Skip to main content

Exercising and reviewing


Best practice recommends that incident response and business continuity plans are periodically validated through well planned exercises and outcomes captured to further enhance resilience. A risk based approach is used to identify exercise priorities at an institutional level, including an annual exercise programme for the Incident Response Team (Gold) and Estate Patrol. Ad hoc exercises are also used to prepare for specific types of disruption that are considered high risk.

Business Continuity Plan Owners are encouraged to exercise plans at least tri-annually, regardless of the perceived level of risk. A variety of self-service exercises have been developed by the Insurance, Audit and Risk Team for this purpose. The guidance document, containing links to the exercise resources, is available here: Exercise Guidance .‌

If you require the Insurance, Audit & Risk Team to facilitate a more complex exercise, please complete an Exercise Request Form and send it to



All incident response and business continuity plans are reviewed annually by the Plan Owner. The Insurance, Audit and Risk Team provides advance notice that the annual review is due. Plan Owners complete a review checklist as part of the process, to help them consider any changes that are required:

Reviewers may also find it helpful to use the navigation pane to quickly reach individual sections of the documents. Click here for instructions on how to show the Navigation Pane.