Answer ten yes-or-no questions about your backups and disaster recovery and get an instant readiness score. Everything runs in your browser: nothing is submitted, stored, or shared. This is a readiness indicator, not a formal audit.
Self-Assessment
Ten Questions on Backup and Recovery.
Answer honestly. Having backups is not the same as being able to recover, so focus on what has actually been tested.
1Have you set a recovery time objective (RTO) and recovery point objective (RPO) for each critical system?These targets should come from the business, not the backup tool.
2Do you follow the 3-2-1 principle: three copies, on two types of media, with one offsite?A single failure should never wipe out every copy.
3Do you keep at least one immutable or air-gapped copy that ransomware cannot alter or delete?Modern ransomware seeks out and destroys reachable backups first.
4Do your backups cover servers, endpoints, and cloud data such as Microsoft 365?SaaS data is often assumed to be backed up when it is not.
5Are backups monitored automatically, with alerts when a job fails?A silent failure is only discovered when recovery is needed.
6Have you performed a file-level restore test in the last quarter?A backup you have never restored is an assumption, not a safeguard.
7Have you run a full disaster recovery test of a critical system in the last 12 months?Only a full test proves you can recover a working system in time.
8Do you have a written disaster recovery and business continuity plan?A documented plan keeps recovery orderly under pressure.
9Are your backups isolated from everyday production credentials and access?Shared credentials let one compromise reach the backups too.
10Does your retention meet your legal, regulatory, and operational needs?Retention should match how far back you may need to recover.
What Comes Next
From Backups to Dependable Recovery.
However you scored, the path forward is the same shape: set recovery targets from the business, protect a copy from ransomware, and test restores on a schedule so recovery is proven rather than assumed.
Recovery targets (RTO and RPO) set from business impact, not tool defaults.
An immutable or offline copy that ransomware cannot reach.
Coverage for servers, endpoints, and Microsoft 365 data.
Routine restore tests and a full disaster recovery test each year.