Expert’s Advice to Building Resilience With 5 Tiers of Business Continuity Testing

Jan 20, 2020

There are 8.2 million reasons to do business continuity testing in your organization. That’s because, as of July 2019, the average cost for a data breach or business disruption in the U.S. was $8.2 million per company. Companies have learned that it’s better to perform business continuity testing than being held hostage to disruption of services.

Consistent business continuity testing that’s held on a semi-annual or quarterly basis can help gain buy-in throughout the organization and save you millions of dollars in the long-run. Once your organization decides to proceed with the essential business continuity plan test (BCP), there is an exemplary 5-tier approach to BCP testing that’s worth implementing. Read on to learn how BCP builds resilience in your company and helps establish your organization as a business continuity expert.

What is BCP Testing?

Before you determine the benefits and how often you need to perform BCP testing, let’s understand its core definition, and how it can impact your company. Business Continuity Planning involves developing a document that gives your company an outline of how the business will continue operating if there’s an unplanned disruption in service. The document is a plan that’s much more comprehensive than a disaster recovery plan because it contains contingencies that address every aspect of business that may be affected during a disruption.

The BCP can even provide a contingency plan for business partners or any other company division that needs to be functioning in case of a disruption of service.

Reasons for Performing BCP Testing

Your business has to be able to respond quickly to interruptions of service so it can minimize the negative impact the downtime is costing you. When you perform BCP testing, you also create an integral business document that helps your company fix, recover, and continue its day-to-day operations during disruptions. There are specific reasons for doing BCP testing, and all of them help contribute to minimizing the immense damage an interruption of service causes your company.

BCP testing helps you identify your company’s interdependencies, as well as gaps and areas for improvements. BCP testing also provides clients with a sense of confidence that you’re a company that demonstrates a commitment to delivering your services even with things seen and unseen happen to your company unexpectedly. BCP testing also allows for your company to have a continual process that helps you validate and improve your day-to-day operational plans, so they meet safety compliance requirements and reduce recovery time and cost.

Barriers to BCP Testing

It’s not always clear why any company wouldn’t perform BCP testing because they gain so much business continuity by having it in place. Some companies have managers in place who are afraid they may fail a BCP test, and other companies, clients, or employees will find out. In this case, one has to remember BCP isn’t about failing or passing.

It’s about improving your business continuity plan and process in case of a disruption of service. There are some problems with organizational buy-in that sometimes prevent BCP testing from happening because executive support or leadership doesn’t see the value in performing the test. Such logic needs to change because every company can and will benefit from BCP testing. If the leadership team involves itself with the testing procedures, the BCP test has the best validator of value possible.

What are Some BCP Tests in the Marketplace Today?

Every BCP test in a company has very targeted and specific ways and types of tests used to ascertain information in different areas within the company. The list below gives you some but not all the information about BCP test types and reasons. 

  1. Plan Review: Includes a BCP team with c-level management or department heads to see if their current BCP plan needs revisions. The plan review goes over recovery contract validity, business continuity management, and any disaster recovery scenarios that can be shared with other company teams.
  2. Tabletop Test: Includes role-playing discussion exercises that are scenario-based, and you usually have employees participate so they can practice their roles and responsibilities in case of any disruptive emergency from an active shooter to a hurricane or tornado.

There’s also the BCP walk-through, which mimics the tabletop test discussions with planned details but takes those details and turns it into a simulation test that combines real recovery actions. The real scenario ranges from data loss backups and restoring to emergency notifications and physical recoveries.

The Five Tiers of BCP Testing

There is one best way to approach testing strategy, and that’s to apply the five tiers of BCP testing to get it done. BC expert Marc Easley devised the five tiers of how he approaches business continuity testing.

  1. A tabletop exercise is done with a third party solution working a full day at a test site. The tabletop exercises go over everything from prioritizing disrupting events to analyzing their cause and impact on the business. This includes things like reduced production capacity, severed communication or transportation lines, part shortages, etc.
  2. Experienced user participants are an integral part of tier two in the recovery operation because they’re the ones critical to planning actions that treat disruption problems.
  3. You’ll need to have a multi-site and multi-day strategy that includes sending some employees to work from home and some—to a mobile recovery unit.
  4. There needs to be a dry run event where you shut down the office, send key personnel to the mobile recovery unit, and complete a dry run of the planned activities and solutions.
  5. Finally, you need to choose a full-capacity day where there are as many employees as possible working and perform a mock test with no warning given to the employees.

This unannounced mock-up test will send some employees to work from a different location. The challenge in the different location scenarios is not everyone will have their laptops with them yet will still have the same roles and responsibilities. The element of surprise will also allow for testing how secure and fast their connections are at their homes.

The Final Step

The final step in performing and fine-turning your business continuity testing can provide clarity in company and employee responsibilities and locates resources for recovery should the worst happen in a disruption of services. There is only one way a business can do that well, and that’s by learning about BCP testing from the experts.