• Home & Garden
  • Relationships
  • Celebrations

Writing a Business Plan

testing a business continuity plan

While it may be tempting to put off, creating a business plan is an essential part of starting your own business. Plans and proposals should be put in a clear format making it easy for potential investors to understand. Because every company has a different goal and product or service to offer, there are business plan templates readily available to help you get on the right track. Many of these templates can be adapted for any company. In general, a business plan writing guide will recommend that the following sections be incorporated into your plan.

Executive Summary

The executive summary is the first section that business plans open with, but is often the last section to actually be written as it’s the most difficult to write. The executive summary is a summary of the overall plan that highlights the key points and gives the reader an idea of what lies ahead in the document. It should include areas such as the business opportunity, target market, marketing and sales strategy, competition, the summary of the financial plan, staff members and a summary of how the plan will be implemented. This section needs to be extremely clear, concise and engaging as you don’t want the reader to push your hard work aside.

Company Description

The company description follows the executive summary and should cover all the details about the company itself. For example, if you are writing a business plan for an internet café, you would want to include the name of the company, where the café would be located, who the main team members involved are and why, how large the company is, who the target market for the internet cafe is, what type of business structure the café is, such as LLC, sole proprietorship, partnership, or corporation, what the internet café business mission and vision statements are, and what the business’s short-term objectives are.

Services and Products

This is the exciting part of the plan where you get to explain what new and improved services or products you are offering. On top of describing the product or service itself, include in the plan what is currently in the market in this area, what problems there are in this area and how your product is the solution. For example, in a business plan for a food truck, perhaps there are numerous other food trucks in the area, but they are all fast –food style and unhealthy so, you want to introduce fast food that serves only organic and fresh ingredients every day. This is where you can also list your price points and future products or services you anticipate.

Market Analysis

The market analysis section will take time to write and research as a lot of effort and research need to go into it. Here is where you have the opportunity to describe what trends are showing up, what the growth rate in this sector looks like, what the current size of this industry is and who your target audience is. A cleaning business plan, for example, may include how this sector has been growing by 10% every year due to an increase in large businesses being built in the city.

Organization and Management

Marketing and sales are the part of the business plan where you explain how you will attract and retain clients. How are you reaching your target customers and what incentives do you offer that will keep them coming back? For a dry cleaner business plan, perhaps if they refer customers, they will get 10% off their next visit. In addition, you may want to explain what needs to be done in order for the business to be profitable. This is a great way of showing that you are conscious about what clear steps need to be taken to make a business successful.

Financial Projections & Appendix

The financial business plan section can be a tricky one to write as it is based on projections. Usually what is included is the short-term projection, which is a year broken down by month and should include start-up permits, equipment, and licenses that are required. This is followed by a three-year projection broken down by year and many often write a five-year projection, but this does not need to be included in the business plan.

The appendix is the last section and contains all the supporting documents and/or required material. This often includes resumes of those involved in the company, letters of reference, product pictures and credit histories. Keep in mind that your business plan is always in development and should be adjusted regularly as your business grows and changes.


testing a business continuity plan

Your Guide to Writing a Business Plan

testing a business continuity plan

If you’re starting a new business, then you need an effective plan. Not only does this enable you to plan your company, but it also gives potential clients an insight into how your business works. A business plan is also vital if you want to attract investors or secure a loan from the bank. Drafting a business plan is a complex process, but it doesn’t have to be. This guide will ensure you create a definite plan to impress investors and clients. 

When creating your business plan, there are some essential elements you must include. The Executive Summary provides a description of your business, and what you hope to achieve. People usually write at least one page, but leave their Executive Summary until last.

You’ll also need to detail what your business offers and define your target audience. This makes it easier for people to see whether your company has a chance of succeeding. The opportunity section is also an excellent way for you to see what competitors offer and how you can create a USP to stand out from the competition. 

Appealing to Investors

Every business that wants growth and prosperity must ensure they promote themselves to potential investors. Business plans aren’t just about what the business is, but who is part of it too. Detail your current team members and explain what they bring to the company. Investors want to know they’re making a wise investment.

Your current finances and financial forecast are also essential aspects of your business plan. Look at your products, how much you’re selling them for and what kind of profit margin you expect to gain. It’s also vital you detail your outgoings and look at how various economic situations could affect your finances. 

Writing a Winning Executive Summary

There are problems in every market, and a successful business solves that problem. If you can show how you’ll be able to offer solutions in your business plan, you’ll appeal to investors. Choose your target audience based on research and ensure you show your research. There are many ways to conduct market research including defining SOMs, SAMs and TAMs. 

TAM stands for Total Available Market and comprises everyone you want your product to reach. Your Segmented Addressable Market (SAM) is a specific portion of the market you’ll target. This is important because it shows you’re able to direct your product at the right people and not just everyone. Your SOM (Share of the Market) is what you feel you’ll gain with your product.  

How to Determine Pricing

Pricing your product is one of the most challenging things you’ll have to do. There are many things to consider, such as how much it’s worth and making sure you don’t charge unrealistically. Many new businesses believe undercharging is the best way to go, but doing this can undermine your company’s authority and cause fewer people to be interested in investing.

Market-based pricing involves looking at your competitors and evaluating their prices. Which company has the most customers? How does their pricing match others? These are all vital aspects you should consider. Remember, customers expect quality and a fair price, so make sure you combine the two. 

Future Goals

Investors and banks want to know that you’ve considered what the future will hold for your company. When you write your business plan, be sure to take into account how you see the company growing, what you’ll do to ensure it thrives and that you understand the potential risks. Banks and investors want to know that you can build a business and are aware of the obstacles you’ll have to overcome.

Starting your own business doesn’t have to be difficult. If you ensure you produce a robust business plan, it can be an exciting process. Your business is part of your future, so start by outlining your goals and look forward to seeing results. 


testing a business continuity plan

Four Steps to Better Business Continuity Plan Testing

Four Steps to Better Business Continuity Plan Testing

Business continuity planning is a process that is vital to your organization. There is always the possibility that your organization’s critical business processes could be negatively affected for reasons that are often beyond your control, so it's best to be prepared. If a disruption occurs, it’s essential that your organization has a plan to address any potential issues and ensure that your organization can still serve your customers.

However, if you’ve never enacted your plan, it’s hard to be confident that your plan will be sufficient. Testing your business continuity plan (BCP) helps to continuously improve your ability to recover successfully from various scenarios, whether it be a natural disaster or a communications failure. The good news is that there’s not just one way to test your BCP. Here are four steps to help you build a better business continuity plan testing program and ensure you are prepared for any situation that may come your way.


The first step to better BCP testing is to incorporate different testing methods. You can utilize various methods to test the usability and effectiveness of your business continuity plan. Some of the possible test methods provided by the FFIEC include:

Step two is to understand how often to test. Although there is no hard-and-fast standard for determining how often to test your business continuity plan, some general guidelines are typically recommended. Note that each of these timeframes will depend on your organization’s industry, size, personnel, available resources, and current BCP maturity levels. Don’t take these timelines as gospel, as they are strictly that: guidelines.

SBS recommends reviewing each of your emergency preparedness plans (business continuity, disaster recovery, incident response, and pandemic preparedness) throughout the course of a given year. Testing would typically include an annual tabletop test of all four individual EPP plans, testing multiple scenarios for threats you identify as a higher risk to your organization. Be sure to test the scenarios you believe to be the highest risk to your organization most frequently. You can use your business continuity risk assessment to help identify which threats are particularly impactful/probable to the organization.

Additionally, a limited-scale exercise is recommended at least annually, but such a test is largely dependent on the size and complexity of your organization and the maturity of your failover procedures. For example, if your organization’s goal is to have a fully-functional failover DR backup site, but you have not yet achieved full-failover mirroring and backups, implementing this complex backup process and testing to ensure everything works correctly from failover to failback may take years to achieve. In comparison, testing file-level restores from nightly backups is something any organization can do quickly and frequently today.

However, if your organization has any significant changes in processes, systems, or plan details, you may want to perform these tests more frequently. To reiterate, these timelines are highly dependent on your organization; it may not be feasible or logical to perform some of these tests at a particular frequency. Base this decision on your organization and its specific needs.

If you are looking for somewhere to start and what should be prioritized for testing, refer to your business impact analysis . This is an excellent way to not only identify your most critical processes, but also the assets/systems you rely on the most. Systems that you require to keep your most critical processes functioning should be tested more frequently, allowing you to validate proper recoverability and the timeframes of that recovery. Most organizations benefit greatly by having a testing schedule documenting their plans. This allows for a strategic approach to testing involving the organization's processes, systems, and vendors deemed necessary.

Including your vendors is the next step in improving your BCP testing. In the course of your testing cycle (whether a tabletop test, limited-scale exercise, or full-scale exercise), you’ll want to ensure your critical vendor partners are included in the testing process to whatever extent possible. Involving your vendors in this process not only allows you to test to a greater degree of accuracy and usability but also allows your vendors a chance to provide feedback that may be valuable to your plans or testing process.

Step Four: Document Your Testing

Finally, step four is to document your testing. Be sure to document the results of any testing performed, along with any actionable findings from those tests. Following up on these items and incorporating recommendations resulting from tests is the most important process in the BCP testing lifecycle. Testing, documenting the results of your testing, and implementing processes to improve your BCP is the best way to strengthen your organization’s response processes.

Testing, documenting the results of your testing, and implementing processes to improve your BCP is the best way to strengthen your organization’s response processes.

Resources and Testing Options

Numerous additional resources that your organization may use or participate in to continue maturing your BCP testing program are widely available. Here is a list of organizations and resources to help you perform such testing on your own organization’s BCP:

Other Sources

Updated by: Cole Ponto Senior Information Security Consultant - SBS CyberSecurity, LLC

SBS Resources:

Related Certifications:

Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click  here  to view a full list of certifications.

Certified Banking Business Continuity Professional

Upcoming Webinars

Hacker Hour: 3 Critical Components of Vendor Management

TRAC User Group: Critical Business Functions Edition

Webinar: Risk Assessing and Educating Customers - Who? How? Why?

Hacker Hour: Internal Network Penetration Testing

Recent Posts

LastPass Security Update: What Happened, What You Need to Know, and How to Protect Yourself

Celebrating Women's History Month: Recognizing the Leadership and Contributions of Women

Quick Tip to Keep Hackers Out - Always Verify MFA

Are Password Managers Secure?

testing a business continuity plan

(605) 269-0909

testing a business continuity plan

[email protected]

Atlas logo - Red capital A logo

Testing, testing: how to test your business continuity plan

Related articles, disruptions are by their nature unexpected. but your organisation’s response to hitting pause on normal business operations doesn’t have to be equally as unexpected..

