Title: Disaster Recovery Testing Procedure
Document ID: [PROC-DR-TEST-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Disaster Recovery Testing Procedure

## Purpose

This procedure defines how BlackDice should plan, execute, record, and review disaster recovery tests.

## Scope

This procedure applies to disaster recovery plans, recovery scenarios, technology recovery arrangements, critical dependencies, and coordination activities relevant to in-scope operations.

## Trigger / When Used

Use this procedure:

- at planned disaster recovery exercise intervals
- after material changes to architecture or recovery arrangements
- after major incidents or identified resilience concerns
- when management or audit requires assurance evidence

## Procedure Steps

1. Define the recovery scenario, scope, assumptions, participants, and success criteria.
2. Identify the systems, suppliers, communications paths, and dependencies involved in the test.
3. Obtain required approvals and ensure test risks are understood and controlled.
4. Execute the exercise or simulation according to the approved plan.
5. Record recovery timing, decisions, issues, coordination gaps, and whether objectives were met.
6. Assess the effectiveness of technical recovery, communications, escalation, and decision-making.
7. Agree follow-up actions, owners, and due dates for identified gaps.
8. Retain the test report and track corrective actions through to closure.

## Inputs

- disaster recovery test plan
- recovery documentation
- asset and dependency information
- participant and contact lists

## Outputs / Records

- test plan and approvals
- exercise notes and evidence
- recovery test report
- corrective actions and improvement items

## Roles and Responsibilities

- [Role] must coordinate disaster recovery testing or oversight.
- Process and system owners must support test design and participation.
- Management must review significant outcomes and support remediation.

## Escalation / Exceptions

Escalate where:

- testing identifies a material recovery gap
- required participants or suppliers cannot support the exercise
- a live service risk emerges during testing
- the scenario indicates a likely failure to meet recovery expectations

Exceptions to planned testing must be documented and approved.

## Related Documents

- Business Continuity and Disaster Recovery Policy
- Backup and Recovery Policy
- Backup Testing Procedure
- Corrective Action Procedure

## Version Control

| Version | Date | Description of Change | Author |
| --- | --- | --- | --- |
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |