Acronis Cyber Protect Cloud - Disaster Recovery as a Service (DRaaS)

Move beyond backup with flip-of-a-switch disaster recovery.

Disaster Recovery for us, means providing a turn-key solution that allows you to securely protect your critical workloads and instantly recover your critical applications and data no matter what kind of disaster strikes.


  • Backup-based replication of production environments
  • Unites Disaster Recovery, Backup and next-generation, AI-based anti-malware, antivirus.
  • Instant off-site failover to the cloud recovery site
  • Immutable storage ensure backups cannot be encrypted/deleted by ransomware attacks
  • AES-256 data encryption for data in transit and at rest
  • Protect multiple environments - Physical, Virtual, Cloud.
  • All the tools. One simple interface for managing your Disaster-Recovery
  • Get back into Business faster with Disaster Recovery orchestration runbooks


  • Flexible Recovery Point and Recovery Time Objectives
  • Protects your business against hardware and/or network failures
  • Protects your business against software/patching failures
  • Protects your business against on-premises power outages


£0.10 a gigabyte a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 5 0 6 9 4 6 3 2 6 5 6 5 4 7


Telephone: 07799894781

Service scope

Service constraints
Any Servers being protected by the DRaaS solution must be protected by the Acronis BaaS Solution and the data must be held on Acronis Cloud Storage, not any other cloud or local storage.
System requirements
  • Agent based service running on Microsoft Windows or Linux Servers
  • Customer must have adequate internet bandwidth
  • Customers firewall will need ports open to Acronis Datacentre
  • DR Storage is required as well as Backup storage
  • RPO will depend on the firewall having adequate throughput

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Support is provided through a Contracted Service Agreement. This Agreement is purchased separately to the BaaS solution. Depending on the level of service purchased the period of cover is either 24/7 or Normal hours.

Normal hours for telephone/email support for product related issues from Dataquest are: Monday to Friday 0900-1730 excluding public holidays

Response time are within 1 hour for all services depending on the contracted period of cover
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
All support is co-ordinated by each dedicated customer account manager and levels are agreed on a customer-by-customer basis. A technical account manager or cloud support engineer can be appointed, as requested.
Support available to third parties

Onboarding and offboarding

Getting started
All of Dataquest's managed cloud service contracts start with an initiation meeting, it is at this point that the Customer will be trained on how get started and how to interact with Dataquest 's service desk. This training will take the form of either remote or onsite training dependent on the customer's preference. Documentation will also be provided.
Service documentation
Documentation formats
End-of-contract data extraction
Before the end of a contract is reached the assigned Service Delivery Manager at Dataquest will reach out to the customer to discuss and agree on a contract exit strategy. Part of the agreed strategy will include data extraction and deletion from the Dataquest infrastructure. Furthermore the customer can add change or remove their data at any time with or without Dataquest's input.
End-of-contract process
Where a client chooses to terminate their subscription with Dataquest, we are able to provide support for data extraction and/or migration where reasonable. We will agree a point of service termination with the client when the transition is complete. At this point, our dedicated support and technical teams will cease to provide any services. We will work to ensure that this transition is seamless.

Using the service

Web browser interface
Using the web interface
All the tools are made available through one simple interface
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The Customer will have validated their email login as part of the on-boarding process. Furthermore 2FA will have been enabled on the account, the customer will need to have loaded either Google or Microsoft Authenticator for an access code.

The customer can also access their tenancy through a mobile App that is available for Apple IOS and Android.
Web interface accessibility testing
We have not carried out any testing to date.
What users can and can't do using the API
Platform Core
API automation tools
Other API automation tools
  • Alerts API enables activation, inspection, and removal of alerts.
  • Tasks API enables inspection of the tasks and activities performed
  • Agents API provides information about agents registered in Acronis
  • Resource and Policy Management API enables protection of workload
API documentation
API documentation formats
Command line interface


Scaling available
Independence of resources
Customer environments are isolated and segmented. We use analytic tools that predict when additional resource is likely to be required to remain within the SLA parameters that have been set by the business which is approximately 80% utilisation..

As well as using analytical tools we do not over provision, CPU
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold
Managed Service wrap covering; Backup/restore & integrity check

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Virtual Machines
  • Active Directory
  • SQL
  • Exchange
  • Sharepoint
  • File data
  • Short , Medium and Long Term storage
Backup controls
Users can create there own backup schedule through a web portal. We can provide advice on what retention cycle to follow based on the customer's data protection objectives along with any compliance requirements.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Each service is provided with a guarantee of availability at contract level and sanctions in case of the service availability dropping below guaranteed level.
Approach to resilience
Available on request
Outage reporting
An API, email alerts, SMS

