Exercising and reviewing
Exercising
Best practice recommends that incident response and business continuity plans are periodically validated through well planned exercises and outcomes captured to further enhance resilience. A risk based approach is used to identify exercise priorities at an institutional level, including an annual exercise programme for the Incident Response Team (Gold) and Estate Patrol. Ad hoc exercises are also used to prepare for specific types of disruption that are considered high risk.
Business continuity leads should exercise their plans at least once every three years, or more often depending on the size and complexity of the activities covered. This is to ensure colleagues are familiar with the plans and that the recovery processes are effective. The Insurance, Audit and Risk Team has developed an exercise toolkit for this purpose. The resources can be downloaded from the SharePoint site: IART – BC exercise toolkit. Business continuity leads can then customise the exercise materials to suit their needs.
If you require the Insurance, Audit & Risk Team to facilitate a more complex exercise, please complete an Exercise Request Form and send it to buscont@exeter.ac.uk.
Reviewing
All incident response and business continuity plans are reviewed annually by the Plan Owner. The Insurance, Audit and Risk Team provides advance notice that the annual review is due. Plan Owners complete a review checklist as part of the process, to help them consider any changes that are required:
- Checklist for the full BIA and BCP templates: BCP Annual Review Checklist
- Checklist for the Quick Start BIA and Abbreviated Business Continuity Plan templates: QS BC Annual Review Checklist
Reviewers may also find it helpful to use the navigation pane to quickly reach individual sections of the documents. Click here for instructions on how to show the Navigation Pane.