Backup-as-a-service
3-2-1-1-0 backup architecture. Cross-site, immutable copy, and a tested restore — because every backup we take, we also restore.
Tested disaster recovery, backup, business continuity, and cyber-recovery for KSA enterprises — RTO and RPO tiered, NCA-ECC and SAMA BCP aligned, with annual failover exercises that aren't on a slide.
From the operational backup of yesterday's invoice batch to a regional-scale cyber recovery — the full continuity surface, signed off by people who would have to use it.
3-2-1-1-0 backup architecture. Cross-site, immutable copy, and a tested restore — because every backup we take, we also restore.
Site-to-site DR with hot, warm, or cold standby tiers. Async replication, runbook automation, and a fail-back path that has been used.
BCP design, BIA, dependency mapping. The non-IT half of continuity — people, locations, suppliers — written down and rehearsed.
Incident command, comms playbook, regulator notification trees. The first hour of a major incident — practised, not improvised.
Immutable, air-gapped vault separated from production identity. Ransomware-tested restore path, quarterly clean-restore exercises.
SAMA BCP, NCA-ECC, PDPL, ISO 22301 alignment. Audit-ready evidence packs, drill artefacts, and a control narrative that survives the actual audit.
Hot, warm, cold, or a cyber-recovery vault. Most clients only need the hottest tier for 10–15% of workloads — we tier the estate so the budget matches the impact.
DR site fully synchronous with primary. Sub-15-minute RTO, near-zero RPO. Right for core-banking, healthcare critical systems, regulator-mandated tier-1.
DR site running with minimum capacity, scaled-up on failover trigger. 15-min to 4-hour RTO, 5-minute RPO. Right for most business-critical applications.
Backup-only — VM images and data snapshots restored to cold infrastructure on demand. 8–48 hour RTO. Right for non-critical workloads and long-tail tier-3 systems.
Air-gapped, immutable, identity-separated. Object-locked storage, scanned for known IoCs on every write. The vault DR alone doesn't replace.
Gold, Silver, Bronze — the same three names every BCP team uses, with the targets numerical, the technical pattern documented, and the price honest about the cost difference.
Mission-critical workloads. Core banking, life-safety, regulator tier-1. Tested live every quarter.
Business-critical workloads. The largest portion of most estates — ERP, CRM, line-of-business apps.
Standard workloads. Internal tools, dev/test, long-tail apps. Recoverable, but not 24/7-critical.
The four failure modes every BCP programme should have a documented, rehearsed response to. Different blast radii, different recovery posture, different first-hour playbook.
Scheduled cutover for patching, DC moves, or planned maintenance. Lowest stress, fully orchestrated, used as the rehearsal for the unplanned scenarios.
Primary site goes hard-down. Detection within 60 seconds, DR promotion within RTO, no-blame post-mortem within 5 days.
Production identity compromised. Standard DR is not safe — the DR site is reachable from the compromised identity. Cyber-recovery vault is the answer.
Entire region or city goes down. Both primary and same-region DR are affected. Cross-region or out-of-country DR copy is now in play.
Every piece of evidence, every control, every drill — tracked, owned, and ready before the auditor asks. This is what continuous DR governance looks like when nothing is left to chance.
Operational continuity evidence · managed lifecycle · auditor-ready
Assess, architect, operate, exercise. The unsexy last phase is the one that decides whether the architecture actually works.
Business Impact Analysis, current RTO/RPO baseline, regulator gap map. The phase where you find out what you've actually promised.
Tier the estate. Hot, warm, cold, vault. Cross-region or in-region. Costed against each workload's named RTO/RPO.
Replication, monitoring, immutable vault, evidence library. Monthly refresh, RTO/RPO scorecard, anomaly investigation.
Tabletop drill in Q1, live failover in Q3. Documented, regulator-presentable, and revised against findings every cycle.
What tested DR enables.
Same DR practice, framed as the operational posture: a tested failover, regulator-ready evidence, and an executive team that's seen the runbook executed — not just signed it.
Read the outcome pageTwice a year as standard, more if the regulator requires. Tabletop in Q1, full live failover in Q3. Both are documented and the artefacts kept for the next audit.
Yes. The cyber-recovery vault is built on object-lock storage with cryptographic verification. Backups are immutable for a configurable retention window — typically 30 to 365 days.
Yes. For NCA-ECC and PDPL-bound workloads, the DR copy stays inside KSA. We use local cloud regions, or your second on-prem facility — whichever the regulator and the RTO want.
The cyber-recovery vault is air-gapped from production identity, scanned for known indicators on every write, and tested for clean restore quarterly. Standard DR isn't enough on its own — ransomware needs its own playbook.
Tiered. Gold (hot-standby, sub-15-minute RTO) is the most expensive per workload. Silver (warm) and Bronze (cold) are progressively cheaper. We mix tiers across the estate — most clients only need Gold for 10–15% of workloads.
Two-week DR assessment. We baseline RTO/RPO against what you have today, name the gaps against what the regulator expects, and come back with a tiered plan.
How NAS structures tiered DR, cyber-recovery vaults, drill cadences, and regulator-ready evidence packs. Free to download.
Download the playbook EvidenceRedacted case studies showing what a SAMA-BCP-aligned managed DR engagement actually delivers.
Case studies