Is a tabletop exercise sufficient for DR testing?
Tabletop exercising is one of several testing options for technology disaster recovery (DR) plans. It is generally the least complicated of the DR test/exercise options, and must be structured to address the specific issues your IT organization wants to address.
At a high level, a tabletop exercise gathers the relevant subject matter experts (SMEs) in a room to review the overall policies and procedures in a DR plan to validate them and ensure that all members of the IT recovery team are aware of their roles and responsibilities in a disaster.
The exercise may also review and validate activities to ensure that IT staff can safely evacuate the data center and/or company offices; validate that the contact lists for staff, vendors and other stakeholders are accurate; assess the training needs of IT recovery team members; ensure that the DR plan focuses on the most critical IT systems and resources; ensure that the DR plan addresses the company's mission-critical business processes; ensure that the recovery and restoration strategies are still valid and actionable; and ensure that the plan's recovery time objectives (RTO) and recovery point objectives (RPO) are still valid.
If additional issues such as procuring equipment and systems need to be addressed, items to include in an exercise may be to review the contact lists of vendors, ensure that purchase orders are available, and ensure that funding is available for obtaining equipment on an emergency basis. A tabletop exercise may also include a high-level discussion of the critical systems, data, databases, network resources, applications and other IT assets that the plan addresses, ensuring that they are still valid, and that the plan addresses those resources. DR exercising of production systems and devices is much more complicated, and usually requires a detailed script (sometimes called a playbook) that outlines the step-by-step procedures to recover and restart disrupted systems.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
Examine the major elements of an active archiving environment, including the kinds of data that you can use in one and resources to help with ... Continue Reading
With so many dangerous threats in the IT landscape, make sure you protect your data backups from the likes of corruption, unauthorized access and ... Continue Reading
A remote access VPN connects remote users from any location to a corporate network. A site-to-site VPN, meanwhile, connects individual networks to ... Continue Reading