Policy Flowchart. Policy Title: Business Continuity Management Policy. Reference and Version No: RM17 Version 5

Transcription

1 Policy Title: Business Continuity Management Policy Reference and Version No: RM17 Version 5 Author and Job Title: Sally Thompson Associate Director of Operations Emergency and Anaesthetic Care Services Elizabeth Harvey Emergency Planning Lead Executive Lead Chief Operating Officer/Deputy Chief Executive Validated By: Trust Resilience Forum Ratified By: Patient Safety Committee Date Issued: 20 March 2017 Date for Review: 14 March 2020 Related Documents: Trust Major Incident and Emergency Response Plan OPEL Escalation Framework Pandemic Influenza Plan Civil Contingencies Act 2004 NHS Resilience and Business Continuity Management Guidance 2008 BS25999 and ISO Corporate Business Continuity Plan EF 21 Fuel Crisis Policy IG9 Information Security Policy This Policy is Intended for: All Staff Groups Policy Flowchart Introduction and Information (section 1) Aims (section 2) National/Local Context Objectives (section 3) Business Continuity Management Roles and Responsibilities (section 4) Business Continuity Management (section 5) Business Continuity Planning Assumptions (section 6) Critical Activities (section 7) Interested Parties (section 8) Alerting Procedures (section 9) Communications (section 10) Stand Down/Debrief Monitoring and Review (section 11) Training and Exercising (section 12) The Trust is committed to the fair treatment of all, regardless of age, colour, disability, ethnicity, gender, gender reassignment, nationality, race, religion or belief, responsibility for dependants, sexual orientation, trade union membership or non membership, working patterns or any other personal characteristic. This policy and procedure will be implemented consistently regardless of any such factors and all will be treated with dignity and respect. To this end, an equality impact assessment has been completed on this policy. 1 of 47 (Date for review 14 March 2020)

2 CONTENTS 1. Introduction 2. Aims 3. Objectives 4. Business Continuity Management Roles and Responsibilities 5. Business Continuity Management 6. Business Continuity Planning Assumptions 7. Critical Activities 8. Interested Parties 9. Alerting Procedures 10. Communications 11. Stand Down/ Debrief Monitoring and Review 12 Training and Exercising Appendices Appendix 1 BIA Spread sheet can be obtained via the Trust Resilience website or by contacting Emergency Planning on ext Appendix 2 Business Continuity Planning Appendix 3 Critical Function assessment 2 of 47 (Date for review 14 March 2020)

3 1. Introduction 1.1 Business Continuity Management is a flexible framework, designed to help organisations continue to operate in the face of a wide range of different types of disruptions. It is used as a means of managing risks to the smooth running of the Trust, so that vital services can be delivered in the event of disruptions. 1.2 Terms including contingency planning, emergency planning, disaster management and business recovery are often used interchangeably and, although specific meanings attach to each, it is useful to recognise that there are areas of overlap and, ultimately can all be viewed as elements of the overall risk management process. 1.3 While business continuity interruptions and major incidents are normally separate events dealing with serious internal and external incidents respectively, a major incident may occur at the same time as a business continuity interruption or it may be triggered by a business continuity event. This plan is therefore crossreferenced to the Trust s Major Incident and Emergency Response Plan. 1.4 The main difference between existing risk management processes and business continuity planning is that business continuity starts with the identification of the most critical functions or processes of an organisation, identifying and considering the risks to these, and then planning to meet their minimum continuity requirements. This involves a review of the significant hazards and an impact analysis centred on vulnerabilities of the core elements of the business. 1.5 National Context The Civil Contingencies Act, 2004, provides a framework for civil protection in the UK. The Act asserts that as a Category One Responder, the Trust has a responsibility to have business continuity plans in place in the event of a disruption to its services. It should be noted that the Trust is expected to continue to meet its statutory responsibilities irrespective of the emergency or disaster as well as comply with section 30 of the NHS Standard Contract. 1.6 To comply with the NHS England Core Standards for Emergency Preparedness, Resilience and Response (EPRR) the Trust must ensure that its business continuity management system complies with the international standard for business continuity ISO Local Context Risk assessments and major incident planning have already been undertaken in a systematic way across the Trust. This Business Continuity Management Policy aims to give staff a structure within which to work in the event of a service failure. 1.8 Business continuity planning should enable the Trust to survive and recover, but also to continue normal activities at agreed levels and with minimum disruption throughout the duration of any emergency, major incident or other crisis. 1.9 This plan should be read in conjunction with a number of already established Trust plans: Major Incident and Emergency Response Plan OPEL Escalation Framework Pandemic Influenza Plan 3 of 47 (Date for review 14 March 2020)

