According to ISO 22301, business continuity procedures must be exercised and tested regularly to ensure they are suitable, updated, and consistent with business continuity objectives. In our experience, if you fail to practice and test your plans regularly, then they are likely to fail and what could have been a business continuity issue quickly becomes disaster recovery.
All our exercises and testing methods are aligned to the Business Continuity Management System (BCMS) scope, objectives of your Business. All agreed disaster scenarios that are likely to occur or that will be most damaging to your business are considered. We are experienced in accurately recording exercises and testing data, which allows us to analyse the execution of planned actions and interactions between parties. We then critically evaluate the recorded data to determine if all actions taken were appropriate and in line with the BCMS objectives. The output from our analysis feeds into a lessons learned session for continual improvement, allowing for the correction of vulnerabilities or implementation of improvements.
Why you need to take action
Disruption to business can result in a risk of data loss, loss of revenue, and failure to deliver services. Successful businesses expect the unexpected and plan for it. Knowing how to respond to an incident cannot be deferred until the business is actually impacted by a crisis.
Organisations need to be well prepared with practiced cyber media responses. A forward-looking, systematic approach to incident management and response will create structures, train people to work within set regimes and evaluate the approaches being developed in a continuous, purposeful and rigorous manner.
Our approach
We understand the effectiveness of testing BCMS using various approaches. Some of our testing methods include:
- Advertising campaigns – raising awareness of business continuity plans to all staff members, suppliers and key persons.
- Auditing – reviewing business continuity plans by various auditing, validation, and verification techniques.
- Tabletop exercise – discussing the theoretical execution of business continuity plans and the actions personnel must take in a dedicated workshop.
- Functional testing – conducting a planned and announced exercise that tests all interrelated plans for specific activities with real resources.
- Full testing – executing an announced or unannounced disaster.
For more information, download our Business continuity scenario exercises service offering brochure.