The NHS Information Centre Business Continuity Plan

Transcription

1 The NHS Information Centre Business Continuity Plan Customer: Division/Project number: Project Manager: The NHS Information Centre Project/Document reference: Issue: Issue date: July 2008 Status: Distribution: Draft Issue Prepared by: Reviewed: Approved (NHSIA): Martin Liddament

2 Amendment history All formal issues to this document are recorded below. Subsequent to Definitive Issue 1.0, all issues must record reasons for change, either by reason or by reference to the Change Form (Appendix C). Date Issue Status Initials Reason for Change September First Draft ML First rough draft for initial discussion October Second Draft ML Incorporating initial Group feedback and significantly shortened. October Third Draft SL / ML Tidying up October Fourth Draft SL / ML Final tidying up October Fifth Draft SL / ML Paper for Audit & Risk subcommittee of Board November Sixth Draft ML Revisions following Audit & Risk sub-committee of Board December Seventh Draft ML Further revisions following Audit & Risk sub-committee of Board: Risks to Plan added January Eighth Draft ML Further revisions following receipt of other ALB s plans July Ninth Draft KB Updated the EMT members list & emergency number 2

3 Table of Contents Page (1) Introduction...4 (2) Purpose...4 (3) Scope...5 (4) Roles and responsibilities...6 (5) EMT Members...7 (6) Cascade Process...7 (7) Ownership and Distribution...7 (8) Risk Analysis...8 (9) Incident Notification...10 (10) Incident Analysis...11 (11) Incident Definitions...12 (12) Communications Strategy...13 (13) Command Centres...14 (14) Disaster Recovery Packs...14 (15) BCP Maintenance...15 (16) Training and Awareness...16 (17) Testing...17 (18) Risks to the Business Continuity Plan...18 (19) Incident Checklist...19 Appendices 1. IT Disaster Recovery Plan 2. Trevelyan Square Bomb Evacuation Plan 3. Fire Evacuation Plan 4. Individual Team Disaster Recovery Plans 3

4 Business Continuity Plan 1. Introduction The NHS Information Centre mission is to become recognised as a source of high quality, authoritative comparative data to support improvement in front line health and social care delivery. In order to achieve this goal, The NHS Information Centre recognises that its most important asset is its people. The purpose of this plan is to make sure that in the event of a disaster or emergency, staff are protected and supported to become productive again as soon as possible. As the document suggests, business continuity involves thinking ahead in order to avoid or mitigate risk, taking corrective action and being in control of the outcome of an emergency. The Business Continuity Plan (BCP) sets out procedures for managing an emergency incident and its immediate aftermath. By planning for an orderly recovery, it limits the impact on employees, offices and critical business functions. 2. Purpose The NHS Information Centre recognises the potential operational and financial losses associated with a major service interruption, and the importance of maintaining viable recovery strategies. This BCP is intended to provide a framework for the Emergency Management Team (EMT) to follow in the event of an incident such as fire, flood, bomb or terrorist attack, power and/or communication failure or any other emergency that may impact upon the daily operations of The NHS Information Centre. The main purpose of this BCP is to: Formalise the process for emergency incident notification within The NHS Information Centre offices Ensure all NHS Information Centre offices will be supported by the EMT Develop guidelines for recovery planning, maintenance and testing for all business continuity plans throughout The NHS Information Centre. This BCP also sets out accountabilities and procedures to minimise the effect of an emergency on The NHS Information Centre. This will reduce the number of decisions that must be made following an incident or business interruption. However, it is essential that procedures are kept flexible. It is not realistic to expect to be able to follow a detailed, pre-defined set of actions or work to fixed timescales in the middle of an emergency. 4

