Whether it’s a business continuity, emergency, IT disaster recovery, or a pandemic plan, testing and exercising these plans is critical to ensure an effective, timely, and coordinated response. Without validating business continuity plans, management, business unit and IT recovery teams are essentially running blind and potentially place recovery of mission critical business functions at risk. To ensure plans are fully developed and viable, organizations need to implement a complete testing and exercise program.
Establishing a testing and exercise program within the organization reduces the risk of failed recovery and has many benefits. Testing and exercising:
For most organization’s a key challenge is to adequately and thoroughly test and exercise recovery procedures and various plan components and capabilities including communications, escalations, team mobilization, and business process and IT systems and application recovery. To overcome this challenge, organizations need to follow a consistent method of testing plans and exercising team response. Plan testing is periodically conducted and follows several key phases.
- Ensures management and recovery teams are trained to perform recovery operations;
- Ensures changes in business operations, people, IT systems, and infrastructure are reflected in business continuity plans;
- Ensures senior management undertakes due diligence and duty of care under their company contracts and service level agreements with third parties and to stakeholders and employees;
- Identifies plan gaps and weakness by testing plans assumptions and solutions;
- Validates plan components, recovery requirements, and recovery strategies; and
- Helps to develop a culture whereby recovery teams regularly exercise plans.
Exercise Planning is a key phase that involves a series of meetings with the senior management, business unit recovery team and IT recovery team. The objective is to organize and prepare a test plan and formulate test requirements such as test objectives, test method, scenario, who will be involved in the test, time and duration of the test, and components of plans to be tested. During this phase, it is important to obtain senior management commitment and resource funding.
The Exercise Logistics phase helps to ensure a smooth test flow, test timeline, and that proper preparation are made for the test. Key internal and external participants and stakeholders are briefed on the test plan, exercise equipment and resources required are procured, and test activities and tasks are reviewed. Participants may include offsite storage providers, offsite recovery providers of office workspace and IT systems and applications.
This phase involves execution of the test plan, activation of an organization’s emergency operations center, and monitoring and assessment of the test by the test organizer. Some assessment related questions to ask during the test are:
- Was the response as expected?
- Did escalations to higher levels of management occur and in a timely manner?
- Were key members of the recovery team contacted?
- How were communications handled?
- Was the decision-making process satisfactory?
- Did team members understand their roles?
- Was the recovery documentation adequate?
Results Summary and Updates
This phase includes a summary of test results for management and participants of the test and with key findings during the test. Lessons learned are documented and notes taken during the test should be kept and participants are asked to complete a test assessment form to provide test feedback. During this phase, various updates and revisions to plans are completed to eliminate gaps and weaknesses.
To learn more about our testing and exercise program services, contact us at 905-407-3133 or email at firstname.lastname@example.org