A comprehensive business continuity plan maps out every stage of your business’ response to relevant risks that could affect business-as-usual. This could be a powercut, a cyber-attack or a supply failure. Whatever the disruption, the right continuity plan can ensure that your business minimises downtime and recovers as quickly as possible, reducing the risk of lost revenue or reputation.

However, even the most detailed plan can become ineffective if it is not regularly tested. Businesses rarely stand still, and this means your plan may have to adapt to new circumstances. Lack of knowledge, communication and practice can also compromise your business’ response, which could extend your recovery.

So, how should you test your business continuity plan, and how often should it be put in practice?

How often should a business continuity plan be tested?

There is no hard and fast rule that governs how often your business should test its plan.

It really depends on the complexity of your business and the number, scale and likelihood of the risks it faces. These should be identified as part of a Business Impact Assessment (BIA), which will inform your business’ response.

If your business has high risks for revenue loss, a damaged reputation or the possibility of lengthy downtime, then testing should be carried out more regularly and more areas of the plan should be tested.

The regularity of the testing is also dependent on the type of test being performed.

How can a business continuity plan be tested?

There are three main ways of testing your business continuity plan: checklist or walkthrough exercises, desktop scenarios or simulations.

Checklist or walkthrough exercises

A checklist or walkthrough exercise is one of the easiest forms of test. It consists of a desktop exercise in which senior managers determine if the plan remains current by checking off or ‘walking through’ each step.

When going through the plan they should also ask key questions, such as does the business have the right supplies to cope? Are copies of the plan known by key personnel? Do key personnel know what their roles are?

To make this test as valuable as possible, an emphasis must be placed on any weak areas. The mission is not to find fault or assign blame, but to promote improvement, which will make your plan more effective if the worst should happen.

Desktop scenarios

A desktop scenario test is a little more specific than the checklist. Using a scenario relevant to the business, this test can help you to establish all the processes of your business’ response to a specific disruption. For example, you can check the processes of your plan in the event of sudden data loss.


Simulations are full re-enactments of business continuity procedures and could involve most, if not all, of your workforce. They also tend to take place on site in the relevant business areas.

In this test, each employee involved will need to physically demonstrate the steps needed in order to react to the disruption and recover from it. This could involve driving to a back-up location, making phone calls, completing communication templates or visiting server rooms. These kinds of tests are good for establishing staff safety, asset management, leadership response, relocation protocols and any loss recovery procedures.

Due to the large scale of a full simulation, these kinds of tests may be limited to annual occurrences. They may also need to be moved to quieter business days or even non-operational days so that disruption to normal work is minimised.

Organising a test

Before beginning a test, you will need to set out a clear objective as well as define exactly what is being tested. For example, you may want to check your continuity plans in the event of a power outage.

For a desktop exercise, you need to ensure that key personnel or top management are available to participate. A venue also needs to be arranged, but this doesn’t necessarily have to be in a key location unless you are planning a simulation.

Before the test, circulate the testing plan along with the objective to everyone involved. This team should also familiarise themselves with the current business continuity plan.

Assign some people within the team to record the test’s performance and any shortcomings that are identified. After the test, feedback should also be sought. These findings then need to be formally recorded and used to update the business continuity plan. Once finalised, the revised plan should be shared among the workforce.

Remember that testing a business continuity plan is not about passing or failing – it is about improving processes to give your business the best possible chance of dealing with disruption. Regular testing asserts the effectiveness of your processes, trains your staff in what to do for faster, more confident responses and highlights areas that need strengthening.

Solution for disruption

Business continuity plans give your business a blueprint for disruption survival, but only if they are fit for purpose.

An internationally recognised mark of best practice, ISO 22301 will enable you to implement, maintain and improve a business continuity management system, which will support your business before, during and after disruption.

To find out more, visit our dedicated webpage for  ISO 22301 .

You can also get in touch on  0333 259 0445  or by emailing  [email protected] .

Sign up to get the latest in your inbox

About the author

Claire Price

Content Marketing Executive

Claire worked for Citation ISO Certification between 2020 and 2022 writing creative and informative content on ISO certification and consultation to help businesses reach their potential.

testing a business continuity plan

Looking for some guidance? Join us for one of our upcoming seminars!

QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only

Please Wait...

testing a business continuity plan

6 Scenarios for Business Continuity Plan Testing

People working at a large desk

Formulating a business continuity plan (BCP) is only half the battle. A solid BC strategy needs more than just a well-laid out theory, and business continuity plan testing can help you achieve optimal results.

Can your backup systems withstand a cyberattack ? How efficient is your RTO for restoring data? Are your employees familiar with emergency procedures? Do you have an emergency communication strategy to let everyone know about an incident immediately? Business continuity plan testing is the most reliable way to find out, and it is a critical component of continuity planning. By skipping regular testing, you won’t know if your organization is prepared for a disaster—until it’s too late.

In this article, we’ll look at six BCP testing scenarios that will prepare your teams and technologies for the unexpected.

Strategic tests  and these business continuity plan scenarios will help you to:

Without testing your plan, you’re putting both the business and its people at risk.

