Various Types of Vendor Business Continuity and Disaster Recovery Testing
There's many ways to test your vendor's business continuity and disaster recovery plans.
Listen to this podcast that describes the various types of vendor business continuity and disaster recover testing you and your vendors should be doing. Learn the common tests that take place and what you should look for in your results.
Hi – my name is Lisa Mae-Hill and I'm the Information Security Operations Manager with Venminder.
In this 90-second podcast, you’re going to learn about the different types of business continuity and disaster recovery testing.
At Venminder, we have a team of certified industry experts who specialize in reviewing vendor business continuity management plans and testing procedures daily.
The pandemic is a hard lesson in ensuring our vendors have the necessary business continuity plans in place. But, how do we test the viability of these plans ahead of time?
Let’s start with business continuity testing types:
The first is a tabletop test. This is a verbal walkthrough of a plan should a theoretical event occur, such as a natural disaster or pandemic. Usually, this is done around an actual table and involves inactive role playing.
The second is a simulated test. In this test type, an active role-playing exercise is conducted in which certain business continuity planning activities or functions or procedures are illustrated but it doesn’t interrupt or change regular operations.
The third type is a functional test. This includes a full activation of the vendor's response to the theoretical event, demonstrating what would actually occur once the plan is activated during a business impacting event.
Disaster recovery testing also includes tabletop, simulated and functional tests.
For many organizations, the availability of information is critical for the continuity of operations. Disaster recovery testing often heavily involves information technology, so you should also assess the results to determine the following:
- First, what type of data backups are being performed and how often.
- Second, whether backups are stored in a separate physical location than production data.
- Third, evidence that alerts are generated for backups that may have failed.
- And finally, evidence that backup data has been encrypted and safely transferred to an alternate location.
Now more than ever, protecting your data in the event of a health crisis or other business impacting event is vital to the health of your organization and your vendors’ organizations.
We hope you found this podcast insightful. Thanks for tuning in and we’ll catch you next time!
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.