Local Business

Local Business  » Business Continuity Testing

Business Continuity Testing

Business Continuity Testing

Disaster Recovery is not Business Continuity. Many companies do

not have full business continuity plans. They say they do have

business continuity plans but they really mean that they have a

disaster recovery plan, usually meaning that they have

alternative premises and possibly equipment that can be used in

the case of a full scale disaster. Business continuity covers

far more than just the IT systems. Think of all the paper

records an organisation needs to continue working. Think of the

most important asset of all to most organisations: its staff.

Without its staff these organisation ceases to exist. A business

continuity plan contains information for all staff and their

activities in the case of problems affecting the organisation.

A preliminary to the testing of any plan is to establish some

form of Business Continuity Group consisting of representatives

from each of the main business areas, together with those

responsible for finance, facilities and IT.

Once a business continuity plan exists it needs to be maintained

and tested regularly. Once again, many organisations say their

plan is tested but what happens is that they show that the major

IT systems can be seen to be working on equipment at a disaster

recovery site. Often there is no involvement other than from the

IT Group.

It is essential that business continuity testing follows a risk

based approach. This provides 2 main advantages. Firstly any

business continuity must be aligned to the business and that the

plan should be designed to cope with risks to the business.

Secondly, by following a risk based testing approach to business

continuity, this highlights the areas not to test, by

prioritising the main risks to business and therefore

identifying areas of negligible or zero risk.

Business continuity testing need not be onerous or expensive.

There are a number of ways in which testing can take place; each

is mentioned below.

Business continuity testing can be broken down into 2 main

areas, desktop testing and physical testing.

Desktop testing can be a paper walkthrough where a group of

people work through the plan looking for areas which require

further work. It can also be scenario testing where a group sit

and work through a scenario given to them, such as electrical

failure, fire, bomb threat etc. The scenario is defined by a

different group of people who then monitor the accuracy of the

business continuity plan.

Physical testing means a form of business continuity testing

Today's Popular Articles

• Business Mortgage or Utah Mortgage?

• The Perfect Home Business

that happens outside the conference room. This is broken down

into a number of different tests. Firstly a communications test.

Can everyone who needs to be notified during a problem actually

be contacted? Second in physical testing is a disaster recovery

test, where the IT systems are established on a secondary set of

computers, and thirdly, a full relocation test, where the

business areas relocate to another site. All of these tests are

carried out in order to hone the business continuity plan and to

provide assurance that it will be effective when required.

In summary, all business continuity plans need to be tested.

Some companies believe that the testing would be too complex,

time consuming or expensive. It is therefore essential to use a

3rd party group of experts to advise, help carry out and monitor

the tests that are carried out. The 3rd party would also make

suggestions regarding any changes believed necessary to the

existing plan.

Copyright Acutest UK 2005

About the author:

A Streeb is an experienced practitioner of business continuity

testing at Acutest, an independent consultancy specialising in

business continuity assurance and software testing services. For

more information on this topic visit http://www.acutest.co.uk or

send an email to enquires@acutest.co.uk