Maintaining the program and plan:
Testing, exercising, updating and reviewing

An approach is to start at the first hour, on the first day, at the point of the disruption. Each recovery team can then explain the process they would go through to recover their operations. The other teams can challenge the approach and identify any weaknesses detected in the plan. For example, asking:

  • “Where would you obtain that information?”; or
  • “Isn’t that process dependent on the completion of another activity?”.

Some approaches for exercising the business continuity plan are listed in Table 6.

Table 6 - Approaches for exercising the business continuity plan

Table 06

Table 06 continued

Post exercise review
The debrief is often the most valuable aspect of an exercise for the entity. It is important to dedicate time to identify:

  • whether the aims of the exercise were achieved;
  • what worked well;
  • what did not work well;
  • lessons learned;
  • improvements or revisions that need to be made to the business continuity plan; and
  • areas for future tests and exercises.

Better practice entities provide a written report of the exercise to the business continuity committee. Better practice entities will also assign responsibility for implementing any recommendations and monitor progress.

The post exercise review can be conducted in the same way as a post incident review.

Case study: Partial live scenario exercise

The Australian Taxation Office (Tax Office) is the Government’s principal revenue collection agency, and its role is to manage and shape tax, excise and superannuation systems that fund services for Australians. Audit Report No.16 of 2007-08, Administration of Business Continuity Management in the Tax Office details the business continuity arrangements in the Tax Office.

Pre-exercise planning - The Tax Office planned and held a partial live scenario exercise at its Northbridge (WA Region) Office in May 2008. The exercise involved all elements of business continuity management as well as those officers with a business continuity role within the region. Selected staff from other sites were aware of the simulation as was the Tax Office Executive.

Clear objectives - The objective of the partial simulation exercise was to test staff at the Northbridge Office on their understanding of business continuity procedures.

Nature of the exercise - The exercise principally involved bringing together the Northbridge business continuity team. This team exercised a real time scenario that involved Tax Office processes being threatened by a loss of staff due to multiple causes, such as a possible pandemic and sabotage. The Northbridge team came together quickly and notified relevant Tax Office staff locally and nationally. The team effectively managed the situation they were presented with and approached the exercise in a professional manner.

Post exercise review – Immediately following the exercise, a review of the scenario was conducted. This review involved all personnel involved in the incident. A number of lessons were learned and subsequently incorporated into a revised plan.

Outcome - As a result of the simulation nature of the exercise, Northbridge staff were exposed to practical experiences, and gained the skills required in relation to business continuity management.

Source: Adapted from a case study in Audit Report No.16 of 2007-08, Administration of Business Continuity Management in the Tax Office.

The Workbook contains an exercise universe, and an exercise preparation template. Click Here

The Workbook contains a checklist for conducting a post incident review. Click Here

 >Contents

>Workbook

>Feedback

Back

Next