Welcome & What is a Tabletop
Understand the basics of digital tabletop exercises and the Breachday glossary.
What is a Tabletop Exercise?
Breachday is software for running tabletop exercises—structured, facilitator-led practice sessions where your team walks through a fictional incident (for example, a ransomware scenario or a major outage) and talks through who does what, when.
The facilitator drives the story using injects (updates and events revealed during the session). Participants join in a browser with a short room code; they do not need a Breachday account.
Afterward, facilitators can capture reports and follow-up items so the exercise doubles as evidence that you rehearsed your plans—not just a slide deck.
User Personas
| Persona | Typical goals | Account? |
|---|---|---|
| Organization admin | Paying for the org, inviting teammates, org name/logo, billing, sometimes security settings | Yes |
| Facilitator | Builds or picks scenarios, starts the live session, releases injects, may add notes, generates reports | Yes |
| Observer | May watch or support depending on how the org uses roles | Yes |
| Participant | Joins the live exercise in their role (e.g. Legal, IT), responds when prompted | No account—room code + display name |
[!NOTE] Managed service providers (MSPs): Some customers are consultancies that run exercises for their clients. Those users may switch between their own org and client orgs after being granted access.
Breachday Glossary
- Exercise / scenario — In everyday copy, you can say “exercise” or “scenario.” In the product, facilitators work from templates (saved setups) that include a scenario (story, objectives, phases) and injects (the events that unfold).
- Inject — A piece of the story delivered at a point in time (e.g., “News reports a data leak”). May ask for a written response or a vote.
- Phase — A labeled chapter of the exercise (e.g., Detection, Recovery). Helps group injects so the session feels organized.
- Role — A seat at the table (e.g., Incident Commander, Legal). Your org can define custom roles (within plan limits). Each live session uses role seats derived from those roles.
- Room code — A short code (letters/numbers) that lets participants join the right live session. Share it verbally, in chat, or via a join link.
- Facilitator view — The screen used to control the session: start/pause, move phases, release injects, see responses.
- Participant view — Simpler screen: see what has been released, respond when asked, vote when asked.
- Report — A structured summary after the session (timeline, responses, etc.). Availability of formats depends on your subscription.
- Lessons learned — Optional follow-up action items or improvements tracked after exercises.
- IT assets — A catalog of important systems (apps, networks, SaaS) used in business continuity planning.
- BIA (Business Impact Analysis) — Critical business processes and how they depend on people, systems, or vendors.
- Crisis communications — Templates and workflows for stakeholder messaging during a crisis.