Home Blog
Services

Our Services

A neutral expertise for every step of your technological maturity, from crisis management to strategic planning.
IT Audit
IT Audit
IT Audit
IT Budget Audit
IT Budget Audit
IT Budget Audit
vCIO
vCIO
vCIO
Counter-Expertise
Counter-Expertise
Counter-Expertise
Backup Test
Backup Test
Backup Test
Discover all our services
ContactSchedule a call
Français
HomeBlogServicesContactSchedule a call
Français

Backup Restore Testing — Can You Actually Recover?

We test your backups for real — not just your MSP's 'green status'.

A backup restore test is a concrete, documented verification of your organization's ability to recover its data in the event of an incident. Factero performs real restores in an isolated environment, measures actual RPO and RTO, and produces a detailed report. Most organizations trust their MSP's dashboard — but 'green status' doesn't mean your data comes back intact when you actually need it.
Talk to an expert

Who is it for?

Any organization that has never tested its restores.

Municipalities, MRCs, townships and public bodies and SMEs wanting to validate their provider's promises. Factero Advisory Services is registered on the SEAO (Quebec) and the Ontario Tenders Portal (Ontario).

Organizations that recently changed IT providers or backup solutions and want to confirm the transition went smoothly.

Growing companies that have added systems or cloud environments and have never validated that their new data is properly covered.

Organizations preparing for a transaction — acquisition, merger, or financing — that need to document their operational resilience.

Boards or management teams seeking independent confirmation of their operational resilience — not out of distrust toward their provider, but because external validation is part of good governance.

Organizations that have experienced a past incident and want to ensure their backup environment is now reliable and tested.

When does it help?

If you recognize yourself in any of these situations, this service is designed for you.
  • You've never tested a full restore.
  • Your provider confirms that backups are running without issues — and that's good news. But a successful backup execution doesn't guarantee it will be restorable the day you actually need it. The independent test complements what your provider is already doing well.
  • You want to know how much time and data you'd lose in an incident.
  • You want to objectively validate what your IT team or provider has put in place — and document that it works.
  • Your cyber insurer requires documented proof of restoration testing for policy underwriting or renewal.
  • Your provider confirms backups are in order — and they probably genuinely believe it. But confirming that backups run without errors isn't the same as knowing what actually happens the day you need them. A restoration test is the equivalent of a full fire drill — not just checking where the exits are, but simulating the full evacuation under real conditions. We restore for real, in an isolated environment, at full scale. And we come back with clear findings: gaps to fix if they exist, or in most cases, the peace of mind that everything is in order — with the documentation to prove it.

What will you receive?

Checkbox icon

Documented test report: what works, what doesn't.

Checkbox icon

Realistic RPO/RTO figures based on the test.

Checkbox icon

If your RPO and RTO are not yet defined, we establish them with you based on the test results — in concrete terms: how many hours of downtime and how much data loss your organization can realistically absorb.

Checkbox icon

Concrete recommendations if gaps are identified.

Checkbox icon

A management-language reading: how many hours of downtime and data loss your current RPO/RTO represent — so leadership can assess real financial exposure.

Checkbox icon

Test report formatted to meet cyber insurer documentation requirements — results, tested environment, measured RPO/RTO, recommendations.

Checkbox icon

Analysis and validation of your existing disaster recovery plan — if you have one. We verify whether it's realistic, current, and consistent with what the test revealed. If you don't have one yet, we point you toward where to start.

Not a good fit?

  • If your backups have already been tested in a real restoration by an independent third party in the last 12 months and the documentation is current, you may already have what you need. If that's not the case — or if the last test was done internally — that's exactly what this service is for.

How does the process work?

A rigorous and transparent approach, step by step.
Realistic scenario
We design a realistic restore scenario tailored to your environment. If your backups are solid, the test confirms it — and you have independent validation to present to leadership or your insurer. If gaps exist, we document them before they become costly.
Restore in isolated environment
We restore in an isolated environment to document what works and what breaks. If your backups are solid and the restore works as expected, we confirm it — that's a valid result too. If gaps exist, they're documented with their real-world impact.
RPO/RTO in plain language
How much you can lose (in data), and how long you can stay down (in hours). We put realistic numbers on it.

Frequently Asked Questions

Answers to the questions our clients ask before reaching out.
What environments can you test?
Factero tests the most common backup environments found in municipalities and SMEs: Microsoft 365, Azure, Google Workspace, on-premises backup solutions like Veeam, Acronis, and Datto, NAS appliances (Synology, QNAP), virtualized environments (VMware, Hyper-V, Proxmox), and hybrid configurations combining cloud and local infrastructure. Each test is tailored to your technical reality — we don't apply a generic scenario to your setup. During the free 20-minute discovery call, we identify together the critical systems to test, realistic failure scenarios for your industry, and the technical feasibility of testing in your specific environment. Results are documented with measured RPO/RTO indicators that meet cyber insurer requirements and NIST-CSF best practices (Recover function).
Our MSP says backups are tested regularly. Why run an independent test?
An independent test verifies the outcome, not the process. Your MSP confirms that backups run without errors — that's necessary but insufficient. An independent test conducted by Factero goes further: we actually restore the data in an isolated environment and measure whether it's complete, consistent, and usable within an acceptable timeframe. That's the difference between 'the backup ran' and 'we can resume operations.' The NIST-CSF framework (Recover function) explicitly distinguishes these two levels of validation. If your MSP's results and our test align, you have documented double confirmation — useful for cyber insurers and compliance audits. If a gap appears, you identify it before a real incident, not during one. The two approaches complement each other — they don't replace one another.
Will the test disrupt our operations?
No, the backup restore test does not affect your operations. Factero performs the restoration in an environment completely isolated from your production infrastructure — no machine, server, or active database is touched during the process. Specifically, we create a separate test environment (virtual or physical depending on your configuration), restore data from your backup copies, and validate their integrity without ever interacting with your live systems. Your employees continue working normally throughout the entire test. The only interaction required from your IT team or provider is granting us access to the backup copies and answering a few technical questions about the configuration. The process follows NIST-CSF testing practices (Recover function), which specifically require an isolated environment to ensure the validity of results.
Our provider says everything is green. Why test anyway?
Green status confirms backups are running, not that they work. An all-green dashboard means the backup process completes without technical errors. But it doesn't answer the real question: is the restored data complete, consistent, and usable within an acceptable timeframe? Those are two distinct realities. Factero performs an actual restore test in an isolated environment to answer the question the dashboard cannot resolve: can we actually resume operations? Results are documented with measured RPO/RTO indicators — the same standards used by cyber insurers and required in compliance audits. If your provider is right, our test confirms it with documented independent validation. If a gap exists, you identify it before a real incident. Either way, it's a concrete gain for your organization.
What standards do you use to assess backups?
Factero relies on the NIST Cybersecurity Framework (Recover function) and recognized business continuity standards to structure each restore test. Results are documented using two standard indicators: RPO (Recovery Point Objective — maximum acceptable data loss, in hours) and RTO (Recovery Time Objective — maximum recovery time before operational impact). These indicators are the ones used by cyber insurers to assess risk coverage and by auditors to validate backup process compliance. If your RPO and RTO are not yet formally defined, we establish them with you based on the test results — in concrete language tailored for executive leadership. The final report includes measured results, identified gaps, and recommendations prioritized by risk level. This format is designed to satisfy both the technical requirements of your IT team and the documentation obligations of your insurer.
Our advice is 100% neutral and independent. See our Charter of Independence.

Related services

IT Audit Incident Recovery See more

Need to move forward on this?

Let's discuss your specific situation. No commitment, just expert advice.
Talk to an expert