Testing, Training, and Exercising
April 26, 2017 - How often do you exercise your business continuity plan? Have you ever done so? Most experts recommend testing and exercising (if you read Item #5 you'll see what the difference is) at least once per year for the entire plan. If you're not doing that, here's a question for you: What will you do if any part of the plan doesn't work as conceived? Will your people have the ability and confidence to go with the flow and work their way past the broken parts? The only way to know is to try out the plan and see what happens. You'll find help in this issue.
This is a transcript of one section of CERT's podcast series on Security for Business Leaders. This section discusses a process, an effective process in use for training and awareness, and the role that this plays particularly for business continuity and operational resiliency.
If you'd rather listen to the podcast the link is below.
Employees are often unaware of the existence of a business continuity management program within their organization and if they are aware of it, they may not be aware of their specific role within the business continuity effort. As a result, the time and resources invested in the planning effort are often wasted. So why do organizations continue to place business continuity training and awareness raising at the end of a long list of priorities? Managers often believe that the costs associated with training development and delivery exceeds the benefit.
Even the best plans fall apart without proper implementation. Success in plan execution increases exponentially with testing. Consider testing your Business Continuity Plan annually at a minimum so that all employees and stakeholders are knowledgeable and primed for continuity measures in case of an emergency. Here are suggestions for three (3) things you can consistently do to ensure your Business Continuity Plan is tested and your organization is better prepared should disaster strike.
Without a solid drill plan in place, the business continuity team can never provide the needed assurance that organizations' critical services will be available at all times. With periodic drills you could ascertain how effective each component of the business continuity plan is and identify gaps needed to be addressed. With today's growing system dependencies, it becomes an increasingly difficult task to verify the business continuity drills are effectively productive. That would mean business continuity drills are conducted methodically to touch each service, its dependencies, and the gaps identified in these drills are not only addressed but also re-tested, in a drill, to determine their effectiveness.
In the past, I have mostly referred to the activity in which participants are assembled to work through a simulated business continuity event in order to determine their familiarity with the plan, its completeness, and perform their individual roles to recover from a given scenario as a business continuity plan test. Sometimes I have interchangeably used the term 'exercise' or 'simulation' instead of 'test'. There are several reasons, why I am modifying my behavior to use 'exercise' and suggest that if you are involved in business continuity management, you do so as well.
"Why bother to conduct an exercise?" Some people say, "All the information we need is in the plan. All we need to do is follow it, right?" Well… no. This type of attitude is based on three assumptions that, to quote the old song, "ain't necessarily so." Things happen and businesses need to be prepared. Part of being prepared is exercising the plan annually.
Copyright (C) 2017 Attainium Corp - All rights reserved.