HSEEP-compliant tabletop exercise packages for corporate security teams.
Generate professional, ready-to-run crisis exercises with complete documentation: Situation Manuals, Facilitator Guides, Master Scenario Events Lists, Evaluator Worksheets, and After-Action Report templates. All aligned to FEMA's Homeland Security Exercise and Evaluation Program (HSEEP), NIMS/ICS doctrine, and ASIS International standards.
Most corporate security teams know they should run tabletop exercises. Most do not, because building a professional exercise package from scratch takes 40-80 hours of specialized work. The few that do often produce exercises that lack doctrinal rigor, skip evaluation frameworks, or fail to generate actionable improvement plans.
This project provides the doctrinal foundation and ready-to-use templates to go from "we should do a tabletop" to "here is the complete exercise package" in hours instead of weeks.
Every exercise package includes 7 deliverables:
| # | Document | Format | Purpose |
|---|---|---|---|
| 1 | Situation Manual (SitMan) | .docx | Primary player document with scenario, modules, and discussion questions |
| 2 | Facilitator Guide | .docx | Run-of-show, contingency injects, SimCell scripts, facilitator tips |
| 3 | Master Scenario Events List (MSEL) | .xlsx | Timed injects with source, target, delivery method, expected actions, and objective mapping |
| 4 | Exercise Overview | .docx | One-page leadership approval document |
| 5 | Evaluator Worksheet | .docx | Observation forms organized by objective with S/AFI classification |
| 6 | Participant Feedback Form | .docx | Likert-scale ratings and open-ended gap analysis |
| 7 | AAR/IP Template | .docx | Full HSEEP-compliant After-Action Report / Improvement Plan structure |
This project is built on real doctrine, not generic templates:
- HSEEP 2020 - Exercise design, conduct, evaluation, and improvement planning
- NIMS/ICS - Organizational structure, command roles, modular scalability
- ASIS International WVPI-2020/AA - Workplace Violence Prevention and Intervention
- ASIS ORM.1 - Organizational Resilience
- CISA - Active shooter and critical infrastructure guidance
- FEMA IS-120/IS-130 - Exercise evaluation principles
A 90-minute exercise for Security, Facilities, and EHS teams (8-12 players). An EF-2 tornado impacts a technology campus. Three modules escalate from NWS watch through facility damage and fleet protection to recovery operations and media response.
Objectives tested:
- Employee notification and accountability
- Facility damage assessment and business continuity
- Fleet/vehicle asset protection
- Crisis communications (internal and external)
Included injects: Contractor accountability gap, generator failure cascade, social media leak, competing media inquiries, VP demanding unsafe building entry, regulatory notification pressure, competitor PR attack.
All references are organization-agnostic. Find-and-replace the bracketed placeholders to customize for your organization.
The exercise design framework supports these scenario types (templates will be added over time):
- Active Assailant - Armed intruder, lockdown, law enforcement coordination
- Cyber Ransomware - IT/OT systems compromise, BC activation, ransom decision
- Insider Threat - IP theft, investigation coordination, legal/HR interface
- Workplace Violence - Threat escalation, protective orders, employee support
- Natural Disaster - Tornado, earthquake, flood, wildfire impact on operations
- Executive Threat - Targeted threat against leadership, protective intelligence
- Supply Chain Disruption - Critical vendor failure, alternate sourcing, regulatory
- Civil Unrest - Protest activity near facilities, employee safety, access control
tabletop-exercise-engine/
SKILL.md # AI skill definition (for Claude/LLM integration)
references/
exercise-design-guide.md # SitMan structure, module design, discussion frameworks
msel-construction.md # MSEL columns, inject types, pacing patterns
role-mapping.md # ICS-to-corporate role mapping, scaling guidance
aar-ip-guide.md # Evaluation methodology, AAR/IP structure, hot wash script
templates/
tornado/
01-SitMan.docx # Ready-to-use Situation Manual
02-Facilitator-Guide.docx # Facilitator playbook with contingency injects
03-MSEL-Workbook.xlsx # Timed injects + Evaluation Tracker + Improvement Plan
04-Exercise-Overview.docx # Leadership approval one-pager
05-Evaluator-Worksheet.docx # Observation and rating forms
06-Feedback-Form.docx # Participant feedback survey
07-AAR-IP-Template.docx # After-Action Report / Improvement Plan
build-sitman.js # Source: SitMan generator (docx-js)
build-facilitator.js # Source: Facilitator Guide generator (docx-js)
build-support.js # Source: Overview, Evaluator, Feedback, AAR generators
build_msel.py # Source: MSEL spreadsheet generator (openpyxl)
- Download the template files from
templates/tornado/ - Open each
.docxand.xlsxfile - Find-and-replace the bracketed placeholders:
[ORGANIZATION]- Your company name[CITY]- Your city[STATE]- Your state[COUNTY]- Your county[NEARBY TOWN]- A town near your facility[HIGHWAY]- A major highway near your facility[LOCAL TV STATION]- Local TV news outlet[LOCAL NEWSPAPER]- Local print/digital newspaper[UTILITY COMPANY]- Your electric utility provider
- Fill in the remaining fields (dates, names, campus headcount)
- Print and run
- Read the reference guides in
references/for doctrinal context - Use the build scripts as starting points for your scenario
- Modify the scenario, injects, and discussion questions
- Generate your package
The SKILL.md file is designed for use with Claude or other LLMs that support skill-based workflows. Point the AI at the skill file and ask it to generate an exercise for your scenario. The references provide the doctrinal grounding for high-quality output.
The template generators use Node.js (docx-js) for Word documents and Python (openpyxl) for Excel:
# Word documents
npm install -g docx
node templates/tornado/build-sitman.js
node templates/tornado/build-facilitator.js
node templates/tornado/build-support.js
# MSEL spreadsheet
pip install openpyxl
python templates/tornado/build_msel.pyContributions welcome. The most valuable additions are:
- New scenario templates - Follow the tornado template structure. Keep all references organization-agnostic with bracketed placeholders.
- Reference guide improvements - Corrections, additional doctrine references, or expanded guidance.
- Translations - Exercise materials in other languages.
Please read CONTRIBUTING.md before submitting.
This project uses a dual license. See LICENSE for full details.
- Code (build scripts,
.jsand.pyfiles): MIT License. Fork it, modify it, use it however you want. - Content (templates, reference guides, exercise documents): Creative Commons BY-NC-SA 4.0. Free for internal use by any organization. Attribution required. Commercial use (resale, consulting deliverables, paid training) requires a commercial license from the author.
What this means in practice: Download the templates, customize them for your organization, and run exercises. That is free and always will be. If you want to resell the content or package it into a commercial offering, reach out for licensing terms.
Tim Reed, CPP
26+ years in corporate security across aerospace, autonomy, high-tech, and intelligence programs. Author of Signals in the Noise: Security, Technology, and the Hidden Patterns of Modern Risk.
- Newsletter: Northern Signal
- LinkedIn: Tim Reed
- Book: Signals in the Noise
This project is not affiliated with or endorsed by FEMA, DHS, ASIS International, or any government agency. Doctrinal references are used for educational purposes and professional alignment.