For SMBs & Enterprises Worldwide

crisis-management

Your plans look great on paper. But do they actually work?

Plans aren’t enough—you need proof. Test your resilience before a real crisis exposes the gaps.

You'll Receive:

Complete IR & BCM framework (ISO 27035 & ISO 22301 aligned, operational-ready)
Incident playbooks & response procedures (tailored to your threats and systems)
Crisis simulation & team training (tabletop and live exercises with scenario-based learning)
Continuous improvement support (post-incident reviews, playbook updates, regular testing)

Get my free consultation

Response within 2 hours•Free 30-min consultation•No commitment required

Crisis Management & Resilience Dashboard

BCP Exercise - TabletopCompletedLast tested Q3 2024

DRP Exercise - Live DrillScheduledScheduled Q1 2025

Incident Response ExerciseValidatedLast tested Q2 2024

Crisis Management ExerciseScheduledScheduled Q2 2025

Tabletop Exercise - ScenarioCompletedCompleted Q4 2024

HOW IT WORKS

How We Test Your Resilience

From table-top discussions to full-scale crisis simulations, we design exercises that reveal real gaps and build genuine confidence. Every exercise is tailored to your risks, your team, and your readiness level.

Comprehensive Scope

From table-top discussions (TTX) to immersive simulations and full-scale crisis tests. We design exercises that match your maturity level—starting with discussion-based scenarios and progressing to live drills that test actual systems and real-time decision-making under pressure.

Exercise type and complexity assessment
Maturity-appropriate scope definition

Thorough Preparation

We analyze your BCPs, DRPs, and playbooks to craft tailored, realistic scenarios. Understanding your existing plans, risk profile, and operational context ensures exercises test what matters most—not generic templates. We identify critical processes, dependencies, and potential failure points to create scenarios that actually challenge your assumptions.

BCP/DRP analysis and pre-exercise gap assessment
Tailored scenario development and exercise timeline
Participant briefing materials

Engaging Injects

In collaboration with media and external partners, we deliver credible, dynamic injects to challenge leadership and decision-making. Realistic communication challenges, stakeholder pressure, time constraints, and cascading events create an environment where teams discover how they actually respond—not how they think they'll respond.

Professional facilitation and exercise control
Dynamic scenario injects and stakeholder simulations
Comprehensive observation and performance documentation

Actionable Outcomes

Each exercise concludes with a clear, insightful report highlighting strengths, gaps, and practical recommendations. We don't just document what happened—we analyze why it happened, what worked, what didn't, and what needs to change. Every finding is prioritized, every recommendation is specific, and every gap has a remediation path.

Exercise evaluation report with performance analysis
Post-exercise gap analysis and remediation roadmap
Lessons learned integration plan

Quick Assessment

BC/DR Testing Readiness Assessment

Answer 6 questions to assess your current BC/DR testing maturity and exercise program needs.

👥 Meet the team

Meet Your Compliance Experts

Swiss-trained professionals with decades of combined experience in regulatory compliance, risk management, and strategic advisory

Henri HAENNI

Expert in Business Continuity, Risk Management and Information Security Governance

ISO 27001 Lead Implementer & Auditor • ISO 37301 Lead Implementer • ISO 31000 Lead Risk Manager • Sorbonne University Paris 1 Lecturer

Alexis HIRSCHHORN

Expert in Information and Cyber Security, Cloud Security, Risk Management and Governance

ISO 27001 Lead Auditor • CISSP® Certified • ISO 42001 Lead Implementer • PECB MS Certifying Auditor

Laura Menétrey

Data Protection & Information Security Legal Expert

LLM in Data Protection Law • Certified GDPR Practitioner • Information Security Laws (NIS2, DORA) • Privacy Law Specialist

Jean MUNYARUGERERO

Information Security & Business Continuity Trainer

ISO 27001 Lead Implementer • CISM® Exam Bootcamp • ISO 27005 Risk Manager • NIST Cybersecurity Professional

Trusted by Leading Organizations

Real results from real clients who transformed their compliance operations

"The tabletop exercise was humbling. We spent 20 minutes arguing about who should make the decision to invoke DR. That ambiguity would've been catastrophic during a real incident. Fixed immediately."