4 2. Aims 2.1 To protect the Trust s critical services and minimise the risk of disruption from hazards and threats, whilst protecting all patients, employees and visitors. 2.2 To ensure the Trust s services are able to operate as effectively and efficiently as practicable in the event of any emergency or incident. 3. Objectives 3.1 In order to fulfil its duties, the Trust has made emergency planning an integral part of its normal governance and management processes. Plans and procedures have being developed by directorates to ensure business and service continuity, in the event of a major disruption. 3.2 To ensure structures are in place to resolve disruptions to business activities in a prioritised way. 3.3 To have a flexible framework which can respond quickly and effectively to any situation. This framework will be based on the most likely interruptions. 4. Business Continuity Management Roles and Responsibilities 4.1 Executive lead The Executive lead for this policy is the Chief Operating Officer / Deputy Chief Executive. The Executive lead is responsible for leading the implementation of this policy and ensuring that the principles of this policy are embedded within the organisation. 4.2 Non- Executive lead The non-executive lead for this policy is the Associate Director for Operations - Emergency and Anaesthetic Care Services. 4.3 Business Interruption Teams and their Champions These individuals will be responsible for liaising with the Emergency Planning Officer to update their service areas plans, Directorate Plans plus the Business Impact Analysis (BIA) spread sheet which will feed into the Corporate Business Continuity Plan. It is the responsibility of those officers to notify the Emergency Planning Officer of any Directorate Plan changes so that the Corporate Plan can be modified accordingly. 4.4 Emergency Planning Officer (EPO) The Emergency Planning Officer will be responsible for liaising with the appropriate personnel to review this policy and prompt the TRF members to request the yearly updates for the BC plans. The EPO is not responsible for personally updating the service area plans and Directorate Plans. This is the responsibility of the personnel in 4.3 above. The EPO will update the Corporate Plan after liaison with the BCP Champions and the submission of their updated Directorate Plans. The EPO will liaise with personnel identified in 4.3 to develop training and exercises to test the appropriate plans in accordance with the CCA 2004 and the NHS England EPRR Framework, of 47 (Date for review 14 March 2020)

5 4.5 All staff members will adhere to this policy and assist in its implementation where and when required. 4.6 Command and Control arrangements are laid down in the Corporate Business Continuity Plan. A summary is provided in Figure 1 below. Figure 1: Command and Control following a Business Interruption Business Interruption Staff member notifies their Line Manager and/or BC Champion Business Continuity Champions or Line Manager(s) liaise with Clinical Site Managers and/or Manager on call to identify level of Business Interruption. i.e. Minor, Significant or Major Business Interruption (as identified in the Plans) Major Business Interruption: Notify Director on call Establish Corporate Business Interruption Management Team (BIMT) Nominate the Business Interruption Manager Request a Loggist Significant Business Interruption: Notify Director on call Establish Directorate Business Interruption Management Team (BIMT) Nominate the Business Interruption Manager Minor Business Interruption: Notify Manager on call Establish Service Areas Business Interruption Management Team (BIMT) Nominate the Business Interruption Manager Business Interruption Manager and the BIMT will agree a strategy to overcome the interruption and maintain a level of service based upon their critical function priorities and the level of interruption identified above. The BIMT will relay this strategy to the Business Interruption Coordinators identified in the plans Business Interruption Coordinators: Implement the strategy from the BIMT and report back to the BIMT on their progress Business Interruption Support Staff : Assist the Business Interruption Coordinators to implement the response 5 of 47 (Date for review 14 March 2020)

6 5. Business Continuity Management 5.1 Business Continuity Management (BCM) can be defined as: The on-going process of ensuring the continual operation of critical business processes through the evaluation of risk and resilience and the implementation of mitigation measures 5.2 As Executive Director lead, the Chief Operating Officer / Deputy Chief Executive, will ensure that the business continuity management system aligns with the strategic direction of the Trust By directly supporting services through desktop reviews of plans, training and exercising schedules and dissemination of lessons learnt, the EPO will ensure continual improvement. 5.4 Now that the BCM programme is being applied throughout the Trust, the Plan Do Check Act cycle from ISO is being implemented. This cycle is outlined in Figure 2. Continual improvement of business continuity management system (BCMS) Interested parties Establish (Plan) Interested parties Requirements for BC management Maintain and improve (Act) Implement and operate (Do) Managed business continuity Monitor and review (Check) Figure 2 PDSA Cycle 5.5 This model produces outcomes which meet the requirements and expectations of interested parties. This is the new term for stakeholders. (see section 8). 5.6 Establish: (Plan). Understand the critical functions, interdependencies, and using the Business Impact Analysis (BIA) establish the maximum tolerable period of disruption of each activity. Risk assess activities underpinned by people, premises, ICT, utilities and suppliers using the NPSA matrix. Identify alternative strategies to mitigate any losses to critical activities and quantify the resources that each activity will require. Assess their potential effectiveness in maintaining the organisation's ability to deliver critical functions. 6 of 47 (Date for review 14 March 2020)

