3 Comments
User's avatar
CyberMaterial's avatar

Absolutely spot on, backups mean nothing if recovery hasn’t been tested. Curious, how often do you recommend organizations run full recovery tests?

Expand full comment
Joe Robertson's avatar

For SBOX, some type of recovery testing is required quarterly. However, this can often be isolated to a single critical database or application for the purpose of passing the test. What I find less common is recovery testing for active directory, management applications, and other back-end tools that support your application. A full test of everything should occur annually IMO. Most orgs aren't in a position to do a full test because they don't have capacity to clone their production environment.

Expand full comment
CyberMaterial's avatar

Absolutely agree. Quarterly tests often focus on core apps or databases, but critical systems like Active Directory and backend tools are just as vital. Annual full recovery testing is ideal, though many orgs struggle with capacity. Even partial or tabletop exercises can help bridge that gap.

Expand full comment