Decision-making clarity gained

IT Director

at Financial services firm

"We assumed our 4-hour RTO was achievable. During the functional exercise, it took us 9 hours just to get systems online, and that was with everything going well. We completely recalibrated our RTOs."

Realistic RTOs established

Head of Infrastructure

at E-commerce company

"The full-scale DR test found 12 issues with our restore procedures. Some were minor, three were critical. All fixed before we needed DR for real. That's the value—finding problems in practice, not production."

12 issues found and fixed

CTO

at Healthcare provider

Frequently Asked Questions

Everything you need to know about this service

Reading plans ≠ executing plans. Exercises reveal: gaps in plans (steps that don't work, missing procedures, outdated information), coordination issues (who decides what, communication breakdowns, conflicting responsibilities), timing realities (your 4-hour RTO might be 12-hour RTO in practice), assumptions (dependencies you didn't realize, resources that aren't available), team readiness (whether people know procedures or are reading them for first time). Real learning happens through doing, not reading.

ISO 22301 requires regular exercises but doesn't specify frequency. Common practice: At minimum, annual full program testing. Recommended: Quarterly exercises with varying scope. Mature programs: Monthly testing of different components. Progressive approach: Q1 tabletop exercise (discussion), Q2 walkthrough (procedure validation), Q3 functional (coordination testing), Q4 full-scale (live testing). More frequent testing = better preparedness.

That's exactly the point. Finding gaps during exercises is success, not failure. Better to discover issues: in controlled environment, with expert facilitation, when you have time to fix properly, before real incident pressure. Post-exercise improvement is how plans get better. Organizations that find many issues and fix them are more resilient than those with 'perfect' exercises that didn't test anything real.

Depends on exercise type: Tabletop/Walkthrough: Minimal disruption (discussion-based, scheduled). Functional: Some disruption (teams focused on exercise for half-day). Full-Scale: Can be disruptive (actual system failover, usually scheduled for low-impact times). We design around your operational constraints: schedule during low-activity periods, isolate testing from production, plan for operational coverage, controlled rollback procedures, safety protocols and stop conditions.

Yes, multiple approaches: Tabletop/Functional: Pure simulation, no systems touched. Isolated environment testing: Test DR in separate environment without affecting production. Phased testing: Test individual components without full failover. Full-scale testing: Scheduled during maintenance windows or low-traffic periods. We recommend progressive approach: start with simulations, build to actual failover as maturity increases.

Realistic exercises include: time pressure (decisions under urgency), incomplete information (don't have all facts, must act anyway), conflicting priorities (business pressure vs. technical constraints), communication challenges (can't reach key people, information overload), cascading events (first problem leads to second, third problems), stakeholder pressure (simulated customers, media, regulators asking questions). Checkbox exercises: read through procedures with no time pressure, all information available no surprises, perfect communication, single isolated problem with obvious solution, no stakeholder simulation. Realistic exercises are uncomfortable—that's how you learn.

Depends on exercise type and scenario. Always include: crisis management team (decision-makers), IT operations (technical execution), business continuity coordinator. Often include: key business unit representatives, facilities and security, communications/PR, legal and compliance, critical third-party representatives. Observers (not participants): senior leadership (see response in action), new team members (learning), internal audit. We design participant mix based on scenario and objectives.

Blameless learning environment. Ground rules established upfront: purpose is learning not evaluation, finding gaps is success, no blame for issues discovered, confidential environment, focus on process improvement not individual performance. Facilitation approach: recognize good actions and thinking, frame issues as learning opportunities, root cause analysis not finger-pointing, collective problem-solving, improvement-oriented mindset. Organizations with psychologically safe exercises discover more issues and improve faster.

Progressive metrics across exercises: response time improvements, fewer critical findings over time, faster decision-making, better coordination, more effective communication, reduced procedure gaps, increased team confidence. Maturity indicators: First exercise: 15 findings (many critical). Second exercise: 10 findings (fewer critical, more minor). Third exercise: 5 findings (mostly enhancements). Fourth exercise: Successful validation, minimal findings. Tracking findings across exercises shows resilience maturity trajectory.

Ready to Transform Your Compliance?

Let's discuss your specific needs

Expert Guidance

Swiss Quality Standards

Proven Track Record

Book Your Free Strategy Call