Solihull Clinical Commissioning Group

Similar documents
Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Management

Business Continuity Management

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Business Continuity Management (BCM) Policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY

Risk Management & Business Continuity Manual

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Policy

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Plan

Business Continuity Policy and Business Continuity Management System

Business Continuity Management Policy

Business continuity management policy

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business continuity management policy

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

Business Continuity Management

Business Continuity Management Policy and Framework

customer-service equality standard

Business Continuity Policy

PERFORMANCE APPRAISAL AND DEVELOPMENT AND KSF ANNUAL REVIEW

BS BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY POLICY

Business Continuity Policy

EPRR: Toolkit Facilitator Guide

Business Continuity Management Framework

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Business Continuity Policy

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Principles for BCM requirements for the Dutch financial sector and its providers.

1.0 Policy Statement / Intentions (FOIA - Open)

OUR WORKPLACE DIVERSITY PROGRAM. Diversity is important to AFSA.

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

BUSINESS CONTINUITY MANAGEMENT POLICY

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

Update from the Business Continuity Working Group

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Business Continuity (Policy & Procedure)

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

JOB DESCRIPTION. Hours: 37.5 hours per week, worked Monday to Friday

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

How To Manage A Disruption Event

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

IS INFORMATION SECURITY POLICY

SERVICE SPECIFICATION

Proposal for Business Continuity Plan and Management Review 6 August 2008

National Standards for Disability Services. DSS Version 0.1. December 2013

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

National Standards for the Protection and Welfare of Children

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

BUSINESS CONTINUITY POLICY RM03

This Constitution establishes the principles and values of the NHS in England.

The post holder will be guided by general polices and regulations, but will need to establish the way in which these should be interpreted.

39 GB Guidance for the Development of Business Continuity Plans

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Merrycon s Approach to Business Continuity Management

Business Continuity Policy. Version 1.0

Corporate Risk Management Policy

Business Continuity Policy & Plans

EVERYONE COUNTS STRATEGY

SFJCCAD2 Promote business continuity management

CCG: IG06: Records Management Policy and Strategy

RISK MANAGEMENT AND BUSINESS CONTINUITY ANNUAL REPORT

Confident in our Future, Risk Management Policy Statement and Strategy

RISK MANAGEMENT STRATEGY

How To Ensure That Sovini Is A Successful Business

Coping with a major business disruption. Some practical advice

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Management. Policy Statement and Strategy

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

Company Management System. Business Continuity in SIA

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

abcdefghijklmnopqrstu

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Risk Management Policy and Process Guide

Business Continuity Policy

NHS Commissioning Board: Information governance policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Transcription:

Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience All Business Continuity Policy Page 1 of 11

Contents 1. SUMMARY... 3 2. SCOPE... 4 3. EQUALITY STATEMENT... 4 4. EQUALITY ANALYSIS... 4 5. CCG CONTEXT... 4 6. SOLIHULL CCG MISSION/VISION... 5 7. DEFINITION OF BUSINESS CONTINUITY MANAGEMENT... 6 8. SIX STEPS TO BUSINESS CONTINUITY PLANNING/MANAGEMENT... 6 9. BUSINESS CONTINUITY FOCUS... 7 10. BUSINESS CONTINUITY MANAGEMENT AND RESPONSIBILITIES... 8 11. SCOPE OF THE BUSINESS CONTINUITY PROGRAMME... 9 12. GOVERNANCE ARRANGEMENTS... 9 13. REVIEW... 9 14. TRAINING... 10 15. TESTING... 10 16. STANDARDS, REGULATIONS, LEGISLATION, GUIDANCE AND GOOD PRACTICE... 10 17. ASSOCIATED POLICIES... 10 Business Continuity Policy Page 2 of 11

