Business Continuity NewsBriefs - August 7, 2019
These NewsBriefs are produced and delivered regularly by Attainium to keep our friends and clients current on topics relating to Business Continuity, Disaster Recovery and Crisis Management.

Testing... Are you doing it?

August 7, 2019 - If you're not testing your Business Continuity Plan, hopefully you're working on it. Once you have your plan, you need to see if it will work as you think it will. Better to find out now that someone in a key role will freak out than wait until that individual does so in a crisis. Or, if there are a couple of steps missing, wouldn't it be better to find out now that in a critical situation? Silly question, right? Testing/exercising your plan will help you determine if your plan might be successful, but even any failures will teach you something.

"Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous." 
-- James Bach --

1. Test the Plan, Plan the Test -- Why Successful Business Continuity Plans Are Put into Action Before a Crisis

A business continuity plan provides your company with the roadmap to navigate a major business disruption, including a natural disaster or large-scale emergency. However, having a plan in place is only the first step; the plan also needs to be continuously monitored and tested for gaps or obstacles.

2. Operational Testing Your Recovery Plan

How well do you really know your plan? Chances are you really don't know if your recovery plan is going to work until you test it. Because no matter how good you are at determining requirements and developing plans, no one gets everything 100% right coming out of the gate. Interdependencies, data flows... if you do map everything correctly the first time, take that extended vacation---you've earned it.

3. Disaster recovery testing: how to get it right

Having a solid disaster recovery (DR) strategy in place is imperative -- but if you don't test it regularly, you still risk your business being hit hard if ransomware strikes or if there is a system outage. The purpose of IT disaster recovery testing is to pinpoint and fix any flaws in your DR plan well before you find yourself in a real disaster scenario.

4. Why testing and exercising are essential for an effective business continuity programme: BUT what exactly are you testing or exercising?

No one disagrees that you need to validate your plans, and that testing and exercising are key parts of that process. However, in my experience, too many people just look to ensure the plans they have written down will actually do what they say. In actual fact the real question is 'do the plans do what is needed to protect the organization's primary goals?' Traditionally this has been partially countered by the argument that you write plans for a generic threat (loss of IT, loss of premises, loss of people etc.) whereas you exercise them against a random scenario to see if the theoretical plan will work in reality.

5. Training Your Employee after DR/BC Plan Development

Corporate-wide awareness training has been widely recognized as an important ingredient of an on-going, pro-active approach to disaster preparedness and recovery, crisis management, and business continuity planning and implementation.

6. The Business Continuity Exercise: Where the Rubber Meets the Road

Nearly every business continuity standards and regulatory body recognizes the need for exercises to validate and continually improve continuity plans. Exercising is also one of the most visible activities in which a business continuity practitioner is involved; it's where the rubber meets the road.

Copyright (C) 2019 Attainium Corp - All rights reserved.