Exercise Materials

Download your role-specific player pack below. You’ll use this during the exercise.

Each pack contains:

  1. The information available to your role

  2. Key signals and updates as the scenario progresses

  3. Context to support discussion and decision-making

Before We Start:

Open your player pack
Skim your role and initial information
Don’t try to get ahead of the scenario — details will unfold during the session

During the Exercise:

Work from your role’s perspective
Share what you know with the group
Expect incomplete and sometimes conflicting information

Download Your Role Pack

Incident Commander (IC)
Service Owner (Billing & Payments)
Vendor Coordination / TPRM Lead
Customer Operations Lead
Security Lead
Communications Lead
Legal

Additional GRF Business Resilience Council Events and Materials

GRF Summit on Security & Third-Party Risk

The 9th Annual Summit on Security & Third-Party Risk is looking for practitioner-presenters to share their expertise on topics including third-party risk management, cloud security, emerging cybersecurity threats, and AI threat mitigation and management. The conference will take place at the Loews Sapphire Falls Resort at Universal Orlando, October 21-23, 2026. Attendees at this multi-sector event will gain an understanding of how peers - and other industries - are managing risk, and leave the conference better armed to defend their organizations. 

Submit proposals here: https://www.grf.org/cfp2026

Learn more about the event here: https://www.grf.org/summit2026

AI Interrupted: A Multi-Sector Tabletop Exercise

AI is quickly becoming a critical dependency for customer support, software delivery and core business workflows. What happens when AI is impaired?

GRF’s Business Resilience Council is hosting a complimentary, cross-sector, virtual tabletop exercise offered on April 2 at 1pm ET and June 24 at 8am ET

Bring your security, risk, and resilience teams – and invite your peers, colleagues, partners, vendors and suppliers. Together, we need to navigate the new risks introduced by these rapid advancements. Register here: https://www.grfbrc.org/orf-exercise-reg

Operational Resilience Framework

Traditional disaster recovery and business continuity efforts have focused on data recovery with little regard for providing services in an impaired state. In 2021, Global Resilience Federation’s Business Resilience Council (BRC) launched a multi-sector working group to develop the Operational Resilience Framework (ORF) to help solve that challenge. The framework provides rules and implementation aids that support a company’s recovery of immutable data, while also – and uniquely–  allowing it to minimize service disruptions in the face of destructive attacks and events. The ORF was developed to be broadly applicable and is aligned with existing controls like those from NIST and ISO. 

Download the ORF, Maturity Model, Implementation Aides, joint paper with NACHA, and the After Action Report for a wiperware exercise impacting ACH payment systems. Read more: https://www.grf.org/orf