EPRR: BCP - Checklist

Similar documents
NHS Commissioning Board Business Continuity Management Framework (service resilience)

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Policy

Business Continuity Management Policy

EPRR: Toolkit Facilitator Guide

Business Continuity Policy

NHS Lancashire North CCG Business Continuity Management Policy and Plan

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

Business Continuity Management Policy and Plan

Business Continuity Policy

Pandemic Influenza Plan 2015/2016

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

CORPORATE BUSINESS CONTINUITY AND SERVICE RECOVERY PLAN

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Management Policy and Plan

Business Continuity (Policy & Procedure)

BUSINESS CONTINUITY POLICY

Business Continuity: NHS Workshop Appendix 1.1

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management

BUSINESS CONTINUITY PLAN 1 DRAFTED BY: INTEGRATED GOVERNANCE MANAGER 2 ACCOUNTABLE DIRECTOR: DIRECTOR OF QUALITY AND SAFETY 3 APPLIES TO: ALL STAFF

Business Continuity Policy

Business Continuity Policy and Business Continuity Management System

Business continuity management policy

39 GB Guidance for the Development of Business Continuity Plans

BUSINESS CONTINUITY MANAGEMENT PLAN

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

The Royal Wolverhampton NHS Trust

Solihull Clinical Commissioning Group

Emergency Preparedness, Resilience and Response (EPRR)

abcdefghijklmnopqrstu

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Policy and Framework and Business Continuity Plan

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

NHS Leeds West Clinical Commissioning Group Business Continuity Plan (BCP)

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

Business Continuity Management Policy and Framework

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

NHS 24 - Business Continuity Strategy

The authority for approving the group s arrangements for business continuity and emergency planning is reserved to the Governing Body.

Tips and techniques a typical audit programme

BUSINESS CONTINUITY & STRATEGY POLICY

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

SCHOOLS BUSINESS CONTINUITY PLANNING GUIDANCE

NHS England Emergency Preparedness, Resilience and Response (EPRR) Business Continuity Management Toolkit

BCP and DR. P K Patel AGM, MoF

Business Continuity Planning Manual. Version 1

Business Continuity Policy

BS BUSINESS CONTINUITY MANAGEMENT

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

REPORT TO MERTON CLINICAL COMMISSIONING GROUP GOVERNING BODY

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY PLAN

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Version: 3.0. Effective From: 19/06/2014

Business Continuity Management. Policy Statement and Strategy

BUSINESS CONTINUITY POLICY

LFRS Business Continuity Planning

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Business Continuity Management

London Local Authorities Business Continuity Guidance for Suppliers & Contractors

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY PLAN

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Business Continuity Policy & Plans

An Approach to Records Management Audit

Company Management System. Business Continuity in SIA

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

University of Glasgow. Business Continuity Management. Guidance Notes

BUSINESS CONTINUITY PLANNING

Pandemic Influenza. NHS guidance on the current and future preparedness in support of an outbreak. October 2013 Gateway reference 00560

Business Continuity Management Framework

Bildeston Primary School

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

Business Continuity Management

Business Continuity Management Framework

How To Manage A Disruption Event

NOMS BUSINESS CONTINUITY MANAGEMENT MANUAL

COMCARE BUSINESS CONTINUITY MANAGEMENT

Business Continuity Plan Guidance and Template to support Small Businesses

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Transcription:

NHS England Business Continuity Management Toolkit EPRR: BCP - Checklist Appendix 3.2 1

[Intentionally Blank]

INTRODUCTION The purpose of this document is to assist those who are developing a business continuity plan for their organisation a number of key areas in which they need to include. This checklist is produced in the spirit of ISO 22301 & 22313 but focusses on the priorities in which the NHS England EPRR core standards are set around. It is also recognised that there is not a single one template that can fit the NHS, hence no template has been produced. Organisations are to cross check their plans so that as a minimum the points in this document are included in their Business Continuity Plans. GUIDANCE Further guidance on the wider subject Business Continuity can be sort from: www.england.nhs.uk/eprr NHS standard contracts 2013/4 the NHS England Planning Framework 2013 the NHS England Emergency Preparedness Framework 2013 ISO 22301 Societal Security - Business Continuity Management Systems Requirements ISO 22313 Societal Security - Business Continuity Management Systems Guidance PAS 2015 - Framework for Health Services Resilience BUSINESS CONTINUITY RESPONSE PLANS Throughout the NHS there has been a requirement for a number of years that Business Continuity Plans are produced, and exercised. The BS25999 (NHS):2009 guidance was the foundation of this. This has now been replaced using the spirit of PAS 2015, ISO 22301 and ISO 22313. The following checklist is not designed to be fully compliant with the above standards but is something in which individual organisations should aspire to work towards. It is also appropriate that not every point on the checklist will be in every plan, but should appear in the larger organisational plans. All NHS organisations and providers of NHS funded care must develop, maintain and continually improve their business continuity management systems. Prior to completing a Business Continuity Plan (BCRP), the organisation/department needs to undertake a business impact analysis (BIA) and document this separately. This then prioritises the plans the organisation, service or activity is required to develop. The BIA is required to be referred to in the introduction of each BCRP. 3

