Test Disaster Recovery Plans (DRP)

In this section of this tutorial, we’ll take a look at test disaster recovery plans (DRP) to help you understand the different aspects of test disaster recovery plans (DRP). Testing the disaster recovery plans is an effective way to assure the company is ready for a real disaster. There are multiple ways of testing your plan:

  • Read-Through
  • Walkthrough
  • Simulation
  • Parallel
  • Full Interruption

Read-Through

Read-Through (checklist or consistency testing), lists all necessary components required for successful recovery and ensures that they are readily available to disaster occur. The goal of this test is to identify inaccuracies, errors, and omissions. The results of this test must be accurately documented.

Each disaster recovery team must be present at the test site and read the disaster recovery plan. Each team validates that their technologies are present and the timing is appropriate to ensure that everything can be recovered.

Then, it should perform one or more of the other DR tests described in the following sections.

Walkthrough

Walkthrough (or tabletop or structured walkthrough) test is commonly completed at the same time as the read-through test. In this test, several business and technology experts in the organization gather to “walk” through the DRP.

A moderator leads participants to discuss each step in the DRP so that they can identify issues and opportunities for making the DRP more accurate and complete.

ITperfection-Server room-Computer Networking Computer Networking ITperfection-Data-Secuirty-Network-Security-Cyber Computer Networking Cyber Security Support Hack-Network Security-HIPPA, CISSP- IT security-Data security-IT service provider- Networking- CISSP-CEH

Simulation

A simulation is a simulated disaster in which teams must go through their documented recovery plans.

An organization that plans to perform a simulation test appoints a facilitator who develops a disaster scenario, using a type of disaster that’s likely to occur in the region. For example, an organization in Chicago might choose a fire scenario, and an organization in Miami could choose an earthquake.

The disaster-simulation team, meeting in a conference room, discusses emergency response procedures.

Another idea is to hold the simulation on a day that is not announced ahead of time, so that responders possibly be less prepared to respond. This is a very real simulation because In fact, anyone do not know when the catastrophe may occur.

Parallel

In This test, teams perform recovery operations on a separate network. This test involves performing all the steps of a real recovery, except that the actual production systems run in parallel with the disaster recovery systems. In fact, the general principle of a parallel test is that the disaster recovery system runs process work at the same time that the primary system continues its normal work.

What’s disaster recovery system? It is a system that remains on standby until a real disaster occurs, and only at which time, the organization presses it into production service.

Third-party providers are that provide recovery data centers to perform parallel recovery tests.

This type of test is common in environments where transactional data is a key component of the critical business processing.

A parallel test usually be difficult to set up, but its results can provide a good indication of whether disaster recovery systems will perform during a disaster.

The most important advantage is that risks associated with a parallel test are low, since a failure of the disaster recovery system will not impact real business transactions.

Full Interruption

This test is the ultimate test of a disaster recovery plan. A full interruption test is similar to a parallel test, with this difference that a function’s primary systems are actually shut off or disconnected. In other words, organization stop regular operations to perform a real-world recovery operation.

A full interruption test should be performed only after successful walkthroughs and at least one parallel test.

This type of recovery testing is the most expensive, takes the most time, and exposes the company to the most vulnerability risk.

Go CISSP’s Home