` Emergency Recovery Corporate Business Continuity Plan Section Summary: This document is for use when an incident or emergency affects our ability to provide a normal service to our partner responders or the general public. It outlines how the Business Recovery Group will prioritise the restoration of affected services to normal operating standards. Our corporate priorities for business recovery after an emergency are summarised as: Day 1: Provision of support to the emergency services Provision of support to those directly affected the emergency Continuance of democratic processes Restoration of IT system Day 1-3: Restoration of critical services to the public (e.g. One Stop Shop) Day 7: Return to normal service levels as far as possible
1. INTRODUCTION 1.1 Aim 1.1.1 This document outlines our emergency management structure for business recovery after an internal or external emergency. It details the roles and responsibilities of the Business Recovery Group, who are responsible for managing the recovery of critical services and authorising payments for any recovery measures, and the activation of this group. 1.1.2 Details of service area and service team arrangements can be found in their business continuity plans where appropriate. 1.2 Background 1.2.1 A business impact analysis and risk assessment process was undertaken for each service team within the council. The process revealed the critical functions carried out by each team needing to be reinstated within 24 hours, 3 days and 7 days. This has enabled a framework for the prioritisation of these functions during an emergency (see annex 5). 1.2.2 Our corporate priorities for business recovery after an emergency are summarised as: Day 1: Provision of support to the emergency services Provision of support to those directly affected the emergency Continuance of democratic processes Restoration of IT system Day 1-3: Restoration of critical services to the public (e.g. One Stop Shop) Day 7: Return to normal service levels as far as possible 1.3 Internal Incident Classification 1.3.1 It is proposed that the terms shown in table 3 below be used to describe the status of an internal incident, it is not intended to be used as an escalating series of warnings. TABLE 3: INTERNAL INCIDENT ALERTS Alert Status SERVICE PROBLEM TEMPORARY DISRUPTION SIGNIFICANT DISRUPTION POTENTIAL FAILURE SERVICE FAILURE Incident Description Service problem from known cause, rectifiable without need for BCPs Temporary loss of service for < ½ day Temporary loss of service affecting public/customers, expected to last > ½ day but < 1 day Potential loss of single service lasting > 1 day Loss of service, expected to last > 1 day
1.3.2 A STAND DOWN or CANCEL instruction should always be given if a STANDBY or DECLARED warning has been given. 1.4 Declaring an Emergency 1.4.1 The decision to declare an emergency under the Civil Contingencies Act (see Part 1 section 1) will be taken by the Chief Executive (or nominated deputy) on advice from the BLO. 1.4.2 Providing STANDBY or DECLARED warnings to category 1 responders should be done via the BLO. The BLO will contact NCC EP (or DEPO if out of hours) and brief them on the situation. NCC EP will then advise the other local authorities and emergency services.
2. BUSINESS RECOVERY STRUCTURE 2.1 Emergency Management Summary 2.1.1 In an external emergency the Chief Executive will establish the Emergency Management Team (EMT) with sub-groups reporting to this forum to ensure we have a co-ordinated and effective response and recovery. The EMT will be chaired by the Chief Executive (or nominated deputy) and comprised of representatives from each of our emergency groups (see Part 1 section 4 figure 2). The Business Recovery Group (BRG) will convene in the Committee Room, 1 st floor Grosvenor House. 2.2 Business Recovery Group (BRG) 2.2.1 The BRG will be composed of those in the following positions, or a deputy in their absence: Chair - Corporate Director (Resources) Deputy - HoS Financial Services Secretariat - HoS Customer First Corporate Services - IT Manager - HR Manager - HoS Financial Services (or deputy) - Corporate Maintenance Manager Legal Services representative Insurance Company representative HoS for each affected Service Area as required Affected Service Team Leaders as required 2.2.2 The BRG s role can be summarised as: Managing the recovery of our services back to normal operating conditions Prioritising the recovery of corporate services to affected service teams Authorising payment for emergency recovery measures 2.2.3 The BRG reports directly to the EMT through the Chair, Secretariat and any Corporate Services Managers as deemed appropriate. The EMT must be briefed on the following subjects: Disruption to council services Recovery prioritisation Recovery progress and timescales Estimated costs 2.2.4 The BRG Chair (or deputy) has the authority to prioritise internal recovery and release payment under the emergency finance procedure for either response or recovery purposes. 2.3 Critical Function Prioritisation: 2.3.1 Under the CCA we have a duty to ensure the continued delivery our critical functions during an emergency as far as practicable. Annex 5 contains a list of all our critical functions broken down into three types: CF1 critical functions needing to be restored within 24 hours CF2 critical functions needing to be restored with 1-3 days CF3 critical functions needing to be restored within 7 days 2.3.2 These lists have been compiled from data obtained during the business impact analysis and risk assessment process, and should be used as guidance for prioritisation during an emergency since the nature of the emergency may change service priorities.
