Business Continuity Policy



Similar documents
NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Policy

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management Policy

Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Policy

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

TRUST POLICY FOR EMERGENCY PLANNING

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Policy

Solihull Clinical Commissioning Group

Business Continuity Management (BCM) Policy

Business Continuity Management

RISK MANAGEMENT STRATEGY

NHS Commissioning Board Business Continuity Management Framework (service resilience)

Risk Management & Business Continuity Manual

Pandemic Influenza Plan 2015/2016

Managing Performance Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

WILTSHIRE POLICE FORCE POLICY

Business Continuity Management Framework

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

39 GB Guidance for the Development of Business Continuity Plans

Title. Learning from Incidents, Complaints and Claims. Description of Document

How To Manage Risk In Ancient Health Trust

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Business Continuity Management

Business Continuity Policy and Business Continuity Management System

BUSINESS CONTINUITY POLICY

CAMBRIDGESHIRE COMMUNITY SERVICES NHS TRUST BUSINESS CONTINUITY PLAN VERSION 6.0

Business Continuity Plan

abcdefghijklmnopqrstu

NHS Lancashire North CCG Business Continuity Management Policy and Plan

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Business Continuity Policy. Version 1.0

Update from the Business Continuity Working Group

Corporate Risk Management Policy

Business Continuity and Emergency Planning Policy and Strategy

CCG: IG06: Records Management Policy and Strategy

Business Continuity Policy and Plan

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

BUSINESS CONTINUITY POLICY RM03

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

EMERGENCY PREPAREDNESS POLICY

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Business Continuity Management Policy and Plan

Business Continuity (Policy & Procedure)

BUSINESS CONTINUITY PLAN

Information Governance Strategy 2015/16

EPRR: Toolkit Facilitator Guide

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE POLICY

Strategic Alliance. Business Continuity Policy

JOB DESCRIPTION. Hours: 37.5 hours per week, worked Monday to Friday

Business Continuity Management Policy and Plan

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

BUSINESS CONTINUITY POLICY. UHB 050 Version No: 4 Previous Trust / LHB Ref No: Interim Civil Contingencies and Emergency Planning Manager

Business Continuity Policy

Business Continuity Management

Policy for the Analysis and Improvement Following Incidents, Complaints and Claims

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

Version: 3.0. Effective From: 19/06/2014

Staffordshire County Council. Civil Contingencies Policy

South Norfolk Council Business Continuity Policy

Business continuity management policy

PS 170 Business Continuity Management Policy

Business Continuity Policy

The policy applies to all members of staff employed within the Trust who are involved in any aspect of alert dissemination, action, and /or review.

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

Safety Alerts Management Policy

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

Business Continuity Policy & Plans

Technology & Telecommunications Electronic Data Backup Policy

MANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS

Update from the Business Continuity Working Group

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

Emergency Preparedness, Resilience and Response (EPRR)

Emergency Management and Business Continuity Policy

Freedom of Information Act Publication Scheme Protective Marking. Publication Scheme Y/N Yes Title. Version 3.0 Summary

The Royal Wolverhampton NHS Trust

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

Hart First Response. Business Continuity Policy

Cumbria Constabulary. Business Continuity Planning

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

Business Continuity Management. Policy Statement and Strategy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Business Continuity Management Policy and Framework

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS NEWCASTLE GATESHEAD CLINICAL COMMISSIONING GROUP

Incident Management Plan

Transcription:

Business Continuity Policy Reference Number: 243 Author & Title: Siân Dyson Resilience Manager Responsible Director: Chief Operating Officer Review Date: 29 May 2018 Ratified by: Francesca Thompson Chief Operating Officer Date Ratified: 29 May 2015 Version: 2.0 Related Policies and Guidelines Incident Reporting Policy and Procedure Major Incident Plan Strategic Framework for Risk Management Business Continuity Plan Business Impact Analysis Template Business Impact Analysis Guidance & Example Business Continuity Plan Template Business Continuity Plan Guidance & Example Author: Siân Dyson Resilience Manager Page 1 of 17