7 Business Continuity Directorate Plans and the Trust Corporate Plan will identify Minor, Significant and Major Business Interruptions: detail the command and control structures and the critical functions and resources which may be affected, including co-dependences. The Directorate and Corporate Plans will dovetail with the Directorate Plans having greater detail for each service area, whereas the Corporate Plan will provide the strategic overview to assist with strategic decision making and planning. Implement and operate: (Do). Implement the policy and plans as required, by establishing a Business Interruption Management Team (BMIT) with agreed trigger points, and escalation procedures. Exercise plans. Monitor and review: (Check). Ensure plans are fit for purpose, kept up to date and quality assured. Post incident reviews reported to TRF. Maintain and improve (Act): Building resilience. The use of alternative strategies or resources. The identification of any nonconformities and taking appropriate corrective action Figure 3 below shows the Business Continuity Management life cycle. 7 of 47 (Date for review 14 March 2020)

8 6. Business Continuity Planning Assumptions 6.1 The Trust recognises that no two incidents are the same, and a degree of flexibility is required to enable optimal decisions to be made through the Trust s Command and Control Structure. 6.2 Examples of Business Continuity events that require special arrangements to be implemented by the Trust have been summarised into five categories. The list, by no means is exhaustive and will provide the initial basis for the Trust s Business Impact Analysis (BIA) and Risk Assessment. See Appendix 1 for BIA template and the Trust BIA spread sheet which can be filtered to identify the critical functions required over certain time scales in specific directorates. Significant loss of staff Loss of Equipment/ IT/ Telecommunications Loss of utility (power, hot or cold water, medical gas, steam) Loss of building/ access route (fire, flooding, structural damage, contamination, bomb threats) Supply chain disruption 6.3 The Trusts Risk Assessment Tool will be used to perform an analysis of each associated risk to each critical service, using the standard 5 x 5 Risk Matrix. See overleaf 6.4 All Trust critical activates with an amber/red will require a detailed specialised contingency plan for the ward/ department/ service area, to mitigate the particular threat or risk see Service Areas / Directorate Plan template which accompanies this policy National Emergency Planning Risk Matrix R (Risk) = C (Consequence) x L (Likelihood) Likelihood Consequence In terms of grading risks, the Trust identified the following grades to particular scores within the matrix. Low Risk (1-3) Moderate Risk (4-6) High Risk (8-12) Extreme Risk (15-25) 8 of 47 (Date for review 14 March 2020)

