Business Continuity Policy

(1)

Title:

Business Continuity Policy

Document Author: Board Secretary/Emergency Planning Lead

Document type: Policy

Document library section: Corporate Document status: Final

Approved by: Governance and Assurance Committee – 10 October 2013

Can document be

published to the internet (publicly available)

Yes with redaction of personal details and contact details

Brief Summary of document

The document describes the key functions of the CCG and the arrangements in place to ensure these functions

continue during an incident.

This document replaces New document for CCG

Approved Equality Impact Assessment attached:

Yes

Cross Referenced to: Incident Response Plan

Ratified by: Governance and Assurance Committee

Date of Ratification: 10th October 2013

Date to be reviewed: 1st October 2016

Version Control Table

Date Version number Summary of changes Changes made by

27 June 2013 12 August 2013 10 October 2013 1.0 1.2 3.0 New draft Draft + Consultation Approval Terry Ancell Terry Ancell Terry Ancell

Consultation Response received Comments Accepted Comments rejected

SMT Directorate Leads Heads of Teams Y Y Head of IT strategy Y Y Representatives from Operations Division Y Y

Disseminate to: Executives and All employees Dissemination methods:

Communications Team to disseminate via Staff Bulletin Document Library

NHS Kernow Clinical Commissioning Group website: Staff Zone

This document should not be photocopied or otherwise produced.

If you have any questions about this policy, please contact the Board Secretary on Telephone 01726 627865

(2)

(3)

Purpose

This document sets out the general principles and processes for the creation and revision of business continuity and service recovery plans for the Kernow CCG. The policy follows the guidance and principles as set out in BS25999 for the Management of Business Continuity Planning. The business continuity plan is separate from but may operate alongside the Kernow CCG’s Major Incident Plan and other such policies.

This policy defines the activities required for establishing and maintaining a business continuity capability. In addition, the policy defines the organisational structure for the ongoing management of the programme. The setup activities incorporate the specification, end-to-end design, build, implementation and initial exercising of the business continuity plans. These plans must specify a predetermined level of continued business operation throughout an incident and the re-establishment of full business activities over a predefined period of time.

It is therefore mandated by acceptance to this policy that the following stages of developing and implementing a BCM programme will be put in place, maintained and exercised on an ongoing basis:

This business continuity policy provides a structure through which:

 A comprehensive BCMS (business continuity management system) is established and maintained;

 Key services, together with their supporting critical activities, processes and resources, will be identified;

 Business impact analysis and risk assessment will be applied to our key services and their supporting critical activities, processes and resources;

 Risk mitigation strategies will be applied to reduce the impact of disruption on key services;

 Plans will be developed to ensure continuity of key services at a minimum acceptable standard following disruption;

 Invocation of business continuity plans can be managed;  Plans are subject to ongoing exercising and revision;

 The CCG Governing Body can be assured that the BCMS remains up to date and relevant.

(5)

2

Policy Statement

BCM is good business management practice and all public sector organisations in the UK have a legal obligation to ensure they monitor and control the organisational risks they face as defined by the Civil Contingencies Act 2004. Kernow CCG, depends upon a wide range of complex systems and resources and a well established reputation in order to perform its duty to the public. Inevitably, there is potential for significant disruption to normal business or damage to Kernow CCG’s reputation through loss of those systems and resources.

Kernow CCG’s priorities to a significant disruption (whether actual or impending) will always be to:

 Ensure the safety and welfare of its personnel and patients in accordance with relevant sections of the Health & Safety at work act and other primary legislation  Endeavour to meet its obligations under the Civil Contingencies Act 2004 and NHS

Emergency Planning Regulations 2005  Protect its reputation;

 Minimise risks to its financial position and reputation

 Facilitate a return to normal operations as soon as practicable.  Ensure the delivery of statutory functions and objectives

[Return to Contents]

3 Benefits

This policy provides a clear commitment to establish a business continuity management system within that will enable the organisation to:

 Continue to provide key services in times of disruption;

 Make best use of personnel and other resources in times when both might be scarce;

 Reduce the period of disruption to the organisation and the customers it serves;  Resume normal working more efficiently and effectively after a period of disruption;  Comply with standards of corporate governance;

 Improve the resilience of the organisation’s infrastructure to reduce the likelihood of disruption;

 Reduce the operational and financial impact of any disruption.