Index: 1. Policy Summary 3 2. Statutory Requirements 3 3. Definition of Terms Used 4 4. Business Continuity at the RUH 6 4.1. Objectives 6 4.2. Key Challenges 6 4.3. Delivery 7 5. Duties and Responsibilities 8 6. Assurance Framework 12 7. Monitoring Compliance 13 8. Review 14 9. Training 14 10. References 14 Document Control Information 15 Ratification Assurance Statement 15 Consultation Schedule 16 Equality Impact: (A) Assessment Screening 17 Amendment History Issue Status Date Reason for Change Authorised 1.0 Final February 2015 First draft from merge of draft Operational and Strategic Francesca Thompson Policies 2.0 Final May 2015 Amendments on policy and title changed to Business Continuity Policy Francesca Thompson Author: Siân Dyson Resilience Manager Page 2 of 17

1. Policy Summary Business Continuity Management (BCM) can be described as the capability of an organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level (BCI, 2011). Effective Business Continuity Planning within the Royal United Hospitals Bath NHS Foundation Trust (RUH) will ensure that the Trust is able to maintain a safe, predetermined level of service to patients in the event of business continuity disruptions. Business Continuity Management (BCM) is an integral aspect of Trust management and must be carried out, not only in response to, but proactively in preparation for, potential business continuity disruptions. This policy describes the principles and processes required to develop and maintain robust business continuity arrangements for the RUH. Business Continuity Management will be driven by senior management who will ensure that risks that pose a threat to normal service delivery are identified and planned for. During a disruption, the short-term focus is the maintenance of critical functions whilst also forward planning to recover and resume business as usual as quickly as possible. 2. Statutory Requirements The Royal United Hospitals NHS Foundation Trust has statutory Business Continuity responsibilities to fulfil. This policy will ensure that the RUH complies with these statutory duties and all staff have a responsibility to comply with the policy and the processes that underpin it, as described within Section 5: Roles and Responsibilities. The Trust s statutory Business Continuity responsibilities are as follows: As a Category 1 responder, the RUH is required by the Civil Contingencies Act (CCA) 2004 to carry out Business Continuity Planning and, more specifically, maintain compliance by ensuring the following is carried out: Civil Contingencies Act 2004 Requirements Section of Act Risk Assessment (Business Impact Analyses) 6.14 6.16 Exercising of Business Continuity Plans 6.21 6.23 Business Continuity Training of key staff 6.24 6.25 Review and maintenance of Business Continuity Plans 6.26 6.28 Publication of Business Continuity Plans 6.29 6.31 Author: Siân Dyson Resilience Manager Page 3 of 17

The Health & Social Care Act (2012) states that providers such as the RUH must be properly prepared for dealing with a relevant emergency. The NHS England Core Standards for Emergency Preparedness, Resilience and Response (EPRR) are the minimum standards which NHS organisations and providers of NHS funded care must meet. These Standards stipulate that such organisations must have suitable, proportionate and up to date plans which set out how they will maintain prioritised activities when faced with disruption from identified local risks; such as severe weather, IT failure, infectious disease, fuel shortage or industrial action (NHS England, 2014). NHS England s Everyone counts: Planning for patients 2013/14 and Business Continuity Framework (2013) both consolidate this requirement by articulating that NHS organisations must be able to maintain continuous levels in key services when faced with disruption from identified local risks such as those described above. ISO 22301 is an international standard for Business Continuity Management. This standard specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of, prepare for, respond to and recover from disruptive incidents when they arise (ISO, 2012). The RUH must provide evidence of aligning its business continuity management system to this standard. PAS 2015 is a Publicly Available Specification that provides a resilience framework for NHS organisations and states that each organisation must undertake Business Continuity Management to ensure that it is resilient and that this should be carried out in a structured and well-planned manner (PAS 2010). 3. Definition of Terms Used Business Continuity is the capability of an organisation to continue to deliver products / services at acceptable predefined levels during and following disruptive incidents. Business Continuity Disruptions may be caused by many different factors and may be local, regional or national in nature. Examples of business continuity disruptions include: One or more buildings or areas becoming unusable due to fire, floods, criminal damage. Internal disruption of services due to IT system failures, bleep system failures, staff shortages due to pandemic flu / industrial action. External disruption of services due to utilities failures, communication / transport network failures, fuel shortages, severe weather, Major Incidents. These disruptions may or may not occur in isolation and one may lead to another, for example a transport network failure may result in a shortage of staff. Author: Siân Dyson Resilience Manager Page 4 of 17

