BUSINESS CONTINUITY PLANNING POLICY

Similar documents
Meeting of Governing Body

GUIDANCE DOCUMENT FOR COMPLETION OF RESIDENTIAL CARE ESTABLISHMENTS BUSINESS CONTINUITY PLAN TEMPLATE WEST MIDLANDS

Statement of Purpose. June Northampton General Hospital NHS Trust

Trust Management Structure July 2016

Strategy for resilience and business continuity

UCL MAJOR INCIDENT TEAM MAJOR INCIDENT PLAN. Managing and Recovering from Major Incidents

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Plan

STATEMENT OF PURPOSE August Provided to the Care Quality Commission to comply with The Health & Social Care Act (2008)

Burton Hospitals NHS Foundation Trust

Board of Directors Meeting

BUSINESS CONTINUITY PLAN

DELIVERING THE LONDON QUALITY STANDARDS AND 7 DAY SERVICES

CAMBRIDGESHIRE COMMUNITY SERVICES NHS TRUST BUSINESS CONTINUITY PLAN VERSION 7.0

Information for patients

Question 1 a) What is the Annual net expenditure on the NHS from 1997/98 to 2007/08 in Scotland? b) Per head of population

Business Continuity Plan

Candidate Information Pack. Clinical Lead Plastic Surgery & Burns

STATEMENT OF PURPOSE

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity and Emergency Management. Policy Statement

Guidance notes on the role and function of Organic Old Age Psychiatry wards (NHS Lanarkshire)

BUSINESS CONTINUITY PLANNING

Digital Dictation Project

Job Planning Driving Improvement Ensuring success for consultants, the service and for improved patient care

JOB DESCRIPTION. Specialist Practitioner of Transfusion for Shrewsbury, Telford and surrounding community hospitals. Grade:- Band 7 Line Manager:-

Isle of Wight NHS Primary Care Trust:

Corporate Business Continuity Plan. Alison Whitehead, Head of Resilience. Fiona Noden, Director of Operations and Performance

Barnet Health Overview and Scrutiny Committee 6 October 2016

Agenda item 8.5. Meeting date: Meeting / committee: Board of Directors. 24 th June Title: Emergency Preparedness Annual Report 2013/14.

Pharmacy Department PRE-REGISTRATION TRAINEE PHARMACIST INFORMATION PACK

Summarise the Impact of the Health Board Report Equality and diversity

Policy Summary. Policy Title: Policy and Procedure for Clinical Coding

Hospital Generated Inter-Speciality Referral Policy Supporting people in Dorset to lead healthier lives

Ambulatory Care Model

Statement of Purpose Kerry General Hospital 2013

NHS ST HELENS CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY PLAN AND INCIDENT RESPONSE PLAN VERSION 6

Statement of Purpose

RTT Recovery Planning and Trajectory Development: A Cambridge Tale

TRUST BOARD SAFETY AND QUALITY MONTHLY REPORT SEPTEMBER 2013

Board of Directors. Approval Discussion Information Assurance

Key Objectives To communicate business continuity planning over this period that is in line with Board continuity plans and enables the Board:

CLINICAL AND CARE GOVERNANCE STRATEGY

Trust Board Meeting: Wednesday 13 May 2015 TB

Incident Management Plan

Agenda Item. NHS Cumbria CCG Governing Body. 4 February Business Continuity Plan. Purpose of Report:

MISSION IMMEDIATE ACTIONS RESPONSIBILITIES. Triage of patients in Emergency Centre according to protocol

Central Adelaide Local Health Network Clinical Directorate Structures

Briefing on the first stage of the Acute Services Review the clinical recommendations

Greenwich CCG Business Continuity Plan. Interim Governance Consultant

NHS Waltham Forest Clinical Commissioning Group. Emergency Preparedness, Resilience and Response (EPRR) Policy

Road Fuel Supply Disruption: Strategic Guidance for NHS Boards in Scotland. NHSScotland Resilience. Scottish Government

OP Action Plan Acute Hospital Outpatient Services. Outpatient Services Performance Improvement Programme

MATERNITY SERVICES RISK MANAGEMENT STRATEGY

RTT Assurance Paper. 1. Introduction. 2. Background. 3. Waiting List Management for Elective Care. a. Planning

University Hospitals Bristol NHS Foundation Trust Organisation Structure

Ref No 001/18. Incremental credit will be awarded in accordance with experience and qualifications.

