• No results found

Business Continuity Policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Business Continuity Policy"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Business Continuity Policy

Summary:

This policy sets out the structure for ensuring that the PCT has effective

Business Continuity Plans in place in order to maintain its essential

business functions during unexpected interruptions or incidents

APPROVED BY ASSISTANT CHIEF EXECUTIVE 21/01/10

REVISED

14/10/10

REVIEW DATE:

21/01/12

To be read in conjunction with:

• EMERGENCY PLAN

• FLU PANDEMIC PLAN

Version 4

Compliance with all PCT policies, procedures protocols, guidelines,

guidance, standards and strategies is a condition of employment. Breach

(2)

Policy Category: Governance Relevant to (Staff Group):

All

Version History:

Version No: Date: Changes Made: 1.0 09/06/09 First draft

2.0 29/06/09 Revise draft follow consultation 3.0 08/12/09 Revise draft

4.0 10/10/10 Revised to reflect the change in Lead Director and Day to day Responsibility for Business Continuity to Emergency Planning

All reasonable steps have been taken to ensure that this Policy reflects the:

Equality and diversity agenda

Relevant articles of the Human Rights Act 1998

Philosophy of Clinical Governance, providing evidence for compliance with the

requirements of the Standards for Better Health of the Department of Health and

the NHS Litigation Authority Risk Management Standard for PCTs

Health and Safety at Work Act 1974 and associated legislation

Freedom of Information Act 1998 (amended 2000)

Disability Discrimination Act 1995 (amended 2005)

Sex Discrimination Act 1975 (amended 2003)

Race Relation Act 2000

Age Discrimination Act 2006

(3)

CONTENTS………..3

1. Introduction and Purpose…..………4

2. Definitions………..………..4

3. Requirements………..4

4. Policy Statement……….4

5. Supporting Organisational Structures……….5

6. Accountability and Responsibility for Policy and Implementation…………...5

7. Monitoring, Review and Testing………5

8. Communication of Policy – Method and Responsibility……….…6

9. References………...6

Appendix 1: Business Continuity Plan Template

(4)

1. Introduction and Purpose

1.1 The aim of business continuity is to ensure that the PCT’s core business functions are

safeguarded by means of effective business continuity management despite any unplanned or

predicted interruptions to normal business.

1.2 Scope of this policy

This policy sets out the management responsibilities for creating, maintaining, and testing

business continuity plans. It establishes the principle that all Directorates and Business Units are

required to have documented plans based on the template shown in Appendix 1.

2. Definitions

2.1 Business Continuity Management (BCM)

A process that identifies potential threats to an organization and the impact to business

operations that those threats, if realized, might cause. It provides a framework for building and

testing organizational resilience to safeguard the most important business functions.

2.2 Business Continuity Plan (BCP)

A document and procedures maintained in readiness for use in an incident to enable the PCT

to continue to deliver its core business function at an

acceptable pre-defined level.

3. Requirements

3.1 Legislation

The PCT is required to have in place effective BCM arrangements to meet the requirements of

the Civil Contingencies Act 2004. The PCT must have Business Continuity Plans that are able to

support any major emergencies related to its obligations as a Category One responder.

3.2 BS 25999-1

The PCT will be expected to meet the good practice standards set out in BS25999-1 (Business

Continuity Management – Code of Practice).

3.3 BS 25777

The PCT will be expected to work closely with Sussex HIS to ensure that the principles of

BS25777 (Information and Communications Technology Continuity Management – Code of

Practice) are being applied.

4. Policy Statement

4.1 All Directorates and, where appropriate, departments, must complete a Business Continuity

Plan using the template shown in Appendix 1. Guidance notes are available on the PCT Intranet

(hyperlink).

All plans must be signed off by the responsible Director using the Business Continuity Plan

Approval Form shown in Appendix 2.

5. Supporting Organisational Structures

5.1 Organisational Arrangements and Support

The Director of Public Health shall direct the Emergency Planning and Business Continuity

Resilience Team to provide the following support:

Templates and guidance for the completion of business continuity plans.

(5)

Attendance by the Business Continuity and Assurance Manager at the Emergency

Planning Committee meeting.

5.2 Details of Associated Training

The Business Assurance Team will provide training and information to enable managers to

gain an understanding of Business Continuity Management issues and to complete Business

Continuity Plans.

6. Accountability and Responsibility for Policy & Implementation

6.1 The Director of Public Health has overall accountability for ensuring the PCT puts in place the

necessary Business Continuity Management systems to implement this policy.

6.2 Directors are responsible for ensuring an approved, up-to-date and fully tested Business

Continuity Plan is in place in respect of the business functions for which they are accountable.

6.3 The Director of Public Health is responsible for reporting progress on BCM to the Executive

Team and the Head of Emergency Planning and Business Continuity Resilience to the

Emergency Planning Committee.