Business Continuity Management (BCM) describes a management process that identifies potential threats to an organisation and the impacts that those threats might cause to business operations if realised. BCM provides a framework for strengthening organisational resilience through an effective response capability that safeguards the interests of key stakeholders, reputation and value-creating activities. Business Continuity Management Programme is an on-going management and governance process supported by senior management and appropriately resourced. The programme ensures that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of services through training, exercising, maintenance and review (BCI, 2011). Business Impact Analysis is a process of analysing activities within a department and the effect that a business disruption may have upon them. Business Continuity Plan is a document that describes the procedures required to respond to, recover from and restore and resume activities to a pre-defined level of service during and following a business continuity disruption. Critical Activities are activities that must be performed in order to deliver the key services which enable an organisation to meet its most important and time sensitive objectives. Recovery Time Objective (RTO) is the target time set for resumption of delivery of a product, service or activity following an incident or during a period of disruption. Maximum Tolerable Period of Disruption (MTPOD) is the duration of time after which an organisation s viability will be irrevocably threatened if product and / or service delivery cannot be resumed. Author: Siân Dyson Resilience Manager Page 5 of 17

4. Business Continuity at the RUH 4.1. Objectives The Trust will have robust Business Continuity procedures in place, which reflect statutory requirements, national policy, latest guidance and local risks and prioritise critical activities. These procedures will include clear responsibilities and be delivered through: The Trust s Business Continuity Management Programme and overarching Business Continuity Policy The Resilience Manager, Business Continuity & Transport Officer and identified Business Continuity Leads across the Trust Completed, reviewed and maintained departmental Business Impact Analyses and Business Continuity Plans. Business Continuity promotion, training and exercising Business Continuity Management is to be integrated and evidenced within Trust business planning processes. Business Continuity risks will be systematically reviewed to ensure that they are identified, protected against, reduced in likelihood where possible, prepared for, responded to and recovered from should they be realised. The Trust s risk management and incident reporting processes will be utilised to report Business Continuity risks and disruptions as appropriate. Business Impact Analyses and robust and accessible Business Continuity Plans will be developed, tested, reviewed and maintained for all appropriate departments. Effective and efficient internal and external communication will be maintained in preparation for, during and following Business Continuity disruptions. 4.2. Key Challenges The key challenges for Business Continuity Management at the Royal United Hospitals Bath NHS Foundation Trust are: Levels of hospital activity and capacity Patient acuity Range of services provided 24/7 provision of services Author: Siân Dyson Resilience Manager Page 6 of 17

High number of internal and external stakeholders Requirement for multi-agency planning with external stakeholders Supply chain vulnerability Technological dependencies, both medical equipment and information management Departmental interdependencies Size and vulnerability of sites Unpredictability of threats such as severe weather, IT and utility disruptions Duration of disruption caused by threats such as pandemic flu and severe weather Reputational risk to Trust during and following business continuity disruptions Motivation and engagement of staff with conflicting priorities to carry out Business Continuity planning Providing assurance of compliance with the Business Continuity Strategic Policy Meeting statutory Business Continuity requirements 4.3. Delivery The objectives will be achieved though: A Business Continuity Policy which describes the principles and processes required to develop and maintain robust business continuity arrangements for the Trust; based on national best practice guidance. Adherence to the Business Continuity Policy and underpinning procedures by all staff in order to effectively manage Business Continuity disruptions. Performance against the policy monitored through the EPRR Operational and Strategic Groups and the annual EPRR Core Standards audit. The consideration of Business Continuity Management in Trust-wide business planning, with advice sought from the Resilience Manager as required. The inclusion of Business Continuity Management within departmental training for staff, facilitated by departmental Business Continuity Leads, supported by Divisional Business Continuity Leads, the Resilience Manager and the Business Continuity and Transport Officer as required. Departmental Business Impact Analyses, which are the first stage of the Business Continuity planning process. These will be completed by all departments, prioritising those which carry out critical activities. Departmental Business Continuity Plans, which describe the procedures required by departments to respond to, recover from and restore and resume Author: Siân Dyson Resilience Manager Page 7 of 17

