Preparing for Event Response: The Importance of Conducting “Tabletop Exercises”

By Mark Komink, ABCP, CCP, Business Continuity Specialist, Trellance

Being prepared for a continuity event involves more than just having a plan in place and distributing it to the team. Your credit union should run periodic tabletop exercises, where credit union executives and other team members review how the credit union would respond in the event of a cyber-attack, natural disaster, terrorist attack or other continuity event.

What is a Tabletop Exercise? 

A tabletop exercise serves as a practical evaluation tool to assess a group’s preparedness in responding to various hypothetical scenarios, such as fires, major weather events, pandemics, or cyber incidents. Facilitated by an organizer, participants simulate their reactions based on their established business continuity plans, discussing the necessary steps as if the crisis were unfolding. The participation of executives is crucial, with representation from all functional areas of the credit union. The facilitator may introduce additional challenges and test decisions against existing response procedures, ensuring a focus on adherence to the established plans. This approach minimizes the risk of straying from the planned response and proves invaluable in a credit union’s Business Continuity Program (BCP). 

Why Are Tabletop Exercises Important? 

As the quote “By failing to prepare, you are preparing to fail” implies, inadequate preparation sets the stage for failure, while thorough preparation leads to success. Tabletop exercises embody this principle by fostering collaboration among staff while rehearsing their response plans. Regularly conducting these exercises enhances a credit union’s readiness for the inevitable occurrence of an actual crisis. 

However, merely enacting a disaster scenario is just one facet of the exercise. Debriefing, considered a best practice, allows participants to reflect on the lessons learned during the tabletop exercise. The true value of these exercises lies in identifying weak areas or missing steps (known as gaps) within incident response plans. Maybe your credit union’s natural disaster plan doesn’t have contingency for structural damage to a branch, or a plan for allowing employees to work from home in the immediate aftermath. These gaps should be documented during the exercise and transformed into actionable steps for plan enhancement. Each identified, addressed and rectified gap contributes to the overall strength of response plans and the BCP. 

How Often Should My Credit Union Conduct a Tabletop Exercise? 

How often your credit union does these exercises will depend on your unique needs. If you’ve had continuity events in the past that your credit union has handled, well, you may want to pursue only a once or twice a year approach, focusing on those events your credit union has not yet experienced, or on ways to improve on plans you have had to use. 

If your credit union is smaller or younger, and is just building continuity plans, you may benefit from a quarterly schedule. This will allow your credit union to begin practicing your responses and prepare you for any potential threats headed your way. 

 In the end, how often your credit union conducts tabletop exercises will depend on your credit union’s situation and needs. Be aware of your environment – you’re in an area prone to natural disasters (such as the Florida coast with its hurricanes or California with the potential for wildfires), make sure your credit union is aware of and ready for those potential events. 

Tabletop exercises are simple, easy ways to make sure your credit union is prepared for a continuity event.

For more information on how Trellance can help your credit union with your business continuity needs, please contact the GoWest Solutions Team.

 

 

Posted in Compliance Resources, GoWest Solutions.