4
Terrific Table-Top Tips For a Crisis Management Exercise By Robbie Atabaigi Tip: Where possible you may want to use the verbiage ‘exercise’ rather than ‘test’. An exercise promotes a learning environment rather than a pass / fail ‘test’. Does the word ‘Exercise’ or ‘Test’ frighten you? If you are new to the industry and / or do not have much experience in this area, then fright would be a natural emotion. However, practice makes perfect. Plus this information should serve as a helpful tool for both the novice, as well as the experienced, in conducting a Crisis Management tabletop exercise. Before we proceed any further, you might be asking yourself ‘What is a Crisis Management Team?’ The DRJ Glossary provides the following definition: “Crisis Management Team will consist of key executives as well as key role players (i.e. media representative, legal counsel, facilities manager, disaster recovery coordinator, etc.) and the appropriate business owners of critical organization functions.” Your organization may call this team by a different name, but in essence, it is the team of key executives and management who become the decision makers during a crisis event. This team is only activated in response to a crisis event of a disastrous scale for the organization . . . or during an exercise. As you maybe aware, there are various levels of exercises (i.e., component, tabletop, functional, etc.). This is also true within each exercise type. For tabletop exercises, you could start with a skeletal group of Team Leaders and then incorporate team members as well for the next exercise. Then move onto exercising with both the primary and alternate team members. More mature exercises may incorporate vendors, end-users, and / or local emergency personnel (e.g., fire department, hazmat experts, etc.). Another facet is whether the exercise should be announced or unannounced. The first few tabletop exercises should be announced to your team members so they can successfully learn what is expected of them during a crisis event. Now you are asking yourself, ‘How frequently should I be conducting an exercise?’ Good question. Keep in mind that we are discussing Crisis Management Team exercises, which are very different from the full-blown IT/Disaster Recovery exercises that, as an industry standard, usually occur annually or semi-annually. For Crisis Management exercises, the goal is for executive management to be ready to spring into action. Conducting a Crisis Management Team exercise on a quarterly basis would be ideal, but realistically, it could be conducted semi-annually. As a dry run for this article, I presented a draft of this information during the May meeting of the Southeastern Continuity Planners Association (www.scpa.us) in Atlanta. A lively discussion followed and by the end of the session, we walked away with a refined document that listed great tips in preparing for and conducting a successful exercise. As a result, you are being presented with a vast amount of experience within these checklists. Although these checklists are tailored for Crisis Management issues the majority of these tips would apply for most any tabletop exercise. Participants: To plan a successful exercise, you must have the correct ‘players’. Checklist #1 outlines the participants that could be on your Crisis Management Team. Obviously depending on the size of your organization, some of the roles maybe combined with others, or may not even exist. From this list of participants, a leader must be chosen. This will depend upon your organization’s structure and culture. The Team Leader could be the President, VP, etc. NOTE: In most cases, ‘C’ level management is kept informed of the situation, but usually not directly involved with the Crisis Management Team. Again, this depends upon your organization’s structure.

Terrific Table Top Tips

  • Upload
    nostrad

  • View
    385

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Terrific Table Top Tips

Terrific Table-Top TipsFor a Crisis Management Exercise

By Robbie Atabaigi

Tip: Where possible you may want to use the verbiage ‘exercise’ rather than ‘test’. An exercise promotes a learning environment rather than a pass / fail ‘test’.

Does the word ‘Exercise’ or ‘Test’ frighten you? If you are new to the industry and / or do not have much experience in this area, then fright would be a natural emotion. However, practice makes perfect. Plus this information should serve as a helpful tool for both the novice, as well as the experienced, in conducting a Crisis Management tabletop exercise.

Before we proceed any further, you might be asking yourself ‘What is a Crisis Management Team?’ The DRJ Glossary provides the following definition: “Crisis Management Team will consist of key executives as well as key role players (i.e. media representative, legal counsel, facilities manager, disaster recovery coordinator, etc.) and the appropriate business owners of critical organization functions.” Your organization may call this team by a different name, but in essence, it is the team of key executives and management who become the decision makers during a crisis event. This team is only activated in response to a crisis event of a disastrous scale for the organization . . . or during an exercise.

As you maybe aware, there are various levels of exercises (i.e., component, tabletop, functional, etc.). This is also true within each exercise type. For tabletop exercises, you could start with a skeletal group of Team Leaders and then incorporate team members as well for the next exercise. Then move onto exercising with both the primary and alternate team members. More mature exercises may incorporate vendors, end-users, and / or local emergency personnel (e.g., fire department, hazmat experts, etc.). Another facet is whether the exercise should be announced or unannounced. The first few tabletop exercises should be announced to your team members so they can successfully learn what is expected of them during a crisis event.

