Expert Advice Community

Business Continuity Plan Testing Exercise

  Quote
Ash Created:   Sep 12, 2022 Last commented:   Sep 14, 2022

Business Continuity Plan Testing Exercise

We are planning a BC Plan tabletop exercise for a scenario called Data Centre Power Outage. I understand the BC plan is a product of Risk Assessment and Business Impact Analysis. I just joined this new organisation and all have been given BC Plan. Not sure how risks were assessed and BIA was done.

Question: Can we include Risk assessment and BIA in the test exercise and ask questions on that? or in other words should we do both analyses during this testing exercise?

Secondly, What are the most relevant questions we should be asking?

Many thanks 

Ash

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 14, 2022

1 - Can we include Risk assessment and BIA in the test exercise and ask questions on that? or in other words should we do both analyses during this testing exercise?

Please note that the purpose of a BC Plan tabletop exercise is to assess the effectiveness of the devised plan (e.g., if people know what to do, if all required activities are included and well described, etc.), not to evaluate it against BIA and risks, so both analyses should not be performed together (this would only make the test unnecessarily complex).

Considering that, the best course of action would be to ask for the information about BIA and risk assessment, and evaluate the BC Plan before the test, and if this information is not available you could explain that without a clear understanding of business impacts and associated risks, even though the BC Plan test is considered successful, it may not be fully aligned with the relevant impacts and risks related to the considered scenario.

For further information about BC Plan tests, see:

2 - Secondly, what are the most relevant questions we should be asking?

A tabletop exercise means testing a plan by means of team interaction, so examples of relevant questions to be asked to people involved in the BC Plan would be related to:

  • the sequence of activities to be performed by each person in case of a Data Centre Power Outage
  • the means of communication to be used, who to communicate to, and what to communicate
  • the knowledge of each person about the activities other members will be performing

Based on these questions, and the speed and confidence of response, you can evaluate if the involved personnel are familiar with the plan and can perform it in a satisfactory way.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 12, 2022

Sep 14, 2022

Suggested Topics

Guest user Created:   Oct 04, 2022 ISO 27001 & 22301
Replies: 2
0 0

Question on risk assessment

Guest user Created:   Sep 29, 2022 ISO 27001 & 22301
Replies: 1
0 0

Questions about ISO 27001

Guest user Created:   Sep 29, 2022 ISO 27001 & 22301
Replies: 1
0 0

Control A.11.2.4