Castellan brings every aspect of resilience management – from readiness to response – together in one place, so you can stop hoping and start knowing.
Now you’re ready.TM
When it comes to operational resiliency, crisis preparedness is more than just planning. There are a lot of moving pieces—from employee safety to business continuity, supply chain management, and minimizing the impact of a disruption on your customers while also mitigating reputational damage and decreasing downtime and financial impact.
While you can get your crisis preparations “right” on paper, without routine and frequent testing and exercises, you may never know if your preparation will work—or where you may have significant fail points—until it’s too late.
So where do you begin and what do you do? Let’s take a look at 10 key considerations for business continuity to help make your resiliency exercises successful. Castellan also offers an Exercise Template designed to guide you through the development and effective execution of a wide range of business continuity exercises.
1. Understand exercise scope
Before initiating a testing exercise, it’s important that you—and all of your participants–clearly understand exercise scope. What’s the main exercise goal? What do you need to accomplish? By clearly communicating this before the exercise gets underway, you can facilitate improved cooperation between all of your team members.
2. Bring the right people to the table
Exercise success is also contingent on ensuring you’re bringing the right people to the right table at the right time. For example, if you’re conducting a crisis response simulation, it’s likely you’ll need to involve your executive team and other key stakeholders—people who may not be responsible to the day-to-day tasks needed to complete the exercise, but those who need to be accessible for key decision-making and facilitation. By bringing your executives into exercises where appropriate, they can get a better understanding of your processes, see effectiveness, and understand requests for resources and support in the future.
3. Engagement is key
It’s not just about getting the right people to the table, but also ensuring your participants are engaged in the exercise. By building active engagement, your team members can better understand how their individual roles fit into the bigger picture for organizational success. You can help facilitate active engagement by building a strong communication and education plan, one that introduces team members to business continuity concepts as soon as they join your organization, routinely throughout employment, and as a regular part of your organizational culture.
4. Understand the end game
Exactly what you need to accomplish during your exercise will likely vary from one organization to another, but, in general, every exercise you undertake should have a goal of improving your business continuity, disaster response, crisis management plans, and closing discovered gaps.
5. Success measurements
Like goals for your exercise, success measurements vary depending on your organization, however, one overarching theme carries through for evaluation of exercise success. If everyone sits back at the end of the exercise and says, “It went perfectly,” then as counterintuitive as it may seem, there’s a pretty good chance your exercise was a failure, not success. That’s because of what we mentioned in No. 4… your goal is to improve your plans. There’s always room for improvement, so if you successfully hit points 3 and 4, then number 5 becomes clearer. Remember, an exercise “failure” is a win because it exposes weak points or other issues that you get a chance to resolve (and test again) before a real disruptive incident occurs.
6. Culture consideration
When planning a business continuity exercise, it’s all about culture consideration. Your goal with your business continuity program should be to ingrain it so deeply into your organization, it’s part of the culture. But there’s a reverse here, too. When you’re communicating with your teams and educating them about business continuity, you must also incorporate your organization’s culture into these exercises. For example, what are some of the key words you use for crisis or disruption? Do you say “event” or “downtime” or “disruption?” Use those words in your communications so the terminology resonates across the business and is easy to incorporate into your messaging.
7. Realistic scenarios
One of the ways to build engagement and program buy-in is to ensure the exercises you’re doing are realistic or plausible. It’s OK to periodically test a black swan event, but do your best to ensure its applicable and, at least, possible. For example, if your organization is hundreds of miles away from the nearest ocean, and you don’t have any other locations or branches near an ocean, then it probably doesn’t make sense to do an exercise that tests your response to a tsunami warning. However, maybe you be based in an area that’s prone to fires. Then, it makes more sense to do an exercise about a fast-moving wildfire. Conversely, don’t focus on exercise scenarios that only apply to your headquarters location. If you have branches or other offices in different geographical regions, you’ll need to develop testing scenarios for those, too.
Looking for assistance with defining plausible scenarios? Our Plausible Scenario Builder has the five-step framework and included worksheet to help you do so.
A good point to note here is also the impact of remote employees on testing business continuity plans. Your employees may live in areas that could affect their abilities to operate, even if your office locations are unscathed. You should also consider these situations in your exercise examples.
8. Education and training differentials
We mentioned earlier the importance of goal-setting for your exercises. Let’s go one step further here and be sure that your testing exercise is specifically tailored to the type of outcome you want to achieve. For example, is your exercise designed to test a specific process, plan, or procedure’s effectiveness? If yes, you’ll want to do a training exercise to ensure the team members responsible for those tasks can successfully complete them. In another instance, you may want to do an exercise that demonstrates to your executives and key stakeholders about what a plan is designed to do. In that case, you’d focus your exercise on awareness and be sure to include those key members in the process.
9. Test assumptions
Many business continuity plans include a variety of scenario assumptions. An exercise is a great time to test these assumptions and determine if they’re accurate or make adjustments if they’re not. For example, if your exercise centers on loss of electric power, and you’ve made assumptions about backup capabilities, test those during your exercise to see if back-up capabilities function as you intended.
10. Set exercise boundaries
One thing that can quickly derail your exercise, and your team engagement, is not establishing exercise boundaries at the beginning. For example, if you’re in a testing scenario with no internet access, but your plan includes ability to be online, you’ll need to make that boundary clear to participants at the start of the exercise so they can effectively move through it while coming up with workarounds and other solutions for that testing boundary.
These are just a few of the ideas about exercise efficiencies shared by a panel of experts in, “Smoke Test: Exposing Single Points of Failure Through Exercises.” If you’d like to go deeper and explore cross-industry insight into what makes exercises successful and where you can have failures, check out this on-demand webinar now.
Need help developing your business continuity exercises? Contact a Castellan team member today.
Get The Exercise Template
Now you’re ready.TM
Get resilience insights delivered to your inbox.
Save a spot in our upcoming webinar “The Keys to Defining Impact Tolerances” on Wednesday, May 25th at 11:00am ET / 4:00pm BST.