Test BCP
BS 25999-1 states that an organisation’s Business Continuity and Incident Management arrangements cannot be considered reliable until tested. Testing is essential to develop teamwork, competence, confidence and knowledge all of which are vital at the time of an incident.
ISO 27002 expands this further by stating that the tests should ensure that all members of the recovery teams and other relevant staff are aware of the plans and of their responsibility for Business Continuity and Information security as well as know their role when a plan is invoked.