Corporations are constantly evolving: developing new services, expanding product portfolios, and fine tuning business processes. These changes create a ripple effect, one that impacts their Business Continuity Plans (BCP). These blueprints are valuable only when they accurately reflect how the organization functions. To fully grasp how well a plan will perform if an emergency arises, a corporation needs to test it periodically. Here are best practices for BCP testing.
Testing is central to creating and preserving a viable recovery plan. It is vital because chances are good that your plan will be put into action someday. Unfortunately, disruptions regularly occur despite corporations’ best efforts. In fact, more than one in every three organizations (34%) experienced a service outage in the last 12 months, according to Uptime Institute.
Good Reasons for Testing
A BCP is a plan to bring the computer infrastructure and associated work items, like desks, back online. Enterprises test their plans for several reasons, starting with practicality. How a company performs during an outage will be determined by the depth and breadth of its BCP. They do not want to discover holes in their frameworks when they put them into action.
In addition, testing your business continuity strategy is required in certain markets. Compliance regulations, like FINRA (Financial Industry Regulatory Authority) and HIPAA (Health Insurance Portability and Accountability Act), mandate that businesses regularly put their recovery plans to the test to ensure that they will indeed work when an outage arises.
Infrequent and non-existent testing puts a business at substantial risk. It is likely that a BCP has holes because organizations constantly change. Employees come and go; services are added or subtracted; and offices are refurbished. To understand your strengths and weaknesses, you need to try and poke holes in your plan and see where it needs to be improved.
Corporations need a plan for the test. They must ensure that staff is comfortable with and understand the recovery process and validate the documented steps to recovery. As a result, staff must be allocated to prepare for and execute the test. Their job is to outline the testing process, identify the required components, and set a proposed timeline. During the exercise, they monitor vital components, evaluate their availability, confirm delivery logistics, and note shortcomings.
Three Testing Options Emerge
The type and depth of the test varies. Three ways to test a BCP (tabletop, walkthrough, and simulation) have evolved.
Table Top exercises test the theoretical ability of the company to respond to an outage. It centers on role playing and is typically done in a control center or a conference room. A facilitator provides the outage scenario. Then, employees brainstorm and outline what steps they would take to solve the problem. The group then identifies the steps that need to be refined.
A Walk-Through goes further. Here, participants go to the various places where they would need to be during downtime and simulate their actions. They make phone calls, drive to backup facilities, and boot new computer systems. The process can be valuable: a company discovers that a phone number to the local service provider needs to be updated.
A Disaster Simulation is the most comprehensive option. Here, the company simulates a problem fully and employees demonstrate the steps needed to get the systems back up and running.
Flunking is Good
Corporations should test their plans regularly; annually is generally considered a good rule of thumb. Organizations need to embrace the test results. If a part of the test fails, it is not a problem but rather an opportunity to improve the process. Identifying systems and procedures that do not work beforehand enables you to rectify them prior to a real outage occurring.
The type of test that companies feel comfortable running varies. Like with most investments, they present companies with a series of trade-offs. The more sophisticated the test, the more time that is used, the more they cost, but the more thorough and effective they are. As a result, they may want to do Walk Through annually and a Disaster Simulation every few years.
A BCP is a blueprint that outlines the steps an enterprise will when an outage occurs. Testing ensures that the framework accurately represents the process. Regular testing drives improvements, enhances predictability, reduces risk, and ensures the plan’s alignment with the ever evolving business. In sum, regular testing enables your organization to mitigate the potential damage stemming from unplanned downtime when it does come.