activities to a pre-defined level of service during and following a business continuity disruption. These plans must be maintained as live documents and reviewed and tested when changes within the department occur or on an annual basis as a minimum. Departmental and Trust-wide Business Continuity exercises, supported by the Resilience Manager, Business Continuity and Transport Officer and other managers as appropriate. Coordinated and controlled responses to Business Continuity disruptions following the processes documented within the relevant Trust Business Continuity Plans with support from all required departments. Debriefing of Business Continuity disruptions, internally and externally if required. Lessons must be identified and actions allocated using Datix, overseen by the Resilience Manager and monitored by the EPRR Operational and Strategic Groups. 5. Duties and Responsibilities The Business Continuity duties and responsibilities of Trust staff are as follows: Chief Executive The Chief Executive has overall responsibility and accountability for Business Continuity Management under the Civil Contingencies Act (2004). Board of Directors The Board of Directors are responsible for the overall strategic direction of the Trust with regards to Business Continuity. The Board will hold the organisation to account for the delivery of the Business Continuity strategy and seek assurance that Business Continuity procedures in place are robust and reliable. The Board will monitor progress and ensure that the Trust is compliant with statutory Business Continuity duties. Chief Operating Officer (Accountable Emergency Officer) As the Trust s Accountable Emergency Officer, the Chief Operating Officer holds Executive level accountability for Business Continuity and ensuring that the Trust has robust business continuity planning arrangements in place which reflect standards set out in PAS 2015 and ISO 22301. The Accountable Emergency Officer shall be supported, where appropriate, by a non-executive director or appropriate other board member, to endorse assurance to the board that the organisation is meeting its obligations with respect to Business Continuity and relevant statutory obligations under the Civil Contingencies Act 2004. The Accountable Emergency Officer will ensure that the Trust is appropriately represented at Business Continuity governance meetings, sub-groups or working groups of the Local Health Resilience Partnership (LHRP) or Local Resilience Forum (LRF). Author: Siân Dyson Resilience Manager Page 8 of 17

Executive Directors The Executive Directors have responsibility for ratifying directorate level Business Impact Analyses and Business Continuity Plans. Director of Estates and Facilities The Director of Estates and Facilities is responsible for ensuring that the directorate s response procedures to foreseeable disruptions such as utility failures, fires and floods are documented, tested, reviewed, maintained and readily available. These plans must include estimated timeframes that can be shared with Trust departments so that they can plan accordingly. The Estates and Facilities Directorate will need to engage with departments during the creation of Business Impact Analyses and Business Continuity Plans and provide support as required. The Director of Estates and Facilities also has responsibility for ensuring that timely, and effective communication systems are in place to alert the Resilience Manager, Business Continuity Officer and the wider Trust to incidents or forthcoming planned work that may cause Business Continuity disruptions. During a Business Continuity disruption, the Estates response team will need to respond to the incident in a timely manner as required and ensure that they liaise effectively and regularly with the Resilience Manager, Business Continuity Officer and the incident response team (if convened) to keep them informed of developments, issues and timeframes for recovery. Director of Information Management & Technology (IM&T) The Director of IM&T is responsible for ensuring that the department s response procedures to foreseeable disruptions such as network outages are documented, tested, reviewed, maintained and readily available. These plans must include estimated timeframes to be shared with various departments so that they can plan accordingly. The IM&T department will need to engage with departments during the creation of Business Impact Analyses and Business Continuity Plans and provide support as required. The Director of IM&T also has responsibility for ensuring that timely and effective communication systems are in place to alert the Resilience Manager, Business Continuity Officer and the wider Trust to incidents or forthcoming planned work that may cause Business Continuity disruptions. During a Business Continuity disruption, the IM&T response team will need to respond to the incident in a timely manner as required and ensure that they liaise effectively and regularly with the Resilience Manager, Business Continuity Officer and the incident response team (if convened) to keep them informed of developments, issues and timeframes for recovery. Author: Siân Dyson Resilience Manager Page 9 of 17