Getting started.. questions to consider when revising or developing your plans

BUSINESS CONTINUITY PLAN

NHS Electronic Referrals Service. Paper Switch Off an update Digital Health Webinar 4 May 2018

NHS Wales Delivery Framework 2011/12 1

Hygiene Services Assessment Scheme

The Royal Wolverhampton NHS Trust

Craigavon Area Hospital Profile

Number of Fixed Term Staff Band Non-Clinical Temporary Staff Band

Business Continuity Management System. Business Continuity Procedure

Regulations and their potential for limiting clinical negligence. Stuart Whittaker

Ayrshire and Arran NHS Board

Job Description. CNS Clinical Lead

Agenda Item No: 6.2 Enclosure: 4 17/1/02012 Intended Outcome:

NHS England (South) Surge Management Framework

Stewart Mason, Emergency Planning and Resilience Officer Tom Jones, Clinical Programme Manager

HEALTH AND SAFETY POLICY

Health Facility Guidelines

NHS Commissioning Board Core Standards for Emergency Preparedness, Resilience and Response (EPRR)

Report to the Board of Directors 2015/16

NAME SPECIALTY PLEASE NOTE THAT THE CONSULTANT SURGEONS RUN A 4 WEEK ROLLING ROTA OF ACTIVITY. (HENCE THE 'BUSY' JOB PLAN)

Business Continuity Management Policy and Plan Contacts removed

Public Services Reform (Scotland) Bill. Scottish Independent Hospitals Association

Referral Guidance DIRECT REFERRAL SERVICE FOR THE ELDERLY DEAF

Community Nurses Module

Kingston CCG Emergency Preparedness, Resilience and Response (EPRR) Policy

Community and Mental Health Services High Level Market Research PROSPECTUS

corporate management plan

TRUST BOARD SEPTEMBER Surgical Services Reconfiguration

Interpretation and Translation Services Policy

Unannounced Theatre Inspection Report

Premises Assurance Model

Hygiene Services Assessment Scheme. Assessment Report October Our Lady s Hospital for Sick Children, Crumlin

Diagnostic Imaging, Peterborough

Date ratified November Review Date November This Policy supersedes the following document which must now be destroyed:

Appendix 1 MORTALITY GOVERNANCE POLICY

UNIVERSITY HOSPITALS OF MORECAMBE BAY NHS FOUNDATION TRUST TRUST BOARD

Emergency Preparedness, Resilience and Response Annual Report 2015

Capacity Plan. incorporating the Resourcing Escalatory Action Plan. (copy for external circulation)

Preceptorship (Multi-Professional) Policy

Major Incident & Business Continuity Management System

Diagnostic Testing Procedures in Neurophysiology V1.0

Standardising Acute and Specialised Care Theme 3 Governance and Approach to Hospital Based Services Strategy Overview 28 th July 2017

The Royal Wolverhampton NHS Trust & Wolverhampton CCG consultation on proposals to deliver planned care at Cannock Chase Hospital

Transcription:

Agenda No. 8(c) Enclosure No. 11 BUSINESS CONTINUITY PLANNING POLICY REFERENCE CODE (Man.) (For Corporate Key Documents, Reference code will be allocated by the Policy Co-ordinator e.g. <(HHT) PR.07> upon receipt of the approved document. For other Key Documents assign an appropriate Departmental Reference code) IF THIS DOCUMENT HAS BEEN PRINTED, IT SHOULD NOT BE ASSUMED TO BE THE LATEST VERSION. Document Description: Business Continuity Planning Policy Audience.Organisation(s): Hereford Hospital NHS Trust (Man.) Audience.Department(s): All staff in the organisation (Man. if applicable) Audience.Staff categories: All staff in the organisation (Man. if applicable) Date operational: 12/2008 Date expiry: 12/2009

CONTENTS BUSINESS CONTINUITY PLANNING POLICY 2-4 APPENDIX 1- Business Impact Analysis 5-10 APPENDIX 2- Example Plan 11-18 APPENDIX 3- Audit Checklist 19-21 1

BUSINESS CONTINUITY PLANNING POLICY INTRODUCTION This Trust delivers a wide range of services to its local communities. Failure to deliver these services could have a detrimental impact on the health of the public and the viability of our business. Business Continuity Management (as defined by the Business Continuity Institute 2001) is: A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. Business Continuity Management is concerned with managing risk to ensure that, at all times, the organisation can continue operating to, at least, a pre-determined minimum level, in the event of a major disruption. These risks can be from the external environment e.g. power failures, severe weather, or from within the organisation e.g. system failures, loss of key staff. BUSINESS CONTINUITY Within the Civil Contingencies Act 2004, all acute Trusts have responsibilities as a category one responder. Category one responders are required to take up their civil protection duties and be able to perform their functions so far as necessary or desirable to respond to an emergency. Part of this responsibility is to produce Business Continuity Plans. In addition to its own internal performance management the Trust is also subject to rigorous external review and monitoring of it performance against national and local targets. The Standards for Better Health and compliance regime for Foundation Trusts (MONITOR) require that the Trust produces and regularly reviews its Business Continuity Plans. Business Continuity Management is an integral part of Corporate and Clinical Governance. BUSINESS CONTINUITY PLANNING POLICY This Trust s Continuity Planning Policy is to have in place effective arrangements to maintain the most critical services and to ensure that these arrangements are regularly reviewed and practised. This policy sets out how this can be achieved, and whose responsibility it is to ensure that plans are in place. This policy should also be read in conjunction with the Major Civil Incident Plan and the Flu Pandemic Plan. There are 4 key stages of Business Continuity Management. These are: Programme Management Understanding the organisation Determining BCM strategy and developing and implementing a BCM response Exercising, maintaining and reviewing PROGRAMME MANAGEMENT This ensures that responsibilities are assigned within the organisation so that all staff are aware of their duties. The Director of Nursing and Quality leads on behalf of the Chief 2

Executive and the Trust Board for Business Continuity Planning. The lead manager supporting this function is the Trust s Risk Manager. Business Unit Managers, Heads of Nursing and Business Unit Directors are responsible for the successful production and implementation of Business Continuity Management for the critical and essential services within their areas of responsibility. UNDERSTANDING THE ORGANISATION The aim of this policy is to build into the culture, that business continuity is embedded within the organisation, rather than fire-fighting any emergency so that business-asusual is achieved in the quickest possible time. This will increase confidence in the organisation and the reputation of the Trust. Understanding the organisation is a key element to Business Continuity Management and consists of 2 stages: Business Impact Analysis: This identifies the key services within the organisation and assesses how long the Trust can manage without these services. A list of the Trusts services and their Business Impact Analysis is in Appendix 1. Following this, the critical activities for each service must be identified, alongside the resources that are required for the service to run effectively. Typical examples of resources required are people, premises, technology, information and supplies & partners Risk Assessment: This helps to assess the risk to the organisation if the above resources were lost and helps with staff identifying how they can mitigate this risk. High risk areas must have effective business continuity plans in place. DETERMINING BCM STRATEGY AND DEVELOPING AND IMPLEMENTING A BCM RESPONSE This stage of the process determines how the organisation will recover each critical activity and the resources required to do this effectively. This is essentially what is included in the Business Continuity Plans, which have been developed by the heads of departments and are available on the Trust s Intranet, under Emergency Planning. A hard copy must also be kept with the Business Unit Managers and within the Risk Management Department. Numbered versions and controlled distribution is essential and so therefore hard copies must be kept to a minimum so staff can ensure they are following the correct plans. Plans will be subject to change and it is the Business Unit Manager s responsibility to ensure any changes are agreed with Risk Management, who in turn will inform the Director of Nursing and Quality. The most recent document will therefore be made available on the intranet by Risk Management and hard copies redistributed as necessary. All plans must be signed off by the Director of Nursing and Quality. A template copy of a Business Continuity Plan is in Appendix 2, which provides future guidance for staff who need to produce or update their plans. Implementation of the plans are essential and those who hold positions that are named in the plan must be made aware of their role and have the appropriate training to enable them to fulfil their duties and responsibility. 3

EXERCISING, MAINTAINING AND REVIEWING It is essential that plans are exercised once completed so that systems can be tested, plans can be exercised and people can be rehearsed. This will ensure important lessons are learned and changes made before a real event. Exercising also helps to build confidence in team members by clarifying roles and responsibilities. The Trust s Emergency Planning Group can assist staff in testing their plans. It is ultimately the Business Unit Manager s responsibility to test their plans, and to sign off any changes and actions to be taken. These must be communicated to the Risk Manager. It is important that Business Continuity Plans are kept up to date and any changes must be implemented by the Business Unit and communicated to the risk management department who will ensure the most recent plans are available on the intranet. Business Unit Managers must also review their plans annually and identify whether there are any new key services which need to be included in the overall Business Continuity Planning. Self assessment of plans is a useful way to audit this process and this is available in Appendix 3. CONCLUSION The completion of Business Continuity Plans will ensure that the Trust can continue to provide essential clinical services during times of disruption. The process will contribute significantly to the Trust s Risk Management Strategy and meet the requirements of the Civil Contingencies legislation 4

APPENDIX 1- BUSINESS IMPACT ANALYSIS What are your key products or services? to 24 hours to 1 week to 2 weeks MEDICAL SERVICES Gastroenterology H H H 12 HOURS Palliative Medicine L M H 5 DAYS Cardiology H H H 12 HOURS Stroke H H H 12 HOURS Cath Lab M H H 24 HOURS Diabetes M H H 24 HOURS Neurology H H H 12 HOURS Dermatology M H H 24 HOURS Renal M H H 24 HOURS Rheumatology M M H 24 HOURS Respiratory H H H 12 HOURS Haematology M H H 24 HOURS Geriatric Medicine M H H 24 HOURS A&E H H H ZERO CCU H H H 12 HOURS What is the maximum length of time you can mange a disruption to this service without it threatening the organisation? 5

What are your key products or services? to 24 hours to 1 week to 2 weeks SURGICAL SERVICES Trauma H H H 4 HOURS Orthopedics L L M 14 DAYS Breast L M H 7 DAYS Urology L M H 7 DAYS General Surgery and Upper H H H 4 HOURS GI Plastics L M H 7 DAYS Vascular Surgery L L L 18 WEEKS Theatres H H H 1 HOUR ITU H H H ZERO Pre op L L L 18 WEEKS Head and Neck L L M 18 WEEKS ENT L L M 18 WEEKS Opthalmology L L M 18 WEEKS Maxilo Facial L L M 18 WEEKS Day Case L L M 18 WEEKS Anaesthetics H H H 1 HOUR What is the maximum length of time you can mange a disruption to this service without it threatening the organisation? 6

What are your key products or services? to 24 hours to 1 week to 2 weeks DIAGNOSTIC & THERAPEUTICS Pathology H H H LESS THAN 1 DAY Radiology H H H LESS THAN 1 DAY MRU L L M 2 WEEKS OPD (EIGN/ Oxford Suite) M H H 24 HOURS Pharmacy H H H LESS THAN 1 DAY Endoscopy H H H 8 HOURS Audiology L M H 2 WEEKS Neurophysioology L M H 2 WEEKS Therapies L H H 1 WEEK Vascular Lab M H H 48-72 HOURS Fred Bulmer Medical Unit M H H 24 HOURS (including departure lounge) Fred Bulmer Outpatients L M H 72 Hours What is the maximum length of time you can mange a disruption to this service without it threatening the organisation? 7

What are your key products or services? to 24 hours to 1 week to 2 weeks WOMEN AND CHILDREN'S Maternity M H H 24 HOURS Delivery Suite H H H 12 HOURS Community Midwives M H H 24 HOURS Women's Health M H H 24 HOURS Paediatrics H H H 12 HOURS Special Care Baby Unit L M H 5 DAYS What is the maximum length of time you can mange a disruption to this service without it threatening the organisation? What are your key products or services? to 24 hours to 1 week to 2 weeks WARDS 1 Ward out of action L L L 3 WEEKS 2 Wards out of action L M M 3 WEEKS 3 Wards out of action M H H 2 WEEKS 4 Wards out of action H H H 2 WEEKS 5 Wards out of action H H H 1 WEEK 6 + Wards out of action H H H 2 DAYS What is the maximum length of time you can mange a disruption to this service without it threatening the organisation? 8

What are your key products or services? to 24 hours to 1 week to 2 weeks What is the maximum length of time you can manage a disruption to this service without it threatening the organisation? SODEXO Portering Services M H H 24 hours Domestic Services M H H 24 hours Linen & Laundry M H H 24 hours Sterile Services H H H 12 hours Staff Catering L M L The organisation could function without a staff restaurant Patient Catering L H H 24 hours Go Shop L L L The organisation could function without a shop Pest Control L L L 3 weeks Window Cleaning L L L The organisation could function without window cleaning Car Parking L L L The organisation could function without a car park ATKINS Switchboard H H H Zero Estates Management M H H 48 hours (Reactive and preventative planned maintenance/ helpdesk) Receipt & Distribution L M M 2 weeks Accommodation L L L The organisation could function without accommodation Site Management L L L 2 weeks Transport L M M 2 weeks Waste Disposal L M H 1 week 9

