..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

Business Continuity Exercise for Government

commissum is a company one hundred percent focused on the provision of information security advice and services. Our team has been providing the full range of these services to a broad cross-section of businesses and government organisations for over twenty years.

commissum'ko-mis-sum, n. that which is entrusted [Latin]

Business Continuity Exercise - Government Agency

commissum consultants worked closely with the agency's business continuity team to devise, plan and deliver an innovative and believable exercise scenario to test both the business continuity processes, and the senior executive incident management team (Gold Team).

Client

Our client is a national government agency responsible for compiling and maintaining large quantities of public data, ensuring its integrity and ready availability for access by the public and key government and private bodies.

Client Requirement and Business Drivers

Key to this agency’s current and future service delivery is the growth in electronic services both in terms of the provision of information from their data registers and the compilation and maintenance of new data entries. As part of this the ongoing, reliable availability of the electronic services to both the public and businesses is an essential priority. The criticality of this for online business to business transaction has increased exponentially over the last decade. In addition, in common with the remainder of UK government, the agency will continue to work with other public bodies to deliver improved "joined-up" government for the benefit of the public.

The agency had developed a comprehensive Business Continuity Management system, led by Bronze, Silver and Gold teams made up of experienced agency staff. The Gold team consists of senior agency directors and managers. The Managing Director spearheaded an initiative to exercise its Gold Team business continuity team to:

  • test the business continuity planning undertaken using an intensive, simulated exercise;
  • determine whether the plan is fully up to date in terms of processes, resources, business expectations, assumptions and emerging threats;
  • test the readiness of its top level of senior management to deal with a crises;
  • improve awareness of the senior management team regarding business continuity issues and the agency's own continuity processes;
  • provide training to the Gold Team in a realistic scenario.

commissum Services Provided 

Although commissum is able to provide simple pre-scripted/ready-made Business Continuity exercises, it was clear that the client requirements were best met by a bespoke exercise specifically tailored to their specific requirements and expectations. 

commissum provided experienced consultants, working with the agency’s Business Continuity team, to:-

  • devise an innovative and believable exercise scenario appropriate to the agency’s requirements;
  • provide exercise briefing, recording and de-briefing resources;
  • facilitate the smooth running of the exercise;
  • prepare and deliver an immediate debriefing on the day;
  • provide a post exercise report with recommendations for improvement; and 
  • deliver a debrief workshop.

The project was undertaken in four phases as follows:

Phase 1 - Discovery & analysis - Familiarise with the client organisation and Business Continuity Planning; Finalise scope and objectives of the exercise; Finalise timescales and deliverables; Initial proposals for exercise scenarios.

Phase 2 – Exercise preparation - Preparation of a realistic and suitably detailed scenario; conduct risk assessment to minimise the risk of impact on live operations; agree key success factors; finalise exercise team members, post-test activities and participants; define roles and responsibilities; review and obtain approval of scenario and risk assessment; prepare exercise information, recording mechanisms, questionnaires and briefing documents.

Phase 3 - Conduct exercise - Brief observers and provide structured recording; facilitate and conduct the exercise; debrief participants immediately after the exercise and obtain feedback.

Phase 4 - Post exercise completion - Evaluate exercise and debriefing results; identify gaps in existing business continuity plans; prepare and issue a post exercise report with recommendations; full debrief workshop.

commissum provided coaching, guidance and training throughout the briefing sessions, exercise, and end of exercise de-brief and subsequent workshop session. In addition to fulfilling the client requirements, the commissum approach, working collaboratively with the agency, had the added benefit of achieving significant knowledge transfer.

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"commissum recently provided invaluable advice and support, ensuring the success of our secure remote access project, and has provided us with annual penetration testing and managed service scanning for several years. I would happily recommend commissum to others for their professionalism and quality of service.”

Mr Tim R, IT Director, International Law Firm

"commissum carried out the project extremely well within tight deadlines…. All work was to a very high standard….. deliverables were appropriate for an audience from Board to IT. The consultants were extremely professional and very responsive to requirements. We are a particularly happy customer and have already recommended commissum to other businesses within our sector.”

Mr Michael S, IT Director, National Building Society

"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”

Mr Keith H, Senior Business Manager - UK Local Government