Category: Blog


How to test your BCDR plan (and why it’s important)

By : Peter Davies / 18 September, 2018 /
First of all, if you are reading this, it is fairly safe for us to assume that you have either a business continuity plan or a disaster recovery plan, possibly even both! If you do, fantastic! If not, I suggest you take a look at our ultimate guide to BC/DR planning, or our article about the costs of BC/DR, then hurry on back! Now that’s off out chest, let’s get down to why you’re here.


Many businesses that have a BC/DR plan fail to revise and test them, adding unnecessary risk to the process. Technologies are constantly changing and evolving to become more secure and more efficient, so it makes sense that these are taken advantage of. In addition to this, there are also systems, products and technologies that are becoming out dated and therefore unsupported.

The primary reason for testing a BC/DR plan is to prove that the plan will work when it is needed. It will help to highlight any areas of weakness and help to achieve specific RTO’s & RPO’s (especially if it has been updated recently, or the company has seen some big changes). While you may have accounted for every scenario you can think of, it will be the ones you never thought of that will end up biting you. After all, you don’t know what you don’t know!

Validating the plan in authentic, real time conditions provides you with the peace of mind (and value for money) should the worst come to pass.

“Testing leads to failure, and failure leads to understanding.”

Burt Rutan

The middle of an emergency is not the time for learning and asking questions. It is a time for doing. All personnel must be well versed in the plan and understand their responsibilities and actions to be taken to see that their part is played successfully and without incident.

Failed tests are not failures, as you will gain valuable insight and understanding in a controlled environment. These can be resolved before a real incident occurs.


It is important that during these tests, you do not to fall victim to task loading (taking on too many new things at once). Your testing strategy should begin with theoretical drills known as tabletop testing, to ensure that teams (responders) understand the processes involved and most importantly why they have been put in place. Once you are certain that the team are adequately informed, this should then extend into technical testing of software and systems, before evolving into a simulated disaster environment.

THEORETICAL REHEARSAL (aka tabletop testing)

Think about emergency scenarios and ensure responders are fully aware of and understand their responsibilities including where they need to be and what they need to do. This is especially important when responder roles change, a responder leaves or a new responder joins the team.


Schedule regular non-intrusive testing of the systems & software currently in use, and those necessary for your BC/DR plan. This includes a health check of current technology with no agents, probes or software. Just one agent with temporary remote admin access to run a file. Scans take less than an hour, and you will be sent a security risk report & user behavior report that does not compromise your own data.


Create a sophisticated plan that will simulate as accurately as possible the conditions your business would be facing for different scenarios in such a way that there is no negative impact to business operations or reputation. As these tests are the most life like, they are the most useful at establishing areas of weakness in the BC/DR plan. This test takes time to organise, as they will likely involve at least one 3rd party. It may even be necessary to inform customers by email about scheduled testing times.


  1. Create a new test
  2. Select a test template / scenario
  3. Complete or modify test details
  4. Assign the test coordinator
  5. Assign test objectives
  6. Select which plan(s) to test
  7. Assign testers and approvers
  1. Testers log in, enter results, and report issues
  2. Coordinators log in to monitor performance and test completion
  3. Approvers log in to approve of any steps as required
  1. Post-test wrap up
  2. Create remediation plans to resolve issues
  3. Conduct post-test activities
  4. Produce executive reports
  5. Report findings to executives
In some cases, the systems you use on a daily basis are critical to what you do and any downtime, even for testing is not acceptable. In these situations, it may be ideal to take a sample of data (say 10%) and separate this from your active data for testing or use redundant versions of the systems in question. If possible, you could even plan for testing to commence outside of usual working hours to ensure minimal disruption. However, this is achieved, it is important to keep in mind that this should be testing the plan as accurately as possible.


Any company can test out their BC/DR plan at any time. You can schedule these in similar to a fire drill, or you can go for the authentic experience by surprising your team! This would create a great video for your website to demonstrate to users how seriously you value them and their data and can even use it as a team building exercise. The frequency of tests depends on how large your company is, how regularly your plan is revised and the costs of testing. We would say as a basic rule of thumb, once a year or every 2 years should be sufficient enough.
Be considerate of staff and 3rd parties when planning dates and times to test your BC/DR plan. While it is likely that you have taken steps to see there are no disruptions to business operations, it can be courteous to inform others of what your plans are, so that they can make allowances, especially where a ‘lift and shift’ operation is concerned. Also, be sure to fully document tests, report on outcomes and use this information to make meaningful changes to the plan


Solar provide a security assessments offering different network monitoring and tests which are designed to give you a health check of your current technology, in a non-intrusive manner. We also provide BC/DR solutions training to equip you and your team with the skills necessary to not only manage and test your own BC/DR plan, but increase productivity, and ROI day after day.

Actions speak louder than words, and we believe in practicing what we preach. That why we tested our own BC/DR plan by effectively ‘lifting and shifting’ our entire operation from Manchester 200 miles away to a remote location in Stafford the next morning with no impact to operations. This was a huge success.

To find out more about how our personal test went, visit this blog article and check out our video on YouTube. To learn more about business continuity and disaster recovery, check out our ultimate guide here or to discover more about the solutions we provide, get in touch with one of our experts today.

New call-to-action


  • Testing out your BC/DR plan is important because you need to know that when a disaster occurs the plan will work without interference. Testing will also identify areas of weakness so that the plan can adapt to become more effective.
  • To test your plan, begin with a theoretical tabletop test, then progress to technical testing and finally disaster simulation.
  • Plans should be tested regularly, especially when changes to the plan are made. These should be as realistic as possible without causing disruption to operations.
  • We provide testing services, and we test our own plans regularly. Contact us to learn more about the solutions we provide.

Subscribe to Email Updates