What's the difference between testing and exercising in business continuity and disaster recovery?
If you're going to run a marathon, you exercise for several months before. You run, stretch, eat healthily, do sprints, burn fat, watch Chariots of Fire and so on. You're preparing your body and mind for a test. On the day, you hopefully finish the marathon. The discipline of exercise has improved your fitness, strengthened your mind and allowed you to pass the test. Simple.
But what is the difference between a 'test' and an 'exercise' in business continuity and disaster recovery?
Unhelpfully, it depends who you ask. For some people, the two are the same. Any procedure that checks the validity of your business continuity plan could be called a test or an exercise.
In practice, it's actually not dissimilar to preparing for a marathon. There is still an important difference between the two terms.
A 'test' implies you can pass or fail.
Experts use the term 'test' for specific elements of the recovery. Does a generator work? Does the emergency notification system work? These questions have binary yes/no answers.
IT Disaster Recovery can fit into this category too. If your IT can't be restored at an alternate site, or it takes 72 hours to recover when it should take 8 hours, it is entirely possible to fail your IT DR test. But always introducing a pass/fail element can be counterproductive...
An 'exercise' is when you work through the recovery steps.
You do exercises to see how you perform and make sure the plan is up to date. You detail areas for improvement and performance against your targets.
So how to differentiate the two? Does the exercise have a measurable, pass/fail outcome? If so, it's a test.