About this exercise
The GRF Business Resilience Council's ORF Tabletop Exercise series challenges teams to test resilience, refine incident response, and share best practices through panel-led discussions with real-time inputs and data aggregation. Participants deepen their understanding of service dependencies and their ability to adapt and maintain operations across threat types.
In this iteration
Cybersecurity, risk, operations, and resilience leaders will work through a decision-driven scenario focused on third-party service disruption, testing how organizations detect, restrict, disconnect from, operate without, and safely reconnect to a critical third-party platform during uncertainty.
Exercise Goals
Test third-party disconnect / reconnect readiness
Examine your organization's ability to detect, assess, restrict, disconnect from, operate without, validate, and reconnect to a critical third-party service under uncertainty.
Clarify decision criteria, authorities, and communications
Identify the evidence, permissions, governance forums, stakeholder communications, and risk-acceptance considerations required to make disconnect and reconnect decisions.
Strengthen operational resilience during disruption
Explore how organizations sustain priority operations, manage degraded service, address dependency gaps, and protect customer-facing activities when a third-party platform can no longer be fully trusted.
Support collective resilience and peer learning
Compare approaches across participating organizations and sectors to surface practical lessons, shared challenges, and reusable practices that improve resilience to third-party disruptions.
Outcomes
Participants will surface gaps in their disconnect/reconnect decision frameworks, test minimum viable operations during third-party degradation, clarify authority and risk-acceptance structures, and gain actionable insights to strengthen collective resilience against third-party disruptions.
Frequently Asked Questions
Who should attend?
This exercise is designed for professionals in cybersecurity, risk, operations, IT, legal, communications, and business continuity who have a role in managing or responding to third-party service disruptions. Not every role listed needs to be present from a single organization. The goal is cross-sector representation.
Do I need technical knowledge to participate?
No. The scenario is designed to be accessible across roles. The focus is on decision-making, governance, and coordination, not technical remediation.
How will the exercise be conducted?
Participants are polled anonymously. The crowdsourced responses are discussed by the panel, analyzed, and later captured in an after-action report. Participants further their strategic understanding of service dependencies and their organization's ability to adapt and maintain operations.
Will this be a live cyberattack simulation?
No. This is a strategic discussion exercise, not a hands-on technical simulation. The focus is on decision-making and response planning. IT and third-party dependencies will be on display, and business priorities will determine response objectives.
Do I need to prepare anything in advance?
While no formal preparation is required, participants will benefit from reviewing their organization's incident response and operational resilience plans. Reviewing the
Operational Resilience Framework is also highly encouraged.
How long will the exercise last?
The exercise is expected to last 3 hours, including scenario discussions and a debrief.
Will there be a post-exercise report?
Yes. An After-Action Report (AAR) will be provided to all participants, capturing key findings, lessons learned, and recommended actions.
