The Best Damn IT Security Management Book Period

At this point, you have your BC/DR plan pretty well defined and ready to go. The next step in the process, as shown in Figure 35.1, is training, testing, and auditing. Training includes training staff on their roles and responsibilities related to the BC/DR plan as well as training them in the specific skills they'll need to carry out their roles effectively. Testing is the process of testing the plan, and there are various methods for doing so that we'll discuss in this chapter. Finally, there is the process of auditing the IT systems that form the foundation of most BC/DR plans.
There's an interrelationship between testing, training, and auditing as shown in Figure 35.2. Performing one impacts the other two when you test the plan, you're training and auditing to some extent.
Training, testing, and plan maintenance are all bound together. Testing the plan trains staff and maintains the plan. Training staff tests and maintains the plan. As you train staff and test your plan, you will likely find areas that require modification. These modifications are made through the change management process defined as part of the plan maintenance phase. The information you glean from training and testing can be extremely useful in honing your plan in advance of a disruptive event. Testing and training go hand in hand, so let's begin by discussing training. We'll discuss plan maintenance in Chapter 36.