We have talked about the importance of disaster recovery planning many times in our blog posts. We have mentioned why organisations need to plan in case the worst should happen, and we have explained the benefits. What we have not so far focused upon is testing.
A recent survey conducted in the UK found that 92% of business have some sort of IT disaster recovery solution in place, but only 59% of these businesses carry out regular tests. These stats are alarming, especially if we consider the magnitude at which cyber threats are growing.
For the reasons below and more, testing is a critical process of any disaster recovery plan.
First, you need to know if your disaster recovery plan actually works. On paper, your plan might be amazing and seem like it will save you from the worst crisis ever, but you will never know if it works unless you test it. Testing your disaster recovery plan will help you understand if it works if it doesn’t and what, if any, changes need to be made.
Second, find gaps in the plan. You think you might have included everything in your plan and that the systems in place cover everything, but how do you know for sure? Testing your plan will help you identify elements that have been left out of the plan or areas of your business which need more protection.
Third, training your team. The above mentioned survey reported that some respondents admitted they didn’t even know how long a restore would take. Testing is also about making your staff aware of how to behave in the event of a disaster so they will be confident to cope and continue working normally.
Fourth, identify your actual recovery time and RTO. You can calculate your estimated recovery time, but if you don’t test your plan you will never know if that is realistic or not. Testing will help you identify the exact recovery time and achieve your desired RTO.
Fifth, well you wouldn’t install a fire alarm and then never test it – would you? So why should disaster recovery be any different? If you aren’t carrying out regular tests then you have no way of knowing if your systems and plans work or whether it’s going to leave the business experiencing downtime for a day, a week or even longer…