What's the difference between backup and disaster recovery?

Backup protects data.

Disaster recovery protects applications.

Example:

Your backup protects:

• Customer database

• Financial records

• Email archives

Your disaster recovery protects:

• Customer portal (the application that uses the database)

• Accounting system (the application that uses the records)

• Email server (the application that provides email)

When you lose data: Backup restores it.

When infrastructure fails: DR keeps applications running.

Most organisations need both. Recovery Confidence provides both, tested annually.

‍

How long does recovery take?

It depends on what failed:

File or folder recovery: Minutes to hours

Application recovery from backup: 8-24 hours typically

Disaster recovery (failover to secondary site): 4-8 hours for critical systems, 8-24 hours for business-critical

Cyber recovery (restore after ransomware): 8-24 hours for business-critical applications

Why timing varies:

DR failover (4-8 hours) uses replicas at secondary site. faster.

Backup recovery (8-24 hours) restores from backup storage. slower but more comprehensive.

Cyber recovery (8-24 hours) includes malware scanning. thorough but takes time.

We document target recovery times per system and test annually to validate.

‍

How often should recovery be tested?

Industry standard:

File/folder recovery: Regularly

Application stack recovery: Annually

Disaster recovery failover: Annually

Cyber recovery simulation: Annually

Why annual, not more frequent:

Testing requires:

• Staff time (IT team involvement)

• Business validation (applications actually work)

• Production risk management (minimal but not zero)

• Documentation generation

Annual testing is realistic, deliverable, and sufficient to prove recovery works and satisfy auditors.

Monthly or quarterly testing isn't scalable across customer base. we're honest about what we can deliver consistently.

‍

What does 24/7 support actually mean?

Business Hours (9-5 Monday-Friday):

• Account manager available

• Technical support for questions

• Change requests processed

• Regular reviews scheduled

24/7 Automated Monitoring:

• Backup jobs monitored continuously

• Failures detected automatically

• Alerts sent to on-call team

24/7 P1 Emergency Response:

• Critical failures escalated immediately

• On-call engineer responds

• Recovery coordination for emergencies

Not a 24/7 NOC: We don't staff a network operations centre around the clock. We provide automated monitoring with emergency escalation for critical issues.

‍

What evidence do we get for auditors?

Annual evidence pack includes:

Testing Results:

• What was tested and when

• Recovery timing achieved

• Issues identified and resolved

• Procedures validated

Infrastructure Documentation:

• Backup retention policies

• DR site configuration

• Cyber recovery isolation validation

• Recovery targets per system

Compliance Documentation:

• Test schedules maintained

• Business sign-offs collected

• Regulatory requirements mapped

• Gap analysis if applicable

This satisfies ISO 27001, SOC 2, PCI DSS, and similar frameworks requiring recovery testing evidence.

‍

Can we test recovery ourselves without disruption?

File/folder recovery: Yes. we can restore to alternate location for your validation.

Application recovery: Requires production involvement. tested annually in controlled manner.

DR failover: Minimal production impact typically (though some disruption possible with certain network configurations).

Cyber recovery: Simulated scenario. no production impact.

Our approach: Test during agreed maintenance windows, monitor closely, document any impact, minimise risk.

‍

How does this integrate with Adaptive Cloud?

Recovery Confidence is one of four outcomes Adaptive Cloud manages:

1. Recovery Confidence (you're here)

2. Cost Control

3. Sovereign Infrastructure

4. AI Infrastructure Readiness

Most organisations start with recovery because:

• Audit requires evidence

• Board asking about ransomware

• Regulator questioning resilience

• Insurance renewal needs validation

Once recovery is proven, natural expansion follows:

Next: Cost Control

Recovery infrastructure (backup storage, DR sites) represents significant spend. Optimise costs while maintaining confidence.

Then: Sovereign Infrastructure

Backup and DR data must comply with sovereignty requirements. Ensure recovery data stays where it must.

Finally: AI Infrastructure Readiness

Protected data enables AI initiatives. Recovery confidence ensures AI training data is accessible and protected.

This is Adaptive Cloud:

Start with one outcome. Prove value. Expand as trust builds. Full infrastructure accountability over time.

‍

‍