Skip to main content
Disaster Recovery · KSA & GCC

Disaster Recovery Services

Tested disaster recovery, backup, business continuity, and cyber-recovery for KSA enterprises — RTO and RPO tiered, NCA-ECC and SAMA BCP aligned, with annual failover exercises that aren't on a slide.

2× / yrlive failover · documented
Immutablecyber-recovery vault
SAMA BCP+ NCA-ECC aligned
// 01 · What we protect

Six domains. One recovery posture.

From the operational backup of yesterday's invoice batch to a regional-scale cyber recovery — the full continuity surface, signed off by people who would have to use it.

DR.01

Backup-as-a-service

3-2-1-1-0 backup architecture. Cross-site, immutable copy, and a tested restore — because every backup we take, we also restore.

DR.02

Disaster recovery

Site-to-site DR with hot, warm, or cold standby tiers. Async replication, runbook automation, and a fail-back path that has been used.

DR.03

Business continuity

BCP design, BIA, dependency mapping. The non-IT half of continuity — people, locations, suppliers — written down and rehearsed.

DR.04

Crisis & incident management

Incident command, comms playbook, regulator notification trees. The first hour of a major incident — practised, not improvised.

DR.05

Cyber recovery

Immutable, air-gapped vault separated from production identity. Ransomware-tested restore path, quarterly clean-restore exercises.

DR.06

Compliance evidence

SAMA BCP, NCA-ECC, PDPL, ISO 22301 alignment. Audit-ready evidence packs, drill artefacts, and a control narrative that survives the actual audit.

// 02 · Recovery tiers

Four tiers. Picked per workload.

Hot, warm, cold, or a cyber-recovery vault. Most clients only need the hottest tier for 10–15% of workloads — we tier the estate so the budget matches the impact.

01

Hot standby

DR site fully synchronous with primary. Sub-15-minute RTO, near-zero RPO. Right for core-banking, healthcare critical systems, regulator-mandated tier-1.

  • Best for · RTO < 15 min
02

Warm standby most chosen

DR site running with minimum capacity, scaled-up on failover trigger. 15-min to 4-hour RTO, 5-minute RPO. Right for most business-critical applications.

  • Best for · RTO < 4 hr
03

Cold backup

Backup-only — VM images and data snapshots restored to cold infrastructure on demand. 8–48 hour RTO. Right for non-critical workloads and long-tail tier-3 systems.

  • Best for · RTO < 48 hr
04

Cyber-recovery vault

Air-gapped, immutable, identity-separated. Object-locked storage, scanned for known IoCs on every write. The vault DR alone doesn't replace.

  • Best for · ransomware blast radius
// 03 · RTO / RPO tiers

Three named tiers. One service catalogue.

Gold, Silver, Bronze — the same three names every BCP team uses, with the targets numerical, the technical pattern documented, and the price honest about the cost difference.

G

Gold · Tier 1

Mission-critical workloads. Core banking, life-safety, regulator tier-1. Tested live every quarter.

RTO < 15m Hot standby
RPO < 1m Sync replication
  • Active-active or hot standby
  • Cyber-recovery vault included
  • Quarterly live failover drill
  • Dedicated DR engineer on retainer
S

Silver · Tier 2

Business-critical workloads. The largest portion of most estates — ERP, CRM, line-of-business apps.

RTO < 4h Warm standby
RPO < 5m Async replication
  • Warm standby · auto scale-out
  • Cyber-recovery vault optional
  • Bi-annual failover drill
  • Shared DR engineering bench
B

Bronze · Tier 3

Standard workloads. Internal tools, dev/test, long-tail apps. Recoverable, but not 24/7-critical.

RTO < 48h Cold restore
RPO < 24h Daily backup
  • Cold backup & restore on demand
  • Annual restore-test sample
  • Vault not included by default
  • Standard support hours
// 04 · Failover scenarios

Four scenarios. Four playbooks.

The four failure modes every BCP programme should have a documented, rehearsed response to. Different blast radii, different recovery posture, different first-hour playbook.

Planned failover

Maintenance window · zero-loss

Scheduled cutover for patching, DC moves, or planned maintenance. Lowest stress, fully orchestrated, used as the rehearsal for the unplanned scenarios.

