• No results found

Business Continuity: NHS Workshop Appendix 1.1

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Business Continuity: NHS Workshop Appendix 1.1"

Copied!
46
0
0

Loading.... (view fulltext now)

Download now ( 46 Page )

Full text

(1)

Business Continuity:

NHS Workshop

Appendix 1.1

(2)

Housekeeping

• Fire safety

• Breaks and refreshments • Toilets

• Mobiles and pagers

(3)

Introduction

• Respect each others contributions

• What is said in the room stays in the room

(4)

Course Objectives

• To develop an understanding of Business

Continuity

• To understand how to use the toolkit

• To understand how to develop a business

continuity plan for your organisation

(5)

5

Ice Breaker

Tell the group:

• Name

• Role and department you work in

• What role they have in business continuity • Favourite sweet you had when you were

(6)

What is a Business Continuity? ISO22313

Is the capability of the organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident.

(7)

What is a Business Continuity Management? ISO22301/22313

It is the process of achieving business continuity and is about preparing an organisation to deal with

disruptive incidents that might otherwise prevent it from achieving its objectives.

(8)
(9)

Plan Do Check Act Cycle

The ISO 22301 & 22313 uses a

‘Plan-Do-Check-Act’ Cycle

in planning, establishing, implementing,

operating, monitoring, reviewing,

maintaining and continually improving the

effectiveness of an organisations Business

Continuity Management System

(10)

Business Continuity Management Cycle

ISO22313

(11)

Activity 1

In your groups discuss what the legal and/or regulatory responsibilities for Business Continuity

are for your organisation and the wider NHS

(12)

Activity 1 - Summary

• Civil Contingencies Act 2004 & Civil Contingencies Act 2004

(Contingency Planning) Regulations 2005

• The NHS Operating Framework 2013-14

• BS NHS 25999 parts 1 & 2

• NHS England Business Continuity Framework 2013

• Health & Safety at Work Act 1974

• NHS Standard Contract

(13)

Activity 1

• Apart from the legal side – common sense

prevails for the:

• Public we serve

• The staff we employ

• Our partners we work with

• And those who commission our organisation

(14)

Interested Parties

Adapted for the NHS fISO22313

14

Those who set up and management business continuity Those who maintain business continuity procedures

Incident Response Personnel

Those with authority to invoke Response Teams Appropriate spokespeople

Top Management

Those who establish policies and objectives for BCMS

Management

Contractors Other Staff

(15)
(16)

Understanding the Organisation

Adapted for the NHS from ISO22313

16

Understanding the Organisation

Purpose of Organisation

Products & Services Products & Services

Activity

Dependencies and supporting activities

Assets and resources Products & Services Activity Supporting activity Assets and resources Suppliers & Partner Organisations Internal Context External Context

Patients & Clients

(17)
(18)

Business Impact Analysis Template

18

Activities which must be continued

Activities which could be scaled down if necessary

(19)

Activity 2

• In your groups:

• Identify your organisations/departments key

activity/service

• What are the prioritised activity and resources

required to deliver these?

• Are there any apparent risks to these prioritised

activities?

• How will you maintain these prioritised activities

in the event of a disruptive incident?

(20)
(21)

Activity 3

In your groups discuss:

Does your organisation have a business

continuity policy?

What do you think a business continuity

policy should contain and why?

(22)

Activity 3 Summary

This is a senior management responsibility

that:

Is appropriate to the organisation

Provides a framework for setting

business continuity objectives

To continual improvement of the

business continuity management system

(23)

Activity 4

What are your organisation key activities?

What are the prioritised activity and

resources required to deliver these?

What are the key risks to these prioritised

activities?

How will you maintain these prioritised

activities in the event of an incident?

(24)

Activity 4

Feedback

(25)
(26)

Continuity Requirements

26

People Premises Technology Information Suppliers and Partners

(27)

Continuity Requirements

27 People • What number of staff do you require to carry out prioritised activities? • What is the minimum staffing level you could cope with? • What skills/level of expertise are required to undertake these activities? Premises • What locations do your prioritised activities operate from? • What alternative premises do you have? • What machinery, equipment and other facilities are essential? Technology • Is the service dependant on electrical medical equipment? • What IT is essential to carry out your prioritised activities? • What systems and means of communication are required to carry out your prioritised activities Information • What Information is essential to carry out your prioritised activities? • How is this information stored? Suppliers and Partners

(28)

Terms

RTO – Recovery Time Objective

MALO – Minimum Acceptable Level of Operations

(29)

Mitigating Impacts through effective BC – sudden disruption

ISO22313

(30)

Mitigating Impacts through effective BC – gradual disruption

ISO22313

(31)

Incident Timeline

31

What mechanism could be used to ensure that during and following as incident the matter is

(32)

Risk Assessment – Activity 5

32

List as many examples as you can of

measures which could be considered in the context of flooding due to failure of internal

plumbing systems to:

• Reduce the likelihood of a disruption • Shorten any period of disruption

(33)

Example – Royal Marsden 2008

• More than 100 firefighters in 25

fire engines were deployed on the blaze

• Between 80-90 patients were

helped onto the streets whilst the hospital was filled with thick

smoke.

