Disaster Recovery Plan Testing - Assignment
Exercise 7.1: Testing
1. You have been asked to test the disaster recovery plan for a small business in your area. The company has a backup plan that is well documented.
2. Describe the steps you would use to test the plan to ensure that the backup plan would function in case of an actual emergency.
Companies and organizations suffer loss and damage from various angles and dimensions whenever any disaster strikes them. The disasters can be natural, man crafted, intentional, unintentional, accidental or conspired in nature of its source. Irrespective of the source, an organization must have an effective and well-documented disaster recovery plan. After the formulation of the plan, it must be tested rationally to ensure that the plan meets the standards of its requirements to mitigate the harmful effects due to the disaster.
Data Recovery Plan Testing: Overview
I was assigned to test the disaster recovery plan of a small IT Firm whose task was to provide data support to other organizations. In the process, I first analyzed the situations which can be responsible for disasters to occur. After analyzing and getting the reports, I went for a stand-alone testing process where I sat with the author of the plan and discussed all the pros and cons and the potential of the plan to mitigate the effects of disaster over the organization.
Henceforth, I went for a walk-through mode of testing where I interacted with all the members who had to play important parts according to the plan. It is necessary to judge whether the person to whom the responsibility is given is actually eligible to take up the role or not and also to judge whether the level of understanding of the members is at par with the effectiveness of the plan.
Afterwards, I went for an Integrated System testing session. As the organization deals in Data and Information primarily, it's effectiveness in understanding the IT Resources, Systems and their security is very essential. This mode of testing ensures whether the company is having optimum resource and skilled manpower to deal with emergency situations or not.
Analysis, Findings and Solution
As discussed earlier, the entire testing procedure of the disaster recovery plan is done in three steps. The steps or modes of testing are stand-alone, walk-through and integrated systems respectively. The organization being a small one, these three types of testing mode is sufficient to ensure the effectiveness of the disaster recovery plan. Although the other two methods, that is, the Table-top testing and simulation testing was done, yet, the previous three procedures incurred deployment of great effort and equipment and it proved the efficiency of the plan. As the stand-alone, walk-through and integration testing method was done elaborately, the details of them are discussed below.
Stand-alone Mode of testing: In this mode of testing, I discussed about the various segments of the plan with the author. It was done in presence of the IT Manager and Business Continuity Manager. Professionals from the backup team also participated in the discussion and all the measures and methods adopted by the author in formulation of the plan were discussed thoroughly. In the course of discussion, all the points which could have made the plan ineffective were analyzed and required additions and omissions were made.
Walk-through Mode of Testing: In this mode I interacted with all employees and members who were involved in the plan. Replacements were done in roles and responsibilities of the members which were found not to be adaptive to the survival of the plan in solving disaster issues. The analysis and judgment of the replacement were done on the basis of the skills of the members, their exposure to data backup systems and disaster analysis and their experience in the fields of disaster recovery and management.
Integration testing Method: In this stage, along with the author of the plan, the business continuity manager and backup team, I analyzed all the systems and required IT Resources for the implementation and execution of the plan. I also checked the backup facilities related to power supply and network connectivity. The data center and recovery sites were checked on the basis of their functional requirements during the recovery process. Being a new and small firm, all the infrastructure related to the execution of the plan were found to be updated and met all the eligibility criteria to sustain the effectiveness of the plan during an emergency or disaster.
Dimattia, S. (November 15, 2001). "Planning for Continuity". Library Journal: 32–34.