1. SUMMARY Business Continuity Management (BCM) is part of a business resilience package that seeks to ensure that Solihull Clinical Commissioning Group (SCCG) is always best placed to deliver its objectives, its agreed levels of service and to do so consistently. Figure 1 below describes the role and context of BCM within a business resilience model. Figure 1 BUSINESS RESILIENCE The ability to effectively prepare for, respond to and successfully recover from an event, whether large or small, that might compromise the delivery of objectives RISK MANAGEMENT The process of making and carrying out decisions that will assist in the control of potentially adverse events that could compromise the delivery of objectives BUSINESS CONTINUITY The activity performed to ensure that business critical functions are available and able to maintain acceptable levels of service and consistency EMERGENCY PLANNING The process whereby plans and preparations are made to deal with major emergencies and incidents resulting in potential or actual harm to people and to assist in the welfare and recovery of the community LIKELIHOOD CONSEQUENCE INWARD FOCUS OUTWARD FOCUS SMALL/MEDIUM SCALE MEDIUM/LARGE SCALE PREPARATION RESPONSE AND RECOVERY Business Continuity Policy Page 3 of 11

2. SCOPE This policy applies to all SCCG staff regardless of status and should be observed by all staff from other organisations providing services on a contractual or embedded basis. The Officer with overall responsibility for Business Resilience is the Accountable Officer. The Senior Management Team are responsible for the execution of this policy within their Teams. Any changes made to this policy should be reviewed and approved by SCCG Senior Management Team. 3. EQUALITY STATEMENT All public bodies have a statutory duty under the Equality Act 2010 to set out arrangements to assess and consult on how their policies and functions impact on race equality. This obligation has been increased to include equality and human rights with regard to disability, age, gender, sexual orientation, gender reassignment and religion. SCCG endeavors to challenge discrimination, promote equality and respect human rights, and aims to design and implement services policies and measures that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. All staff are expected to deliver services and provide care in a manner which respects the individuality of patients and their carers and as such treat them and members of the workforce respectfully, regardless of age, gender, race, ethnicity, religion/belief, disability and sexual orientation. 4. EQUALITY ANALYSIS In order to meet these requirements, a single equality impact analysis is used to assess all SCCG policies, procedures and guidelines. This policy was screened and found to be compliant with the philosophy of the Equality Statement. 5. CCG CONTEXT The Health and Social Care Act 2012 introduced reforms to the way that health care is commissioned in England. The clinically led commissioning system involved the formation of a number of types organisations which took control from April 2013. 4

Patient NHS E Provider CCG NHS PS Local Authority CSU NHS England (NHSE) oversees the commissioning of health services in England. NHSE delegates responsibility for commissioning most hospital and community health services to a network of clinical commissioning groups (CCGs) although it commissions certain specialised services itself. CCGs are responsible for planning and developing local health services in England. They commission health and care services including: planned hospital care, urgent and emergency care, rehabilitation care, community health services and mental health and learning disability services. CCGs work with patients and health and social care partners to ensure services meet local needs. Commissioning Support Units (CSUs) support and advise NHSE and CCGs, allowing them to concentrate on improving clinical care pathways and improving efficiency. The NHS property portfolio of owned and leased buildings is managed by NHS Property Services (NHS PS). Local Authorities (LA) have responsibility for the public health responsibilities previously held by the NHS. 6. SOLIHULL CCG MISSION/VISION Mission Statement: Solihull CCG aims to commission the highest quality care there is tailored to meet the specific needs of patients and the wider community in the Solihull area. Vision: Delivery of high quality care that is safe for our patients. Retaining a local and community focus. Wherever possible, intervening earlier in an illness or possibly preventing it from happening. Ensuring that the community has a greater influence on the services that are available. Ensuring that individuals can take more responsibility for their own health. Playing our part in delivering required efficiencies in the current economic climate. SCCG will pursue the delivery of its objectives through the application of a robust risk management methodology. 5

