Will this disrupt my business?

No. Restores run into an isolated environment. Production is never touched. Most clients' staff don't know a drill happened.

What if we fail the drill?

Then we found out in a drill instead of a breach — which is the entire point. Failed drills come with a fix plan, and the re-test is included.

Do you drill cloud/SaaS systems too?

Yes — Microsoft 365/Google Workspace data, line-of-business SaaS exports, and on-prem servers are all in scope. We drill whatever your Critical Systems Map says matters.

The stopwatch is the product.

Anyone can tell you their backups are fine. A drill is the only way to know. Every quarter, we restore your critical systems from immutable backup into an isolated environment, time it to the second, and document everything.

What a drill looks like

06:00
Drill opens. Backup integrity verified, isolated restore environment provisioned. Your production systems are never touched.
06:15
Tier 1 restore begins: databases, business applications, file shares, in your priority order.
~10:30
Functional verification: can you log in, run a transaction, pull a patient record, process a payment? “Restored” means working, not just copied.
11:42
Clock stops. Measured RTO recorded against target.
+48h
Evidence Package delivered and walked through with you: what passed, what was slow, what we're fixing before next quarter.

What’s in the Evidence Package

Measured RTO per system tier vs. your stated targets, pass/fail
Restore logs, screenshots, and configuration verification
Signed attestation from your fractional CSO
Plain-English executive summary (one page — written for your insurance broker, not your IT guy)
Gap list with remediation owners and dates

DRILL #2026-014 · RESTORE TEST · CLIENT: [REDACTED] MEDICAL, GRAND RAPIDS MI✓ PASSED

BACKUP SOURCE: immutable object-lock repo (S3, compliance mode)
SYSTEMS RESTORED: EHR db · billing · file shares · phones
CLOCK START: 06:00:00 EDT
CLOCK STOP: 11:42:17 EDT
MEASURED RTO: 5h 42m 17s
TARGET: ≤ 12h
WITNESSED BY: J. ████, vCISO
EVIDENCE PKG: BB-EV-2026-014.pdf

Why quarterly

Because your systems change constantly — new software, new vendors, staff turnover — and because the proposed HIPAA Security Rule update calls for documented, recurring backup testing. An annual drill proves what was true a year ago. A quarterly cadence proves a capability.

Questions we get

Will this disrupt my business?: No. Restores run into an isolated environment. Production is never touched. Most clients' staff don't know a drill happened.
What if we fail the drill?: Then we found out in a drill instead of a breach — which is the entire point. Failed drills come with a fix plan, and the re-test is included.
Do you drill cloud/SaaS systems too?: Yes — Microsoft 365/Google Workspace data, line-of-business SaaS exports, and on-prem servers are all in scope. We drill whatever your Critical Systems Map says matters.

Book your baseline drill

The baseline drill is $2,500 standalone and credits toward onboarding. One scheduled morning, one stopwatch, and you'll know your real restore time — with the paperwork to show for it.

Book your baseline drill