Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

Getting Started with Business Continuity Testing

75% of businesses without a business continuity plan (BCP) fail three years after disaster. But in 2024, an untested BCP won’t offer much in the way of security. Only a best-practice exercise management program will do. Not sure how to start one?

Read on to find out how you can get started with business continuity testing today.

Why test business continuity plans?

So, why won’t any old untested BCP do? Just think to what the BCP does.

The BCP offers a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.

Of course, those business processes change. The risk of significant disruption changes, as well.

Organizations must test whether the procedures they’ve put in place will actually work.

And the only time to test is before a disaster.

Reasons to test your business continuity plan regularly

Add to that, business continuity management (BCM) suffers from a lack of senior leadership buy-in.

A comprehensive exercise management program, based on best-practice business continuity planning principles, will help signal to higher ups the importance of BCM. That, in turn, helps garner sponsorship and resourcing for the program.

Other reasons to test your BCP regularly include:

  • Helps identify gaps and areas for improvement in the business continuity management system (BCMS)
  • Ensures compliance with regulatory requirements
  • Improves the quality of the plan itself by introducing new, relevant information
  • Demonstrates commitment to BC to clients, which might help secure new business and/or deepen existing relationships
  • Ultimately reduces recovery time and costs

Getting your exercise management program up and running

But how to start testing your BCP?

Start with the needs and gap analysis. This analysis establishes the need for exercises and testing in the first place.

What questions will inform this analysis? Common questions include:

  • Does the exercises and testing plan address requirements for exercises and testing?
  • Can this plan promote consensus with interested parties?
  • Does the plan offer an opportunity to reach and interact with its target group(s) and potentially address their interests?
  • Does this plan provide an opportunity to address multiple issues in depth?
  • Does this plan focus on key issues?
  • Does the plan provide information tailored to the target group(s)?
  • Is this plan practical and relatively easy to implement?
  • Does the plan provide for information transfer at relatively low cost?
  • Is this plan easy to update?
  • Is the effectiveness of this plan measurable?
  • Is this plan a good vehicle for education?
  • Is this plan creating a constructive and supportive atmosphere?
  • Is this plan an effective way to get publicity or increase public awareness?
  • Does the plan conform to the organization’s constraints?

Types of exercises to conduct

Beyond laying down the foundation for the exercise management program, the gap analysis should also signal what kind of exercise (out of the many available options) that that program should be using.

What are the types of exercises to conduct?

According to international exercise management standard ISO 22398, the most common types of exercises are:

Alert exercise

Tests the organization by alerting involved participants and getting them to arrive at a designated place within a certain time.

Start exercise

Tests how fast an organization can be activated and start carrying out its tasks.

Decision exercise

Exercises decision-making processes within an organization, e.g., the ability to make fast and clear decisions on actions and to initiate cooperation between those responsible and stakeholders, under time pressure.      

Management exercise

Focuses on the roles, organization, SOPs, etc.

Cooperation exercise

Exercises levels of coordination and cooperation between management levels.

Crisis management exercise

Simulates crisis conditions and gives personnel the opportunity to practice and gain proficiency in their plan roles.

Strategic exercise

Refers to comprehensive exercise activities at a strategic level. Aims at improving the integrated crisis reaction ability in exceptional threat and danger situations (crisis situations) and developing a comprehensive coordination and decision culture.

Exercise campaign

A series of recurrent exercises with a common generic organizational structure.

That’s not all, of course. These exercises can be further subdivided based on their methodology.

What are the types of business continuity testing methodologies and how do they get implemented stage-by-stage in a best-practice exercise management program?

Check out Best Practices in Business Continuity Plan Testing to find out.