  1. Pre-cutover health check + comms
  2. Quiesce primary writes · drain
  3. Promote DR · re-point DNS
  4. Soak-test in DR · 30 min
  5. Fail-back if maintenance window allows

Unplanned outage

Hardware · network · site loss

Primary site goes hard-down. Detection within 60 seconds, DR promotion within RTO, no-blame post-mortem within 5 days.

  1. Alarm fires · incident commander paged
  2. Auto-promotion of DR (where configured)
  3. Customer comms within 15 min
  4. Forensic snapshot of primary
  5. Post-incident review · published

Cyber attack · ransomware

Identity compromised · blast radius

Production identity compromised. Standard DR is not safe — the DR site is reachable from the compromised identity. Cyber-recovery vault is the answer.

  1. Containment · isolate identity providers
  2. Cyber-recovery vault to clean-room env
  3. Forensic verification of clean restore
  4. Rebuild identity from offline gold copy
  5. Phased restore by criticality

Regional outage

Cloud-region or city-scale event

Entire region or city goes down. Both primary and same-region DR are affected. Cross-region or out-of-country DR copy is now in play.

  1. Validate cross-region DR is healthy
  2. Confirm regulatory residency posture
  3. Promote cross-region DR to live
  4. Customer comms · expected degradation
  5. Plan repatriation when region returns
// 05 · Operational assurance

Regulator-aligned. Audit-prepared.

Every piece of evidence, every control, every drill — tracked, owned, and ready before the auditor asks. This is what continuous DR governance looks like when nothing is left to chance.

Governance portal · Live

Saudi Government Entity · National DR Programme

Operational continuity evidence · managed lifecycle · auditor-ready

26 / 27 controls
NCA ECC Cyber resilience 12 / 12 All controls evidenced
NCA CSCC Cloud security 8 / 8 All controls evidenced
ISO 22301 BCM standard 6 / 7 1 pending refresh
Business Impact Analysis (BIA)ISO 22301 · 8.2.2 · periodic refresh
DR architecture & failover runbooksNCA CSCC · 3-3-2 · live document
Live failover validationNCA ECC · 4-1-3 · video + sign-off
Cyber-recovery clean-restore testNCA ECC · 4-2-2 · forensic log
Crisis comms tree & tabletop drillISO 22301 · 8.4 · workshop minutes
Supplier-failure recovery walkthroughNCA CSCC · 5-1-1 · pending refresh
RTO / RPO compliance scorecardInternal governance · monthly
// 06 · Methodology

Four phases. Same loop, every year.

Assess, architect, operate, exercise. The unsexy last phase is the one that decides whether the architecture actually works.

  1. 01

    Assess

    Business Impact Analysis, current RTO/RPO baseline, regulator gap map. The phase where you find out what you've actually promised.

  2. 02

    Architect

    Tier the estate. Hot, warm, cold, vault. Cross-region or in-region. Costed against each workload's named RTO/RPO.

  3. 03

    Operate

    Replication, monitoring, immutable vault, evidence library. Monthly refresh, RTO/RPO scorecard, anomaly investigation.

  4. 04

    Exercise

    Tabletop drill in Q1, live failover in Q3. Documented, regulator-presentable, and revised against findings every cycle.

// 07 · Partners & stack

DR tooling. Workload-led.

// 09 · FAQ

Common questions.

Q.01How often do you test the failover?

Twice a year as standard, more if the regulator requires. Tabletop in Q1, full live failover in Q3. Both are documented and the artefacts kept for the next audit.

Q.02Do you offer immutable backups?

Yes. The cyber-recovery vault is built on object-lock storage with cryptographic verification. Backups are immutable for a configurable retention window — typically 30 to 365 days.

Q.03Can the DR site be inside KSA?

Yes. For NCA-ECC and PDPL-bound workloads, the DR copy stays inside KSA. We use local cloud regions, or your second on-prem facility — whichever the regulator and the RTO want.

Q.04What about ransomware recovery?

The cyber-recovery vault is air-gapped from production identity, scanned for known indicators on every write, and tested for clean restore quarterly. Standard DR isn't enough on its own — ransomware needs its own playbook.

Q.05How is pricing structured?

Tiered. Gold (hot-standby, sub-15-minute RTO) is the most expensive per workload. Silver (warm) and Bronze (cold) are progressively cheaper. We mix tiers across the estate — most clients only need Gold for 10–15% of workloads.