Exercising 101 (and I don’t mean how to do a push-up)
Originally posted on quantivate.com.
Guest post written by Andrea Tolentino, Operations Consultant, Quantivate
Quantivate is the NAFCU Services Preferred Partner for Vendor and Contract Management
The auditor just left your building telling you your organization needs an exercise program for business continuity and without one you would be in trouble next time around. You are thinking to yourself, how in the world am I going to be able to accomplish completing a scenario-based exercise by the end of the year? Especially with all of the other tasks I have to do?! There is no way!
You are in luck because here are my top five tips to getting your organization on the right track for exercising. Follow these tips and you will be set for exercise success.
Tip 1: Â Do your homework.
It is important to look at your risk assessment to determine what a good scenario may be for your area. Look up articles of natural disasters in your region. It will make it a lot more relevant for all of the participants if they can relate to the incident.
Tip 2: Â The world does NOT revolve around your IT Department.
Include all main departments from your organization in the exercise. If you simply focus on IT and their recovery, you will be leaving out other critical areas of the organization. Try to incorporate issues such as lack of cross-trained staff or building relocation into the scenario.
Tip 3: Â Set expectations and be realistic.
Letâs take down the server and see how people react. Or even better, there is an alien invasion and we need to know what to do. These are some of the situations you DONâT want to get yourself in. By setting up goals and realistic expectations up front prior to beginning the exercise, participants will know what to expect. Most failed exercises come from people focusing too much on the situation and not enough on opening up the plan and looking at how to apply it during a disaster-type situation.
Tip 4: Â Track those gaps!
Make sure to document all of the discussion items that come up during the exercise. By documenting all gaps and observations that were found, it will be easier to work on closing those items afterwards. Auditors love to see the closure of gaps, and there is no way to do that unless you write them down! Also, it is a good step in maturing your business continuity exercising program.
Tip 5: Â Create a policy.
Without a policy, there will not be a good foundation for your exercise program. Set out roles and responsibilities for management, plan owners, and administrators. Outline all goals and expectations. In addition, donât forget to lay out a maturation model. How do you plan on maturing with exercising? Without a sound policy, there is not a solid base for your exercise program.
Okay I know I said five tips, but here is one moreâ¦
Tip 6: Â Update all business impact analyses (BIAs) and plans BEFORE the exercise.
You would think this would be an obvious one, but you do not know how many clients I have worked with that say, âCanât we just update after or during the exercise?â NO! The answer is NO! By updating prior to the exercise, you can catch many small errors or changes before the exercise, which then gives you time to focus on the larger more critical issues during the exercise. So update before and let the exercise be about more pressing issues!
Now that I have given you my top five, err⦠six tips, go get out there and get exercising!
Also available: Quantivate âAsk the Professorâ Vendor Management Curriculum (Webinar Series) »