6.4 The Director of Public Health is responsible for compliance with all statutory and regulatory

requirements via the Business Assurance Team.

6.5 All staff will be expected to understand this policy and to cooperate with the maintenance,

testing and implementation of the plan.

7. Monitoring, Review and Testing

7.1 Monitoring

The Business Assurance Team is responsible for monitoring compliance with this policy by:

Maintaining a central database of all approved plans

Collecting evidence to ensure compliance with the statutory duty to assess, plan and

advise in relation to emergencies and the risk of emergencies (Civil Contingencies Act

2000).

Carrying out benchmark assessments in conjunction with the Strategic Health Authority

Assisting the internal auditor to carry out an annual audit. Audit recommendations will

be added to the audit recommendations tracker and reported to the Audit and

Assurance Committee.

7.2 Review

This Policy will be reviewed every 2 years.

Directorates are responsible for reviewing BCP every 6 months. The review programme will be

monitored by the Business Assurance Team.

7.3 Testing and Exercising

The Business Assurance Team will coordinate a programme of exercises to validate the full

range of business continuity management capabilities.

Exercises will be run in conjunction with Emergency Planning exercises wherever possible.

8. Communication of Policy – Method and Responsibility

8.1 All new staff will be briefed on this policy as part of the PCT Induction process and via local

Departmental Induction.

(6)

mandatory Risk Management Training Course.

8.2 The Business Continuity Policy and Procedures will be posted onto the

PCT intranet and internet for all staff to access as required.

8.3 Managers must ensure that all relevant staff within their directorate are made aware of their

responsibilities towards this Policy.

9. References

BS25999 - Business Continuity Management Code of Practice.

BS25777 - Information and Communications Technology Continuity Management Code

of Practice.

Standards for Better Health – Healthcare Commission/Care Quality Commission 2008.

Civil Contingencies Act 2004.

(7)

Business Continuity Plan

Template

(Insert Team or Department name and

Location)

(8)

Contents

Guidance Note

9

Department or Team Details

10

(9)

Guidance Note

Before completing your team or department Business Continuity Plan please consider the following information that should help you to complete the Plan to the highest degree of resilience.

Supporting documents

Please use the Guidance document that has been provided to sit along side this template. It may answer questions that you have in terms of content and the level of detail that should be included in your Team or department Plan.

To further support this is the Business Impact Analysis (BIA) Tool which has been added to the back of the Plan (Appendix). Working through this and looking at the information it contains should further help you to detail the most relevant information.

When compiling this Plan, as well as considering your Team or Departments key Functions, you need to consider the Key Stakeholders with whom you supply services to or have close links with. They will need to be contacted in the event of severe disruption to services. There is a section in Profile for you to list these Key stakeholders.

Mutual Aid is an area that can help cope with disruption. See the Guidance if you wish to set up any Mutual Aid Arrangements.

If any further help is required the Business Assurance Team are there to facilitate and help. Contact through the Corporate Affairs Department at The Causeway Building, Goring by Sea or via email. Team

Remember this is your Team or Departments Plan and is aimed at making you resilient in times of disruption to any of the services or functions you perform. The disruption may be caused by a number of factors all of which can be mitigated against in this template. If you have any further areas you wish to add in then feel free to do so.

(10)

Department or Team Details (Section 2 of the Guidance)

Please detail the team for whom this Plan applies and where they are located. Any further details in terms of Building and work area are also required.

Key Department or Team Functions

Please insert the Key Functions or Roles which this Team or Department undertakes on behalf of the PCT. These functions are what you are basing the plan around and therefore need to be all inclusive.

Priority of Functions

For the areas of work listed above please ensure that the most critical functions are given the highest priority. There may be Functions that will be ignored in times of disruption.

Major Incidents (Section 3 of the Guidance) Department/Service:

Directorate:

Location: 2nd Building (if applicable): 2nd Work Area:

Location: Telephone: Fax: Telephone: Fax: Telephone: Fax:

For the (name of Department, Team or Practice) the PCT coordinating the response is West Sussex PCT. In the event of a Major Incident the contact(s) will be (insert appropriate name(s)

(11)

People (Section 4 of the Guidance) Team cover plan

This needs to include all Team or Department members for whom the plan applies. More than one cover staff can be listed in the third column.

Post Holder Post 1st Cover

Minimum Staffing Levels

Provide an indication of the Minimum Staffing Level your Team or Department would require for Short / Medium / Long Term Disruptions to perform your functions effectively.

Staff Requirements in the Event of Absence

This table needs to have a detailed account of the Responses and Actions that need to be taken in the event of losing certain Levels of Staff for Specified periods of time.