Divisional Managers Divisional Managers have responsibility for ensuring that Business Continuity Plans capable of maintaining minimal acceptable standards of service delivery are in place for each department. Each division will carry out an annual review of Business Continuity Management and ensure that plans are exercised annually as a minimum and updated as appropriate. Divisional Managers will be responsible for the identification and support of Divisional Business Continuity leads and are members of the EPRR Strategic Group. Divisional Business Continuity Leads Divisional Business Continuity Leads will be identified by Divisional Managers and will work closely with the Resilience Manager to ensure that departments complete Business Impact Analyses and develop, test, review and maintain Business Continuity Plans within the timeframes required. They will review completed departmental Business Impact Analyses and Business Continuity Plans with the Resilience Manager. Departmental Business Continuity Leads Departmental Business Continuity Leads will be identified by the Divisional Business Continuity Leads and will be responsible for completing departmental Business Impact Analyses and Business Continuity Plans with support from their department, the Divisional Business Continuity Lead, the Resilience Manager and the Business Continuity & Transport Officer. Resilience Manager On behalf of the Accountable Emergency Officer, the Resilience Manager will ensure that the organisation meets its statutory obligations under the CCA (2004) and complies with all relevant Business Continuity guidance for the NHS, providing assurance to the Board as summarised by NHS England s Core Standards for Emergency Preparedness, Resilience and Response (EPRR). The Resilience Manager will develop and deliver the Trust s Business Continuity Management Programme, improve standards of Business Continuity planning across the organisation and provide leadership on specialist Business Continuity issues. The Resilience Manager will coordinate larger Business Continuity training exercises internally for the Trust and externally with multi-agency partners. The Resilience Manager will develop and contribute to professional relationships with multi-agency partners that facilitate the continual development of Business Continuity arrangements and ensure appropriate representation at LHRP and LRF Business Continuity sub-groups. Business Continuity and Transport Officer The Business Continuity and Transport Officer reports to the Resilience Manager and supports the implementation of business continuity planning across the Trust. The Business Continuity & Transport Officer will assist departmental Business Continuity Leads with the completion of Business Impact Analyses and Business Continuity Plans. Author: Siân Dyson Resilience Manager Page 10 of 17

EPRR Strategic Group The EPRR Strategic Group meets quarterly, chaired by the Chief Operating Officer. This group oversees the Business Continuity work carried out by the Resilience Manager and supports the Resilience Manager with the implementation of the Business Continuity Strategic Policy and underpinning procedures across the Trust. EPRR Operational Group The EPRR Operational Group meets quarterly, chaired by the Resilience Manager. This group oversees the Business Continuity work carried out at an operational level and supports the Resilience Manager with assisting with completion and ratification of departmental Business Impact Analyses and Business Continuity Plans. On Call Directors On Call Directors have responsibility for overseeing the strategic response to Business Continuity disruptions out of hours, following the processes documented within the relevant Trust Business Continuity Plans. On Call Managers On Call Managers have responsibility for overseeing the operational response to Business Continuity disruptions out of hours, ensuring that the processes documented within the relevant departmental Business Continuity Plans are followed as required. Matrons / Clinical Service Managers Matrons and Clinical Service Managers are key role models for effective Business Continuity Management and have responsibility for continuing to provide safe levels of care during Business Continuity disruptions. They must work closely with departmental Business Continuity Leads to develop, test, review, maintain and train against departmental Business Continuity Plans. They are also responsible for ensuring that regular audits are carried out, to check Business Continuity equipment such as back up paper systems, torches etc. are functional and accessible. All staff All staff have a responsibility to comply with this policy and the required underpinning processes and to attend or undertake training sessions as appropriate to their role. Author: Siân Dyson Resilience Manager Page 11 of 17

