No company is immune to an disruption of its operations. Therefore, to counter the potential consequences of such a perturbation, prevention measures, workarounds and mitigation strategies must be defined and implemented. However, this alone is insufficient. It is also required to validate their overall effectiveness, to attest to the level of preparedness and to assess the resilience of the organization through tests and exercises. This will also allow for training and education of resources, evaluation and improvement of performance, and identification of progress and anomalies.
We suggest that you apply the best practices in this area and consider them in your strategic planning. Since the objective of this article is to make you aware of the subject, we will only discuss the most effective and simplified aspects to consider for tests and exercises.
The tests & exercises in five areas
1- Tests and exercises schedule
It is important to develop a yearly schedule for tests and exercises to obtain a global picture. This will allow you to determine in advance the tests and exercises that need to be performed and their frequency. It is also preferable that the company’s management approve the schedule to obtain the support and leverage necessary to carry it out. Examples include an emergency communication and mobilization exercise, a technology backup exercise or a real-time simulation.
Four key elements should be considered when developing the schedule for each test and exercise:
- Context: The question to be asked is “is this a good time to do the exercise?” Remember that it should not disrupt the regular operations of the business.
- The effort required: What type of test or exercise do you want to perform? How much time is needed to complete it? What are the means, resources and planning you will need? What is the level of complexity and what are the associated costs?
- The anticipated outcome: Before conducting a test or exercise, be well prepared and determine the success criteria. If you think the outcome will be a definite failure (for whatever reason), it is best not to schedule it or simply to perform it at a time when abilities can be properly assessed and relevant lessons learned.
- Urgency of completion: Is there a need to validate a capability quickly? Is there a potential vulnerability to be tested quickly? Is there a binding legal or regulatory requirement to be met by a certain date? These details should also be considered when creating or updating the schedule annually.
The schedule is a formal document that specifies all the items you need to complete the tests and exercises, such as:
- The type of test or exercise and its description;
- The success criteria;
- The constraints;
- The scope and exclusions;
- The required participants and observers who will be present;
- The roles and responsibilities of each person involved;
- Logistics and requirements;
- The date, time, and location where the test will take place.
3- Monitoring of the process
During the execution of the test or exercise, it is important to ensure that everything runs smoothly and that everyone involved understands their role and performs it properly. For example, observers should be sure to pay attention to what is happening and take careful notes so that they don’t miss anything, while participants should follow their procedures and/or scripts and complete the documents provided. The overall process plan should also be followed carefully so that nothing is missed.Le bilan
Once the test or exercise has been completed, an post-mortem must be completed. In addition to containing a description of what was done, it contains all the results and conclusions based on the success criteria previously defined in the planning document. It is at this stage that you are able to identify the anomalies detected and the lessons learned. All anomalies and recommendations should be recorded in a follow-up log that will be used in the action plan (next step). Finally, the post-mortem should be formally reported to the management team.
5- Action plan
The objective of the action plan is to prioritize the implementation of initiatives or projects to address the recommendations in the test and exercise post-mortem. Since it is difficult to resolve all the irregularities at once, it is important to assign the highest priorities to those responsible so that the necessary corrections can be made within a specific timeframe.
Tests and exercises allows you to validate capabilities, ensure an acceptable level of knowledge of the processes applicable in the event of a resilience plan being triggered, while developing teamwork in such a context. Not only does this approach help mitigate the impact on your company and preserve your reputation, but it also helps reassure and retain your customers. Benoit Racette Service-conseils inc. has the experience required to help you plan and execute tests and exercises adapted to your reality, and this, for all levels of intervention in your company. Contact us now: [email protected].