[CM] [SIT] [C7] Scenario Planning & Testing for Shared Spaces

Chapter 7

Scenario Planning & Testing for Shared Spaces

Introduction

In shared-space environments, disruptions are rarely predictable, isolated, or contained within a single organisation.  

Instead, they are often complex, interconnected, and capable of cascading across multiple entities. As such, traditional planning approaches—based on static assumptions and single-organisation scenarios—are no longer adequate.

To build true operational resilience, organisations must adopt scenario planning and testing as a core capability.

This involves identifying severe but plausible scenarios, understanding their potential impact across shared environments, and validating the organisation’s ability to respond effectively.

In ecosystems such as Punggol Digital District, where multiple organisations share infrastructure and dependencies, scenario planning must extend beyond organisational boundaries to consider multi-agency, cross-domain disruptions.

This chapter outlines how organisations can design, execute, and learn from scenario planning and testing in shared-space environments.

The Purpose of Scenario Planning and Testing

Scenario planning and testing serve several critical objectives:

• Validate resilience strategies under realistic conditions
• Identify gaps in preparedness
• Test decision-making and coordination capabilities
• Enhance situational awareness and response agility
• Build confidence across stakeholders and partners

Key Insight

You do not rise to the level of your plans—you fall to the level of your testing.

Characteristics of Effective Scenarios

Not all scenarios are equally valuable. Effective scenario planning requires scenarios that are:

1. Severe but Plausible

• High impact but realistic
• Based on credible threats and historical patterns

2. Multi-Dimensional

• Combine:
• Physical disruptions
• Cyber incidents
• Human factors

3. Cross-Boundary

• Affect:
• Multiple organisations
• Shared infrastructure
• External stakeholders

4. Time-Based

• Consider:
• Immediate response
• Short-term disruption
• Prolonged recovery

5. Dynamic and Evolving

• Include:
• Escalation triggers
• Secondary impacts
• Changing conditions

Implication

👉 Scenarios must reflect the complexity of real-world disruptions, not simplified assumptions.

Types of Scenarios for Shared-Space Environments

Organisations operating in shared environments should consider a range of scenario types:

A. Facility Denial Scenarios

Events that prevent access to shared spaces.

Examples:

• Campus-wide lockdown due to security incident
• Fire or structural damage affecting shared buildings
• Hazardous material incidents

B. Cyber-Physical Scenarios

Digital incidents impacting physical operations.

Examples:

• Compromise of building access control systems
• Failure of smart infrastructure
• Network outages affecting entry systems

C. Third-Party Failure Scenarios

Disruptions originating from shared vendors.

Examples:

• IT service provider outage
• Facilities management failure
• Security vendor breakdown

D. Environmental and External Scenarios

External events affecting accessibility.

Examples:

• Flooding or severe weather
• Public health restrictions
• Transport disruptions

E. Cascading and Systemic Scenarios

Complex scenarios involving multiple failures.

Examples:

• Cyberattack leading to facility shutdown
• Infrastructure failure triggering security incidents

Takeaway

Organisations must plan for combined and cascading scenarios, not just isolated events.

Designing Scenario-Based Exercises

Scenario planning must be translated into structured exercises to test organisational readiness.

Key Steps

1. Define Objectives

• What do you want to test?
• Decision-making
• Communication
• Coordination
• Recovery capability

2. Select Scenario

• Choose a relevant and realistic scenario
• Ensure it reflects shared-space risks

3. Define Scope

• Identify:
• Participants
• Systems involved
• Dependencies to be tested

4. Develop Scenario Narrative

• Create a storyline with:
• Initial trigger
• Escalation events
• Decision points

5. Establish Evaluation Criteria

• Define success metrics:
• Response time
• Decision quality
• Communication effectiveness

Key Insight

A well-designed scenario is not about testing plans—it is about testing capabilities.

Types of Exercises

Different types of exercises can be used to test resilience:

1. Tabletop Exercises

• Discussion-based
• Focus on:
• Decision-making
• Coordination

2. Simulation Exercises

• Realistic simulations
• Test:
• Systems
• Processes

3. Functional Exercises

• Test specific functions:
• Communication
• IT recovery

4. Full-Scale Exercises

• Comprehensive, multi-agency simulations
• Test end-to-end response

Implication

A combination of exercise types provides the most comprehensive validation.

Scenario Testing in Shared Environments

Testing in shared environments requires a broader approach.

1. Multi-Organisation Participation

• Include:
• Partner organisations
• Vendors
• Shared service providers

2. Cross-Boundary Coordination

• Test:
• Inter-agency communication
• Joint decision-making

3. Shared Infrastructure Dependencies

• Evaluate:
• Impact of shared system failures
• Recovery coordination

4. Communication Across Stakeholders

• Test messaging to:
• Internal teams
• External stakeholders
• Public

Example Scenario

“Shared Campus Lockdown (72 Hours)”

• Trigger: Security incident
• Impact:
• No physical access to facilities
• Disruption to multiple organisations
• Objectives:
• Test remote operations
• Evaluate cross-agency coordination
• Assess communication effectiveness

Takeaway

Testing must reflect the ecosystem, not just the organisation.

Common Gaps Identified Through Testing

Scenario testing often reveals critical gaps:

1. Over-Reliance on Physical Facilities

• Inability to operate remotely

2. Weak Cross-Organisation Coordination

• Lack of clear roles and responsibilities

3. Communication Breakdown

• Inconsistent or delayed messaging

4. Technology Limitations

• Insufficient remote access
• System bottlenecks

5. Dependency Blind Spots

• Unidentified critical dependencies

Implication

Testing exposes the difference between assumed readiness and actual capability.

Integrating Lessons Learned

The value of scenario testing lies in learning and improvement.

Key Actions

1. Document Findings

• Capture:
• Strengths
• Weaknesses
• Lessons learned

2. Update Plans and Strategies

• Refine:
• Procedures
• Roles
• Communication protocols

3. Enhance Training

• Address identified gaps

4. Strengthen Coordination

• Improve:
• Inter-agency collaboration
• Vendor alignment

Key Insight

Testing without learning is an exercise—testing with learning is resilience building.

Purpose of This Chapter

The purpose of this chapter is to:

• Highlight the importance of scenario planning and testing in shared environments
• Provide guidance on designing realistic, cross-boundary scenarios
• Introduce different types of exercises and testing approaches
• Emphasise the need for continuous improvement based on lessons learned

This chapter prepares organisations to validate their resilience strategies and ensure they are ready for real-world disruptions.

 In shared-space environments, resilience cannot be assumed—it must be tested. Scenario planning and testing provide the means to validate preparedness, uncover hidden risks, and strengthen organisational capabilities.

By designing realistic, multi-dimensional scenarios and conducting structured exercises, organisations can build the confidence and capability needed to respond effectively to disruptions that extend beyond their control.

Ultimately, resilience is not demonstrated in plans—it is proven through practice, testing, and continuous improvement.

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [B-3] course and the BCM-5000 Business Continuity Management Expert Implementer [B-5].