How to run a tabletop DR test

How to run a tabletop

DR test

2:00pm 28th April 2016

www.databarracks.com | 2www.databarracks.com | 2

INTRO & AGENDA

Duration: 30 mins (including Q&A)

Type questions on the right

Drag picture to placeholder or click icon to add

• What is a tabletop test?• Scenario vs impact based planning and

testing• How to choose a good scenario• Who and what you need to run an

effective test• Tips for the test facilitator and leader

Q

www.databarracks.com | 3

WHAT IS YOUR WORST RECOVERY NIGHTMARE?


WHAT IS A TABLETOP TEST

• Types of test:

– Real recovery: Actual cut-over of systems, re-routing of email and telephones, staff re-location

– Test recovery: Cut-over of limited range of systems, use of email and phones without re-routing and re-location of small teams

– Individual system recovery: Full test of recovery and cut-over of individual systems

– Tabletop recovery test: Walk-through of recovery without performing actions


DUNGEONS & DRAGONS


https://tools.databarracks.com/dr-tabletop-simulation/index.html






SCENARIO vs IMPACT BASED TESTING

• Influenza• Aviation accident• Large building collapse• Heavy snow• Large road accident involving fuel or explosives• Storms and gales• Bridge collapse• Railway accident• Office fire• Reservoir failure• Coastal / tidal flooding• SAN failure• Cyber attack

• Critical resources unavailable• Staff unable to perform their

jobs

Disaster scenarios Disaster impacts


HOW TO CHOOSE A GOOD SCENARIO

Drag picture to placeholder or click icon to add


PLANNING YOUR TABLETOP TEST

– Facilitator (third party)– Leader– Department heads– Suppliers & other third parties– Note-taker

Who do you need?

• The right people (dependent on scope), not always the same people. Don’t just choose the best people!


PLANNING YOUR TABLETOP TEST

• Scope (one dept, one location etc.)• A scenario• A location for the team• Your “battle box”• A BC / DR plan• Time - enough time to work through the scenario

with (extra contingency) and time for review

What do you need?


CAN I HAVE AN IMPROMPTU TEST?


WHAT DOES A TEST LOOK LIKE?

• Facilitator sets the scene and tells you what you need to recover from

• Incident management, crisis management, BCP invocation

• Work through the recovery plan• Data injects• Adapt and continue through the

plan to recovery• Review (and book another)

• Follow up plan (who is fixing what, in what time frame?)• Distribute written-up review• Carry out the actions• Report to participants and

other stakeholders• Next test?

On the day Follow-up


WHAT TO DO WHEN SOMETHING GOES WRONG

• You will find problems. Make sure they are recorded and you can take action.• Should you stop the test if you absolutely can’t

continue?


WHAT TO KEEP AN EYE OUT FOR

• Assumptions made in the recovery (“our supplier will have spares” or “it takes 30 minutes to recover server x – which can be adequately reconnected to all other services”) need to be checked. If they don’t have spares – what is the alternative?


IF YOU REMEMBER NOTHING ELSE!

1. A tabletop test is not a replacement for technical testing 2. Record and check all assumptions3. It’s only a failure if you don’t learn from it and improve


http://www.thebcpcast.com/



RESOURCES

• The Business Continuity Podcast– http://www.thebcpcast.com/

• Tabletop testing simulatorhttps://tools.databarracks.com/dr-tabletop-simulation/index.html

• DR Planning Tools– https://tools.databarracks.com/

• Business Continuity Institute

– http://www.thebci.org/

• Cross-sector Safety and Security Communication– http://www.vocal.co.uk/css

c/






https://tools.databarracks.com/

http://www.thebci.org/

http://www.vocal.co.uk/cssc/



Questions?