9 6.5 There may be instances when specific incidents make the current actions and replacement strategies listed in business continuity plans, to deal with the loss of staff and the loss of premises, unworkable and irrelevant. One such instance would be a fuel shortage. 6.6 The cause of the disruption to road and heating fuel could be a systematic failure (interruption to or total loss of production capabilities at a refinery) or industrial action by tanker drivers. Whatever the cause the result will be reduced fuel supply which may extend for a prolonged period of time. Trust staff who drive to work may find it difficult to attend and the expected substitution by other staff may not prove possible if they have the same issue. A reduction in heating fuel may affect many service areas, so contingencies would be considered at a Trustwide level. These would be the responsibility of the Director of Estates and Facilities. 6.7 The impacts of minor and major fuel disruption and the associated responsibilities of staff at all levels in the Trust to minimise their impact are laid out in EF21 Fuel Crisis Policy (version 3, June 2016). There is a specific responsibility that Directors and General Managers must ensure that Senior Clinical Matrons and Department Heads have effective plans in place to manage staffing and activity during a fuel shortage. This policy is available on Share Point. 7. Critical Activities 7.1 Each ward, departmental or service area manager and Business Continuity Champion is responsible for ensuring that contingency plans are written and updated annually or sooner if there is a major change within their department. 7.2 Appendix 1 spread sheet will be used to identify all critical functions/ activities and it will identify the Recovery Time Objectives (RTO) and the Maximum Tolerable Period of Disruption (MTPD) of each critical activity. 7.3 Risk assessment: The risk score for the impact on the loss of a resource identified in 6.2 above, can be found in the Directorate Plan template which accompanies this policy see Appendix The critical functions and the associated risks will feed into the Directorate Business Continuity Plan and the Corporate Business Continuity Plan These plans will identify actions to mitigate the impact and therefore reduce the risk and assist the Trust to identify strategies and actions to enable the Trust to provide the critical functions identified in Appendix Interested Parties 8.1 ISO now refers to interested parties instead of stakeholders. These are individuals, groups of people or other organisations that can affect, be affected by or feel they are affected by the decisions or activities of the Trust. It is important that all interested parties are reflected in plans as they will need to be informed of a disruptive event and then be provided with regular updates. 8.2 Under the terms of the NHS Act 2006 (as amended) the Chief Operating Officer / Deputy Chief Executive must ensure that any commissioned organisations or subcontractors have robust business continuity arrangements which are aligned to ISO These plans will be reviewed and where possible joint exercises undertaken to provide further assurance of effectiveness. 9 of 47 (Date for review 14 March 2020)

10 8.3 The EPO will work with other Trusts via the NE Business Continuity Forum to determine weaknesses and single points of failure in the supply chain. 9. Alerting Procedures 9.1 Staff should report any incident to their Business Continuity Champion who should report it to the On Call Manager in Hours or Clinical Site Coordinator Out of Hours who will inform the On Call Manager of any incident which has the potential to lead to a major loss of service. The information will then be conveyed straightaway to the Director On Call who will liaise and decide to convene a Corporate Business Interruption Management Team: the Director or their deputy will assume the role of the Business Interruption Manager. 9.2 The On Call Manager will obtain all the details of the incident and will contact the On Call Executive if appropriate, and they will decide whether a Business Continuity Alert should be called. 9.3 If a Business Continuity Alert is called, the Trust s Business Continuity Management protocols will be activated. This will result in a small team of Trust personnel being established to deal with the situation i.e. the Business Interruption Management Team This Team will assess the situation and decide upon the course of action. 9.4 Each directorate/service area affected will work with the Business Interruption Management Team as required to assist them in recovering the situation. In addition each service area will need to invoke their section /departmental contingency plans to maintain expected levels of service. 9.5 If the incident escalates from Minor to Major Business Interruption (see business continuity escalation stages in the BC template accompanying this document ) and is likely to cause service disruptions to the functionality of the Trust, then the Trust must declare a critical incident. Reference will need to be made to section 7 of the NHS England EPRR Framework, 2015, which defines levels of critical incident. The CCG and NHS England must be notified. 10. Communications 10.1 Maintaining good communication and keeping staff informed about an incident, and the Trust s intended response, will be a key part of the successful management of such an event The BIMT will need to ensure that adequate arrangements are in place to meet this objective. Various tools are in place within the Trust to assist in this task: Telephones (landline and mobile where appropriate) Availability of radios/airwave (e.g. held by the switchboard) Use of the global facility/intranet and notice boards to brief staff on the progress of an incident. Use of runners where necessary to maintain communication between control 10.3 During a disruption the Business Interruption Manager will ensure that the Communications Team is kept informed. It will be their responsibility to regularly brief the media, after liaison with the Director on Call. 10 of 47 (Date for review 14 March 2020)

11 11. Stand Down/ Debrief/ Monitoring and Review 11.1 The BIMT will determine when to end a Business Continuity event, by notifying the switchboard The Switchboard will notify all affected areas and staff of the stand down message A debrief needs to be organised with in a few days of the incident stand down and the Emergency Planning Officer can assist with the Debrief. In order for a successful debrief to take place a record of all instructions received, actions taken and other information which may be useful should be kept An action plan with recommendations and amendments to any plans will be taken to the Trust Resilience Forum for progression. 12. Training and Exercising 12.1 The EPO will deliver BC training and raise awareness, through a combination of e- learning, group and individual training, and attendance at team and directorate meetings All plans will be subject to desktop review by the EPO with a proportion subsequently undergoing walkthrough or table top exercise The EPO will set aside 2 days a month for drop in sessions for BC champions Initial exercises will focus on proving that a plan works, with subsequent exercising focusing on real incidents that have happened in partner organisations Exercises will be open to attendance by commissioned service providers and partner organisations The evaluation of exercises will not only cover the completeness of plans but also improvements to increase their effectiveness. 11 of 47 (Date for review 14 March 2020)