Examples:

Impact – Minor / Minimal

Response/Mitigation – Access emails of absent staff; respond where necessary

Actions – Establish cover arrangements (training if needed); adapt working to cover priority work or

functions; respond to urgent emails; check calendar and inform any interested third parties of the absence.

(12)

Loss of Staff at Certain Levels (as a

whole time equivalent) IMPACT RESPONSE/ MITIGATION ACTION REQUIRED 0 - 10% For 1 day

For up to one week

For longer than one week

(13)

For longer than one week

50 - 100% For 1 day

For up to one week

For longer than one week

Key Personnel Cover Arrangements

Certain members of a Team or Department may have a specific knowledge or fields of expertise which need special mitigation when it’s no longer available.

(14)
(15)

Premises

(Section 5 of the Guidance)

The section may require information from the Building Business Continuity Plan, if this is the case then you will be provided with this information.

Relocation Arrangements for Building and Work Area

These need to detail the arrangements that have to be followed in the event of a disruption to the Building within which you work. They may be covered by a Building Business Continuity Plan and should be readily available.

Alternative working arrangements may be Team Specific, e.g. Work from home / Alternative Location and apply to both Building and Work Area disruptions.

The specific area of the Building within which you work may be disrupted in isolation. Please detail the procedure and actions that need to be followed.

Fire drill procedure

Short bullet points of the Buildings Fire Procedure and any specific work arrangement for prolonged disruption (as above). This information should be available on wall posters or through the Building Business Continuity Plans.

Security Details

These are likely to be covered in the Building Business Continuity Plans. If not available contact the facilities department for the buildings security arrangements.

Building:

Work Area (Team/Departments):

(16)

This sub-section will be any specific security arrangements you may have for the Team or Department. E.g. locking away equipment; location of cabinet keys; the location of confidential documents.

List of equipment

This is the vital equipment that is used. E.g. special clinical equipment / computers / filing cabinets / department specific equipment.

List for the re-order or how to acquire the equipment

For the items listed above you are required to detail where replacements are available from. E.G. Laptops; Sussex HIS. Please include the suppliers contact details in the Contacts Section at the back of the plan.

Building:

(17)

Toilet facilities

Please detail the

actions in case of a disruption to the toilet facilities. This may well be covered in the Building Business Continuity Plans.

Parking facilities

Please detail the actions in case of a disruption to the parking facilities. Again this may well be covered in the Building Business Continuity Plans.

Any further Facilities (Team or Department specific)

All the facilities that are specific to the building or department in which you work and the details of alternatives or actions if they should become disrupted. E.g. meeting rooms; Treatment rooms; Store rooms

Supplier / Source Equipment

Alternative toilet arrangements:

Portable toilet details (if required):

(18)

Facility Disruption Arrangements

(19)

Processes (Section 6 of the Guidance) IT Details

Detail the supplier of the IT systems which your Team or Department use. This may be covered in the Building Business Continuity Plans.

Provider of Information Management and Technology Systems:

Services they provide:

List the actions to be taken in the event of a building wide IT service failure. Action Plan for a Building IT system failure

List the actions in the event of a disruption to an IT system or computer that only affects one or more specific individual within your team. It may well be similar to the above arrangements.

Action Plan for a Team IT system failure

Software Systems

(20)

Email disruptions

This may be similar to the IT disruption arrangements in terms of supplier. Please detail possible arrangements if external email is not an option and ensure that key contacts that relate to team functions are considered in the event of a disruption.

Provider of Email Systems software: Contact Number(s) in the event of disruption:

Can staff use secondary / Private email accounts (arrangements) :

Can staff contact ALL key business contacts in the event of a computer disruption:

Telephone disruptions

Detail your telephone supplier and any possible alternative options if this service is unavailable. Provider of Telephone

Communications:

Contact details in the event of disruption:

Estates Manager and contact details:

(21)

Details of alternative communication in the event of a disruption:

Other Communication Methods

Any further communication methods you use that may be disrupted need to be detailed and alternatives may be required. E.g. Fax; Postal services

Form of Communication Details for recovery Alternative(s)

Documentation

This section is important in terms of the Team or Departments key functions and any documentation that supports these. For example, guidance documents on how to perform the functions; specific databases; important work documents. It is important to note that only having a paper or electronic copy is a

(22)

Providers (Section 7 of the Guidance)

Disruptions to the areas covered below may result in implementing alternative working arrangements, for example changing location.

Water Disruptions

The mains water supply Stopcock is located:

Water supplier for your location, team or department:

Heating disruptions

The Building may have a specific or number of different forms of heating, please detail. These may be covered in the Building Business Continuity Plans. There may be cross over with the boxes below around Electricity, Gas and Oil Suppliers.

Heating Supplier or System

Contact Information

Actions in the event of a disruption

Electricity Disruptions

(23)

Gas Disruptions

Detail the actions that need to be taken in the event of a disruption to the Buildings gas supply. This is likely to affect the heating of the building so may be covered above.

