Why Testing and Exercising is Essential for an Effective Business Continuity Program
This post is part of the Business Continuity Awareness Week (BCAW) 2015 flashblog. To learn more about The BCI and BCAW 2015, visit the website or follow the discussion on Twitter via #BCAW2015 and #TestingTimes.
Exercising. Whether you’re talking about hitting the gym or testing your business continuity strategies and plans, I’ve come to find that no one likes hearing this word. The typical reaction and excuses are similar, too: I don’t have the time; I have better things to do; I just don’t see the value.
Well, okay… the last one pertains a bit more to business continuity, but I’m sure you get my point.
Differences Between Testing and Exercising in Business Continuity
What’s the difference between a test and an exercise in business continuity? An exercise aims to build skills and capabilities; while a test aims to determine whether something works or not. If an activity has a binary, pass / fail outcome, it is a test. Whereas think of exercising as preparing for a race. You perform numerous exercises to improve performance and uncover any flaws in your processes that might prevent you from “winning the race”. Exercises can help you pass a test, or they can be conducted to help your team develop ‘muscle memory’ so that when a real-life crisis hits the skills honed during exercises kick-in.
- Both tests and exercises are essential for improving business continuity management
- Tests help you confirm that business continuity strategies will work in an actual crisis
- Exercises help your team develop essential skills as well as identifying areas for improvement
- A planned activity can include both testing and exercising elements.
In any case, exercising your business continuity and disaster recovery strategies and plans is one of the most important activities in the planning life-cycle. Take a look through any business continuity standard or regulatory requirement – from ISO 22301 to the FFIEC handbook – and you’ll notice that testing and exercising is either noted as a best practice or necessary for compliance.
Why? Because exercising:
- Helps validate plan content and ensure that the identified strategies are capable of providing response and recovery results within the timeframes (or capabilities) approved by management;
- Highlights weaknesses and areas for improvement, or where capabilities fail to align to business continuity and IT disaster recovery requirements; and
- Provides critical hands-on training to the personnel responsible for the response and recovery activities (which ensures an appropriate level of performance and develops confidence).
One of my favorite quotes sums up my last point best:
“We are what we repeatedly do. Excellence, therefore, is not an act, but a habit.” – Aristotle
So, be excellent – test and exercise your plans.
If you’re interested in learning more about the different ways to successfully exercise/test, please check out the following educational resources:
Treating the Causes of Bad Exercises
This article examines the typical symptoms and root causes of bad exercises, and then provides suggestions on how to plan and facilitate an engaging, beneficial business continuity exercise. Read Article
The Business Continuity Exercise: Where the Rubber Meets the Road
This article examines the different types of exercises, and then provides lessons learned, tips, and recommendations for successfully planning, facilitating, and concluding value-adding exercises. Read Article
Get business continuity insights delivered to your inbox.