Documenting Entity Plan Drills/Exercises
There is no prescribed method for recording or documenting these activities, and the regulations do not specify precisely what should be included. However, the entity should develop a method that records:
- An identification of which plan or plans have been drilled or exercised;
- A brief description of the drill or exercise;
- The date or dates of the activity;
- The personnel from the registered entity who were involved (we also recommend providing the names of the agencies that participated);
- A brief description of the outcome of the activity (i.e., procedures confirmed or problems identified); and recommendations or suggestions to address any necessary change(s) to a plan, entity policy, and/or operating procedure (i.e., corrective action).
The following steps represent FSAP best practices. It is not a requirement to follow them, but doing so may help the entity best improve their plans based on the drills and exercises.
- Implement any recommended changes in policy or operating procedure relevant to security, biosafety or incident response an updated plan, including the date the change was made.
- Include a dated revision history for each plan, either placed within the plan itself or held separately, as a means for tracking changes. See the Drill/Exercise Documentation template for an example of what an entity may utilize to capture and track their drill or exercise activities.
- Develop a consistent and organized program to ensure the entity meets the regulatory requirement for drills or exercises.