To get an unbiased view of your business continuity plan, it should be evaluated by someone who has not been involved with it's development and who is suitably qualified to provide credible feedback on your BCP. So who might be able to help?

 

• Your internal audit department. If you have one, your internal audit function should be able to provide a critique of your business continuity plan. Business continuity is likely to be on your organisations risk register and so internal audit will have a mandate to look at many aspects of business continuity as part of their remit.  Bear in mind though, that internal auditors may not always have deep expertise in this area and so may be relying on pre-prepared audit programmes on which to base their evaluation. These programmes may not reflect current developments.

• Your external auditors may be able to assist. But bear in mind that they, too, my not be specialists. You may get a "generalist  with a checklist"

• An independent, specialist consultant may be the best (but admittedly not the cheapest) option. An independent specialist will likely have a breadth of experience having seen business continuity plans from many different organisations. If they also have experience of developing, deploying and managing business continuity for an organisation then they will be much more likely to have practical experience of what works and what does not.  An experienced specialist will also be able to "read between the lines" of your plan and ask the type of questions that just won't be prompted by a checklist.

• Sector experience can be useful in terms of understanding the business environment that you are operating in. Having an understanding of business conventions & operations within a specific commercial sector, any industry regulations and customer expectations that might apply can significantly add to the value of a BCP review