> I ponder what the ICO would do?
Expect you to use a service provider who was willing to offer UK GDPR compliance, I imagine. But I am not aware of any enforcement action for simply not having a data processing agreement in place.
☻
You might also document your approach to backups, and how you would continue to operate if the processor ceased to exist (i.e. an availability issue) or deleted some or all of your stored files (an integrity issue).