7. DEFINITION OF BUSINESS CONTINUITY MANAGEMENT SCCG defines Business Continuity Management (BCM) as: The activity performed to ensure that business critical functions are available and able to maintain acceptable levels of service and consistency. BCM is, therefore, a process that identifies the key processes that an organisation undertakes and the impact of a disruption on business operations. It provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of key stakeholders, reputation, brand and value creating activities. BCM is not just about dealing with big impact, low probability events. BCM is essential to organisational resilience and a business as usual approach. The CCG is intent on using BCM to identify and protect key sources of value. 8. SIX STEPS TO BUSINESS CONTINUITY PLANNING/MANAGEMENT SCCG will follow a six step BCM lifecycle approach to the implementation and continuous operation of BCM. Step One: BCM Programme Management Enables the business continuity capability to be both established and maintained in a manner appropriate to the size and complexity of SCCG. Step Two: Understanding the Organisation Providing information that enables prioritisation of SCCG s products and services, the identification of critical supporting activities and the resources required to deliver them. 6

Step Three: Determining BCM [Recovery] Strategy Choosing an appropriate response for each product or service such that SCCG can continue to deliver those products and services at the time of disruption. Step Four: Developing and Implementing BCM Response Developing incident management, business continuity and business recovery plans that detail the steps to be taken during and after an incident to maintain or restore operations. Step Five: Exercising, Maintaining and Reviewing BCM Arrangements Ability to demonstrate the extent to which SCCG s BCM strategies and plans are complete, current and accurate and identify opportunities for improvement. Step Six: Embedding BCM in the Organisation s Culture Enabling BCM to become part of SCCG s core values and instilling confidence in all stakeholders in the ability of the organisation to cope with disruptions. This series of activities collectively covers all aspects and phases of a BCM programme. The BCM programme will: Enable SCCG to continue to deliver its responsibilities to and meet the expectations of its stakeholders Protect and secure the wellbeing of its staff and its key assets Design and implement a process to identify the key activities undertaken by SCCG and ensure that these processes can be recovered to an agreed level of activity within an agreed timeframe in the event of a disruption Provide the necessary awareness and training to all SCCG staff Create a governance framework to provide assurance 9. BUSINESS CONTINUITY FOCUS SCCG will seek to explore and measure its ability to embed and operate business resilience methods and activities. Business Resilience encompasses Risk Management and Business Continuity and supports the achievement of organisational goals or objectives. SCCG will seek to achieve a level of maturity commensurate with its aspirations. SCCG will focus its business continuity activities on the likely consequence and impact of an event on the business rather than plan for the cause of every possible disruption or disaster. The loss of: People Premises Resources (Technology and Data/Information) Suppliers and Partners Reputation will be critical to the ability to continue to deliver the aims and objectives. 7

Business continuity focuses on the impact a disruption would have on SCCG. Senior management determine the likely period of disruption and communicate with line managers. Line managers look at the critical activities being compromised and determine how they can continue through the application of predetermined business continuity plans. A separate work stream concentrates on recovery. 10. BUSINESS CONTINUITY MANAGEMENT AND RESPONSIBILITIES BCM is recognised by SCCG s senior management as a business discipline that is owned by the CCG and co-ordinated and facilitated centrally. The CCG will take a cross functional approach to BCM. SCCG s Governance Team will primarily adopt a programme management and facilitating role. The plans to ensure the continuity of the business will be owned and maintained by SCCG in order to protect the key value creating processes or assets. The resources necessary to develop and maintain the required level of preparedness will be provided from within existing means. The Senior Management Team will: Review the CCG s products and services against its strategy, objectives, culture, ethics, legal and regulatory requirements to consider the options for each product and service Consider the impact of loss of products and services Set BCM priorities (including recovery times and/or the maximum tolerable period of disruption) for its products and services. Determine the level of redundancy and/or investment available to support business continuity activities Ensure that it continues to understand, support and participate in the continuity planning approach should it devolve any of the tasks required Business Continuity Champions (usually the Risk Champions) will: Undertake an assessment of SCCG s readiness to embed business resilience activities as a normal way of working for their area Support an awareness campaign to keep CCG staff informed Facilitate the implementation and achievement of business continuity objectives across CCG teams. The Audit Committee will: Ensure SCCG has effective processes in place to identify its critical functions Ensure SCCG has an effective strategy in place to mitigate the effect of any business continuity disruption The Governing Body will: Assure itself the CCG can continue to deliver its aims in the event of a business continuity disruption Agree SCCG s tolerance to risk 8