Now you are asking yourself, ‘How frequently should I be conducting an exercise?’ Good question. Keep in mind that we are discussing Crisis Management Team exercises, which are very different from the full-blown IT/Disaster Recovery exercises that, as an industry standard, usually occur annually or semi-annually. For Crisis Management exercises, the goal is for executive management to be ready to spring into action. Conducting a Crisis Management Team exercise on a quarterly basis would be ideal, but realistically, it could be conducted semi-annually.

As a dry run for this article, I presented a draft of this information during the May meeting of the Southeastern Continuity Planners Association (www.scpa.us) in Atlanta. A lively discussion followed and by the end of the session, we walked away with a refined document that listed great tips in preparing for and conducting a successful exercise. As a result, you are being presented with a vast amount of experience within these checklists.

Although these checklists are tailored for Crisis Management issues the majority of these tips would apply for most any tabletop exercise.

Participants:To plan a successful exercise, you must have the correct ‘players’. Checklist #1 outlines the participants that could be on your Crisis Management Team. Obviously depending on the size of your organization, some of the roles maybe combined with others, or may not even exist. From this list of participants, a leader must be chosen. This will depend upon your organization’s structure and culture. The Team Leader could be the President, VP, etc. NOTE: In most cases, ‘C’ level management is kept informed of the situation, but usually not directly involved with the Crisis Management Team. Again, this depends upon your organization’s structure.

Page 2: Terrific Table Top Tips

(Checklist #1:)

Supplies / Equipment:Checklist #2 lists the various items you need during the exercise. You definitely want copies of the Plan brought to the exercise. Ideally, the participants should bring their copy, but there are always a group of folks who ‘forget’. You want to ensure the Plan is referenced throughout the exercise to ensure it is current and / or maybe in need of revisions.

Most of my exercise scenarios are compiled in Power Point. Therefore, I bring my laptop with an LCD projector. In addition, I have learned to bring a backup of the presentation on a separate medium. A laser pointer is also very useful. Depending on the size of your presentation screen, you might be increasing your exercise regiment for the day.

Ensure your exercise is conducted from either the primary or alternate Command Center. This allows you the opportunity to test the teleconference lines, phones with multiple functions, extra LAN lines, etc. Better now than during a true crisis event.

All other items on the checklist should be self-explanatory. (Checklist #2:)

Participants:SecurityFacilitiesMaintenanceIT (data security, network, telecommunications)Business Continuity / Disaster Rec. CoordinatorFinanceComplianceLegalRisk ManagementHRPublic Relations / CommunicationsEOC CoordinatorGovernment RelationsHealth / SafetyFacilitatorScribeOther: Vendors, Key Suppliers, Customers/Users, Field Personnel, Internal Auditor, Emergency Management Personnel, etc.

Supplies / Equipment:Crisis Management Plan (bring extras)Presentation on Alternate Media (CD, diskette, thumb drive, 3x5 cards, etc.)LaptopTeleconference Lines (pre-established with sufficient number of ports)Multiple Phones with Speakerphone and Multi-linesSufficient Power Ports, LAN Connections, etc.Updated Emergency Contact CardsHand-outs (org charts / responsibilities, etc.)Name Tents (name / title / team) and/or Name BadgesNotepads / Pens / Pencils / Laser Pointer / MarkersLarge Post-It Pad and/or White BoardProjection ScreenFax / PrinterProps (ie, envelopes or a box containing numerical hours / days that can be picked randomly to indicate the recovery of equipment, arrival of personnel, etc.)Forms: Problems/Issues Forms; Post-Exercise Critique Forms, etc.

Page 3: Terrific Table Top Tips

To Do’s Prior to the Exercise:You may want to revise the order of various items listed within Checklist #3. These are only suggestions. Some of the items to address is the development / approval of the scope and objectives for the exercise. Also, it would be a good idea to partner with the various executive secretaries to determine an available date / time of the executives for the exercise. Another important item is to determine whether the exercise will be announced or unannounced. As explained earlier, your first few exercises should be announced.

One thing I have learned over the years is that food is an important factor for a successful exercise. If the exercise is a half-day session, you may want to start off with a continental breakfast, with coffee / tea, juice, etc. And you may want to end it with an informal box lunch. Providing this type of setting allows the team members to discuss the exercise in a de-stressed manner. As a result, more information might be revealed.

(Checklist #3:)

Building a Scenario:Checklist #4 is my personal favorite and the most time consuming. You will want to ensure that the scenario could realistically happen within your environment. If your scenario has men landing from Mars, you will most likely lose the participants’ interest for the remainder of the exercise.

Review past disaster (or near disaster) events that have impacted your industry (i.e., financial, medical, utility, etc.). Then customize the scenario to your site. Incorporate visual aids such as maps, photos, audio clipart, etc. One item that I incorporate into my exercise scenarios is a large font ‘I’ or ‘A’ in the upper right corner of each page. This indicates to the participants whether the information they are about to hear is either ‘I’nformational or if ‘A’ction on their part is about to occur.

