Exercise to Improve Resiliency not to Check a Box

By |2021-04-15T19:07:34+00:00April 15th, 2021|0 Comments

Most organizations with mature business continuity capabilities usually have a purpose-driven exercise program that includes testing the recovery solutions ranging from individual recovery strategies to detailed recovery plans. A mature business continuity program includes testing of all continuity plans at least annually and depending on the budget and requirements these exercises can range from simulations to walkthroughs. Sometimes it’s hard to get the program budget or participation for more elaborative exercises in those cases Tabletop exercise is usually one of the cost-effective and practical options both for mature and new business continuity programs. It is easier to sell to the executives and the business responders. However, an effective tabletop exercise would require planning and fluid facilitation by the BCM practitioner.

 The evolving nature of threats calls for continuing maintenance of a business continuity management (BCM) program. As a practitioner, you might be updating your governance documentation, program structure, continuity plans in response to both external and internal factors. Maintenance and updates ensure that the BCM program is effective and operational. One of the important maintenance projects is to make sure that your continuity plans are exercised and tested. Common ways to do that include plan walkthroughs, tabletop exercises, and functional tests. Some of these exercises are explained below:

Depending on your organization’s requirements and program maturity you can select the appropriate exercise type. A tabletop exercise is one of the ways for testing business recovery without real-time activation and is a good balance between plan walkthroughs and a functional exercise. These exercises require less planning as compare to a functional exercise and are more complex than a simple plan walkthrough.

Tabletop exercise scenarios could be designed to exercise response to the most likely organizational threat. For example: if you have an office site in a natural disaster-prone region such as a seismic zone you might want to exercise your continuity plans using an earthquake scenario.

Tabletop Exercise Scenario Example

Sample Scenario: Earthquake

Scenario Time: listing the day and time will enable the business to determine if it is a peak time for the process or not and depending on which the response can be customized.

Tip: Capture peak time information in the recovery plans. Business Impact Analysis (BIA) is a good time to discuss business process peak time requirements with the business.

Scenario Overview: overview should provide enough detail on how the disruption is unfolding without giving a lot of technical details about the scenario

Tip: Scenarios should not be too detailed in order to prevent rabbit holes

Inject additional information that would give impact information or precursor to participants about what needs to be focused on. Injects help with taking actions that meet the exercise objective

Tip: Injects should be aligned with the objective of the exercise.

Facilitator Card: facilitators could print question key cards in advance. These key cards help in driving the conversations and cover the key themes of the exercise.

Tabletop exercises should be conducted periodically. For an effective tabletop exercise – scenarios that address threats with higher likelihood and probability should be exercised more often. Regular BCM program exercises not limited to tabletop helps in building a more effective and actionable BCM program.

Recommend0 recommendationsPublished in Enterprise Resilience, Incident & Crisis Response

About the Author:

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.