• No results found

Business Continuity Policy and Plan

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Business Continuity Policy and Plan"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

Business Continuity Policy and Plan

Policy Number: 040

Version: 2

Ratified by: V1 Approved by GB 2013

V2 update approved by OLT 26 Sept 2014 Name of originator/author: Robert Kirton Interim CFO 2013

Executive sponsor Rob Morgan, CFO

Date issued August 2013

Last review date: Sept 2014 Next review date: July 2015

VERSION CONTROL SHEET

Version Date Author Status Comment

1 March 2013 Amended from NHS Surrey policy version 7 April 2012.

Final Agreed by the Governing Body 16 April 2013 2 26 September 2014 OLT Approved

Update with current information, legislation and data (reference to www.england.nhs.uk/eprr)

Distribution:

North East Hampshire and Farnham CCG

Surrey Heath CCG staff and Governing Body members Surrey Heath CCG Website

(2)

Equality Analysis

This Policy is applicable to the Governing Body, every member of staff within the Surrey Heath CCG (SHCCG) and those who work on behalf of the CCG. This document has been assessed for equality impact on the protected groups, as set out in the Equality Act 2010. This document demonstrates SHCCG’s commitment to create a positive culture of respect for all individuals, including staff, patients, their families and carers as well as community partners.

The intention is, as required by the Equality Act 2010, to identify, remove or minimise discriminatory practice in the nine named protected characteristics of age, disability, sex, gender reassignment, pregnancy and maternity, race, sexual orientation, religion or belief, and marriage and civil partnership. It is also intended to use the Human Rights Act 1998 and to promote positive practice and value the diversity of all individuals and communities. An equality impact assessment was completed by Rob Morgan, CFO in Sept 2014 (appendix 4).

If you have identified a potential discriminatory impact of this procedural document, please contact the Corporate Office, Surrey Heath CCG, Surrey Heath House, Knoll Road, Camberley, Surrey GU15 3HD. Telephone 01276 707572.

Alternative formats

(3)

Business Continuity Policy and Plan

Contents:

1. Introduction 2. Definitions

3. Roles, Duties and Responsibilities 4. Outcomes of the Plan

5. Testing and Review 6. Monitoring

Appendix 1 – Business Impact Assessment

Appendix 2 – NHS Surrey Heath Business Continuity Plan Appendix 3 – List and details of Stakeholders

(4)

1. Introduction

The Civil Contingencies Act 2004 and the NHS Emergency Planning Guidance 2005 requires Clinical Commissioning Groups to have a Business Continuity Policy which will ensure that, in the event of a significant service interruption, critical day to day functions can be maintained whilst timely recovery and restoration of key services, systems and processes is also achieved.

This policy has been updated in 2014 to reflect guidance from NHSE with specific reference to

 http://www.england.nhs.uk/wp-content/uploads/2014/01/toolkit-cover-doc.pdf

 http://www.england.nhs.uk/wp-content/uploads/2014/01/app3-2-bcp-checklist.pdf It is the policy of NHS Surrey Heath CCG (SH CCG) to take all reasonable steps to ensure that in the event of a service interruption, the organisation will be able to maintain essential services1 and restore normal services as soon as possible in the circumstances prevailing at the time.

This document combines the general principles and corporate framework of a Business Continuity Policy together with the initial plan which the CCG will follow in the event of need to mobilise a response to an incident threatening business continuity.

The business continuity management procedures described are separate from, but may operate in conjunction with, the Frimley System Emergency Prepardness Resilience Response Plan (EPRR). It also operates in conjunction with the CCG’s Risk Management processes.

This policy does not address or represent the CCG’s responsibilities relating to emergency planning and response nor as a responder to mobilisation of a local emergency.

This is an overarching policy for SH CCG and should be read in conjunction with the shared Oncall arrangements with North East Hampshire and Farnham CCG; and the information governance business continuity policies for finance; operations & performance; and quality teams.

2. Definitions

The following definitions apply to terms used in this document, in accordance with governing standards, British Standard for Business Continuity Management, BS2599-1:2006 and International Standard 23001:

Business As Usual : Pre-defined acceptable levels of service delivery

1 Quality Management; public engagement; oncall (if applicable at the time); finance transactions; medicines

(5)

Business Impact Assessment: The process of analysing business functions and the effect that a business disruption might have upon them

Business Continuity Management: Holistic process to identify potential threats, accesss the impact of those threats, including protecting patients’ and stakeholders’ interests and achieving strategic directives.

Disruption: Any event, planned or unplanned, which causes an interruption to the CCG’s ability to continue business as usual.

Service Recovery Objective: The desired level to which essential services will be restored and the desired maximum time between loss of service and recovery.