One Month ‘Plus’ Prior:Define scope and objective Obtain management commitmentDetermine a date/time, location, participants, and budget NOTE: Best to conduct exercise off-site (ie, avoid interruptions, answering emails and/or voicemails during breaks, etc.)Reserve location of exercise siteSchedule with ‘other’ participants (ie, customers, vendors, etc.)If appropriate and approved, order participant giftsDistribute the Crisis Management Plan for updatesAnnounced vs. Unannounced

Send announcement, if appropriate Create scenario(s)

Two Weeks Prior:Confirm scenarios with Management Liaison and/or Team LeaderRequest everyone update their contact informationFinalize and distributed updated Crisis Management Plan

1 Week Prior:Coaching session with Team LeaderSend a reminder to all participants.

If they unexpectedly are unable to make it to the exercise, request they send their alternate.Verify the set-up of the exercise roomEnsure all equipment (LCD, LAN connections, speaker phone, videoconference, etc.) is available and in working condition.Ask Communications to publish an article regarding the exerciseMake arrangements for food and beverages (continental breakfast; lunch if between the 11am and 2pm timeframe; and/or snacks/beverages for an afternoon session) NOTE: Remember the vegetarians and/or other specialty requirements

Day Before:Confirm all equipment is available and working (including markers)Send a reminder to all participants.

Once again, if they unexpectedly are unable to make it to the exercise, request they send their alternate.Create name tents and/or name badges, as well as print all handouts

Day of:Arrive at least 1 hour in advance to test equipment, re-arrange room (if necessary), set up names tents, notepads, pencils, hand-out packets, etc.

Day After: - Replenish supplies and keep in a bag/box in a locked area.

Page 4: Terrific Table Top Tips

(Checklist #4:)

Conducting an Exercise / Post-Exercise:Prior to presenting the scenario, you will want to address housekeeping issues and ground rules as indicated within Checklist #5. One key item to highlight for the participants is to ‘Accept the Scenario’. Lots of time and frustration will be saved as a result.

Throughout the session, you will want to use the whiteboard to record action items identified during the exercise. This strategy will provide you with an efficient re-cap at the end, as well as provide an opportunity to identify owners for the various action items.

As outlined in Checklist #6, explain to the participants they will receive the minutes as well as a bi-weekly Action Item Report until the action items are resolved.

Then distribute a souvenir to commemorate the exercise. Take time to ensure the souvenir is unique. As a conversation piece, it can promote future participation from existing and potential team members. In addition, you may want to post an article and / or photos of the exercise on the organization’s intranet site. This is a great strategy to provide awareness of the business continuity program. And finally, revise the Plan to reflect any changes resulting from the exercise.

(Checklist #5:) (Checklist #6:)

As stated at the beginning of this article, many experienced practitioners reviewed and contributed to these various checklists. However, we are in an industry that constantly seeks to improve. If you have any items you would like to add and / or to provide comments, please feel free to contact me. Hopefully, you found this information useful.

Building a Scenario:Develop similar to a movie script; make it as realistic as possible. Research the internet, news, product recall incidents; consider local versus regional disasters, interview local emergency management personnel, etc.Make the scenario industry specificInvolve a major upcoming eventIncorporate field personnel via phonePhotos / Maps / Audio clipart (ie, telephone with ringer, stopwatch with ticking sound, counter with dollar amount that keeps escalating throughout the exercise reflecting the current monetary loss, etc.)Twists / Newsflash May want to incorporate local emergency management personnel into the exercise. They would love the opportunityEnsure all business areas are affectedTimeline the scenario to meet real-time reactions (4 day scenario played in 4 hours) Employees injuries, deaths, communication issues, hardware/software issues, shifts, food, expose known and unknown vulnerabilities, etc.

Conducting an Exercise:Review evacuation route/assembly points for facilityRemind to silence cell phones / pagersReview the objective / scopeExercise vs. test; Learning experience in ‘safe’ environment / Interact with all participantsAccept the scenario(s)Time limit (scenario, response, etc.)Team Leader to act as ‘umpire’, if necessaryIdentify owners / deadlines for Action Items

Post-Exercise:Review and compile the surveysCompile and distribute minutesReport on progress of action items on bi-weekly basis until resolvedRevise Crisis Management Plan accordinglyPost related photos/an article on the intranet site.Participant Gifts–Suggestions: Plaques, certificates, caps, pens, movie tickets, t-shirts, mugs, cards, mini-flashlights . . . All with a ‘preparedness theme’


