Types and Methods of Exercising BCM Strategies

Complexity	Exercise	Process	Variants	Good Practice Frequency
Simple	Desk Check	Review/amend content Challenge content of BCP	Update/validation Audit/verification	At least annually Annually
Medium	Walk through of plan     Simulation           Exercise critical activity	Challenge content of BCP       Use artificial situation to validate that the BCP contains both necessary and sufficient information to enable a successful recovery   Invocation in a controlled situation that does not jeopardize business as usual operation	Include interaction and validate participants roles   Incorporate associated plans         Defined operations from alternative site for a fixed time	Annually       Annually or twice yearly         Annually or less
Complex	Exercise full BCP including incident management	Building/campus/exclusion zone-wide exercise		Annually or less
A)  The frequency of exercises should depend upon both the organisation’s needs, the environment in which it operates and stakeholder requirements.  However the exercise programme should be flexible taking into account the rate of change within the organization and the outcome of previous exercises.  The above exercise methods can be employed for individual plan components and single and multiple plans

© 2004 Kaon Security Ltd