Gas Supplier

Emergency contact details

Current contingencies in place

Actions in the event of a loss in Gas supply

Oil Disruptions

Detail the actions that need to be taken in the event of a disruption to the Buildings oil supply. Oil Supplier

Emergency contact details

Current contingencies in place

Actions in the event of a loss in Oil supply

Specific Fuel Shortage Plans

The information below should sit along side the West Sussex PCT Fuel Crisis Contingency Plan that will be implemented in the event of a fuel crisis. This information should be specific team arrangements that can be made in the event of a fuel (petrol / diesel) shortage. E.g. work from home; Car share.

Electricity Supplier

Emergency contact details

Current contingencies in place

(24)

Supplier for day-to-day Equipment

Unlike the equipment mentioned above in the template, this section is for the smaller scale equipment but has the same importance for continuity of service, for example paper / stationary / medicines.

Please include the arrangements for disruption.

Key Suppliers Equipment / Disruption arrangements

Contact details:

Contact details:

Contact details:

(25)

Profile (section 8 of the Guidance)

Key Stakeholders

When compiling your plan you have been asked to consider your key stakeholders.

Please list these Stakeholders and the reason for inclusion. Also ensure you include them in the Contacts List below if they aren’t included elsewhere within the plan. Examples: Senior Management; Certain Boards or Committees; External Organisations.

Vulnerable People / Groups

This is mainly linked with patient contact but would include any vulnerable people you may come in contact with.

List or Location of the List:

Communications

(26)

Contacts List

Please include any names or contacts that you have listed in your plan for quick and easy contact. Include more than one number where available. Add boxes where you require them.

Activation of the Plan

People who will be required contacts in the even of a disruption to the areas mentioned in the plan.

Role Name Contact

Lead Officer For the Plan Deputy

Department / Team Manager Facilities / Estates Manager

Staff Contacts

It is your decision whether the contact you include will be personal / home numbers for staff. But it should be noted that the plans are for the use for the Team or Department members only and should not be made available for the external sources.

Name Position Contacts

PCT Contacts

Add any further PCT contacts you feel are required for emergencies. Reason for contact

Department

Contacts

Emergencies PCT HQ – Director On Call

Emergencies (See On Call Info Sheet on main plan)

Provider Services – Operational On Call

Emergencies PCT Switchboard

(27)

Key Stakeholders

Should contain the Stakeholders listed above in the Profile section.

Stakeholder Reason Contact

Utilities / Services Contacts

The Utilities listed in the Processes and Providers sections.

Service Provider Contacts

IT / Email Water Heating Electricity Gas Oil

Tradesmen

Any specific tradesmen that you feel need to be detailed. E.g. Plumber

Trade Provider Contacts

Mutual Aid Arrangements

(28)

Mutual aid

available

Department /

Team

Contacts

Suppliers

Any suppliers that have been listed within your Plan.

(29)

Appendix 2

Business Continuity Plan Approval Form

Title of Plan

Directorate or Business Unit

Name of approving Director

Signature of approving Director

References

Download now ( PDF - 29 Page - 117.09 KB )

Related documents

FUTURE RESEARCH DIRECTIONS OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING *

2, the top portion of the intersection, i.e., the subarea KSSE, addresses how knowledge engineering methods can be applied to software engineering; in other words, how

Curriculum Vitæ. Education

Workshops on Verification of Infinite State Systems (INFINITY’10), volume 39 of Electronic Proceedings in Theoretical Computer Science, pages 91–99, Singapore, September 2010.

MCSA Windows Server 2012

infrastructure such as Implementing Server Images, User and Group management with Active Directory Domain Services(AD DS) and Group Policy, Remote Access and Network Policies,

Avio BPM Solutions and Frameworks

Test cases executed with the Avio Automated Testing Framework provide the ability to run end-to-end tests of all processes and associated components within a project..

The comparative effect of corruption and piketty’s second fundamental law of capitalism on inequality

However, once we use instrument variables within the model, we find that r-g is a significant determinant of inequality even after controlling for the non-linear effects of

Limits to Financialization? Locating Financialization within East Asian Exportist Economies

To this end, we feel that both scholars working within geographical political economy and regulation theory offer an account of financialization that is more sensitive to the role

Mass spectra of heavy pseudoscalars using instantaneous Bethe Salpeter equation with different kernels

Abstract We solved the instantaneous Bethe–Salpeter equation for heavy pseudoscalars in different kernels, where the kernels are obtained using linear scalar potential plus one

Tribal Knowledge War: A Location-based Pervasive Knowledge War Game

In this thesis, we have studied literature focused on making games educational and fun, and we have used the knowledge from this literature to develop a prototype of a game that