Top Photo Tips

Top Photo Tips

Documents
Top ten tips

Top ten tips

News & Politics
Top Selling Tips

Top Selling Tips

Technology
POTOSOP WOLD OTES Tons of Terrific Type Tips

POTOSOP WOLD OTES Tons of Terrific Type Tips

Documents
10 Tips for Terrific Tryouts - bodymindmotion.com file10 Tips for Terrific Tryouts How to prepare mentally to be your best April Clay, Registered Psychologist

10 Tips for Terrific Tryouts - bodymindmotion.com file10 Tips for Terrific Tryouts How to prepare mentally to be your best April Clay, Registered Psychologist

Documents
Top Tips for

Top Tips for

Documents
12 Top tips

12 Top tips

Documents
Top Tips on Saving Money Top Tips - qcc.cuny.edu€¦ · Top Tips on Saving Money Top Tips on saving money Here are some money saving tips and strategies to start the new year that

Top Tips on Saving Money Top Tips - qcc.cuny.edu€¦ · Top Tips on Saving Money Top Tips on saving money Here are some money saving tips and strategies to start the new year that

Documents
Preventing Death by Lecture! Terrific Tips for Turning Listerners Into Learners Miki Huntington & Kristine Gyolai

Preventing Death by Lecture! Terrific Tips for Turning Listerners Into Learners Miki Huntington & Kristine Gyolai

Documents
Excellent Article With Many Terrific Tips About Leadership

Excellent Article With Many Terrific Tips About Leadership

Documents
Twenty Tips to Terrific Pics Janice Hickman Southwest High School TCEA 2009

Twenty Tips to Terrific Pics Janice Hickman Southwest High School TCEA 2009

Documents
Ten Terrific Teaching Tips to Engage Students marybeth.-.youse@wilmu.edu

Ten Terrific Teaching Tips to Engage Students [email protected]

Documents
Twenty Tips to Terrific Pics

Twenty Tips to Terrific Pics

Documents
4 Terrific Travel Tips For Thanksgiving

4 Terrific Travel Tips For Thanksgiving

Travel
Tips Top Ten

Tips Top Ten

Documents
Top Testing Tips

Top Testing Tips

Documents
Top Usability Tips

Top Usability Tips

Documents
Top Ten SCPI Programming Tips for Signal Generators...Top Ten Tips 1GP79_1E Rohde & Schwarz Top Ten SCPI Programming Tips for Signal Generators 5 2 Top Ten Tips Automated test programs

Top Ten SCPI Programming Tips for Signal Generators...Top Ten Tips 1GP79_1E Rohde & Schwarz Top Ten SCPI Programming Tips for Signal Generators 5 2 Top Ten Tips Automated test programs

Documents
Hosting Explained: Some Terrific Tips For You

Hosting Explained: Some Terrific Tips For You

Documents
Top Traits of Terrific Team Leaders

Top Traits of Terrific Team Leaders

Business
Top 10 Tips (43) Plan/Foundation Skills/FS_8.5... · 104. Top 10 Tips for Overcoming Procrastination 105. Top 10 Tips for Dealing with Information Overload 106. Top 10 Tips for Organizing

Top 10 Tips (43) Plan/Foundation Skills/FS_8.5... · 104. Top 10 Tips for Overcoming Procrastination 105. Top 10 Tips for Dealing with Information Overload 106. Top 10 Tips for Organizing

Documents
Top Cashback Tips

Top Cashback Tips

Self Improvement
Best 10 Terrific Self Motivating Tips

Best 10 Terrific Self Motivating Tips

Self Improvement
Ten Top Tips

Ten Top Tips

Documents
Top Tips CAE

Top Tips CAE

Documents
{top ten ceremony · "Take this Top 10 to heart and say goodbye to cold feet... ten terrific tips for a stress free wedding ceremony!" - Jen | Something Turquoise 1 Remember to laugh!

{top ten ceremony · "Take this Top 10 to heart and say goodbye to cold feet... ten terrific tips for a stress free wedding ceremony!" - Jen | Something Turquoise 1 Remember to laugh!

Documents
20 Tips For Terrific Tour EDITED.ppt...Notes Melinda Brody * Professional Speaker * 407-294-7614 * 3 Twenty Tips For A Terrific Tour 5. Use sense of sight. Twenty Tips

20 Tips For Terrific Tour EDITED.ppt...Notes Melinda Brody * Professional Speaker * 407-294-7614 * 3 Twenty Tips For A Terrific Tour 5. Use sense of sight. Twenty Tips

Documents
Terrific Tips About Purchasing Real Estate

Terrific Tips About Purchasing Real Estate

Documents
Ten Top Tips 4 Terrific Teachers

Ten Top Tips 4 Terrific Teachers

Education
Top 5 Tasty Tips: How To Eat Better This Year. Top 5 Tasty Tips - Overview Review Top 5 Tips Q&A

Top 5 Tasty Tips: How To Eat Better This Year. Top 5 Tasty Tips - Overview Review Top 5 Tips Q&A

Documents