You should conduct testing and exercises to evaluate the effectiveness of your preparedness program, make sure employees know what to do and find any missing parts. There are many benefits to testing and exercises:
- Train personnel; clarify roles and responsibilities
- Reinforce knowledge of procedures, facilities, systems and equipment
- Improve individual performance as well as organizational coordination and communications
- Evaluate policies, plans, procedures and the knowledge and skills of team members
- Reveal weaknesses and resource gaps
- Comply with local laws, codes and regulations
- Gain recognition for the emergency management and business continuity program
Testing the Plan
When you hear the word “testing,” you probably think about a pass/fail evaluation. You may find that there are parts of your preparedness program that will not work in practice. Consider a recovery strategy that requires relocating to another facility and configuring equipment at that facility. Can equipment at the alternate facility be configured in time to meet the planned recovery time objective? Can alarm systems be heard and understood throughout the building to warn all employees to take protective action? Can members of emergency response or business continuity teams be alerted to respond in the middle of the night? Testing is necessary to determine whether or not the various parts of the preparedness program will work.
Exercises
When you think about exercises, physical fitness to improve strength, flexibility and overall health comes to mind. Exercising the preparedness program helps to improve the overall strength of the preparedness program and the ability of team members to perform their roles and to carry out their responsibilities. There are several different types of exercises that can help you to evaluate your program and its capability to protect your employees, facilities, business operations, and the environment.
TESTING
Tests should be conducted to validate that business continuity recovery strategies will work. Tests should also be conducted to verify that systems and equipment perform as designed. Tests can take several forms, including the following:
Component – Individual hardware or software components or groups of related components that are part of protective systems or critical to the operation of the organization are tested.
System – A complete system test is conducted to evaluate the system’s compliance with specified requirements. A system test should also include an examination of all processes or procedures related to the system being tested.
Comprehensive – All systems and components that support the plan are tested. An example of a comprehensive test is confirming that IT operations can be restored at a backup site in the event of an extended power failure at the primary site.
Tests of information technology systems and recovery strategies should be conducted in a manner that resembles the everyday work environment. If feasible, an actual test of the components or systems used should be employed. Since tests can potentially be disruptive, tests may be performed on systems that mimic the actual operational conditions.
Inspection, testing and maintenance of building protection systems including fire detection, alarm, warning, communication, employee notification, emergency power supplies, life safety, fire suppression, pollution containment and others should be conducted in accordance with manufacturers’ instructions and regulatory requirements. If a critical warning system or protection system fails, the consequences could be significant.
A test schedule should be developed in accordance with applicable regulations, standards and best practices and designed to meet performance objectives. Records should be maintained.
Guidance on evaluating the need for testing; creating a test plan; and designing, developing, conducting and evaluating tests is provided in the Resources for Testing.
Resources for Testing
- Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – Recommendations of the National Institute of Standards and Technology, Special Publication 800-84
- IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals – Information Systems Audit and Control Association (ISACA)
- Fire Code – National Fire Protection Association (NFPA) 1
- Recommended Practice on Commissioning and Integrated Testing of Fire Protection and Life Safety Systems -NFPA 3
- Standard for the Inspection, Testing, and Maintenance of Water-Based Fire Protection Systems – NFPA 25
- National Fire Alarm and Signaling Code – NFPA 72
- Standard for Emergency and Standby Power Systems – NFPA 110
- Standard on Stored Electrical Energy Emergency and Standby Power Systems – NFPA 111
EXERCISES
Post-incident critiques often confirm that experience gained during exercises was the best way to prepare teams to respond effectively to an emergency. Exercises should be designed to engage team members and get them working together to manage the response to a hypothetical incident. Exercises enhance knowledge of plans, allow members to improve their own performance and identify opportunities to improve capabilities to respond to real events.
Exercises are a great method to:
- Evaluate the preparedness program
- Identify planning and procedural deficiencies
- Test or validate recently changed procedures or plans
- Clarify roles and responsibilities
- Obtain participant feedback and recommendations for program improvement
- Measure improvement compared to performance objectives
- Improve coordination between internal and external teams, organizations and entities
- Validate training and education
- Increase awareness and understanding of hazards and the potential impacts of hazards.
- Assess the capabilities of existing resources and identify needed resources
TYPES OF EXERCISES
There are different types of exercises that can be used to evaluate program plans, procedures and capabilities.
- Walkthroughs, workshops or orientation seminars
- Tabletop exercises
- Functional exercises
- Full-scale exercises
Walkthroughs, workshops and orientation seminars are basic training for team members. They are designed to familiarize team members with emergency response, business continuity and crisis communications plans and their roles and responsibilities as defined in the plans.
Tabletop exercises are discussion-based sessions where team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator guides participants through a discussion of one or more scenarios. The duration of a tabletop exercise depends on the audience, the topic being exercised and the exercise objectives. Many tabletop exercises can be conducted in a few hours, so they are cost-effective tools to validate plans and capabilities.
Functional exercises allow personnel to validate plans and readiness by performing their duties in a simulated operational environment. Activities for a functional exercise are scenario-driven, such as the failure of a critical business function or a specific hazard scenario. Functional exercises are designed to exercise specific team members, procedures and resources (e.g. communications, warning, notifications and equipment set-up).
A full-scale exercise is as close to the real thing as possible. It is a lengthy exercise which takes place on location using, as much as possible, the equipment and personnel that would be called upon in a real event. Full-scale exercises are conducted by public agencies. They often include participation from local businesses.
DEVELOPING AN EXERCISE PROGRAM
Develop an exercise program beginning with an assessment of needs and current capabilities. Review the risk assessment and program performance objectives. Conduct a walkthrough or orientation session to familiarize team members with the preparedness plans. Review roles and responsibilities and ensure everyone is familiar with incident management. Identify probable scenarios for emergencies and business disruption. Use these scenarios as the basis for tabletop exercises. As the program matures, consider holding a functional exercise. Contact local emergency management officials to determine if there is an opportunity to participate in a full-scale exercise within your community.
Exercises should be evaluated to determine whether exercise objectives were met and to identify opportunities for program improvement. A facilitated “hot wash” discussion held at the end of an exercise is a great way to solicit feedback and identify suggestions for improvement. Evaluation forms are another way for participants to provide comments and suggestions. An after-action report that documents suggestions for improvement should be compiled following the exercise and copies should be distributed to management and others. Suggestions for improvement should be addressed through the organization’s corrective action program.
Resources for Exercises:
- Emergency Planning Exercises for Your Organization – Federal Emergency Management Agency
- Homeland Security Exercise, and Evaluation Program – U.S. Department of Homeland Security
- IS-139 Exercise Design – Emergency Management Institute Independent Study Program
- A Guide for the Conduct of Emergency Management Tabletop Activities – Oak Ridge Institute for Science and Education
- Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – Recommendations of the National Institute of Standards and Technology, Special Publication 800-84
Source: FEMA, “Testing & Exercises” http://www.ready.gov website. Accessed July 15, 2014. http://www.ready.gov/business/program/corrective
© Copyright 2014. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.
Leave a Reply