In fact, over the past few years, 35% of small businesses have lost as much as $500K due to downtime . Having an inadequate plan is just as risky as having no plan at all.

In one of our customer webinars "Making the Case for Testing,"  we've explored the different ways of getting value from testing by gaining management support, getting IT on board, and building on the BC/DR plan after the exercise.

Testing Your BCP: How Often is Enough?

So, what do you need to test, and how often?

If you already have a BCP, then it must be filled with myriad procedures for various events . But do you need to test everything? And how often do you need to do that? The answer to that depends on your organization’s unique risks, which should be previously identified in a business impact analysis.

For instance:

A company that has more at stake when it comes to disruption, such as revenue loss, operational downtime, or damaged reputation, will typically require more BCP scenarios, as well as running those tests more often. Every organization is a unique entity, and its BCP will differ in scope and priority.

Below, you’ll find business continuity tests that our experts recommend for most organizations that are concerned about their both basic and advanced BC needs. Tailor their suggestions to fit your business needs.

Business Continuity Plan Testing Scenarios

As your team is prepping for those tests, you need to agree on how realistic and detailed you want a test to be.

Testing can present challenges for companies: it requires investing time and resources. With that in mind, it may make more sense to conduct a tabletop test at a conference room, rather than involving the entire organization in a full-blown drill. There are several types of tests, such as a plan review, a tabletop test, or a simulation test, which we explained in detail in our previous post.

1. Data Loss/Breach

One of the most prevalent workplace disasters today. The cause of data loss or breach could vary:

Data is mission critical for any company, and losing it can have many serious consequences, such as significantly impacting sales and logistics applications.

The goal is to regain access to that data as soon as possible. Restoring a backup is the solution. However, who’s responsible for that? What’s the communication plan in this case? What are the priorities? Who needs to be contacted right away? Are there any vendors involved?

These and many other questions will be answered during a test.

Data recovery is key to any successful recovery plan.

2. Data Recovery

In this scenario, you need to make sure your BC disaster recovery systems work like clockwork. To do that, run a test that involves losing a bulk of data, and then try to recover it.

Some of the elements you’ll need to evaluate will include your RTO, and whether your team met its objectives. Besides, was there any damage to the files during recovery? If your backup was stored in the cloud, did you come across any issues? Include all critical activities to be performed in a BCP scenario.

3. Power Outage

Let’s imagine there was a power outage due to a recent storm. The utility company reported that the power wouldn’t be back up for a few days. What do you do?

First off, your incident response team needs to coordinate among themselves and communicate with the rest of the company.

Answers to these questions must be covered in your BCP. And running a test will confirm that everyone’s on the same page.

4. Network Outage

Power outage inevitably leads to a network outage . However, network outages can happen with electricity still being on, and they could last indefinitely. In such scenarios, many businesses rely on a work-from-home strategy that isn’t reliable for an extended period. When working from home, many employees have various distractions that affect their productivity.

So, during your test, verify the following points:

Answers to these questions also need to be specified in your business continuity plan.

5. Physical Disruption

Fire drills are one of the most critical company-wide drills that must be completed annually. There may already be local fire code compliance in your area, but if not, it’s vital to conduct a fire drill regardless.

Similar to a fire drill, you can test disaster recovery response to other situations, like natural disasters (e.g., earthquake, tornadoes, storms) or other critical situations (active shooter, bomb threat, etc.). These exercises will help familiarize everyone with emergency procedures and safety steps to take.

6. Emergency Communication

Being able to communicate during a disaster or an emergency can provide a lifeline. Yet, the most disruptive events—hurricanes, floods, tornadoes—are very likely to leave you with no traditional means of staying in contact.

For these scenarios, your plan needs to outline the actions to be taken. An emergency notification software is the most reliable, efficient, and effective means of immediate communication for a company of any size. Regularly update the contact information of everyone in your contacts database, so that all of the employees receive timely notification. Additionally, create templates for every disaster scenario to streamline to process.

Download the Ultimate Guide to Business Continuity Testing

Get more actionable advice on everything from the frequency of testing to getting your leadership involved.


Subscribe to Our Newsletter

Get the latest business continuity news and insights

Exercise your plan.

Build muscle memory, find gaps in your plans, and produce audit-ready reports with Incident Manager's Exercise Manager module.

Latest Articles

Background image showing the Agility Recovery logo

The Ultimate Guide to Business Continuity Testing

Incident Management and Business Continuity

10 Steps for Incident Management and Business Continuity

Man works with reports and laptop, RecoveryPlanner

The Life Cycle of Business Continuity Planning & Recovery

Get the Latest Business Continuity Insights

By clicking the "Subscribe" button you agree to the  Terms of Use  and  Privacy Policy

Business Continuity Plan Maintenance: How To Review, Test and Update Your BCP

testing a business continuity plan

We've written before about how all organizations need to have a robust business continuity plan . A comprehensive BCP gives your business assurance that it can continue operations, even in the event of an unexpected incident or full-blown crisis.

Putting in place a plan is the first stage in this process, but far from the only on Business continuity plan review checklist . Business continuity plan maintenance, review and testing form equally vital steps in your business continuity strategy.

Is Business Continuity Plan Maintenance Important?

Questions you should ask when scheduling bcp reviews and drills.

Business Continuity Plan Testing Considerations and Best Practices

Business continuity plan testing types, how to keep your business continuity plan current.

Maintain Confidence in Your BCP

Facebook icon

The Rising Tide of ESG – Navigating the Road Ahead

testing a business continuity plan

The Board's Role in Leading and Enabling GRC

testing a business continuity plan

Board and Executive Collaboration: Components of a Secure Platform for the Evolving Workplace

Kezia Farnham Diligent

How to Maintain and Test a Business Continuity and Disaster Recovery Plan

Proactively planning for how to respond to a disaster and get your business operations back online is key to building business resiliency. And in today’s tempestuous business environment, resiliency is everything.

A comprehensive, thoroughly tested business continuity and disaster recovery plan is one of the best ways to protect your organization from data and revenue loss during an outage, cyberattack, or natural disaster. 

Though they are technically two separate plans, business continuity and disaster recovery work symbiotically to create a robust safety net for your business operations, systems, and data.

A business continuity plan defines the business’s critical processes and gives detailed instructions for your organization to follow in order to continue operating during an emergency. This plan must identify and include all time-sensitive and mission-critical business functions and processes, as well as company assets, human resources, business partners, and stakeholders. 

Your disaster recovery plan should focus on getting the IT infrastructure back up and running after an unplanned disruption or natural disaster. This is just one step in business continuity—albeit a crucial one—which is why businesses need to ensure they have both plans ready, waiting, and tested before a crisis hits.

Four Steps for Maintaining and Testing Your Business Continuity and Disaster Recovery Plan

Business continuity and disaster recovery are not set-and-forget initiatives. Business objectives and processes change frequently, employees move into and out of roles, and technology is in a constant state of flux. So once you have your initial business continuity and disaster recovery plans established, integrated, and fully tested, you move into maintenance mode . During this phase, your focus becomes anticipating and adapting to changes and ensuring your continuity and recovery plan stays up to date and functional.

Here are the four main steps to future-proofing your crisis response efforts so you can be confident your business continuity plan will work when it needs to.

1. Plan for change management. 

Many organizations are experiencing an unprecedented level of change these days. To ensure continuity in the event of a crisis, it is important to monitor changes in the organization and its external environment, including people, processes, and resources. Have a documented process in place to control changes or revisions to the plan, and be sure to update the plan regularly.

2. Conduct testing.

When was the last time you fully tested your business continuity plan from end to end? If it’s been a while, stop reading and put it on the calendar now. The middle of a 100-year flood is no time to discover your backups are corrupt. 

Regularly scheduled testing will help prevent massive data loss and get your business operations up and functioning quickly after an emergency. A full, end-to-end test of your plan will be time consuming, so for expediency’s sake, schedule different types of testing at repeating intervals:

Just to keep things interesting, conduct periodic, unannounced “emergency” tests to help you observe the plan in action and test employees to make sure they know how to respond to a real crisis.

3. Require training.

Your business continuity plan is only helpful if your employees know how to implement it. When you initially create your plan, it’s important to form a business continuity team that will own the process and educate others.

During maintenance, your business continuity team will select a set of training methods, then create an ongoing schedule of business continuity awareness and training activities. These sessions will address any gaps in business continuity and disaster response knowledge so the organization can take unified, appropriate action to respond to threats as needed.

4. Perform an audit.

The final step in effectively maintaining your business continuity and disaster recovery plan is to invest in a third-party, impartial review of the plan.

This audit will determine whether the plan is in compliance with the organization’s internal policies and whether it meets external regulations and standards. It will also identify gaps and weaknesses in any of the maintenance steps. 

When the audit is complete, update the business continuity plan with any needed changes identified by the audit.

These four steps can help you maintain and test your business continuity plan so your organization recovers quickly after a disaster, technology failure, or cyberattack. 

For optimal protection, consider investing in a business continuity solution that provides a cohesive data security, protection, and retention strategy. A comprehensive continuity and disaster recovery solution can streamline your business continuity processes and provide additional data and cybersecurity features for greater peace of mind.

If you don’t have an up-to-date business continuity plan or world events have prompted you to reassess your current plan, download Arcserve’s How to Build a Disaster Recovery Plan to learn how to protect your business-critical systems and data in an emergency.

You May Also Like

Arcserve global research: cloud investments are increasing, but data protection is lagging, data protection and the c-suite: how msps can gain executive buy-in for disaster recovery plans, nist cybersecurity framework updates: what financial services leaders need to know.

Test the Plan, Plan the Test – Why Successful Business Continuity Plans Are Put into Action Before a Crisis

testing a business continuity plan

How will your business respond if faced with a natural disaster, a cyberthreat or an active shooter scenario? Will the organization stay afloat in the midst of such a crisis?

Any amount of disruption costs your business money and can destroy customer relations. In fact,  75 percent of companies  without a continuity plan fail in three years after facing a disaster. Those companies unable to get back up and running in 10 days post emergency do not survive at all. This is where a business continuity plan (BCP) comes in.

What is a Business Continuity Plan?

A  business continuity plan  provides your company with the roadmap to navigate a major business disruption, including a natural disaster or large-scale emergency. However, having a plan in place is only the first step; business continuity plan testing for gaps or obstacles is also essential. This blog will outline key considerations on how to test a business continuity plan.

Who Should Be Involved in Business Continuity Testing?

According to the  Department of Homeland Security , there are four groups that should be involved in testing business continuity plans:

All employees need to know about protective actions they need to take. This involves testing the plan to see what to do in terms of safety and security, as well as loss prevention. The emergency response team needs to test its ability to follow roles and responsibilities defined in the plan. This includes evacuation, shelter, incident management, cleanup and medical care.

The business continuity team, which generally includes division or department management, is responsible for testing incident management and oversight. As for the crisis communications group, they manage the testing of the emergency notification system.

What Should Testing Accomplish?

Testing a BCP verifies how effective the plan is in real-time scenarios. Therefore, when you test the plan, you are looking for weaknesses or gaps in the plan. Once weaknesses are identified, your teams can work together to improve them.

When Do You Test the Business Continuity Plan?

Business continuity plan testing should  take place quarterly  at a minimum. For a quarterly plan review, organize a meeting with the division or department managers who are directly involved with the business continuity plan, including new hires. If the organization is growing rapidly or experiences high management turnover, you may want to consider increasing testing frequency to monthly.

Where Does Your Business Conduct Testing?

Testing typically includes a variety of  tabletop scenarios and full-scale exercises . Tabletop scenarios can effectively be conducted in a conference room. During a tabletop session, employees read through potential emergency situations. Participants then describe how their role would respond based on the business continuity plan.

Full-scale simulations include a dry-run test in which everyone participates in a walk-through scenario on premises. For example, with a cyberthreat, this will most likely be focused on the IT department and company data centers. For an active shooter incident, the testing will involve closing entrances and exits and testing emergency notification alerts.

Why Should You Test Your Business Continuity Plan?

Along with training and practice, testing provides your teams with an opportunity to improve the plan. When testing the plan’s strengths and weaknesses in a non-emergency environment, all parties brainstorm and streamline the procedures and processes. This helps bolster the BCP in the event of an actual adverse situation.

Make a Better Continuity Plan with OnSolve

Now is the perfect time to consider your business continuity program and the value effective business continuity notification systems can have for your organization.  The most resilient organizations leverage proactive  critical event management  (CEM) as part of a strong and consistent plan for business continuity in today’s dynamic world.

testing a business continuity plan

Building Business Continuity for Resiliency in a Chaotic World

Learn more about the elements of designing a successful business continuity plan, as well as how to deliver and test your plan to ensure your organization is ready to handle a crisis.

testing a business continuity plan

Emergency notification best practices and free customizable message templates.

Share this article:

OnSolve is a leading critical event management provider that proactively mitigates physical threats, allowing organizations to remain agile when a crisis strikes. Using the most trusted expertise and reliable AI-powered risk intelligence, critical communications and incident management technology, the OnSolve Platform enables enterprises, SMB organizations and all levels of government to detect, anticipate and mitigate physical threats that impact their people, places and property. With billions of alerts sent annually and proven support for both the public and private sectors, OnSolve is used by thousands of entities to save lives, protect communities, safeguard critical infrastructure and enable agility for the organizations that power our economy.

Mitigate Risk and Strengthen Organizational Resilience Today

Insights / Legal and Compliance / Article

Stress-test your business continuity management.

November 05, 2019

Recent events, such as the spread of coronavirus, demonstrate the importance of stress-testing business continuity management plans.

The spread of a severe pneumonia now known to be COVID-19 through China and into other countries offers a timely reminder of the difficulty of planning for pandemic events and natural disasters. Businesses always need robust and current continuity plans that stipulate exactly how business operations will respond to and resume after a disruption — whether it is a natural disaster or an operational disruption, such as a broken contract.

In the 2018 Gartner State of the ERM Function Survey, 78% of respondents reported having a defined response plan for a cyberrelated incident, and 76% had plans to deal with the effects of a fire or explosion

“ More than 40% of businesses will never reopen after a major natural disaster”

“Even just a few moments of downtime can be costly, so it is essential that firms implement sound business continuity procedures,” says Ian Beale , VP Advisory, Gartner. “In fact, more than 40% of businesses will never reopen after a major natural disaster.”

Components of a BCM program

A BCM program should reduce the impact of internal and external volatility, enabling the organization to reliably and consistently meet its strategic objectives despite disruption. A comprehensive BCM program covers the response and resilience of IT operations, the supply chain , the workforce and more.

Successful BCM programs have four components:

Learn more: Invest in Innovation and Growth to Prepare for Change

Test your plan

Without formal processes and guidelines, ad hoc responses will likely extend downtime and business loss. Plans must be tested to ensure they will enable the organization to weather disruption.

Tabletop exercises for BCM test the effectiveness of procedures and safeguards in place to respond to — and recover from — specific continuity incidents. These exercises are an effective way to gauge organizational preparedness and awareness, but also to uncover flaws or gaps in recovery plan design.

Read more: Gartner Top 3 Priorities for Legal and Compliance Leaders

Mind your own “business”

First define the threats and risks specific to your organization. Consider that a risk reported in the global news cycle doesn’t automatically make that a risk for every organization.

Prioritize relevant scenarios by considering regulatory obligations, response plan maturity, criticality to business operations and response plan complexity. From there, leaders can draft relevant and comprehensive scenarios.

Learn more: Drive Growth Through Times of Uncertainty

Team players

Assign clear roles and responsibilities for participants and facilitators in tabletop exercises, including:

Experience Gartner Conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

Recommended resources for Gartner clients*:

Fundamentals of Risk: Business Continuity Management .

*Note that some documents may not be available to all Gartner clients.

Get Exclusive Content

Top finance trends and priorities for 2023, driving business growth — key insights for finance leaders, the gartner 2023 top board and governance expectations for general counsel, subscribe to the latest insight.

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

By clicking the "Subscribe" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Explore deep-dive content to help you stay informed and up to date

The gartner 2023 leadership vision for general counsel, leadership vision for 2023: general counsel, recession playbook for chief compliance officer, recession playbook for general counsel, the gartner predictions for 2023: legal and compliance technology, drive stronger performance on your mission-critical priorities..

Testing The Business Continuity Plan

Published on : 06 Aug 2020

Business Continuity Plan is a process of recovery and prevention systems for organizations to deal with an incident that could severely hamper business operations.  There is always a possibility that an organization’s critical business process comes to a standstill due to the impact of an unforeseen event that is beyond one’s control.  To deal with such incidents, it is best to be prepared for the worst. Organizations should have a recovery plan in place to ensure minimum impact or disruption of business operations and client servicing. However, simply creating a Business Continuity Plan will not protect one’s business. Organizations should have in place a solid BCP strategy that is not just well laid out but is also effective in implementation. So, once an organization develops a Business Continuity Plan it is crucial to test its effectiveness. Testing the Plan verifies the effectiveness of the strategy in place and trains responsible personnel for the real scenario. Moreover, the test helps identify areas of concern where the plan needs to be strengthened.

Objective of Testing a Business Continuity Plan

Testing of BCP strategy is not just about passing or failing, but ensuring there is constant improvement in the strategy implemented. Here are some reasons why running a strategic test is essential for an organization-

Without testing the plan, one may put their business and stakeholders at great risk. 

How often should the company test its BCP?

While there is no hard-and-fast rule for determining how often an organization should test their Business Continuity Plan , there are certain guidelines that must be followed to ensure its effectiveness. Reviewing established Business Continuity Plans like Disaster Recovery, Incident Recovery, and Risk Management programs depends on threat scenarios that your organization identifies as high-risk and anticipate its frequent occurrence. While the number of tests to be conducted depends on the industry background, size and complexity, available resources, and BCP maturity levels, it is recommended that the tests are conducted twice a year for critical processes but at least minimum once a year. In some cases, it may not be feasible or logical to perform some of the tests frequently, so we suggest organizations to base their decision on their needs. Moreover, if your organization undergoes major changes in its processes, systems, or plan details, you may have to consider testing the performance more frequently.

Testing your Business Continuity Plan 

Once the organization develops an initial version of the BCP, the entire team responsible should review the plan. All the members should examine the plan in detail and, attempt to identify inconsistencies or issues that may have been overlooked during the process of development. The reviewing process should involve higher-level management and department heads to analyze and discuss potential improvements, and ensure contact information and recovery contracts are in place. The team should at least conduct a review on a quarterly basis to ensure it is effective. The focus of the review should be on identifying weak areas and accordingly implement measures to strengthen it. 

Incorporating different testing methods

1.tabletop exercise/ test.

Tabletop Test is a scenario-based role-play exercise conducted with an intention to discuss concrete plans for managing a simulated emergency situation systematically. The basic objective of conducting this test is to ensure all personnel responsible for actionable measures are aware of the relevant process and procedures pertaining to the BCP. The test typically involves discussion of one or more disaster scenarios, during which the potential response and procedures will be reviewed, and ensure responsibilities outlined are appropriately handled by concerned authorities. This will help organizations identify shortcomings in their set process and will ensure improvement.  

2.Walk-Through Drill/Simulation Test:  

Walkthrough Drill/Simulation Test is a rather practical version of the tabletop exercise. The test goes beyond talking about the process and actually gets the team out to conduct the recovery process. So, while a Tabletop Test involves sitting around the table discussing plan details, the Walk-Through/Simulation Test involves the team responding to a pretend disaster as stated and act as directed by the BCP. This would include restoring backups, live testing of redundant systems, and implementing other relevant processes. The test will involve validation of response, processes, systems, and resource mobilization. 

3.Full Recovery Test: 

A Full Recovery Test involves a complete process of practically running up the backup systems and processing transactions or data, considering the simulation as a real-life disaster. It is a functional test that checks how quickly a system can recover after a crash or failure. The test conducted is to ensure that that live and backup systems can run in conjunction assuring hassle-free transitioning of operations to your backup systems in case of a sudden system failure or crash. Organizations should review the effectiveness of their system recovery every time they release or upgrade their systems. Ideally, organizations should conduct BCP drills at least once/twice a year, including recovery testing, to make sure everyone involved is aware of their roles and responsibilities, and ensure smooth functioning of critical business operations when there is a failure or disaster.

Involve Vendors

During the course of the BCP, testing organizations should ensure their critical vendor partners are included in the process as much as possible. This will not only facilitate accuracy in testing but also lets your organization get valuable feedback from vendors about the current organization’s Business Continuity Plan and testing process. It will also facilitate possible suggestions for improvement from the Vendor. 

