Think back to the last big incident you experienced at your organization—whether it was a storm outage, water damage, equipment failure, computer worm, or something else. Were your BCP/DRP plans used? If so, did they succeed or fail? If not, why not? Were records kept? Was there a review after the incident to discuss lessons-learned and update the plans accordingly? Does your organization perform annual testing of its plans? And finally, are you ready for a worst-case scenario?