(6)

4 This Policy/Guidance/Strategy/Protocol is cross referenced to:

 Kernow CCG Incident Response Plan

 On call policy

 Flexible working policy  Special Leave Policy  Annual leave Policy  Heatwave Plan  Disciplinary Policy

 Risk Management Policy

 CITS Service Continuity Policies and Plans  RMS Continuity Policies and Plans

 Kernow CCG Incident reporting and management policies  Lockdown

5 Definitions

The Civil Contingencies Act 2004 places a statutory duty on Kernow CCG to have a Business Continuity Plan. Clinical Commissioning Groups are “A person or body listed in Part 1 or 2 of Schedule 1” of the Civil Contingencies Act 2004. Section 2 lists the duties placed on the listed organisations, where Section 2 (1) (c) states we shall: Maintain plans for the purpose of ensuring, so far as is reasonably practicable, that if an emergency occurs, the person or body is able to continue to perform his or its functions.

The duty relates to all functions, not just our emergency response functions.

Business Continuity Management is generically defined as “a holistic management

process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interest of its key stakeholders, reputation, brand and value creating activities.” (Business Continuity Institute, Good Practice Guidelines, June 2005)

The Department of Health NHS Resilience and Business Continuity Management Guidance further defines BCM in the NHS as:

“The management process that enables an NHS organisation:

 To identify those key services which, if interrupted for any reason, would have the greatest impact upon the community, the health economy and the organisation.  To identify and reduce the risks and threats to the continuation of these key

services.

 To develop plans which enable the organisation to recover and/or maintain core services in the shortest possible time.”

(7)

For the NHS, service interruption may be defined as:” Any disruptive challenge that threatens personnel, buildings or the operational procedures of an organisation and which requires special measures to be taken to restore normal operating functions which could be short, medium or long term”.

Business Continuity Management is a management process that accords with British Standards Institute BS 25999 and contains five process steps:

1. Programme Management 2. Understanding your business 3. Determining a BCM strategy

4. Developing and implementing a BCM response 5. Exercising, maintaining and reviewing

The figure below demonstrates that steps 2-5 are cyclical and these should be repeated at least annually to ensure compliance, currency and quality. (Figure 1). Thus business continuity plans developed as a result of this policy will be living documents that will change and grow as incidents happen, exercises are held and risks are reassessed.

Figure1: The BCM Lifecycle (Source NHS Interim Guidance June 2008)

6. Stage 1: BCM Programme Management

Under the terms of the Civil Contingencies Act 2004 NHS Kernow, as a Category 1 responder is required to maintain plans to ensure it can continue to deliver essential services in the event of an emergency as far as is reasonably practicable. For this policy to succeed Business Continuity must become part of NHS Kernow’s culture. It needs to influence strategy and business planning e.g. resilience and cost effectiveness decisions.

(8)

6.1 Business Continuity key messages

NHS Kernow expects all the following key messages to be applied across the organisation:

 Business Continuity is a mandatory management practice that must be carried out throughout NHS Kernow to plan in advance for business disruptions;

 Commissioning directorates and provider units must examine their core business, plan for and draw up business continuity plans using this Framework;

 Business continuity is to be managed at the lowest possible appropriate level within each commissioning directorate and provider unit;

 Business continuity plans should be consistent with and support other plans at each level within the organisation. Therefore plans should set out relevant links to other NHS Kernow business continuity plans;

 Business continuity plans should link into the Business Continuity and IT Service Continuity Management Plans of our key IT suppliers; and

 Business continuity leads have a responsibility for providing assurance on business continuity arrangements to NHS Kernow. Details of individual post holders will be held within directorate plans

6.2 Roles and Responsibilities

All Directors, managers and staff are responsible for establishing, maintaining and supporting a holistic approach to business continuity management, in all areas of their responsibility. Some members of staff, business units and NHS Kernow Committees have particular specialist functions in relation to business continuity management as described below.

6.2.1 Kernow CCG Governing Body

The Governing Body’s main role is to set the strategic direction and to monitor performance over the year. It is the highest level decision-making body in Kernow CCG, accountable for overall performance and ensures that statutory, financial and legal responsibilities are met. These responsibilities fall both to all members of the Governing Body, which acts as the guardian of public interest, and is responsible for reviewing the effectiveness of internal controls – financial, organisational and clinical. The Governing Body must satisfy itself that the management of the CCG is doing its “reasonable best” to ensure the efficient and effective discharge of its affairs.

