Tabletop Exercise: Importance, Examples, and Process

Tabletop exercises – What do you mean I’m on the Business Continuity team?

The unthinkable has happened and you’re busy gathering your business continuity team together to manage the incident. You pop your head around the door to the Head of HR and they say they have no idea that they’re meant to be on the team. The Head of Legal says the same. You’re already in a high-pressure situation as time is against you and now you need to explain to these people how the team works when what you really need is for them to mobilise quickly and perform their role.

Many organisations have detailed business continuity plans sitting on their shelves and the board, the auditors and often the insurers are expecting that the team will be able to respond quickly should an incident occur. However, many business continuity teams have never even met, let alone understand their role or what they will need to do in the heat of an incident. Tabletop exercises are an essential part of the business continuity process. However, many organisations may not have the experience or buy-in to conduct this training. Part of the issue in convincing organisations of the true value of these sessions is a lack of understanding of the benefit these exercises can bring.

What is a tabletop exercise?

A tabletop exercise is a facilitated training workshop that tests existing business continuity plans to determine efficacy and identify any areas which need further attention and action.
It’s carried out face-to-face with a business continuity team and run with a facilitator to ensure the exercise stays on track and covers all of your objectives. For example, you might like to test your invocation procedures, the emergency message process and ensure all members of your team know and understand their roles and responsibilities in an emergency.

These types of exercises are an important component of the business continuity framework for your organisation. It enables you to ensure you have the right people on your team, your plans are as robust as possible, and the people on your team understand how they might be called to respond in an incident. Any lessons learnt during the exercise can then be captured and fed back into your plans and processes.

The importance of a tabletop exercise

Tabletop exercises are a key component to ensuring that your business continuity plans and teams are brought to life. It’s like ensuring a sports team has trained for a match or that actors have rehearsed for a play; the exercise enables a business continuity team to draw upon muscle memory when their decision-making faculties may fail in an incident. An exercise also gives the team the chance to fail in a safe environment and highlight any gaps in your plans so that you can fix them before an incident occurs. It also helps to build the necessary team camaraderie and gives the group confidence in one another so that they will be able to function effectively when the worst happens. Regular exercising also demonstrates to clients, regulators and other interested parties that the organisation has a greater level of maturity in their Business Continuity Framework and is resilient.

On Wednesday 27 February, VinciWorks will be hosting our first business continuity masterclass. The interactive session will share insight on how to run a tabletop exercise in your own organisation. During the masterclass, delegates will have the opportunity to participate in a mock exercise, enabling them to understand how best to facilitate a session.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”