Backup operations are continuous work that ages poorly without dedicated attention. Daily verification, monthly drills, retention enforcement, key rotation, alert response all need to happen reliably over years. Operations that start backup work enthusiastically often quietly degrade as the team gets pulled to other priorities; the backup keeps running but nobody verifies the restore would actually succeed. The Recovery Point 2026 Gartner survey on backup recoverability documented that operations rarely test restore until they need it, by which point the gap between theoretical backup completion and actual restore success has accumulated for months. The ConnectWise BaaS practice guide published 2026 frames this directly: backup is a commodity; restore proven by drill is the value.
Backup-as-a-Service subscribes you to the operations layer that keeps backups verified, drilled, and ready. Daily verification that all scheduled backups completed successfully with alert on any failure within 4 hours. Monthly restore drill into a separate test environment with documented RTO and RPO measured for each drill. AES-256-GCM encryption key rotation on annual schedule (quarterly available on Enhanced tier). Retention policy enforcement across the three-tier hot/warm/cold storage. Alert response with on-call rotation routing severity 1 incidents within 30 minutes during operating hours, 2 hours outside. Restore assistance during real incidents with response time scaled to severity. Quarterly backup health report covering verification stats, drill outcomes, retention status. EUR 79/month standard tier; Enhanced and Compliance tiers available for stricter requirements. Prerequisite: Disaster Recovery Setup engagement (EUR 1,299 one-time) which builds the infrastructure this subscription operates.
Most operations start at Standard and upgrade retrospectively if they recognise the need. Operations preparing for SOC 2 Type II or regulated industry typically start at Compliance. Tier changes mid-subscription pro-rate.
| Feature | Standard | Enhanced | Compliance |
|---|---|---|---|
| Monthly price (EUR) | 79 | 149 | 249 |
| Backup verification cadence | Daily | Daily + spot-check 2x weekly | Daily + spot-check daily |
| Restore drill cadence | Monthly | Weekly | Bi-weekly |
| Encryption key rotation | Annual | Quarterly | Monthly |
| Restore assists included per year | 2 | 4 | Unlimited |
| On-call response (operating hours) | 30 min | 15 min | 15 min, 24x7 |
| On-call response (off-hours) | 2 hours | 30 min | 15 min |
| Health reports | Quarterly | Monthly | Monthly + ad-hoc |
| SOC 2 evidence packaging | Not included | Not included | Quarterly evidence packs |
| Drill report format | Standard | Standard + RCA detail | Audit-ready with controls mapping |
Add-ons available across all tiers: additional storage region (EUR 39/month per region beyond default two), extended retention to 7 years for compliance hold (EUR 79/month), restore-to-cloud target environment (EUR 49/month per target), priority on-call routing (EUR 39/month). Annual billing offers 10% discount on all tiers.
Operations weighing in-house versus subscribed backup operations face a classic build-versus-buy decision with a specific twist: the build option has a hidden cost that only surfaces during the one event the backup exists to handle. Running backups in-house looks economical on paper. The backup software is open-source (Barman, WAL-G, pgmoneta, Databasus all free); storage costs scale with data volume regardless of operator; the procedural work appears modest in any individual week. The hidden cost is the gap between backup completion and verified restorability, which only gets exercised during an actual incident. The Recovery Point 2026 backup recoverability survey documented that operations rarely test restore before they need it. Operations that run backups for years without drilling discover during their first real incident that the backup process had drifted: a PostgreSQL extension upgrade six months ago broke the restore path, a network access change blocked the restore environment from reaching the backup storage, an encryption key rotation captured only half the storage tiers, backup completion alerts kept firing but the data had been corrupted for the last 90 days.
The drill cadence is the mechanism that prevents this drift. Monthly drills catch the small issues early when they remain small. A PostgreSQL extension version drift surfaces in the April drill and gets fixed in 90 minutes; without the drill, the same issue would have stayed dormant until an October incident required restore and produced an 8-hour outage. Encryption key access issues surface in the May drill and get fixed in test environment; without the drill, the same issue would have surfaced during the November ransomware incident at 3am during the worst possible conditions for problem-solving. Storage allocation drift, configuration changes, dependency upgrades, credential rotation, network reachability changes all accumulate over months in ways that look fine from the backup completion dashboard but break the restore path. Twelve drills per year produce twelve opportunities to catch drift in controlled conditions; one drill per year (typical in-house cadence) produces one opportunity. The twelve-versus-one difference compounds over the three-to-five year horizon backups need to remain reliable.
