(Editor’s note: This is the third of a four-part series, written by Strohl experts, that discusses best practices for conducting different types of business continuity planning tests and exercises. June featured advice on structured walkthrough exercises and July focused on tabletop exercises. Next month we will feature advice on full-scale exercises.)

Exercising a disaster recovery or business continuity plan can be stressful on even the best recovery planner. When plans need to be tested, many methods exist. Often, management wants to see that all plans are tested and that systems and business functions can recover from even the worst scenarios. Because holistic testing of all plans simultaneously is potentially a logistical nightmare, and often difficult to evaluate, you may need to consider narrowing the testing focus to one or two functions at a time. This type of test is known as a Functional Exercise.

The Functional Exercise is as close to recovery -- without actual movement of people or equipment -- as an organization can get. It is a simulation designed to test procedures and personnel in relation to recovery of a critical function.

The primary goal of a Functional Exercise is to evaluate and test the recovery procedures for a critical function in reaction to a specific simulated event. It is generally focused on exercising the plans, policies, procedures and staff knowledge of the recovery requirements and tasking. The objective is to execute specific plans and procedures and apply established policies, plans and procedures under crisis conditions. The Functional Exercise requires the presentation of complex and realistic problems that require specific responses from test participants.

The key components of a functional exercise include a realistic scenario, a controlled environment, timed information release, detailed evaluation criteria and personnel in the roles of exercise controller, simulators, players and evaluators. People in these roles have the following responsibilities:

• Exercise Controller: One or two individuals to lead and moderate the exercise;
• Simulators: To lend authenticity to the unfolding scenario;
• Players: To react to information provided by utilizing plan documentation; and
• Evaluators: To determine the effectiveness of the simulated recovery effort.

It may take several weeks to prepare detailed scenario and evaluation materials relating to the function being tested. It is important to fully understand the planned recovery strategy and recovery event timing prior to developing the test scenario.

The scenario should be realistic and therefore should be based on an actual potential event. Scenarios should include specific times and dates of events. The first time a functional exercise is conducted, avoid the introduction of mass casualties. It is permissible to simulate injuries, or to place key personnel out of reach (e.g., the supervisor who wrote the majority of the plan may be unreachable atop Mt. Kilimanjaro for the next two weeks). This enables other members of the team to use the procedures as documented and identify missing details.

Identification of what to test is equally important. Determine what function(s) will be tested such as accounting and finance or customer service. There are two schools of thought when it comes to prioritizing the testing of plans. One is to start small and work up to more difficult functions. The other is to test the most critical functions first. It is often considered best to conduct the first test on the recovery of a small but critical business function. This will help work out the testing logistics and timing. The second and succeeding tests should be conducted based on criticality of each function.

If testing a function such as accounting and finance, it is important to understand each of the critical processes and their recovery timeframe. In addition, understand the process dependencies within to the accounting and finance plan. An example of likely processes tested for an accounting and finance plan is illustrated in the chart below.

Controlling the exercise is critical to success. The controller should set the stage for the test and provide rules necessary for a successful test. Critical control components include:

• Detailed knowledge of disaster recovery and business continuity planning policies;
• Demonstrated executive management support;
• Documentation of timed information release;
• Script development for simulation participants;
• Scenario time clock (disaster + minutes / hours);
• Player instructions and rules that include simulated usage of only off-site materials and usage of specific plan tasking;
• Evaluator worksheets that allow the documentation of problems encountered and solutions identified;
• Test recap documentation (inclusive of plan change requirements and strategy revisions); and
• Follow-up meeting(s) with participants to review lessons learned and to emphasize importance of implementing changes to the plans.

The environment is typically stressful due to the need for teams of players to communicate in an orderly manner with other teams. This communication can be managed in writing or via phone. If in writing, runners should be available to bring questions from one table to another. If via phone, numbers for each team table should be published.

Keep in mind that the test may last several hours and breaks are to be taken as often as needed. Allow participants to be objective concerning their own procedures and to make suggestions that may enhance their recovery capability. Constructive suggestions can be made by each team in support of their needs relating to other teams. These suggestions should be documented by the evaluator at each table.

A table should be provided for each team, the controller and management and simulators (who also are available to run notes from one table to another). Tables should be set up with note pads, pens, phones, three-part memo forms (1. recipient team, 2. evaluator, and 3. coordinator / management) and water.

At each stage of information release it is important to recap key accomplishments such as access to recovery site(s) and restoration of computing infrastructure. As new information is presented, the scenario time clock should be advanced. Allow sufficient time for appropriate tasks to be reviewed and accomplished by each team. If critical issues cannot be resolved (e.g., it is discovered that backup copies of information needed to recover are not stored off-site) note the problem and proposed solution and instruct participants to proceed as if the problem was resolved.

Once the logistics have been organized, have fun. Provide some unimportant but humorous details to the scenario as it unfolds. Or, provide awards to teams for things like the loudest table, the most overcrowded table, the table that drank the most water, the first table to use up all of their supplies or the table receiving the most phone calls.