The auditor just left your building telling you your organization needs an exercise program for business continuity and without one you would be in trouble next time around. You are thinking to yourself, how in the world am I going to be able to accomplish completing a scenario-based exercise by the end of the year? Especially with all of the other tasks I have to do?! There is no way!
You are in luck because here are my top 5 tips to getting your organization on the right track for exercising. Follow these tips and you will be set for exercise success.
Tip 1. Do your homework
It is important to look at your risk assessment to determine what a good scenario may be for your area. Look up articles of natural disasters in your region. It will make it a lot more relevant for all of the participants if they can relate to the incident.
Tip 2. The world does NOT revolve around your IT Department
Include all main departments from your organization in the exercise. If you simply focus on IT and their recovery, you will be leaving out other critical areas of the organization. Try to incorporate issues such as lack of cross-trained staff or building relocation into the scenario.
Tip 3. Set expectations and be realistic
Let’s take down the server and see how people react. Or even better, there is an alien invasion and we need to know what to do. These are some of the situations you DON’T want to get yourself in. By setting up goals and realistic expectations up front prior to beginning the exercise, participants will know what to expect. Most failed exercises come from people focusing too much on the situation and not enough on opening up the plan and looking at how to apply it during a disaster type situation.
Tip 4. Track those gaps!!
Make sure to document all of the discussion items that come up during the exercise. By documenting all gaps and observations that were found, it will be easier to work on closing those items afterwards. Auditors love to see the closure of gaps, and there is no way to do that unless you write them down! Also, it is a good step in maturing your BC exercising program.
Tip 5. Create a policy
Without a policy, there will not be a good foundation for your exercise program. Set out roles and responsibilities for management, plan owners, and administrators. Outline all goals and expectations. In addition, don’t forget to lay out a maturation model. How do you plan on maturing with exercising? Without a sound policy, there is not a solid base for your exercise program.
Okay I knew I only said five, but here is one more….
Tip 6. Update all BIAs and plans BEFORE the exercise
You would think this would be an obvious one, but you do not know how many clients I have worked with that say “Can’t we just update after or during the exercise?” NO! The answer is NO! By updating prior to the exercise, you can catch many small errors or changes before the exercise, which then gives you time to focus on the larger more critical issues during the exercise. So update before and let the exercise be about more pressing issues!
Now that I have given you my top 5,…errrrr….6 tips, go get out there and get exercising