Don’t Test and Don’t Check

I am amazed sometimes during assessments when I learn that critical backups and systems have never been tested.  Companies purchase the software, configure the setup and away they go.  They never bother to test. As an executive or manager you understand the risks and what needs to be done to protect the digital assets in an organization.  Your IT staff doesn’t necessarily have that understanding of risk.  They have no liability.

Executives and managers have an obligation to their clients, companies, employees and families to have critical information protected.  I am not saying you should set a budget for an offsite facility or spend more money on hardware/software.  I am simply saying that time needs to be invested in planning, checking and testing.  Preferably this is done by an outside source.  Not because I don’t think your staff is capable, because a second opinion can shed some new light on your environment.

Ask anyone that I have ever managed in consulting, it isn't working until it is tested.  If people don't like me because I require testing and verification, I can live with that.  It is too important to just assume it works.