Is a tabletop exercise sufficient for DR testing?
Tabletop exercising is one of several testing options for technology disaster recovery (DR) plans. It is generally the least complicated of the DR test/exercise options, and must be structured to address the specific issues your IT organization wants to address.
At a high level, a tabletop exercise gathers the relevant subject matter experts (SMEs) in a room to review the overall policies and procedures in a DR plan to validate them and ensure that all members of the IT recovery team are aware of their roles and responsibilities in a disaster.
The exercise may also review and validate activities to ensure that IT staff can safely evacuate the data center and/or company offices; validate that the contact lists for staff, vendors and other stakeholders are accurate; assess the training needs of IT recovery team members; ensure that the DR plan focuses on the most critical IT systems and resources; ensure that the DR plan addresses the company's mission-critical business processes; ensure that the recovery and restoration strategies are still valid and actionable; and ensure that the plan's recovery time objectives (RTO) and recovery point objectives (RPO) are still valid.
If additional issues such as procuring equipment and systems need to be addressed, items to include in an exercise may be to review the contact lists of vendors, ensure that purchase orders are available, and ensure that funding is available for obtaining equipment on an emergency basis. A tabletop exercise may also include a high-level discussion of the critical systems, data, databases, network resources, applications and other IT assets that the plan addresses, ensuring that they are still valid, and that the plan addresses those resources. DR exercising of production systems and devices is much more complicated, and usually requires a detailed script (sometimes called a playbook) that outlines the step-by-step procedures to recover and restart disrupted systems.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
Business continuity and resilience go hand in hand and play a role in an organization's disaster recovery plan. Essentially, business continuity is ... Continue Reading
A data archiving plan might not be simply important for your organization -- it could be necessary, given legal and compliance requirements. Make ... Continue Reading
In order to migrate backup data from the cloud back to an on-premises environment, you should follow these steps to ensure your data will be safe and... Continue Reading