12 BIA template can be obtained via the Trust Resilience website or by contacting Emergency Planning on ext Appendix 1 12 of 47 (Date for review 14 March 2020)

13 Business Continuity Plan RM17 v5 Date Business Impact Analysis Key Functions (Priority order) of 47 (Date for review 14 March 2020)

14 Business Continuity Plan RM17 v5 BIA for XXX. People Premises Processes Providers Profile Key Staff Buildings IT; Reciprocal Arrangements Reputation: Skills / Expertise / Training Facilities; Documentation; Contractors / External Providers Legal Considerations Minimum Staffing Levels; Wte per 24hrs Equipment / Resources; Systems and Communications Supplies: Vulnerable Groups. People Premises Processes Providers Profile B.I.A identifies your requirements for continuing your key functions. BCP Documents how your requirements identified in the BIA can be achieved. 14 of 47 (Date for review 14 March 2020)

15 Business Continuity Plan RM17 v5 Please copy this form and complete it for each of the wards/departments/functions for which you are responsible Describe the core function of your area and detail the minimum staffing required to provide the core business: Ward/Department/Function Event or situation Denial of access to work area (reason immaterial) How long could you continue to operate normally? What additional measures will you be putting in place to improve this? How long will you then be able to continue to operate normally? What alternative arrangements have been agreed with key stakeholders (now referred to as interested parties)? Absence of electrical power Absence of steam 15 of 47 (Date for review 14 March 2020)

16 Business Continuity Plan RM17 v5 Event or situation Absence of medical gases and or suction. (piped/other) How long could you continue to operate normally? What additional measures will you be putting in place to improve this? How long will you then be able to continue to operate normally? What alternative arrangements have been agreed with key stakeholders (now referred to as interested parties)? Absence of clean water Contamination of services by water/sewage Absence of IT systems, e.g. , web, PAS, Clinical information system (List, grouping according to survival time) Absence of 25% of staff 16 of 47 (Date for review 14 March 2020)

17 Business Continuity Plan RM17 v5 Event or situation Absence of replacement consumables (List, grouping according to survival time) How long could you continue to operate normally? What additional measures will you be putting in place to improve this? How long will you then be able to continue to operate normally? What alternative arrangements have been agreed with key stakeholders (now referred to as interested parties)? 1. M&SE 2. Food 3. Fuel 4. Others please detail Absence of paper records (List, grouping according to survival time) Absence of telecommunications equipment 17 of 47 (Date for review 14 March 2020)

18 Business Continuity Plan RM17 v5 Event or situation How long could you continue to operate normally? What additional measures will you be putting in place to improve this? How long will you then be able to continue to operate normally? What alternative arrangements have been agreed with key stakeholders (now referred to as interested parties)? 1. Telephony 2. Mobile Networks Emergency capacity requirement increased, e.g. by influenza pandemic, CBRN incident, major incident Premises/staff contaminated by Chemical Biological Radiological or Nuclear attack Other (please list) 18 of 47 (Date for review 14 March 2020)

19 Appendix 2 North Tees and Hartlepool Foundation Trust BCM Plan for 0 hrs to 5 days (title of your Directorate) Version XXX Date Prepared by: North Tees and Hartlepool Foundation Trust 19 of 47 (Date for review 14 March 2020)

20 CONTENTS Page No 20 of 47 (Date for review 14 March 2020)

21 INTRODUCTION This is an operational document which is constantly being monitored and updated. This BCM plan outlines procedures to be taken in the event of a Business Interruption which affects the ( Insert Directorate Name in Here ) Service Areas located within North Tees and Hartlepool Foundation Trust. A Business interruption is any unwanted incident which threatens personnel, buildings or the operational procedures of the organisation and requires special measures to be taken in order to restore daily activities. For the purpose of the plan the following scales of business interruption have been determined. The term Minor Business Interruption is defined as a business interruption which affects part of one Service Area The term Significant Business Interruption is defined as a business interruption which affects one Service Area in its entirety. The term Major Business Interruption is defined as a business interruption which affects a number of Service Areas in the XXXXX Directorate or other Directorates in their entirety. AIMS and OBJECTIVES The aim of the document is:- 1. To ensure North Tees and Hartlepool Foundation Trust is able to provide their essential services during a minor, significant and major business interruption The objective is:- 1. To highlight the ( Insert Directorate Name in Here ) critical functions, resources and contingency arrangements in place to mitigate the effects of a Business Interruption on the ( Insert Directorate Name in Here ) Directorate services listed below :- XXXXXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXXXXXXXXXXXX 21 of 47 (Date for review 14 March 2020)

