top of page

Developing and Delivering a BCP Test

Business Continuity Plan test

I'm a paragraph. Click here to add your own text and edit me. It's easy.

 

Thinking of developing a business continuity test for your organisation? Our business continuity plan testing templates  can help you you develop and deliver a professional business continuity plan test - and they come with a free online training course to guide you

The overarching purpose of a BCP test plan is to provide reasonable assurance that your business continuity plan, or specific aspects of it, will work as expected during a real crisis. 

 

Creating and conducting an effective BCP test requires an amount of preparation and planning to ensure that the test is meaningful and covers the appropriate scope. Any BCP test will require that the following are in place

Why perform a Business Continuity Plan Test

A business continuity plan test will provide important assurances of several aspects of the effectiveness your organisation's business continuity plan 

Test Objectives

BCP test objectives - these will  define the aim of the test and the specific assurances to be obtained

BCP Test Scenario

A BCP test scenario or type of incident. Except for the most simple of reviews it is helpful for a BCP test to be based on a particular type of incident or scenario, such as a failure of IT systems or unavailability of the work place. Basing the BCP test on a specific type of scenario adds a level of reality and focus to the activity

Scope of the Business Continuity Plan Test

Within the overall context of the type of test and the scenario chosen the scope of the Business Continuity Test should identify the what parts of the business continuity plan are to be confirmed 

Disaster Recovery Test

A disaster recovery plan test which ensures that you can effectively restore specific operational capabilities after a particular type of incident (a power failure, for instance)

Incident Simulation

For more advanced BCP tests, incident simulation can make the BCP test scenario "come alive", providing the most meaningful approach to BCP testing

BCP Test Schedule

A BCP test is not an ad hoc activity. Each type of BCP test has its merits and  an organisation's business continuity plan should be supported by a formal BCP testing schedule covering all types of test. 

BCP Test Feedback & Actions

Capturing the results of a BCP test are just as important as the the test itself. This gives you the opportunity to log issues about the plan, decide who is responsible for fixing them and when.  

Types of BCP Test

There are different types of BCP test which differ in both scope and level of realism that you want to achieve. These types of BCP test range from straightforward plan reviews, desktop walkthroughs to incident simulations

Why perform a BCP test?

Regardless of which of the various types of BCP test you conduct (although every business continuity plan should be subject to more than one type of test) – every test  sets out to ensure that the business continuity plan remains relevant to the organisation and continues to support a set of common assumptions:

 

Structure & Competence of Incident and Recovery Management Teams

Are the response and recovery team(s)  complete and intact?  Are the members of the response teams still present within the organisation, do they understand their roles and responsibilities?

 

People will remember what to do

If there are specialised resources in place to support incident management and recovery management, are those responsible for operating them proficient in their use?

 

Communication works as expected

Fast and accurate communication is crucial to effective incident and recovery management. During a major operational disruption there will be significant and intense interaction both internally and externally. A BCP test will help to ensure that contact lists are up to date and that communication plans accurately reflect how the organization will communicate during a crisis.

 

Alternative workplace approaches remain relevant

‘Work from home’, is a popular solution. However, employees must be able to work from the location for an extended and possibly indeterminate period of time. We need to ensure that the circumstances of those who are designated to work from home have not changed. Have they moved to an area of reduced internet performance/availability, does the organisation have sufficient licenses for remote access software? Likewise, if a Work Area Recovery facility is used, any BCP test should ensure that it's facilities and accommodation capacity remain fit for purpose.

 

IT Infrastructure and applications recovery capabilities continue to work as planned.

Can we recover our critical applications and services within the required timeframe in terms of re-instatement of IT infrastructure and restoration of data?  A BCP test should also establish that recovery instructions and procedures remain relevant and effective.

 

Decisions are straightforward and are made in possession of perfect information

Business Continuity plans are often developed under the assumption that that perfect information is available at the time that incident is encountered.  This is rarely the case – information (and often, dis-information) comes through in a sporadic "drip-feed".  A BCP test should cater for this – but not all types of BCP test are suitable for this approach to testing.  Reviews and walkthroughs, for instance, cannot reproduce this type of situation with any degree of realism – incident impact assessment and subsequent decision making are best evaluated during an incident simulation

  • Steve Dance Managing Partner
  • Linkedin

Follow or connect with Steve,  RiskCentric's owner & founder via LinkedIn

bottom of page