(6)

3. Roles, Duties and Responsibilities 3.1 Legal and Statutory

The following general (statutory) duties apply:

The Civil Contingencies Act 2004 places a duty on public bodies to have business continuity plans in place to ensure that they can continue to exercise their functions in the event of an emergency so far as is reasonably practicable. The duty relates to all functions, not just emergency response functions.

Healthcare Standards require healthcare organisations to have documented procedures which dictate how they will be able to continue essential routine work during an incident or an emergency situation and to provide essential supplies.

3.2 Specific duties and responsibilities within the CCG

The following specific duties and responsibilities apply within the CCG

Accountable Officer (AO): The AO has overall responsibility for the strategic and operational management of the CCG including ensuring that the CCG has in place robust arrangements for business continuity management and service recovery. CCG Governing Body (GB): The GB is responsible for setting the strategic context in which business continuity and service recovery procedures are developed, and for the formal review and approval of the BCM policy and plan. This function may be delegated to the Audit Committee. The GB is also responsible for gaining assurance that providers commissioned by the CCG have adequate BCM systems and processes in place to ensure service continuity.

(7)

4. Outcomes of the Business Continuity Management (BCM) Plan

All BCM plans will be written in accordance with this policy. The anticipated outcomes of the BCM plan are:

 Identification of the activities of the CCG

 Prioritising those activities in response to a disruption

 Minimising the effects of any disruption and allowing return to business as usual as fast as possible

 Increased staff awareness of BCM principles and processes  Supporting the achievement of CCG strategic objectives

 Ensuring legal compliance with emergency planning obligations

As BCM plans are developed, the BCM policy may be adjusted as required and resubmitted to the GB for approval to the changes.

5. Testing and Review

The Business Continuity Policy and Plan will be reviewed by the Operational Leadership Team and resubmitted to the Governing Body at least every two years.

The Plan will be tested through a mock mobilisation, followed by a debriefing session to establish if any changes need to be made to the plan.

When actual incidents or disruption occur the Corporate Office will record the event and lessons learned will be shared with staff. The record will be kept with the policy to establish if any changes need to be made to the plan at its next review.

6. Monitoring

When there is a major incident that requires the CCG to take significant action (eg move staff to Aldershot centre for health) the CCG will produce a post incident report and hold a debrief the Operational Leadership team (OLT), to identify lessons learned.

(8)

Table 1 Record of incidents and disruption:

Period of disruption What Impact

Half day 21st July Full working day 22nd July

Half day 23rd July

Lack of IT for email and internet

connection. AT informed.

Disruption to normal work.

Office still had access to SH Y drive and telephones.

(9)

Appendix 1

Business Impact Assessment

In order to construct a Business Continuity Plan, the starting point is to undertake a Business Impact Assessment which identifies the essential functions and services which define the organisation and assesses, based on impact and risk, the maximum time (Recovery Time Objective) the organisation can be considered to be sustainable without the ability to deliver those functions and services.

Purpose of activity Actual Activity Carried out by Resources needed Dependencies (other teams, other agencies) Impact Recovery Time Objective Current Contingencies Proposed Contingencies Financial Management Budgeting & Reporting Finance team Network access to IFSE PC access

CSS Significant 1 month Home working Aldershot

Financial Transactions Payroll Sales ledger Purchase ledger Cash management FPHnhsft CSS Finance Team Network access PC access FPHnhsft CSS SBS Bank

Crucial 1 week FPH, CSU(S) and SBS business continuity plans Dependent on FPH & CSU business continuity plan Activity and Contract Management Data capture & analysis CSS Network access PC access

Providers data Major 1 month CSU(S) B.C. Plan Dependent on CSU business continuity plan Quality Management Handling complaints Monitoring SUIs Safeguarding D of N & Q Medical Director Internet access PC access Providers reports

Crucial 3 days Access to space at Aldershot Centre for Health Aldershot Medicines Management Benchmarking Best practice Monitoring prescribing Director of Operations Prescribing data Surrey Downs CCG

Crucial 1 month Surrey Downs Dependent on Surrey Downs CCG continuity plan Manpower Management Recruitment Appraisal Chief Officer Director of Operations

Telecomms FP HR team Moderate 6 weeks FPH FPH continuity plan

Commissioning Defining need for care services System change Director of Operations Network access PC access

Lead CCGs Moderate 2 months Home working Aldershot

Public Engagement Website Press relations Surveys FOI requests Director of Operations CSS Internet access CSS Moderate Major Minor Crucial 1 month 1 day 6 weeks 3 days CSU(S) use “Media on call” Dependent on CSU business continuity plan Procurement Securing goods and services Finance Team Network access

(10)

