Business Continuity Plan Exercising & Testing
Our services for business continuity and incident management plan test and exercises ensures that your plans are fit for purpose and can be relied upon when needed. Business continuity and incident management plan tests are developed as follows::
Stage 1 – Scope, objectives & synopsis
At this stage RiskCentric will work with you to ensure that the exercise meets their requirements.
Scope: What aspects of the contingency plan are to be tested. Do you want to test specific aspects of your contingency plan or all of it?
Assurance Objectives: what is that you looking to acieve from the test
Participants: Which parts of the organisation and which members of staff will be taking part in the contingency plan exercise? Will any third parties be involved or take part? Do we need input from others to assist with the planning and execution of the exercise?
Test/Exercise Type: Should the exercise be a desktop walkthrough, a rehearsal or stress test?
Reference Point: Will the exercise be conducted around a specific reference points such as just prior to posting financial results, month end?
Stage 2 – Detailed Planning
During the stage a detailed framework for executing the agreed contingency plan test is created
RiskCentric work with the designated client team to produce an exercise time line and a project plan for the delivery of this part of the exercise. The timeline identifies main events that will occur during the exercise and injects (such as social media posts, calls from the media/public) to drive the exercise forward and test exercise participants.
On completion of the detailed timeline RiskCentric prepare a brief to go out to all participating staff and agencies, giving details of the exercise, what preparation they should do in advance and what is required of them on the day
Stage 3 – Execution
A RiskCentric act as your exercise director, taking responsibility for the overall conduct of the exercise, orchestrating inserts and ensuring that the exercise timeline is followed.
Stage 4 – Feedback & Reporting
As soon as the exercise is finished a ‘hot debrief’ will be conducted. This involves all exercise participants who complete written feedback forms based on predetermined evaluation criteria. RiskCentric include this feedback in their overall feedback report which is produced soon after completion of the exercise.
If required a formal presentation of results, lessons learned and corrective actions can also be provide by RiskCentric
Advanced Testing Approaches
Business continuity and incident management plan tests can be performed in several ways: these range from the traditional desktop walkthrough and scenario tests to stress tests which create a realistic simulation of incident environment and impacts. To provide clients who want to go "the extra mile" and integrate live simulations into their business continuity and incident management plan exercises, we have developed tools to create a realistic reproduction of a live incident simulation. These tools introduce increased levels of spontaneity and realism into exercises by simulating randomness and uncertainty and allow participants to experience social media activity as it might occur in a live situation.
1. Stress Testing Business Continuity Plans
This type of stress testing introduces a further level of rigour into a contingency plan exercise by simulating random events that occur in live incidents. Imagine an exercise where the overarching scenario is loss of staff availability, widespread supply chain failure or servers “going dark": it’s difficult to realistically simulate that level of unpredictability by trying to plan it advance using the traditional approach of exercise "inserts". By using our stress testing tools a client can choose an impact scenario (say, 25% of staff unable to work). Using from a list of staff members, our impact simulator will process a list of staff, randomly selecting names up to the pre-determined impact level. Details of absentees are then gradually fed into the exercise for assess potential consequences and responses. Using this information exercise participants are required to respond and adapt "on-the-fly" to mitigate the impacts.
Using this tool we can bring realism to your business continuity and incident management plan exercises by simulating impacts such as:
- Staff unavailability
- Supply chain failure
- Infrastructure Cyber attack
- End-point device corruption
2. Simulating Social Media and Messaging activity
Our social media simulator simulates incident alert and sociial media comments and posts to create a realistic simulation of tofay's media environment. Operating in a self contained messaging environment, ensuring that messages do not “escape” into the real world, allows users to simulate incident notification and social media handling processes
For further information on contingency plan exercising, testing & simulations please contact us