Purpose
The purpose of this document is to assist with the creation and implementation of plan testing and maintenance activities. Testing determines if documented recovery strategies and associated recovery procedures are viable to recover critical business processes within their stated recovery time objectives (RTO). Testing validates planning assumptions and it identifies the strengths and weaknesses in the plan. Some other objectives of testing:
- Enables plan deficiencies to be identified and addressed
- Helps evaluate the ability of the recovery staff to implement the plan quickly and effectively
- Identifies incorrect, outdated or no longer valid contact names, vendor names, procedures, alternate locations, etc.
Most plans that are written are not maintained. Within a year or less the plan becomes useless because staff has changed, vendors are different, and the resources required to get continue business operations have evolved. By maintaining the plan on a regular basis, the business will avoid the time required to create a plan from scratch and it will be prepared whenever a disaster strikes. Some objectives of maintenance:
- Constant “living” plan, meaning the data is accurate and up-to-date
- Create awareness to staff by having them update their personal information
- Avoid having to go through the entire Planning Process (BIA, RA, etc) because plans are so old and out of date that the information can’t be updated
So much time and effort goes into developing recovery plans that if proper testing and maintenance isn’t completed, the plan is little of value or in some cases worse than no plan at all. This document will introduce a variety of methods of testing and maintaining your plans, procedures and strategies.
Table of Content for Establishing Testing and Revision Practices Template
INTRODUCTION
Purpose
Compliance
TESTING PROCESS
Establish Testing Process
Determine Testing Requirements
Types of Tests
Test Objectives & Scope
Test Measurement Criteria
Develop Realistic Scenarios
Create a Testing Schedule
Prepare Test Plan
Post-Test Reporting & Feedback
TEST PARTICIPANT ROLES & RESPONSIBILITIES
Test Controllers
Test Project Manager
Test Facilitator
Test Observer (Evaluator)
Test Recorder (Scribe)
Test Participants
MAINTENANCE OF PLANS
Define Plan Owner and Maintenance Schedule
Formulate Change Control Process
Audit Objectives
Responsibility
Objectives of Auditing
Audit Criteria
Audit Evaluation
Audit Schedule
APPENDIX ITEMS
Appendix A – Business Unit Test Plan
Appendix B – Technology Test Plan
Appendix C – Example of Test Schedule
Appendix D – Audit Checklist
Appendix E – Audit Notification Memo
Appendix F – Final Audit Report
Appendix G - Test Notification Memo
Appendix H – Types Of Tests
To view specific section of this document, please contact us at Sales@training-HIPAA.net or call us at (515) 865-4591.
To buy individual template packages, visit following links:
