By now, it’s standard practice to advise clients to test and exercise their crisis management plans. Beyond that, clients should perform a needs and gap analysis, as well, to determine the kind of exercise that fits their business resilience needs. But what comes next? Here’s what your clients need to know about the stages of crisis management testing.
Discussion versus operations-based exercises
Broadly speaking, crisis management exercises fall into two big buckets. They are discussion and operations-based exercises.
Also called dilemma exercises, discussion-based exercises familiarise participants with current plans, policies, agreements, and procedures.
Operations-based exercises, on the other hand, validate plans, policies, agreements, and procedures. They also help participants clarify roles and responsibilities as well as identify resource gaps in an operational environment.
Stages of Crisis Management Testing
The outstanding question for clients, once they’ve determined which exercise makes the most sense, is what to do next? Well, crisis management exercises differ in kind, but many of the basic stages of crisis management testing apply to all of them. Those stages include:
- Run-through. Your client carries out a joint exercise run-through prior to the start of the exercise in order to ensure that all members of the exercise team receive the same initial information. This review should be brief and contain only information that is vital to ensure that the participants can perform as planned during the conduct of the exercise. The lead evaluator should be a participant in this process. It is also critical that a similar review occurs with the control team, to remain synchronised with scenario changes and facilitate the implementation of the exercise director’s guidance as the exercise proceeds.
- Start-up briefing. Your client organises a start-up briefing, during which time they clearly communicate the reasons for an exercise intervention (both crisis and non-crisis) to all participants. The start-up briefing should be used to avoid confusion between simulated and actual events.
- Launch. Your client checks the communications that will be used to launch, stop, and terminate exercises and testing prior to the scheduled launch. The methods for communicating launch, stop, and terminate exercises and testing should be explained during the start-up briefing.
- Wrap up. Your client uses the same communications for launching and temporarily stopping at the end of the exercise. The start-up briefing should be used to ensure clear communication with the intent of avoiding confusion between simulated and actual events.
- Post-exercise briefing. Your client organises a post exercise briefing in order to gather information from actual exercises and testing. Critique of actual incidents and near-incidents will provide valuable information concerning the validity of the plan, the resources that were available, how the resources were used, and the transfer of behaviour learned in training. Every actual incident should be subjected to a critique and a review by key decision makers. The same format for the critique of an exercise or test will be used for an actual incident. During the post-exercise debriefing, special attention should be given to the functioning of the exercise organisation and the exercise planning process.
- Observation. The evaluators of the exercise should have knowledge of the expected performance. They should have prepared observation forms, which should contain the exercise performance objective and allow for notes to be taken during the exercise.
While important, understanding and executing the stages of crisis management testing aren’t all it will take for your client to ensure business resilience. A robust crisis management testing capability is needed, as well. How to advise your clients? Start by downloading our Guide to ISO 22398: Crisis Management Exercises and Testing:
.svg)
.svg)
.svg)