We have found that a majority of DR Offices do not have a formalized process to identify what applications they should exercise and what applications do not require regular exercises to be conducted. Â At times, its the flip of a coin or someone in management who decides it would be nice to test this or that. Â At MHA, we have taken the approach to consider two key factors in determining what to exercise:
- Business Impact Analysis (BIA) Recovery Time Objective (RTO)
- Recovery Demand (RD)
Exercising applications with a critical BIA RTO and high RD score are easily defensible to management. It is the less obvious values that will require management decisions as to what levels they deem acceptable.
Step 1: utilize the Business Impact Analysis Recovery RTO level assigned to each application.
Step 2: in conjunction with the application manager calculate RD for the application; apply scoring from 0 to 3 (Low to High) based on RD for each category (e.g., Hardware and Data Storage, Integration / Dependencies, Personnel).
Step 3: matrices BIA and RD, in conjunction with management determine the exercise threshold for the individual application.
Applications with Recovery Demand scores that are shaded should be exercised on a regularly scheduled basis. Applications with Recovery Demand scores not in the shaded area do not need to be tested on a regularly scheduled basis.
Michael Herrera
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.