5 The primary objectives therefore are to: Maximise the safety and security of all NHS Information Centre workers, visitors & stakeholders. Open easily-accessed communications channels for staff and stakeholders and maintain a flow of timely, good-quality information and instructions for the duration of the incident and during the recovery phase. Provide the Emergency Management Team with a tested plan which, when invoked, will provide direction and guidance to help bring about an efficient and timely recovery of the interrupted business operation. Minimise the inconvenience and potential disruption to users and clients. Minimise financial or operational impacts that could seriously jeopardise The NHS Information Centre. Protect The NHS Information Centre s public image and minimise legal consequences. Lead and support business continuity. 3. Scope The severity of possible incidents is measured later in this document; however, it is useful to give examples of what might be considered an event that would invoke this plan. The following list is not exhaustive and judgement will be applied in each case. Unavailability of premises for more than 5 working hours caused by fire, flood or other incidents Serious injury to, or death of, staff whilst in the offices Significant chemical contamination of the working environment Significant numbers of staff prevented from reaching The NHS Information Centre premises, or getting home, due to bad weather or transport issues Terrorist attack or threat affecting transport networks or the office locations Theft or criminal damage severely compromising the organisation s physical assets Major electronic attacks or severe disruption to the IT network and systems Denial of access to key resources and assets Illness / epidemic striking the population and therefore affecting a significant number of staff Outbreak of a serious disease or illness in the working environment Simultaneous resignation or loss of a number of key staff Widespread industrial action Significant fraud, sabotage or other malicious acts Violent incidents affecting staff. The plan provides for the recovery of time-sensitive business operations in accordance with predetermined time frames and for the resumption of less time-sensitive business operations as required and finally, a return to a permanent operating environment. The plan addresses how the EMT will react to, and assist with, the recovery of all NHS Information Centre s offices. 5

6 However, the plan does not address building evacuation procedures or individual office evacuation plans, which are all covered in separate documents, although for completeness these procedures are attached to this document as appendices. Individual senior managers are required to assess their specific area of expertise and plan actions for any necessary recovery phase, setting out procedures and staffing needs and specifying any equipment or technical resource which may be required in the recovery phase. 4. Roles and responsibilities In order for The NHS Information Centre to develop a good long-term business continuity capability, it is essential that all staff take on an appropriate level of responsibility. Area/Function NHS Information Centre Senior Management Department Heads All Colleagues Emergency Management Team (EMT) Responsibilities Implementation of this policy and standards. Review of business continuity status and the application of the policy and standards in all business undertakings. Enforce compliance through assurance activities. Provision of appropriate levels of resource and budget to achieve the required level of business continuity competence. Ensure information governance standards continue to be applied to data and information during an incident. Maintain good awareness of all business continuity activity within their business areas. Provide feedback to business leaders about the currency and effectiveness of their departmental disaster recovery plan in the context of the corporate business continuity plan. Ensure that departmental disaster recovery plans are regularly reviewed, tested and exercised in the context of the corporate business continuity plan. Act as a conduit for dissemination of information, guidelines, programmes of activity etc to all management and staff Facilitate a group/cross business area approach to business continuity where appropriate. Ensure information governance standards continue to be applied to data and information during an incident. Achieve an adequate level of general awareness regarding business continuity. Be aware of the contents of own business area s disaster recover plan and any specific role or responsibilities allocated. Participate actively in the business continuity programme where required. Ensure information governance standards continue to be applied to data and information during an incident. Are responsible for the overall management of the crisis, providing strategic direction and co-ordination of service recovery efforts. 6

