systems, 8-24 hours for business-critical

Cyber recovery (restore after ransomware): 8-24 hours for business-critical applications

Why timing varies:

DR failover (4-8 hours) uses replicas at secondary site. faster.

Backup recovery (8-24 hours) restores from backup storage. slower but more comprehensive.

Cyber recovery (8-24 hours) includes malware scanning. thorough but takes time.

We document target recovery times per system and test annually to validate.

How often should recovery be tested?

Industry standard:

File/folder recovery: Regularly

Application stack recovery: Annually

Disaster recovery failover: Annually

Cyber recovery simulation: Annually

Why annual, not more frequent:

Testing requires:

• Staff time (IT team involvement)

• Business validation (applications actually work)

• Production risk management (minimal but not zero)

• Documentation generation

Annual testing is realistic, deliverable, and sufficient to prove recovery works and satisfy auditors.

Monthly or quarterly testing isn't scalable across customer base. we're honest about what we can deliver consistently.

What does 24/7 support actually mean?

Business Hours (9-5 Monday-Friday):

• Account manager available

• Technical support for questions

• Change requests processed

• Regular reviews scheduled

24/7 Automated Monitoring:

• Backup jobs monitored continuously

• Failures detected automatically

• Alerts sent to on-call team

24/7 P1 Emergency Response:

• Critical failures escalated immediately

• On-call engineer responds

• Recovery coordination for emergencies

Not a 24/7 NOC: We don't staff a network operations centre around the clock. We provide automated monitoring with emergency escalation for critical issues.

What evidence do we get for auditors?

Annual evidence pack includes:

Testing Results:

• What was tested and when

• Recovery timing achieved

• Issues identified and resolved

• Procedures validated

Infrastructure Documentation:

• Backup retention policies

• DR site configuration

• Cyber recovery isolation validation

• Recovery targets per system

Compliance Documentation:

• Test schedules maintained

• Business sign-offs collected

• Regulatory requirements mapped

• Gap analysis if applicable

This satisfies ISO 27001, SOC 2, PCI DSS, and similar frameworks requiring recovery testing evidence.

Can we test recovery ourselves without disruption?

File/folder recovery: Yes. we can restore to alternate location for your validation.

Application recovery: Requires production involvement. tested annually in controlled manner.

DR failover: Minimal production impact typically (though some disruption possible with certain network configurations).

Cyber recovery: Simulated scenario. no production impact.

Our approach: Test during agreed maintenance windows, monitor closely, document any impact, minimise risk.

How does this integrate with Adaptive Cloud?

Recovery Confidence is one of four outcomes Adaptive Cloud manages:

1. Recovery Confidence (you're here)

2. Cost Control

3. Sovereign Infrastructure

4. AI Infrastructure Readiness

Most organisations start with recovery because:

• Audit requires evidence

• Board asking about ransomware

• Regulator questioning resilience

• Insurance renewal needs validation

Once recovery is proven, natural expansion follows:

Next: Cost Control

Recovery infrastructure (backup storage, DR sites) represents significant spend. Optimise costs while maintaining confidence.

Then: Sovereign Infrastructure

Backup and DR data must comply with sovereignty requirements. Ensure recovery data stays where it must.

Finally: AI Infrastructure Readiness

Protected data enables AI initiatives. Recovery confidence ensures AI training data is accessible and protected.

This is Adaptive Cloud:

Start with one outcome. Prove value. Expand as trust builds. Full infrastructure accountability over time.