Incident Management Training for IT Operations

Level 1: Onsite

Simulated Technology Failure

Each group to resolve assigned IT incident response scenario(s) within assigned time frame.


  • Identify SEV or P level for the incident.
  • Create a list of SMEs, vendors, executives, etc. that would be dispatched to the incident.
  • Draw an org chart depicting all the incident responders identified above.
  • Draft an overall Mission Objective for the response.
  • Draft a CAN report for the primary resolution plan and Plan B.
  • Identify any unique aspects or challenges of the response that may pose a challenge to the resolution effort.
  • List the cadence and potential audiences for any briefings that need to occur outside the resolution effort.
  • LNO delivers the scenario briefing in the main session at the conclusion of the exercise.
  • LNO may be called back to the main session to update UC. There may also be other injects to the exercise by Blackrock 3 staff.

Breakout Room

Incident Commander (IC)

  • Appoint key positions.
  • Brief team with a CAN report.
  • Delegate and set time contracts.
  • Drive the discussion  toward resolution plans A & contingency plan B, integrating information from team members.
  • Watch the time!

Liaison Officer (LNO)

  • Keep your own notes of key actions, decisions and benchmarks 
  • Deliver briefings when directed.

Main Room

Deliver an IMS briefing related to the incident.


  • Capture details and key events, documenting the incident.
  • Screen share your document throughout the exercise.

Main Room

Screen share your Scribe document when asked. Then, submit using the form below.


  • Confirm tasks received
  • Report back to the IC on the tasks you are assigned.
  • Make up any missing details. You do NOT need to access real life data sources.
  • Support the incident resolution effort.
Click or drag a file to this area to upload.