Aequus IT Blog

THE IMPORTANCE OF TESTING YOUR
BUSINESS CONTINUITY PLAN

This educational newsletter is sponsored by Aequus IT, a Geminare Partner
who is a dynamic technological consulting firm that services the SMB
community reachable at www.aequusit.com.

DOES YOUR BUSINESS CONTINUITY PLAN REALLY WORK?

A business continuity plan ensures your business has continuous access to critical applications in the event of network failure. Many
businesses run the risk of rendering their business continuity plan obsolete if not irrelevant by failing to test them on a regular basis,
especially as their business grows and changes.

Testing is critical to validate any business continuity plan and companies are increasingly recognizing this. Organizations are
showing a greater sense of urgency, especially those that automate critical business processes, operate in a 24×7 world and
engage more and more with their customers online. In all of these environments, business continuity, availability and security are
highly interdependent. Recognizing this, organizations now understand that testing needs to examine vulnerabilities in an integrated,
systemic way to ensure delivery of the service levels their business needs following a network failure.

According to recent surveys:
• AT&T found that just 50% or less of companies had tested their business continuity plan in the past 12 months, with 26
percent never having tested it at all.
• The Chartered Management Institute, in conjunction with the Continuity Forum and VERITAS Software, found that only 52
percent of organizations rehearse their business continuity plan once or more per year.
• The Association of Financial Professionals found that despite the fact that almost half of the respondents said their
organizations’ were impacted when a disaster struck:
o Only 24 percent said their business had recently tested its business continuity plan as a direct result of the
disaster;
o Only 26 percent plan to test their business continuity plan in the near future;
o 50 percent have no plans to test their business continuity plans.
• Synstar found that just 12 percent of companies tested their business continuity procedures twice a year. Some 35
percent of companies haven’t tested procedures in the last two years, while 38 percent of business continuity managers
state that they test procedures once a year.

How often should you test your business continuity plan?
Your business continuity plan should be tested at least annually and/or when you have significant changes to technology, business
processes or personnel.

How do you determine if your business continuity plan testing is successful?
You should ensure you have a defined test plan that establishes specific objectives prior to the test being performed. An attainable
and clearly stated testing plan will be used to determine if the recovery efforts tested were successful. If some test objectives fail,
the business continuity plan, recovery procedures and test objectives should be reevaluated. The test should be repeated until all
aspects of the business continuity plan are considered successful. Once the business continuity plan is deemed adequate, it should
then be tested annually. Testing objectives should be set to start small and increase in complexity and scope over time. Achieving
the following objectives provides progressive levels of assurance and confidence in the plan.

What applications need to be tested?
Critical applications that ensure business workflow and contribute to the risk of revenue loss should be tested more frequently as
they will have a greater impact in the event of a network failure. Although obvious ones such as Mail, Database and Web servers
are always top of mind, the real testing needs to take place with the servers that you may not consider to be mission critical but
could contain data that is. HR servers or files that contain employee contact information as an example are servers which contain
mission critical data, as are workstations or drives that contain payroll data. Image not being able to make payroll? BlackBerry
servers are increasingly becoming one of the most important area’s within a communication plan as our IP Phone systems and
PBX’s. Although your office may not be readily accessible you may still need to communicate or redirect inbound or outbound calls.

How is that going to take place?