I recently completed several tabletop exercises for a client.  The exercises were designed using the Homeland Security Exercise and Evaluation Program (HSEEP), which I wrote about in my blog several years ago.  With HSEEP methodology exercises are designed to demonstrate selected capabilities.  Since it’s designed for first responders, HSEEP exercises typically demonstrate capabilities from a defined list that can be found on the FEMA website.  Of course the targeted capabilities list isn’t applicable when using the HSEEP methodology for continuity plans.  That being said, I created evaluation guides based on some HSEEP samples and found that I ran into some issues.  The sample evaluation guides were divided into sections for each capability.  An evaluator would observe the exercise and take notes in the section for the capability that was being demonstrated.

For the exercises I broke up the timeline into segments.  We would go through a series of events and at the end of the segment I would recap key issues and ask the participants some questions.  As I conducted the exercises I found that the evaluation guides weren’t ideal for our use as several capabilities were demonstrated throughout the exercise.  There were also cases where the information gleaned from the discussion fit in more than one capability.  As a result, evaluators had to flip through pages to get the information in the correct section or put the information in the wrong section.  In addition to making the evaluations more difficult, it complicated the process of writing the After Action Reports since the evaluation guides are the primary source of information for them.

The next time I design evaluation guides I’m going to design them to follow the flow of the exercise.  I’ll create sections for each question and probably have a capabilities column where the evaluator can check the capabilities that were discussed as participants responded to the question.  This will also help to avoid inclusion of questions that are out of scope.  In some exercises I included some questions that, while they were good and brought out valuable information, they did not fit into any of the capabilities chosen for the exercise.  I found a way to include the information in the After Action Reports but it was difficult to figure out where to include it.  Had I designed the evaluation guides around the questions I could have either; removed those questions or added to the list of capabilities demonstrated during the exercise.  For the most part I like the HSEEP methodology but it will require some adjustments if you want to use it to exercise continuity plans.

Last week I attended a presentation on Crisis Communications sponsored by the Iowa Chapter of the International Association of Business Communicators (IABC).  Although I’m currently not a member, I’m on IABC’s mailing list as they often have presentations that are valuable to me as both a business continuity planner and a small business owner.

In the business continuity profession it obviously makes sense to belong to one or more associations dedicated to the profession, but don’t overlook organizations that can strengthen peripheral skills.  One of the things I really enjoy about the BCP profession is the opportunity to use a variety of skills.  In an earlier blog entry I wrote about the benefits of Toastmasters.  IABC is another association that I’ve found to be beneficial in improving soft skills and in this case to provide knowledge directly related to continuity planning.

One of many takeaways I’ll share from the meeting:  Organizations need to have a communications strategy and a defined set of procedures.  In this age of the Internet information and misinformation move very quickly.  An organization doesn’t have much time to craft a statement after something has happened.  As much as I hate having more logon accounts and passwords, it seems it might be necessary to get familiar with Twitter, Facebook, MySpace, et al.

As I reviewed my notes I see that the $30 for the presentation (and lunch) was money well-spent.  I often consider non-BCP associations as possible sources for enhancing many of the skills I use as a continuity planner.  Toastmaster, Project Management Institute, and IABC are a few of the organizations I’ve participated in.  There are some training associations such as the American Society for Training and Development (ASTD) that I’ve been looking at as well.  Any other suggestions?

In part 1 of this blog entry I described a mock exercise of a fictional government agency we conducted as a demonstration for Continuity of Operations (COOP) planners.  In a follow up meeting we presented an After Action Report (AAR) to the group.  We used the HSEEP methodology as the basis for our COOP exercise and evaluation program.  HSEEP provided us with an existing, well-documented and proven standard that many people in government are familiar with.Exercise development based on HSEEP is centered on capabilities.  We look at a number of things when we exercise a plan but ultimately we are concerned about our capabilities.  The capabilities we wish to demonstrate are a reflection of the exercise objectives.  As defined in the FEMA Exercise Design course:An objective is a description of the performance you expect from participants to demonstrate competence.Objectives should specify who does what, under what circumstances, and according to what standards.  Once objectives are properly defined you can develop a document to assist in evaluating your exercise.  HSEEP refers to this document as an Exercise Evaluation Guide (EEG).  After an exercise is completed EEGs are used to develop an After Action Report and Improvement Plan. Let’s take a look at the HSEEP methodology for evaluating an exercise.  HSEEP methodology assesses demonstration of capabilities.  Three distinct levels of analysis are used to evaluate an exercise:

1. Task-level
2. Activity-level
3. Capability-level

Tasks are distinct actions performed by groups or individuals.  For evaluation, each task is accompanied by performance measures (e.g. fully, partially, not, n/a) and may include a target timeframe for completion.

Activities are groups of related tasks that demonstrate a capability.  Activities are evaluated in a more subjective manner.  Rather than checking boxes, the evaluator makes a broader analysis of strengths and areas for improvement.

Capabilities are described in HSEEP as, “combinations of elements that provide the means to achieve a measurable outcome.”   The elements that comprise COOP capabilities can include personnel, plans, leadership, training, equipment, alternate sites, pretty much anything that’s part of our COOP program.Our mock exercise involved call center operations that would be relocated to an alternate site.  Applying the HSEEP levels of analysis to our tabletop exercise:

• A COOP capability demonstrated was the capability to recover the Call Center at the alternate site.
• An activity that supported that capability was the setup of call center workstations.
• A task related to the capability was to contact the voice T1 circuit provider and the call center traffic rerouted to the alternate site.

