What Applications Should You Regularly Exercise?

We have found that a majority of DR Offices do not have a formalized process to identify what applications they should exercise and what applications do not require regular exercises to be conducted.  At times, its the flip of a coin or someone in management who decides it would be nice to test this or that.  At MHA, we have taken the approach to consider two key factors in determining what to exercise:

  • Business Impact Analysis (BIA) Recovery Time Objective (RTO)
  • Recovery Demand (RD)
Each application in the DRP portfolio should be prioritized based on its Business Impact Analysis (BIA) Recovery Time Objective (RTO) and its corresponding Recovery Demand (RD) score.  RD is defined as the total level of demand associated with Computing Hardware & Data Storage, Integration / Dependencies and Personnel Resources.

Exercising applications with a critical BIA RTO and high RD score are easily defensible to management. It is the less obvious values that will require management decisions as to what levels they deem acceptable.

The current IT environment of reducing DR exercise expense, less test time, fewer personnel resources, etc.  mandate you exercise what is truly the most critical, complex, integrated and resource intensive applications.  The following steps are used to determine the frequency of exercise for each application:

Step 1: utilize the Business Impact Analysis Recovery RTO level assigned to each application.

Step 2: in conjunction with the application manager calculate RD for the application; apply scoring from 0 to 3 (Low to High) based on RD for each category (e.g., Hardware and Data Storage, Integration / Dependencies, Personnel).

Step 3: matrices BIA and RD, in conjunction with management determine the exercise threshold for the individual application.

Applications with Recovery Demand scores that are shaded should be exercised on a regularly scheduled basis. Applications with Recovery Demand scores not in the shaded area do not need to be tested on a regularly scheduled basis.

Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.

Leave a Reply

Your email address will not be published. Required fields are marked *

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog