Business Continuity Exercise in Central London
Apr 4, 2019

We recently delivered an exercise to test the plans, procedures and response roles for a large IT company based in central London. The organisation has offices across London, with regional hubs in Wales, Scotland and the north of England. We worked closely with the client to review the existing Business Continuity Plan and the procedures they had in place to recover from an incident which threatened the timely delivery of their key products and services. We also tested their internal and external communication arrangements in emergencies.

We held a startup meeting with the client where we dug deep into the nature of the business, allowing us to design an interesting and realistic scenario incorporating the likely challenges which the company would face in a disruption. In planning the exercise we also identified the likely actions to be taken by exercise participants enabling the production of detailed success criteria against which the actual response could be compared. 

We delivered the exercise to staff from across the business in multiple locations, utilising our exercise messaging system ExMS to deliver targeted email injects to the inboxes of key staff. Our Exercise Directors managed play across the sites, ensuring an effective test of the procedures in place.

From a business continuity perspective, we were able to review the response against crucial parts of the Business Continuity Plan, such as the Recovery Time Objectives (RTOs) for key activities, and the ability to recover before the Maximum Tolerable Period of Disruption (MTPD) which had previously been identified.

Following the exercise we produced a detailed report analysing the company's response under specific themes. We used our expertise to turn these observations into useful recommendations which the client could take forward to further improve their business resilience and speed up recovery time. Our participant evaluation demonstrated fantastic feedback from delegates and served to highlight the importance of engaging staff and providing a safe learning environment. 

“The planning and delivery of the exercise was excellent, and the feedback received from all participants was very positive” (Cybersecurity Policy Manager)