In order to obtain assurance, your qualified continuity plan should be tested.
Don't wait for it to be "perfect". Test soon, and use the test to find weaknesses.
The effort you put into testing will depend on risk. Begin with a desktop test, discussing the plan step by step with stakeholders.
Iterate the test and watch your plan improve, as well as your ability to execute it.
Nothing beats reality. A realistic simulation is the next best thing. It won't be cheap or simple, but certain scenarios need to be simulated.
(some of) my events
- 2018-05-28 Informationssäkerhet för ledare (teaching course, Luleå)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)
- 2018-04-18--20 Operativ informationssäkerhet (teaching course, Stockholm)