84 lines
2.7 KiB
Markdown
84 lines
2.7 KiB
Markdown
Title: Disaster Recovery Testing Procedure
|
|
Document ID: [PROC-DR-TEST-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CISO (Paul Jenkins)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Disaster Recovery Testing Procedure
|
|
|
|
## Purpose
|
|
|
|
This procedure defines how BlackDice should plan, execute, record, and review disaster recovery tests.
|
|
|
|
## Scope
|
|
|
|
This procedure applies to disaster recovery plans, recovery scenarios, technology recovery arrangements, critical dependencies, and coordination activities relevant to in-scope operations.
|
|
|
|
## Trigger / When Used
|
|
|
|
Use this procedure:
|
|
|
|
- at planned disaster recovery exercise intervals
|
|
- after material changes to architecture or recovery arrangements
|
|
- after major incidents or identified resilience concerns
|
|
- when management or audit requires assurance evidence
|
|
|
|
## Procedure Steps
|
|
|
|
1. Define the recovery scenario, scope, assumptions, participants, and success criteria.
|
|
2. Identify the systems, suppliers, communications paths, and dependencies involved in the test.
|
|
3. Obtain required approvals and ensure test risks are understood and controlled.
|
|
4. Execute the exercise or simulation according to the approved plan.
|
|
5. Record recovery timing, decisions, issues, coordination gaps, and whether objectives were met.
|
|
6. Assess the effectiveness of technical recovery, communications, escalation, and decision-making.
|
|
7. Agree follow-up actions, owners, and due dates for identified gaps.
|
|
8. Retain the test report and track corrective actions through to closure.
|
|
|
|
## Inputs
|
|
|
|
- disaster recovery test plan
|
|
- recovery documentation
|
|
- asset and dependency information
|
|
- participant and contact lists
|
|
|
|
## Outputs / Records
|
|
|
|
- test plan and approvals
|
|
- exercise notes and evidence
|
|
- recovery test report
|
|
- corrective actions and improvement items
|
|
|
|
## Roles and Responsibilities
|
|
|
|
- [Role] must coordinate disaster recovery testing or oversight.
|
|
- Process and system owners must support test design and participation.
|
|
- Management must review significant outcomes and support remediation.
|
|
|
|
## Escalation / Exceptions
|
|
|
|
Escalate where:
|
|
|
|
- testing identifies a material recovery gap
|
|
- required participants or suppliers cannot support the exercise
|
|
- a live service risk emerges during testing
|
|
- the scenario indicates a likely failure to meet recovery expectations
|
|
|
|
Exceptions to planned testing must be documented and approved.
|
|
|
|
## Related Documents
|
|
|
|
- Business Continuity and Disaster Recovery Policy
|
|
- Backup and Recovery Policy
|
|
- Backup Testing Procedure
|
|
- Corrective Action Procedure
|
|
|
|
## Version Control
|
|
|
|
| Version | Date | Description of Change | Author |
|
|
| --- | --- | --- | --- |
|
|
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|