Authority for oversight of the Business Continuity Programme Management may be delegated to a Committee or Executive.

(9)

The Managing Director is accountable for ensuring that effective systems of risk management and business continuity are in place. She/he delegates corporate responsibility for business continuity to an executive Lead for BCM, currently the Director of Operations.

6.2.3 Executive Lead for BCM

The Executive lead is accountable via the Managing Director for implementing effective business continuity arrangements. During steady state this includes:

 Acting as an internal and external focal point for Business Continuity Management including liaison with other NHS bodies and partner organisations; and

 Developing, co-ordinating and improving Kernow CCG’s BCM arrangements and the Business Continuity Plan.

6.2.4 Managerial Lead for BCM

The managerial lead is accountable to the Executive Lead for BCM for providing assurance that business continuity is embedded within Kernow CCG. During steady state this includes;

 providing support for the Executive Lead Director on business continuity issues;

 representing the Kernow CCG at business continuity and resilience meetings  providing corporate policy and guidance to business continuity leads across

Kernow CCG;

 ensuring readiness to respond to appropriate incidents.

6.2.5 Executive Directors

Directors are responsible for overseeing a programme of business continuity management activities for their particular directorate in accordance with this Policy. This includes identifying designated Risk Management and Business Continuity Leads within their areas that will be tasked with the development and maintenance of department/service business impact analyses (BIAs) and risk registers. This will include:

 Nominating a business continuity lead(s);

 Providing assurance that business can be maintained in the event of a disruption;  Determine business priorities and planning required for business continuity

purposes;

 Maintaining and steering Business Continuity Management in line with this Framework and agreed priorities; and

(10)

 Invoking their business continuity plan(s) in the event of a disruption.

6.2.6 Directorate Business Continuity Leads

BCM leads have responsibility for day-to-day business continuity issues within directorate during steady state. Their role is to actively promote continuity planning and be responsible for:

 Ensuring appropriate continuity plans are in place within their area;  Embedding Business Continuity Management into their area,

 Ensuring planning takes place in a co-ordinated and structured manner;

 Co-ordinating the development of business continuity and contingency arrangements;

 Liaising with other Business Continuity Leads to establish and agree assumptions in their plan that impact upon other directorates, e.g. movement of staff;

 Providing the focal point for business continuity issues for their area;

 Evaluating the arrangements during disruption and instigating a lessons learned exercise to improve procedures for the future; and

 Ensuring that business continuity plans are rehearsed annually and are updated to reflect relevant changes.

6.2.7 All Managers

Each manager/service lead is operationally responsible for ensuring compliance with this policy within their area of responsibility. This includes promoting awareness of the Kernow CCG’s Business Continuity Policy, Corporate and Directorate Business Continuity Plans and procedures as appropriate within their own teams.

6.2.8 All Employees

Employees must familiarise themselves with and comply with all relevant policies and procedures for Business Continuity. Employees must make themselves aware of relevant emergency procedures e.g. evacuation and fire precaution procedures appertaining to their particular role.

7. Stage 2: Understanding Your Business

A BCM strategy relies on understanding the organisation’s functions and defining the essential processes to discharge those functions. Kernow CCG’s Constitution details these in Section 6.1.1 and include:

(11)

 Commissioning certain health services not commissioned by the NHS England Area Teams to meet the reasonable needs of all local people registered with Members Practices and people normally resident in Cornwall or Isles of Scilly but who are not registered with a Member Practice;

 Commissioning emergency care for anyone present in Cornwall and Isles of Scilly;  Pay its employees and reimburse their expenses in accordance with their terms of

employment;

 Determine the remuneration and travelling or other allowances of Governing Body Members.

With the exception of CCG Managed Services, the core business of Kernow CCG is reliant on external providers of healthcare and for some of its essential infrastructure such as premises, utilities, information and technology and telecommunications.

7.1 Business Impact Analysis

BS25999 defines a BIA as “the process of analysing business functions and the effect that business disruption might have upon them”. The BIA will identify, quantify and qualify the impact and effect of a loss, interruption or disruption to the organisations processes.

The BIA process will:

 Define the activity and its supporting processes  Map the distinct stages of each activity and process;  Determine the impacts of a disruption;

 Define the maximum tolerable period of disruption for each process and the recovery time objectives (where BS25999 defines Recovery Time

Objective (RTO) as the target time set for the resumption of a service delivery after an incident) ;

 Determine the minimum resources needed to meet recovery objectives.