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is restricted through a combination of username and passwords, multifactor authentication, firewalling, IP restrictions, the use of bastion hosts as appropriate.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Standards Institute (BSI)
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Software development
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
A mature security program is in place. Head of Compliance manages the company’s risk through security technologies, auditable work processes, and documented policies and procedures such as; Acceptable Use Policy (AUP), Access Control Policy (ACP), Change Management Policy, Information Security Policy, Incident Response (IR) Policy, Remote Access Policy, Email/Communication Policy, Disaster Recovery Policy, Business Continuity Plan (BCP). These policies are just some of the basic guidelines Dataquest use to build successful security programs.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The key elements of Dataquest's configuration management are:
version control, baseline and release information, audits & review
documented process and build, integrate and deploy scripts.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Evaluated and appropriate measures are taken to address any associated risks; management of technical vulnerabilities, restrictions on software installation, information systems audit controls. In accordance with Dataquest’s ISO 27001 ISMS (technical vulnerability management) testing is carried out at least once annually and when applicable patches to the system are introduced to the main systems, when new network infrastructure or applications are added, if significant upgrades or modifications are applied to infrastructure or applications and end user policies are modified.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
PMCs used to assist Dataquest in the protection of its staff, assets and information and to assist in the investigation of misconduct or criminal activity. Accurate time in logs, recording relating to business traffic crossing a boundary,recording relating to suspicious activity at a boundary,recording of workstation, server or device status, recording relating to suspicious internal network activity,recording relating to network connections,recording of session activity by user and workstation,recording of data backup status,alerting critical events, reporting on the status of the audit system,production of sanitised and statistical management reports and providing a legal framework for protective monitoring activities.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
As part of Dataquest's service operation, incident management aims to manage the lifecycle of all incidents. Our primary objective is to return the IT service to users as quickly as possible. The incident management sub-processes and objectives are aligned to ITIL and ISO 27001:2013 standard. Incident management support, incident logging and categorisation, incident resolution, incident monitoring and escalation, incident closure and evaluation, pro-active user information and incident management reporting.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Each customer's environment is protected via a Next Generation FireWall.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Design PUE of less than 1.3
Highly efficient chilled water cooling system configured
as N+1
Highly efficient UPS systems
DCIM metering and monitoring
Waste heat reuse in communal parts
Advanced cooling design, utilising VIRTUS air
flooded room principle
Free cooling chillers

Social Value

Fighting climate change

Fighting climate change

Dataquest operates an Environmental Management System (EMS) that has gained ISO 14001: 2015 certification. Our EMS is a continual cycle of planning, implementing, reviewing, and improving Dataquest’s processes and actions to meet environmental obligations and objectives. Energy efficiency makes a significant contribution to environmental sustainability and helps us to reduce our operating costs. We monitor our use of key sources of energy (electricity, gas,) with the aim of reducing our carbon emissions.
Covid-19 recovery

Covid-19 recovery

Dataquest continues to follow and update our business continuity plan with a focus on protecting the health and well-being of our colleagues, while keeping the business running, supporting our partners and continuing to provide the best possible service levels. In line with our ISO 27001 Standard, we have a robust disaster recovery and business continuity plan in place. This includes significant investments in technology and infrastructure to ensure we can continue to operate the business in a variety of unforeseen scenarios. We have extensive online collaboration capabilities to help ensure business continuity and we’re working tirelessly to help everyone stay safe while at the same time continuing to serve our customers.
Tackling economic inequality

Tackling economic inequality

Dataquest is committed to tackling economic inequality at root, from creating new businesses and new employment opportunities, to improving education and training, Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.
Equal opportunity

Equal opportunity

Dataquest is an equal opportunities employer and in general would wish to go beyond the strict legal requirements as determined by statute in order to be seen to promote sound and fair management practices and procedures at all times.

It is therefore the Company’s aim to provide equality of opportunities for all employees by providing a working environment free from unlawful discrimination, harassment, bullying or victimisation on the grounds of sex, marital status, sexuality, disability, age, race, colour, ethnic origin, nationality, religious or political beliefs. This principle will equally apply to recruitment, training, promotion, dismissal, transfer and all benefits, terms and conditions of employment.

The Company will not tolerate acts which breach policy and all instances of such behaviour will be taken seriously, be thoroughly investigated and in proven cases, will be subject to the Company’s disciplinary procedures. Policies for recruitment, selection, training, development and promotion are designed to ensure that individuals are selected, promoted and otherwise treated solely on the basis of their relevant aptitudes, skills and abilities.


We encourage vitality, a healthy quality of life, and a positive working environment in which people thrive. Our priority is to be proactive, so employees can gain awareness, education, and support to successfully function at work and at home, free from factors which may negatively impact upon their health.


£0.10 a gigabyte a month
Discount for educational organisations
Free trial available
Description of free trial
The trial encompasses a fully functional suite of Acronis Cyber Protect Cloud services. The trial will initially run for up to 30 days.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.