Business continuity testing templates: A free download and guide

Business continuity (BC) and disaster recovery (DR) plans are useless until you test them. Fortunately, many types of tests are possible, ranging from simple to very complex. The key to business continuity testing success is to incorporate testing as part of the overall business continuity/disaster recovery management process.

But testing can be a major challenge to many organizations. They require management support, time for preparation and execution, funding, careful planning and a structured process from pre-test through test and post-test evaluation.

SearchDisasterRecovery.com has created a business continuity testing template and guide to show you how to build and execute your test. In this guide, you will learn how to conduct a business continuity test, who should be included and how to develop a successful BC/DR testing strategy.

Free download: SearchDisasterRecovery's business continuity test template

Business continuity and disaster recovery testing template: Table of contents

An introduction to business continuity testing
Using our business continuity test template
Business continuity testing terms
Effective business continuity/disaster recovery testing strategies

AN INTRODUCTION TO BUSINESS CONTINUITY TESTING

Three fundamental test types are used in business continuity testing: the plan review, tabletop test, and simulation test. Let's examine each briefly:

• In a plan review, the business continuity/disaster recovery plan owner and business continuity/disaster recovery team discuss the BC/DR plan. They examine the plan document in detail, looking for missing plan elements and inconsistencies.
• In a tabletop test, participants gather in a room to walk through plan activities step-by-step. Tabletop exercises can effectively demonstrate whether team members know their duties in an emergency. Documentation errors, missing information and inconsistencies across business continuity management (BCM) plans can be identified.
• To determine if BCM procedures and resources work in a more realistic situation, a simulation test is desirable. It uses established business continuity resources, such as recovery sites, backup systems, and other specialized services. Teams may be sent to alternate sites to restart technology as well as business functions. Simulations may also uncover staff issues regarding the nature of their tasks. In effect, a simulation is a full-scale test without actually failing over. The use of scenarios is recommended in simulations.

USING OUR BUSINESS CONTINUITY TEST TEMPLATE

SearchDisasterRecovery.com's business continuity test plan template provides a starting point for preparing and executing a business continuity test. It provides a testing framework without addressing a specific plan format. All phases of a test -- pre-test panning, test execution, post-test review and final report preparation -- are supported in this template. The actual test activity, including test structure, scenarios, scripts and injects, and adjunct activities (e.g., audio and video programs) is at your discretion.

The key in using our template is to follow all of the steps outlined: pre-test planning, conducting the test, identifying and training the test participants, conducting post-test debriefs and preparing final summary reports.

BUSINESS CONTINUITY TESTING TERMS

The following is a explanation of key business continuity testing terms used in the template:

Term	Definition
Design team	The design team develops the test from start to finish. Members should have strong knowledge of the overall business. They should also have detailed knowledge in their area or department. The team usually has three to seven members, more if needed. The design team is: Creative Functional under pressure Able to stay on schedule Detail-oriented Willing to challenge Good at keeping secrets Not participating in the test
Orientation test	Introduces participants to the plans and procedures Introduce new plans or revise old plans Requires no previous experience Helps orient new staff or leadership Planning cycle: one month Test time: 60 to 90 minutes
Drill	Test of individual emergency response functions Involves actual field response Practice or test under realistic conditions Involve all levels of responders Planning cycle: one month Test time: 10 to 60 minutes Examples: Fire drill Radio test Tornado test Earthquake test
Tabletop test	The basic version seeks to solve problems in a group setting via brainstorming Advanced tabletop tests will introduce messages and test assistants who can answer questions A more "reality-based" experience Planning cycle: two to three months Test time: 90 to 120 minutes Debriefing time: 30 minutes
Functional test	Assesses the allocation of resources and manpower Evaluates communication across the different groups Assesses the adequacy of current procedures and policies Participants perform actual activities Involves more participants: simulators, evaluators, larger design team Introduces more advanced messages and other media Test time: 90 minutes to four hours Planning cycle: three to six months
Full-scale test	Evaluates the operational capability of systems in an interactive manner over a substantial period of time Presents complex and detailed events in real-time Mobilizes personnel, resources, emergency response teams and equipment Can be expensive; may be disruptive to normal operations Test time: two to eight hours Planning cycle: four months minimum

EFFECTIVE BUSINESS CONTINUITY/DISASTER RECOVERY TESTING STRATEGIES

The business continuity testing template provided in this article will help improve business continuity and disaster recovery plans. But no matter how often you test BC/DR plans, when reality strikes your response will likely be much different than in the tests.

Key strategies for testing include starting simple; raising the bar in terms of difficulty; involving vendors and stakeholders in tests; making tests so difficult it is impossible to succeed; and launching surprise tests. When launching a testing exercise program, start with plan reviews and tabletops. This will help staff get comfortable with the testing process. As they improve, increase the level of test complexity. Remember that if a test "fails" it is not a failure; rather, it is a success. It is far better to identify systems and procedures that may fail, and rectify them, before a real incident occurs. Finally, a true test is to launch a surprise incident. This will truly test how well prepared the company is to address a real incident.

The primary reason for testing is to identify deficiencies in BC/DR plans. Ideally, successful tests uncover and document problems. Tests that appear to be "successful" and uncover no problem should be suspect. Finally, tests present opportunities to fix problems before a disaster happens.

About this author: Paul F. Kirvan, FBCI, CBCP, CISSP, has more than 20 years experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disaster Recovery Planning/Management Business continuity plan auditing best practices Using a pandemic recovery plan template: A free download and guide Disaster recovery and business continuity podcasts Mapping COBIT and ITIL to your IT disaster recovery process Creating a pandemic response for your disaster recovery plan Acquiring key personnel to maintain and update your disaster recovery plan Exploring Microsoft Windows clustering and high-availability tools in disaster recovery How to prepare and plan for a pandemic disaster Disaster recovery plan basics: Updating and reviewing DR plans Disaster recovery news briefs: SteelEye supports disaster recovery and business continuity for Windows Server 2008 R2 Disaster Recovery Storage How does data deduplication affect disaster recovery (DR)? Disaster recovery news briefs: IBM announces expanded business continuity services for Tracker Networks Disaster recovery and business continuity podcasts Exploring Microsoft Windows clustering and high-availability tools in disaster recovery Disaster recovery news briefs: SteelEye supports disaster recovery and business continuity for Windows Server 2008 R2 Iowa Health System uses 'cloud' for disaster recovery to survive flood Disaster recovery news briefs: Riverbed updates Riverbed Optimization System software Data deduplication makes disaster recovery and data replication easier IT disaster recovery and business continuity planning for non-catastrophic disasters VMware upgrades Site Recovery Manager for disaster recovery

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary