Maintain Your Disaster Recovery Plan

Once you have a completed disaster recovery plan, you must regularly review, update, and test it.

Check Backups

  • Make backups at intervals required by your disaster recovery plan for the level of data you are maintaining. (See Back Up U-M Data.)
  • Check your backups at regular intervals to ensure they are backing up your data as intended and the data are recoverable if needed.

Review and Update Your Plan

Disaster recovery plans must be reviewed annually and updated whenever a significant change to system architecture, system dependencies or recovery personnel occurs. This includes, but is not limited to:

  • Changes to IT infrastructure, such as data center used, networking, systems hardware, and so on.
  • Changes to data types stored in a system.
  • Changes to staffing that impacts persons with roles in the data recovery plan.


At a minimum, an annual tabletop exercise or equivalent should be conducted that simulates the abrupt and unscheduled loss of critical functions. The testing methods you can use include:

  • Tabletop Exercise/Structured Walk-Through Test
    A tabletop exercise/structured walk-through test is considered a preliminary step in the overall testing process and may be used as an effective training tool; however, it is not a preferred testing method. Its primary objective is to ensure that critical personnel from all areas are familiar with the Business Continuity Plan (BCP) and that the plan accurately reflects the financial institution's ability to recover from a disaster.
  • Walk-Through Drill/Simulation Test
    A walk-through drill/simulation test is somewhat more involved than a tabletop exercise/structured walk-through test because the participants choose a specific event scenario and apply the BCP to it. However, this test also represents a preliminary step in the overall testing process that may be used for training employees, but it is not a preferred testing methodology.
  • Functional Drill/Parallel Test
    Functional drill/parallel testing is the first type of test that involves the actual mobilization of personnel to other sites in an attempt to establish communications and perform actual recovery processing as set forth in the BCP. The goal is to determine whether critical systems can be recovered at the alternate processing site and if employees can actually deploy the procedures defined in the BCP.
  • Full-Interruption/Full-Scale Test
    Full-interruption/full-scale test is the most comprehensive type of test. In a full-scale test, a real-life emergency is simulated as closely as possible. Therefore, comprehensive planning should be a prerequisite to this type of test to ensure that business operations are not negatively affected. The institution implements all or portions of its BCP by processing data and transactions using back-up media at the recovery site.

For more information, see the Exercises and Tests section of the FFIEC Examination HandBook. When you update or make changes to your plan, repeat your testing.