Cont./ Purpose of activity Actual Activity Carried out by Resources needed Dependencies (other teams, other agencies) Impact Recovery Time Objective Current Contingencies Proposed Contingencies Governance & Compliance Maintenance of risk and baf Conducting Boards & Committees CFO CO/Chair/ Admin team Network Access None Available meeting facilities (St Pauls/St Cross)

Significant 1 week Homeworking

Local facilities

Aldershot

Alternative local facilities

Performance Monitoring & reporting QIPP AT/SHA liaison and performance regime Director of Operations CFO Network access CSS AT/SHA

Major 1 week Homeworking Aldershot

Impact: Minor (1), Moderate (2), Significant (3), Major (4), Crucial (5)

Recovery Time Objective: Immediate, 1 day, 3 days, 1 week, 2 weeks, 1 month, 6 weeks, 3 months.

Surrey Community Risk Register Copies of the Surrey Community Risk Register are available at http://www.surreycc.gov.uk/people-and-community/emergency-planning-and-community-safety/emergency-planning/community-risk-register

Risks on the ‘very high’ category:  Severe weather – Flooding

 Human Health - Influenza type diseases Pandemic of infectious disease e.g. Flu  Industrial technical failure – electricity disruption/ supply.

Surrey Heath CCG Risk Register has identified risks that may affect the contiuity of business at Surrey Heath CCG.

 Loss of access to office due to severe weather – Flooding, fire or loss of power.  Loss of key managers due to severe weather or fuel disruption.

(11)

Appendix 2

Business Continuity Plan

There are a number of threats to the continuity of business at Surrey Heath CCG. The major ones are:

 Loss of access to office  Loss of key managers  Loss of access to I.T. Office:

Loss of access to the Head Office (Surrey Heath Borough Council Offices, Knoll Road, Camberley) may occur due to the building being unavailable for use ( fire damage, flood damage, loss of power) or access being denied to the building and immediate vicinity (security alert).

If the loss of access is expected to be short term (less than 2 working days), most staff can work from home or utilise space in a GP practice.

If the disruption is likely to be longer than 2 working days, the CCG has agreed with North East Hampshire & Farnham CCG that it can have access to desk space for three core staff (more with hot-desking) at Aldershot Centre for Health (ACH). This is a reciprocal arrangement under which NEH&F staff can have access to desks at Surrey Heath House. (action: check that the landlords liability insurance remains valid).

If a temporary relocation to ACH takes place, an alert will be placed on the CCG website by the Administration Manager informing the public of the relocation and predicted length of disruption. “Due to unforeseen circumstances, Surrey Heath CCG have temporarily moved headquarters to Aldershot Centre for Health.

It may be possible to divert telephones to ACH, but it is likely that an enforced move would happen without sufficient notice to action this (e.g. incident in the building out of hours). The essential staff to relocate are:

 Administration Manager ,

 Director of Nursing & Quality, and  Business Continuity lead (CFO).

Other staff would be asked to work from home and report to the director at Aldershot Centre for Health for a daily update on work required and possible date to return to normal work. Maintenance and access of the shared drive is critical as it may not be possible to move paperwork to ACH, or that paperwork may be destroyed in fire or flood.

(12)

Loss of key managers

This may be considered lower threat to business continuity as there is already a high degree of close-knit working and covering roles within the senior team.

However, it would be better to formalise arrangements and ensure that each senior leader selects a “shadow” and invests time outlining their major objectives. It is also critical that shared drives for essential files are utilised and the file discipline shared with all staff.

Loss of I.T.

This is a critical risk.

If there is a prolonged (greater than 1 week) lack of access to I.T. specifically related to operation from Surrey Heath House, the CCG would mobilise the same arrangements as for lack of access to the building, i.e. convene to Aldershot centre for Health.

Loss of access to data/information is mitigated by existing back-up arrangements for the CCGs data, carried out by the NHS CSU (South). The CCG must seek regular assurance and evidence that these backing up arrangements re regularly undertaken.

Authority to Invoke and Stand Down the Plan

The following officers of the CCG have authority to invoke and subsequently stand down the plan:

 Accountable Officer

 Chief Financial Officer (as Business Continuity Lead)  Director of Operations

(13)

List of key stakeholders – contact details

All Providers, suppliers and partners working under NHS contracts are obliged to have business continuity plans. Clinical providers work to stringent contracts which also cover 24/7 operation and emergency / incident working.

Frimley System 24/7 On Call

07010 063245 On Call Duty Senior Manager/ Director - Frimley System joint NHS Surrey Heath CCG together with NHS North East Hampshire and Farnham CCG.