7.2 Risk Assessment

The purpose of risk analysis is to help with the development of the business continuity plans and the identification choice of risk treatment options. The process of risk analysis is subjective, relying on judgements and assumptions but must follow the standard principles adopted by Kernow CCG for assessing risk and the guidance set out below in section 7.2.2.

The Civil Contingencies Act 2004 places a duty on listed organisations, including CCG’s to co-operate with other listed organisations in a local resilience area in maintaining a register, the ‘Community Risk Register’, of the risk assessments carried out by each organisation. The purpose of the Community Risk Register is to ensure organisations carry out their emergency planning and business continuity management taking account of the risk priorities identified collectively in the Register.

(12)

7.2.1 Threats and Hazards

Hazard – An accidental or naturally occurring phenomenon with the potential to cause physical (or psychological) harm to members of the community (including loss of life), damage or losses to property or disruption to the environment or structures (economic, social, political) upon which a community’s way of life depends

Hazards can be split into a number of categories:

 Physical – fire, temporary or permanent structural collapse.

 Environmental/Natural – Severe weather i.e. flooding, snow or gales.  Organisational/Infrastructure – staff illness or loss of a key building.  Social – Industrial disputes or public order

 Health (Human & Animal) – Pandemics in humans, highly contagious disease in cattle i.e. Foot and Mouth.

 Technological – dam collapse, system failures on an industrial/ chemical site.

Threat – A malicious act resulting in adverse consequences to human welfare (including property and the supply of essential services and commodities), the environment or security. In the context of the Civil Contingencies Act, it will be very rare that Local Resillience Forums will identify threats as these will be communicated by Central Government or via the relevant lead government department in the form of Threat Assessments, e.g. terrorism the Home Office, animal diseases DEFRA or human health the Department for Health. These assessments will describe the threat, its scale and likelihood.

7.2.2 Risk Matrices

The risk evaluation matrix is a simple approach to quantifying risk by defining qualitative measures of consequence (Impact) and likelihood (frequency or probability) using a simple 1-5 rating system. This allows the construction of a risk matrix, which can be used as the basis of identifying risk. The risk score is Consequence x Likelihood.

For the purpose of Business Impact Analysis the following risk scoring system is recommended. (see overleaf)

(13)

Consequence (Severity of Impact)

1 2 3 4 5

Descriptor Insignificant Minor Moderate Major Catastrophic

Service / Business Interruption Loss / interruption < 1 hour Loss / interruption up to 8 hours Loss / interruption Up to 1 day Loss / interruption up to 1 week Permanent loss of service or facility

Likelihood (Frequency or Probability)

Descriptor Rare 1 Unlikely 2 Possible 3 Likely 4 Almost 5 Certain Frequency Not expected

to occur for years Expected to occur at least annually Expected to occur at least monthly Expected to occur at least weekly Expected to occur at least daily Probability < 1% 1 – 5 % 6 -20% 21 -50% > 50% Will only occur in exceptional circumstances Unlikely to occur Reasonable chance of occurring Likely to occur More likely to occur than not Extreme Risks

These are classed as primary or critical risks requiring immediate attention. They may have a high or relatively low likelihood of

occurrence, but their potential consequences are such that they must be treated as a high priority. This may mean that strategies should be developed to reduce or eliminate the risks, but also that mitigation in the form of (multi agency) planning, exercising and training for these hazards should be put in place and the risk monitored on a regular frequency. Consideration should be given to planning being specific to the risk rather than generic.

High Risks

1 2 3 4 5

Low Low Low Low Low

2 4 6 8 10

Low Low Medium Medium Medium

3 6 9 12 15

Low Medium Medium High High

4 8 12 16 20

Low Medium High High Extreme

5 10 15 20 25

Low Medium High Extreme Extreme

1 2 3 4 5

Rare Unlikely Possible Likely

Almost Certain Moderate Major Catastrophic 2 1 Insignificant Minor Likelihood 5 4 3 C o n s e q u e n c e

(14)

These risks are classed as significant. They may have a high or relatively low likelihood of occurrence, but their potential

consequences are sufficiently serious to warrant appropriate

consideration after those risks classed as ‘very high’. Consideration should be given to the development of strategies to reduce or eliminate the risks, but also mitigation in the form of at least (multi agency) generic planning, exercising and training should be put in place and the risk monitored on a regular frequency.

