June 10, 2009, 2:57 PM — The business continuity plan may be backed by good technology and written documentation, but unless it's brought out and tested every now and then, there is still a risk that everything may not work as it should when a real emergency does occur.
A recent Forrester/Disaster Recovery Journal survey showed that most companies run a business continuity test once a year, but when you drill into the results, you see that the more extensive tests are run less often. When it comes to actually doing a full-on simulation, which includes choosing a scenario, and then carrying out all the appropriate response and recovery processes throughout the entire organization, only 33 percent did that once a year, and 60 percent never did it.
Another consideration is that in the era of Web 2.0 and the global economy, the boundaries of the enterprise are never quite clear, and there is always some operational overlap between the enterprise and its partners and suppliers. It's no longer unusual at all for partners to have partial access to internal data through a virtual private network or other type of private connection, and so it makes good sense to include those partners in the disaster preparedness and business continuity plans--and also to include them in the periodic testing process. Forty-seven percent of those asked did include their partners in an annual test of business continuity processes, and 41 percent never did.
Another study by the British Cabinet Office also underscored the need for regular and thorough preparedness testing. this survey showed that over two-thirds of organizations surveyed held rehearsals--and that of those who did do rehearsals, most found shortcomings and areas that needed to be addressed in their preparedness plans.
