[OR] [P2] [S2] [MII] [C19] Using Mapping for Scenario Testing

[P2] [S2] Chapter 19

Using Mapping for Scenario Testing

Introduction

Mapping interconnections and interdependencies provides visibility into how Critical Business Services (CBS) are delivered. However, the true value of mapping is realised when it is used to test resilience under disruption. Scenario testing transforms mapping from a static representation into a dynamic simulation tool, enabling organisations to assess whether they can continue delivering services within acceptable thresholds.

Regulators increasingly expect organisations to conduct end-to-end scenario testing based on real dependencies, rather than isolated system tests. This requires scenarios to be grounded in actual interconnections, reflecting how disruptions propagate across processes, technology, people, and third-party ecosystems.

This chapter explains how mapping supports scenario testing, focusing on:

• Designing scenarios based on dependencies
• Developing severe but plausible scenarios
• Testing interdependency failures across the service chain

Purpose of the Chapter

The purpose of this chapter is to:

• Demonstrate how mapping outputs are used in scenario testing
• Provide a structured approach to designing realistic scenarios
• Explain how to test failures across interconnected components
• Strengthen alignment between mapping, testing, and resilience outcomes

Role of Mapping in Scenario Testing

From Visibility to Simulation

Mapping answers:

“How is the service delivered?”

Scenario testing answers:

“What happens when something goes wrong?”

Mapping provides the foundation for scenario design, ensuring that:

• Scenarios reflect real dependencies
• Impacts are assessed end-to-end
• Testing is aligned with CBS outcomes

Enabling End-to-End Testing

Without mapping, testing tends to focus on:

• Individual systems
• Isolated processes

With mapping, organisations can:

• Simulate disruptions across entire service chains
• Assess upstream and downstream impacts
• Evaluate cross-functional coordination

Designing Scenarios Based on Dependencies

Dependency-Driven Scenario Design

Effective scenarios are built around critical dependencies identified during mapping, including:

• Single points of failure
• Shared dependencies
• Third-party dependencies
• Data and system interconnections

Scenario Design Approach

Organisations should:

• Select a CBS

• Focus on critical services with high impact

• Identify Key Dependencies

• Use mapping outputs to pinpoint critical components

• Define Disruption Events

• Target specific dependencies (e.g., system outage, vendor failure)

• Trace Impact Pathways

• Analyse how disruption propagates across interconnections

• Determine Expected Outcomes

• Assess impact on service delivery and customers

Example

For a payment service:

• Dependency: Authentication system
• Scenario: Authentication service outage
• Impact: Inability to process transactions → service disruption

Benefits

Dependency-based scenarios ensure:

• Realistic testing
• Alignment with actual risk exposure
• Focus on high-impact vulnerabilities

Severe but Plausible Scenarios

Definition

Severe but plausible scenarios are:

High-impact events that are realistic and could reasonably occur, even if unlikely.

Importance

Regulators expect organisations to test:

• Extreme but credible disruptions
• Scenarios that challenge resilience capabilities
• Events that go beyond routine incidents

Characteristics

Effective scenarios should be:

• Severe: Significant impact on CBS
• Plausible: Based on real-world risks
• Relevant: Aligned with organisational context
• End-to-end: Cover full service delivery

Examples

• Cyberattack affecting cloud-hosted systems
• Failure of a major third-party provider
• Simultaneous outage of multiple interconnected systems
• Denial of access to key facilities

Mapping Linkage

Mapping ensures that scenarios:

• Reflect actual interdependencies
• Capture cascading effects
• Include both internal and external dependencies

Testing Interdependency Failures

Nature of Interdependency Failures

In interconnected environments, failures rarely occur in isolation. Instead, they:

• Trigger chain reactions
• Impact multiple components simultaneously
• Spread across organisational and external boundaries

Types of Interdependency Failures

Sequential Failures

• Upstream component failure halts downstream processes

Shared Dependency Failures

• A single component failure impacts multiple CBS

External Dependency Failures

• Third-party or infrastructure disruptions affecting multiple services

Testing Approach

Organisations should:

• Select Critical Interdependencies

• Focus on high-risk or high-impact dependencies

• Simulate Failure Events

• Introduce disruptions at key points

• Observe Impact Propagation

• Track how failures spread across the service chain

• Assess Response and Recovery

• Evaluate how teams respond and restore services

Example Scenario

• Event: Cloud service outage
• Impact:
• Multiple systems become unavailable
• Payment and account services disrupted
• Outcome:
• Assess recovery strategies and fallback mechanisms

Key Insights

Testing interdependency failures helps organisations:

• Understand systemic vulnerabilities
• Identify gaps in coordination
• Improve recovery sequencing

Evaluating Scenario Testing Outcomes

Key Evaluation Criteria

Scenario testing should assess:

• Service Impact
• Was CBS disrupted?
• Did it exceed impact tolerance?
• Response Effectiveness
• Were escalation procedures followed?
• Was coordination effective?
• Recovery Performance
• Were services restored within acceptable timeframes?
• Were dependencies correctly prioritised?

Lessons Learned

Post-testing analysis should identify:

• Gaps in mapping
• Weaknesses in resilience controls
• Opportunities for improvement

Continuous Improvement

Insights from testing should be used to:

• Update mapping
• Refine scenarios
• Enhance resilience strategies

Integration with Operational Resilience Framework

Mapping-driven scenario testing supports:

Impact Tolerance Validation

• Confirms whether services remain within defined thresholds

Risk Management

• Identifies vulnerabilities and control gaps

Crisis Management

• Tests coordination and decision-making under stress

Third-Party Risk Management

• Evaluates resilience of external dependencies

Scenario testing is where interconnection mapping becomes operationally meaningful, enabling organisations to test how their services perform under real-world disruption.

By:

• Designing scenarios based on actual dependencies
• Developing severe but plausible scenarios
• Testing interdependency failures

organisations can gain a deep understanding of their resilience capabilities and vulnerabilities.

Ultimately, mapping-driven scenario testing ensures that resilience is not assumed—but proven, providing confidence that Critical Business Services can be sustained even in the face of significant disruption.

In the final chapter, we will explore maintaining and continuously improving mapping, ensuring that interconnection mapping remains a dynamic and evolving capability aligned with organisational change and emerging risks.