In our recent blog, “When Surprise Business Continuity Exercises Go Awry,” we shared a few examples of things that can happen when your surprise business continuity (BC) or disaster response (DR) exercises go wrong.
Whether unintentionally inciting fear with an active shooter drill, or an employee panicking and accidentally wiping out your entire database with no backups...the unexpected can quickly turn a surprise exercise into a real incident and a PR nightmare for your organization.
So what can you do to help ensure your DR or BC surprise drills don’t accidentally create chaos? Here are some recommendations.
How to Run a Surprise BC/DR Test
- Begin with reviewing your business impact analysis (BIA) and existing BC and DR plans.
- Select 1-3 key components of your plans to test.
- Determine your exercise strategy. Will this be a simulation for one area or one application or will it be a full exercise?
- Create a scenario that is realistic and relatable, but not one that may incite panic or chaos with your employees, customers, or the public. Some examples include planning for data loss, loss of power, network or equipment failures, natural disasters, or disruptions like a fire or damage to your facility.
- Set the scope and objectives for your exercise and outline your goals, obstacles, and anticipated outcomes.
- Determine who should be involved and the outline the scope of impact on business operations, as well as employee safety and morale. Be sure to address concerns about your customers, key stakeholders, and the general public as well.
- Establish roles for everyone involved and ensure all clearly understand their expectations and responsibilities.
- Schedule the day, time, location, and duration for your exercise.
- Get senior leadership approval and make sure they’re aware of the exercise scope, schedule, and potential impact on operations.
- Loop in team members who can ensure testing goes off without a hitch, while helping team members feel safe and meet objectives. If you’re concerned alerting a direct manager might impact results or eliminate the needed surprise response from team members, go one level higher and loop in that manager’s manager. Also, don’t forget to reach out to your PR, HR, and communications teams. Often, these team members are responsible for sending out and responding to public alerts and concerns. Without the right information, they can further facilitate fear and spreading of misinformation. Make sure they are ready to respond appropriately to prevent your mock drill from becoming a PR nightmare.
- Run the surprise test.
- Do a post-mortem to determine what worked and what didn’t. Were new threats uncovered? Did communications break down? Did plans fail?
- Create a report and review test results. Share the results across your organization.
- Enact new procedures or guidelines to address gaps and failures.
- Conduct follow-up exercises to ensure changes and adjustments work, while continuing to uncover any new risks or deficiencies.
Are You Ready to Do a Surprise BC or DR exercise?
Remember, you can start small. How about a surprise DR test to ensure your organization can recover from an IT disaster?
Routine testing is a critical component of successful BC programs. Your testing scenario doesn’t need to be perfect. It’s much better to uncover problems during your test than in the middle of a crisis. Surprise testing is one of many ways you can ensure your team stays focused and helps your organization ensure it has a robust and mature BCP.
Whichever simulation you choose, remember, don’t surprise your leadership team with unexpected testing.
Involve all the right stakeholders to help decrease the likelihood of panic or unintended response. Build rapport with your testing group. Don’t make them think you will call them out for things they may do wrong. Empower them and ensure they know how critical they are for your company’s overall success.
Do you want to ensure resilience and protection of your employees and bottom line? Visit our website or contact an Assurance certified business continuity professional today. We will be happy to help.
For more great industry information, check out our free webinar:
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. With Assurance as your go-to partner for continuity and resilience, you can confidently mitigate risk, manage recovery, and safeguard your employees, customers, operations and brands.