Business Continuity Exercise

The challenge

An internet exchange provider approached RAB Consultants to design, plan and deliver a simulation exercise to test and subsequently validate their business continuity plan (BCP). The exercise was to be used to evaluate the effectiveness of the internal incident management process and how well the BCP was used by staff.

Key facts

• Simulation exercise to validate a BCP
• Designed to the standards outlines in the BCI Good Practice Guidelines 2018
• Consistent with the principles of ISO 22301
• 100% of participants agreed the aim and objectives were met and that the exercise was well run and organised
• Awarded a repeat commission demonstrating we are a trusted, high-quality supplier

The solution

We initiated the project by forming an exercise planning team with the client. The exercise planning team worked to design realistic scenarios with clearly defined objectives, that were within the scope of the existing BCP. The scenario saw the organisation confronted with a cyber incident resulting in the complete loss of a major data centre through which a significant volume of internet traffic is routed. We facilitated this exercise in December 2018 and our highly experienced exercise facilitators role played several external partners through phone calls and instant messages to immerse the participants in the scenario.

Following the exercise, we facilitated a debrief to capture participant feedback on good practice and areas for improvement. We collated this feedback and produced a formalised post exercise report that contained outcomes, recommendations and actions to implement improvements. From a business continuity perspective, we were able to review the times taken to recover against existing Recovery Time Objectives (RTOs) and Maximum Tolerable Periods of Disruption (MTPDs) allowing us to verify their accuracy.

Conclusion

The exercise was very well received

“the planning and delivery of the exercise was excellent, and the feedback received from all participants was very positive” (Cybersecurity Policy Manager).

We were commissioned to design and deliver another BC exercise for the same client in December 2019.

Our practitioners, certified with the BCI (CBCI), can support you to validate your BCPs through an exercise and produce a post-exercise report that can be used as a basis for further improvement in your company’s organisational resilience and speed up recovery time.