VMIA Business Continuity Initiatives
The need for Business Continuity Identified as key risk area during Risk Framework Quality Reviews (2006-7) Identified Vic Gov Risk Management Framework Particular concern for Health Services - Impact on patient safety - Very short recovery timeframes DHS has also identified Business Continuity as a priority area
Recommendations for Healthcare - 2006 RFQR Summary Category High % Medium % Low % Grand Total Risk ID 37 26% 14 10% 2 5% 53 Responsibilities 10 7% 21 15% 10 26% 41 Risk Education 6 4% 20 15% 8 21% 34 Reporting 20 14% 6 4% 9 24% 35 Internal Audit & RA 12 8% 14 10% 1 3% 27 BCP 8 6% 17 12% 0% 25 Project RM 1 1% 23 17% 1 3% 25 Strategic RM 18 13% 5 4% 1 3% 24 Risk Appetite 12 8% 4 3% 3 8% 19 RMF 13 9% 4 3% 2 5% 19 KRI 5 4% 8 6% 0% 13 Risk Escalation 0% 1 1% 0% 1 Training 0% 0% 1 3% 1 142 137 38 317
BCM A Process Overview General Intent Comments Context / Scope BCM is a management process of considered activities. BCP is a tactical plan. Risk Assessment Response Crisis Recovery Maintenance Protection of Enterprise Value BCM process offers a considered management approach to address a prescribed threat / event. It Does not necessarily provide the solution - but it introduces the test of reasonableness into a measurable framework BCM process attempts to introduce rigour while retaining flexibility by way of application events simply don t happen they way we plan BCM activities overlap they are not sequential in their development or their application but they need to be managed in parallel across time BCM activities vary in their applied complexity and intensity as determined by the dynamics of the event.
BCM An approach for Health Services Context / Scope High Level Actions Determine Criticality of their Business within their operating environment Aim to protect Enterprise Value Be seen to Act Diligently Risk Assessment Assess Maximum Acceptable Outage for their business / location Derive - Business Recovery Options / Priorities / Alternatives Response Crisis Document - Structured actions for RESPONSE through RECOVERY Recovery Maintenance Engender a process of CONTINUOUS IMPROVEMENT
The VMIA Response Development of BCM Guidelines and Templates (2007) Pilots (2007): - 4 Metro Hospitals - 3 Regional Hospitals - 2 General Government Training - using different providers Clients started drafting own plans for specific functional areas 2008 Service Continuity Framework for Healthcare 2008 Hospital Resilience Program - DHS
Lessons Learned Significant organisational commitment needed Very short recovery time objectives Multiple inter-dependencies - Admissions, Medication, Sterilisation, Patient Records, Post Op/ wards Focus initially on appropriate strategy development, rather than detailed resource requirements Standard approach
Lessons Learned cont Resource implications: - Staff time and expertise - Cost of implementing not budgeted for Need to integrate with existing frameworks: - Emergency Management Response - Incident Command Structures - Crisis Management Team - CHOC - governance structures, plans etc.
External Environment External Interaction Healthcare Providers Department of Human Services (DHS) Third Party Providers Levels of Recovery Planning Internal Environment Health Service Municipal/ Local Level Crisis Management (Strategic) Regional Level State Level Emergency Response (Tactical) Incident Command Structure Business Continuity & Disaster Recovery (Operational) National Level Structured Co-ordination Workforce Capability Capacity Building Inter-operability of Plans Triggers Escalations Performance Drivers Health Sector Contingency Planning Model
VMIA Future state Revision of existing BCM draft to include more practical examples, worksheets Focus on strategy rather than resource requirements Revised BCM targeted to complete by July 2008 Training & awareness Simplified versions for specific sectors planned (Community Service Organisations)
Roger Gowlett (Risk Management Advisor) Patrick Ow (Risk Management Advisor)