How often should I conduct a disaster recovery (DR) test?
How often companies should conduct a disaster recovery (DR) test varies. The most important thing to remember is to make sure that your DR plan and your staff members have what's needed to recover your information systems and business functions in the event of an emergency. This may be once a year, once every three years, or only after there have been major changes in the organization, its line of work, or its facilities. This is going to be different for every single business, and something that management will ultimately have to decide and support.
Instead of wondering how often do you need to conduct a disaster recovery test, ask yourself, "Have we tested at all?" In my work performing security assessments, at least eight out 10 businesses I've seen haven't tested their disaster recovery procedures. Many don't have a disaster recovery plan at all.
Plans sometimes go untested because of all the technical and operational complexities associated with them, but you can often work around some of these issues through simulation. Disaster recovery is also one of those topics that doesn't get the attention it deserves because management assumes that the odds are in their favor that nothing bad will ever happen to their company. In the end, testing is the only way you can validate and improve your plan. There's no doubt that problems and gaps in your plan will surface during testing. Not having the business sense and leadership to do this at all is certainly a disaster in the making.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Kevin Beaver
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading
The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains ... Continue Reading
While most mobile platforms provide levels of security from mobile cryptojacking, IT must still be aware of the risks and procedures to address an ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.