Designed for Realism.
Built for ease.
Every feature in Breachday is crafted to mimic real-world incident response pressure while keeping facilitation smooth — and turning every exercise into compliance-ready evidence.
Default and CTEP-based templates + a builder for the rest
Stop wrangling spreadsheet tabs. Start with default Breachday scenarios drawn from real-world public breaches, or pick a CTEP-based sector template and run it today. Clone any template and customize the narrative, phases, injects, and decision prompts to match your environment.
- ✓ Default Breachday scenarios based on real public breach patterns
- ✓ CTEP-based sector templates (Plus / Pro)
- ✓ Phase-based timeline: Detection → Containment → Recovery
- ✓ Inject types: situation update, escalation, decision required, curveball
- ✓ Attach simulated artifacts (logs, emails, screenshots) to any inject
Custom role seats & live facilitation
Eliminate login friction. Participants join via a 4-character room code and claim a role seat your org defines — Incident Commander, Comms, Legal, IT/Security, Operations, or anything else. Facilitators control phase progression, release injects on demand, and capture per-inject observations during the live session.
- ✓ No accounts for participants
- ✓ Custom role seats with org-defined labels and colors
- ✓ Real-time presence — see who's in the room
- ✓ Response modes: vote, freeform text, or read-only situation update
- ✓ Session lifecycle: Lobby → Active → Paused → Completed
- ✓ Up to 8 custom roles on Starter, unlimited on Plus / Pro
Incident Cmdr
JoinedLegal
Waiting...Comms
Waiting...Add Role
Audit-ready after-action reports
Every action, decision, and observation is captured live and rolled up into a branded report your auditors will actually accept. No more reconstructing a tabletop from memory three weeks later.
- ✓ Chronological timeline of every inject and response
- ✓ Per-inject vote tallies, freeform responses, and observations
- ✓ Affected IT assets and BIA processes exercised
- ✓ Facilitator notes and participant roster
- ✓ Branded PDF (with your logo) and structured JSON export
After Action Report
Executive Summary
Lessons learned tracker
The exercise is only useful if the gaps actually get fixed. Capture action items during or after every session, assign owners, and track them through to resolution from a single dashboard.
- ✓ Title, description, owner, and status (Open / In Progress / Completed / Cancelled)
- ✓ Linked to the originating exercise session for full context
- ✓ Dashboard widget surfaces overdue follow-ups
- ✓ Auditors see closure evidence, not just exercise records
IT Asset Register & BIA
Tabletop exercises shouldn't live in a vacuum. Maintain your critical systems and business processes inside Breachday and link them directly to scenarios — so reports show exactly which assets and processes were exercised.
- ✓ Asset register: applications, servers, data stores, networks, SaaS
- ✓ RTO / RPO targets, criticality, and ownership per asset
- ✓ Business Impact Analysis with process → asset / role / vendor dependencies
- ✓ Link "Affected systems" and "Processes in focus" to any scenario
- ✓ 100 assets on Plus, unlimited on Pro
SaaS
2h
15m
Data
4h
5m
SaaS
1h
—
Crisis Communication Plans
When something actually breaks, no one should be writing the customer email from scratch. Build pre-approved communication templates for customers, employees, regulators, and the press — then exercise them live.
- ✓ Custom and system communication plan templates
- ✓ Link plans to live exercise sessions
- ✓ PDF and packet export for crisis runbooks
- ✓ Aligns with SEC 4-day disclosure and SOC 2 communication controls
Ready to run better exercises?
Stop fighting document version control and start focusing on your team's incident readiness.
Book a Demo