Some Insights for our members

Pull the Plug: The Importance of TestingYour Safety Nets

If It Has Never Been Tested, It Cannot Be Trusted

There is a quiet assumption inside many institutions.

Backups exist.
Redundancy is in place.
Failover systems are configured.

On paper, everything is covered.

But paper does not carry traffic.
Diagrams do not restore systems.
And assumptions do not survive outages.

The only way to know whether a backup works is to remove the primary system and observe what happens.

That is uncomfortable. It is also necessary.

The Illusion of Protection

We often encounter environments where leadership is confident in their recovery posture. There are secondary circuits. There are backup data systems. There are alternate power paths.

When asked how these systems were validated, the answer is usually one of the following:

  • The vendor confirmed configuration.
  • The team reviewed the design documents.
  • A tabletop exercise was completed.
  • A component test was performed.

What rarely occurred was a controlled interruption of the primary system to observe real behavior under load.

A backup that has never carried production traffic is not proven. It is theoretical.

And theory does not hold up when students cannot access systems, clinicians cannot retrieve records, or public services stop responding.

What Real Testing Reveals

When institutions conduct controlled failover testing, several patterns emerge.

Sometimes the secondary path works exactly as designed. That is the best outcome.

More often, however, testing reveals:

  • Network paths that reconverge at a single unprotected location.
  • Authentication systems that were not included in the failover plan.
  • Storage systems that were synchronized, but not verified for integrity.
  • Power systems that transferred, but introduced instability elsewhere.
  • Staff roles that were unclear once an incident was no longer theoretical.

None of these issues are dramatic in isolation.
All of them are significant under real conditions.

Testing does not create problems.
It exposes them early, when correction is still controlled and reputational damage has not occurred.

Why Institutions Avoid Pulling the Plug

There are understandable reasons.

Leaders do not want to risk disruption.
Operations teams are stretched thin.
There is concern that something might break.

But that concern is the point.

If a system breaks during a planned, supervised test, it can be corrected quietly.

If it breaks during an unplanned outage, it becomes visible.

The difference between resilience and embarrassment is often whether someone was willing to validate the safety net before it was needed.

A Disciplined Approach to Backup Testing

Testing does not mean recklessness. It means structure.

A responsible validation process includes:

  • Clear documentation of expected behavior.
  • Defined success and failure criteria.
  • Stakeholder coordination across departments.
  • Observed performance under real load.
  • Post-test review with documented corrections.

This is not about proving that the team did everything right.
It is about confirming that the institution is protected in reality, not just in documentation.

Backup systems should be treated the same way we treat primary systems. They deserve scrutiny, measurement, and accountability.

The Role of Independent Oversight

When backup validation is led by the same parties who designed or installed the systems, blind spots are common. Not because of incompetence, but because of proximity.

Independent oversight introduces questions that are easy to overlook:

  • Does the alternate path physically separate from the primary route?
  • Has failover been observed at full institutional scale?
  • Are there shared dependencies that undermine redundancy?
  • Is responsibility clear when a switchover is required?

Institutions where failure is public and expensive cannot rely on assumptions.

Confidence should be earned through verification.

If It Has Never Been Tested, It Cannot Be Trusted

Most organizations believe they are resilient until the day they are tested without warning.

The institutions that navigate those moments calmly are rarely the ones with the most elaborate diagrams. They are the ones who already pulled the plug once, corrected what surfaced, and documented the results.

Testing a backup system is not a sign of distrust.
It is a sign of stewardship.

If you would like to discuss how your institution approaches backup validation, Contact Us for More Info.

Share this post:

Categories

Build a 5-Year Information Tech Roadmap To Survive Budget Cycles

The Rising Pressure on Today’s Enterprise Leaders: What’s New

A Tactical Guide for CIOs: Reducing Risk While Adopting New Tech