Is a tabletop exercise sufficient for DR testing?
Tabletop exercising is one of several testing options for technology disaster recovery (DR) plans. It is generally the least complicated of the DR test/exercise options, and must be structured to address the specific issues your IT organization wants to address.
At a high level, a tabletop exercise gathers the relevant subject matter experts (SMEs) in a room to review the overall policies and procedures in a DR plan to validate them and ensure that all members of the IT recovery team are aware of their roles and responsibilities in a disaster.
The exercise may also review and validate activities to ensure that IT staff can safely evacuate the data center and/or company offices; validate that the contact lists for staff, vendors and other stakeholders are accurate; assess the training needs of IT recovery team members; ensure that the DR plan focuses on the most critical IT systems and resources; ensure that the DR plan addresses the company's mission-critical business processes; ensure that the recovery and restoration strategies are still valid and actionable; and ensure that the plan's recovery time objectives (RTO) and recovery point objectives (RPO) are still valid.
If additional issues such as procuring equipment and systems need to be addressed, items to include in an exercise may be to review the contact lists of vendors, ensure that purchase orders are available, and ensure that funding is available for obtaining equipment on an emergency basis. A tabletop exercise may also include a high-level discussion of the critical systems, data, databases, network resources, applications and other IT assets that the plan addresses, ensuring that they are still valid, and that the plan addresses those resources. DR exercising of production systems and devices is much more complicated, and usually requires a detailed script (sometimes called a playbook) that outlines the step-by-step procedures to recover and restart disrupted systems.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
Thinking of activating disaster recovery as a service? As you start this important process, consider these best practices that will help protect your... Continue Reading
As the remote workforce increases, network managers and users might opt to set up two concurrent VPN connections from the same remote device. But ... Continue Reading
It's time to review your strategy for ransomware backup and recovery. While there are standard ways to protect your organization, newer technologies ... Continue Reading