Business Continuity Testing

A message for all those companies who have not tested their Business Continuity Plans. The last BCP test I conducted for a large Financial Service Company based on their ASSUMPTION that if a disaster occurred in their HQ offices, they would ask staff to work from home.

Resulted in the following lessons:

The internal network would only allow the first 600 users to access the internal systems via the network gateway.

After the first 300 users log on the network gateway crashed.

Of those staff actually manage to log on several critical applications performance were so bad as to be useless.

The SIEM crashed. With several log files corrupted.

The DLP (data loss prevention) would not allow many business functions to operate and had to be terminated.

Had a genuine external hack attack been attempted then it would have not been detected!

Many critical business functions assumed certain end point configurations and would not work correctly.

The resulting lessons were recognised. All modes of Continuity Plans needed to be tested. Management assumptions were never to be trusted. What seemed a trivial exercise turned into several major projects to allow working from home to operate.