7 5. EMT Members The selected EMT members are: Chief Executive (may not be able to attend all meetings see cascade list below) Tim Straughan. Director IT Martin Liddament Director of Finance Stephen Leathley Director of Information Governance Clare Sanderson Head of HR Tim Roebuck Head of Media Fraser Woodward Head of Contact Centre Jane E Moore Procurement Estates Manager - William Hewitt Facilities Manager Ginger Buckland IT Operations Manager Kevin Johnson Programme Manager Operations Madeleine Watson Senior Business Support Karen Brisco It is the responsibility of each of these members to assign a deputy to cover their position. 6. Cascade Process While the EMT provides the immediate management functions needed to handle an incident, it will also be necessary for it to have access to the Chief Executive and Directors. In the event of the CEO and / or some or all of Directors being unavailable, the following cascade structure will be adopted: 1. Chief Executive Tim Straughan 2. Director of Finance Stephen Leathley 3. Director of Operations Andy Sutherland 4. Director of Business Development Phil Wade 5. Director of Information Governance and Quality Clare Sanderson 6. Executive Medical Director Mark Davies If an emergency situation is so extreme or unusual that the CEO and Directors are not available and are unlikely to be contactable or are unable to engage with the situation within the timescales needed to resolve it, then the EMT is required to nominate one of its members to contact The Department of Health to request guidance and assistance. 7. Ownership and Distribution The BCP will be owned by the EMT who will also be responsible for change control, maintenance and testing of the plan. Each EMT member and their appointed deputies will have two hard copies of the BCP allocated to them. It is intended that one copy should be located at the holder s home address so it is easily accessible and the second in a BCP folder at their base office. It is advisable that the BCP folder also contains recovery procedures, contacts, lists of vital materials or instructions on how to obtain them. 7

8 8. Risk Analysis Throughout this BCP it is acknowledged that the risks to our stakeholders resulting from a large or catastrophic incident affecting The NHS Information Centre are relatively low. When compared with the impact of major incidents on many private sector or NHS bodies, a disaster striking The NHS Information Centre would affect its operations and its staff, but the work of its customers would not be severely disrupted. The NHS Information Centre s primary purpose and products are not necessarily so time sensitive that a major interruption of systems for a reasonably lengthy period will have a serious impact on customer service. For instance, if the Finance systems using SBS were unavailable for up to a calendar month then the impacts on producing financial information or on cash flow are not overly significant. Similarly most NHS Information Centre hosted websites are largely used for access to information. Disruption to these services, whilst inconvenient to customers, is not critical - the 2006 incident in Hemel Hempstead that took down the Northgate IT centre resulted in the HES system being off-line for a month, causing some inconvenience, but not a major disaster. The NHS Information Centre outsources its IT infrastructure and associated technical controls to Computer Sciences Corporation (CSC) which also hosts a large number of Department of Health and NHS systems. It is acknowledged that The NHS Information Centre service portfolio will be relatively low priority for CSC in the event of a major incident affecting its computer facilities. Quite rightly, front-line NHS Trust systems would be reactivated first. Thus, in addition to this BCP, a risk register has been created to identify the key areas of NHS Information Centre activity that require to be addressed as a priority and ensure that internal managers and external providers have prioritised them accordingly. Prioritised likely incidents (Likelihood and Impact scales = 1 (low) 5) Incident Likelihood Impact Plan robustness and mitigation 1 Unavailability of premises for more than 5 working hours caused by fire, flood or other incidents 3 4 Plan robust. Mitigation is by home working, use of centralised communications channels and use of 2 Major electronic attacks or severe disruption to the IT network and systems 3 Terrorist attack or threat affecting transport networks or the office locations 4 Denial of access to key resources and assets 5 Significant numbers of staff prevented from reaching NHS Information Centre premises, or an emergency command centre. 3 4 Plan robust. Sub-plan for IT disaster recovery in place. NHS Information Centre data is duplicated across geographically remote sites. Equipment re-building and stand - alone working possible as a temporary measure. Prioritised restoration of SharePoint and systems would allow remote workers to use non-nhs Information Centre equipment securely to reduce dependency on corporate equipment. 3 3 Plan robust. Mitigation is by home working and use of centralised communications channels. 3 3 Plan robust. Mitigation is by home working and use of centralised communications channels. 4 2 Plan robust. Mitigation is by home working, use of centralised communications channels and use of 8

