Business Continuity Plans – Testing and Reviewing

Continuity Plan 2 Reviewing and Testing

In the previous article we established what a business continuity plan is and how to write one, but that is only half the battle – you don’t want to wait until a disaster happens to see whether the plan is good or not. Like anything else, it needs testing. Do you think the designer of the smoke alarm just switched it on, went to sleep and hoped it would wake him if disaster struck? No, he tested it rigorously to be sure that it was the best quality it could be.

A controlled test offers the opportunity to learn about the plan, identify gaps and improve it where necessary.

It is, in fact, as counterproductive as it sounds – recommended that you try to break the plan. Make the test plausible but also an extreme of a scenario, because you don’t want your plan to just be ‘good enough’ – you want to have confidence that it can take a pounding if necessary and cover any eventuality.

Most organizations conduct tests periodically three times a year, but the frequency depends on your business and what is going on within it. For example, if you have a high turnover of staff it may be beneficial to conduct them more often, or if IT changes have been made since the last test.

Different tests include structured walk throughs of scenarios and ‘tabletop’ exercises – a table-top exercise involves primary members of the team dissecting the plan and breaking it down to be sure that every part of the organization is represented.

Some ‘tabletop’ talks are a lot more structured. Each team member will walk through the relevant part of the plan to them to identify any weaknesses that were previously unseen. This is normally undertaken with a chosen disaster in mind as different disasters will affect different departments in different ways. If – inevitably – weaknesses are found, they should be corrected immediately, and then, as soon as possible, update the plan and redistribute so everyone knows that some elements have changed.

It is also highly recommended – although not necessarily part of the plan – to conduct an evacuation drill to prepare for the eventuality of a disaster. You will then know if anyone needs special arrangements to get to safety.

This can seem like overkill, but it is recommended that once a year you role play disaster, referred to as ‘full disaster simulation’. Create an environment that, to the best of your ability, simulates that of a disaster, and involve all the equipment and personnel that would be normally be included. Doing this will give you a clear depiction of whether you will actually be able to carry on as normal after a disaster. You aren’t trying to catch people out – making them better is the aim.

Review and improve your business continuity plan

By this point you have put a lot of effort into creating and initially testing a business continuity plan. Once having done so, many organizations let the plan sit there waiting for a disaster, spending extra time on more critical tasks. It is understandable but not the best way of doing things, because this will allow plans to go stale and become of no use when they are needed.

Tech is constantly evolving and your team changes just as much so therefore your business continuity plan needs to be updated too. Be sure you are bringing key people together and that everyone knows their role in the event of a disaster.

This is a lot to take onboard so if you need any help get in contact with our expert team and we will help you design the right business continuity plan for your business.

IT Support the Right Way

By trusting us with your IT needs we can guarantee that your organization is ready to succeed in the modern digital workplace. Our experience in working with small businesses in Ontario and the Greater Toronto area allows us to ensure that you can increase revenue, secure your data, and always operate at peak performance in the most secure way possible. Contact us now to find out what else we can do to improve your IT landscape and bring you even more benefits from your IT going forward.