What are your key products or services? Impact up to 24 hours Impact up to 1 week Impact up to 2 weeks What is the maximum length of time you can mange a disruption to this service without it threatening the organisation? OTHER IT M H H < 24 hours if no IT in Trust- longer if single IT systems fail Mortuary L M H 72 hours Professional L L L 1 month Development Centre Finance L M H 72 hours Payroll M H H Up to 24 hrs depends on the day of the week concerned as service loss impact on the ability to run weekly payroll. Occupational L L M 3 weeks Health NHSP L M H 48 hours Human Resources L M H 1/2 day Medical Engineers L M H One month. Health Records L H H 24 hours Clinical Governance L M M 2 weeks 10

Appendix 2: Example Business Continuity Plan 1. What is the aim and objective of the service? State what the main aim(s) of the service are What are the Strategic Objectives The aim and objective of the Business Continuity Plan is to safeguard (the service) ability to operate efficiently should it suffer a disruptive event, and to provide a platform from which a recovery can be initiated and managed. 2. Who are the Service s customers and stakeholders? Stakeholders For Example: Hereford Hospitals NHS Trust, Herefordshire Primary Care Trust, and West Midlands Strategic Health Authority Customers - For Example: Patients Clinicians Nursing staff Wards A&E Theatres Tertiary centres Critical care network (reciprocal arrangements) 3. What are the critical activities and functions of the service? List these in bullet points. These critical activities are used throughout the whole planning cycle 4. Provide detailed Service Locations and staff numbers working at each location Where is the service based? What is the establishment of the service? Break the establishment down into staff type 5. What are the Legal, regulatory or contractual constraints under which the service operates? 6. Taking each critical activity (as in point 3) the service provides in turn and utilising the Trust s Risk Matrix, score each activity by each impact criteria. Impact Criteria means assessing the impact on the following: Buildings and Environment Clinical Issues - 11 -

Information Technology Staff Supplies Other These should be listed in Appendix 1 7. List services and clients and clients that have either a dependency on the service or for which this service is dependent For Example: Do you provide services to anywhere else in the organisation? Do you have specific suppliers for your area? Which clients use your service? Which services are you dependent on? These should be listed in Appendix 2 and Business Continuity Arrangements considered 8. List critical suppliers that have business continuity arrangements in place These should be listed in Appendix 2 and Business Continuity Arrangements considered 9. List critical resources on which the service relies For Example: Telecommunications I.T. (software, hardware) Stationary Files Data (hardcopy and electronically based) Clinical/or other equipment. Water Electricity These should be listed in Appendix 2 and Business Continuity Arrangements considered 10. Detail the number of staff required to deliver critical activities at a minimum level. List each of your Critical Activities from point 3, and consider how many staff are required to deliver these. These should be listed in Appendix 3 11. Highlight any key personnel or specialist groups without which the service would be severely compromised. These should be listed in Appendix 3 12. Detail normal staffing levels and numbers of staff that are able to work from home Refer to point 4 for normal staffing levels Consider whether staff can work from home, and if so- state which staff can do what from home - 12 -

13. Detail a Level of Business Continuity (LBC) appropriate for the service. The service should outline the minimum level of continued output of service which is acceptable. It is fundamental to review any regulatory requirements when defining this service level. For Example: Can certain elective work be postponed for the time being? This should be listed in Appendix 3 14. State Recovery Point Objective (RPO): Within what timescale does the service need to recover critical activities to the predefined Level of Business Continuity? (E.g. the email exchange must operate at full capacity within 24hrs, all patient services should be resumed within four hours). This should be listed in Appendix 3 15. What are the single points of failure for the service? For Example: Medical gases Total absence of staff Medical Equipment Supplies not delivered 16. Does the service have any specific roles in response as part of the Trust s response to an emergency? List this here - 13 -

- 14 -

App 1 (State Department) Business Continuity Risk Register Agenda No. 8(c) Enclosure No. 11 The Business Continuity Risk Register for Hereford Hospitals NHS Trust State Department Table 1 - Buildings & Environment E.G. Department damaged through fire/ flood. Loss of heating/ overheating Loss of water Table 2 Clinical Table 3 - Information Technology E.G. Failure of telephone system, failure of IT system, does your dept use any specific IT packages

