Active Audit Agency

т: +38(044) 228-15-88


BCP/DRP testing and maintenance

What is it?

Business Continuity and Disaster Recovery Plans (BCP/DRP) testing is one of the most important activities in order to provide sustainability and viability of any business during critical and/or emergency situations. This kind of testing allows to identify and eliminate weaknesses in the critical business processes and to provide theirs continuity during a disaster of any nature (technical, human or market).

BCP testing helps to evaluate an effectiveness of the existing plans and an ability of your personnel react according to the plan. All BCP/DRP elements should be thoroughly checked to identify accuracy of every recovery procedure and the effectiveness of the whole plan.

Testing must be applied to the following areas:

  • systems recovery on the alternative site from back-up copies ;
  • coordination between recovery teams;
  • internal and external communications;
  • systems performance on the back-up site;
  • returning to the normal functioning (switch back from alternative to the main site);
  • crisis management communication procedure.

Why do you need this?

BCP/DRP testing allows you to check all recovery processes on the backup site, define technical compliance between the main and backup sites, and provide adequacy of the operational procedures for recovery teams. During this process we check communication and coordination procedures, perform personnel training and implement the mechanisms to keep plans up-to-date. One of the most important rules during BCP testing – not to break down or interrupt normal business unit functioning.

How to conduct testing?

There are several types of BCP/DRP testing starting from full test (testing with services interruption), which can't be done during working hours and finishing by «cabinet» step-by-step modelling, which is applicable at any time.

Making your choice on the testing approach you should consider the list of the goals to be reached. This list will allow you to define the evaluation criteria for your recovery plans. Testing is important to build and train effective recovery teams («every soldier must know his/her duty»). Besides, these tests will prepare personnel to perform BCP/DRP processes in real critical situation the most effectively, unhesitatingly and calmly.

To get the maximum delivery from BCP/DRP testing activities we offer:

  • to develop a testing plan of an element (or whole) business process and criteria to evaluate whether test has been performed successfully or failed;
  • to evaluate an effectiveness of all elements or a whole plan;
  • to develop detailed testing scenario as close as possible to real situation.

The main goal of the testing is a coherence of recovery team (or teams) and limitting them on resources, which will be really available during crisis or disaster.

BCP\DRP test types

Active audit agency conducts the following tests of BCP/DRP:

  • Table («cabinet») testing: role playing of recovery plan with all recovery team members;
  • Modelling: critical (disaster) situation scenario;
  • Technical recovery test: critical business functions recovery from backup copies;
  • Recovery test on the backup site: switching to the backup site test;
  • Checks on your suppliers reaction: check whether your third parties react appropriately and according to the current SLA;
  • Full BCP/DRP test: all systems are switched to the backup site and all are tested for performance from there.

BCP/DRP maintainance

Your recovery plans must be accurate on system requirements, procedures, organizational structureand policy and up-to-date. IT systems may change due to business changes, technological modernization or internal policies and regulators or payment systems requirements.

Thus it is important to keep plan actual and valuable to review it and update align with common change management process. Usually BCP/DRP is reviewed annually or when one of its elements has been significantly changed. Some elements of the plan need to be reviewed more frequently (for example, contact information in crisis communication lists).

Review of the plan should be focused on:

  • operational and security requirements;
  • recovery procedures;
  • equipment, software and others resources;
  • names and contact information of recovery teams members;
  • contacts of the equipment vendors and services suppliers;
  • requirements for the backup site.

Our experts will help you yo maintain your BCP/DRP up-to-date and always ready for action!