2.4 Corporate Recovery Teams 2.4.1 Each service team providing a corporate service has a corporate recovery team. The relevant Service Team Leader or HoS will activate these teams when it is apparent an incident or emergency is disrupting or could cause disruption to normal service provision. 2.4.2 The priority for these teams is to ensure they are in a position to provide a basic service to affected service teams as quickly as possible, enabling them to continue with their critical functions or service provision. 2.4.3 Corporate recovery teams should be comprised of the Service Team Leader and core staff from the service team as appropriate. 2.5 Service Area Recovery Groups 2.5.1 Each service area affected will convene their Department Management Team (DMT) to establish the extent of the impact of the emergency on their ability to provide their critical services. If contingency arrangements have been agreed the decision to implement them must be reported to the BRG and any service users or external partners. 2.5.2 In the absence of specific contingency arrangements, the DMTs will feedback the individual service team needs and service area needs to the BRG through their HoS. When the prioritisation is set, Service Team Leaders must be in a position to provide the BRG with specific details of their needs (e.g. IT needs and office needs).
3. BRG ACTIVATION 3.1 Normal Working Hours Procedure 3.1.1 Normal working hours are considered to be Monday to Friday 0840-1700 hrs (excluding bank holidays). 3.1.2 The following procedure is for activation as a result of an internal emergency, but does not replace common sense or normal emergency procedures (e.g. 999, first aid or evacuation). It is intended for use when our ability to continue to provide a service is (or is likely to become), seriously disrupted. 3.1.3 Staff must report incidents or problems to their Service Team Leader and the appropriate Corporate Service, providing details of the nature of the problem and potential disruption. 3.1.4 Table 4 should be used by managers for guidance: TABLE 4: BRG ACTIVATION GUIDANCE Alert Status Incident Description Action SERVICE PROBLEM TEMPORARY DISRUPTION SIGNIFICANT DISRUPTION POTENTIAL FAILURE SERVICE FAILURE Service problem from known cause, rectifiable without need for BCPs Temporary loss of service for < ½ day Temporary loss of service expected to last > ½ day but < 1 day Potential loss of service lasting > 1 day Loss of service, expected to last > 1 day Follow normal operating procedures Service Team Leaders to advise affected staff, HoS and partners (as appropriate) of service impact As above HoS to consider convening DMT HoS & Service Team Leaders to consider activating BCPs HoS to advise Corporate Director (Resources) of situation Service Team Leader to contact HoS and advise HoS to convene DMT if appropriate HoS & Service Team Leaders to consider activating BCPs HoS to contact Corporate Director (Resources) Corporate Director (Resources) to consider activating BRG and advising Cat 1 responders to go to STANDBY As above but: Corporate Director (Resources) to activate BRG, and consider activating EMT Corporate Director (Resources) to inform BLO BLO/Chief Executive to consider need to advise category 1 responders to go to STANDBY As above but: Corporate Director (Resources) to activate BRG and EMT BLO/Chief Executive to consider advising Cat 1 responders to go to STANDBY or that an emergency has been DECLARED 3.1.5 If a reported incident requires BCPs to be activated, the relevant Service Team Leader (or Corporate Service Manager) must contact their HoS for approval. If any BCPs are activated, the HoS should contact the Corporate Director (Resources) and