NHS England Surrey & Sussex 08448 222888 Code NHS42 NHS England Wessex Pager 07623 503888 Code NHS43

Ambulance

South East Coast Ambulance

SECAmb – 0208 786 8987 ask for Duty “Silver” 0208 786 1080

0208 786 1081

24/7 Tactical advisor 07003 900765 South Coast Ambulance

SCAS – 01962 898235 on call tactical advisor Hospitals

Frimley Park Hospital

01276 604604 Mena Valiance Head of Access OOH ask for admin on Call

Royal Surrey County Hospital NHS Foundation trust 01483 571122 Jason Wright emergency planning manager OOH ask for director on call

Ashford and St. Peters Hospital

01932 872000 Claire Braithwaite Deputy Director of Opps OOH ask for Director on call

Hampshire Hospital NHS Foundation Trust

(14)

01256 473212 Community Care Virgin Health 07623 922193 07720 295477 Cynthia Dwyer 07899067911 Sara McMullen 07970750515 Mental Health

Surrey and Borders Partnership NHS Foundation Trust OOH 01883 383838 ask for Duty Director

0300 5555222

(15)

EQUALITY IMPACT ASSESSMENT TOOL

To be completed and attached to any procedural document as part of main document

sited between version control sheet and contents page

1. Title of policy/ programme/ framework/ strategy being analysed. Business Continuity Policy and Plan

2. Please state the aims and objectives of the work and intended equality outcomes CCG is required to have a business continuity plan to ensure that, in the event of a significant service interruption, critical day to day functions are maintained.

(how is this linked to the CCGs strategic equality objectives)

3. Who is likely to be affected? Eg staff, patients, service users, carers Staff

And staff who are carers Service users and stakeholders

4. What evidence do you have of potential impact (positive and negative) Impact on all staff to carry out day to day critical functions.

Impact on home life if staff are required to work from home.

Yes/No Comments 5. Does the document/guidance affect one

group less or more favourably than another on the basis of:

 Race N

 Ethnic origins (including gypsies and travellers) N  Nationality N  Gender N  Culture N  Religion or belief N

 Sexual orientation including lesbian, gay and bisexual people

N

(16)

 Disability - learning disabilities, physical disability, sensory impairment and mental health problems

N

6. Is there any evidence that some groups are affected differently?

N 7. If you have identified potential

discrimination, are there any exceptions valid, legal and/or justifiable?

N

8. Is the impact of the document/guidance likely to be negative?

N 9. If so, can the impact be avoided? N 10. What alternative is there to achieving the

document/guidance without the impact?

NONE 11. Can we reduce the impact by taking

different action?

N

For advice in respect of answering the above questions, please contact the Corporate Office, Surrey Heath CCG. If you have identified a potential discriminatory impact of this procedural document, please contact as above.

Sign off Name and Signature Date of the

Assessment

Name and designation of Individuals who carried out the Assessment:

Ann Cooper, Interim Governance Lead 21July 2014 Name and signature of

References

Download now ( PDF - 16 Page - 637.19 KB )

Related documents

Provincial Gazette Provinsiale Koerant Gazete ya Xifundzankulu Kuranta ya Profense Gazethe ya Vundu

Game referred to in the second column in the affected Magisterial Districts referred to in the third column, excluding the Magisterial Districts referred to in the fourth.. column

ANNUAL REPORT / 2014

These forward-looking statements are subject to certain risks and uncertainties that could cause actual results to differ materially from our historical experience or our

Contents. Operating Instructions LCD Television. Be Sure to Read Important Notice 2 Safety Precautions 3

Connections to the equipment (DIGA Recorder, HD Video Camera, Player theatre, Amplifier, etc.) with an HDMI cable allow you to interface them automatically (p. These features

LED-TV DVB-T/C TUNER AL3208TBK

Pressing the MENU button while in the Media Browser mode will access the Picture, Sound and Settings menu options.. Pressing the MENU button again will exit from

Guide to Setting Up A Child Care Centre Early Childhood Development Agency

For applicants who take over an existing centre, the minimum staffing to meet licensing criteria will apply and the applicant must ensure that there are sufficient trained teachers

Counseling Is a Virtual Experience for Students at Online Schools

Steele of Stanford University Online High said that shift is already underway: In a recent survey of ASCA members, she and her colleagues found that more than one-fourth of

Council on Academic Affairs Minutes, Nov 17, 2005

Recording Data for New or Revised Course (Record only new or changed course information.) Course prefix (3 letters) Course Number (3 Digits) Effective Term (Example:

PROSPECTS FOR FURTHER DEVELOPMENT OF MEDICINAL PLANTS N. R. Khojakulova Doctoral Student at the Karshi Institute of Engineering and Economics

It should be noted that due to the limited reserves of naturally growing medicinal plants, the pharmaceutical industry is able to meet the demand of enterprises for raw