Show
Business continuity planning is a process that is vital to your organization. There is always the possibility that your organization’s critical business processes could be negatively affected for reasons that are often beyond
your control, so it's best to be prepared. Your organization’s critical business processes might be negatively affected by a variety of reasons often beyond your control. If a disruption does occur, it’s extremely important that your organization has a plan in place to address any potential issues and ensure that your organization is still able to serve your customers. However, if you’ve never enacted your plan, it’s hard to be confident that your plan will be sufficient. Testing your Business Continuity Plan (BCP) helps to continuously improve your ability to successfully recover from various scenarios, whether it be a natural disaster or a communications failure. The good news is that there’s not just one way to test your BCP. Here are four steps to help you build a better Business Continuity Plan testing program and ensure you are prepared for any situation that may come your way. Step 1: Incorporate Different BCP Testing MethodsThere are a variety of methods you can utilize to test the usability and effectiveness of your Business Continuity Plan. Some of the possible testing methods include:
Step Two: Understand How Often to TestAlthough there is no hard-and-fast standard for determining how often to test your Business
Continuity Plan, there are some general guidelines that are typically recommended. Note that each of these timeframes is going to be dependent on your organization’s industry, size, personnel, available resources, and current BCP maturity levels. Don’t take these timelines as gospel, as they are strictly that: guidelines. SBS recommends reviewing each of your Emergency Preparedness Plans (Business Continuity, Disaster Recovery, Incident Response, and Pandemic Preparedness)
throughout the course of a given year. Testing would typically include an annual Tabletop Test and/or Walk-Through Test of all four individual EPP plans, testing multiple scenarios for threats that you identify as higher-risk to your organization. Be sure to test the scenarios that you believe to be the highest risk to your organization most frequently, and the scenarios you don’t believe to be that probably less frequently. Additionally, a Functional Recovery Test is
recommended at least every other year, but such a test is largely dependent on the size and complexity of your organization and the maturity of your failover procedures. For example, if your organization’s goal is to have a fully-functional failover DR backup site, but you have not yet achieved full-failover mirroring and backups, implementing this complex backup process and testing to ensure everything works correctly from failover-to-failback may take years to achieve. In comparison, testing
file-level restores from nightly backups is something any organization can do quickly and frequently today. However, if your organization has any major changes in processes, systems, or plan details, you may want to perform these tests more frequently. And again, these timelines are highly dependent on your organization; it may not be feasible or logical to perform some of these tests at a particular frequency. Base this decision on your organization and its specific needs. Step Three: Include Your VendorsIn the course of your testing cycle (whether a Plan Review, Tabletop Test, Walk-Through/Simulation Test, or Functional Recovery Test), you’ll want to ensure your critical vendor partners are included in the testing process to whatever extent possible. Involving your vendors in this process not only allows you to test to a greater degree of accuracy and usability, but also allows your vendors a chance to provide feedback that may be valuable to your plans or testing process. Step Four: Document Your TestingFinally, be sure to document the results of any testing performed, along with any actionable findings from those tests. Following up on these items and incorporating recommendations resulting from tests is the most important process in the BCP testing lifecycle. Testing, documenting the results of your testing, and implementing processes to improve your BCP is the best way to strengthen your organization’s response processes. Resources and Testing OptionsNumerous additional resources that your organization may use or participate in to continue to mature your BCP testing program are widely available. Here is a list of organizations and resources to help you perform such testing on your own organization’s BCP:
Written by:Dan Klosterman SBS Resources: A key piece to any Information Security Program is a high-quality Business Continuity Plan (BCP). Let SBS help design and test a comprehensive plan that encompasses four areas: Business Impact Analysis, Business Continuity, Disaster Recovery, and Pandemic Preparedness. A well-structured plan can help mitigate the negative effects of a natural disaster, unexpected power outage, widespread illness, and many other unexpected events. Learn more. Related Certifications: Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications. Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues. Posted: Wednesday, January 16, 2019 Which of the following method is not acceptable for exercising the business continuity plan?Which of the following methods in not acceptable for exercising the business continuity plan? Simulated exercise.
Which order of the 4 phases of a business continuity plan is correct?The 4 phases of a business continuity plan. Initial response.. Relocation.. Recovery.. Restoration.. What are the 5 components of a business continuity plan?In order to achieve this, every business continuity plan needs to incorporate five key elements.. Risks and potential business impact. ... . Planning an effective response. ... . Roles and responsibilities. ... . Communication. ... . Testing and training. ... . Building your own business continuity plan.. What are the 3 main areas of business continuity management?Three key components of a business continuity plan
A business continuity plan has three key elements: Resilience, recovery and contingency.
|