In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses 7 Business Continuity Exercise Scenarios that you can use to prepare your organization for disruption.
Related Episodes & Blog Posts
- Blog Post: How to Evaluate Plan Effectiveness After Active Shooter Exercises
- Blog Post: Crisis Exercises: Why are they important?
- Episode #85: Rethinking Active Shooter Preparedness & Exercises
- Episode #130: Suiting up for the Crisis – The Crisis Leader
- Episode #131: Suiting Up for a Crisis – Part 2
Hello, and Welcome to the Managing Uncertainty podcast. This is Bryan Strawser, Principal and Chief Executive here at Bryghtpath. And in this week’s episode, I’d like to talk about seven business continuity exercise scenarios that you can use, that you can prepare for in your organization. According to research, we know that about 25% of businesses fail to recover after a disaster. If they lack a business continuity plan, a recovery plan, it becomes hard to cope with the repercussions of a disruption. That’s why your business needs a business continuity plan. Now, to top up your security, your business security, and thinking about exercises, testing your business continuity plan is crucial. It’s good to understand that every business has a distinct business continuity plan and approach, depending upon your industry and your size and regulatory issues, and other factors.
That’s why you need to make sure you carry out a risk assessment and a business impact analysis, to be aware of these factors as a part of your planning process. But here we’re going to talk about some common business continuity exercise scenarios, the types of exercises, and the importance of making sure that you’re exercising or testing your continuity plan.
First, from our standpoint, there are three common types of exercises that you may use with your business continuity plan. The first is just a plan review, probably the most straightforward type of exercise. Your team goes through all the points on the business continuity plan. We use it to ensure the plan covers all the company’s objectives. And we do this without doing any real practical exercise work. It’s a walkthrough of review. The second is a tabletop. It’s probably the most common type of exercise. It’s definitely a strengthened version of the plan review. In this exercise, employees use the plan in a facilitated kind of conference setting, virtual or physical. And as inputs are received from the facilitator, your employees then respond to those exercise inputs as if they would, in an actual incident. The third is a simulation, by far the most realistic of these three exercises where employees actually do the thing.
They use the plan and execute the elements of the plan. It’s the most practical and detailed, and probably the closest to reality that you can get in an exercise. Now, exercising your business continuity plan is critical. It creates a picture of risk scenarios. It makes it easy for teams to understand how to use the plan. It builds confidence. Your team gets practical preparation. They build muscle memory, it helps you identify loopholes in your continuity plan. It ensures you cover all of your objectives and it gives you room to amend or change the business continuity plan before a scenario actually happens.
From an exercise standpoint, let’s then talk about some potential scenarios. What type of exercise could you conduct and what are the importance of these? So let’s dive into a couple. The first are cyber attacks. Cybersecurity, of course, is still a worrying issue for most businesses. It poses a threat to your data and your reputation. Since most companies today share their data in a networked environment, you’re prone to ransomware, phishing, malware, and other types of attacks that can lead to data loss and an expensive recovery and reputational problem. For instance, think about a scenario where one of your employees is penetrated due to phishing, leaking in the company’s critical details and information. You need to start thinking about, do you have the means to retrieve the data? Can you retrieve the data? How fast would it take to determine this extent of the attack? Is your information encrypted? Has that been … have you lost information? And what is your immediate response and reporting process?
The second of course is a pandemic. What we’ve all lived through for the last several years. As much as pandemics don’t happen very often, COVID-19 came as a reminder that we can’t avoid preparing for one, you need to have measures in place to control the effect of the pandemic as a business, since the inception. For instance, in a future contagious disease, your business continuity plan should stipulate what work needs to be done in person physically, how remote workers can access company data and how your business continuity plan would affect things like payroll for better coordination. With these measures in place, the situation with a pandemic becomes more manageable, and you have an assurance of being able to continue your business in the face of that pandemic.
The third scenario is a physical disruption that could be a fire or an active shooter or a workplace violence incident. For example, if there’s a fire, is your team aware of how they could respond to that. Depending upon your company’s location, some areas have a requirement that you have fire drills. Either way, it’s wise to prepare your team in advance.
A fourth exercise scenario is natural disaster, especially in disaster-prone areas like the American Southeast prior preparation is critical. These disasters could involve earthquakes, hurricanes, wildfires. For example, in the case of earthquakes, the West Coast of the United States and Hawaii are prone to earthquakes, or wildfires as we’re seeing right now in Colorado. Whereas the East Coast of the United States, more prone to hurricanes and major snowstorms. Depending upon your business location, you may need to prepare to handle such occurrences. You may even need to set aside a budget to control damages and set up your business in a way that it can withstand such disasters. And you should also prepare for a time when it’ll be impossible to have employees reporting to work physically.
A fifth exercise scenario, a network outage. Today, access to a network is critical for communication and completing your everyday tasks. Having a backup plan for this is vital. You should ensure employees can access company data through a secure means. That ensures the business continues, especially in critical departments and functions.
And lastly, your seventh exercise scenario is emergency communication, a very critical part of any business. This means having a channel of informing your ideal personnel when there’s a hitch or shortcoming. For example, how fast is your channel for emergency communication? Does your channel offer emergency contacts, people that are the first to get information? In the case of a power or network outage, would you still communicate? Is your team well informed on how to access it? These are some of the questions you need to ask when selecting an ideal communication channel, that’s because communication is the backbone of success in any undertaking. It helps with coordination, ensuring you conquer any barriers your business might encounter.
It would be easier for a business to respond to a risk when there are measures already in place. That’s because you’re not starting from scratch. You get to minimize the downtime and survive the season until recovery. Every business needs this from a continuity standpoint, despite any disruption that might occur. So if you need help figuring out your company’s exercise scenarios or strategy, or designing your business continuity plan or program, contact us today. We’d be happy to guide you through the process. That’s it for this edition of the Managing Uncertainty podcast, we’ll be back next week with another new episode. Be well.