Pub 17 2022 2023 Issue 5

use your business continuity risk assessment to help identify which threats are particularly impactful/probable to the organization. Additionally, a limited-scale exercise is recommended at least annually, but such a test is largely dependent on the size and complexity of your organization and the maturity of your failover procedures. However, if your organization has any significant changes in processes, systems, or plan details, you may want to perform these tests more frequently. To reiterate, these timelines are highly dependent on your organization; it may not be feasible or logical to perform some of these tests at a particular frequency. Base this decision on your organization and its specific needs. If you are looking for somewhere to start and what should be prioritized for testing, refer to your business impact analysis. This is an excellent way to identify your most critical processes and the assets/systems you rely on the most. Systems that you rely on to keep your most critical processes functioning should be tested more frequently, allowing you to validate proper recoverability and the timeframes of that recovery. Most organizations benefit greatly by having a testing schedule that documents their plans. This allows for a strategic approach to testing involving the organization's processes, systems, and vendors to be deemed necessary. Step Three: Include Your Vendors During your testing cycle, you’ll want to ensure your critical vendor partners are included in the testing process to any extent possible. Involving your vendors in this process not only allows you to test to a greater degree of accuracy and usability but also allows your vendors a chance to provide feedback that may be valuable to your plans or testing process. Step Four: Document Your Testing Finally, be sure to document the results of any testing performed, along with any actionable findings from those tests. Following up on these items and incorporating recommendations is the most important process in the BCP testing lifecycle. Testing, documenting the results of your testing, and implementing processes to improve your BCP are the best ways to strengthen your organization’s response processes. Resources and Testing Options Numerous additional resources that your organization may use or participate in to continue maturing your BCP testing program are widely available. Scan the QR code for a list of organizations and resources to help you perform such testing on your own organization’s BCP: https://sbscyber.com/resources/four-steps-to-better-business-continuityplan-testing For more information, contact Robb Nielsen at 605-251-7375 or robb.nielsen@sbscyber.com. SBS helps business leaders identify and understand cybersecurity risks to make more informed and proactive business decisions. Learn more at sbscyber.com. 29

RkJQdWJsaXNoZXIy MTg3NDExNQ==