How to Run a Tabletop Travel Risk Exercise

How to Run a Tabletop Travel Risk Exercise

If you’ve never tested your travel risk management program, you effectively don’t have one. The policies, emergency contacts, incident response procedures, and evacuation plans you’ve developed have any proven operational value until someone has actually worked through them under pressure. A tabletop travel risk exercise is how you apply that pressure safely, before a real incident forces the question.

ISO 31030 is explicit on this point. It requires not just that incident response plans exist but that they be exercized and reviewed. In our experience auditing TRM programs, untested response plans are among the most consistent findings because running a good exercise feels more complicated than it is. This article demystifies the process.

What a Tabletop travel risk Exercise Is and Isn’t

A tabletop travel risk exercise (TTX) is a structured, discussion-based simulation in which the people responsible for managing incidents walk through a realistic scenario together. A tabletop exercise is not a drill: a drill tests operational execution, i.e. whether people can physically perform their roles or else reach a specific location, while a tabletop exercise tests decision-making and coordination. 

The table part is actually optional. All you would really need would be:

• a physical or digital space
• the right people
• a credible scenario, and
• a strong facilitator who keeps the conversation productive

The goal is not to demonstrate that everything works, but rather to discover what doesn’t. This would include unvalidated assumptions, gaps in coverage, roles no one knew they owned, tools that exist only on paper and so on. A good tabletop exercise surfaces these gaps in a low-stakes environment so that they can be closed before a real incident forces them into the open.

Who Should Be in the Room

When designing a tabletop travel risk exercise, participation should reach well beyond the security or travel team. A real travel incident doesn’t stay in one department. It touches HR (duty of care, employee welfare, family communication), Legal (liability, reporting obligations), Communications (media response, internal messaging), Finance (emergency payments, insurance claims), and senior leadership (decision authority for evacuations or resource deployment). If those functions aren’t in the room during the exercise, the exercise won’t tell you how they interact under pressure.

A well-composed exercise group for a travel security TTX typically includes:

• The person or function that owns TRM day-to-day (security manager, travel manager, or equivalent)
• HR and/or People Operations — particularly if they manage duty of care obligations
• A legal or compliance representative
• A senior leader with authority to make consequential decisions
• Any relevant operational function (field teams, country office leads if applicable)
• Communications or PR if your organization has that function

For smaller organizations, several of these roles may sit with the same person. That’s fine; what matters is that the full range of decision-making is represented, not that you have a large group. Exercises with 6 to 10 participants are often more productive than large ones where half the room is passive.

One additional role deserves explicit attention: that of the facilitator. The facilitator is not a participant in the scenario, but rather the person running the exercise. They present the scenario, introduce new information as the scenario unfolds, ask probing questions when the discussion stalls or stays too shallow, and keep the exercise moving toward its objectives. If the facilitator is also one of the people responsible for TRM, they will find it difficult to do both jobs at once. For your first exercise, consider whether an external facilitator, someone without a stake in how the program performs, might produce more useful results.

Choosing a Scenario

The scenario is the engine of a tabletop exercise. A scenario that is too generic will produce generic discussion. A scenario that is too exotic will make participants feel it doesn’t apply to them. The best scenarios are specific enough to feel real, plausible given your actual operational footprint, and designed to stress-test the particular parts of your response plan you most want to examine.

For a travel security TTX, good scenarios are grounded in things that could actually happen to your travelers in the places they actually go. Some of the most useful scenario types include:

Civil unrest or security deterioration at destination: The security situation at a destination where you have travelers deteriorates rapidly: protests turn violent, a curfew is imposed, flights are disrupted. What information does the organization need, and from where? Who makes the decision to initiate extraction? What is the practical process for getting travelers out? What happens if a traveler declines to leave?

Traveler detained by local authorities: A traveler is detained at a border crossing or by local police. What are the organization’s obligations and options? Who has the authority to engage legal counsel in-country? How does the organization communicate with the traveler’s family? What is the notification chain internally?

Medical emergency in a low-resource environment: A traveler is hospitalized abroad with a serious condition requiring specialist care that is not available locally. What happens? Who is notified, in what order? Who decides whether to medevac? Who coordinates with the insurance provider? Who communicates with the traveler’s family? How long does each step actually take?

Missed check-in with no contact: A traveler in an elevated-risk destination fails to check in at the agreed time. Attempts to reach them by phone and email are unsuccessful. At what point does the organization escalate? What does escalation look like? Who tries to locate the traveler, and how? What is the protocol if contact remains impossible after 12 hours? 24 hours?

Sexual assault or serious crime: A traveler reports being the victim of a serious crime. This scenario is valuable precisely because it is uncomfortable: it tests not just process but culture, the organization’s actual commitment to traveler welfare rather than its documented commitment. Who does the traveler contact? What support is available? What does the organization do in the hours and days following the report?

Each scenario should unfold in stages rather than being presented all at once. Start with an initial situation, then introduce new information (the traveler’s condition worsens, a flight is cancelled, a key member of the response team is unreachable) forcing participants to adapt. This reflects the reality of actual incidents, which rarely arrive with complete information and rarely stay static.