9 getting home, due to bad weather or an emergency command centre. transport issues Incident Likelihood Impact Plan robustness and mitigation 6 Theft or criminal damage severely compromising the organisation s physical assets 2 3 Plan robust. Sub-plan for IT disaster recovery in place. NHS Information Centre data is duplicated across geographically remote sites. Equipment re-building and standalone working possible as a temporary measure. Prioritised restoration of SharePoint and systems would allow remote workers to use non-nhs Information Centre equipment securely to reduce dependency on 7 Significant chemical contamination of the working environment 8 Serious injury to, or death of, staff whilst in the offices 9 Illness / epidemic striking the population and therefore affecting a significant number of staff 10 Outbreak of a serious disease or illness in the working environment 11 Simultaneous resignation or loss of a number of key staff corporate equipment. 1 4 Plan robust. Mitigation is by home working, use of centralised communications channels and use of an emergency command centre. 2 2 Plan robust. Mitigation is by use of centralised communications channels and co-ordination between internal teams via EMT. 1 3 Plan robust. Mitigation is by home working, use of centralised communications channels and coordination between internal teams via EMT. 1 3 Plan robust. Mitigation is by home working, use of centralised communications channels and coordination between internal teams via EMT. 1 2 Plan robust. Mitigation is by use of centralised communications channels and co-ordination between internal teams via EMT. 12 Widespread industrial action 1 2 Plan robust. Mitigation is by use of home working (where appropriate), centralised communications channels and co-ordination between internal teams via EMT. 13 Significant fraud, sabotage or other malicious acts 1 2 Plan robust. Mitigation is by use of home working (where appropriate), centralised communications channels and co-ordination between internal teams via EMT. 14 Violent incidents affecting staff 1 2 Plan robust. Mitigation is by use of centralised communications channels and co-ordination between internal teams via EMT. 9

10 9. Incident Notification Any member of staff may undertake a preliminary assessment of an incident and relay the information to any member of the EMT at any time. The member (or members) of staff concerned should: Ensure safety of workers, visitors & stakeholders at the office and take names of any known injured Conduct a preliminary assessment of the incident regarding damage and disruption to the office and business operations with the facts necessary to make informed decisions regarding subsequent recovery activity Notify the EMT of the incident, initial assessment findings and any known injured Notify emergency services if required After being told about a possible emergency, the EMT Member receiving notification will: Ensure that the staff member on site has undertaken all initial actions considered appropriate to stabilise the position and will keep them fully briefed at all times. Analyse the nature of the incident and make an initial decision about the level of response required. Contact other EMT Members as appropriate and summarise the incident based on the information available, acting as the primary co-ordinating group member until the incident is closed. Confirm the status of the incident, agreeing an Incident Definition and immediate recovery actions with the other EMT members. Attend the affected office if the circumstances dictate and take charge of the incident. Liaise with Senior Executives, and brief them on the incident and business situation. On the information provided, make a pronouncement whether to close a facility or office during normal business hours, or whether or not to open an office that has been affected out of hours. Ensure any internal and external communications to staff, customers and stakeholders are properly reviewed, as well as acting as The NHS Information Centre representative should there be any media involvement, until the media team are able to take control (NB the Media / Communications team should always be involved as soon as possible and no other staff should ever speak with the media during and incident). Assist with regard to office solutions and security issues and monitor any premises issues. Agree with the Head of HR any staff related issues and hiring of contracted recovery personnel, if necessary. 10

11 The staff member who initially notified the incident (assuming no EMT Member is available at the location affected) will: Keep in continuous communications with the EMT to update information on when access to the facility will be allowed and the ongoing condition of any known injured Liaise with any EMT member attending the scene and brief them accordingly on the current condition at the office Assist with any recovery tasks as determined by the EMT. There may be circumstances involving an office incident which will only need information to be circulated to the EMT via or telephone conversation. Not all emergencies will result in every member of the EMT being informed. Depending upon the circumstances of the incident and its severity, the EMT may notify all staff and managers immediately and activate a designated Command Centre. 10. Incident Analysis One of the first activities in any incident notification is to identify the impact on the workers, the office and critical business functions. The impact of the incident on The NHS Information Centre will change with each office and each situation and each critical business function affected. The initial analysis must identify where an incident happened, who was involved and what was affected. It must be noted that response to an emergency incident does not necessarily or automatically translate into the declaration of a disaster and the implementation of a full recovery operation. Incidents may cause a temporary or partial interruption of activities with limited or no office damage. It will be the responsibility of the EMT, in conjunction with The NHS Information Centre s Directors as available, to evaluate and declare the appropriate level of response. The EMT (and NHS Information Centre directors as available) will decide if temporary premises or alternative long-term premises are eventually to be required and will manage the acquisition. If a long-term replacement site is required it is estimated that it would be needed within one month of a disaster. The location would be likely to remain in operation for several months and may even become a permanent replacement for Trevelyan Square. Three offices have been identified as essential when considering recovery actions: Leeds - Trevelyan Square London - Harmsworth House Southport The impact on the above offices specifically, but all offices generally, is the effect on business services, measured on a severity scale as follows: Small Medium Large Catastrophic 11

12 The severity level indicates the urgency of recovering this business service. It also identifies the order in which these services should be re-instated. In particular, immediately upon notification of an incident involving the IT infrastructure, the IT Operations Manager should be made aware of the affected service and obtain an initial assessment. The IT Operations Manager keeps all NHS Information Centre IT servers on a business priority list and will be able to readily identify the impact on the business services. 11. Incident Definitions The EMT has agreed and assigned the following definitions that classify incidents according to the level of downtime expected: Service Levels Affected Criteria for Classifying Incidents NHS Information Centre Staff Affected Estimated Duration SMALL No impact <20 Less than a day MEDIUM Minimal inconvenience >20 <100 >1 Day < 7 Days LARGE Key systems affected or NHS Information Centre deadlines in jeopardy >100 <200 > 7 Days < 14 Days CATASTROPHIC Severe disruption to customers / staff. NHS Information Centre deadlines not met >200 Impact Extending >14 Days (a) SMALL Any emergency of this expected duration would be handled as part of the normal in-house recovery procedures. The EMT will be informed but no action taken with this incident recorded for information purposes only. (b) MEDIUM It is expected that all action will be internal and of limited duration. The EMT will be notified and will monitor the situation in case the incident escalates and the recovery timeframe turns out to be of a longer duration than expected. Again, this incident will be recorded for information purposes. 12

13 (c) LARGE This definition addresses situations of prolonged loss of office, power, data, IT and key workers. The EMT will invoke the BCP, notify the necessary directors and managers and will commence appropriate recovery processes. (d) CATASTROPHIC This type of emergency will most likely be of extreme proportions. The EMT will invoke the BCP, notify the necessary Directors and managers and will commence appropriate recovery processes. All Board members and DH sponsors will need to be advised and kept up to date as appropriate. The EMT and / or The NHS Information Centre Directors as available will be responsible for this action. 12. Communications Strategy Good communication is essential at a time of crisis. The NHS Information Centre Directors (or if not available, the EMT) will be responsible for approving the appropriate statements for internal and external communication. The Media / Communications team will manage contact with the media. The BCP folders will have preformatted statements ready to populate with incident details as appropriate. These statements will have been agreed in advance and held in reserve for speedy, accurate and clear statements. Statements should include information regarding the incident, staff, visitors & stakeholders at the office and an estimated time of office denial, if appropriate, and will be circulated to all NHS Information Centre offices. Should any statements to external parties be necessary these will be circulated if the Directors or EMT consider it necessary. Should a Director or the EMT need to speak with the media about the incident, the Press Officer will assist in making any release statements. An emergency phone-in line will be set up and its number communicated to all staff. If NHS Information Centre premises cannot be accessed, staff can use the phone-in line s recorded message to get up to date information and instructions. The EMT will keep staff and stakeholders as fully informed as possible for the duration of the incident and during the recovery phase. An emergency website will be set up and its URL communicated to all staff. If NHS Information Centre premises cannot be accessed, staff can use the site from any Internet-capable PC and get up to date information and instructions. EMT members and relevant members of the Communications team will be given the passwords and access instructions to update both the phone-in service and the emergency website s content management system so that these can be maintained easily and quickly. However, all statements and all information released must be approved by the EMT. 13

