BS 25999 Crisis Management Simulation Exercises

As part of the exercising, maintenance and review stage of the BS 25999 lifecycle, URM has found that crisis management simulation exercises are an extremely effective and practical means of exercising business continuity plans (BCPs) and:

• evaluating the capability of the organisation's crisis management team (CMT)
• identifying any gaps in the organisation's incident response.

The aim of a simulation exercise is to provide the CMT with the assurances that its BCP will work, as anticipated, when required. URM has delivered a wide range of crisis management simulation exercises and has universally found them to be invaluable in helping the client organisation to:

• confirm the suitability of the CMT members
• practise the ability to recover from an incident
• verify that the BCP incorporates all of the organisation's critical dependencies and priorities
• assess the knowledge and understanding of the current crisis management plan and previous lessons learned
• assess the effectiveness of the current crisis management plan
• provide information to and instill confidence in the exercise participants
• raise awareness of business continuity and its importance

The approach that URM has taken on a number of BS 25999 certification and compliance projects is to provide a simulated and escalating incident response situation based on an initial low-key scenario. The incident then escalates to provide a more challenging situation conducted in a demanding, yet stress free environment. This approach has been very successful as participants can 'believe' that the scenario may actually happen. URM's facilitator walks the CMT through this realistic and tailored scenario utilising a structured PowerPoint presentation. The facilitator will prompt discussions on the BCP actions and responsibilities. The role of the facilitator will also be to:

• keep the session flowing
• introduce 'roadblocks' during the exercise
• challenge assumptions
• ensure issues are documented
• keep the session on schedule
• provide summary comments at the conclusion
• discuss next step activities and time frame responsibilities.

In order to ensure that the client organisation gains maximum benefit from the exercise, URM will conduct a post exercise de-briefing session and provide an exercise feedback report.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • Relationship between ISO 27002 & ISO 27001
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures