Alright boys and girls, time to put your pencils down – we are taking a TEST! These may have been some of the scariest words you have ever had to hear. Personally, I will be thrilled if I never have to take another test and I know very few people who look forward to doing so.
However, I feel very differently about a Business Continuity Plan (BCP) test. It’s a test you really can’t fail. Essentially, the fact that you are completing the test is a victory in itself. If your company has gone through the process of creating a BCP and you’re not testing it, then more than likely you have a plan that will not work how you intended. So, what was the point of creating it in the first place?
Tests come in a few shapes and sizes as you will see below. It is up to you and your organization to determine which test you want to use and who should be involved:
Plan Review – This test is normally a higher-level overview that involves team leads and executive level management to ensure that the proper business functions are covered, responsibilities are assigned and are unchanged, and to discuss potential improvements or changes
Tabletop Exercise / Structured Walk-Through Test – This test will include critical personnel that are involved in the plan. It’s more of a discussion, based on scenarios that would cause the BCP to be activated. Each team will provide responses to the scenarios and walk through the procedures their team will follow during an event
Walk-Through Drill / Simulation Test – This test will be more of an active event of recovery functions such as a restore of backups and verification that redundant systems are operating as expected. This test will include a wider range of personnel that have a role in the BCP, as well as include actual notification of team members and staff in accordance with the plan
Functional / Full Recovery Test – This test should be as close to a real-life disaster as possible. This test will run in parallel to the primary system or as a fail-over where you shift operations to the backup environment
Once you’ve tested your Business Continuity Plan, it’s recommended that you formally document the results of that test. These results should be shared with those involved in the BCP and allow for their input. We all have pieces that we find most important – for me it’s “Lessons Learned”. When working with companies of any size, I find myself focusing on the lessons learned from their BCP test. What did you learn during your test? What did you do with that information? Hopefully you used that information to improve your plan!
The whole point of conducting a test is to ensure your plan fits your organization’s needs and limits the impact of a disruption to critical business functions and processes. It’s vital that your test helps you continuously improve your plan and allows all personnel involved to be fully trained on how you need it to operate. Compass IT Compliance’s Business Continuity Planning Service uses a phased approach to help your organization develop a methodical, systematical program based on your organization's specific needs to recover faster and comply with regulatory requirements. Contact us today to learn more!