Testing & Exercising

ISO 22301 describes an Exercise as: A process to train for, assess, practice and improve performance in an organisation.

It also states that a Test is: A unique and particular type of exercise, which incorporates an expectation of a pass or fail element within the goal or objective of the exercise being planned.

Business Continuity procedures, plans, systems, and the people trained to use them should be tested and rehearsed for suitability.

Tests and Exercises come in many forms with varying degrees of scale, complexity and duration. Whatever forms are used in an organisation; they should be shaped and conducted to identify areas of improvement, promote confidence in those involved, eradicate planning assumptions, and ultimately confirm the effectiveness and timelines of recovery procedures.

Tests are normally conducted to evaluate IT systems, specific procedures, or other equipment where a pass or fail can be easily determined.

Exercises are normally developed and conducted to:

  • Rehearse people
  • Evaluate plans for content, relevance, and information accuracy
  • Assess communications
  • Promote familiarity

DisasterComUK consulting practitioners work with organisations locally, nationally and internationally to develop and facilitate the full range of Tests and Exercises including:

  • Discussion-based: These are events where plans are walked through, relevant issues are explored, and dependencies highlighted; all with the aim of providing direction for further plan improvements and overcoming issues in a non-pressurised environment.
  • Table-top: These are typically scenario-based discussion events using an exercise timeline (current or virtual). Participants demonstrate the effectiveness of the plans being exercised and are individually assessed on their familiarity of them.
  • Live: Live exercises are developed and facilitated as events focussing on specific Business Continuity procedures through to full-scale business rehearsals, often including key suppliers and other interested parties. These types of exercises typically include everyone who is named within the response and recovery framework and are usually conducted to understand the organisation’s true capability to respond and recover from major incidents. Other than real events; these types of exercise are the most effective way of understanding how the organisation is able to fully recover essential services when major incidents occur.