Scope note: a "backup job completed successfully" notification is not evidence of recoverability. This checklist
verifies that backups are actually restorable, protected from the same compromise that could take out production
(ransomware, deleted admin accounts), and that recovery time is known rather than assumed. Governance items — vendor
contracts, formal continuity policy sign-off — stay in the GRC platform (Probo); this is the technical proof layer.
A.8.13 ISO 27001 Annex A control referenceBeyond ISO baseline — stricter recommended control