Initial commit
This commit is contained in:
Paul Jenkins
83
03-procedures/disaster-recovery-testing-procedure.md
Normal file
83
03-procedures/disaster-recovery-testing-procedure.md
Normal file
@@ -0,0 +1,83 @@
|
||||
Title: Disaster Recovery Testing Procedure
|
||||
Document ID: [PROC-DR-TEST-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Disaster Recovery Testing Procedure
|
||||
|
||||
## Purpose
|
||||
|
||||
This procedure defines how BlackDice should plan, execute, record, and review disaster recovery tests.
|
||||
|
||||
## Scope
|
||||
|
||||
This procedure applies to disaster recovery plans, recovery scenarios, technology recovery arrangements, critical dependencies, and coordination activities relevant to in-scope operations.
|
||||
|
||||
## Trigger / When Used
|
||||
|
||||
Use this procedure:
|
||||
|
||||
- at planned disaster recovery exercise intervals
|
||||
- after material changes to architecture or recovery arrangements
|
||||
- after major incidents or identified resilience concerns
|
||||
- when management or audit requires assurance evidence
|
||||
|
||||
## Procedure Steps
|
||||
|
||||
1. Define the recovery scenario, scope, assumptions, participants, and success criteria.
|
||||
2. Identify the systems, suppliers, communications paths, and dependencies involved in the test.
|
||||
3. Obtain required approvals and ensure test risks are understood and controlled.
|
||||
4. Execute the exercise or simulation according to the approved plan.
|
||||
5. Record recovery timing, decisions, issues, coordination gaps, and whether objectives were met.
|
||||
6. Assess the effectiveness of technical recovery, communications, escalation, and decision-making.
|
||||
7. Agree follow-up actions, owners, and due dates for identified gaps.
|
||||
8. Retain the test report and track corrective actions through to closure.
|
||||
|
||||
## Inputs
|
||||
|
||||
- disaster recovery test plan
|
||||
- recovery documentation
|
||||
- asset and dependency information
|
||||
- participant and contact lists
|
||||
|
||||
## Outputs / Records
|
||||
|
||||
- test plan and approvals
|
||||
- exercise notes and evidence
|
||||
- recovery test report
|
||||
- corrective actions and improvement items
|
||||
|
||||
## Roles and Responsibilities
|
||||
|
||||
- [Role] must coordinate disaster recovery testing or oversight.
|
||||
- Process and system owners must support test design and participation.
|
||||
- Management must review significant outcomes and support remediation.
|
||||
|
||||
## Escalation / Exceptions
|
||||
|
||||
Escalate where:
|
||||
|
||||
- testing identifies a material recovery gap
|
||||
- required participants or suppliers cannot support the exercise
|
||||
- a live service risk emerges during testing
|
||||
- the scenario indicates a likely failure to meet recovery expectations
|
||||
|
||||
Exceptions to planned testing must be documented and approved.
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Business Continuity and Disaster Recovery Policy
|
||||
- Backup and Recovery Policy
|
||||
- Backup Testing Procedure
|
||||
- Corrective Action Procedure
|
||||
|
||||
## Version Control
|
||||
|
||||
| Version | Date | Description of Change | Author |
|
||||
| --- | --- | --- | --- |
|
||||
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|
||||
Reference in New Issue
Block a user