Immutable backups, tested runbooks, quarterly drills and DORA / NIS2 / ISO 22301-ready evidence — shipped as a fixed-scope product, not a panic PowerPoint at 3AM.
Ransomware does not care about your RPO spreadsheet. A cross-account IAM compromise does not care about your nightly tape job. The question is not do you have backups — it is have you restored from them, recently, against a hostile production.
Backups run nightly and nobody has restored from them in 18 months. The first real restore happens at 3AM with the CEO on the line.
Backups sit in the same account, region or SAN as production. One compromised IAM key, one ransomware blast radius — both gone together.
No written failover procedure, no RTO/RPO targets, no drill evidence. When regulators ask, the answer is a nervous shrug.
A 90-minute tabletop plus a read-only audit of your backup estate. We surface immutability gaps, shared-fate storage, missing runbooks and untested recovery paths — and hand you an honest RTO/RPO baseline within 48 hours.
Under the hood
The drill combines the ITSailor Lifeline audit engine (backup inventory, immutability checks, IAM blast-radius scan) with a structured tabletop from our scenario library. Results are reconciled and interpreted by a senior engineer — never shipped raw.
Pick the engagement that matches where you are. Each tier ships with a written statement of work, a fixed price and named deliverables.
Know exactly where you stand. In writing.
Outcome
A board-ready picture of how bad a bad day would actually be.
Immutable, tested, evidenced. Yours to keep.
Outcome
Verified RTO ≤ 4h, RPO ≤ 15min and an audit binder that writes itself.
We hold the rope. You run the business.
Outcome
Continuity proven every quarter. Insurance renewals stop being painful.
Every engagement ends with code, documents and drill evidence that live in your repositories — yours to keep, inspect and extend.
Criticality tiers, maximum tolerable downtime (MTD), recovery objectives per system. Signed off by the business, owned by engineering.
Backup vaults with Vault Lock / Object Lock, cross-region replication, KMS isolation. Clean state, documented variables, ready for your CI/CD.
Written WORM policy, retention ladder, legal-hold procedure. Encoded in IaC — not in a wiki page nobody reads.
Markdown runbooks for database failover, region outage, ransomware response and data corruption. Versioned in Git, drilled quarterly.
Every drill produces a signed report — scope, timeline, observed RTO/RPO, issues found, remediation plan. Copy-paste into your audit file.
Pre-approved templates for customer, regulator, board and press communications. Translated, legal-reviewed, ready to send in anger.
When the pager goes off, nobody has time to think. Lifeline turns the first 24 hours into a script someone already rehearsed — with named owners, timed checkpoints and pre-approved comms.
Monitoring fires. Pager goes off. On-call confirms the event within 5 minutes.
Incident commander declared. Severity classified. Comms kit opened. Regulator clock starts where applicable.
Runbook followed step-by-step. Standby region promoted. DNS / traffic cutover completed. Status page updated.
Critical path services back online within RTO. Customer-facing confirmation sent. Investigation continues in parallel.
Blameless post-mortem scheduled. Evidence pack filed. Regulator notification finalised if required.
ITSailor delivers from the EU. Lifeline controls carry explicit mappings to DORA, NIS2, ISO 27001 and ISO 22301 — your audit binder is a side-effect of doing the work, not a separate project.
ICT business continuity & disaster recovery
Business continuity, backup management & crisis management
Information security aspects of business continuity
Business continuity strategy, plans & exercises
Business Impact Analysis, backup inventory and 90-minute tabletop. We quantify the gap — in euros and in hours — not in vibes.
RTO/RPO targets agreed per system. Architecture picked: pilot-light, warm-standby or active-active. Fixed price, fixed scope.
Terraform Lifeline modules deployed into your accounts. Immutable vaults, cross-region replication, runbooks versioned in Git.
First live restore. Measured RTO/RPO against target. Signed evidence pack. Thereafter — quarterly drills under the managed retainer.
Lifeline is built on proven, widely-deployed components. Nothing exotic, nothing you cannot maintain without us. No vendor lock-in beyond what your cloud provider already imposes.
Immutable cloud backup
Immutable cloud backup
WORM object storage
Hypervisor & file-level backup
Open-source encrypted backup
Off-site immutable copy
IaC & change control
Backup health dashboards
Yes — ransomware is the design driver, not an afterthought. Every Lifeline deployment ships with an immutable tier (S3 Object Lock in Compliance mode, Azure Immutable Vault, or Vault Lock) stored in a separate security boundary from production. Credentials that can delete backups are held by no human in day-to-day operations. We test ransomware recovery explicitly in the first drill — not just "can we restore a file", but "can we rebuild the business with production assumed hostile".
Underwriters want a signed report that proves a specific system was restored from a specific backup within a specific time window. Every Lifeline drill produces exactly that — scope, timeline, observed RTO/RPO, issues found and remediation plan, signed by the engineer who ran it. Clients typically drop two underwriting questionnaires by showing the last four quarterly reports.
Yes. Every Lifeline control carries explicit mappings to DORA Art. 11 (ICT business continuity), Art. 12 (response and recovery), NIS2 Art. 21 and ISO 22301. The managed retainer includes an annual evidence pack refresh timed to your supervisory review or internal audit. We have shipped Lifeline into FinTech, Legal and Corporate Services operators across EU jurisdictions running on Hetzner, AWS and hybrid bare-metal.
RTO ≤ 4h and RPO ≤ 15min for critical path services is our default target — and we only commit once we have seen the environment. Pilot-light architecture is cheaper and typically lands RTO around 2–4h. Warm-standby gets you sub-30-min RTO. Active-active is available but rarely the right answer for an SME budget. We tell you the honest number before you sign, not after.
No. Lifeline is not a product — it is an engagement. If your existing tool works, we harden it: add immutability, add off-site copies, add Terraform-managed policies, add the missing runbooks and the missing drill cadence. If it does not work, we say so and propose the minimum-viable replacement.
Zero production impact. The first drill restores to an isolated recovery sandbox — separate account, separate VPC, no public endpoints. We validate integrity, boot the stack, run smoke tests, document the timing. Production traffic never moves. Only the quarterly "full game-day" drill (optional, available under the managed retainer) touches live cutover, and only with a pre-agreed maintenance window.
One senior engineer — the same one you meet on the discovery call. No account managers, no offshore hand-off, no junior rotation. You get a single Slack channel and a direct line to the person holding the Terraform plan and the runbook pen.
One senior specialist. Zero hand-holding. Results in weeks.