18 June 2015 Performance and Resources Board 14 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement of the GMC s business continuity plans and the associated business continuity management system. We continue to work to align these plans with the relevant standard ISO 22301:2012. Recommendations 2 The Performance and Resources Board is asked to: a Note the work of the Business Continuity Working Group. b Note the updated Business Continuity Policy and Business Continuity Policy Summary statement.
Update from the Business Continuity Working Group Issue 3 The Business Continuity Working Group (BCWG) is responsible for providing management direction and support as we further develop the Business Continuity Management System (BCMS) and its subsequent implementation, maintenance and continual improvement. This work is necessary to ensure that the GMC can respond effectively in the event of a disruption to normal operations. 4 This group is chaired by the Director of Resources and Quality Assurance and reports to the Board annually. The work of the BCWG 5 The BCWG meets bi-monthly and over the last 12 months has overseen a programme of work to improve the existing plans, enhance response strategies by reviewing past incidents, raise awareness of business continuity across the GMC and further develop a business continuity management system to align with the ISO standard. The GMC has business continuity and pandemic plans in place, both of which have been updated and approved by the BCWG twice in the last 12 months. 6 The Emergency Response Plans for the 3 Hardman Street and 350 Euston Road sites, which provide detailed guidance for front line staff and managers in the event of a significant building evacuation, were also reviewed and updated in December 2014. All these plans and the Medical Practitioners Tribunal Service s Business Continuity Plan are published on the intranet and were issued to the desktops of the BCWG and the Incident Management team in December 2014. Local planning 7 A significant focus for the planned work programme in 2014 2015 was to achieve a higher level of involvement in the business continuity planning process at all levels across all departments, to enhance our ability to respond to an incident. 8 Work was completed with departments to review their Business Impact Analysis documents (BIA). These updated documents were then used as the basis for the departmental recovery plans which document how local teams will respond in the event of an incident. At the start of the 2015-2016 work programme we had achieved a 93% completion rate of these plans. The areas where we had not achieved completion had recently undergone changes of structure or personnel and are under review. All completed BIAs and plans will now become part of a scheduled review and maintenance programme. 2
Workplace recovery offsite 9 In June 2014 we carried out an offsite recovery test with selected Contact Centre advisers. We were able to prove that the Contact Centre lines can be switched to the Phoenix recovery site and that the staff can relocate to take calls from there; and carry out any necessary actions on GMC systems. We also prepared a comparison matrix setting out the availability of the GMC applications, call handling systems and management information mapped against a range of impacts against premises and resources. 10 The group considered whether the option to use a London recovery site was something we needed to retain when renewing the contract in 2015. The site is no longer required for IS system recovery as we have a fail over service between Manchester and London and an offsite recovery centre in Manchester. The provider has closed the original London recovery site and the new site is in a less useful location. We can obtain meeting rooms for staff to use from other providers, and by giving up the option to use the site, concentrate our budget on the site we use in Manchester. As staff are now able to work from home the option of using a central alternate work location did not feature in any department s planning. The group first discussed this following the Contact Centre exercise in 2014 and then undertook further research into how laptops are used to ensure we had workable alternatives in place. The issue was revisited and following further consideration the group decided that there were no circumstances that we could envisage that the retention of this option was required. Consequently, we are not including a London site in the new tender process which started in April 2015. Use of laptops in an incident 11 In reviewing local plans it became apparent that since the introduction of scheduled home working, departments are planning to use this option for recovery where an incident may either prevent access to GMC premises or where staff have difficulties travelling to work. This strategy is now a key feature of our planning and offers departments an apparently straightforward alternative to office based working to ensure work continues. 12 As part of our research before deciding to give up the London recovery site, we considered any previously unforeseen actions which may impact this new reliance. It becomes important to consider whether sufficient numbers of staff would have a laptop with them at the point an incident disrupts business. Informal surveys by members of the group with colleagues had explored the occasions staff had their laptops with them linking this to overnight or daytime incidents. It was agreed that we would include a wider consultation with staff as part of our general awareness raising work. 3