• The fire could be seen across the

London skyline.

(34)

Example – BT Flood & Fire – March 2010

• ‘...tens of thousands of customers in parts of North and West London may be experiencing a loss of broadband and/or telephone service [...] as this is a complex incident we cannot

accurately predict when all services will be restored. We will issue further

updates as the situation changes.

• Any customers needing to make calls to the emergency services who have a problem using their phones are

advised to do so by using their mobile phone, or alternatively by using a

friend or neighbour's working phone

(35)

Example – Chase Farm Hospital 2010

• Loss of water supply due to burst water

main in Enfield.

• Bowsers (water tanks) are still on site to

ensure the main patient areas continue to receive water [...] Bottled water is available for staff and patients.

• The A&E department is open to all walk-in

patients however all other emergencies are being transferred to Barnet

Hospital. Once the water has resumed A&E services will return to normal.

(36)
(37)

BC Strategy Options Discussion

37

• Team work:

• What strategies might be needed for maintaining core skills and knowledge?

• What elements should your premises strategy

consider to reduce the impact of the unavailability of one or more worksites?

• What technology strategies for BC could your

(38)

BC Response Plans

38

Organisations may have numerous plans. These may include:

• Strategic organisational response plans • Department response plans

• Building or site response plans

(39)

BC Response Plan Content

39

• Document Control • Purpose & Scope

• Document owner & maintainer • Roles and responsibilities

• Plan activation • Contact details

(40)

BC Response Plan Content

40

• The plan should:

• Set out the prioritised activities to be recovered, the timescales in which they are to be recovered and the recovery levels needed;

• The resources available at different points in time to deliver the prioritised activities;

• The process for mobilising the necessary resources • The details actions and tasks needed to ensure the

(41)
(42)

Exercising, Maintaining & Reviewing

42

• Exercises are there to test plans

• Ensures that plans are fit for purpose

• Identify gaps and learning actions

(43)

Exercising, Maintaining & Reviewing

43

• Plans should be updated when:

• The organisation is restructured

• prioritised activity is delivered differently • Change to the external environment e.g.

statutory change, NHS England requirement

• Following lessons identified from an incident or exercise

(44)

Embedding your BCP

44

• Plans should be updated when:

• The organisation is restructured

• prioritised activity is delivered differently

• Change to the external environment e.g. statutory change, NHS England requirement

• Following lessons identified from an incident or exercise

• Changes to key staff or partners

(45)

Record Keeping Discussion

45

When responding you need to keep

records, but why is record keeping

(46)

Record Keeping Discussion

46

Why is record keeping so important?

Details of casualties or near misses that occur

Documents decisions made

References

Download now ( PDF - 46 Page - 1.06 MB )

Related documents

0415706203

Growing out of the failure of the New World Information and Communications Order (UNESCO, 1980; Mosco, 1996; Singh, 2011), the cultural turn in development studies (as generally in

Packaging operations within the Greek logistic industry. Evaluating and redesigning paper packaging in compliance with environmental regulations.

The method could easily be applied to other types of packaging as well (primary, transportation etc), provided that the researcher holds sufficient data (concerning packaging,

Oersetter: Frisian-Dutch statistical machine translation

A monolingual Frisian corpus of about 10 million words has been used for the generation of a language model, which proves beneficial compared to using only the Frisian material in

Microbiology USMLE review

polysaccharide Prevent phago and complement Neonatal meningitis Verotoxin/ shiga like Inactivate 60S Gastroenteritis bloody Head stable/liable. enterotoxin Fluid

Greg Gianforte. RightNow Technologies. Ideas and Resources Entrepreneur Interview

For Greg Gianforte, talking to potential customers – market research – was the foundation for an entrepreneurial business venture that was cash- flow positive from day one.. In

Business Continuity & Crisis Management

SMS-GS-RM2 Business Continuity & Crisis Management- July 2014 - V1.0 – Serco Public Group Standard.. Business Continuity &

Curriculum Vitæ. Education

Workshops on Verification of Infinite State Systems (INFINITY’10), volume 39 of Electronic Proceedings in Theoretical Computer Science, pages 91–99, Singapore, September 2010.

PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution

Proteus Enterprise is one comprehensive system that includes, Online Compliance & Gap Analysis, Business Impact, Risk Assessment, Business Continuity,