Operate more efficiently, reduce complexity, improve EBITDA, and much more with the purpose-built platform for MSPs.
Protect and defend what matters most to your clients and stakeholders with ConnectWise's best-in-class cybersecurity and BCDR solutions.
Leverage generative AI and RPA workflows to simplify and streamline the most time-consuming parts of IT.
Join fellow IT pros at ConnectWise industry & customer events!
Check out our online learning platform, designed to help IT service providers get the most out of ConnectWise products and services.
Search our resource center for the latest MSP ebooks, white papers, infographics, webinars and more!
Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.
Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.
You already know the importance of having a robust disaster recovery plan for your customers—and your own business. But that’s just the first part of preparing for a disruptive event. A comprehensive BCDR plan must also include testing that covers three areas: people, processes, and technology. You have to determine that:
Testing is the final part of designing and implementing BCDR plans that work the way they are supposed to. This post provides comprehensive guidance on BCDR testing to ensure those plans will function as required when needed.
Putting detailed business continuity disaster recovery (BCDR) plans in place for your customers is one of an MSP’s most critical functions. If a client’s organization does face a disruptive event, you need to make sure it—and you—are ready.
If you already have those plans in place—great! But have you tested them recently?
BCDR plans don’t fall under the “set it and forget it” category. Threats evolve, technologies change, and unexpected issues arise. Even the most detailed and thorough plan can look flawless in theory, but in practice, you may uncover some serious issues that could lead to potentially catastrophic data loss or downtime. The most careful planning is pointless without regular and rigorous testing.
BCDR testing involves running exercises and simulations to ensure there are no gaps, vulnerabilities, or unforeseen issues with a BCDR plan. Key aspects generally include:
It’s also essential to also assess communication and coordination processes (such as notifications, employee responsibilities, and escalation procedures) at every step, as these are critical to the success of the plan. You should ensure that organizational stakeholders understand their roles and responsibilities as well as where and how to share and get information during a crisis (for example, by using instant messaging if the business’s email system is inaccessible).
The consequences of not engaging in BCDR plan testing can be severe for both you and your clients, including:
The loss of customer trust can be catastrophic. Current clients may decide to work with another provider, and the damage to your reputation could scare off potential customers. If you are serious about ensuring your customers can survive a disaster, cyberattack, or any other incident, you must include testing as a consistent element of BCDR planning and readiness. By doing so, you also help develop their customers’ resilience against evolving threats and cultivate professional credibility.
Goals are beneficial for providing a clear direction for BCDR testing, including making sure tests align with overall business goals. In particular, you should establish Recovery Point Objectives (RPOs), which refer to the amount of data that is acceptable to lose before restoration, and Recovery Time Objectives (RTOs), the amount of time before services are restored.
Additional goals for disaster recovery and business continuity plan tests can relate to:
Again, these objectives will vary for each customer. You should help define goals and other desired results by working with key stakeholders from executive leadership, IT teams, and departmental managers; considering budget and resources; and emphasizing continuous improvement.
There are several different types of BCDR testing, each of which offers pros and cons. The business continuity and disaster recovery test types that are appropriate for an organization will depend on a variety of factors, including its size and nature, available resources, and the stage of BCDR testing taking place.
These involve real-time discussions with organizational leaders and anyone else with a critical role in the BCDR plan. The group examines the plan, explores different scenarios, and ensures that all business units are accounted for.
This type of testing is best suited for the beginning stages of the process. Tabletop exercises can also be an effective training tool.
In walk-through BCDR testing, the team is faced with a specific type of disruptive event, and each member goes through their individual roles and responsibilities to identify any gaps or inefficiencies.
This is another type of test that is most appropriate for the preliminary stages of the testing process.
This test checks if failover systems — backup modes that go into action when a primary system fails — can handle required business operations, processes, and applications after a disrupting event.
To reduce the risk of wasted time and resources, parallel tests should be undertaken only when teams have successfully addressed all gaps and issues with tabletop exercises and walk-throughs
Unlike the parallel test, in a cutover test, the failover systems are completely disconnected from the primary systems to take on the full load of business operations. It is the closest possible simulation of an actual disaster event.
Because cutover tests require critical systems to be disconnected, these tests should be conducted in the final phase of the BCDR testing process.
In addition to various types of tests, a comprehensive BCDR testing strategy checks systems at different levels of depth to ensure all aspects function as expected.
When advising customers on the levels of disaster recovery and business continuity plan testing they need, keep these factors in mind:
You should also take time to educate customers on the different levels of BCDR plan testing to help them understand which ones are most appropriate for their needs and capabilities.
Because they require less infrastructure and fewer employees, theoretical tests like tabletop exercises and walk-throughs should be undertaken several times a year. More comprehensive and advanced tests that require significant resources and time, such as parallel and cutover testing, should be done at least annually.
However, the schedule will also depend on several factors, such as:
Failing to test often enough can have consequences, ranging from annoying and expensive to disastrous. These include a lack of preparedness, compliance risks, fines, and permanent data loss.
When working with customers to design a BCDR testing strategy and schedule, you should aim to align the timing with business cycles, any business updates, and regular maintenance periods to reduce the disruption to normal operations. The agreed-upon schedule should be communicated to all employees who will be affected, particularly those who will be needed for the testing process.
BCDR testing is a critical but often-overlooked aspect of planning for business continuity and disaster recovery. Creating and executing a testing plan can be a time-consuming and complicated process, which is why many businesses fail to do it. MSPs can help by:
In addition to discovering that processes do not include essential steps or employees do not know what their responsibilities are, businesses that don’t test their plans regularly may find backups have been corrupted or are otherwise unusable.
BCDR solutions from ConnectWise help MSPs provide clients with secure, automated, and reliable data recovery—a key element of BCDR planning and testing. Start your free BCDR demo today to take the next step toward improving your disaster recovery service offering. Also, ConnectWise Co-Managed Backup includes regular disaster recovery testing on behalf of ConnectWise MSP partners and their clients.
MSPs should take care to document, review, and analyze the outcomes of every test, then prioritize the lessons and revise the affected elements of the BCDR plan accordingly.
Technology is absolutely essential for data backup and recovery during testing, as well as to protect primary systems during the testing process. Many tools also support automation and simulation, which can streamline testing and make it more realistic.
Knowing what specific way disaster recovery plans can be tested safely is critical to a BCDR testing strategy. All testing should take place in an environment that has been securely isolated from primary systems. To reduce disruptions to normal operations, testing should be scheduled during slower periods of business activity, such as in the evenings, early mornings, or on weekends.
Use data validation scripts to verify data consistency, relationships between data, and any errors. Data should also be encrypted, anonymized, and tracked during testing to provide further assurance that it retains its integrity.
Phases of the testing lifecycle include:
Upon completion of BCDR plan testing and analysis of the outcomes, MSPs should write a comprehensive report that covers details on testing goals, how testing was carried out, and the results. It should include: