What role does Disaster Recovery Plan training, testing, and auditing play in a successful Business Continuity program?
Testing. Things are only known to be good at the time you check. The time to find out that components of the DR plan are not good is not during an actual disaster. That time has a premium cost. No, the time to identify and correct weaknesses is during test runs. The only cost for that time is the time for those testing.
Training. Those testing the plan have to know what to do. Furthermore, they have to know it to an extent that executing the plan becomes second nature. This is because actual disasters are stressful affairs. It is easy to make mistakes, omit steps, or forget details when under stress. The role of planning and training is to ingrain the steps and make the plan easier to perform if needed.
Auditing. A second set of eyes is always needed, particularly when that pair of eyes belong to an auditor. No good author would publish a book without an editor. Likewise, no good InfoSec professional should publish a plan without an auditor. A trusted third-party will always find ways to improve upon your plan.
Training, testing, and auditing are fundamental in achieving the BCP/DRP objectives.
Posted by