Page 87 - Cyber Warnings
P. 87
6. Duties and responsibilities of the BCP team members with the corresponding back
up personnel details for each role
7. Activities to be done for returning to the primary functional site and BAU
8. Communication processes and escalation hierarchy (or call trees) for switching
to/from the BC mode
9. Assessment procedure to analyze the damage caused and the time required to
replace or repair the disrupted processes/services
Testing and Implementation Phase
BC planning is pointless without routine testing and verification.
1. 51% businesses which do not have a defined and regularly verified BCP eventually
fail and close
2. 80% businesses which cannot recover all their data never reopen
within about 2 years of a disaster
These facts make technical testing an essential aspect of ensuring your BCP is functional. It
begins with checking the connectivity first i.e.
1. Running practice scenarios spanning across departments
2. Ensuring that all the critical end points and networks remain accessible from multiple
locations
3. Creating test plans for each BU
4. Establishing separate test environments and drill schedules
5. Conducting stress, volume, sociability, resilience and performance tests as when
releasing patches or installing updates
6. Enforcing formal change management process with defined roll back mechanism
7. Engaging the technical departments to conduct quality assurance tests spanning the
entire BCP functionality (piecemeal approach)
8. Ensuring that the BU level BCP’s are fine-tuned to incorporate the actual test results
and experiences
9. Treating BCP testing as a routine process and integrating it with the operational
activities
BCP is a strategic level activity. Many strategic processes need data e.g.
1. Developing new IT systems for improving the efficiency or extending the business
capabilities – replacement of the legacy systems with the new systems invariably
requires the data from the existing systems to be compatible and migrated to the
new systems. Here sociability test becomes significant.
2. Then, it’s important to test that the developers have implemented the new system(s)
correctly. This encompasses reviewing the design, development as well as
demonstrating how the systems looks and behaves – to the interested parties
87 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
