OptimizeIT
\
Risk Management \ IT Continuity Planing
\
Continuity Plan Testing and Maintenance

Continuity Plan Testing and Maintenance

The purpose of this section is to assist you in the care and feeding of the DRP after its creation and communication to the rest of the company.

There is a series of tasks that must be completed in order to keep the DRP current and actively maintained. Use three distinct steps:

Coordinate DRP testing.
Test restorability.
Update and maintain the DRP.

The DRP should be a living document that is updated as the company’s risk profile changes and as new threats emerge. After the plan has been created, it is very important to test, revisit, and revise your DRP at least annually.

Advanced

Steps		Tools	Related Research
Step 1: Coordinate DRP Testing No DRP is complete without a full test of its capabilities and the timely identification of potential shortfalls. Therefore, the next step is to scenario test the DRP. This step is comprised of only a single task, using just one tool to select a testing format and document test results.
	1.1 Develop Test Plans This template helps DRP project managers to capture the elements involved with DRP and record the following information: the main documentation created for the DRP so far; and test scenarios, assignation of duties, and results of actions.	DRP Test Plan Definitions	Scenario Testing Your DRP Prove the Enterprise's DRP Really Works Include Remote Connectivity in Business Continuity Planning Highlight Perimeter Security Weakness with Vulnerability Assessment Disaster Recovery on a Budget
Step 2: Test Restorability The DRP is useless if backups do not perform as expected; the only way to make sure that they will perform properly is if they are fully tested against recovery objectives. This step is comprised of only a single task, using just one tool to document backup test results.
	2.1 Test Backups for RTO and RPO Goals Backups and other DRP tasks should be tested throughout the year to ensure familiarity with the plan and accuracy of the documentation. Randomly pick various applications to test for backup effectiveness, using the "DRP Test Documentation Sheet" to record results.	DRP Test Documentation Sheet
Step 3: Update and Maintain the DRP After testing has been completed and results documented, the DRP should be updated accordingly, especially after annual tests and walkthroughs.
	3.1 Update DRP Based on Third Party Vulnerability Assessments Continued annual vulnerability assessments will be required in order to maintain objectivity of the DRP. Consequently, you’ll have to keep tabs on the third-party provider. Use the advanced tools – "Penetration Testing Audit Tool" and "Vulnerability Assessment Policy" – to provide the rationale for your actions.	Penetration Testing Audit Tool Vulnerability Assessment Policy
	3.2 Maintain DRP Based On In-House Test Results for Maximum Effectiveness At least one aspect of the plan should be tested semi-annually to ensure IT’s familiarity with the DRP and the accuracy of the content. Randomly pick various components of the plan to test and document results in the "DRP Maintenance Checklist."	DRP Maintenance Checklist

Home

Best Practices Research

Research

Topics

Types of Content

Research Agenda

Solution Sets

Agenda Sets

Vendor Evaluations

World Class Operations

Featured Workshops

Tools & Resources

Resources

Hot Topics

Benchmarking Programs

Benchmarking

Events

Continuity Plan Testing and Maintenance

Fast Track

Core

Advanced

About Us

Services

Media

Help

Hot Links

Steps		Tools	Related Research
Step 1: FastTrack Continuity Plan Testing and Maintenance This FastTrack Tool is a simpler, less rigorous approach to completing the program. Nonetheless, FastTrack addresses the fundamental elements of the program and is expected to support your efforts to improve the IT function. FastTrack is intended for organizations who have reasonable, simple and straightforward IT environments. Because it is simpler, FastTrack is an accelerated program, designed to be completed in a short period of time.
	1.1 FastTrack Activity	Continuity Plan Testing and Maintenance FastTrack