[CM] [TE] [C5] Designing and Developing a Live CM Exercise

Chapter 5

Designing and Developing a Live CM Exercise

Introduction

A Live Crisis Management Exercise represents the highest level of crisis management exercise and the closest approximation to responding to an actual crisis without experiencing a real event.

Unlike simulation-based exercises, a live exercise requires the physical deployment of personnel, activation of facilities, mobilisation of resources, execution of response procedures, and coordination with internal and external stakeholders in real-world conditions.

The objective is to validate the organisation's operational readiness, leadership effectiveness, communication capabilities, and overall crisis-response arrangements under realistic conditions.

Because of its complexity, cost, and potential operational impact, a live exercise is typically conducted by mature organisations seeking to demonstrate and verify their crisis management capability at the highest level of preparedness.

Designing and developing a live crisis management exercise involves a structured approach to ensure realism, safety, and actionable insights.

Pre-reading for Participants Attending Module 4 of the CM-5000 Crisis Management Expert Implementer Course

Step-by-Step Guide to Designing a Live CM Exercise

Below is a step-by-step guide to creating an effective live exercise:

Define Objectives & Scope

• Purpose: Clarify what you aim to achieve (e.g., test evacuation procedures, validate IT recovery, improve cross-team coordination).

• Scope: Determine the incident type (e.g., fire, cyberattack, active shooter) and teams involved (e.g., IT, PR, security).

• Success Criteria: Define measurable outcomes (e.g., "Evacuate the building in under 10 minutes" or "Restore critical systems within 2 hours").

Example Objective

"Test the IT team’s ability to isolate a ransomware attack while coordinating with PR to manage external communications."

Select a Realistic Scenario

• Risk-Based: Align with high-impact, high-likelihood threats (e.g., natural disasters for coastal facilities, data breaches for financial firms).

• Complexity: Include cascading effects (e.g., a power outage disrupts operations and communication systems).

• Inject Design: Plan timed, escalating events (e.g., "At T+15 mins, hackers leak data on social media").

Sample Scenario

"A fire in the data centre breaks out, triggering IT system failures and media inquiries about customer data loss."

Assemble the Team & Roles

• Participants:

  • Responders: Crisis team, IT, security, PR, facilities.

  • Controllers/Facilitators: Manage injects, adjust difficulty, ensure safety.

  • Evaluators/Observers: Document actions, timing, and gaps.

  • Actors: Play roles like "injured employees" or "angry customers."

• External Partners: Involve emergency services, vendors, or regulators if relevant.

Tip

Use a RACI Matrix to clarify responsibilities (Responsible, Accountable, Consulted, Informed).

Plan Logistics & Safety

• Location: Choose a realistic setting (e.g., an actual office, a backup site, or a simulated environment).

• Tools/Equipment:

  • Activate real systems (e.g., emergency alarms, mass notification tools).

  • Use props (e.g., smoke machines for fire drills, mock ransom notes).

• Safety Protocols:

  • Ensure no real harm (e.g., use virtual "outages" instead of shutting down live systems).

  • Brief all participants on emergency exits and safety rules.

Develop the Exercise Timeline

• Master Scenario Events List (MSEL):

  • Outline injects, timing, and intended outcomes.

  • Example:

    • T+0: Fire alarm triggers evacuation.

    • T+10 mins: Report of "trapped employee" in Room 203.

    • T+30 mins: Media calls about data loss rumours.

• Branching Scenarios: Adjust injects based on team responses (e.g., if PR delays a statement, escalate media pressure).

Conduct Pre-Exercise Briefings

• Participant Briefing: Explain objectives, rules, and safety measures.

• Controller/Eval Briefing: Ensure facilitators understand injects and evaluation criteria.

• Mock Communications: Test tools (e.g., radios, crisis apps) beforehand.

Execute the Exercise

• Launch the Scenario: Start with the initial incident (e.g., activate alarms, simulate a phishing email).

• Introduce Injects: Follow the MSEL but remain flexible to adapt based on team performance.

• Monitor & Document:

  • Track decision-making speed, communication accuracy, and protocol adherence.

  • Use video/audio recordings (with consent) for post-exercise review.

Debrief & After-Action Review

• Hot Wash: Immediate feedback session with participants.

  • Questions: What went well? Where did we struggle?

• Formal Report: Summarise findings, including:

  • Strengths: Effective actions (e.g., "PR stated within 20 minutes").

  • Gaps: Failures (e.g., "IT took 45 minutes to isolate the breach").

  • Recommendations: Updates to plans, training, or tools.

Implement Improvements

• Update Plans: Revise crisis playbooks based on lessons learned.

• Targeted Training: Address skill gaps (e.g., media training for spokespersons).

• Follow-Up Drills: Schedule smaller exercises to test fixes (e.g., a 30-minute comms drill).

Key Success Factors

✅ Realism: Mimic actual crisis conditions (time pressure, resource constraints).
✅ Psychological Safety: Encourage open dialogue without blame.
✅ Documentation: Capture details for compliance and continuous improvement.

Example Live Exercise: Ransomware Attack

Scenario:

1. T+0: IT detects encrypted files and a ransom note.

2. T+20 mins: Hackers threaten to leak data; PR must draft a customer notification.

3. T+1 hour: Executives debate paying the ransom vs. legal repercussions.

Live Actions:

• IT isolates servers, PR conducts a mock press conference, and Legal contacts regulators.

Conclusion

A Live Crisis Management Exercise provides the ultimate test of an organisation's ability to respond effectively to a major crisis by requiring participants to perform their roles in a realistic operational environment.

By validating the deployment of people, facilities, technologies, communications, and decision-making processes under real-world conditions, organisations gain the highest level of assurance regarding their crisis preparedness and resilience.

The lessons learned from a live exercise often reveal critical operational insights that cannot be fully captured through discussion-based or simulation exercises, enabling organisations to further strengthen their crisis management arrangements.

As the pinnacle of the crisis management exercise maturity journey, a live exercise demonstrates a commitment to excellence in preparedness, organisational resilience, and the protection of stakeholders, reputation, and business continuity.

 

Design and Develop Crisis Management Exercises

 

More Information About Crisis Management Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].

		Please feel free to send us a note if you have any questions.