Business Continuity Awareness Week 13 We took the opportunity presented by the international initiative Business Continuity Awareness Week (BCAW) on 16 20 March 2015 to explain to staff that we have local plans in place and to get them to check they were clear about what they need to do to prepare for a potential disruption on a personal and team level. Handouts about ways we have been planning and will keep in touch were made available and new intranet information pages were promoted during drop in sessions on the three largest sites. An Inside Info article promoting BCAW provided the same information with links to associated documents and intranet pages for those unable to attend the drop in sessions. 14 We have enhanced the ways in which staff can find information by adding a contact called Business Continuity: Incident Update line to Outlook contacts. This also includes information in the notes section about a hotel emergency contact number which staff can use if stranded whilst travelling on behalf of the GMC and provides the dedicated Human Resources contact number which ensures friends and relatives can be connected with an appropriate person. We have now also issued the GMC business continuity and emergency response plans to all staff desktops. 15 During BCAW, we carried out a survey with staff in Manchester following an evacuation of our Hardman Street office. The same survey was also carried out with staff in London as part of a quiz, to find out what staff would take with them if evacuated from the building. We were reassured that staff are able to evacuate our buildings quickly and safely but it was also clear that the majority of staff don t take their laptops with them in an evacuation. 16 If we were to be evacuated and not allowed back into our buildings the majority of staff working in the office that day would not have their laptops. A recent subsequent Inside Info article on this subject sought to confirm to staff our guidance about what is it safe to take with them. We are also working with local plan owners to encourage staff to think about how they will respond in an evacuation. Local grab bags will now contain fold up bags which can be issued to staff to protect any laptop taken outside during an evacuation. This follow up work gives further reassurance that the strategy which relies upon laptops and home working is a realistic one. 17 Continuing the work started in BCAW, we are planning work with departments to ensure that key staff are aware of their role in an incident. We aim to use training sessions and small scenario exercises to achieve this. Ongoing review work 18 The BCWG has a standing agenda item where any incident that has, or could have, interrupted our business, or affected staff welfare, is reviewed to see whether there are any lessons to be learned for future planning. Where necessary, actions to reduce any impact are implemented. 4
19 Examples of such incidents since the last update to the PRB have included: a A loss of network service to the Edinburgh office due to a third party supplier failure. A back-up option for the devolved offices will assist in reducing this risk. b Fire in another tenant s demise at 3 Hardman Street over the weekend caused a sprinkler activation which was isolated by the fire service and made safe. Potential water damage to our area was avoided. c Tube strike and Northern rail strikes threatened, bus strikes in London. d Ebola outbreak in West Africa steps were taken to assess any risk to GMC staff and appropriate steps taken. e Power supply issues to lifts at St James s Buildings. f Water damage to several parts of at St James s Buildings caused by water coming through the ceiling where the landlord s contractors are fitting out the floor above. 20 The work programme is reviewed at each meeting to ensure that tasks are on target. The group also ensures that any follow up work from actual or potential incidents is being undertaken and discuss any new issues or risks that may arise. Further developments 21 The work programme for 2015-16 is also focusing upon the extent to which we have developed the BCMS to align with the ISO 22301:2012 standard. To this end we have commissioned external consultants to carry out a gap analysis of our documentation and planning against the requirements of the standard. On receipt of this the group will review the work programme and consider whether or not to continue to align to the standard or apply for accreditation. 22 A review of Business Continuity planning has been commissioned which will be considered by the Audit and Risk Committee at is meeting on 15 September 2015. Business Continuity Policy and policy summary statement 23 The Business Continuity Policy and policy summary statement noted by the Board in June 2014, has since been reviewed by the BCWG to take account of the current 2015 Business Plan. 24 The significant changes to the policy document have been made in the section Organisational Objectives and Obligations of the GMC, paragraph 10, where the policy referred to the core work for 2014. This section now reflects the 2015 Business Plan. There were no content changes to the policy summary statement. 5
25 This document and the associated Business Continuity policy summary statement have been agreed by the BCWG under the terms of reference document agreed by the Board at its meeting on 26 June 2013. The revised policy document is at Annex A and the summary policy statement at Annex B. The signed the policy summary statement can be issued to any external interested party. 26 These changes to documentation will not impact on the resource requirements. The business continuity policy includes specific reference to the strategic aims of the GMC, our legal and statutory obligations and ensuring that the interests of key stakeholders are supported. 6
How this issue relates to the corporate strategy and business plan 27 Strategic aim 5: Work better together to improve our overall effectiveness, our responsiveness and the delivery of our regulator function. If you have any questions about this paper please contact: Steve Jones, Head of Facilities, sjones1@gmc-uk.org, 0161 923 6287. 7
14 Update from the Business Continuity Working Group Annex A Business Continuity Policy
Business Continuity Policy Author Sheila Tuffrey Version 1.4 Issue date draft 19 May 2015 Review Date 3 June 2016 File location Document: Live link Pdf: Intranet once published A2
Contents Business Continuity Policy... 2 Business Continuity Management Policy... 4 Purpose... 4 Scope... 4 Business Continuity Management System (BCMS) Objectives... 4 Business Continuity Requirements... 5 Organisational Objectives and Obligations of the GMC... 6 Risk Evaluation and Risk Appetite... 7 Legal and Statutory Obligations... 7 Stakeholders... 8 Key Services... 9 Management Commitment and Allocation of Responsibilities... 9 Policy Review Date... 9 Related Documents... 9 Glossary... 10 British Standard Definitions... 10 Other Abbreviations... 10 Document Management... 11 Document storage, access and security... 11 Preservation... 11 Retrieval and Use... 11 Control of Changes... 11 Preservation of Legibility... 11 Prevention of the Unintended Use of Obsolete Information... 11 Retention and Disposal... 12 Document Control... 12 Version History... 12 Review and Sign Off... 12 Maintenance and Review... 12 Distribution List... 13 A3
Business Continuity Management Policy Purpose 1 The General Medical Council is committed to developing, maintaining and improving a Business Continuity Management System (BCMS) that enables it to deliver key services to stakeholders in the event of a disruption. This system will be developed with due regard to the GMC business objectives, statutory obligations and levels of risk acceptance. 2 The GMC Business Continuity Management (BCM) Policy sets out the framework within which the GMC develops sustainable business continuity plans and will develop its existing plans to align with the new standard ISO22301:2012. This is achieved through the development of a BCMS involving a process of continual improvement. This planning is necessary to ensure that the GMC can respond effectively in the event of a disruption to normal operations. Scope 3 This policy applies to all GMC and MPTS staff and their activities at the three largest GMC sites listed below: 350 Euston Road, London 3 Hardman Street, Manchester St James s Buildings, Manchester 4 This policy also applies to services provided by GMC staff working at the devolved offices or elsewhere but for business continuity planning purposes the premises are excluded and staff will either transfer their work to the one of the larger sites or work from home until alternative premises can be sourced. 5 This policy provides guidance for the resumption and recovery of time sensitive business operations in accordance with their designated priority as critical activities in support of key services as well as ensuring that adequate plans are in place for the less time sensitive business operations. Business Continuity Management System (BCMS) Objectives 6 The objective of the BCMS is to ensure the GMC s strategic aims are not compromised in the event of disruption. 7 In developing a BCMS the GMC will: Reduce the risks which otherwise could lead to business interruption A4
Develop Business Continuity Plans which enable the GMC to maintain continuity of service following a business interruption and reduce the impact of such a disruption for our stakeholders in accordance with the agreed recovery time set out in business continuity plans. Exercise, maintain, review and improve the Business Continuity Plans to ensure they remain fit for purpose and are appropriate to the current aims and objectives of the GMC Provide the resource needed to establish, operate, maintain and improve the BCMS Business Continuity Requirements 8 The GMC s business continuity management policy provides a framework through which the following BC requirements will be met. A comprehensive Business Continuity Management Systems (BCMS) is established and maintained following the requirements of ISO 22301. Business impact analysis and risk assessment will be applied to our key services and their supporting activities systems, process and resources. The GMC will maintain a Business Continuity Risk Register (BCRR) in order to reduce the likelihood of a disruption and improve resilience. The Corporate Risk Register and the Information Security Register will be monitored for any business continuity related risks which will be reviewed and if necessary included in the BCRR. Unresolved significant or critical risks will be escalated to the BCWG prior to each meeting. A Business Continuity Strategy will be developed which will determine the most appropriate methods by which to recover the critical activities and resources within the recovery time objectives following a business interruption. Based on the BC Strategy, operational and management plans will be developed that detail how critical activities and their supporting resources will be recovered within their recovery time objectives. These plans will also detail how the incident will be managed. Plans are subject to an ongoing exercise programme, continuous review and improvement, so that all stakeholders, including senior managers, can be assured that the BCMS remains up to date relevant and effective. Each department will carry out reviews of their business continuity plans at least annually. This will be facilitated and monitored by the Facilities Manager who has the role of Business Continuity Manager. A5
Contracts with suppliers of critical goods and services to the GMC must include a requirement for the supplier s business continuity process to be approved to the satisfaction of GMC. All staff must be made aware of the plans that affect their Directorate or section and their role following a BCP invocation. Organisational Objectives and Obligations of the GMC 9 The strategic aims for the GMC for 2014 2017 set out below allow us to enhance and expand our core work: Make the best use of intelligence about doctors and the healthcare environment to ensure good standards and identify risks to patients. Help raise standards in medical education and practice Improve the level of engagement and efficiency in the handling of complaints and concerns about patient safety Work more closely with doctors, medical students and patients on the frontline of care. Work better together to improve our overall effectiveness, or responsiveness and the delivery of our regulatory functions 10 Our key priority for 2015 is maintaining the quality of our core regulatory functions which includes: Registering doctors Overseeing doctors education and training Setting the standards for doctors Helping to raise standards through revalidation Investigating and acting upon concerns about doctors Adjudicating on concerns A6
Risk Evaluation and Risk Appetite 11 The Business Continuity Risk Management procedure is complementary to the Risk Management Framework set out by the GMC as part of the internal control and corporate governance arrangements. 12 The procedure enables the organisation to understand the threats and vulnerabilities of its critical activities underpinning the key services and the potential impact caused by a business interruption. 13 Risk evaluation establishes whether risks are adequately mitigated and, if not, determines what additional action is required to reduce their impact or likelihood of occurrence. In each case, we define the level of residual risk that is acceptable. 14 Risk appetite is therefore established on a risk-by-risk basis by defining the level of residual risk that is tolerable and justifiable once mitigating action has been taken. 15 Using these factors, we identify risks that are not adequately mitigated and determine what additional measures are required. Where the residual risk is still considered significant or critical, the procedure details an escalation procedure for further evaluation. Legal and Statutory Obligations 16 The GMC is the independent regulator for doctors in the UK We have four main functions. Keeping up-to-date registers of qualified doctors. Fostering good medical practice. Promoting high standards of medical education and training. Dealing firmly and fairly with doctors whose fitness to practise is in doubt. 17 Our legal purpose is to protect, promote and maintain the health and safety of the public by making sure that doctors meet our standards for good medical practice. 18 We do that by controlling entry to the medical register and setting the standards for medical schools and postgraduate education and training. We also determine the principles and values that underpin good medical practice and we take action when those standards are not met. 19 We have strong and effective legal powers designed to maintain the standards that the public have a right to expect from doctors. We are not here to protect the A7
medical profession their interests are protected by others. Our job is to protect patients. 20 When any doctor fails to meet our standards, we will act to protect patients from harm if necessary, we will remove the doctor from our register and remove their right to practise medicine. 21 We aim to secure a regulatory system that is independent and accountable and we: put patient safety first support good medical practice promote fairness and equality and value diversity respect the principles of good regulation: proportionality, accountability, consistency, transparency and targeting. 22 The GMC was established under the Medical Act 1858 and over time legislation has been introduced that defines our powers and responsibilities in the various areas of our work. The GMC is a registered charity in England and Scotland and our governing body, the Council, makes sure that we fulfil our charitable purpose and statutory role. 23 The GMC is also committed to ensuring that it meets all the other legal obligations placed upon any business and employer for example in relation to health and safety, employment, data protection, equal opportunity legislation. 24 The GMC will use its usual communication channels to inform employees and other interested parties of any new or changed legal and regulatory requirements. Stakeholders 25 The interests of key stakeholders are supported by the BCM Policy. Stakeholders are defined as: Patients and public Doctors Employers Government Employees A8
Key Services 26 In the event of an incident which prevents us from fulfilling our full range of statutory functions we consider being available to the public and profession to advise, confirm registration status and receive any complaints as a key service and will recover the Contact Centre and GMC website as a priority. 27 We will also ensure that the registration of doctors, and where necessary their removal from the register where they are found unfit to practise, will continue. We will therefore restore the registration enquiry service, investigations function and the running of FTP review and IOP hearings as a priority. Management Commitment and Allocation of Responsibilities 28 The Director of Resources and Quality Assurance is responsible for Business Continuity and will be assisted in this role by the Business Continuity Working Group (BCWG). The BCWG is accountable to the Performance and Resources Board and the Director will refer matters as necessary. This board comprises the Chief Operating Officer, Directors and representative Assistant Directors. 29 The role and responsibilities of the BCWG are set out in the Business Continuity Working Group Terms of Reference document. 30 The role and responsibilities for the management of business continuity across the GMC are set out in the Business Continuity Roles and Responsibilities Document. Policy Review Date 31 This policy will be reviewed annually from the date of approval. Related Documents Business Continuity Working Group Terms of Reference Business Continuity Roles and Responsibilities document BC Risk Management Procedure. GMC Risk Management Framework GMC Business Plan 2015 GMC Corporate Strategy 2014-2017. A9
Glossary British Standard Definitions BCMS: Business Continuity Management System is one that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. BCP: Business Continuity Plan is a documented set of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organisation to continue to deliver its critical activities at an acceptable predefined level. BCM Policy: The Business Continuity Management Policy sets out the GMC management s commitment to BC including the organisations objectives and BC Strategy is the approach by an organisation that will ensure its recovery and continuity in the face of a disaster or other major incident or business disruption. Recovery Time Objective is the target time set for the resumption of the service, or resumption of performance of an activity, or recovery of an IT system or application after an incident. (Note: The recovery time objective has to be less than the maximum tolerable period of disruption) Maximum tolerable period of disruption is the duration after which an organisation s viability will be irrevocably threatened if a service or activity cannot be resumed Other Abbreviations BCWG: Business Continuity Working Group this GMC group is responsible for the management direction and approval of the BCMS during development phase and subsequent management review once in place. See also terms of reference documentation for further detail. A10
Document Management Document storage, access and security 1 All documents comprising the BCMS will be stored securely and centrally on Livelink which is part of the electronic document management system of the GMC. Access to specific documents, ownership and version control will be applied as appropriate to each document. This system is compliant with the ISO27001 standard and managed in accordance with the GMC Information Security Policy. The BCM Policy should not be distributed or transmitted to any other parties without the express permission of the Business Continuity Manager. Preservation 2 If the document is out of date (i.e. past its review date) it should be destroyed by secure shredding for paper versions and electronic versions should be deleted. Retrieval and Use 3 This Policy provides the framework and guidance for the Business Continuity Management System and can only be retrieved from Livelink by the Business Continuity Manager, Director of Resources and Quality Assurance or the BCWG. A pdf version is available to staff on the intranet. Control of Changes 4 Uncontrolled modification and revision of content is prohibited and revision procedures should be followed at all times. No changes should be made to the Policy without the agreement from the Business Continuity Manager either as part of the maintenance programme or during an incident. 5 When major revisions are made the document should be saved as the next version number. For minor revisions the version number should be updated by 0.1. Preservation of Legibility 6 The document should be legible at all times and company guidelines for the use of style templates should be followed. Prevention of the Unintended Use of Obsolete Information 7 The Policy should be published with the date on the front page and in the header. It should never be more than 12months old. A11
Retention and Disposal 8 Old electronic versions of the BCM Policy should be retained for 3 years in Livelink. After this it should be deleted. Paper versions of the BCM Policy should always be current. Old versions should be securely shredded. Document Control Version History Revision Status* Author Reason for Issue 0.1 0.3 Drafts for S Tuffrey Creation and comment review by BCWG 1.0 Agreed S Tuffrey Final agreed version from BCWG 1.1 Draft STuffrey For review by BCWG/ Performance and Resources Board 1.2 Issued see below STuffrey Changes proposed by BCWG/AD R&QA 1.3 Agreed Stuffrey Updated to reflect GMC Corporate strategy 2014-2017 1.4 draft STuffrey Updated to reflect 2015 Business Plan key priorities for core work * e.g. Draft, for Comment, Agreed Date 7 March 2011to 15 April 2011 9 May 2011 April/May 2013 15 May 2013 4 June 2014 19 May 2015 Review and Sign Off By Method Signature BCWG On circulation Sign off by Chair post circ Maintenance and Review Date of Review Action Required Responsible Person Year from Review content for consistency and STuffrey A12
approval currency in particular business objectives and management arrangements. Distribution List Version Name Position/Organisation 1.4 All members of BCWG GMC staff members Method of Issue Livelink link by email Notes All personnel listed above receive copies, or are notified, of updated versions of the document..any other copies provided to third parties are not subject to automatic update. A13
14 Update from the Business Continuity Working Group Annex B Business Continuity Policy Statement
Business Continuity Policy Summary Statement 1 The GMC exists to protect, promote and maintain the health and safety of the public by making sure that doctors meet our standards for good medical practice. 2 As an independent regulator for doctors in the UK our job is to ensure patients have confidence in doctors. In order to continue to provide the services which our key interest groups value we have identified the activities which support those services as a priority for recovery in the event of any business disruption. 3 The GMC s Business Continuity policy provides the framework within which we can assure the public that the management procedures in place ensure that we have effective plans which both ensure the safety and welfare of our staff in the event of an incident and that key services are recovered to an acceptable standard as a priority. 4 We consider being available to the public and profession to advise, confirm registration status and receive any complaints as a key service and will recover the Contact Centre and GMC website as a priority. 5 We will also ensure that the registration of doctors, and where necessary their removal from the register where they are found unfit to practise, will continue. We will therefore restore the registration enquiry service, investigations function and the running of FTP review and IOP hearings as a priority. 6 The plans will contain a clear incident management structure and escalation process for the invocation of the plan. 7 There will be a requirement within the plans that communication with key interest groups and staff, is centrally managed to ensure it is factual, appropriate and timely. 8 All members of staff who have a role in recovering critical business activities or management of the incident receive regular and appropriate training. 9 The plans which all form part of the overall BCP are exercised regularly to ensure they are fit for purpose and up to date. 10 Accountability for Business Continuity resides with the Business Continuity Working Group, comprising GMC senior management. 11 The BCMS is being developed, implemented, reviewed and maintained with the aim of alignment with the ISO 22301:2012 standard. Signed: Niall Dickson Chief Executive Date: 4 June 2015 B2