Core 4.0

C-RM 2-3: Business Continuity Plan Testing

Submited by: Tom Goddard

The Basics

Your organization must test its business continuity plan ("BCP") no less frequently than every two years. Notably, the BCP test can be a tabletop exercise, which URAC defines as:
test of a Business Continuity Plan (BCP) that includes documentation of the following aspects of the test:

  • A tabletop exercise simulates an incident in an informal, stress-free environment.
  • The participants who are usually the responsible managers and the response teams gather around a table to discuss general problems and procedures in the context of an incident scenario.
  • A scenario is developed in advance, but there are no attempts to arrange elaborate facilities or communications. One or two evaluators may be selected to observe proceedings and progress toward the objectives.
  • The focus is on training and familiarization with roles, procedures, and responsibilities. There is review of the step-by-step procedures for each of the critical plan elements outlined in the BCP.
  • The success of a tabletop exercise is determined by feedback from participants and the impact this feedback has on the evaluation and revision of policies, plans, and procedures.
The only exception to this is that URAC suggests in a Leading Indicator element that you also conduct a real-life test of your back-up telecommunications situation. 
Your organization must use the results of its BCP test to address discovered issues and update processes as needed.

Management Tips

In a change from previous years, URAC will accept an actual disruption of business processes as a test of your BCP plan.
Make sure the testing requirement is written into your BCP, and that you have clear documentation of the most recent testing.

Accreditation Tips

Desktop Review
Submit the testing plan, and documentation of the tabletop test that includes participants, the scenario tested, and findings. Additionally, submit any other documentation, including policies and procedures, committee minutes, etc.
Validation Review
The URAC reviewer will interview leadership and staff involved in the BCP testing.
Document review
The reviewer will examine documentation of the most recent test of the BCP.

  • Core 3.2 / 06.03.2019

    CORE 11 - Written Business Agreements

    My colleagues and I have noticed, as have some veteran URAC reviewers to whom we've spoken lately, that some folks are still misinterpreting this standard. Let me see what we can do to help sort out the confusion.The standard requires that your organization keep "signed written agreements with all clients describing the scope of the business arrangement.""For which organizations does your organiza...

  • Core for Health Plan 3.2 / 06.03.2019

    CORE 40 - Health Literacy

    This standard, a new, experimental standard, suggests that your organization should have policies and procedures that address health literacy. In this context, the meaning of health literacy is, "The degree to which individuals have the capacity to obtain, process, and understand basic health information and services needed to make appropriate decisions regarding their health." The three suggested...

  • Core for Health Plan 3.2 / 06.03.2019

    CORE 39 - Consumer Satisfaction

    This short standard requires that your organization have a mechanism to collect information about your consumers' satisfaction.This often is done in the form of customer satisfaction surveys, consumer complaints, and sometimes even focus groups. Find out what your organization does -- it's likely more than one mechanism.