6. Assurance Framework The Board of Directors The Board of Directors is responsible for ensuring that the Trust has appropriate Business Continuity processes in place to enable the organisation to deliver its objectives and statutory requirements. Activities to demonstrate that Business Continuity is an integral part of clinical and corporate governance include: The Trust Board receiving and formally approving the Trust Business Continuity Policy and underpinning Business Continuity Management Programme and the Annual EPRR Report. The Annual EPRR Report for the Board of Directors presents a summary of EPRR (including Business Continuity) within the Trust and the improvements made over the preceding 12 months, demonstrated through the management of specific incidents and exercises and through compliance with the EPRR Core Standards. The report also identifies gaps within the Trust s current EPRR provision and includes a Work Plan detailing the mitigating actions to further strengthen the Trust s Business Continuity capabilities moving forward. Presentations from the Resilience Manager to the Board as requested. Additional Business Continuity reports / updates will be produced by the Resilience Manager upon request. Reports of Business Continuity disruptions and their management produced by the Resilience Manager as requested. Trust Management Board The Trust Management Board reviews significant Business Continuity disruptions and their management and actions arising post incident. This is can be achieved on a monthly basis through reports to the Board following incident debriefs. Trust n Clinical Governance Committee The n Clinical Governance Committee is an assurance committee. The role of the Committee is to seek assurance that all non-clinical risks within the Trust are appropriately identified, assessed and managed. The Committee receives an EPRR (including Business Continuity) report annually as a minimum. This report describes the progress the Trust makes in the delivery of the Business Continuity requirements of the EPRR Core Standards and the actions required to ensure continued improvement and development in this area. The Committee highlights any areas of concern by identifying risk areas for inclusion on the Trust-wide Risk Register and brings these to the attention of the Board. The Committee supports compliance with the Business Continuity Policy through local governance structures and processes. Author: Siân Dyson Resilience Manager Page 12 of 17

EPRR Strategic Group The EPRR Strategic Group s purpose is to seek assurance that the Trust has a robust framework for EPRR including Business Continuity in place at a strategic level. The Group meets on a quarterly basis. The Group receives policies, updates and other documents for review and dissemination. The Group receives feedback from members progress with the implementation of the Business Continuity Strategic Policy and underpinning processes. EPRR Operational Group The EPRR Operational Group s purpose is to seek assurance that the Trust has a robust framework for EPRR including Business Continuity in place at an operational level. The Group meets on a monthly basis and reports Business Continuity developments and issues to the EPRR Strategic Group regularly. Once completed, departmental Business Continuity Plans will be submitted to the appropriate Divisional Business Continuity Lead and the Resilience Manager for review. The plan will then be submitted to the Trust s EPRR Operational Group for ratification. 7. Monitoring Compliance The Trust s processes for monitoring Business Continuity Management will incorporate proactive, reactive, internal and external monitoring systems, including routine Business Continuity Management reporting and investigation of Business Continuity disruptions and their impacts. The Board of Directors will evaluate the effectiveness of the Trust Business Continuity Management Programme annually through the Annual EPRR Report and audit against the EPRR Core Standards. Business Continuity disruptions must be recorded via Datix by the department affected. Structured and timely debriefs will take place, chaired by the Resilience Manager, with lessons identified, actioned and recorded using the system. Actions must be completed by the allocated individual or team within the timeframe specified. Business Continuity disruptions may be reported externally depending on the scale of the disruption, the severity of the impact and the relevance of the lessons identified to other organisations. Business Continuity compliance may be monitored through other reports and publications as applicable, for example Care Quality Commission reports. Author: Siân Dyson Resilience Manager Page 13 of 17

8. Review This policy is subject to a planned review every three years as part of the Trust s Policy Review Process. However, there may be updates required in the interim arising from amendments or release of new statutory requirements or guidance or internal changes within the Trust. These updates will be made as soon as practicable to reflect and inform the Trust s revised policy and practise. 9. Training The Resilience Manager, with the assistance of the Business Continuity and Transport Officer, will provide training and support to appropriate Trust managers on the completion of the Business Impact Analysis and Business Continuity Plan templates. Cascade training will then be used to disseminate training as required. Each division / directorate is responsible for ensuring that staff receive training appropriate to the Business Continuity requirements of specific departments. 10. References The EPRR Core Standards (2014) NHS England http://www.england.nhs.uk/wp-content/uploads/2014/07/eprr-core-standards- 0714.pdf NHS England Business Continuity Management Framework (2013) NHS England http://www.england.nhs.uk/wp-content/uploads/2013/01/bus-cont-frame.pdf Everyone Counts: Planning for Patients 2013/14 (2013) NHS England http://www.england.nhs.uk/wp-content/uploads/2012/12/everyonecountsplanning.pdf The Health & Social Care Act (2012) http://www.legislation.gov.uk/ukpga/2012/7/section/46 ISO 22301 (2012) International Organisation for Standardisation http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=500 38 Dictionary of Business Continuity Management Terms (2011) The Business Continuity Institute http://www.thebci.org/glossary.pdf PAS 2015: 2010 Framework for Health Service Resilience (2010) The British Standards Institution (BSI) The Civil Contingencies Act (CCA) 2004 http://www.legislation.gov.uk/ukpga/2004/36/contents Author: Siân Dyson Resilience Manager Page 14 of 17