inform them of the situation and convene a DMT at the earliest opportunity. If the Corporate Director (Resources) believes it is necessary to activate the BRG, they should contact the relevant group members advising of the time and place of meeting. 3.1.6 If the BRG is to be activated, the Corporate Director (Resources) should immediately contact the BLO to discern if a STANDBY or DECLARED message needs to be circulated. 3.2 Out of Hours Procedure 3.2.1 As above for staff on duty, but the Service Team Leader (or member of staff if no direct management) must also contact Warden Control. If the incident requires BCPs to be activated, Warden Control must contact the Corporate Director (Resources) or HoS Financial Services to advise of the incident (see annex 1 for contact details). 3.3 Corporate Services 3.3.1 Corporate service providers include: IT HR Finance Corporate Maintenance 3.3.2 When it becomes clear that disruption will occur or is occurring to a corporately provided service, staff must contact their manager. The corporate service manager must assess the scale and potential impact of the disruption before contacting the Corporate Director (Resources). The Corporate Director (Resources) or deputy must decide whether it is necessary to convene the BRG (see annex 1 for contact details). 3.3.3 The manager of the affected corporate service must communicate to all staff the current situation and likely recovery timescale. 3.4 BRG Activation External Emergency 3.4.1 Warning of an external emergency will officially come to us through the DEPO see emergency response plan. The Chief Executive (or nominated deputy) has overall responsibility for organising our council s response to an emergency. He may decide to activate the BRG on the information given to him to assist in the management of our services during the emergency.
4. BRG CALLOUT PROCEDURE 4.1 External Emergency 4.1.1 Figure 5 summarises the BRG callout procedure in the event of notification of an external emergency affecting our service provision. FIGURE 5: BRG CALLOUT PROCEDURE EXTERNAL EMERGENCY Incident DEPO calls BLO STANDBY DECLARED Review DEPO & BLO liaise WAIT BLO calls CE Activate Business Recovery Group? Activate Emergency Centre? Review Review No Yes Yes No Corporate Director (Resources) call CE call BUSINESS RECOVERY GROUP Corporate Director (Resources) HoS Financial Services HoS Customer First IT Manager HR Manager Corporate Maintenance Manager Legal Services representative Insurance Company representative Affected HoS as required Committee Room (Grosvenor) EMERGENCY MANAGEMENT TEAM Chief Executive Corporate Directors Borough Liaison Officer Other HoS as required Council Chamber
4.2 Internal Incident 4.2.1 Figure 6 summarises the BRG callout and activation procedure for an internal emergency: FIGURE 6: BRG CALLOUT PROCEDURE INTERNAL INCIDENT Incident Member of Staff reports problem to Relevant Corporate Service Multiple reports or concerns Corporate Service Manager Activate Corporate Recovery Team? Liaise Activate BCPs? Service Team Leader No Yes Yes No HoS to inform Convene DMT? Yes No HoS (Head of Service) Inform Corporate Director (Resources) Review Activate BRG? Callout BRG Chief Executive STANDBY No Yes BLO DECLARED BLO calls DEPO
5. BUSINESS RECOVERY GROUP ROLES & RESPONSIBILITIES 5.1 The BRG 5.1.1 The role of the BRG is to: Manage the recovery of our services back to normal operating conditions Prioritise the restoration of corporate services to affected service teams Authorise payment for emergency recovery measures 5.1.2 In determining which critical functions are to be restored and in what order, the following criteria must be considered: Within the first 24 hours of an external or internal emergency, restoring critical functions which affect the: Provision of support to emergency services to safe life, protect property and the environment Preservation of the health and safety of staff, visitors and service users Provision of support to those directly affected by the emergency (e.g. those made homeless by the emergency) Continuance of our democratic processes (if applicable) On days 1-3 after the emergency, the emphasis will hopefully have shifted towards the restitution of services to the public including: One Stop Shop Benefits & Revenue By day 7 after the emergency, we hope to be returning to a normal service level for all critical functions accessible by the general public. 