Division of General Counsel, Governance and Compliance

Business Continuity and Risk Management

Most decisions we make involve risks and opportunities. In a similar way, the University will be exposed to risk when pursuing its objectives. The purpose of risk management is to provide a framework to enable managers to identify, assess and treat risks and harness opportunities so that the University can operate effectively and sustainably.

Business continuity considers the risk of disruption to the University’s activities. The aim of business continuity management is to develop resilience within the University’s Schools and Professional Services by raising awareness of the potential for disruption and maintaining plans for responding to incidents.

Ben Toogood is the University's Risk and Resilience Senior Manager. He can be contacted on B.P.Toogood@sussex.ac.uk.

Further information regarding the Protection of National Infrastructure can be found here.

You can find further resources relating to these areas below:

Business Continuity & Emergency Planning

Emergency Planning and Business Continuity

Risk Management

In this context, risk is uncertainty which can affect our objectives. The University will inevitably be exposed to risks when trying to achieve its objectives, so risk management is necessary to identify, assess and treat risks to ensure that exposure is maintained at tolerable levels and that opportunities are taken appropriately.


To this end, the University maintains a Statement of Risk Appetite and Tolerance to describe the amount and type of risk the University will need to take in order to fulfil its objectives and to set the parameters for exposure.


A rigorous approach to risk management will protect the University from potentially damaging events, safeguard its reputation and provide assurance that its objectives are likely to be achieved.


Our Risk Management Framework  defines and communicates the governing principles of the University’s risk management arrangements, and this aims to align with recognised good practice.


Risk Management will form part of the University’s internal control arrangements and complement the resource allocation process within normal operations and strategic development programmes. The University Executive Team’s Risk Management Board regularly review the University’s key strategic risks, which will be recorded and monitored via the Institutional Risk Register.


At the operational level, School and Divisional Risk Registers are held on the Risk Assurance Platform (RAP) and these are reviewed and updated on a termly basis.


If you require access to the RAP, please contact Ben Toogood, Senior Risk and Resilience Manager b.p.toogood@sussex.ac.uk


The Guidance Notes for using the RAP are included for those who are responsible for reviewing and updating their School/Divisional Risk Registers via the RAP.