Exercising and reviewing
Best practice recommends that incident response and business continuity plans are periodically validated through well planned exercises and outcomes captured to further enhance resilience. A risk based approach is used to identify exercise priorities at an institutional level, including an annual exercise programme for the Incident Response Team (Gold) and Estate Patrol. Ad hoc exercises are also used to prepare for specific types of disruption that are considered high risk.
Business Continuity Plan Owners are encouraged to exercise plans at least tri-annually, regardless of the perceived level of risk. A variety of self-service exercises have been developed by the Insurance, Audit and Risk Team for this purpose. The guidance document, containing links to the exercise resources, is available here: Exercise Guidance .
All incident response and business continuity plans are reviewed annually by the Plan Owner. The Insurance, Audit and Risk Team provides advance notice that the annual review is due. Plan Owners complete a review checklist as part of the process, to help them consider any changes that are required:
- Checklist for the full BIA and BCP templates: BCP Annual Review Checklist
- Checklist for the Quick Start BIA and Abbreviated Business Continuity Plan templates: QS BC Annual Review Checklist
Reviewers may also find it helpful to use the navigation pane to quickly reach individual sections of the documents. Click here for instructions on how to show the Navigation Pane.