17 May 2019
You've created a thorough, efficient and reliable Business Continuity Plan (BCP) that will protect your organisation's data from potential disasters, ranging from weather-related outages to ransomware. That means you're done, right? Not exactly.
Simply having a plan in place is not enough. Regular business continuity plan testing is key to make sure everything will work correctly in case it is needed. You probably have performed fire drills, why should disaster recovery be any different? How will you know if your business continuity strategy will work if you don’t test it?
BCP testing provides a clear indication if the plan isn't meeting recovery point objective/recovery time objective requirements, and enable you to make the necessary changes to get things back up and running quickly. A BCP test can also point out vulnerabilities that may need to be addressed. Testing your disaster recovery plan helps pinpoints security holes before they make a difference. Testing will also help you gauge how a system reacts to infrastructure changes, providing insight into the health of your recovery plan.
Your business processes and infrastructure change periodically. Your employees change, and you add departments. Changes should be implemented and communicated in your testing strategy to ensure everyone is on the same page. Periodic testing allows changes to be made based on successes and failures, so preparedness is high. It is critical to test to ensure each moving part is working as it should.
How frequently you need to test will differ from company to company, but experts agree that regular BCP testing is the best way to validate a business continuity plan and keep it up to date. Some organizations may test once a year and find that sufficient, depending on their environment. But it's important to make time for testing when there are changes to the infrastructure that could affect the recovery process.