14 13. Command Centres The NHS Information Centre will have three command centres; the Primary Command Centre is located at Trevelyan Square in the Boardroom. The Secondary Command Centre will be located in the Quarry House premises of the Department of Health in Leeds. This secondary location will be provided under a reciprocal arrangement whereby IT equipment and Internet and phone access will be made available as well as temporary accommodation for an agreed number of staff. The third Command Centre will be at The NHS Information Centre s London offices. The EMT will state which office has been designated when notifying managers. However, it is not anticipated using the London office except in the case of an extreme and catastrophic incident affecting the wider Leeds area. If the incident is severe enough the appropriate Command Centre will be activated so the EMT can meet immediately to be briefed on the incident and to discuss the appropriate recovery actions. Conference-call facilities will be available at all Command Centres, and as soon as practical after the incident, conference calls will be established. 14. Disaster Recovery Packs There will be two Disaster Recovery Packs, located in each Command Centre. In addition, each EMT member and each executive director will have a pack to be kept at their home. The contents and materials of the Disaster Recovery Packs will be mirrored. Each pack will be checked for completeness and updated regularly, or whenever any change in the BCP or Disaster Recovery Module has been made to affect its contents. The Disaster Recovery Pack contents are shown on the next page. 14

15 CONTENT ITEMS Hard and soft copy of the EMT Plan and any other recovery documents on CD ROM and USB stick Electronic lists of personal telephone numbers and addresses for all staff Information on how to write to the emergency web page Information on how to update the emergency telephone message Information on to use a service to send texts to all staff mobiles Access to emergency RAS accounts and the associated key fob Data card for internet access via mobile phone network Configuration to access a none-csc ISP Skype or similar VOIP account information The update number for the emergency line Hard and soft copies of key documents, policies, passwords, contact numbers etc. Hard and soft copies of the all EMT Check Lists IT Asset register Phone lists of key suppliers such as: CSC SBS financial services DH contacts, NHS Information Centre directors etc security companies taxi companies (at least 2) local hotels with meeting rooms near offices local train and bus timetables 15. BCP Maintenance Plan Maintenance Maintenance procedures are divided into two general categories: scheduled and unscheduled. Scheduled maintenance is time-driven, whereas unscheduled maintenance is event-driven. Scheduled Maintenance Scheduled maintenance will consist of an annual review and update. The purpose of this review is to determine whether changes are required to procedures or responsibilities. A complete BCP will be distributed annually to each EMT Member. Unscheduled Maintenance Certain maintenance requirements are unpredictable and cannot be scheduled, such as changes to off-office storage premises, vendors, Command Centre location and also any transfers, promotions or resignations of EMT Members. An incident may also cause updating and streamlining of procedures and duties. All changes resulting from any unscheduled maintenance shall be conveyed to the areas concerned. The EMT will circulate copies of any updates to each EMT Member. 15

16 16. Training and Awareness For business continuity to become part of NHS Information Centre culture and daily business routines, all staff must be trained. The training required can be broken down into two types: Team member training Ensuring that team members have the skills and knowledge to carry out their responsibilities. General awareness of staff and business contacts Making sure that all NHS Information Centre staff and business associates understand what has been done to implement business continuity and that all staff know what to do in the event of a major incident Skill Enhancement of Team Members Team leaders, deputies and team members must receive training in order to perform their role effectively. If the team leader is not available, then a deputy will be called into action to lead, so it is important that both are trained to the same standard. All need to understand fully: The objective of the business continuity and team disaster recovery plans How the plans are activated How briefing will take place during an incident The roles of the leader and deputy and who they are How resumption of normal work will be managed Their own role and responsibilities Other teams responsibilities and what else is happening. The primary form of training is to participate in testing. Over time, this should ensure that all participants will be able to undertake the actions required of them. General Awareness of NHS Information Centre Staff & Business Contacts Raising awareness of business continuity amongst NHS Information Centre staff and key business contacts is also very important. Staff members who do not have a specific role must know what to do. In many cases, they will be expected to go home and remain on standby so that they can be contacted if they are needed. Key business contacts also need to understand how The NHS Information Centre will respond in an emergency so that they help rather than hinder the recovery. The participation and training of senior management is also essential. As well as demonstrating commitment, senior managers must also understand what the plans will and will not do. 16

17 Raising awareness will be achieved by: Regular briefings Demonstration of stand-by facilities Induction training Newsletters and Intranet Issuing credit-card sized guides to all staff containing basic information about what to do if an incident occurs 17. Testing The ongoing viability of the business continuity program can only be determined through continual tests and improvements. The main issues in holding disaster tests are the time and resources required. Therefore, it is imperative that the managers or their deputies participate when tests are carried out. Should there be a major change in The NHS Information Centre s role and structure, it is advisable that a test should be conducted once a settling-in period has been achieved, to ensure a confident level of recovery. The EMT is charged with the following responsibilities with regard to office testing: Conducting an annual test Identifying the objective of the area to be tested Ensuring that individual measurement and procedures are established for each test objective Monitoring and observing all activities in the test Ensuring that test objectives are met in accordance with other related or impacted areas and workers Documenting results related to any strengths and weaknesses observed during the test Ensuring all BCP documents are completed and that all Plan holders are given revised copies Participating, if and when required. 17

18 18. Risks to the Business Continuity Plan There are a number of risks to the delivery of the Business Continuity Plan itself. The table below summarises these. (Likelihood and Impact scales = 1 (low) 5 ) Risk Likelihood Impact Mitigation 1 Organisation does not engage with the plan and take it seriously 4 5 Senior management ownership and promotion of the plan. Good internal publicity and high-profile 2 Plan is tested, but fails on implementation because of unforeseen circumstances testing. 3 5 Ensure plan achieves the best balance between flexibility and formalised process. Ensure that detailed processes are only applied to areas that are predictable and put in place more flexible approaches to deal with areas of uncertainty. 3 Plan goes out of date 3 5 Review the plan annually and also when the organisation undergoes significant change (e.g. NHSCR project). 6 Key teams do not develop their associated disaster recovery plans 7 Plan is not tested and fails on implementation 8 Key individuals lack the skills and knowledge to implement key parts of the Plan 4 Plan focuses on the wrong aspects of the business 3 4 Review the plan annually and also when the organisation undergoes significant change (e.g. NHSCR project). 5 Plan is not understood 2 5 Good internal publicity and highprofile testing. 2 5 Business Continuity Group require teams to produce the plan. Senior management highlight importance of compliance. Business Continuity Group produces template and guidance for teams to follow. 2 5 Test plan every year and revise as required. 2 4 Ensure that all those with key responsibilities under the Plan are comfortable that they have the necessary skills. Add appropriate training to personal development plans as required. 9 Plan is too generic 2 4 Ensure that key teams within the organisation understand the Plan and develop and append their own disaster recovery and business continuity procedures to it. This must be done to a standard format to ensure consistency and reviewed by the Business Continuity Group to ensure fit with the overall Plan. 10 Plan is too costly to implement 1 5 Review the plan to ensure it is practical, flexible and costeffective. Benchmark against other ALBs BCPs. 18

19 RESTRICTED 19. Incident Checklist Questions When notification is received regarding an incident there is specific information needed to judge the extent of the impact on the office. In an emergency situation, the staff member may not be aware of the importance of adequate information. The following are general questions the EMT may find useful prompting the reporting member of staff, so that a more accurate understanding of the incident can be obtained and the appropriate recovery processes put in place. (1) Who is speaking and what is your contact number? (2) What happened? (3) Where are you? (4) Did you need to evacuate the building? (5) Are all workers, visitors & stakeholders accounted for? (6) Are there any injuries? (7) Who is injured? Their full names (first and surname) (8) Do you know what hospital they were taken to? (9) Did a NHS Information Centre worker go with them? Who? (10) Do you know the initial extent of damage to the building? For how long? (11) Are emergency services involved? (12) Do you require an EMT presence immediately at the office to give them assistance? (13) Are the press/media involved? 19 The NHS Information Centre EMT BCP