22 BUSINESS CONTINUITY CHAMPIONS Each Service area has 2 nominated champions/ Liaison officers who are responsible for the Business Continuity Plan for their service area Below is a list of these Officers and the service area that they champion Name of Service Area Name of Champion and Contact details Name of Champion and Contact details 22 of 47 (Date for review 14 March 2020)

23 PLAN ACTIVATION Flow chart - below suggests who should be activated and notified during a business interruption and what role they will play XXX Directorate Business Interruption Team Members (usually the Director ADs GMs) Business Interruption Coordinators For XXX Service Area (Managers, Heads of service ) Business Interruption Support staff For XXX Service Area Business Interruption Coordinators For XXX Service Area Business Interruption Support staff For XXX Service Area Business Interruption Coordinators For XXX Service Area Business Interruption Support staff For XXX Service Area Business Interruption Coordinators For XXX Service Area Business Interruption Support staff For XXX Service Area 23 of 47 (Date for review 14 March 2020)

24 Contact Details of Staff Name Home Tel Number Mobile Tel Number Role 24 of 47 (Date for review 14 March 2020) Business Continuity Liaison Officer BIMT Member BIMT Member BIMT Member BIMT Member BIMT Member and E / Coordinator Business Interruption E/ Co-coordinator Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business Interruption E/ Co Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff

25 Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff Business interruption Support Staff 25 of 47 (Date for review 14 March 2020)

26 CRITICAL FUNCTIONS Appendix 3 Below is a matrix to identify the ( Insert Directorate Name in Here ) Critical Functions whether they are time sensitive and their Recovery Time Objectives and their MTPD. Key : Red - Indicates must do to be recovered by the allotted time Blue - Indicates Time Sensitive these only need to be actioned/ recovered if the event or time indicated is applicable. e.g. if a contract completion date is the day of the Business Interruption then this becomes a must do critical function. Critical Function Spreadsheet Directorate/ Service Cytology Function Including (Time Sensitive TS) Director / Key Officer To contact 0-7 hrs/ Class 1 Time Period (blank out box in appropriate colour to within recovery) 1 day Class 2 2 days Class 3 3 days Class 4 Process and report non-gynae samples (cancer or suspected cancer) and symptomatic gynae TS x X RTO 4 days Class 4 x MTPD 5 days Class 4 For resources etc Reference Page XXXX 26 of 47 (Date for review 14 March 2020)

27 27 of 47 (Date for review 14 March 2020)

28 Resources Required for Critical Functions above ( Insert Directorate Name in Here ) Service area XXXXX Class One Functions: Recovery Time Objective 0-7 hrs Class One Functions: Process and report non-gynae samples (cancer or suspected cancer) and symptomatic gynae Staffing: Minimum Resources Required: Accommodation: Furniture: Equipment : IT: Communications: Transport: Reference Data or Documentation:. Key Contacts/: Internal Key contacts: External Possible Relocation : Press Contacts Dependencies Internal : External : 28 of 47 (Date for review 14 March 2020)

29 ( Insert Directorate Name in Here ) Service Area XXXXX Class Two Functions: Recovery Time Objective 1 Day Class Two Functions: Minimum Resources Required: Staffing: Accommodation: Furniture: IT: Communications: Reference Data or Documentation: Transport: Key Contacts/: Internal Key contacts: External Possible Relocation : Dependencies Internal : External : 29 of 47 (Date for review 14 March 2020)

30 ( Insert Directorate Name in Here ) / Service Area XXXXX Class Three Functions: Recovery Time Objective 2 days Class Three Functions: Minimum Resources Required: Staffing: Accommodation: Furniture: IT: Communications: Specialised Equipment: Transport: Documentation: Key Contacts/: Internal Key contacts: External Possible Relocation : Dependencies Internal : External; 30 of 47 (Date for review 14 March 2020)

31 ( Insert Directorate Name in Here ) / Service Area XXXXX Class Four Functions: Recovery Time Objective 3-5 days Class Four Functions: Minimum Resources Required: Staffing: Accommodation: Furniture: IT: Communications: Specialised Equipment: Transport: Reference Data or Documentation: Key Contacts/: Internal Key contacts: External Possible Relocation : Dependencies Internal : External; 31 of 47 (Date for review 14 March 2020)

