"Security and business continuity plans should be tested at least once every three months to keep them updated."
So IDC recommends in this article: Asia-Pac firms unprepared for IT threats -- and they comment that many companies "may still be susceptible to disruptions from security breaches or natural disasters."
Which of course leads me to give you a not-so-gentle nudge! Have YOU have been carrying out such regular tests, and modifying your backup and recovery procedures to cope with changing circumstances?
UPDATE (17 November 2005):
Apani comments on a Harris Interactive poll about backup frequency: "Everyone knows that they should back up the data on their computers, but how many actually do it? When was the last time you did it? Out of the 2,300 US adults who were polled in late July of this year 685 (roughly 33%) didn’t back up at all…. And the majority of respondents who did back up, only perform this task once a year." Click here to read the article: You know you should... I hope that businesses would poll better than this! (Perhaps not too much better?)
If you have a plan that is pretty thorough and your personnel and IT infrastructure and applications haven't changed all that much, once every 3 months seems a bit overkill for me. But then again, it all depends on what you consider a test. Is a test simply getting everyone in a room and walking through exactly what should happen in the event of a disaster or does it mean bringing up a cold site and testing that everything will work? Is it enough just to make sure that all the support contracts are up to date and the backups are being sent off site and actually contain good data?
ReplyDeleteOf course in a Domino world, testing such things is easier than with a lot of other applications.