psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eade2d99bef262cef5be6d01dc0bbbc9119b82e
ISMS/03-procedures/disaster-recovery-testing-procedure.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.7 KiB
Raw Blame History

Title: Disaster Recovery Testing Procedure Document ID: [PROC-DR-TEST-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Disaster Recovery Testing Procedure

Purpose

This procedure defines how BlackDice should plan, execute, record, and review disaster recovery tests.

Scope

This procedure applies to disaster recovery plans, recovery scenarios, technology recovery arrangements, critical dependencies, and coordination activities relevant to in-scope operations.

Trigger / When Used

Use this procedure:

  • at planned disaster recovery exercise intervals
  • after material changes to architecture or recovery arrangements
  • after major incidents or identified resilience concerns
  • when management or audit requires assurance evidence

Procedure Steps

  1. Define the recovery scenario, scope, assumptions, participants, and success criteria.
  2. Identify the systems, suppliers, communications paths, and dependencies involved in the test.
  3. Obtain required approvals and ensure test risks are understood and controlled.
  4. Execute the exercise or simulation according to the approved plan.
  5. Record recovery timing, decisions, issues, coordination gaps, and whether objectives were met.
  6. Assess the effectiveness of technical recovery, communications, escalation, and decision-making.
  7. Agree follow-up actions, owners, and due dates for identified gaps.
  8. Retain the test report and track corrective actions through to closure.

Inputs

  • disaster recovery test plan
  • recovery documentation
  • asset and dependency information
  • participant and contact lists

Outputs / Records

  • test plan and approvals
  • exercise notes and evidence
  • recovery test report
  • corrective actions and improvement items

Roles and Responsibilities

  • [Role] must coordinate disaster recovery testing or oversight.
  • Process and system owners must support test design and participation.
  • Management must review significant outcomes and support remediation.

Escalation / Exceptions

Escalate where:

  • testing identifies a material recovery gap
  • required participants or suppliers cannot support the exercise
  • a live service risk emerges during testing
  • the scenario indicates a likely failure to meet recovery expectations

Exceptions to planned testing must be documented and approved.

Related Documents

  • Business Continuity and Disaster Recovery Policy
  • Backup and Recovery Policy
  • Backup Testing Procedure
  • Corrective Action Procedure

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink