Transcription of BUSINESS CONTINUITY TEST TEMPLATE
1 <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 1 BUSINESS CONTINUITY TEST TEMPLATE By Paul Kirvan, FBCI, CBCP, CISSP BUSINESS CONTINUITY TEST TEMPLATE Date _____ Revision __ Revision History REVISION DATE NAME DESCRIPTION <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 2 TABLE OF CONTENTS 1 PURPOSE OF THIS DOCUMENT 3 2 DOCUMENT CHANGE CONTROL HISTORY 3 3 PRE-TEST 3 TEST PLANNING BACKGROUND 3 PRE-TEST PLANNING MEETING(S) 3 4 TEST 4 SCOPE OF TEST 4 EXECUTION SCENARIO.
2 5 INSTRUCTIONS TO PARTICIPANTS 7 COMMUNICATIONS DIRECTORY 8 MESSAGES 8 5 PARTICIPANTS 10 TEST FACILITATOR 10 TEST ASSISTANT 10 TEST DESIGN TEAM 11 SIMULATION TEAM MEMBERS 11 TEST EVALUATORS 12 TEST PARTICIPANTS 13 THE TEST BRIEFING 14 THE TEST DEBRIEFING 14 WRITTEN EVALUATIONS 14 WRITTEN REPORT 14 KEYS TO A SUCCESSFUL TEST 15 SUGGESTED TEST SCHEDULE 15 6 TEST/DEBRIEF SUMMARY 15 WRITTEN EVALUATION RESPONSES 15 VERBAL EVALUATION 16 RECOMMENDATIONS FOR IMPROVEMENT 16 7 APPENDIX A GLOSSARY 18 8 APPENDIX B RECORD OF TEST PLANNING MEETING(S) 20 <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 3 1 Purpose of this Document The purpose of this test document is to facilitate test planning, test execution, test review, and corrective action to plans developed for <Client> location(s).
3 This document can be considered a baseline throughout the phases of the exercising process, independent of the type of exercising being performed. 2 Document Change Control History This document will be updated as necessary throughout the course of pre-test planning, test execution, and post-test review. Enter the version, issue, date issued and description of the document. The version number (left-most digit) indicates the phase of the test report document (1=Pre-Test 2=Test, 3=Post-Test, 4=Final-Report). The issue number (right-most digit) will be incremented by one whole digit if there is a need to re-issue this document due to a major change or update within a phase.
4 Version and Issue Date Issued (MM/DD/YYYY) Phase and Version Description 1-1 Pre-test version of this document, for use during pre-test planning meeting(s) 2-1 Test version of this document, for use during exercising 3-1 Post-test version of this document, for use at the post-test review meeting(s) 4-1 Final version of this document, with a completed corrective action plan 3 Pre-Test Test Planning Background This test is in support of the <Client> < plan name> test program for 2009. Pre-Test Planning Meeting(s) Pre-test planning meeting(s) must be scheduled sufficiently in advance of the desired exercising date for the specific BC plan (s) of interest.
5 <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 4 The BUSINESS CONTINUITY professional with overall responsibility for the content of the given plan should chair the pre-test planning meeting(s). Select planners ( , the Test Planning Team) and any other parties deemed necessary for the construction of the desired type and scope of BCP test should attend pre-test planning meetings. The meeting(s) may be conducted face-to-face, by teleconference, or by other electronic means ( , e-mail, net meeting). 4 Test Scope of Test Scheduled Date and Time of Test Start Date/Time Finish Date / Time Type of Test Highlight Box Indicating Test Being Conducted Orientation Test Drill Tabletop Test Functional Test Full Scale Test Plans to be tested BC plan Name(s) Scope of Execution Test Goals Enter a brief and clearly stated goal of what you want the test to accomplish.
6 Test goals and objectives drive the test and keep the process on track. Goal(s) <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 5 Test Objectives Clear, measurable objectives should be defined here. Write at least 3-5 overall objectives. There may be additional objectives for a specific function of the Local Incident Response Team, a department or location. Objectives Defined Establish the direction of the test Control the direction of the messages Narrow the scope of the test plan Keep the test and participants on track Are used to evaluate the test Help to identify follow-up needs, improvements and to-do lists Writing Objectives Simple Concise Measurable Achievable Realistic and challenging Task-oriented (oriented to specific BUSINESS functions)
7 Objectives Execution Scenario Test Basic Premises Equipment, procedures, standard operating procedures or conditions needed to conduct the test but exist only for the purpose of the test need to be defined here. Examples: The weather is hot and humid and temperatures will exceed 100 degrees. Change the date, the time, and put people on vacation and make them not available. The only valid phone numbers are those listed in the communications directory. No. Test Basic Premises 1 2 3 4 <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 6 Test Execution Assumptions Design criteria that further define the scope of the test by placing assumed limits on the participants are described here.
8 These answers address questions that often hold up the test. Examples: The city will be isolated for 24 hours. The telephone systems are operating normally. All employees who are supposed to come to work show up. No. Assumptions 1 2 3 4 Test Scenario The event or incident scenario for this test can be as simple as a basic technology disruption or as complex as a simulated, major crisis event. This section prepares participants for the test This is the overview of the event, the beginning of the process Describe the environment at the time of the test Provide necessary background information Launch the event is it realistic?
9 Discovery how do you find out? Details: time, location, extent of damage Sequence of events Initial damage report, if possible Weather conditions Where are we in the timeline of response and recovery? Who is missing? Who is there? Are there injuries? Fatalities? What communication has taken place? Leave nothing to assume this just creates chaos with the participants Example: A major earthquake struck at 9am. The epicenter has not yet been determined. Electrical power and phones are out. Your emergency generator did not turn on. The shaking was severe, causing glass breakage and furniture to topple.
10 You hear moans and screams of fellow employees. You do not know the status of your building or the city. <Client> Document Name Confidential Property of <Client> All Rights Reserved, 2009, TechTarget 7 Seg Planned Date & Time Actual Date & Time Message Content Delivery Method Delivered By A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Instructions to Participants Describe here what you expect of the test participants.
