Incident Response Planning & Readiness Workshops

A tabletop exercise is a facilitated, discussion-based simulation of a security incident. Participants (typically leadership, IT, legal, and communications) walk through a realistic scenario, making decisions about containment, communication, and recovery. The purpose is to test your incident response plan, identify gaps, and build team confidence without the pressure of a real incident.

At minimum annually, as required by most compliance frameworks. We recommend semi-annual exercises with different scenarios (one focused on leadership decision-making and one on technical response). Additional exercises should follow major organizational changes or real incidents.

At minimum: executive leadership (CEO/COO), IT/security, legal counsel, and communications/PR. Depending on the scenario, HR, finance, and key business unit leaders should also participate. Incident response is an organizational function, not just IT.

No. If you do not have a plan, we develop one as part of the engagement. If you have an existing plan, we assess it, identify gaps, and update it before running exercises. The workshop validates the plan and reveals areas for improvement.

We design scenarios based on threats relevant to your industry and environment: ransomware attacks, business email compromise, data breaches, insider threats, supply chain compromises, and denial of service. Each scenario is customized to your technology stack and business context.

Under PIPEDA, organizations must report breaches involving personal information to the Privacy Commissioner and notify affected individuals if the breach creates a real risk of significant harm. Notification must occur as soon as feasible. Ontario’s PHIPA has similar requirements for health information. Our incident response plans include specific procedures for meeting these obligations.