Veeam Backup,
Canadian-hosted.
Most SMB backups fail when they're actually needed. Backup jobs that stopped running silently, data stored on the same network as the ransomware that just encrypted your primary systems, and recovery procedures that have never been tested. TruPoint manages Veeam on our Canadian private cloud — immutable backups with air-gapped copies, recovery tested on a defined schedule, and monitored 24/7.
Backup that survives ransomware — because it's immutable, tested, and not on your network.
Ransomware encrypts everything it can reach — including backup drives attached to the same network. Immutable backups on isolated Canadian infrastructure can't be reached. Recovery testing proves you can actually restore. Both are table stakes for cyber insurance and both are missing from most SMB backup strategies.
Immutable Backup
Veeam Backup & Replication with immutability flags on all repositories. Ransomware cannot encrypt what it cannot reach, and cannot modify what is locked. Air-gapped copies on TruPoint's isolated Canadian infrastructure.
Disaster Recovery
RPO and RTO defined in your SLA. Veeam replication to secondary TruPoint data centre for geo-redundancy. Documented failover runbooks tested quarterly — not just written and filed away.
Microsoft 365 Backup
Exchange Online, SharePoint, OneDrive, and Teams backed up outside Microsoft's retention policies. Microsoft's native retention is not a backup — data deleted by a user is gone without a third-party backup copy.
Recovery Testing
Scheduled recovery tests run against isolated environments. Written recovery report delivered after each test — the documented evidence your cyber insurer's questionnaire asks for and your ISMS requires.
From untested backup to verified, monitored resilience in four phases.
A structured backup engagement that replaces ad-hoc backup jobs with immutable, tested, and monitored protection for every workload that matters.
Scope
Define backup scope — physical servers, VMs, cloud workloads, Microsoft 365. Set RPO and RTO targets per system tier. Map data classifications for backup frequency and retention requirements.
Deploy
Veeam infrastructure provisioned on TruPoint Canadian private cloud. Backup jobs configured for all in-scope systems. Immutability and air-gap settings applied to all repositories. M365 backup enabled.
Test
First recovery test run before going live. Restore validated from each backup type — VM, file, M365. Written recovery report issued and filed in TruCompliance ISMS evidence library.
Operate
TruPoint SOC monitors backup job success and failure 24/7. Failed jobs trigger immediate investigation. Monthly backup summary in TAM review. Quarterly recovery test run and documented on schedule.
A backup that has never been tested is not a backup. It's a hope.
Cyber insurers now require documented, tested backup procedures — not just confirmation that a backup tool is installed. "We have Veeam running" is not the same as "we restored from backup successfully on this date and have documentation." The difference between those two answers is the difference between a covered claim and a denied one.
- Immutable backups — ransomware cannot encrypt or delete them
- Air-gapped copies on isolated Canadian infrastructure
- M365 backup independent of Microsoft's retention policies
- Quarterly recovery testing with written documentation
- 24/7 SOC monitoring — silent failures caught before they matter
"Our backup had been failing silently for four months. TruPoint's SOC flagged it in the first week. If ransomware hit before they caught it, we would have had nothing to restore from.
Where Veeam fits in the TruPoint stack.
TruPoint Private Cloud
Canadian private cloud — geo-redundant infrastructure hosting all Veeam backup repositories, air-gapped from your production environment.
TruCompliance™
Veeam recovery test reports and backup compliance data feed the ISMS evidence library — required documentation for cyber insurance and SOC II audits.
TruWorkspace Zero Trust™
Zero Trust reduces the blast radius — but immutable backup is the final recovery layer if an incident does occur despite the controls.
A 30-min backup readiness review.
We'll review your current backup configuration, identify immutability and testing gaps, and show you what a tested, documented backup posture looks like.