Exercising and testing for continuity and emergency

Exercising and testing for continuity and emergency: planning and preparation via the BCP and contingency plans is necessary. This is because one must be sure that the plans and procedures remain fit for their purposes, and that the people remain competent to carry them out. After all, “Uebung macht den Meister.”

Therefore, mold exercises into a program, which one must design with the following goals in mind:

  • Gradually improve people’s competencies and confidence.
  • Ensuring that all sub aspects of incident response are working as desired.
  • Help ensure the integration of the partial aspects of incident response into a combined response.
  • Identify needed improvements to plans and response.
  • Demonstrate that the investment in exercises pays off for the organization.

Document the exercise sufficiently for any subsequent audit.

The outcome of any exercise should be the continuous improvement of the organization’s ability to weather difficult times.

Exercising and testing for continuity and emergency as a project

For exercising and testing for continuity and emergency plans it is critical to have consensus on why your organization needs a particular exercise. Therefore, the exercise must be defined from a business case. This should list what the benefits of the exercise are, and what the objectives are. When you formulate the objectives, keep in mind to validate them, as well as the evaluation criteria. Therefore, define them SMART: Specific, Measurable, Acceptable, Realistic and Time-Based.

The business case is a kind of project initiation document as one knows it from PRINCE2. Things to cover in it are:

  • an assessment of the business risks associated with designing and implementing the exercise,
  • the objectives and outcomes and evaluation criteria,
  • the expected benefits the exercise will provide,
  • financial resources available or deficits,
  • organizational resources and people available or not,
  • time possibilities and boundaries,
  • the commitment from the top.

For a small organization, a single person can do this, but for a medium or large organization, it requires the cooperation of a team to achieve a good result. This may involve representation from all parts of the organization. They must have the necessary knowledge and skills to perform their duties in the team, and to meet safety, legal, regulatory and contractual requirements.

Points of attention of preparation of the exercise

Timing

Timing must serve the objectives of the exercise. For that, they:

  • must be minimally disruptive,
  • should the required participants be available
  • and must have the physical locations, resources, equipment and facilities available.

Documentation

In terms of documentation, the team planning the exercise should provide, among other things

  • a timeline for the exercise,
  • a script and injects (things that are added, such as a press release),
  • multi-media materials as needed for the purpose of the scenario,
  • records of decisions made,
  • contact information and communication for participants,
  • documents briefing participants on the exercise,
  • instructions for actors and staff members/staff.

For the purpose of the design review of the exercise

For the design review of the exercise, review all resources, including the participants, to ensure that they are appropriate and available and can meet the objectives of the exercise. This review may include the following aspects:

  • finance,
  • logistics,
  • time and availability of all participants,
  • the required roles and functions for supporting the exercise and the identification, training and availability of appropriate personnel for support,
  • lessons identified from previous events that may be relevant,
  • inspect suitable locations before use,
  • equipment,
  • use of simulation techniques and materials,
  • the exercises scenario to ensure it is suitable for the lenses,
  • compliance with all relevant health, safety legal and regulatory and contractual obligations,
  • documentation for the exercise,
  • up-to-date and appropriateness of plans to return to normal after the exercise is conducted.

Prior to performing the exercise

Prior to performing the exercise, the exercise leader must:

  • brief the participants, actors, observers and referees about the exercise,
  • monitor security issues, communication lines and locations,
  • brief the potentially involved third-parties on the lines of communication, protocols and processes,
  • brief all participants on communication lines, protocols and processes,
  • Also brief all participants on any code words and the corresponding procedure for adjourning or closing the exercise to respond to a real-life event,
  • if it is necessary for the nature of the exercise , create a write up on the content of the briefing and details of all participants and stakeholders receiving the pre-exercise briefing.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts