APPENDIX 10: TEST PLANS AND FORMS

<Organization>

Business continuity management test plan

<Year>

<Version>

<Date of Approval>

Scope

This document describes the planned BCM testing activities at <organization>. It provides a comprehensive overview and outline of these activities for different aspects of the testing process and deliverables. The overall purpose of testing is to ensure that all critical processes and applications meet all business, functional, and BCM requirements.

Objectives

In order to ensure the readiness of vital critical systems in <organization> for disasters, the BCM team prepares an annual business continuity test plan. The plan details the targeted processes and systems, suggested test dates, and test types.

Test frequency

The BIA contains all processes and applications in <organization>; these processes and applications are rated according to criticality: high, medium, and low. The test frequency for any application will depend on its criticality as shown in the table below.

Criticality

High

Medium

Low

Frequency tests per month*

1 test per 12 months

1 test per 18 months

1 test per 24 months

* Numbers are only for display and are purely examples.

Test types

There are several types of business continuity test:

  • Checklist tests: During a checklist-type test, copies of the plan are distributed to each business unit’s management. The plan is then reviewed to ensure that the plan addresses all procedures and critical areas of the organization. In reality, this is considered a preliminary step to a real test, and is not a satisfactory test in itself.
  • Structured walk-through: The business unit’s management representatives meet to walk through the plan. The goal is to ensure that the plan accurately reflects the organization’s ability to recover successfully, at least on paper. Each step of the plan is walked through in the meeting and marked as performed. Major glaring faults with the plan should be apparent during the walk-through.
  • Simulation tests: During a simulation, all the operational and support personnel expected to perform during an actual emergency meet in a practice session. The goal here is to test the ability of the personnel to respond to a simulated disaster. The simulation goes to the point of relocating to the alternative backup site or enacting recovery procedures, but does not perform any actual recovery processes or alternative processing.
  • Parallel test: A parallel test is a full test of the recovery plan, utilizing all personnel. The difference between this and the full interruption test is that the primary production processing of the business does not stop. The test processing runs in parallel to the real processing. The goal of this type of test is to ensure that critical systems will actually run at the alternative processing backup site. Systems are relocated to the alternative site, parallel processing is initiated and the results of the transactions and other elements are compared. This is the most common type of DR plan testing.
  • Full interruption test: During a full interruption test, a disaster is replicated even to the point of ceasing normal production operations. The plan is totally implemented as if it were a real disaster, to the point of involving emergency services. This is a relatively risky form of test as it can cause a disaster on its own.

The test process and mechanism

The testing process is conducted as follows:

1 A meeting is conducted to brief all test team members one week before the test date. In this meeting, the exact scope and scenario of the test is determined. Also, the roles of the test team and vendors, if applicable, are also specified.

2 The test team should fill in and sign the test preparation form before the test is conducted. The form should be approved by all parties.

3 The test is conducted.

4 The test assessment form should be completed by the test team. The form should be signed and approved by the test parties.

5 If the test fails and needs to be rerun, a meeting with the test team should be conducted. A thorough analysis of the failure reasons is done and a new schedule is determined to conduct the test.

Tests calendar

Month

Process/system

Stakeholders involved

January

 

 

February

 

 

March

 

 

April

 

 

May

 

 

June

 

 

July

 

 

August

 

 

September

 

 

October

 

 

November

 

 

December

 

 

Detailed test plan

Ref

Process/system name

Test date

Test type

1

 

 

 

2

 

 

 

3

 

 

 

4

 

 

 

5

 

 

 

6

 

 

 

7

 

 

 

8

 

 

 

9

 

 

 

10

 

 

 

11

 

 

 

12

 

 

 

13

 

 

 

14

 

 

 

15

 

 

 

16

 

 

 

17

 

 

 

18

 

 

 

19

 

 

 

20

 

 

 

21

 

 

 

Test preparation form

<organization>

Test preparation form
<Test reference number>

General information

 

Test reference

 

Process/system name

 

Business units

 

Planned test date and time

 

 

Test period (hours)

 

Test team

1
2
3

Test type

 

Test scope

 

<Mention the detailed scope of the test>

Test prerequisites

 

<Any specific preparations for the test>

Test exceptions and justifications

 

Exception

Justification

 

 

 

 

 

 

Test procedure

 

Activity

Owner

Expected time needed

 

 

 

 

 

 

 

 

 

 

 

Affected business units

 

1
2
3

Notes and comments

 

 

Endorsements

 

Designation

Name

Date

Signature

Team members

 

 

 

 

 

 

 

 

 

 

 

Test assessment form

<organization>

Test assessment form
<Test reference number>

General information

 

Test reference

 

System name

 

IT custodian center

 

Planned test date and time

 

 

Test period (hours)

 

Test team

1
2
3

Test type

 

Test scope

 

 

 

Test exceptions and justifications

 

Exception

Justification

 

 

Test result

 

Image Fully satisfactory

Image Adequate

Image Failed

Test procedure

 

Activity

Owner

Time needed

Result

 

 

 

 

Issues and problems identified

 

1
2
3

Recommendations

 

1
2

 

Lessons learned

 

1 2

Test team endorsements

 

Designation

Name

Date

Signature

 

 

 

 

 

 

 

 

 

 

 

 

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.225.255.168