Table 4 Staff E.G. Industrial action, staff shortage from illness Table 5 Suppliers E.G. Goods unable to be delivered, service withdrawn, pharmacy supplies restricted Table 6 Other E.G. Total loss of power supply, severe weather - 16 -

App 2- (State Department) Business Continuity Plan Suppliers and critical resources List services and clients and clients that have either a dependency on the service or for which this service is dependent For Example: Do you provide services to anywhere else in the organisation? Do you have specific suppliers for your area? Which clients use your service? Which services are you dependent on? Critical Service Provider Name and contact details Service overview Business Continuity Arrangement For Example: Critical Resource Telecommunications I.T. (software, hardware) Stationary Files Data (hardcopy and electronically based) Clinical/or other equipment. Water Electricity Business Continuity Arrangement - 17 -

App 3 (State Department) Business Continuity Plan Minimum staffing requirements/ Level of BC and Recovery Point Objective Critical Activity These are listed in point 3 of the introduction Minimum Staffing requirement Contingency Plan to meet minimum staffing requirement Level of Business Continuity Recovery Point Objective - 18 -

Appendix 3 Audit Checklist for Business Continuity Management Stages Key Issues Example Evidence Rating BCM Programme Responsibility for BCM issues is clearly defined within the organisation at the corporate management level. Named executive director accountable for BCM policy and implementation Reports to senior management groups Understanding the Organisation BCM Manager or Co-ordinator appointed BCM is formalized through the organisations policy and procedures Responsibility for business continuity issues is well embedded within individual services or management units Responsibility for business continuity issues is well embedded within the organisation. Assurance of organisation s BCM capability Identification of the organisation s objectives, stakeholder obligations, statutory duties and environment in which the organisation operates Key services and products delivered by and on behalf of the organisation have been identified and have been agreed by the executive board Critical functions, processes and supporting resources, within and without the organisation, that are needed to delivery the key services and products have been identified. Risk assessment has been used on the critical activities and supporting resources to focus effort on the areas of greatest need Countermeasures exist to minimise risks that have been identified, including measures to combat potential loss of information. Identification of the impact over time on the organisation and its stakeholders of the loss of any Named individual in post responsible for implementing and maintaining the BCM programme A BCM policy exists The BCM policy is published internally and externally BCM is included in job descriptions and skill sets of service and support managers. BCM responsibilities enforced by inclusion in organisation s appraisal, reward and recognition policies. There is a programme in place raising awareness throughout the organisation and its key stakeholders. Feedback mechanisms exist whereby functional managers and staff can flag up BCM issues Evidenced through minutes of meetings and reports. Induction programmes include awareness of BCM. KPIs set for BCM implementation and maintenance. BCM responsibilities reviewed by the organisations audit process. Analysis of stakeholder obligations and expectations. Listing of statutory duties Documented procedures for identifying and reviewing key services and products. Executive board minutes confirming key services and products. Documentation detailing critical functions, processes and supporting resources. Mapping of critical suppliers and partners Documented procedures to review and rank risk. Identification of single points of failure Documented evidence of risk mitigation covering people, systems, information, premises and equipment and suppliers.. A structured business impact analysis (BIA) process exists for the organisation that prioritises key services and products. - 19 -