The file: Capabilities-Activities-Tasks_Worksheet.xls (PDF version) is a document I developed to tie the objectives, capabilities, activities, and tasks together.  The left column holds our exercise objectives.  The next column lists the capabilities reflected by the objectives.  Next to that we break down the capabilities into activities.  Activities are broken down into tasks in the right column.  Don’t get too caught up in my entries as I know they’re somewhat flawed, but they illustrate the concept.  For examples of the Exercise Evaluation Guide and the After Action Report refer to the HSEEP homepage at:

https://hseep.dhs.gov/pages/1001_HSEEP7.aspx

If we were to base our exercise program on HSEEP, and HSEEP is centered on capabilities, could there be some definitions of standard continuity capabilities?  What type of guidance would be helpful in identifying those capabilities?  Might there be categories of continuity capabilities?  From what I hear, Homeland Security is working on a Target Capabilities List (TCL) for continuity planning.  I am interested in thoughts on the application of HSEEP methodology in private sector continuity planning.

I’ve spent most of the last five years working on Continuity of Operations (COOP) plans for a government entity.  While my focus has been mainly integrating the COOP initiative into Strohl/Sungard LDRPS, I’ve provided a substantial amount of input into the COOP program including the facilitation of regular COOP users’ group meetings.  Of the people I’ve worked with a number of them have considerable experience in disaster response and event management but most of the planners were pretty new to continuity planning.  As we discussed what I’ll term near-COOP events at our users group meetings I sensed a need to conduct a mock tabletop exercise for the planners.  Using members of our steering committee, we scripted the entire exercise for a fictional agency in a fictional location to illustrate:

1. How to conduct a tabletop exercise
2. How a COOP is activated
3. How a tabletop exercise (TTX) is used to improve a COOP Plan

On their website, FEMA provides a methodology for developing, exercising, and improving emergency response plans.  The program is called the Homeland Security Exercise and Evaluation Program (HSEEP).  While HSEEP is designed for emergency responders, it can be adapted to continuity planning fairly easily.  HSEEP covers several types of activities in its exercise program: orientation seminars, drills, tabletop exercises, functional exercises, and full-scale exercises.  I’m going to discuss our implementation of a tabletop exercise based on HSEEP methodology.We set the stage for our audience by providing a brief explanation of our fictional agency and introducing our characters.  Each member of our steering committee played a character who worked for the fictional department.  Our exercise facilitator set the scenario:

·         A Tuesday in March
·         An old single floor structure
·         Cold snowy winter with substantial snow and ice buildup on the roof
·         Snow over night turns to rain in the morning
·         A partial roof collapse impacts the work area and the data center

We used a presentation program to provide the audience with graphics including a floor plan, a depiction of the area where the collapse occurred, a satellite view of the building and assembly location across the street from the disaster site.

The starting point for our exercise had the characters meeting in a café across the street immediately after the building was evacuated.  The COOP coordinator for the fictional agency asked for an initial assessment, each character provided an assessment and a recommendation was made.  Characters would take actions based on their plans and the exercise facilitator would provide results.  For example:

A character “called” the recovery location to advise them an event had occurred and the COOP was being activated.  The exercise facilitator informed the character that the alternate site would not be available for several hours because no one was onsite.

The facilitator also provided an occasional inject such as, “A TV news crew has arrived and would like an interview.”

The mock exercise was well-received and I believe it provided many of our continuity planners with a solid understanding of how plans would be activated.  While we didn’t test an actual plan the benefits of conducting this fictional exercise were very real.Our steering committee had some discussion as to whether or not our mock exercise was a tabletop exercise or a functional exercise.  In some ways it fit the HSEEP definitions of both types.  Here is how tabletop and functional exercises are described in volume I of the HSEEP guidance documentation:

Tabletop Exercise – TTXs involve key personnel discussing hypothetical scenarios in an informal setting. This type of exercise can be used to assess plans, policies, and procedures or to assess the systems needed to guide the prevention of, response to, and recovery from a defined incident. TTXs typically are aimed at facilitating understanding of concepts, identifying strengths and shortfalls, and achieving changes in the approach to a particular situation.

Functional Exercise – An FE is designed to validate and evaluate individual capabilities, multiple functions, activities within a function, or interdependent groups of functions. Events are projected through an exercise scenario with event updates that drive activity at the management level. An FE simulates the reality of operations in a functional area by presenting complex and realistic problems that require rapid and effective responses by trained personnel in a highly stressful, time-constrained environment.

I considered our exercise a tabletop but when I thought about some of the emergency response tabletops I’ve observed, I can see where some might consider what we did closer to a functional exercise.  In the exercises I observed, the facilitator would put the scenario out to the group and participants discussed the actions they would take.  They were more like general discussions about specific events rather than walking through plans.  I don’t mean that to sound disparaging in any way.  No doubt they are valuable, especially in getting various emergency response organizations on the same page.  They are likely more practical for meetings involving agencies from various jurisdictions as well as private sector entities.  They were just different from what we did.

In continuity planning I tend to think of a functional exercise as an exercise that demonstrates a capability to re-establish a particular function or process after an interruption.  For example, a company has a collections department.  To me, a functional exercise would be to take someone from collections to an alternate site and demonstrate that the necessary resources could be put in place to allow them to perform their job from that site.  A full scale exercise would include representatives from all or nearly all departments (at a given site).  In our tabletop exercise we just assembled personnel, gave them a scenario, and had them play out events.

I would like to get thoughts from BCP and COOP planners on this.  What do you consider a functional exercise when it comes to continuity planning?  What about a tabletop?  Is there a difference in the definitions of tabletop and functional exercises for first responders versus tabletop and functional exercises for continuity planners?