Part 2: Best Practices to Improve Incident Management Exercises – Define & Design

When it comes to incident management, routine testing and regular exercises can ensure you’re ready to respond to incidents when disruptions occur.

In this three part series, we’re sharing best practice recommendations to help you improve your incident management exercises to enhance your overall organizational preparedness.

In part one, “Best Practices to Improve Incident Management Exercises,” we outlined three key preliminary steps: planning, defining scope, and setting objectives. If you haven’t already read it, be sure to check it out.

Now, let’s look at the next four steps, focusing on defining and designing key elements to make your incident management exercises stronger:


Design Your Exercise Scenario

Once you’ve set your scope and objectives, it’s time to design your exercise scenario. Here are a few things to consider:

  • Make sure your exercise scenario is realistic. Is this something that could actually happen?
  • Design your exercise with enough details so your team can react accordingly.
  • Involve team members from multiple departments in the design phase.
  • Determine where the exercise will take place.
  • Determine how many team members you’ll need.
  • Outline which key team members will participate and the potential impact on regular operations while they’re participating in the exercise.
  • Conceptualize possible roadblocks that could prevent you from conducting your exercise and plan accordingly.

Your exercise may be stronger if you align it to the incident management lifecycle including:

  • Incident detection and recording
  • Classification and initial support
  • Investigation and diagnosis
  • Resolution and recovery

Define Roles and Responsibilities

Before you begin, define roles and responsibilities for all participants. Then, when you conduct your exercise, test whether or not you need the roles you assigned for an actual event.

  • Do you need external resources in addition to internal ones?
  • Are all the right people involved?
  • Do you have any unnecessary roles or responsibilities?
  • Do assigned responsibilities align with the roles?
  • Don’t forget to include back-up team members in your exercises. You never want to have a response or recovery plan linked singularly to one employee for recovery or resolution.
  • Create a checklist of action items/tasks for each role.
  • Use your facilitator to evaluate roles and responsibilities in real time during the exercises

Create a Timeline

Your exercise should have a timeline with a start and stop time. The timeline should also extend to specific tasks so you can determine if your organization can recover within your estimated timeframe.

Use your facilitator to ensure your team members respect that timeline. This will also help participants understand their expected time commitments before the exercise gets underway.

When your team members meet exercise goals and objectives—even if it’s before the exercise is scheduled to end–have your facilitator bring the exercise to a close. Don’t keep running the exercise just because you have an end-time in mind.

Conversely, if your team doesn’t meet your objectives, go ahead and end the exercise on time and then evaluate what happened and why it took longer than anticipated. Re-evaluate your timeline for follow-up testing.

Develop a Communication Strategy

Before your exercise begins, make sure you have a communication strategy, just like the one you would use in a real event.

While you might not trigger these communications internally or externally during an exercise, you should still walk through the steps as if it is a real incident.

  • Who are the internal team members you need to communicate with?
  • Do you have an automated system that triggers tasks and notifies respective task owners?
  • How do you alert your executive team and key stakeholders?
  • What information will you share with them?
  • How will you communicate with your customers, vendors, and general public?

Create communicate scripts and get them approved in advance by all relevant team members. During the exercise, evaluate if those communication strategies are effective.

Here are some core topics you might want to include in your communication scripts:

  • What happened during your incident
  • Who the event impacted
  • What the event impacted
  • Expected timeline for resolution
  • What your employees/customers/public should do during the incident
  • What your team will do after the event for follow-up
  • When/if you resolved the incident
  • How you resolved the incident
  • What you plan to do to prevent it from happening again
Ready for some hands-on help? Let’s discuss how to best achieve your business continuity goals.