Plan Content Descriptor 1. The link between the business continuity response plan and the risk register or business impact analysis 2. The plan must identify all of the prioritised activities from the BIA. BIA 3. The plan must list the maximum period of tolerable disruption for all the critical activities 4. Organisations must document the internal and external stakeholders that could be affected by the disruptive incident especially surrounding service delivery BIA BIA Communication 5. The plan contains the relevant contact details of key stakeholders Communication 6. The way in which the BCRP will be distributed including electronic storage on NRE or extranet. NHS protective marking scheme to be considered in production of the plan 7. The plan describes how the organisation will respond to a significant incident, in line with the formal organisation communications strategy 8. The plan describes what the 24 hour arrangements are for alerting managers and other key staff, and what systems are in place to keep these details correct 9. The plan must document how they undertake the receiving and cascading warnings and other communications before, during and after a disruption or significant event. Including and resilient communication systems used 10. The plan will confirm the mechanism the organisation will use to inform the relevant partners including, but not limited to, other NHS care providers, CCGs, and NHS England. Communication 11. The plan will document the distribution list of the plan 12. Document the insurance arrangements in place and how they may apply to incidents 13. The BCRP sets out how the incident costs will be tracked. The use of unique cost centres will assist. 14. Audit Trail to record changes and updates as policy, staff, and service/activity changes/develops 15. Organisations must refer to which prioritised activities that have been placed on the corporate risk register and how these risks have been addressed. 16. The document will correlate to the NHS England Model Competencies for Members of NHS England Emergency 0n-Call Rotas. 17. The document will demonstrate how the necessary knowledge and skills will be achieved and maintained of incident commanders 18. The plan documents how the organisation will maintain their incidents logs, and minutes of meetings during and after the meeting. 19. The plan will describe how the post incident report will be produced including how they will hold a debrief to identify lessons. 20. The plan will describe how the skills and knowledge of staff at an operational level will be achieved and maintained, i.e. the department receptionist, security 21. The plan will identify who the author is, who is responsible for the maintenance and updating of the plan, and the expiry of the document Finance Finance 22. The sign off of the BCRP at the strategic level of the organisation

Descriptor 23. Within the plan it must document when the plan will be used, exercised and tested. 24. Within the plan it will document dependant stakeholders and how the organisation will exercise and test the plan with these services or organisations 25. A scalable plan setting out the command and control arrangements will be managed and by whom 26. All plans should consider the impact of Severe weather (including snow, heat wave, prolonged periods of cold weather and flooding) 27. Business Continuity Plans must ensure that the following sections are: The responsibilities of key staff and departments The responsibilities of the appropriate Accountable Emergency officer or Executive Director Where the incident will be managed from (incident coordination centre) 28. Details of the activity surge plan to ensure that critical services are maintained in periods of peak activity 29. The plan contains information on alternative locations where the service/activity could be delivered from in case of denial of access 30. The plan described how the independent healthcare sector may be used in a disruptive incident to assist in service delivery 31. The plan describes how mutual aid from other NHS providers can be requested if a disruptive incident occurs 32. The plan describes how supplies and replacement equipment will be managed and maintained throughout the disruptive incident 33. The plan must detail how it is activated, what escalation system they have in place, and who assumes responsibility at each stage 34. The plan will describe if there is any provision for staff to be accommodated overnight if the incident dictates and how this is activated (i.e. pre-agreed arrangement with local hotels) 35. The plan will include appropriate action cards and aide memoirs for use by key team members 36. The plans must set out the alerting mechanisms for external and self-declared incidents, including trigger points and escalation procedures 37. The BCRP will document the recovery time objectives and other timescales identified in the BIA 38. The plan describes the recovery and restoration principles and how they will be managed and by whom 39. The plan will describe or demonstrate how lessons identified from incident will affect future plans 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information