Is a tabletop exercise sufficient for DR testing?
Tabletop exercising is one of several testing options for technology disaster recovery (DR) plans. It is generally the least complicated of the DR test/exercise options, and must be structured to address the specific issues your IT organization wants to address.
At a high level, a tabletop exercise gathers the relevant subject matter experts (SMEs) in a room to review the overall policies and procedures in a DR plan to validate them and ensure that all members of the IT recovery team are aware of their roles and responsibilities in a disaster.
The exercise may also review and validate activities to ensure that IT staff can safely evacuate the data center and/or company offices; validate that the contact lists for staff, vendors and other stakeholders are accurate; assess the training needs of IT recovery team members; ensure that the DR plan focuses on the most critical IT systems and resources; ensure that the DR plan addresses the company's mission-critical business processes; ensure that the recovery and restoration strategies are still valid and actionable; and ensure that the plan's recovery time objectives (RTO) and recovery point objectives (RPO) are still valid.
If additional issues such as procuring equipment and systems need to be addressed, items to include in an exercise may be to review the contact lists of vendors, ensure that purchase orders are available, and ensure that funding is available for obtaining equipment on an emergency basis. A tabletop exercise may also include a high-level discussion of the critical systems, data, databases, network resources, applications and other IT assets that the plan addresses, ensuring that they are still valid, and that the plan addresses those resources. DR exercising of production systems and devices is much more complicated, and usually requires a detailed script (sometimes called a playbook) that outlines the step-by-step procedures to recover and restart disrupted systems.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
Archiving email is crucial to the business continuity and disaster recovery process. For example, consider how cybersecurity and cloud storage can ... Continue Reading
Your organization should integrate its cybersecurity and backup processes. It's easy for a cyberattack to affect backups, unfortunately, so be ... Continue Reading
Many on-site and cloud-based services are available for small to medium-sized business backup. Pay particular attention to the deciding factors for ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.