Types of BCP Test
The type of BCP test that you choose to conduct will be based on a number of considerations including the time and budget you (and your organisation) have available, the part(s) of the organisation that will be participating in the BCP test and the assurance requirements of regulators, customers and any other significant stakeholders.
Larger, more complex exercises give increased assurance and confidence in the business continuity plan and generally the most critical areas of your organisation should subjected to a more demanding BCP test than less important areas. Ranging from the straightforward to the demanding. The different types of BCP test that can be conducted are:
BCP Audit. A BCP audit is generally conducted by a third party. The most useful form of BCP audit is focussed on the business continuity plan management processes rather than assessing the content of the plan. The other types of BCP test listed below are more effective at providing assurance that the plan is fit for purpose and that the organisation is capable of executing its plan. A BCP audit seeks to establish compliance with accepted best practice and any relevant industry regulations with regard to the .way in which the organisation manages its overall business continuity programme.
Desktop Review: Run through your plans with a view to establishing that the content of the plan (such as people, work area recovery requirements etc.) are current and correct. This type of BCP test can be conducted by plan owners, perhaps supported by a BCP Review checklist
Walkthrough: Physically walk through the processes and procedures recorded in the plan and base this approach on a particular BCP test scenario. A BCP test based on a walkthrough would generally be facilitated by an experienced incident management or business continuity plan specialist who would provide challenges in the form of “what if this happens” inserts to the team providing he walkthrough. As with a desktop review, a BCP walkthrough will benefit from using a BCP Review checklist to ensure that the scope of results evaluation is consistent and appropriate to the type of test..
Functional Test: A BCP functional test focusses on testing discrete aspects of one or more parts of an organisations business continuity plan. These tests tend involve activating specific resources to ensure that remain functional or fit for purposesuch as uninterruptible power supplies (UPS), telephony switches and IT systems restoration.
Incident simulations generally involve testing most of the organisations business continuity plan against a backdrop of a specific scenario which may be focussed on:
A cyber attack
Significant damage to the workplace
IT systems failure
Public utilities failure
A terrorist attack
An incident simulation will, as far as possible, try to recreate the level of impact caused by the chosen BCP test scenario and will require BCP test participants to adopt the roles that they would normally expect to undertake during a major incident. All relevant resources would be used including activation of required communications channels , work area recovery facilities, remote working capabilities etc.
RiskCentric provide a range of services to support the design and execution of BCP tests