32 Action check list for Business Interruption Management Team Member (Director) Number Description Actioned 1 Agree and confirm (title of your directorate) team roles (see activation chart above) 2 Liaise with directorate staff to find out what has happened. 3 Gather as much information as possible about the interruption and its time scales if possible. 4 Liaise and notify CEO and or Deputy Chief Executive 5 If it s a major business interruption prepare for meeting with other Directors and CEO 6 If it s a significant business interruption liaise with the other directorate Director who is effected and consider strategic action. 7 If it s a minor business interruption provide strategic direction based upon the critical functions and the RTO make sure you consider the Time sensitive critical function deadlines, if applicable. 8 Determine the priorities of the Directorate using the critical function spread sheet 9 See staff contacts list and liaise with HR to obtain a full list of staff contacts and inform all staff of the situation and if necessary re locate critical functions. 10 Consider Impact of the disruption to any clients (patients or suppliers and or multi agency partners. 11 Liaise with IT if applicable 12 Request an assessment from the damage assessor (Head of Estates) if applicable 13 Consider the insurance position if applicable 14 Liaise with Finance for a business interruption cost code 15 Appoint a loggist or start own log 32 of 47 (Date for review 14 March 2020)

33 Arrangements for Staff Shortages BUSINESS INTERRUPTION PLAN Risk Score using Emergency Planning Risk Matrix Likelihood x Impact = Risk Likelihood Likelihood score Almost certain Rare Unlikely Possible Likely 5 Catastrophic Major Moderate Minor Negligible Risk Categories: 1 to 3 Low risk 4 to 6 Moderate risk 7 to 14 High risk 15 to 25 Extreme risk Risk score for Cytology = 9 Risk score for Cytology = The following arrangements are in place to overcome the loss of staffing in XXXX service area All the functions listed above in the Critical Function Table have trained and nominated deputies a table listing those persons who have been trained to provide support for the critical functions are detailed below. Critical Function Lead Officer s Deputies Supporting Officers Date Trained Daily involvement 33 of 47 (Date for review 14 March 2020)

34 Review which members of staff are capable of doing other people s jobs and consider increasing training now ready for the pandemic. Make sure that your schemes of delegations can cope with a number of managers being off sick at the same time. Write procedure notes or job instructions for the key tasks undertaken by the team so that other people can follow them if necessary. Check you have the home and mobile contact information for your key members of staff. Keep information at home and work, and in your mobile phone. Review how external contact details are kept within your directorate. If only a few people deal with external contacts, and they are important to the operation of your function, make sure other team members know how to contact them. Risk Score for Histology = Risk Score for xxxxx = 34 of 47 (Date for review 14 March 2020)

35 Arrangements in place for Loss of Communications Risk assess the impact of Loss of Communications on the critical functions Risk Score using Emergency Planning Risk matrix Likelihood x Impact = Risk Likelihood Likelihood score Almost certain Rare Unlikely Possible Likely 5 Catastrophic Major Moderate Minor Negligible Risk Categories: 1 to 3 Low risk 4 to 6 Moderate risk 7 to 14 High risk 15 to 25 Extreme risk Risk score for Cytology = The following arrangements are in place to overcome the loss of communications in XXXX service area Liaise with IT Helpdesk ext Use Airwaves MTPAS, Mobiles or if land lines are dead Consider which networks are operational and who uses what networks (question do we have a number of different telephone providers Drive to various locations or if it is still available to notify the organisation of the problems Every person listed in the Staffing list has a mobile phone. Are there any significant gaps? Do any have MTPAS Know who your customers are and know how to contact to tell them if you need to change their business. Anticipate what customers will expect in terms of your business delivery during the pandemic and be prepared to re-prioritise resources as necessary. Any other customer issues? Risk Score for Histology = The following arrangements are in place to overcome the loss of communications in XXXX service area Risk Score for xxxxx 35 of 47 (Date for review 14 March 2020)

