Exercising

Best practice recommends that incident response and business continuity plans are periodically validated through well planned exercises and outcomes captured to further enhance resilience. A risk based approach is used to identify exercise priorities at an institutional level, including an annual exercise programme for the Incident Response Team (Gold) and Estate Patrol. Ad hoc exercises are also used to prepare for specific types of disruption that are considered high risk.

Business Continuity Plan Owners are encouraged to exercise plans at least tri-annually, regardless of the perceived level of risk. A variety of self-service exercises have been developed by the Insurance, Audit and Risk Team for this purpose. The guidance document, containing links to the exercise resources, is available here: Exercise Guidance.

If you require the Insurance, Audit & Risk Team to facilitate a more complex exercise, please complete an Exercise Request Form and send it to buscont@exeter.ac.uk.

 

Reviewing

All incident response and business continuity plans are reviewed annually by the Plan Owner. The Insurance, Audit and Risk Team provide advance notice that the annual review is due. A review checklist is completed as part of the process, to help Plan Owners consider any changes that are required:

Reviewers may also find it helpful to use the navigation pane to quickly reach individual sections of the documents. A document containing Navigation Pane Instructions has been developed to guide you through this.