1、 e p BS 31100 Risk management Code of practice B $“ #$# b) provide confidence in the organizations ability to conduct exercises and tests with internal and external stakeholders; PD 25666:2010 2 BSI 2010 PUBLISHED DOCUMENT c) assist the organization in developing and assessing its exercising and tes
2、ting capability in a consistent, cost-effective and risk-assessed manner that reflects good practice; and d) encourage constant improvement in contingency and continuity programmes within an organization. This PD is intended for use by anyone with responsibility for operations or the provision of se
3、rvices, whether in public, private or not-for-profit organizations, from top management through all levels of the organization; from organizations with a single site to those with a global presence; from small to very large organizations.2 Terms and definitions For the purposes of this Published Doc
4、ument, the following terms and definitions apply.2.1 brief document (or oral instruction) which explains the exercise rules to exercise participants, and/or gives them background information about the scenario2.2 debrief occasion for exercise participants or incident responders to review and provide
5、 feedback relating to functional effectiveness, efficiency and resilience, usually after the exercise or incident is over, with the purpose of identifying lessons and participants feelings that could provide learning opportunities NOTE Usually, this is a facilitated discussion and a record is kept o
6、f the lessons identified. Debriefs immediately after an exercise are also known as “hot debriefs” (or “hot wash up”). Debriefs are an essential part of learning the lessons of an exercise or incident.2.3 directing staff NOTE See Clause 7 and Annex A for guidance on the roles of directing staff.2.3.1
7、 controller exercise participant with overall control of part or all of the exercise and responsibility for: managing role-players and observers; coordinating improvised responses for issues that are not covered by the exercise script; and exercise administration generally, including health and safe
8、ty2.3.2 director exercise participant with overall control of part or all of the exercise and responsibility for: ensuring that the exercise achieves its objectives; and starting and stopping the exercise NOTE See Clause 7 for greater detail about the role of the director. BSI 2010 3 PD 25666:2010 P
9、UBLISHED DOCUMENT2.3.3 observer exercise participant who watches selected segments as they unfold, whilst remaining separate from player activities NOTE Observers play a crucial role in the debriefing and reporting process following an exercise. The term is also used for “VIP observers”, who usually
10、 visit the exercise for only a short time, largely for internal or external PR purposes, and do not take part in the debrief. Observers differ from umpires in that they are passive, while umpires are active participants.2.3.4 role-player exercise participant who creates or simulates a scenario by ac
11、ting out the role of someone who would be involved in a real incident, but is not otherwise involved in the exercise 2.3.5 safety officer exercise participant, usually in “live-play” exercises, who is tasked with ensuring that any actions taken are performed as safely as possible2.3.6 umpire exercis
12、e participant with the ability to intervene or adjudicate in the exercise to ensure that it progresses towards the aim or objectives NOTE Umpires are often used to evaluate particular objectives which have been pre-designated in the exercise design. The umpire may also act as safety officer.2.4 type
13、s of exercises2.4.1 drill coordinated, supervised activities usually employed to exercise a single specific operation, procedure or function in a single agency NOTE See 5.1a).2.4.2 exercise planned rehearsal of a possible incident designed to evaluate an organizations capability to manage that incid
14、ent and to provide an opportunity to improve the organizations future responses and enhance the relevant competences of those involved NOTE A test (see 2.5 and 5.1) is a particular type of exercise, which incorporates an expectation of a pass or fail element within the aim or objectives of the exerc
15、ise being planned.2.4.3 live play exercise activity that is as close as safely practicable to the expected response to a real incident NOTE See 5.1e).2.4.4 seminar (or syndicate) exercise exercise in which the participants are divided into groups to discuss specific issues NOTE See 5.1b).2.4.5 simul
16、ation exercise in which a group of players, usually representing a control centre or management team, react to a simulated incident notionally happening elsewhere NOTE See 5.1d). Sometimes referred to as “command post exercise”.PD 25666:2010 4 BSI 2010 PUBLISHED DOCUMENT2.4.6 table-top exercise faci
17、litated exercise in which participants are given specific roles to perform, either as individuals or groups NOTE See 5.1c).2.5 test exercise whose aim is to obtain an expected, measurable pass/fail outcome2.6 exercise programme planned series of exercises designed to develop or evaluate an organizat
18、ions resilience NOTE Usually, the design of each exercise takes into account the lessons identified during previous exercises. Although individual exercises may focus on different issues, taken together the exercise programme is intended to validate the whole of the organizations resilience or respo
19、nse programme.2.7 facilitator person who presents the scenario of a seminar or table-top exercise to the players and helps to bring about a successful conclusion to the exercise by giving unobtrusive guidance, helping the players to solve problems or communicating problems and taking feedback, witho
20、ut becoming involved in the players actual discussions2.8 inject scripted piece of information input to the exercise designed to elicit a response or decision and facilitate the flow of the exercise 2.9 master events list list of exercise injects, usually for delivery by role-players, but sometimes
21、also including other materials such as written injects or directions for simulating an incident2.10 player exercise participant who responds to a set of stimuli generated by the exercise script 2.11 post-exercise report document which records, describes and analyses the exercise, drawing on debriefs
22、 and reports from observers, and derives lessons from it NOTE See 8.7.2.12 scenario pre-planned storyline that drives an exercise and is chosen to enable it to meet its objectives 2.13 script story of the exercise as it develops, which allows directing staff to understand how events will develop dur
23、ing exercise play as the various elements of the master events list are introduced NOTE The script is often written in an “essay” style, amplifying the scenario outline. BSI 2010 5 PD 25666:2010 PUBLISHED DOCUMENT3 Programme management This clause gives guidance on establishing a programme that deve
24、lops the competence and confidence of people through training and exercising. 3.1 To ensure that plans and procedures remain fit-for-purpose, and that people acquire and maintain high levels of competence in implementing them, it is vital that exercises take place and that all personnel who might be
25、 involved in a response are exercised regularly. Such exercises should, over time, seek to validate in full any continuity or contingency capability. A single exercise, or indeed real incident, is unlikely to provide the total level of assurance required. Also, in selecting the focus of any exercise
26、, it is important to note that a less demanding exercise scenario might not provide an accurate level of validation of the plans. This risk should be measured against the aim and objectives of the exercise. 3.2 In any organization or multi-agency response there are likely to be a number of agencies,
27、 departments or sections that, together, will provide the overall response to any disruptive challenge. In order to be in a position to give a reasonable level of assurance to all stakeholders that a disruptive challenge will be successfully dealt with, the response to any such challenge has to be p
28、ractised. However, because it is generally impractical to involve everyone on each occasion, it is advisable to design a programme that involves a series of smaller exercises which exercise parts of the plans or improve the capabilities of individuals before scheduling an integrated exercise see 5.1
29、e). 3.3 The exercise programme should be designed to: a) progressively improve the competence and confidence of people; b) exercise specific elements of the incident response capabilities to ensure that these work as required; c) assist the integration of the disparate incident response elements int
30、o a combined response; d) identify any necessary improvements to the contingency or continuity strategy and response arrangements; and e) demonstrate that investment in exercising benefits the organization. The programme may also be used to provide a benchmark on the organizations preparedness to fa
31、ce the challenges of an incident or disruptive event. 3.4 The exercise programme should be documented to provide the basis for an audit trail, including: a) the frequency of exercising; b) the scope of the programme, including locations, business areas, etc.; c) the overall risks to be managed in the programme; d) resources required for the programme to be effective; e) the competence of the people delivering the exercise activity and reporting; and f) sign-off by top management.
