Home Compliance & Certification Physical Hard Disk Backup Guide

Physical Hard Disk Backup Guide

Last updated on Sep 23, 2025

1. Purpose of this Guide

This artefact proves your organisation keeps a physical copy of cloud data on hard disks. Cyber Essentials requires this because cloud providers operate on a “shared responsibility model”: they protect their platform, but you’re responsible for your own data. Maintaining physical backups ensures your critical cloud-hosted data can be recovered even if the provider’s backups fail.

2. What You Will Submit

You will need:

  • screenshot or photo showing cloud data being backed up to a physical hard disk (USB, NAS, or external drive).

  • Evidence should show:

    • The backup software or export tool in use.

    • Destination drive (external HDD/NAS).

    • Timestamp or job history proving recent backups.

3. How to Collect / Obtain / Generate This Evidence

Microsoft 365 / SharePoint / OneDrive:

  1. Use the OneDrive/SharePoint sync client to download files to a local drive.

  2. Connect an external HDD or NAS.

  3. Run a copy/export job (e.g. robocopy or sync tool).

  4. Screenshot the file explorer view showing business-critical folders saved to the external drive.

Google Workspace (Google Drive):

  1. Use Google Drive for Desktop to sync data locally.

  2. Connect an external HDD.

  3. Copy the synced folders to the drive.

  4. Screenshot the copy process or the final drive contents with recent timestamps.

AWS / Cloud databases (e.g. RDS, S3):

  1. Export snapshots or object storage data locally.

  2. Save them to an encrypted external disk.

  3. Screenshot the backup job report showing data written to the physical storage device.

Backup tools (Acronis, Veeam, Synology, etc.):

  • Show the backup console with the external HDD/NAS as a target.

  • Screenshot the schedule and last completed backup status.

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_PhysicalBackup_YYYY-MM-DD.png

5. What “Good” Looks Like

  • Screenshot or photo clearly shows:

    • External hard disk/NAS target.

    • Backup schedule or completion log.

    • Timestamp (to prove backups are current).

  • Links the cloud data source (e.g. SharePoint, Google Drive, AWS) to the physical disk storage.

Why it matters: auditors want to confirm you can recover from a cloud outage without depending solely on the CSP’s internal backups.

6. Tips

  • Encrypt the external drive and store it securely (locked cabinet or offsite).

  • Keep at least two rotating drives — one in use, one stored offsite.

  • Redact any sensitive filenames before uploading screenshots.