The on-call rotation is the second mechanism that subscribed operations get and in-house operations rarely sustain. Backup alerts at 3am require someone to investigate; investigation requires familiarity with the specific backup tooling and environment; familiarity requires regular contact with the tooling rather than once-per-quarter checking. Operations that handle backup alerts as ad-hoc work (assign to whoever is available, get to it when convenient) accumulate ignored alerts and gradually become deaf to the alert channel. The first time something genuinely fails, the alert gets ignored for hours alongside the accumulated noise. Subscribed operations route backup alerts to an on-call rotation with documented response procedures and tracked response time; the alert always gets addressed within the SLA window because that is the contracted commitment. The continuous attention produces operational discipline that ad-hoc handling rarely sustains.
The third mechanism is restore expertise. A monthly drill that successfully restores backups builds team familiarity with the restore procedure over twelve iterations per year. The team running the December drill has experienced eleven prior drills and knows the specific quirks of the customer environment, the typical timing of each phase, the validation queries that catch common issues, and the rollback procedures if the drill surfaces an unrecoverable problem. The team running a first-time restore during a real incident is reading the runbook for the first time under pressure. The expertise difference shows up as RTO difference: drilled teams typically achieve target RTO; first-time teams typically miss target RTO by 2-5x. For an email infrastructure operation where each hour of restore extension means another hour of bounce events and reputation damage, the RTO difference is consequential.
The compliance benefit applies specifically to operations pursuing SOC 2 Type II or ISO 27001. Both frameworks evaluate operating effectiveness over an observation window. SOC 2 CC7.4 (incident response) and A1.2 (availability) both require evidence that recovery procedures operate effectively, not just that they exist. ISO 27001 A.8.13 (information backup) and A.5.30 (ICT readiness for business continuity) similarly require evidence of effective backup operations. The monthly drill produces auditable evidence per drill: drill report with documented procedure deviations, measured RTO and RPO, validation outcomes, corrective actions. Twelve drill reports per year provide sustained evidence of operating effectiveness. The Compliance tier specifically packages drill reports in audit-ready format with controls mapping suitable for inclusion in SOC 2 observation window evidence collection.
The cost calculation comes out clearly when accounting for hidden costs. Standard tier EUR 79/month produces EUR 948/year for monthly drills, daily verification, key rotation, alert response, and two restore assists. In-house operations require a backup specialist with PostgreSQL DBA skills attending the backup infrastructure approximately 4-8 hours per month (verification reviews, monthly drill execution, alert response, quarterly retention audits). At loaded labor rates for senior DBAs (EUR 80-120/hour fully loaded in European markets), the in-house cost ranges from EUR 320-960/month for the same operational coverage assuming the labor is reliably available. The cost calculation crosses over at small scale (one operation with one backup infrastructure); the calculation strongly favors subscription at any scale beyond that because subscription scales by backup complexity rather than by hours required.
Automated daily check that all scheduled backups completed successfully. Hot tier WAL archive every 5 min plus daily base backup. Warm tier weekly. Cold tier monthly. Suppression log continuous. Failures alerted within 4 hours.
Full end-to-end restore into separate test environment on the third week of each month. Different recovery target time each month. Validation queries against restored data. RTO and RPO measured per drill.
Monthly written report covering drill date, target time, restore source, measured RTO and RPO, validation outcomes, anomalies caught, and resolution. Standard tier delivers basic report; Compliance tier delivers audit-ready format with control mapping.
Three-tier retention (30/90/365 days) enforced via automated lifecycle policy. Storage allocation monitored to alert before approaching capacity. Old backups securely deleted post-retention with cryptographic verification of deletion.
On-call rotation routing backup-related alerts to engineers with familiarity with your specific configuration. Severity 1 response within 30 min during operating hours; investigation, customer notification, root cause analysis within escalating windows.
Two restore assists per year included on Standard tier (more on Enhanced and Compliance). Incident scoping, restore procedure execution, post-restore validation, incident documentation. Real incidents and planned cutovers both count.
Quarterly written report summarising backup health: verification success rate, drill outcomes summary, retention status, anomaly trends, capacity projection, recommended adjustments. Customer-facing format suitable for sharing with stakeholders.
