VII.D     Exercise and Test Objectives

The exercise and testing objectives should include resilience, system monitoring, and the recovery of business processes and critical system components. Tests can range from recovering a single file to a full-scale failover to another data center. Tests should include physical security, critical systems, multiple departments, and third-party relationships. Exercises should be sufficiently thorough to test dependencies and interrelationships among systems and third-party service providers. As the exercise and test process matures, it should become increasingly complex up to and including full-scale recovery exercises. Exercises and any associated tests should accomplish the following objectives:

  • Build confidence that resilience and recovery strategies meet business requirements.
  • Demonstrate that critical services can be recovered within agreed upon recovery objectives (RTOs and RPOs), including customer SLAs, and within MTDs.
  • Establish that critical services can be restored in the event of an incident at the recovery location.
  • Familiarize staff with recovery processes.
  • Verify that personnel are adequately trained and knowledgeable of recovery plans and procedures.
  • Confirm exercise and test plans remain compatible with the BCP and the entity‚Äôs infrastructure.
  • Identify gaps and deficiencies.

 

Previous Section
VII.C Exercise and Test Strategies
Next Section
VII.E Exercise and Test Plans