Testing and Exercising
Testing and Exercising Framework
- Is there a written schedule for exercising the plan?
- Is the frequency adequate?
- Has the BC plan been exercised following this schedule?
- Are there exercises devised to determine the adequacy of the plan?
- Are there exercises to show the executive and corporate audit that the BC plan has been tested?
- Are the exercises comprehensive?
- Are the various components of the BC plan exercised over a period of time, or are the same sections exercised each time?
- Do the exercises start small and gradually increase in complexity?
- Are the exercises fully scheduled so that all staff members know beforehand what will be exercised?
- Do some of the exercises have an element of surprise?
- Do the exercises include interdependencies?
- Is a written report made after the exercise?
- Does the report compare the results against pre-established goals and standards?
- If the report indicates one or more deficiencies in the plan, are these deficiencies evaluated?
- If the deficiencies are serious, has action been taken to correct them?
- Has the BC plan been updated accordingly?
- Is the critical staff rotated in the exercises so that each member participates equally over a period of time?
- Is the executive directly involved in the exercises?
- Are the recovery teams alerted and included?
- How is the BC plan tested?
- Notification and Walkthrough
- Integrated, partial and incident simulations
- Functional announced and unannounced
- When was the BC Plan last tested, and were the results documented?
- Should the BC testing documentation be reviewed that focuses on the weaknesses identified and their resolution?
Test Document
- Has the content of the Test Folder been prepared?
- Test Schedule.
- Table of Contents.
- Records of Exceptions Exception Monitoring Form.
- Has an overall test exercising strategy been decided on, and is a schedule of tests produced?
- Have all the tests to be undertaken been listed?
Business Unit (BU) BC Plan Exercises
- Should there be a confirmation that the items on the following list are still current:
- Grab List.
- Fire/Bomb Evacuation Procedures.
- Command Centers Contact lists.
- Regulatory/Other Authority contacts.
- Work Area Resource Allocation.
- Priority Salvage List.
- Stationery Stocks Held Off-Site.
- Vital Hard Copy Records.
- Suppliers List
- Did the BU BC Plan test the following areas?
- Critical Business Functions.
- Important Customers.
- Other important contacts.
- The host provides space in a crisis.
Did the component tests check the following discrete elements of the recovery process?
- Confirmation of prompt access to the alternate site.
- Availability of individual BC plans.
- Withdrawal of items from the various off-site storage locations.
Post-test Documentation
- Have profiles of the ‘Test Exercises’ been completed?
- Are the test exercise plans and results preserved to facilitate a review by the Auditors?
- Is the testing documentation kept separate from the BC Plan?
- Has a ‘Post Exercise Critique’ been completed for each test conducted?
- Are the completed critiques reviewed by the BCM?
- Does the BCM follow up on all exceptions noted?
Resource
Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.
Extracted from "BCM Questionnaires 7: Testing and Exercising"
Singapore Government Funding for BCM-8530 Course
The following section applies to Singaporean and Singapore permanent residents. Click the button "Government Funding Available" to learn more about the funding available from the Singapore government. This includes SkillsFuture Funding and Credit and UTAP.
Find out more about Blended Learning BCM-8530 [BL-A-5] & BCM-8030 [BL-A-3]
Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org |