Skip to content
Backup & Disaster Recovery

“We back up nightly” is not the same as “we can recover.”

Almost every breached business had a backup. Most had never tried to restore from it. We keep an immutable, offline copy and rehearse the recovery on a schedule — so the day you need it, the number we quote you is one we've already measured.

LAST RESTORE TEST · verified
COPY · immutable + offline
RPO/RTO · defined & tested
COVERAGE · every critical system
The backup that's never been tested

“We back up nightly” is not the same as “we can recover.”

A backup you have never restored from is a belief, not a control. Ransomware is engineered specifically to find and destroy the copy you assumed would save you.

  • Backups stored on the same network a ransomware attack can reach and encrypt.
  • A restore that has never actually been rehearsed, only scheduled.
  • No one able to state the real recovery time — only a hope that it will work.
  • A single copy, with no offline or immutable version to fall back on.
60%of breached small businesses close within six months — often after a backup that didn't hold
How GMAN runs it

Recovery, proven — not assumed.

A backup is only worth what its restore is worth. We build and rehearse both, so recovery is a measured fact by the time you ever need it.

  1. 01

    We keep an immutable, offline copy

    A version of your data an attacker with stolen admin credentials still cannot alter, encrypt or delete.

  2. 02

    We test the restore, not just the backup

    Scheduled restore drills verify the data actually comes back — not that a job ran green overnight.

  3. 03

    We define and prove a real recovery time

    Recovery point and recovery time objectives are agreed with you, then measured against an actual rehearsal.

  4. 04

    We cover every critical system, not just the file server

    Servers, line-of-business applications and endpoints are all in scope — not whichever folder was easiest to protect.

Recovery proof register

Verified recoverable. Not just backed up.

Every claim below is checked against an actual rehearsal, on a schedule you can audit. Activate a line to see the evidence.

Recovery Proof Register
3h 42mmeasured restore time, last full rehearsal — not an estimate

Every line above is checked on a schedule and logged — not asserted once at onboarding and forgotten.

What's included

The last line, engineered to hold.

Every line below is tested and reported — recovery you can verify, not a checkbox on an onboarding form.

Ransomware-resilient

Backup & Disaster Recovery — Inclusions Ledger

  1. Tested, immutable backups across every critical systemNot just the file server — line-of-business applications and endpoints are covered too.
  2. Offline / air-gapped copyMaintained outside production, so an attacker who owns your network still can't reach it.
  3. Scheduled restore rehearsals with a measured recovery timeThe number you're quoted is one we have actually clocked, not estimated.
  4. Defined RPO and RTO for every systemAgreed with you in plain terms, then held to — not buried in a technical appendix.
  5. Ransomware-resilient backup architectureBuilt specifically against the failure mode that destroys an untested backup.
  6. Quarterly recovery proof reportWhat was tested, what it took to restore, and what changed since the last rehearsal.
Operational excellence

The work, on the record. Anonymised, never embellished.

Case file · Regional Manufacturing Business · Gippsland · redacted

The old backup lived on the network ransomware encrypted.

  • The previous backup sat on the same domain the ransomware compromised — it was worthless within minutes of the attack.
  • No restore had been tested in the three years since the solution was installed.
  • The business absorbed four days of total downtime before data was partially recovered from an old export.

GMAN rebuilt the architecture around an immutable, offline copy and rehearsed a full restore to a measured recovery time the client can check every quarter.

Read the full file

The complete teardown — every gap found and closed — sent to your inbox. No call required.

One email, the file, nothing else. We don't sell lists — discretion is the work.

Before you ask

The questions every director asks first.

Don’t find out your backup fails during the breach.

See exactly where your recovery capability stands today. The assessment fee is credited toward your first year of managed protection.