Designed for Realism.
Built for ease.
Every feature in Breachday is built to mimic real-world incident response pressure while keeping facilitation smooth, and to turn every exercise into compliance-ready evidence.
Default and CTEP-based templates + a builder for the rest
Your scenario prep no longer lives across a dozen spreadsheet tabs. Start with default Breachday scenarios drawn from real-world public breaches, or pick a CTEP-based sector template and run it today. Clone any template and customize the narrative, phases, injects, and decision prompts to match your environment.
- ✓ Default Breachday scenarios based on real public breach patterns
- ✓ CTEP-based sector templates (Plus / Pro)
- ✓ Phase-based timeline: Detection → Containment → Recovery
- ✓ Inject types: situation update, escalation, decision required, curveball
- ✓ Attach simulated artifacts (logs, emails, screenshots) to any inject
Custom role seats & live facilitation
Eliminate login friction. Participants join via a 4-character room code and claim a role seat your org defines: Incident Commander, Comms, Legal, IT/Security, Operations, or anything else. Facilitators control phase progression, release injects on demand, and capture per-inject observations during the live session.
- ✓ No accounts for participants
- ✓ Custom role seats with org-defined labels and colors
- ✓ Real-time presence — see who's in the room
- ✓ Response modes: vote, freeform text, or read-only situation update
- ✓ Session lifecycle: Lobby → Active → Paused → Completed
- ✓ Up to 8 custom roles on Starter, unlimited on Plus / Pro
Maya Chen
JoinedTheo Brennan
JoinedPriya Nakamura
JoinedCompliance
Audit-ready after-action reports
Every action, decision, and observation is captured live and rolled up into a branded report your auditors will actually accept. The days of reconstructing a tabletop from memory three weeks later are over.
- ✓ Chronological timeline of every inject and response
- ✓ Per-inject vote tallies, freeform responses, and observations
- ✓ Affected IT assets and BIA processes exercised
- ✓ Facilitator notes and participant roster
- ✓ Branded PDF (with your logo) and structured JSON export
After Action Report
Executive Summary
Lessons learned tracker
The exercise is only useful if the gaps actually get fixed. Capture action items during or after every session, assign owners, and track them through to resolution from a single dashboard.
- ✓ Title, description, owner, and status (Open / In Progress / Completed / Cancelled)
- ✓ Kanban board for dragging action items through to resolution
- ✓ Linked to the originating exercise session for full context
- ✓ Dashboard widget surfaces overdue follow-ups
- ✓ Auditors see closure evidence, with a clear trail from finding to fix
IT Asset Register & BIA
Tabletop exercises shouldn't live in a vacuum. Maintain your critical systems and business processes inside Breachday and link them directly to scenarios, so reports show exactly which assets and processes were exercised.
- ✓ Asset register: applications, servers, data stores, networks, SaaS, vendors
- ✓ RTO / RPO targets, criticality, and ownership per asset
- ✓ Vendors, assets, processes, and roles all linkable together as dependencies
- ✓ Business Impact Analysis with process → asset / role / vendor dependencies
- ✓ Link "Affected systems" and "Processes in focus" to any scenario
- ✓ 50 IT assets, vendors & BC processes each on Plus; unlimited on Pro
SaaS
2h
15m
Data
4h
5m
SaaS
1h
—
Crisis Communication Plans
When something actually breaks, no one should be writing the customer email from scratch. Build pre-approved communication templates for customers, employees, regulators, and the press, then exercise them live.
- ✓ Custom and system communication plan templates
- ✓ Link plans to live exercise sessions
- ✓ PDF and packet export for crisis runbooks
- ✓ Aligns with SEC 4-day disclosure and SOC 2 communication controls
Ready to run better exercises?
Stop fighting document version control and start focusing on your team's incident readiness.
Book a Demo