Upload
databarracks
View
320
Download
0
Embed Size (px)
Citation preview
www.databarracks.com | 2www.databarracks.com | 2
INTRO & AGENDA
Duration: 30 mins (including Q&A)
Type questions on the right
Drag picture to placeholder or click icon to add
• What is a tabletop test?• Scenario vs impact based planning and
testing• How to choose a good scenario• Who and what you need to run an
effective test• Tips for the test facilitator and leader
Q
www.databarracks.com | 4www.databarracks.com | 4
WHAT IS A TABLETOP TEST
• Types of test:
– Real recovery: Actual cut-over of systems, re-routing of email and telephones, staff re-location
– Test recovery: Cut-over of limited range of systems, use of email and phones without re-routing and re-location of small teams
– Individual system recovery: Full test of recovery and cut-over of individual systems
– Tabletop recovery test: Walk-through of recovery without performing actions
www.databarracks.com | 6www.databarracks.com | 6
https://tools.databarracks.com/dr-tabletop-simulation/index.html
www.databarracks.com | 7www.databarracks.com | 7
https://tools.databarracks.com/dr-tabletop-simulation/index.html
www.databarracks.com | 8www.databarracks.com | 8
https://tools.databarracks.com/dr-tabletop-simulation/index.html
www.databarracks.com | 9www.databarracks.com | 9
SCENARIO vs IMPACT BASED TESTING
• Influenza• Aviation accident• Large building collapse• Heavy snow• Large road accident involving fuel or explosives• Storms and gales• Bridge collapse• Railway accident• Office fire• Reservoir failure• Coastal / tidal flooding• SAN failure• Cyber attack
• Critical resources unavailable• Staff unable to perform their
jobs
Disaster scenarios Disaster impacts
www.databarracks.com | 10www.databarracks.com | 10
HOW TO CHOOSE A GOOD SCENARIO
Drag picture to placeholder or click icon to add
www.databarracks.com | 11www.databarracks.com | 11
PLANNING YOUR TABLETOP TEST
– Facilitator (third party)– Leader– Department heads– Suppliers & other third parties– Note-taker
Who do you need?
• The right people (dependent on scope), not always the same people. Don’t just choose the best people!
www.databarracks.com | 12www.databarracks.com | 12
PLANNING YOUR TABLETOP TEST
• Scope (one dept, one location etc.)• A scenario• A location for the team• Your “battle box”• A BC / DR plan• Time - enough time to work through the scenario
with (extra contingency) and time for review
What do you need?
www.databarracks.com | 14
WHAT DOES A TEST LOOK LIKE?
• Facilitator sets the scene and tells you what you need to recover from
• Incident management, crisis management, BCP invocation
• Work through the recovery plan• Data injects• Adapt and continue through the
plan to recovery• Review (and book another)
• Follow up plan (who is fixing what, in what time frame?)• Distribute written-up review• Carry out the actions• Report to participants and
other stakeholders• Next test?
On the day Follow-up
www.databarracks.com | 15www.databarracks.com | 15
WHAT TO DO WHEN SOMETHING GOES WRONG
• You will find problems. Make sure they are recorded and you can take action.• Should you stop the test if you absolutely can’t
continue?
www.databarracks.com | 16www.databarracks.com | 16
WHAT TO KEEP AN EYE OUT FOR
• Assumptions made in the recovery (“our supplier will have spares” or “it takes 30 minutes to recover server x – which can be adequately reconnected to all other services”) need to be checked. If they don’t have spares – what is the alternative?
www.databarracks.com | 17www.databarracks.com | 17
IF YOU REMEMBER NOTHING ELSE!
1. A tabletop test is not a replacement for technical testing 2. Record and check all assumptions3. It’s only a failure if you don’t learn from it and improve
www.databarracks.com | 18www.databarracks.com | 18
http://www.thebcpcast.com/
www.databarracks.com | 19
RESOURCES
• The Business Continuity Podcast– http://www.thebcpcast.com/
• Tabletop testing simulatorhttps://tools.databarracks.com/dr-tabletop-simulation/index.html
• DR Planning Tools– https://tools.databarracks.com/
• Business Continuity Institute
– http://www.thebci.org/
• Cross-sector Safety and Security Communication– http://www.vocal.co.uk/css
c/