Is a tabletop exercise sufficient for DR testing?
Tabletop exercising is one of several testing options for technology disaster recovery (DR) plans. It is generally the least complicated of the DR test/exercise options, and must be structured to address the specific issues your IT organization wants to address.
At a high level, a tabletop exercise gathers the relevant subject matter experts (SMEs) in a room to review the overall policies and procedures in a DR plan to validate them and ensure that all members of the IT recovery team are aware of their roles and responsibilities in a disaster.
The exercise may also review and validate activities to ensure that IT staff can safely evacuate the data center and/or company offices; validate that the contact lists for staff, vendors and other stakeholders are accurate; assess the training needs of IT recovery team members; ensure that the DR plan focuses on the most critical IT systems and resources; ensure that the DR plan addresses the company's mission-critical business processes; ensure that the recovery and restoration strategies are still valid and actionable; and ensure that the plan's recovery time objectives (RTO) and recovery point objectives (RPO) are still valid.
If additional issues such as procuring equipment and systems need to be addressed, items to include in an exercise may be to review the contact lists of vendors, ensure that purchase orders are available, and ensure that funding is available for obtaining equipment on an emergency basis. A tabletop exercise may also include a high-level discussion of the critical systems, data, databases, network resources, applications and other IT assets that the plan addresses, ensuring that they are still valid, and that the plan addresses those resources. DR exercising of production systems and devices is much more complicated, and usually requires a detailed script (sometimes called a playbook) that outlines the step-by-step procedures to recover and restart disrupted systems.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
Network managers and users might opt to set up two VPN connections at the same time, from the same remote device. But that might not be possible -- ... Continue Reading
Risk assessments help identify and, more importantly, prioritize activities an organization needs to address its most serious threats and ... Continue Reading
A strong data protection strategy must follow applicable standards and regulations to protect data and comply with privacy laws. What are some key ... Continue Reading