Every manager has business continuity management responsibility. This will be part of the activity that ensures that aims and objectives can continue to be delivered. Minor issues may impact on day to day but should be considered a part of day to day management activities. 11. SCOPE OF THE BUSINESS CONTINUITY PROGRAMME Business Continuity Management in SCCG will be based on the identification of the key processes and the assignment of a level of importance to each process. A Business Impact Analysis (BIA) will be the primary tool for gathering this information and assigning criticality through the recovery time objectives (RTO). The Business Impact Analysis (BIA) will be undertaken at a senior management level in the first instance. The BIA will map the departments, functions and processes to key activities. It will provide the data necessary to formulate a Business Continuity Strategy. The Business Continuity Strategy will use the output from the BIA to identify recovery and continuity options that will meet the CCG s requirements and will be used to select the most appropriate consolidated response that best reflects the resources available to SCCG for this purpose. The Business Continuity Plan will provide a procedure for the escalation and control of a disruption, communicating with all stakeholders and will set out a plan for the recovery of key interrupted activities. 12. GOVERNANCE ARRANGEMENTS Business Continuity Champions will be identified from across SCCG s activities and levels of responsibility. In order to support a robust system of risk management, these will usually be team or department risk champions, however where appropriate others will be identified as required. Both the Business Continuity Champions and the Senior Management Team will actively support SCCG s Business Continuity Management Programme and be advocates for the achievement of the Programme objectives. 13. REVIEW The Business Continuity Management Policy will be reviewed annually. The Business Continuity Management Strategy will be reviewed annually. The Business Impact Analysis will be reviewed at least every twelve months or whenever significant changes to the key internal processes, location or technology occur or whenever significant changes in the external operating setting, such as the health economy, system or regulatory change occurs or in the event of a deployment of the Business Continuity Plan. 9

The Business Continuity Plan will be reviewed every twelve months or sooner in the event of a major change to SCCG s objectives or activities or a deployment of the Business Continuity Plan. Exercise reports will be reviewed by the Senior Management Team. 14. TRAINING All staff will receive Business Continuity training. Staff in roles at Agenda for Change Band 5 or below: Awareness level training Staff in roles at Agenda for Change Band 6 or above: Practitioner level training This training should be revalidated at least every three years. 15. TESTING SCCG, in conjunction with the CSU will ensure its BCM arrangements are validated by exercise and review and that they are kept up to date. SCCG will consider four approaches to validation: testing, discussion, table-top and live exercise. The method chosen will be relevant, realistic and appropriate. BCM arrangements should be reviewed at least annually or after their deployment following an event. 16. STANDARDS, REGULATIONS, LEGISLATION, GUIDANCE AND GOOD PRACTICE ISO 22301: 2012: Societal security - Business continuity management systems - Requirements ISO 22313: 2012: Societal security - Business continuity management systems - Guidance BS 25999-1: 2006: Business continuity management - Part 1: Code of practice BS 25999-2: 2007: Business continuity management - Part 2: Specification Business Continuity Institute: Good Practice Guidelines 2010 - A management guide to implementing global good practice in business continuity management Chartered Management Institute: Planning for the worst - the 2012 business continuity management survey 17. ASSOCIATED POLICIES Assurance Framework and Risk Management Strategy Serious Incident Policy 10

18. APPENDIX ONE: GLOSSARY BIA: Business Impact Analysis: The process of analysing business functions and the effect that a business disruption might have upon them. MTPD: Maximum Tolerable Period of Disruption: The maximum length of time that an organisation can manage a disruption to each of its key products and services without it threatening the organisation s capability and/or viability RTO: Recovery Time Objective: The target time within which the delivery of a product or service following its disruption is to be resumed. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information