Testing and exercising IR plans  

 

  Conducting testing and exercising of incident response plans 

All incident response plans should be tested to ensure that they achieve the objectives and also are fit for purpose. An untested plan can in certain circumstances be more dangerous than no plan at all.  This pop-up is designed to support the testing process and enables tests to be carried out, recorded and the findings acted upon. Click the above "Testing" icon on the main screen in Module 9 to open the testing pop-up as follows:

This pop-up displays information about testing activity that has taken place including recording results and observations from those tests. In addition to the test type, and test success options, information should be recorded in respect of each incident response task for last test date; test scenario used during last test; results of the test; date for follow up action; comments on the test or description of test findings and the name of the person carrying out the test.


Setting up and maintaining the test types

There are a number of different types of tests that could be used to test out the BCMS response plans. The software is delivered with a number of test options already included although the User can add additional test types if considered appropriate. The business continuity software is delivered with some basic test types already set up. The User should set up further test types to meet their own testing objectives. Click on the first "Edit" button on the testing pop -up to open the test type pop-up.

 

The seven types delivered are "Desktop review"; "Walkthrough"; "Full simulation"; "Partial simulation"; "Management approval"; "Specialist approval"; and "Third party testing". 


Desktop review
A "Desktop Review" would normally involve working through the various planned tasks in a meeting room with involvement and input from all interested and potentially affected parties.

Walkthrough
A "Walkthrough" would normally involve a team of interested and potentially affected persons going through the planned tasks and undertaking the actions involved on a sample basis. 

Full simulation
A "Full simulation" involves trying to create a realistic environment that provides conditions similar to that likely to be experienced during a specific incident and then carrying out detailed and comprehensive tests within this restricted environment.

Partial simulation
A "partial simulation" test involves taking part of the process and creating a realistic environment for carrying out extensive tests.

Management approval
"Management approval" tests involve tests carried out by senior management to satisfy themselves that the workarounds or recovery plans are likely to stand up in the event of a serious disruptive incident.

Specialist approval
"Specialist approval" tests involve tests carried out by competent specialists to satisfy themselves that the workarounds or recovery plans are likely to stand up in the event of a serious disruptive incident.

Third party testing
"Third party" tests involve tests carried out by independent third parties such as external auditors to satisfy themselves that the workarounds or recovery plans are likely to stand up in the event of a serious disruptive incident.


Adding a new test type

To add a new test type, click the "Add" (+) button and  add a test type name in the text box that appears in the pop-up.



Click the "Save" button to confirm or the "Cancel" button to cancel.



Delete a test type


To delete a test type, select the test type to be deleted and click the "Delete" button. If the test type is not currently in use within the software the a pop-up will appear asking you to confirm this action.



Click "Yes" to confirm or "No" to cancel. If the test type is currently in use in the software, a message will appear advising the User accordingly.


Edit a test type

To edit a test type, select that test type and click the "Edit" button.




Amend the details as appropriate in the pop-up and click the "Save" button to confirm or the "Cancel" button to cancel.



Setting up and maintaining the testing success options

This pop-up contains a list of testing success options. This list can be amended by the User. Testing success options are to be set up and maintained by the User organization. Five testing success options are included in the software when delivered. These five options should be reviewed by the User for suitability.  Click on the second "Edit" button on the testing pop-up to open the testing success options pop-up.





Adding a new testing success option

To add a new testing success option , click the "Add" (+) button and  add a testing success option name in the text box that appears in the pop-up.



Click the "Save" button to confirm or the "Cancel" button to cancel.



Delete a testing success option


To delete a testing success option, select the testing success option to be deleted and click the "Delete" button. If the testing success option is not currently in use within the software the a pop-up will appear asking you to confirm this action.



Click "Yes" to confirm or "No" to cancel. If the testing success option is currently in use in the software, a message will appear advising the User accordingly.


Edit a testing success option

To edit a testing success option, select that test type and click the "Edit" button. 



Amend the details as appropriate in the pop-up and click the "Save" button to confirm or the "Cancel" button to cancel.

Reference material:

1. Go to www.business-continuity-expert.com/bce-business-risk-analysis.htm for explanations on business risk analysis in line with ISO31000

2. To obtain extra info on crisis management go to www.business-continuity-expert.com/bce-crisis-management.htm

3. For supplementary knowledge on contingency management go to www.business-continuity-expert.com/bce-contingency-management.htm

Sitemap       Homepage