Disaster recovery testing is a critical component of any DR plan. A common method for conducting DR tests begins with choosing a scenario that would have a negative impact on operations, simulating the event and examining your organization's ability to recover following the event.
This tip begins a series of articles that will examine this approach to DR testing, starting with choosing a proper operational scenario. Future tips will look at technology, human-based, natural events, business and off-the-scale scenarios. While these tips are not all-encompassing scenarios for a BC/DR program, they should be a good starting point for internal discussions about what to include in your BC/DR exercises.
When developing disaster scenarios for operational situations, begin your business continuity/disaster recovery exercise planning by defining the operation or process that will, in some way, be negatively affected by the event you envision. Naturally, if your organization performs a variety of operations, ranging from manual to computer-controlled, think about which operations are most critical, and then consider situations in which one or more of them could be compromised, altered or even damaged beyond repair.
A twist to this approach is to begin the BC/DR exercise planning with an operational process as described above, and then look into other subordinate or contributing processes that the main operation needs to perform properly.
Design an incident that disrupts or damages the supporting operations that the main one needs. Rarely does a disruptive incident follow a purely logical, prearranged sequence. Traveling off the normal path may yield a more realistic and challenging scenario.
These BC/DR exercise planning scenarios focus on process-related situations, such as a manufacturing system failure.
|Scenario||Description||Why Use It|
|Major assembly line fails; situation is based on a software glitch, not a power outage||With so much technology controlled by software, a software glitch may cause a serious disruption, and may also be difficult to identify without suitable forensics||Virtually all manufacturing and/or process-controlled systems today are controlled by some form of software|
|Presence of food poisoning is detected in jars of processed food randomly selected for testing||We periodically hear about food poisoning on the media; it is an issue of great concern||This is a situation that can have grave consequences for a large population of victims; it can result in lawsuits, fines, and loss of reputation|
|Mixing of raw materials is altered through software program malfunction||This is an example of how a software malfunction can create a potentially serious situation||This is also a situation that can have grave consequences, resulting in lawsuits, fines and loss of reputation|
|Carelessly handled tool accidentally falls into critical system mechanism, causing major shutdown||Safe handling of tools is always a key concern in areas where machinery exists; such an accident could seriously disrupt production and may also cause injuries||Situations like this often happen, usually from carelessness but may also be premeditated (e.g., as a way for a disgruntled employee to seek revenge against management)|
|Explosion caused by mixture of air with chemicals and set off by static electricity||Despite care in handling hazardous materials, an accidental discharge of a chemical may quickly become an explosive situation||This scenario is appropriate where hazardous materials may become mixed with air|
|Overhead crane transporting finished products suddenly collapses, damaging products and injuring employees||Maintenance of equipment is a key activity virtually everywhere; despite precautions, a worn-out part may fail before it can be detected through inspections||The importance of regular system and equipment maintenance cannot be ignored|