VII.D Exercise and Test Objectives
The exercise and testing objectives should include resilience, system monitoring, and the recovery of business processes and critical system components. Tests can range from recovering a single file to a full-scale failover to another data center. Tests should include physical security, critical systems, multiple departments, and third-party relationships. Exercises should be sufficiently thorough to test dependencies and interrelationships among systems and third-party service providers. As the exercise and test process matures, it should become increasingly complex up to and including full-scale recovery exercises. Exercises and any associated tests should accomplish the following objectives:
- Build confidence that resilience and recovery strategies meet business requirements.
- Demonstrate that critical services can be recovered within agreed upon recovery objectives (RTOs and RPOs), including customer SLAs, and within MTDs.
- Establish that critical services can be restored in the event of an incident at the recovery location.
- Familiarize staff with recovery processes.
- Verify that personnel are adequately trained and knowledgeable of recovery plans and procedures.
- Confirm exercise and test plans remain compatible with the BCP and the entity’s infrastructure.
- Identify gaps and deficiencies.
VII.C Exercise and Test Strategies
VII.E Exercise and Test Plans