This article gives an overview of the testing and exercising process. It includes the implementation stages with the detailed tasks and expected deliverables. The term “advanced” assumed that organizations had completed their initial or elementary test and exercises. The major difference is to focus on organizations embarking on the advanced level type of tests and exercises.
Testing is needed to ensure the BC Plan works. The BC Plan must be tested in order to prove its validity. To ascertain the level of validity, the various components in the BC Plan must be tested.
Testing is intended to find errors and omissions, which can be reported to all concerned parties and subsequently, be corrected. The process of simulating the recovery also prepares the relevant staff members to function at the alternate site and verifies the adequacy of the alternative site.
Ultimately, the testing phase ensures the integrity of the complete BC Plan, with appropriate documented procedures to handle all likely situations.
Objective
Formulate an objective mechanism to validate the "workability" of the complete Business Continuity Plan.
Tasks
The tasks to complete in the advanced testing and exercising component phase of program management phase include:
- Design an overall program for testing of plan
- Develop plans for specific tests
- Develop an evaluation mechanism
Expected Deliverables
The expected deliverables in a typical advanced testing and exercising component of the program management phase are:
- List of tests to be conducted
- List of responsibilities of parties involved
- Objectives, policies, guidelines, responsibilities and test specifications
• Specific test plan: description, scenarios, procedures and criteria
• Evaluation forms/checklists for each test
What does Testing & Exercising Entail?
The entire testing process involves the following stages:
- Designing the Test Program
- Running the Test
- Assessing and Correcting
Designing the Test Program
Corporate-Wide Program For Testing
The corporate-wide test program should be developed by the person responsible for BCP in consultation with the Executive Management. The program should identify all the tests and exercises which are required.
Develop Plans For Specific Tests
Plans are developed for each test identified in the test program. The following questions must be answered for each test:
- Establish the aims of the test. What does each test try to prove?
- Decide on the scope of the test. To what extent do you wish to test? Who will be involved? Which components should you test?
- Determine the method to be used for conducting the test. How will the test be performed?
Develop An Evaluation Mechanism
A mechanism must be developed to assess whether the tests were successful. Measurable criteria must be established to decide whether each test achieves a pass or fail result.
Running the Test
After designing the test, run the actual test based on the planned scope of testing.
Assessing and Correcting
Assess the Test Results
- Evaluate the results against the pre-determined criteria
Modify the Plan
- Correct the BC Plan where errors and omissions are identified from the tests
Modify the Test
Fine-tune the test plan where relevant, for future testing
Tests can be performed on all aspects of a BC Plan, such as Information Technology (IT) system switch-over, telephone notification call-trees and evacuation methods. These tests should be discussed with relevant staff members to determine the most appropriate model and test schedule.
Testing helps identify vulnerabilities and changes in the organizational environment and allows the BC Plan to be updated accordingly. To be effective, the tests must challenge the true recovery needs of your organization.
Ensure that the BC Plan will work when you need it, by testing and updating the BC Plan periodically
It is strongly recommended that each member of a recovery team be involved in some form of testing twice every year. A test policy to revise the readiness of your BC Plans should be developed and published. A mandatory corporate policy to perform testing “at least once per year” should be published and endorsed by the Executive Management. The resultant revised BC Plans should also be distributed regularly to all recovery personnel.
Conclusion
The detailed explanation for testing and exercising of BC Plan is further elaborated in the book, “Testing & Exercising Your Business Continuity Plan 2nd Edition” ISBN: 981-04-5975-0.
Reference
Goh, M. H. (2021). Managing & Sustaining Your Business Continuity Management Program. Business Continuity Management Planning Series (3rd ed.). Singapore: GMH Pte Ltd.
Extracted from "Chapter 19: What is Advanced Exercising & Testing?"
More Information About Blended Learning BCM-5000 [BL-B-5]
To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org. They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.
Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org |