Document Control Information Ratification Assurance Statement Dear Please review the following information to support the ratification of the below named document. Name of document: Name of author: Business Continuity Policy Siân Dyson Job Title: Resilience Manager I, the above named author confirm that: The Policy presented for ratification meets all legislative, best practice and other guidance issued and known to me at the time of development of the Policy; I am not aware of any omissions to the Policy, and I will bring to the attention of the Executive Director any information which may affect the validity of the Policy presented as soon as this becomes known; The Policy meets the requirements as outlined in the document entitled Trust-wide Policy for the Development and Management of Policies (v4.0); The Policy meets the requirements of the NHSLA Risk Management Standards to achieve as a minimum level 2 compliance, where applicable; I have undertaken appropriate and thorough consultation on this Policy and I have documented the names of those individuals who responded as part of the consultation within the document. I have also fed back to responders to the consultation on the changes made to the Policy following consultation; I will send the Policy and signed ratification checklist to the Policy Coordinator for publication at my earliest opportunity following ratification; I will keep this Policy under review and ensure that it is reviewed prior to the review date. Signature of Author: Date: 29 May 2015 Name of Person Ratifying this policy: Francesca Thompson Job Title: Chief Operating Officer Signature: Date: 29 May 2015 To the person approving this policy: Please ensure this page has been completed correctly, then print, sign and post this page only to: The Policy Coordinator, John Apley Building. The whole policy must be sent electronically to: ruh-tr.policies@nhs.net Author: Siân Dyson Resilience Manager Page 15 of 17

Consultation Schedule Name and Title of Individual Date Consulted Francesca Thompson, Chief Operating Officer 18/05/15 Howard Jones, Director of Estates and Facilities 18/05/15 Sarah Truelove, Director of Finance & Deputy Chief Executive 18/05/15 Heather Cooper, Head of Performance 18/05/15 Suzanne Wills, Divisional Manager, Surgery 18/05/15 Nicky Ashton, Divisional Manager, Women & Children s 18/05/15 Fiona Bird, Divisional Manager, Medicine 18/05/15 Jo Miller, Head of Nursing, Medicine 18/05/15 Sharon Bonson, Head of Nursing, Surgery 18/05/15 Vicky Tinsley, Head of Nursing & Midwifery, Women & 18/05/15 Children s Ian Troise, Technical Service Manager 18/05/15 Tanya Beale, Chief Information Officer 18/05/15 Brian Gubb, Head of Estates 18/05/15 Alexandra Lucas, Head of Risk and Assurance 18/05/15 Lee Warner-Holt, Matron Clinical Site Services 18/05/15 Simon Jack, Business Continuity & Transport Officer 18/05/15 The following people have submitted responses to the consultation process: Name and Title of Individual Date Responded Francesca Thompson, Chief Operating Officer 18/05/15 Nicky Ashton, Divisional Manager, Women & Children s 21/05/15 Name of Committee/s (if applicable) Date of Committee Author: Siân Dyson Resilience Manager Page 16 of 17

Equality Impact: (A) Assessment Screening To be completed when submitted to the appropriate Executive Director for consideration and approval. Person responsible for the assessment: Name: Job Title: Siân Dyson Resilience Manager Does the document / guidance affect one group less or more favourably than another on the basis of: Race Ethnic origins (including gypsies and travellers) Nationality Gender (including gender reassignment) Culture Religion or belief Sexual orientation Age Disability (learning disabilities, physical disability, sensory impairment and mental health problems) Is there any evidence that some groups are affected differently? If you have identified potential discrimination, are there any valid exceptions, legal and/or justifiable? Is the impact of the document/guidance likely to be negative? If so, can the impact be avoided? What alternative is there to achieving the document/guidance without the impact? Can we reduce the impact by taking different action? Yes/ N/A N/A N/A N/A Comments If you answered NO to all the above questions, the assessment is now complete, and no further action is required. If you answered YES to any of the above please complete the Equality Impact: (B) Full Analysis Author: Siân Dyson Resilience Manager Page 17 of 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information