Medium Risks

These risks are less significant, but may cause upset and

inconvenience in the short term. These risks should be monitored to ensure that they are being appropriately managed and consideration given to their being managed under generic emergency planning arrangements.

Low Risks

These risks are both unlikely to occur and not significant in their impact. They should be managed using normal or generic planning arrangements and require minimal monitoring and control unless subsequent risk assessments show a substantial change, prompting a move to another risk category

The Executive Team of Kernow CCG will ensure that the risks identified as a

consequence of the development of Directorate Business Continuity Plans are included within the corporate risk register and vice versa.

Based on the outcomes of the risk assessment, Kernow CCG will explore the options that exist to minimise the level of risk faced by the organisation. Strategies will be devised for all risks identified from very high to low scores, based on the following proposed

framework:

 Mitigation: identifying strategies, activities, modifications or controls aimed at reducing the risk

 Acceptance: ensuring the risk is owned at the appropriate level (normally director level) within the organisation.

 Transferring: changing the process, ceasing the practice, outsourcing the service or transferring the risk

 Eliminating: if possible removing the cause, avoiding the risk or introduce preventative measures

 Recovery: developing and testing recovery plans to deal with any threats and hazards identified. For significant risks (rated High or Extreme) this will involve developing specific contingency plans, if appropriate, as part of the corporate business continuity plan. Other risks (rated Medium or Low) will be managed at directorate level as part of directorate business continuity plans.

(15)

8. Stage 3:

Determining a BCM Strategy

8.1 Absence of Key Staff

To improve the resilience of services and supporting resources it is important that steps are taken to cope with the absence of key staff. Measures will include documenting key tasks, roles and responsibilities; capturing contact names and numbers and producing standard operating procedures.

Key individuals will be encouraged to take personal responsibility for nominating and training a deputy. This requirement should be reflected in an employee’s annual objectives where applicable and will be subject to appraisal on an annual basis as a minimum.

Data gathering will be conducted to collect information on services and supporting resources, key staff, skills, equipment and contact information.

Key posts and post holders will be identified within individual directorate plans.

8.2 Suppliers

Kernow CCG relies upon the products and services of other organisations in order to maintain effective operations. Suppliers include “outsourcers” and intermediaries who deliver services on the organisation’s behalf. These suppliers (or partners) may be commercial, public or voluntary organisations.

NHS Trusts and NHS Foundation Trusts must be able to demonstrate a robust internal system for the management of risk to the delivery of their services. They must be compliant or operating at the NHSLA’s Risk Management Standards, and demonstrate active compliance with any risk or quality regime introduced by the Care Quality

Commission.

External providers will be required to undertake appropriate risk management and prepare business continuity management policies and procedures.

If the product or service supplied is unique and essential to the organisation’s service capability or if there is a long term “outsource” agreement that makes it difficult to make alternative sourcing arrangements then the supplier will be judged as key.

The following is a list of questions which could be asked of key suppliers and CCG Managed Services:

 Have you identified the processes you need to ensure delivery of the products services we need for our critical processes?

 Have you identified the resources that support these processes?

 Have you developed Business Continuity Plans to maintain the processes if you have a disruption?

(16)

 Have you exercised these plans?

 What lessons have you learnt from the exercises?

 What steps have you taken to integrate the lessons learnt into your Business Continuity Plans?

 What other customers do you have for the key products/services you supply and what assurances can you give that we will receive preference of supply at the time of disruption?

Answers to these questions should be supported by evidence from the supplier.

Commissioning departments have essential roles to play in encouraging key suppliers to develop Business Continuity Plans. New contracts will contain appropriate business continuity clauses. When existing contracts are due for renewal the opportunity will be taken to discuss the need to include business continuity arrangements. Where

appropriate performance measures will be added or reference made to appropriate BS BCM Standards.

8.3 Prioritisation of Kernow CCG Activities

A data gathering exercise will be conducted to identify the critical, essential and routine processes in each directorate/business unit. These will be collated to form Kernow CCG’s Business Continuity Plan. This information will be reviewed and updated either on an annual basis, or following incidents, exercises and organisational restructuring.

8.3.1 Category 1 Critical Activities

Loss of a Critical Activity would immediately:  Directly endanger life

 Endanger the safety of those individuals for whom NHS Kernow has a legal responsibility

 Prevent the operation of another activity in this category  Prevent the delivery of a managed service

 Seriously affect NHS Kernow’s finances or accuracy of critical records  Prevent communication of vital information to partners or the public

Category 1 activities must continue to be provided.

