Databack - Récupération de données
Request a quote
THE BLOG

Tape backup restoration test for DORA compliance

The DORA (Digital Operational Resilience Act) regulation requires many regulated entities (banks, insurance companies, asset managers, but also critical IT service providers) to demonstrate their ability to restore critical data quickly and efficiently. This requirement is not limited to the presence of backups: it imposes concrete proof that these are accessible, verified and usable in a crisis scenario.

While first-level backups, often stored on disk or in the cloud, are regularly subject to restoration tests, “ultimate” backups on tape, stored cold, very often remain outside the scope of validation. Yet it is precisely these data sets that we hope to recover as a last resort, when the others have been compromised.

Resilience testing: meeting DORA’s expectations

DORA changes all this: it explicitly requires that all media, including offline tapes, be regularly tested. The feedback we have gathered shows that, in a disaster context, these backup restorations are often hampered by several factors:

  • Unavailability or obsolescence of reading equipment (LTO (Linear Tape-Open) readers not maintained),
  • No backup catalog, often hosted in production and destroyed during the attack,
  • Difficulty in quickly reassembling a VM to restore data (VEEAM).

It is in this context that DATABACK is regularly called upon to carry out tape restoration test operations, with a dual objective: to verify the effective usability of cold-stored data, and to produce deliverables directly usable in a DORA compliance audit.

Objective: audit actual backup restoration capacity

As part of our support services, we regularly work with organizations wishing to validate their ability to restore critical data from archived tape backups, often considered the “ultimate backup”. These tests are generally triggered forDORA compliance purposes, toupdate their DRP (Disaster Recovery Plan), or as an independent verification of their resilience.

The aim is clear: to prove that, in the event of total loss of the information system, reliable restoration is still possible, even in the absence of the usual tools (production infrastructure, backup catalog, original virtualized environment).

To do this, we apply a standardized method:

Each step is measured, timed and documented to provide a complete report and feed into the ARP update.

This restoration test not only verifies the cold operability of data, but also provides concrete elements for revising the DRP and establishing realistic recovery times. It is also a lever for direct compliance with DORA requirements, which impose regular resilience tests on all media, including off-line archives.

Feedback: between operational contingencies and rigorous methodology

Tape restoration tests often come with their share of surprises, even in environments that are generally under control. Our work has revealed a number of recurring bottlenecks that can lengthen recovery times if not anticipated.

One of the most frequent difficulties is the mobilization of tapes. Coordination with IT teams and third-party archivers is a key success factor.

Without an up-to-date, outsourced backup catalog, restoration becomes a blind exercise. Its absence or unavailability in a crisis situation considerably lengthens recovery times and multiplies the risk of errors, regardless of the context of the exercise.

Restoration test methodology

In response to these constraints, DATABACK has implemented a methodical, three-stage approach:

1- Build & setup phase

Upstream, we analyze the customer’s technical context: format of backups, tools used, logistical constraints, type of games to be tested. In addition to the restoration mechanics, we also provide general advice on the process. This step enables us to prepare the test infrastructure and precisely define the scope of the test to come.

2- Performing the restoration test

Once the tapes have been collected, they are restored in an isolated environment, without interfering with the customer’s IS. This process is fully instrumented: every step is timed, and every anomaly is documented.

3- Compliance report

A full report is delivered to the customer, including observed RTO/RPO metrics, restored volumes, any failures observed, and concrete recommendations for improving recovery scenarios. This report is produced at a frequency defined with the customer (annually or quarterly) according to the level of regulatory or business requirement.

DATABACK approach: what you’ll never see in your supervision tools

The first restoration tests we carried out on cold tapes revealed significant discrepancies between theoretical recovery assumptions and the reality on the ground. These discrepancies, although rarely visible in backup tool dashboards, can have direct consequences in the event of a disaster.

Logistics and RTO: a gap that is often underestimated

One of the major lessons learned concerns the adjustment of RTO (Recovery Time Objective), which is often underestimated. In addition to technical restoration time, recovery time must now include :

  • The time required to trigger the restoration request (coordination with in-house teams and/or the third-party archiver),
  • Logistical delays linked to the physical availability of the tapes,
  • The time needed to prepare the test or recovery environment.

This logistical chaining, rarely taken into account in initial scenarios, can double or even triple the timescales envisaged, particularly if media are outsourced or if the restoration infrastructure has to be rebuilt urgently.

Corrupted increment: a typical restoration test case

Another concrete case observed during a test: the detection of a partially corrupted backup increment. This anomaly, undetected by the backup tools used, could have gone unnoticed until an actual restore attempt. Its discovery during the test enabled us to reject this set as the basis for recovery, and to adjust the perimeter of data considered reliable.

Backup catalog: an often overlooked link

Finally, another point that is often underestimated, yet central to the success of a restoration test, is the status and availability of the backup catalog. This repository, which enables precise identification of tape content, date, structure and business utility, directly conditions the speed and reliability of any recovery operation.

For tests to be realistic and exploitable, it is imperative that the catalog is complete, up-to-date and accessible outside production environments. In many cases, however, it is hosted on the same infrastructures as the main IS. In a real crisis situation, particularly after a compromise or loss of access, rebuilding the catalog becomes an essential preliminary step, and a source of delay.

An unusable catalog forces teams to navigate blindly through dozens of tapes, multiplying the number of manual manipulations. That’s why we systematically include a catalog check in our preparation phase, and encourage our customers to outsource or replicate this key component in a secure space, independent of production and conventional backups.

This feedback illustrates the operational usefulness of the recovery test: not only does it validate the technical chain, but it also highlights the blind spots in the recovery plan, those that appear neither in the policies nor in the dashboards, but only in the real world.

Conclusion: restoration is proof

As Samuel Durand, Technical Director at DATABACK, regularly reminds us, A backup without a restore test is just an illusion of security. You need to be able to find them, read them, understand them and, above all, restore them on time.

Testing your restorations means taking stock of your blind spots, revealing the gaps hidden behind theoretical procedures. It’s also an exercise in governance, at the crossroads of IT, compliance and business.

This approach must become a reflex: it cannot be improvised at the time of a disaster. That’s why we support our customers with recurring resilience tests, documented and validated by end-users.

And while tape remains one of the most reliable media for the ultimate backup, it still has to be truly offline. We have intervened in cases where the attacker, having compromised the supervision environment, methodically took control of the tape robot to erase each cartridge, one by one. Physically disconnecting media remains a minimum requirement to guarantee their integrity.

When it comes to backup, the only valid proof is successful restoration.

Article rédigé par

23 June 2025
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin