- Plan walkthrough or desk check
The simplest option, this method involves walking through the contents of a BC plan. It can involve just one or two people who are fully conversant with the organisation's key business processes. As the name suggests, they will quite literally walk through the plan to gauge whether it will work as intended. They will challenge any assumptions and highlight any gaps.
- Extended desktop walkthrough
This is an extended desk check that typically involves one or two plan owners walking through their plans to identify any interdependencies and testing assumptions that one team has prioritised an activity that is being relied on by another.
- Technical testing
This is a test of equipment, recovery, procedures or technology and aims to establish whether all the relevant equipment, infrastructure, services and security controls will perform as expected when needed.
- Simulation exercise
This incorporates a carefully thought-through exercise simulation to put many aspects of a BC plan to the test and identify any gaps or shortcomings. Typically centred around a realistic scenario, the exercise could include a building evacuation and internal and external communications. As well as a cross-section of staff, there may be value in involving key suppliers. With this kind of exercise, the more relevant it is to your organisation the better. For example, if your organisation is heavily dependent on its IT, a ransomware scenario might be a good idea. If your premises are at high risk of flooding, you might benefit from testing an extreme weather scenario.
- Testing critical activities
This is where controlled testing is conducted for specific activities, ensuring they can be recovered as planned. Such testing is usually conducted at a departmental, divisional or business area level.
- Testing of individual department or business unit plans
This is like a test of critical activities but can be widened to include additional elements such as employee welfare and reputational damage. It can be a real-world exercise, rather than a simulation. For instance, closing an office to test the performance of your recovery location or the effectiveness of your work from home strategy.
- Full BC exerciseCommonly referred to as a global exercise, this is the most thorough type of exercising and tests the entire organisation's plans. It requires considerable commitment from the highest level of the organisation and meticulous planning to prevent the exercise itself causing a disruption.