8.3.2 Category 2 Essential Activities

Loss of a Category 2 Essential Activity would immediately:  Present a risk to health or safety

 Prevent NHS Kernow fulfilling a statutory obligation  Prevent the operation of another activity in this category  Seriously adversely affect NHS Kernow’s reputation

(17)

8.3.3 Category 3 Priority Activities

Loss of a Priority Activity would lead to:

 NHS Kernow failing to meet its statutory obligations  Seriously affect the operation of a Category 1 or 2 activity  NHS Kernow’s reputation being seriously adversely affected

In the event of disruption priority activities should be recovered within 7 days.

8.3.4 Category 4 Support Activities

All other activities which are required in order for NHS Kernow to go about its normal business are deemed to be support activities

In the event of disruption these activities should be recovered as soon as possible

8.4 Resources

In addition to critical, essential and routine processes it is important to consider the supporting resources which contribute to the normal operation of the organisation. This includes:

 Utilities: oil, gas, electricity, water, and sewerage.

 ICT: IT and telecommunications including third party suppliers, network and internet service providers.

 Logistics: including third party suppliers.  In: supplies, transport.

 Out: transport, waste  Finance: payroll, contracts.

 Workforce: skills, numbers, communications and resource mobilisation, standard operating procedures.

 Premises: buildings and infrastructure. Considerations to include new build (secure by design); old build (design constraints and risks); alternative premises for use by single department or concurrent use by multiple departments (larger premises required).

The following which support the smooth running of Kernow CCG’s business may also be considered under the ‘resources’ heading:

 Facilities Management  Reception

 Security  Car Parking

8.4.1 Alternative Premises

In the event that Kernow CCG premises are unavailable or inaccessible for an extended period, alternative accommodation will be sought to house all critical activities and as

(18)

many essential activities as possible. As part of the data gathering exercise Directorate Business Continuity Management Leads will be asked to identify such processes in their department, and they will be asked to define minimum office amenities requirement (desks, phones, fax, PCs, etc.) necessary for them to maintain these activities. This information will be detailed in the Business Continuity Plan.

9. Stage 4:

Developing and Implementing a BCM response

In addition to a broad policy statement it is important to develop suitable business

continuity plans. These will be operational plans containing the arrangements required to address generic and specific threats faced by Kernow CCG.

The production of directorate plans will ensure that key stakeholders take responsibility for owning the BCM process and developing the arrangements required to respond to and recover from an incident.

10: Stage 5:

Exercising, Maintaining and Reviewing

Business continuity is a cyclical process. Risk registers, associated arrangements and plans need to be revisited on a regular basis. Kernow CCG will conduct incident or exercise debriefs and update plans and associated documentation based on the lessons identified.

Risk registers will be reviewed and updated to allow for any change in circumstances and as new information becomes available.

As part of the ongoing business continuity cycle Kernow CCG will periodically re-evaluate its arrangements, identify the most vulnerable processes, improve resilience and thereby reduce the level of risk faced by the CCG. At the very least business continuity plans will where possible be reviewed as part of a yearly audit cycle in line with current

arrangements for the Major Incident Plan.

10.1 Incident Reporting

Incident reporting is fundamental to the identification of risk and sound business continuity management and all staff are actively encouraged to use CCG’s existing

incident reporting mechanism which will be the CCG’s primary mechanism for reporting of all incidents.

10.2 Training and Exercising

In conjunction with the publication of the policy, a training needs analysis will be conducted to identify the training required within the organisation.

Existing training currently meets some Business Continuity training requirements e.g. Fire Safety and Health & Safety training. Other training will include:

(19)

 Specific Training for Directorate Business Continuity Management Leads to help them develop Directorate Business Continuity Plans.

 Any supplementary training where a need has been identified

10.3 Audit, Monitoring and Review

This policy statement contains largely static information which will not change significantly over time. However it will be reviewed at least annually and updated versions will be distributed to all relevant parties.

The business continuity plans developed as a result of this policy will contain more

dynamic information. Associated plans will be living documents that will change and grow as incidents happen, exercises are held and risks are re-assessed. At the very least all associated plans should be reviewed and updated on an annual basis. This will meet the requirement of Category 2 responder’s under the Civil Contingencies

Act 2004 to maintain business continuity plans to ensure the delivery of key services. The Governance and Assurance Committee will monitor progress on policy

implementation and report regularly to the Governing Body. Financial implications may emerge as the policy is reviewed and updated and associated business continuity plans are developed.

