Exercises can be used for validating policies, plans, procedures, training, equipment, and inter-organizational agreements; testing information and communication technology disaster recovery systems; clarifying and training personnel in roles and responsibilities; improving inter-organizational coordination and communications; identifying gaps in resources; improving individual performance; identifying opportunities for improvement; and, providing a controlled opportunity to practice improvisation.
ISO 22398 is intended for use by anyone with responsibility for ensuring the competence of the organization's personnel, particularly the leadership of the organization, and those responsible for managing exercise programmes and exercise projects.
Dean Larson (USA), the project leader responsible for writing ISO 22398, explains:
"Exercises are an important management tool intended to identify gaps and areas for improvement as well as to determine the effectiveness of response and recovery strategies. In addition to measuring the competence of the organization and its personnel, exercises are excellent tools to assess revised plans and changed programmes for completeness, relevancy and accuracy."
ISO 22398:2013, Societal security – Guidelines for exercises, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.