Determining BC Strategies Developing and Implementing a BCM Response key service or product Development of appropriate strategies to limit, over time, the impact of the loss of key services and products on the organisation and its stakeholders Development of strategies to minimise supplier disruption. Generic business continuity plans (BCPs) are developed which are flexible enough to maintain continuity of key services and products through a range of disruptive events A clear procedure exists for invoking the BCPs and delivering the response BCPs have cleared ownership and are signed off at the appropriate level. Appointment of a BCM team that is trained to deliver the BCPs A clear procedure exists that ensures internal and external stakeholders are aware of what actions the organisation s will take if BCPs are activated Ensuring communications with stakeholders at the time of disruption to key services and products Ensuring latest BCPs and supporting materials are always available. BCPs linked to other event plans within and without the organisation. A documented BIA that covers the key services and products of the organisation. Executive board minutes confirming BIA. Documented strategies to support each key service and product. Strategies cover: people, premises, technology, information, supplies and stakeholders. Strategies take account of other Category 1 responder s actions, including those undertaken in an emergency situation. Executive board minutes confirming strategy selection and their required resource allocations. Procurement policies for key supplies that require BCM to be incorporated into supply contracts. Evidence of BCM included in supply contracts. Alternative suppliers identified. Structure and procedures for developing BCM plans. Reports. Meeting minutes Plans are clear, unambiguous and easy to use. Documented evidence of consultation with relevant staff in functional units and incorporation of feedback during plan development. BCM plans identify objectives, personnel involved, and command and control arrangements BCPs contain references to other sources of relevant information, advice and other documentation. Documented invocation and response procedures Key staff are identified in plans. Call out lists for BCM team members. It is clear who is responsible for ensuring that each section/department or site has a BCP. All BCPs are signed off by plan owners. Details of BCM team members. Training programme for BCM team members. Training record for BCM team members. A communications policy document. Letters, emails, circulars, meeting minutes, internet and intranet pages which raise awareness of BCPs. BCPs contain arrangements for communicating with clients, customers, staff, stakeholders, partners, and the media. BCPs linked to Communication plans. Copies of plans and essential equipment/ documents (in electronic or hard copy) are easily available on and off- site. All plans are subject to document and version control processes. Links to emergency, recovery, major incident, communication plans, etc. are documented. - 20 -

Exercising Ensuring there is a balanced programme of exercise types which validates the full range of BCM capabilities Exercise programmes have clear objectives Records of regularly tested contact arrangements and exercises Planned exercises /test schedules. Exercise scenarios Maintaining Reviewing Ensuring there is a documented process for capturing and taking forward the lessons identified Ensuring that the BCPs are kept up to date Ensuring that when major changes to the organisation, the environment in which it operates or threat levels change the organisation s BCPs are reviewed and modified if appropriate. A clear mechanism is in place for measuring the effectiveness of BCM arrangements Ensuring that the review process drives improvement by identifying lessons, and appropriate action is taken Notes of exercise debriefs, lessons learnt reports. Exercise review report to relevant management team. Action plans. Review of actions at plan preparation/review meetings. Evidence that the lessons learnt from exercises have been incorporated into BCPs. There is an established and documented BCP review process. BCP review is built into the business planning cycle. Notes from review meetings. Issue of version controlled updates and acknowledgement systems for recipients There is a mechanism to identified trigger BCP review points. Notes from review meetings. Actions plans Review of actions at plan preparation/review meetings BCM review programme Self assessment reports Internal audit reports Benchmarking against standards (e.g. BS25999) and guidelines External reviews by peers from other services, partner authorities, etc. Review reports to relevant management team. Action plans. Review of actions at BCM review meetings. Evidence that the lessons learnt from reviews have been incorporated into the organisations BCM processes. - 21 -

Document group: Document has part: (Man. If applicable. Delete this field if not applicable.) Document Category: (For Corporate documents. Delete this field if not applicable. Man. If applicable) Document keywords: Document type: (Man.) Originating Dept/Working Group(s): (Man.) Author. Last name, first name: (Man.) Author. Job title: (Man.) Author. E-mail: (Man.) Contributor(s). Job title and name/ and/or Contributor(s). Organization: Sponsoring Director. Last name, first name: (Man. where applicable) Sponsoring Director. Job title: (Man. where applicable) Approving body: (Man.) Date approved: Corporate Key Document Business Impact Analysis Business Continuity Example template Audit Checklist Clinical/Patient Related Health and Safety Business Continuity, Risk Assessment, Business Impact Analysis Policy Clinical Governance, Risk Management Department Leach, Katherine Acting Risk Manager Katherine.leach@hhtr.nhs.uk Peter Gorin- Associate Director Clinical Governance Sue Hardy- Director of Nursing and Quality Hardy, Sue Director of Nursing and Quality Executive Management Team The date on which the policy was approved by the relevant approving body (Executive Management Team, Trust Board, or Department or Specialty meeting). This section will be completed by the Policy Coordinator on receipt of the document from the approving body. Documents sent to the Policy Co-ordinator for publication must be accompanied by the date on which they were approved. Dates should be entered in the format day-month-year, e.g. 17-11-2007-22 -

Date of creation: (Man.) Date of next review: (Man.) Retention period: (Man.) PFI involvement. Project liaison completed: (Man.) Date Impact Assessment completed (Man.) Refers to the following Trust policies: (Man. if applicable) 04-12-2008 December 2009 10 Years Yes To be completed Major Civil Incident Policy Flu Pandemic Policy - 23 -

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback