Business Continuity NewsBriefs - April 26, 2017
These NewsBriefs are produced and delivered weekly by Attainium to keep our friends and clients current on topics relating to Business Continuity, Disaster Recovery and Crisis Management.

Testing, Training, and Exercising

April 26, 2017 - How often do you exercise your business continuity plan? Have you ever done so? Most experts recommend testing and exercising (if you read Item #5 you'll see what the difference is) at least once per year for the entire plan. If you're not doing that, here's a question for you: What will you do if any part of the plan doesn't work as conceived? Will your people have the ability and confidence to go with the flow and work their way past the broken parts? The only way to know is to try out the plan and see what happens. You'll find help in this issue.

"No matter how long you train someone to be brave, you never know if they are or not until something real happens." 
-- Veronica Roth, Insurgent --

1. Train for the Unexpected

This is a transcript of one section of CERT's podcast series on Security for Business Leaders. This section discusses a process, an effective process in use for training and awareness, and the role that this plays particularly for business continuity and operational resiliency.
If you'd rather listen to the podcast the link is below.

2. Designing a business continuity training program to maximize value and minimize cost

Employees are often unaware of the existence of a business continuity management program within their organization and if they are aware of it, they may not be aware of their specific role within the business continuity effort. As a result, the time and resources invested in the planning effort are often wasted. So why do organizations continue to place business continuity training and awareness raising at the end of a long list of priorities? Managers often believe that the costs associated with training development and delivery exceeds the benefit.

3. Three Ways to Test Your Business Continuity Plan

Even the best plans fall apart without proper implementation. Success in plan execution increases exponentially with testing. Consider testing your Business Continuity Plan annually at a minimum so that all employees and stakeholders are knowledgeable and primed for continuity measures in case of an emergency. Here are suggestions for three (3) things you can consistently do to ensure your Business Continuity Plan is tested and your organization is better prepared should disaster strike.

4. Strengthening the Business Continuity Process with Methodical Drills

Without a solid drill plan in place, the business continuity team can never provide the needed assurance that organizations' critical services will be available at all times. With periodic drills you could ascertain how effective each component of the business continuity plan is and identify gaps needed to be addressed. With today's growing system dependencies, it becomes an increasingly difficult task to verify the business continuity drills are effectively productive. That would mean business continuity drills are conducted methodically to touch each service, its dependencies, and the gaps identified in these drills are not only addressed but also re-tested, in a drill, to determine their effectiveness.

5. Words matter: why use 'exercise' instead of 'test'?

In the past, I have mostly referred to the activity in which participants are assembled to work through a simulated business continuity event in order to determine their familiarity with the plan, its completeness, and perform their individual roles to recover from a given scenario as a business continuity plan test. Sometimes I have interchangeably used the term 'exercise' or 'simulation' instead of 'test'. There are several reasons, why I am modifying my behavior to use 'exercise' and suggest that if you are involved in business continuity management, you do so as well.

6. Exercise is good for you and for your Business Continuity Plan

"Why bother to conduct an exercise?" Some people say, "All the information we need is in the plan. All we need to do is follow it, right?" Well… no. This type of attitude is based on three assumptions that, to quote the old song, "ain't necessarily so." Things happen and businesses need to be prepared. Part of being prepared is exercising the plan annually.

Copyright (C) 2017 Attainium Corp - All rights reserved.