STRUCTURING YOUR TABLETOP Exercise

A well-run travel risk tabletop exercise follows a clear structure. The exercise itself typically runs two to three hours; the preparation beforehand and the debrief afterward are equally important.

Before the Exercise

Define your objectives: What specifically do you want to achieve? “Test our incident response plan” is not a clear enough goal. “Establish whether we can locate a traveler in distress within two hours using our current tools and contacts” is an objective. “Determine whether the decision to initiate a medical evacuation is clearly owned and can be made within a defined timeframe” is an objective. Clear objectives shape the scenario, guide the facilitator’s probing, and give the debrief something concrete to evaluate against.

Choose and prepare your scenario. Write out the scenario in stages, with a clear initial situation and a series of injects: new pieces of information that arrive during the exercise to add complexity and change the situation. Injects might include: a second traveler is now unreachable; the insurance company’s emergency line has a two-hour wait; the traveler’s next of kin has called the CEO directly; local media has reported the incident.

Brief participants in advance. Send participants the basics of what to expect (the format, their role, the approximate duration) but not the scenario itself. The value of a tabletop exercise comes partly from the element of the unexpected. If participants have pre-planned their responses, the exercise tests their preparation rather than their actual decision-making.

Confirm your documentation. Tell participants to bring the actual documents they would use in a real incident: emergency contact lists, insurance policy details, the incident response plan, whatever they have. One of the most reliable discoveries in any tabletop exercise is that people can’t find, or don’t have access to, the documentation they need.

During the Exercise

Open by establishing ground rules. A tabletop exercise is a learning environment, not a performance review. There are no wrong answers. The goal is to surface gaps, not to assign blame for them. Psychological safety matters: participants who feel judged will stay in safe territory; participants who feel genuinely safe will surface the things that actually need fixing.

The facilitator should present the initial situation and let the discussion develop naturally. When the conversation is productive, let it run. When it drifts or stays superficial, ask sharper questions: “Who specifically makes that call?” “What if that person isn’t available?” “How long would that actually take?” “Has anyone done this before?”

Introduce injects at appropriate moments, such as when the discussion has exhausted the current situation, or when the exercise needs to shift toward a different part of the response plan. Keep a note-taker in the room throughout, documenting decisions made, gaps identified, questions raised, and action items flagged.

After the Exercise: The Debrief

The debrief is where the value of the exercise is realized. Run it immediately after the exercise, while everything is fresh. Core questions include:

• What went well in the discussion? Where did the team show clear, effective decision-making?
• Where did the plan break down? What assumptions proved false?
• What did we not know that we needed to know?
• What roles or responsibilities were unclear or unowned?
• What do we need to fix, and who owns each fix?

Document every debrief in a separate after-action report. This report should capture findings clearly, assign remediation actions to named owners, and set timelines for each. Without a written record and named owners, the insights from the exercise tend to dissipate within weeks.

Common Pitfalls to avoid

Limiting participation to TRM staff: If HR, Legal, and senior leadership aren’t in the room, the exercise will not reveal how those functions actually coordinate under pressure.

Choosing an irrelevant scenario: A scenario involving a risk your travelers never actually face will not engage participants and will not surface real gaps. Ground the scenario in your actual operational reality.

Treating it as a pass/fail test: If the purpose of the exercise is to demonstrate that the program works, the exercise will demonstrate that the program works: participants will paper over gaps rather than surface them. Frame it explicitly as a gap-finding exercise.

Skipping the debrief: The exercise without the debrief produces insight; the insight without the after-action report produces conversation. Only the after-action report produces change.

Running it once and considering the obligation discharged: ISO 31030 calls for ongoing testing, not one-time validation. Response plans, personnel, and destinations all change. An exercise that was current 18 months ago may not reflect your current program at all. Annual exercises are the appropriate baseline for most organizations; higher-tempo operations may warrant more frequent testing.

How Tabletop Exercises fit into to Your Broader TRM Program

A tabletop travel risk exercise is most valuable when it sits within a functioning program rather than being a standalone event. It validates or else reveals gaps in the incident response procedures documented in your travel risk management framework. It produces findings that feed directly into a travel risk management audit. It is one of the most effective mechanisms for surfacing the kinds of ISO 31030 compliance gaps, including untested plans, unclear ownership, or missing documentation, that internal reviews tend to understate.

For organizations conducting their first exercise, the after-action report from a single well-run tabletop will typically generate more actionable improvement priorities than months of desk-based program review.

Getting Help

If your organization has never run a travel security tabletop exercise before, the design and facilitation process can feel daunting. Getting the scenario right, asking the right probing questions, and running the debrief in a way that produces genuine candor rather than defensive positioning are all crucial.

Terrain 9 designs and facilitates travel security tabletop exercises for organizations across sectors and geographies, using scenarios grounded in the specific environments our clients operate in. If you’d like to discuss what that looks like in practice, please get in touch.