Home / Use Cases / Backup Drill

How do we really test restore and recovery, instead of just letting backups run?

Backups green, restore never tested? A structured backup drill shows how long recovery really takes — with a runbook and real, measured times.

Your backups are running. Every morning the system sends a green email, sometimes a weekly summary. Nobody looks too closely — after all, it’s green. The uncomfortable question eventually comes from outside: from the cyber insurer, from an auditor, from the statutory accountants: “When was a restore actually last tested?” We build a backup drill with you that can answer that question honestly.

Does this sound familiar?

Why now — and not later

Backup is one of the areas where promise and reality drift furthest apart. A green backup message means data was written — not that it’s readable, not that the right data is in it, and certainly not that recovery works in an acceptable time. Postponing the drill just postpones the problem until the real thing happens.

Typical triggers that put this on the agenda now:

What this would look like for you

Step 1 — Set RTO and RPO per system

We sit down with you and management and go through the systems that matter: ERP, file storage, mail, CAD, industry software. For each system we clarify: how long can it be down, at most, before the business seriously suffers (RTO)? How much data loss is tolerable — one hour, four hours, one day (RPO)? That’s a business decision, not an IT decision. Delivery: a compact table with a written RTO/RPO agreement for each system. That puts an end to the “probably a day” guessing.

Step 2 — Define restore scenarios

Together with you we pick three to five realistic scenarios to exercise. A typical mix for a mid-market company:

Delivery: a scenario list with a clear success definition for each one. What has to work at the end of the drill for the test to count as passed?

Step 3 — Run the drill in an isolated environment

We set up an isolated test environment with you — a separate Azure subscription, a VM sandbox or a dedicated test area. That’s where we run the scenarios. In scenario B, the ERP test server really is restored from backup, started, and validated against the database. In scenario C, a test mailbox is restored and its contents checked. A stopwatch runs throughout the drill — for each scenario we record how long it actually took, where things got stuck, what was unclear. Delivery: a drill report with real times, real data volumes, real obstacles. No theory.

Step 4 — Assess the gaps and write a restore runbook

After the drill you have three kinds of findings: what worked (sometimes surprisingly well), what took longer than hoped, and what didn’t work at all. Together we assess the gaps. Some are technical (too little bandwidth to the backup target, wrong retention setting, missing indexing), some are organizational (nobody knew where the recovery password was kept, the responsible person was on holiday). From this a restore runbook emerges: a step-by-step guide per scenario that a stand-in can execute in an emergency. Delivery: a runbook of 5 to 15 pages, not a novel.

Step 5 — Agree on a repeat rhythm

A one-off drill is better than never — but it ages. We agree a realistic rhythm with you: a full drill once a year, plus a small spot check of individual scenarios every six months. That fits a mid-market company without blocking day-to-day business. Delivery: a calendar rhythm with clear responsibilities and a mini-template that halves the preparation effort next time.

What to look out for

What realistically changes afterwards

What you contribute

Risks — and when this isn’t the right fit

How the conversation starts

Book an initial conversation

Frequently asked questions

Isn’t it enough if our backup software verifies the jobs internally? Internal verification checks whether the backup file is readable — helpful, but not sufficient. A real restore drill checks whether the recovered system actually works: whether the database starts, whether the application connects, whether users can sign in. That’s a different class of test.

Do we really need a third-party backup for Microsoft 365? Often yes, but not always. Microsoft protects the infrastructure — what Microsoft does not provide is a long recovery horizon for accidentally deleted or attacker-manipulated data. The default retention for permanently deleted emails is 14 days (extendable to a maximum of 30); deleted mailboxes remain recoverable for 30 days. If you need to go back further, you need your own solution. The drill makes this visible very quickly.

How long does a drill take overall? Preparation and scenario definition around one week, the actual drill typically one day in the sandbox, evaluation and runbook writing one to two weeks. For the first iteration that’s about 3 to 4 weeks end to end, with a manageable time commitment on your side.

What if the drill shows our backup concept has gaps? That’s exactly what the drill is for. Gaps are, first of all, good news — they’re known, instead of surprising you in an emergency. Together we prioritize which gaps need closing first and which are acceptable. Not every gap has to be fixed immediately, but every one should be a conscious decision.