View in browser | Unsubscribe

Once you have a disaster plan in place, does senior management tend to forget about it? Has your plan ever been tested? Are people trained in how to respond and use the plan? Unless you want to be relying on that plan for the first time in a real disaster, you should consider testing it and making sure it works. This week's articles can help you figure out how to do that.

The importance of practicing a plan cannot be overemphasized. (Item #1) About 100 percent of the time the recovery configuration didn't match the production environment that was being recovered. (Item #2) You may have a disaster plan in place, but you won't know how effective it is - or if it works at all - until you put it into practice. (Item #3)

Don't make the mistake of creating a paper-only security response plan just to satisfy regulatory requirements. (Item #4) Here are six tips and three scenarios to get you started on conducting a tabletop exercise. (Item #5) Hurricane Gustav gave some LA universities the chance to put their post-Katrina plans to the test. (Item #6)

As always, we look forward to hearing about your concerns with regards to business continuity. If you have a topic you'd like to see covered, please email me at [email protected]

Best Regards,

Bob Mellinger
President
Attainium Corp

Quote of the Week

"Awareness, education and testing are the basic components of effective planning."
-- Anonymous --

Articles

1. Practice and Maintenance
Practice does make a difference. In 1993, during the World Trade Center bombing, a woman could not discern how to leave the building until two co-workers came by and reminded her about the evacuation chair under her desk. Human factor studies support the idea of practice: people tend to come and go from the same place using the same route.
http://www.dol.gov/odep/pubs/ep/preparing/practice.htm

2. The Problem with How Most People Test Their Recovery Capability
Over more than 20 years, the author has participated directly in, overseen, or audited hundreds if not thousands of tests for customers, including those many of you reading this article have conducted. Combine that with the tens of thousands of tests vendors have supported, and there is a tremendous base of information on the approach to testing and the success people have.
http://www.continuityinsights.com/Magazine/Issue_Archives/2007/05-06/trends.html

3. Put Your Disaster Plan to the Test
The problem with disasters is that you never know when they're going to happen. Today? Tomorrow? Next year? Never? The only way to deal with them is to prepare for them. Establishing an in-case-of-emergency plan is a necessary first step; once your plan is in place, you've got to put it to the test.
http://www.buildings.com/articles/detail.aspx?contentID=5738

4. Test your security incident response plan
When was the last time you tested your organization's security incident response plan? All the response plans in the world -- however effective they may be -- won't do your organization any good if the plan doesn't work.
http://articles.techrepublic.com.com/5100-10878_11-6173748.html

5. Tabletop Exercises: Three Sample Scenarios
A tabletop exercise is a great way to get business continuity plans off the written page without the interruption of a full-scale drill. Rather than actually simulating a disaster, the crisis management group gathers for three hours to talk through a simulated disaster.
http://csoonline.com/article/221132/Tabletop_Exercises_Three_Sample_Scenarios

6. In Gustav's Wake, Disaster Plans Are Tested
No one wants to test their disaster plans in a real disaster, but Tulane University and other Louisiana colleges did just that - read about their experience.
http://www.insidehighered.com/news/2008/09/03/gustav