The whole caboodle
Many organisations religiously test their business continuity plans, every year or every six months or even quarterly. Or at least they think they do. But many of them are deluding themselves that their testing efforts equate to proving their recovery capability.
The trouble is that for many organisations, their business continuity test is basically an IT recovery test. They recover the critical IT systems, and maybe a few other technical bits and pieces like telephony, and assume that’s good enough to ensure the continuity of the business. Unfortunately, more often than not it isn’t.
Of course IT is a critical component of most businesses these days. But for most businesses, there’s more to running a business than just having a working IT system.
For instance, there’s the processes that actually make the business tick – some of which are IT related and some of which aren’t. There’s the dependencies within the processes, which may very well be IT-related, but there may well be other non-IT dependencies too. Then there’s the small matter of people, with all their foibles, and their interaction with other people – whether it’s internally within the business or externally with customers or suppliers. Oh, and there’s often some paperwork involved too.
Merely testing recovery of the IT doesn’t necessarily test recovery of the business processes that use it. So if you want to prove your business continuity capability, you need to think about testing the whole caboodle – end-to-end.
By all means test the component parts, including IT. But at some point you really ought to test the processes too.