AES-256-GCM key rotation on documented schedule (annual standard, quarterly Enhanced, monthly Compliance). Coordinated re-encryption across storage tiers. Old keys retained for backup retention duration to support older restore targets.
The natural progression after DR Setup completes. The runbook says how to operate backups; the subscription is who operates them. Most customers add BaaS immediately rather than attempting in-house operations first.
SOC 2 Type II requires sustained evidence of operating effectiveness across the 6-12 month observation window. The Compliance tier produces audit-ready monthly drill reports satisfying CC7.4 and A1.2 evidence requirements.
GDPR, HIPAA, PCI DSS operations where backup retention, encryption, and access controls must be auditable. The subscription produces continuous audit trail rather than retrospective evidence reconstruction.
Operations that recently experienced a data loss event and want professional backup operations going forward rather than repeating the in-house pattern that failed. The subscription locks in the operational discipline.
Operations where nobody on the team has deep PostgreSQL DBA expertise. The subscription provides the expertise as a service rather than requiring a senior DBA hire to operate backups internally.
Operations preparing for acquisition due diligence, customer audit, or regulatory inquiry. The quarterly health reports and monthly drill reports produce the documented evidence that auditors and diligence teams expect to see.
Monthly subscription operating the backup infrastructure deployed by Disaster Recovery Setup. The recurring deliverables: daily verification that all scheduled backups completed successfully with alert on any failure within 4 hours; monthly restore drill into a separate test environment with documented RTO and RPO; AES-256-GCM encryption key rotation on the documented annual schedule; retention policy enforcement across the three-tier hot/warm/cold storage (30/90/365 days); alert response with on-call rotation for backup failures, storage anomalies, or restore requests; restore assistance when needed including coordination with operational team, restore procedure execution, post-restore validation, and incident documentation; quarterly backup health report covering verification statistics, drill outcomes, retention status, and any anomalies. The service prerequisite is Disaster Recovery Setup (EUR 1,299 one-time) which builds the backup infrastructure that this subscription operates. EUR 79 per month, billed monthly or annually with 10% annual discount.
Three operational reasons. First: backup operations are continuous work that ages poorly without dedicated attention. Daily verification, monthly drills, retention enforcement, key rotation, alert response all need to happen reliably over years. Operations that start backup work enthusiastically often quietly degrade as the team gets pulled to other priorities; the backup keeps running but nobody verifies the restore would actually succeed. The subscription model produces sustained attention because the operational responsibility is contracted rather than dependent on internal bandwidth. Second: restore drills require expertise that does not get exercised in normal operations. A monthly drill that successfully restores backups into a test environment catches issues (PostgreSQL version mismatches, missing extensions, file permission problems, encryption key access issues) that would only otherwise surface during a real incident. The drill expertise grows over time with each iteration; running drills once a year in-house produces less reliable outcomes than running them monthly with continuous learning. Third: incident response benefits from operational continuity. A backup failure alert at 3am gets handled by an on-call rotation with documented procedures rather than by whoever happens to be available; restore assistance during a real incident benefits from the team that built the backup infrastructure handling the restore versus someone discovering the procedures for the first time under pressure.
Once per calendar month, we restore your backups into a separate test environment (not production), measure actual restore performance, and document outcomes. The drill cadence: scheduled for the third week of each month to allow week-1 backup completion verification before drill begins; runs against the most recent full backup plus WAL replay to a specific test target time (varied each month so we drill different recovery points across the year); restores PostgreSQL, MailWizz state, PowerMTA configuration, and applies suppression log; runs validation queries against the restored database to confirm row counts, schema integrity, and data consistency; measures RTO from drill start to functional system; measures RPO as the data loss between target time and successful restore completion; produces a monthly drill report documenting procedure deviations, time elapsed, validation outcomes, and corrective actions if any. The drill catches the small issues that would compound during a real incident: certificate expiry on the test environment, PostgreSQL extension version drift, network access changes, encryption key access issues. Each catch in the test environment is one less issue during a real recovery.