(20)

EIA Screening Form

Section Officer responsible for the assessment Terry Ancell Name of Policy to be

assessed Business Continuity Date of Assessment 15/8/2013 Is this a new or existing policy? New 1. Briefly describe the aims, objectives and purpose

of the policy.

This policy aims to ensure all staff are aware of their responsibilities in relation to business continuity. The objectives of the policy are to provide clear guidelines on the implementation of business continuity procedures across Kernow CCG.

2. Are there any associated objectives of the policy?

Please explain. No

3. Who is intended to benefit from this policy, and in

what way? Staff - it will provide clear guidance on the organisation’s expectations and roles for all staff. Patients will benefit from this policy through continued commissioning and monitoring of services.

4. What outcomes are wanted from this policy? Fair and equitable application of business continuity management across the organisation. 5. What factors/forces could contribute/detract from

the outcomes?

Organisational change and pressures contributing to lower priority for BCM. 6. Who are the main

stakeholders in relation to the policy?

All Kernow CCG staff. 7. Who implements the policy, and who is responsible for the policy?

The Executive Team will be responsible for

implementing policy at the directorate level

8. Are there concerns that the policy could have a differential impact on RACIAL groups?

Y N

Please explain

What existing evidence (either presumed or

otherwise) do you have for this? The policy provides guidance for all staff on their roles and responsibilities for implementing BCM 9. Are there concerns that the policy could have a

differential impact due to GENDER (including

TRANSGENDER)? Y N

What existing evidence (either presumed or

(21)

10. Are there concerns that the policy could have a differential impact due to DISABILITY?

Y N What existing evidence (either presumed or

otherwise) do you have for this? The policy provides guidance for all staff regardless of disability. 11. Are there concerns that the policy could have a

differential impact due to SEXUAL ORIENTATION? Y N What existing evidence (either presumed or

otherwise) do you have for this? The policy provides guidance for all staff regardless of sexual orientation 12. Are there concerns that the policy could have a

differential impact due to their AGE? Y N What existing evidence (either presumed or

otherwise) do you have for this?

The policy provides guidance for all staff regardless of age

13. Are there concerns that the policy could have a

differential impact due to their RELIGIOUS BELIEF? Y N What existing evidence (either presumed or

otherwise) do you have for this?

The policy provides guidance for all staff regardless of religious belief

14. How have the Core Human Rights Values of: Fairness;

Respect; Equality; Dignity; Autonomy

Been considered in the formulation of this policy/strategy

If they haven’t please reconsider the document and amend to incorporate these values.

This policy has been developed to ensure all staff are treated equally and fairly during the implementation of business continuity management. This policy has been formulated to ensure that guidance for staff and line managers can be implemented in a timely and effective manner and that essential services are not unnecessarily disrupted.

This policy has been widely circulated for comment and consultation ensuring that core human rights values are given due consideration.

(22)

15. Which of the Human Rights Articles does this

document impact? The right:  To life;

 Not to be tortured or treated in an inhuman or degrading way;  To be free from slavery or forced labour;

 To liberty and security;  To a fair trial;

 To no punishment without law;

 To respect for home and family life, home and correspondence;  To freedom of thought, conscience and religion;

 To freedom of expression;

 To freedom of assembly and association;  To marry and found a family;

 Not to be discriminated against in relation to the enjoyment of any of the rights contained in the European Convention;

 To peaceful enjoyment of possessions and education;  To free elections

Yes No

What existing evidence (either presumed or otherwise) do you have for this?

16. Could the differential impact identified in 8 – 13 amount to there being the potential for adverse

impact in this policy? Y N

Please explain

17. Can this adverse impact be justified on the grounds of promoting equality of opportunity for one group? Or any other reason?

Y N

No adverse impact anticipated

18. Should the policy proceed to a

full equality impact assessment? Y N

18. If No, are there any minor further amendments that should take place? NO

19. If a need for minor amendments is identified, what date were these completed and what actions were undertaken.

Signed (completing officer) ……… ………..Date ………..Signed (Head of Section) ……….Date …………. Please ensure that a signed copy of this form is sent to both the Policies Officer and the Equality and Diversity lead to be placed on the Primary Care Trust website.