Question: Are continuity and DR plans tested periodically through tabletop or full-scale exercises?
Why This Matters
Testing validates that plans work under pressure and that teams understand their roles during a real disruption.
Maturity
No testing conducted.
Tests performed informally and not documented.
Annual tabletop drills for key processes.
Full-scale or cross-functional tests with action plans.
Testing aligned to risk and incident framework.
Continuous scenario simulation and digital exercises.
How to Level Up
| From → To | Actions | |—|—| | 0 → 1 |Schedule a basic tabletop for critical processes.| | 1 → 2 |Define test scope, criteria, and roles.| | 2 → 3 |Conduct multi-team exercises and record lessons.| | 3 → 4 |Integrate findings into risk and improvement plans.| | 4 → 5 |Introduce digital simulations and continuous readiness. |
Enablers
- People: BCM Manager, IT DR Lead, HR Safety Officer
- Process: Plan → Test → Review → Improve
- Technology: Exercise management tool, video recap
Evidence
- Test schedule and results
- Action items and closures
- Management review minutes
KPIs
- Number of tests conducted per year
- Action closure rate (%)
- Average test score improvement
Low-Cost / Open-Source Options (MSME)
| Purpose | Tool | Notes | |—|—|—| | Tracking | Airtable | Test register | | Recording | OBS / Zoom | Exercise capture | | Visualization | Metabase | Trend charts |
Common Pitfalls
- Tests skipped due to workload
- Findings not tracked to closure
- No management review of results
Compliance Mapping
| Standard | Clauses / Notes | |—|—| | ISO 22301 | 8.5 / 9.1 | | ISO 27001 | A.5.30 | | NIST CSF 2.0 | RS.IM / GV.MA | | NIRMATA Mapping | BC-Q07 validates continuity plans through structured testing. |