Documented escalation pattern with response times scaled to severity. Severity 1 (verification failure on hot tier backup, complete backup process failure, encryption key access failure): alert within 1 hour, investigation begins immediately, customer notification within 4 hours, root cause analysis within 24 hours, remediation within 48 hours. Severity 2 (warm tier verification failure, partial backup completion, retention enforcement anomaly): alert within 4 hours, investigation within 8 hours, customer notification within 24 hours, remediation within 5 business days. Severity 3 (cosmetic anomalies, dashboard issues, non-blocking warnings): logged and addressed in the next quarterly review cycle. The escalation pattern matters because most backup failures are not catastrophic but they degrade over time if ignored. A storage allocation slowly filling up takes months to become a problem but the symptoms appear weeks earlier. The verification process surfaces symptoms; the escalation pattern ensures they get addressed before they cascade.
Restore assistance is included in the subscription with response time scaled to incident severity. Severity 1 (production system down, customer-impacting data loss, suspected breach requiring DR action): on-call response within 30 minutes during operating hours, within 2 hours outside operating hours. Severity 2 (operational data issue requiring restore, scheduled DR migration, planned production cutover): response within 4 hours, scheduled within agreed window. Severity 3 (test environment restore, training drill, evidence collection for compliance audit): response within 1 business day, scheduled per customer preference. The restore assistance includes: incident scoping conversation to confirm restore target and scope, restore procedure execution against your specific backup configuration, post-restore validation against documented success criteria, incident timeline documentation suitable for inclusion in your incident response records, debrief covering what worked and what needs improvement in the runbook. Restore assistance is service-bounded to two incidents per calendar year at the standard subscription tier; additional restores or complex multi-component restores can be quoted as one-time engagements.
Annual rotation by default; quarterly rotation available on request for operations with stricter compliance requirements. The mechanism: AES-256-GCM symmetric keys are rotated by generating new keys, re-encrypting recent backups with the new key, retaining old keys for the duration of backup retention so older backups remain decryptable. The rotation is coordinated to avoid simultaneous re-encryption load by phasing across the three retention tiers (hot tier first, warm tier across two weeks, cold tier across one month). Old keys are decommissioned only after all backups encrypted under them have aged out of retention; this means the most recent expired key remains accessible for 365+30 days after rotation to support the longest retention tier. Key storage uses separate infrastructure from backup blob storage with its own access controls and audit logging. Key access events (read, rotate, decommission) are logged and reviewed during the quarterly health report. Quarterly rotation costs EUR 99/month instead of EUR 79/month to cover the additional operational load.
DR Setup is the foundational one-time engagement; BaaS is the ongoing operations layer. The relationship: DR Setup deploys the backup infrastructure with three-tier retention, encryption, dual-region storage, and the initial restore drill that proves the setup works. BaaS subscribes to operating that infrastructure over time. Customers can buy DR Setup alone and operate the backups themselves using the delivered runbooks; the runbooks document every procedure needed. Customers who recognize backup operations as continuous work that benefits from external ownership add BaaS. The typical pattern: DR Setup completes in 10 business days at EUR 1,299 one-time, BaaS begins immediately afterward at EUR 79/month. Many operations underestimate the operational load of running backups in-house, attempt it for 3-6 months, observe degradation, and subscribe to BaaS retrospectively. The retrospective subscription works equally well; the runbook is the same whether the customer operated it themselves first or not.
Yes, several upgrade paths are available. Standard tier EUR 79/month covers monthly drills, annual key rotation, two restore assists per year. Enhanced tier EUR 149/month adds weekly drills, quarterly key rotation, four restore assists per year, plus 30-minute on-call response 24x7. Compliance tier EUR 249/month adds bi-weekly drills, monthly key rotation, unlimited restore assists, plus quarterly compliance evidence packaging suitable for SOC 2 Type II observation window evidence collection. Add-ons available across tiers: additional storage region (EUR 39/month per region beyond default two), extended retention to 7 years for compliance hold (EUR 79/month), restore-to-cloud target (EUR 49/month per target environment), priority on-call routing (EUR 39/month). The tier and add-on combinations let operations match the subscription cost to their actual risk tolerance and compliance load rather than overbuying for unused capacity.
Subscription starts the first business day of the month after confirmation. Prerequisite: Disaster Recovery Setup engagement complete (or in progress with deployment confirmed within 10 business days). Standard tier EUR 79/month, Enhanced EUR 149/month, Compliance EUR 249/month. Monthly billing with no minimum commitment; annual billing offers 10% discount. Tier changes mid-subscription pro-rate.
# Median Telegram response: 12 minutes during operating hours