I contributed to a Disaster Recovery and Backup Strategy Assessment for a provincial government workers' safety agency. The engagement assessed the current state of the client's DR and backup environment, produced a DR Maturity Scorecard, evaluated multiple backup and DR options including SaaS-native DR approaches, and delivered an Observations and Recommendations report. The engagement concluded with an executed SOW.
The assessment surfaced significant gaps: the DB2 environment was not being successfully replicated (operating as a single point of failure), DR procedures had never been fully end-to-end tested including SaaS dependencies, and budget planning for DR had been driven by IT infrastructure needs rather than business recovery objectives. The SaaS DR options analysis addressed the growing footprint of Microsoft 365 and Dynamics 365 CRM workloads requiring cloud-to-cloud backup coverage beyond the vendor SLA.
DB2 database environment is not being successfully replicated and operates as a single non-redundant server. Testing of DB2 backups requires a high degree of engineering effort ("heroics") to complete successfully. DB2 is deeply integrated within the agency's applications and data environment — a failure here represents the highest-impact single point of failure in the estate. The environment was migrated from a mainframe to DB2 on Windows, a decision made at the management level without IT input.
DR procedures have never been "fully" tested end-to-end. Testing has centered on on-premises workloads only; external data sources and SaaS environments have not been included in DR recovery exercises. Retention policies were modified in 2016 to exclude non-production workloads — requiring complete rebuilds of Dev and Test environments from scratch after any recovery event.
Budget planning for DR has been primarily driven by IT infrastructure requirements, not aligned to business recovery objectives or SLAs. An external auditor performs an annual IT environment review in compliance with Internal Audit & Risk and government requirements — but DR gaps have persisted across audit cycles.
Business units have unrealistic expectations about backup and DR capabilities — requesting restores outside the normal function. Various business units run batch jobs and data moves in the same maintenance window as backup processes, creating version inconsistencies that extend recovery time objectives (affects RTO/RPO).
Microsoft SaaS Platform (O365 / Dynamics 365)
- Office 365 (Exchange, OneDrive, SharePoint): Microsoft SLA covers geo-redundant replication but does not cover accidental deletions, misconfigurations, human error, or customer-side breaches
- Exchange: 14 days of recoverable data via Microsoft Support; full mailbox restores only — no individual item recovery
- OneDrive and SharePoint: 93-day Recycle Bin retention (plus configurable versioning)
- Dynamics 365 CRM: Microsoft SaaS SLA — customer responsible for business data retention beyond Microsoft defaults
Recommended SaaS DR Approach
- Leverage vendor SLA and included DR capabilities for the application layer — no additional infrastructure required
- Implement 3rd-party cloud-to-cloud backup for business data residing in the SaaS tenancy — custom retention, business rules, and recovery beyond Microsoft defaults
- Production DR backups: 28-day retention; Dev/Test: 7-day retention under Microsoft automated system backups
- Microsoft "Shared Responsibility Model" clarification documented — distinguishing Microsoft obligations vs. customer obligations for data recovery
The DR Maturity Scorecard assessed the organization across five maturity levels (Adhoc, Repeatable, and beyond) for each dimension of the DR program. Scores were driven by the findings across the four categories: Policies/Procedures, Decision Making/Governance, Organization/Business Units, and Technical. The scorecard quantified the gap between current state maturity and target state, providing a prioritized improvement roadmap with numeric scoring per dimension.
Dimensions Assessed
- DR policy documentation and review cadence
- DR test frequency and scope (on-premises and SaaS coverage)
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO) definition and validation
- Business continuity alignment — IT DR objectives tied to business SLAs
- Governance: budget, audit, and executive sponsorship for DR program
Maturity Score Findings
- Overall maturity between Adhoc and Repeatable across most dimensions — no Defined or Managed capabilities identified
- DB2 replication gap is a blocking issue for achieving even Repeatable DR maturity in the technical dimension
- SaaS DR coverage is a significant gap — no cloud-to-cloud backup for O365 or Dynamics 365
- Target state roadmap: move to Defined maturity within 12 months, with DB2 replication and SaaS backup as the first two remediation priorities
DR Maturity Scorecard
Built the DR Maturity Scorecard — quantifying current state maturity across all dimensions, driving the scoring from discovery interview findings, and establishing numeric targets for the improvement roadmap.
Data Collection & Discovery
Led the data collection and documentation request phase — gathering infrastructure details, backup configurations, retention policies, and DR test history from IT and business unit stakeholders.
Backup & DR Options Analysis
Produced the Backup-DR Options analysis — evaluating on-premises, SaaS-native, and cloud backup scenarios with pros/cons, cost considerations, and implementation complexity for each option.
Observations & Recommendations
Authored the Observations and Recommendations report — four-category gap findings (Policies, Governance, Org/Business Units, Technical) with structured recommendations for each observation.
SOW Execution
Scoped and drove the DR and Backup Strategy Assessment SOW to signature — defining scope boundaries, deliverables, milestones, and assumptions for the assessment engagement.
| Deliverable | Description | Format |
|---|---|---|
| DR Maturity Scorecard | Scored DR maturity assessment across all dimensions — current state scores, maturity level ratings (Adhoc to Optimizing), and target state roadmap | XLSX |
| Backup-DR Options Analysis | Multi-scenario options analysis — SaaS DR (O365/Dynamics), on-premises backup, and hybrid approaches with pros/cons and implementation guidance | PPTX |
| Observations & Recommendations | Four-category gap findings report (Policies, Governance, Org/Business, Technical) with structured recommendations per observation | PPTX |
| WSBC DR Assessment Document | Full DR and backup assessment narrative — environment overview, findings, and strategic recommendations | DOCX |
| DR Options Workbook | Detailed DR options modeling workbook with scenario analysis and cost comparison inputs | XLSX ×2 |
| Documentation Request | Structured data collection request used to gather backup configs, retention policies, RTO/RPO definitions, and test history from the client | DOCX |
| DR & Backup Assessment SOW | Executed engagement SOW — scope, deliverables, milestones, and timeline for the assessment | PDF Executed |