Backup and Disaster Recovery Review
Review of backup strategy, schedule, storage isolation, retention, restore process and disaster recovery readiness.
Backups exist on most servers — but untested backups are not backups. A backup and disaster recovery review examines whether your backup strategy actually works: whether data is captured completely, stored safely, retained appropriately and can be restored when it matters.
What We Review
Our review covers the full backup lifecycle and disaster recovery posture:
Backup Configuration
- Backup existence — verification that backups are actually running and completing successfully
- Schedule — backup frequency relative to data change rate, timing conflicts with production load
- Scope — what is included and what is missing (databases, configuration files, email, DNS zones, application data)
- Storage location — local disk, remote server, object storage, offsite provider
- Isolation — whether backup storage is independent from production (separate disk, separate server, separate account)
- Retention policy — how many generations are kept, how far back you can restore, rotation scheme
- Encryption — encryption at rest and in transit, key management
Restore and Recovery
- Restore procedure — documented process, required tools, estimated time, responsible personnel
- Tested restores — evidence of successful restore tests, frequency of testing
- RPO (Recovery Point Objective) — maximum acceptable data loss based on backup frequency
- RTO (Recovery Time Objective) — maximum acceptable downtime based on restore process
- Offsite copies — geographic redundancy, provider diversity, access during primary infrastructure failure
- Partial restore capability — ability to restore individual accounts, databases or files without full restore
Operational Readiness
- Monitoring and alerting — backup failure notifications, storage capacity warnings
- Documentation — restore procedures documented and accessible to the team
- Dependency mapping — understanding which systems depend on which backup sets
Why Untested Backups Are a Risk
The most dangerous backup is the one you assume works. Common failures we find:
- Backup jobs that stopped running weeks or months ago with no alert
- Backups stored on the same disk or server as production data
- No retention beyond the most recent copy — a corrupted file silently replaces the only backup
- Restore procedures that have never been tested and fail when attempted
- Backup encryption keys stored alongside the encrypted backup
- Critical data excluded from backup scope (custom configurations, cron jobs, SSL certificates)
When a server fails, a ransomware attack hits, or a critical misconfiguration is discovered, the backup is the last line of defence. If it does not work, recovery options are limited or nonexistent.
What You Receive
- Backup assessment report — current state of all backup systems with findings and evidence
- Gap analysis — what is missing from your backup strategy relative to your infrastructure
- RPO/RTO evaluation — realistic recovery objectives based on your current configuration
- Remediation plan — prioritised steps to close backup and recovery gaps
- Best practice recommendations — scheduling, storage, retention and testing guidance tailored to your environment
Related Services
- Infrastructure Security Audit — comprehensive review including backup as part of overall infrastructure
- Hosting Infrastructure Audit — platform-level backup and recovery review
- cPanel / WHM Security Audit — cPanel backup configuration and transport
- Server Audit — server-level backup and configuration review
Find out if your backups will actually work when you need them. Contact us to schedule your review, or see our pricing.