CRSI knows that is critical to test your plans, procedures, and systems through continuity drills to maintain your business continuity. An incident or emergency situation is the wrong time to discover holes, gaps, or vulnerabilities in your security and response plans. Effective drills will also provide a baseline for response times and identify potential issues that may affect response efforts.Read More
Drills can be table-top or fully operational and can scale from just one system or group to the entire organization. When testing, scenarios should be created to include natural disasters and man-made threats (insider, accidental, criminal, terrorist, etc.). CRSI recommends that smaller drills be conducted quarterly to review actions and ensure readiness in all areas; while major drills should be conducted at least once a year but preferably twice a year. This ensures all different elements know what their roles, tasks, and how they fit in with other units in the organization.
The most important part of a drill is the after-actions report. This report should represent a comprehensive summary of what functioned correctly, what areas need to be addressed, and indicate the necessary corrective actions to be completed by a determined date.
Examples of continuity drills include:
- Responses to a medical emergency
- Fire incident
- Hazardous material spills
- Active shooter
- Intruder detection
- Anti-terrorism events identified in your Penetration Tests and Vulnerability Assessments
CRSI strategically partnered with more than 250 electric utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.