Business Continuity Planning: Testing & Possible Issues

28 Jan

In my previous post I discussed a number of different aspects of a BCP. In this post I will look at the different types of tests that can be adopted to ensure a BCP is effective. This will in turn help to evaluate the framework that we will be discussing in the future. I will also discuss one of the biggest issues faced by organisations when testing their BCP.

As provided by Searchdisasterrecovery, three different types of BCP tests can be used:

  • The first, a plan review, involves a basic theoretical review of all BCP documentation. It is essentially a paper test. It looks for holes in the plan, and possible traps that the business could fall into. It involves only those who created the plan itself.
  • The second is a tabletop test, which essentially involves all of those involved gathering together to discuss in detail how the plan would be implemented. It is this step that helps to assign duties to the appropriate individuals. Without this type of test, the individuals would be unable to correctly implement the BCP, as they would be unsure of where their responsibility lies.
  • The third is a simulation test, which is the test that my previous post detailed. This involves the company undergoing a practical demonstration of the company’s procedure under particular circumstances or in an unexpected event. This is the best way to find any errors or inconsistencies in the plan itself, and iron out any other problems including governance and human error.

The various aspects that I previously discussed all come into play during simulation tests, such as readiness procedures and internal governance issues. However, there are also a number of other aspects of testing that need to be considered in order to avoid further problems later on.

A paper written by David Tickner highlights some of the indirect consequences of following BCPs too rigidly. A plan review, as already discussed, is all about documentation. However Tickner states that following basic documentation on business continuity, or even disaster recovery, too rigidly, can be a mistake. Those using them could simply try to replicate them step-by-step without every really using it in the context of the business itself. “The testing should challenge and surprise the organisation and its stakeholders.” (Tickner)

This paper also goes on to mention that business continuity plans are not just about “ticking the box”. They are about accounting for all the unknowns, the unexpected events. When we discuss our framework in the future, we will attempt to account for these unknowns, and attempt to provide a way for businesses to account for all exceptional circumstances, while also ensuring that the business is considered ahead of everything else. This is the only way to ensure a successful and strong BCP.


David Tickner Test the organisation, not just the plan


2 Responses to “Business Continuity Planning: Testing & Possible Issues”


  1. Business Continuity Planning: Common Mistakes « So Opinionated … - February 7, 2013

    […] a governance issue, and a standard by which BCP tests are measured. Over reliance also feeds into a post in which I mentioned a paper written by David Tickner, who highlights the pitfalls of over-relying […]

  2. A 3-Stage Business Continuity Framework | So Opinionated ... - February 22, 2013

    […] discussed in a previous post there are three different types of […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: