Business Continuity Policy



Similar documents
Business Continuity Policy

Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

BUSINESS CONTINUITY POLICY

Business Continuity Management Policy

BUSINESS CONTINUITY POLICY RM03

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Management

Business Continuity Management Policy and Plan

39 GB Guidance for the Development of Business Continuity Plans

NHS Lancashire North CCG Business Continuity Management Policy and Plan

Business Continuity Management Policy and Plan

BUSINESS CONTINUITY MANAGEMENT POLICY

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Management. Policy Statement and Strategy

EPRR: Toolkit Facilitator Guide

Business Continuity Management

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management Policy

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Business Continuity Management

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Emergency Response and Business Continuity Management Policy

NHS Commissioning Board Business Continuity Management Framework (service resilience)

BUSINESS CONTINUITY PLAN

Business Continuity Management (BCM) Policy

How To Ensure Information Security In Nhs.Org.Uk

Business Continuity Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Policy and Business Continuity Management System

BUSINESS CONTINUITY POLICY

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Business Continuity Policy

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Policy & Plans

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Solihull Clinical Commissioning Group

How To Manage A Disruption Event

Proposal for Business Continuity Plan and Management Review 6 August 2008

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY POLICY AND STRATEGY

Pandemic Influenza Plan 2015/2016

EPRR: BCP - Checklist

Business Continuity Management Framework

Information Governance Policy

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Business Continuity (Policy & Procedure)

School Disaster Recovery Policy

BCP and DR. P K Patel AGM, MoF

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

NHS NEWCASTLE GATESHEAD CLINICAL COMMISSIONING GROUP

Temple university. Auditing a business continuity management BCM. November, 2015

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Risk Management & Business Continuity Manual

Council Policy Business Continuity Management

Business Continuity & Crisis Management

abcdefghijklmnopqrstu

Incident Management Plan

Business Continuity: NHS Workshop Appendix 1.1

Business Continuity Policy

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Coping with a major business disruption. Some practical advice

The NHS Information Centre Business Continuity Plan

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

How To Manage A Business Continuity Strategy

BUSINESS CONTINUITY PLAN 1 DRAFTED BY: INTEGRATED GOVERNANCE MANAGER 2 ACCOUNTABLE DIRECTOR: DIRECTOR OF QUALITY AND SAFETY 3 APPLIES TO: ALL STAFF

Business Continuity Plan

INFORMATION GOVERNANCE POLICY

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

BUSINESS CONTINUITY MANAGEMENT POLICY

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

The Education Fellowship IT Business Continuity Plan

Company Management System. Business Continuity in SIA

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS 24 - Business Continuity Strategy

BUSINESS CONTINUITY & STRATEGY POLICY

Version: 3.0. Effective From: 19/06/2014

Information Governance Strategy 2015/16

NHS Sheffield CCG Business Continuity Policy

CORPORATE BUSINESS CONTINUITY AND SERVICE RECOVERY PLAN

The authority for approving the group s arrangements for business continuity and emergency planning is reserved to the Governing Body.

Business Continuity Management Policy and Framework

Business continuity management policy

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business Continuity Management Policy

NHS Fylde and Wyre Clinical Commissioning Group. Business Continuity and Incident Response Plan

Emergency Preparedness, Resilience and Response (EPRR)

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

BS BUSINESS CONTINUITY MANAGEMENT

Business Continuity Planning and Disaster Recovery Planning

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy

South Norfolk Council Business Continuity Policy

Transcription:

Business Continuity Policy Page 1 of 15

Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include reference to linked documents 2.1 13/01/15 Vicky Ryan Minor change 3.0 Version number 2.1 Status Final Author Vicky Ryan Approver Debbie Campbell Date approved Agreed circulation of this version Page 2 of 15

NS CCG Business Continuity Policy Contents Contents... 3 1 Introduction... 4 2 Policy statement... 5 3 Roles & responsibilities... 7 3.1 North Somerset Chief Operating Officer (to be clarified with DC)... 7 3.2 Business continuity nominated lead (to be clarified with DC)... 7 3.3 Head of Planning and Business Support... 8 3.4 North Somerset CCG staff... 8 4 Business Continuity Plan (BCP)... 8 5 Business continuity incident... 9 6 Financial arrangements... 10 7 Communications strategy... 10 8 Exercising, maintaining and reviewing BCM... 11 9 Distribution & Implementation... 11 9.1 Distribution Plan... 11 9.2 Training plan... 11 10 Monitoring... 11 10.1 Compliance... 11 10.2 Governance... 12 10.3 Equality impact assessment... 12 11 Associated & reference documentation... 12 11.1 Associated documents... 12 11.2 Reference documents... 12 Appendix 1 Definitions... 14 Page 3 of 15

1 Introduction Business Continuity is a key part of the CCGs requirements as a Category 2 responder for Emergency Preparedness, Resilience & Response requirements. North Somerset Clinical Commissioning group (CCG) must deliver an effective Business Continuity Management System (BCMS) in order to secure the best possible outcomes for patients. North Somerset CCG recognises the potential operational and financial losses associated with a major service disruption, and the importance of maintaining viable recovery strategies. In addition, North Somerset CCG and external providers must comply with the Civil Contingencies Act (2004) in developing robust business continuity plans. The Business Continuity Policy document defines the framework and implementation of the BCMS to minimise the impact of incidents. It is supplemented by the Business Continuity Plan and Business Impact Assessments for each business area in the CCG. A key element of a successful BCMS is embedding a strong business continuity culture throughout North Somerset CCG, endorsed by NHS England. The BCMS will have accountability at Accountable Emergency Officer level and responsibility at Head of Emergency Preparedness, Resilience & Response (EPRR) level. This will provide assurance that the BCMS is aligned to North Somerset CCG strategic objectives. North Somerset CCG business continuity objectives are to: Provide a framework for the development of a robust and consistent BCMS throughout North Somerset CCG. Identify and mitigate business continuity risk. To ensure that the BCMS provides planning, processes, training and continuous improvement to manage operational incidents. Enable the successful delivery of the North Somerset CCG Business Continuity Plan. Promote and maintain the reputational integrity of North Somerset CCG. Meet the requirements of the Civil Contingencies Act (2004) and align to ISO business continuity requirements and guidelines. Page 4 of 15

NS CCG Business Continuity Policy Assure the Governing Body that BC plans are fit for purpose and meet the necessary requirements outlined in Section 2, below. This policy should be read in conjunction with the following EPRR documents: Major Incident Concept of Operations Severe Weather Plan Fuel Shortage Response Plan Communicable Diseases Plan Incident Response Plan 2 Policy statement North Somerset CCG is committed to ensuring robust and effective Business Continuity Management (BCM) as a key mechanism to restore and deliver continuity of key services in the event of an incident. This policy statement provides a framework for North Somerset CCG business continuity to follow in the event of an incident, such as fire, flood, bomb, staff absence, power and communication failure. It also states the process for implementing and maintaining a robust BCMS. North Somerset CCG business continuity plans will be based on the following standards: NHS England Commissioning Board Core Standards for Emergency Preparedness, Resilience and Response (EPRR). ISO 22301:2012 - Business Continuity Management Systems -Requirements. ISO / PAS 22399: 2007 - Guideline for Incident Preparedness and Operational Continuity Management. Recognised standards of corporate governance. All CCG Officers will ensure that nominated North Somerset business continuity leads maintain business continuity management, including Business Continuity Plans, for prioritised activities within their area of responsibility. This will include assurance from external service providers. Page 5 of 15

All staff must be aware of the Business Continuity Plan (BCP) that affects their business areas and their individual role following invocation. North Somerset CCG will implement a programme of BCMS training, exercise, maintenance and review to ensure the relevance of the BCM Strategy. In addition, North Somerset CCG will provide assurance to NHS England on progress with the BCMS. The BCMS aims to accommodate the needs and expectations of interested parties. Page 6 of 15

NS CCG Business Continuity Policy 3 Roles & responsibilities 3.1 North Somerset Accountable Emergency Officer North Somerset Chief Operating Officer has accountability, as the Accountable Emergency Officer for: Appointing a Head of EPRR and part of duties will be the nominated lead for business continuity. Promoting the embodiment of the business continuity culture within North Somerset CCG. Provision of appropriate levels of resource and budget to achieve the required level of business continuity in response to incidents. Nominating Incident Officers. Ensuring information governance standards continue to be applied to data and information during an incident. Providing assurance to NHS England: Policy on their business continuity management. Ensure the CCG supports NHS England Local Area Team (LAT) in discharging its EPRR functions and duties locally. 3.2 Business continuity nominated lead Business continuity is part of EPRR and as such the Head of EPRR will support the Accountable Emergency Officer by discharging the following responsibilities: Developing the BCMS and reviewing business continuity standards within their area of responsibility. The management and recovery of relevant business continuity incidents under the command and control of the nominated Incident Response Manager Liaising with the BNSSG CCG Business Continuity Leads and NHS England Area Team BCMS. Providing assurance to NHS England: Policy on their business continuity management. Page 7 of 15

Ensure the CCG supports NHS England Commissioning Board in discharging its EPRR functions and duties locally 3.3 Head of Planning and Business Support North Somerset CCG Head of Planning and Business Support will be responsible for: Implementation of the Business Continuity Policy and Plan The development, exercise, maintenance and review of the relevant Business Impact Analysis and BCPs. Carrying out a training needs analysis of all North Somerset CCG staff Ensuring training attendance records are maintained Making sure the plan is tested, reviewed, updated and communicated at least annually Produce a report of any incident that leads to invoking Business Continuity Plans and as a consequence share learning and update plans as necessary 3.4 North Somerset CCG staff All North Somerset CCG Managers/staff are responsible for: Developing an awareness of BCM within their area of responsibility. Reporting in accordance with the relevant Incident Reporting and Management System for any business continuity incident. Understanding and contributing to business continuity incident and recovery plans within their area of responsibility, including the specific roles and responsibilities allocated. Developing business continuity standards within their own area of responsibility with the support of the Business Continuity nominated lead 4 Business Continuity Plan (BCP) A BCP will be produced for those areas listed within the scope of this policy. The BCP will be based on the following processes: Page 8 of 15

NS CCG Business Continuity Policy Business Impact Analysis (BIA) Risk Assessments Identification of Prioritised Activities and Continuity Requirements 5 Business continuity incident 5.1 Robust procedures should be detailed within the BCP for the following priority incidents as a minimum. The potential impact of incidents will be assessed through appropriate risk analysis: Unavailability of premises for a period that significantly impacts prioritised activities caused by fire, flood or other incidents; Significant numbers of staff prevented from reaching North Somerset CCG premises, or getting home due to severe weather or transport issues; Major electronic attacks or severe disruption to the IT network, systems and mobile telephony; Terrorist attack or threat affecting transport networks or office locations; Denial of access to key resources, assets, utilities and fuel supply; Theft or criminal damage severely compromising the organisation s physical assets; Significant chemical contamination of the working environment; Serious injury to, or death of, staff whilst in the offices; Illness/epidemic striking the population and affecting a significant number of staff; Outbreak of a serious disease or illness in the working environment; Simultaneous resignation or loss of a number of key staff; Widespread industrial action; Significant fraud, sabotage or other malicious acts; Violent incidents affecting staff. 5.2 Incident Response Structure. Page 9 of 15

The Incident Response Structure will be defined within the BCP and related Incident Response Plan and resourced to ensure procedures facilitate response and recovery from an incident. This should include the following: Incident Reporting and Management System. The BCP is to detail procedures for incident reporting and management to facilitate effective command and control. Incident analysis, management and recovery. Business continuity nominated lead will support and provide guidance to the designated Business Continuity Management Team, as detailed in the BCP. Incident Control Centre. Facilities have been identified to enable effective management of an incident. The Incident Manager will coordinate operations from the designated location. Incident Managers and business continuity nominated leads will retain copies of the BCP for effective incident management. 6 Financial arrangements 6.1 6.2 The finance representative within the BCMS is the Deputy Chief Finance Officer. The funding required to cover any Business Continuity eventualities will be made available from the CCG financial allocation from the Department of Health. A unique cost centre for Emergency Planning exists within the CCG coding structure to record any unexpected costs related to a business continuity issue. The budget allocated against this cost centre will be made available from the CCG financial allocation from the Department of Health. 7 Communications strategy 7.1 Business continuity awareness will be developed through routine North Somerset CCG communications and training. Business Continuity will be a standing item on the Management Team agenda Page 10 of 15

NS CCG Business Continuity Policy 7.2 7.3 Effective communication is essential at a time of crisis. A communications strategy will be defined within the BCP, defining appropriate guidelines for internal and external communication processes in the event of an incident. New or variations to legal, regulatory and other business continuity requirements shall be communicated to affected staff and areas. 8 Exercising, maintaining and reviewing BCM 8.1 BCPs are to be exercised, reviewed and updated annually and after any actual incident, to determine whether any changes are required to procedures or responsibilities. Business Impact Assessments are to be reviewed annually. The EPRR & BC Work Programme details a timetable of exercise and review. 9 Distribution & Implementation 9.1 Distribution Plan This document will be made available to all interested parties including partners, providers and staff via the North Somerset CCG internet site. A link to this Policy document will be provided from the Library tab on the CCG internet site. 9.2 Training plan The North Somerset CCG Head of Planning and Business Support will identify levels of training and awareness facilitation for North Somerset CCG business continuity leads and staff to ensure that a strong business continuity culture is embedded within North Somerset CCG. This will improve the organisation s resilience to the effects of incidents. The effectiveness of training and awareness will be tested through exercises on a regular basis and is timetabled in the EPRR & BC Work Programme. 10 Monitoring 10.1 Compliance Compliance with the policies and procedures laid down in this document will be monitored by the NHS England, together with independent reviews. Non-compliance will be reviewed to determine corrective action. Page 11 of 15

The Business Continuity Nominated Lead, in conjunction with the Head of Planning and Business Support, is responsible for the monitoring, revision and updating of this document. 10.2 Governance The Quality and Assurance Group (QAG) will be asked to approve the BCMS Policy and business continuity plan and North Somerset CCG Governing Body and the appropriate Senior Responsible Officer will be asked to sign them off. 10.3 Equality impact assessment This document forms part of North Somerset CCG s commitment to create a positive culture of respect for all staff and service users. The intention is to identify, remove or minimise discriminatory practice in relation to the protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender reassignment and pregnancy and maternity), as well as to promote positive practice and value the diversity of all individuals and communities. 11 Associated & reference documentation 11.1 11.2 Associated documents North Somerset CCG Business Continuity Plan Business Impact Assessments Business Continuity Training Schedule and Exercise Programme Major Incident Concept of Operations Severe Weather Plan Fuel Shortage Response Plan Communicable Disease Plan Incident Response Plan Reference documents Civil Contingencies Act 2004. ISO 22301:2012 Business Continuity Management Systems Requirements. Page 12 of 15

NS CCG Business Continuity Policy ISO 22313:2012 Business Continuity Management Systems Guidance. ISO / PAS 22399:2007 Guideline for Incident Preparedness and Operational Continuity Management. NHS England Commissioning Board Business Continuity Framework. NHS England Commissioning Board Core Standards for Emergency Preparedness, Resilience and Response (EPRR). NHS England Business Continuity Management Toolkit. NHS England Risk Management Policy and Procedure. PAS 2015:2010 Framework for Health Services Resilience. Page 13 of 15

Appendix 1 Definitions Unless a contrary intention is evident or the context requires otherwise, words or expressions contained in this document shall have the same meaning as set out in the National Health Service Act 2006 and the Health & Social Care Act 2012 or in any secondary legislation made under the National Health Service Act 2006 and the Health & Social Care Act 2012 and the following defined terms shall have the specific meanings given to them below: Board Budget Business Continuity Business Continuity Management (BCM) Business Continuity Management System (BCMS) Business Continuity Plan (BCP) means the Chair, Executive Members and Non-executive Members of North Somerset CCG collectively as a body. means a resource, expressed in financial terms, proposed by the Board for the purpose of carrying out, for a specific period, any or all of the functions of NHS England. Means capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Means a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. Means part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. NOTE The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources. Means documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. NOTE Typically this covers resources, services and activities required to ensure the continuity of critical business functions. Business Continuity Programme Business Impact Analysis (BIA) means an ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. means a process of analysing activities and the effect that a business disruption might have upon them. Page 14 of 15

NHS Commissioning Board Business Continuity Policy Incident National Director NHS England Nominated Officer Prioritised Activities means a situation that might be, or could lead to, a disruption, loss, emergency or crisis. means an Executive Member or other Officer of NHS England who reports directly to the Chief Executive. means NHS Commissioning Board. means an Officer charged with the responsibility for discharging a specific task within Business Continutiy activities to which priority must be given following an incident in order to mitigate impacts. NOTE Terms in common use to describe activities within this group include: critical, essential, vital, urgent and key. Risk Assessment overall process of risk identification, risk analysis and risk evaluation. Page 15 of 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information