5.2 Corporate Director (Resources) (Deputy: HoS Financial Services) Contact HoS Customer First and relevant Corporate Service Managers to convene the BRG Contact corporate insurer, advise of situation and ask for a representative to attend if appropriate Chair BRG (for an example first agenda see annex 6) Co-ordinate the recovery of critical functions Authorise payments for emergency recovery arrangements Feedback situation report including decisions, timescales and estimated costs to the EMT when convened 5.3 HoS Customer First Act as secretary for the BRG Assist the Chair in providing feedback to the EMT Ensure BRG decisions and warnings are communicated across the whole council Contacting and liaising with the BLO 5.4 IT Manager Activate the appropriate IT recovery plan Activate IT recovery team Provide situation report to the BRG on the impact and disruption caused to IT systems by the emergency Assist in determining the prioritisation of affected critical functions for IT recovery team
5.5 HR Manager Activate the appropriate HR recovery plan Provide situation report to the BRG on the impact and disruption caused to HR systems by the emergency Assist in the prioritisation of affected critical functions Assist affected service areas and service teams with their HR recovery issues 5.6 HoS Financial Services (or deputy) Deputise as Chair in the absence of the Corporate Director (Resources) Activate the appropriate Financial Services recovery plan Provide a situation report to the BRG on the impact and disruption caused to Financial Services systems by the emergency Assist in the prioritisation of affected critical functions Assist affected service areas and service teams with their finance related recovery issues 5.7 Corporate Maintenance Manager Activate the appropriate service recovery plan Provide a situation report to the BRG on the impact and disruption caused to corporate facilities by the emergency Assist in the prioritisation of affected critical services Assist affected service areas and service teams with their corporate maintenance related recovery issues 5.8 Legal Services Representative Provision of legal advice to the BRG 5.9 Insurance Company Representative Provision of insurance cover details and claim advice
6. Service Recovery Plans (Summary) 6.1 General 6.1.1 Business impact analysis and risk assessments have been performed by every Service Team Leader to determine our critical functions and service restoration priorities, and assist in forming specific business continuity plans. 6.1.2 The following eleven generic risks have been considered: Loss of office premises Loss of staff (e.g. due to a pandemic) Loss of IT systems Loss of specialist equipment Loss of critical data Loss of telecoms Loss of electricity Loss of other utilities Supplier or contractor difficulties Transport disruption Direct action (e.g. union action) 6.1.3 Some service teams identified extra risks specific to their areas of operation. 6.1.4 Each HoS and Service Team Leader has used the information to determine the most appropriate level of planning and contingency arrangements to incorporate into service area plans and individual service team plans. 6.1.5 Service area plans will generally contain the following information appropriate to the service area: Service area recovery group details, roles and responsibilities Critical function information Contingency arrangements for specific high risk scenarios Staff contact details Key internal and external contact details 6.1.6 Service team plans will generally contain the following information appropriate to each team: Critical function information Plans or guidance as appropriate for the identified risks Staff contact details Key internal and external contact details 6.1.7 Heads of Service and Service Team Leaders are responsible for reviewing and maintaining their continuity plans and arrangements. Any changes or amendments must be forwarded to the Emergency Planning officer for collation and relevant distribution. 6.2 Corporate Service Recovery Plans 6.2.1 Corporate service managers are in the process of reviewing and updating their resilience and contingency plans for corporately provided services (see annex 7).