Post Test Report

Finally, the organization should document the results of the tests conducted with actionable findings of those tests. This is the most important part of the BCP testing process. The document should also have recommendations detailing key actions/ measures to be taken for improvement and building resilience. It should also contain considerations for the next annual/six-monthly reviews of your Business Continuity Planning. 

Post-Test Actionable Measures

How can VISTA InfoSec help Organizations with BCP?

Organizations are constantly under the risk or threat of damage or disruption caused by an unforeseen event. Implementing actionable measures to prevent the impact of an unexpected incident is extremely challenging. So, to help organizations build an effective Business Continuity Plan and ensure it works, we at VISTA InfoSec offer Advisory services based on our years of industry experience and knowledge on various standards for Business Continuity Planning such as ISO 22301. VISTA InfoSec has been a part of the Information Security industry for the past 16 years. Knowing the in’s and out of the industry makes our team highly proficient and capable professionals to assist clients with their Business Continuity Plans. Our highly integrated solutions and advisory services help businesses develop a solid BCP that assure to stand to the test of times and help clients quickly recover from the incident. Our testing and training programs help create awareness and enable organizations to efficiently deal with the incident. Availing our BCP services includes- 

Prior to an Incident – Our team shall help organizations manage and develop emergency action plans, and provide training with supportive expert content for guidance. 

During an incident – In case of an incident occurring, our team shall help the organization recover faster by providing the necessary assistance in terms of implementing their Disaster recovery plan and incident management plan along with testing, office space, and suggesting immediate remediation.  

Post an Incident Occurrence – Our team will ensure quick recovery of your business in terms of making it fully operational and preparing them to withstand the impact. We offer complete support and guidance throughout the process and ensure minimum impact and least exposure to more vulnerabilities. 

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.

Recent Post

Enquiry Form

Enquire Now

Essential cookies

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensure basic functionalities and security features of the website. These cookies do not store any personal information.

All Cookies

Non-essential cookies.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, and other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

Message Sent!

Thank you for sharing your contact details. our team will get back to you shortly.


  1. What is the primary goal of business continuity planning, and how to achieve it

    testing a business continuity plan

  2. Business Continuity Plan

    testing a business continuity plan

  3. Business Continuity Plan: What is it and why do you need it?

    testing a business continuity plan

  4. Testing Business Continuity Plan Ppt Powerpoint Presentation Portfolio Structure Cpb

    testing a business continuity plan

  5. 3 Ways to Test Your Business Continuity Plan

    testing a business continuity plan

  6. Business Continuity Plan Testing Scenarios

    testing a business continuity plan


  1. D&V Philippines


  3. Introduction to Business Continuity Planning

  4. Business Continuity Plan Implementation and Maintenance

  5. Business continuity planning for a practice shutdown

  6. Business Continuity Plan


  1. How to Make a Financial Plan for Your Business

    Preparing a financial plan for your business is important if you plan to pursue business finance options such as loans, according to Inc. Business finance companies look at the short-term viability as well as the long-term potential of a bu...

  2. Writing a Business Plan

    While it may be tempting to put off, creating a business plan is an essential part of starting your own business. Plans and proposals should be put in a clear format making it easy for potential investors to understand.

  3. Your Guide to Writing a Business Plan

    If you’re starting a new business, then you need an effective plan. Not only does this enable you to plan your company, but it also gives potential clients an insight into how your business works. A business plan is also vital if you want t...

  4. Four Steps to Better Business Continuity Plan Testing

    Testing your business continuity plan (BCP) helps to continuously improve your ability to recover successfully from various scenarios, whether

  5. Testing, testing: how to test your business continuity plan

    There are three main ways of testing your business continuity plan: checklist or walkthrough exercises, desktop scenarios or simulations.

  6. Comprehensive Guide to Business Continuity Testing

    Business continuity plan (BCP) testing is a method of looking into how prepared your employees are in an emergency. It is a risk-to-reality

  7. 6 Scenarios for Business Continuity Plan Testing

    Business continuity plan testing is the most reliable way to find out, and it is a critical component of continuity planning. By skipping

  8. Business Continuity Plan Maintenance: How To Review, Test and

    When it comes to types of business continuity plan testing, there are three main routes: a table-top exercise, a structured walk-through or full

  9. How to Maintain and Test a Business Continuity and Disaster

    2. Conduct testing. · Checklist test (bi-annually): This is a high-level check to ensure objectives are still being met by the current plan. · Walkthrough test (

  10. Test the Plan, Plan the Test

    Testing a BCP verifies how effective the plan is in real-time scenarios. Therefore, when you test the plan, you are looking for weaknesses or gaps in the plan.

  11. How to Conduct Testing of a Business Continuity Plan

    Once you know that all your management and stakeholders are on the same page, test the plan. Have your employees visit your central communications hub to see if

  12. Stress-Test Your Business Continuity Management

    Tabletop exercises for BCM test the effectiveness of procedures and safeguards in place to respond to — and recover from — specific continuity incidents. These

  13. Business Continuity Plan

    A key part of a successful and complete Business Continuity Plan. (BCP) is validation. Testing the plan to ensure it is suitable for use, up to date, and still

  14. Useful tips for testing the effectiveness of Business Continuity Plan

    So, once an organization develops a Business Continuity Plan it is crucial to test its effectiveness. Testing the Plan verifies the