Checklist
Backup checklist: only the restore counts.
A backup that has never been restored is a hope. This list turns your backup into a resilient concept — tickable point by point.
Backup checklist: only the restore counts.
A backup that has never been restored is a hope. This list turns your backup into a resilient concept — tickable point by point.
anders-it-solutions.de
1. The copies: 3-2-1 (and one offline)
- Three copies of your data exist (production + two backups)
- Two different media or systems (not the same NAS twice)
- One copy lives off-site (another location or EU cloud storage)
- One copy is offline or immutable — where ransomware cannot reach
- SaaS data is covered too: Microsoft 365 / email / CRM do not back themselves up
2. The restore: tested, scheduled, owned
- A full restore has been rehearsed at least once — not just a single file
- The restore test has a fixed date (e.g. quarterly) in the calendar
- One person is responsible by name — “IT handles that” does not count
- You know how long a restore takes and whether that is acceptable for the business
- The test result is documented (what worked, what was missing, what takes too long)
3. The incident: prepared, not improvised
- Backup systems are separated from the regular network (own credentials, no domain admin)
- The order in which systems get restored is documented
- The documentation stays readable even while your IT is encrypted (printout or external storage)
- Insurance & reporting duties: you know who to inform in an incident
From the blog: why “we have a NAS” is not a concept — and what the tested restore changes.
Newsletter
Practical notes on self-hosting, digital sovereignty, and IT security for SMEs — about once a month, no spam, unsubscribe anytime.
Thanks! Please confirm your email address.
Subscription failed — please try again later.
More open points than expected?
Backups with tested restores are part of my managed operations — the first call is free.