36 Arrangements in place for Loss of Utilities Risk Score using Emergency Planning risk matrix Likelihood x Impact = Risk Likelihood Likelihood score Almost certain Rare Unlikely Possible Likely 5 Catastrophic Major Moderate Minor Negligible Risk Categories: 1 to 3 Low risk 4 to 6 Moderate risk 7 to 14 High risk 15 to 25 Extreme risk The following arrangements are in place to overcome the loss of Utilities in XXXX service area Electricity Risk score for Cytology = The following arrangements are in place to overcome the loss of Utilities in XXXX service area Risk score for Cytology = Risk Score for Histology = Risk Score for xxxxx = Water Risk score for Cytology = Risk Score for Histology = Risk Score for xxxxx = Gases Risk score for Cytology = Risk Score for Histology = Risk Score for xxxxx = Completed Action card for Loss of Electricity Completed Card for loss of Water Supply or water shortage Completed Action card for Loss of Gas or medical gases 36 of 47 (Date for review 14 March 2020)

37 Arrangements in place for loss of IT Risk Score using Trust Corporate risk matrix Likelihood x Impact = Risk Likelihood Likelihood score Almost certain Rare Unlikely Possible Likely 5 Catastrophic Major Moderate Minor Negligible Risk Categories: 1 to 3 Low risk 4 to 6 Moderate risk 7 to 14 High risk 15 to 25 Extreme risk Arrangements in place for loss of IT which affect the critical functions identified in Cytology Liaise with, IT Helpdesk ext Make sure team members have provided each other with delegated access rights to their s accounts. Consider the use of generic mailboxes if this is problematic. Make sure that staff are storing documents on shared network drives and not C:Drives or accounts Review access rights to applications. Make sure that enough members of staff have access rights and that they are trained to use systems. Consider the security arrangements to any other password protected documents you may have. Some staff may be able to work from home whilst caring for family and friends. Review which of your staff have the IT systems necessary to work from home. Any other IT issues? What systems are critical to your directorate and what are the recovery times 37 of 47 (Date for review 14 March 2020)

38 Arrangements in place for Loss of Premises or work space at XXXX Risk Score using Emergency Planning risk matrix Likelihood x Impact = Risk Likelihood Likelihood score Almost certain Rare Unlikely Possible Likely 5 Catastrophic Major Moderate Minor Negligible Risk Categories: 1 to 3 Low risk 4 to 6 Moderate risk 7 to 14 High risk 15 to 25 Extreme risk Risk score for Cytology = The following arrangements are in place to overcome the loss of accommodation in Cytology service area Alternative accommodation has been identified for the following functions Table or flow chart here for alternative accommodation or working from home If you open your own buildings, make sure duplicate keys are held or a number of staff are aware of where they are kept. Make sure that enough people know how to operate any alarm systems Make sure that any equipment required to deliver your business are kept in buildings that are accessible by all. Consider whether you rely on third party suppliers to operate your equipment and whether you need to check their business continuity plans. 38 of 47 (Date for review 14 March 2020)

39 Arrangements in place for loss of Critical Supplies and Suppliers Risk Score using Emergency Planning risk matrix Likelihood x Impact = Risk Likelihood Likelihood score Almost certain Rare Unlikely Possible Likely 5 Catastrophic Major Moderate Minor Negligible Risk Categories: 1 to 3 Low risk 4 to 6 Moderate risk 7 to 14 High risk 15 to 25 Extreme risk Risk score for Cytology = The following arrangements are in place to overcome the loss of supplies in Cytology service area Critical Supplier table ( TS = time sensitive) Critical Function State RTO Critical Supplier and Contact details Alternative Supplier And Contact details Comments 39 of 47 (Date for review 14 March 2020)

40 Table critical supplier and the alternative if any Consider whether you rely on third party suppliers to operate your equipment and whether you need to check their business continuity plans. If you rely on third party organisations to deliver your business, talk to them now and ask them about their business continuity arrangements. Any other supplier issues? Know who your customers are and know how to contact to tell them if you need to change their business. Anticipate what customers will expect in terms of your business delivery during the interruption and be prepared to re-prioritise resources as necessary. Any other customer/ supplier issues? Insurance do you have or need this Agreements - Formal or informal? do you need to formalise these agreements as reliance on a gentleman s agreement during an emergency may be a single point of failure. Equally can we continue to fulfil the agreement during times of stress and crisis? 40 of 47 (Date for review 14 March 2020)

41 RELOCATON STRATEGY Table identifying potential relocation sites for the critical functions Critical Function RTO and TS Relocation site Can you work from Home Do you have the necessary Equipment to work from home Salvage Service Area Example : Cytology RTO or time lag Take company 3 days to arrive from first phone call Item to recover Specialist piece of kit Salvage company Respirex Oxford Contact details of 47 (Date for review 14 March 2020)

42 Business Continuity Training Record NAME AWARENESS RAISING SEMINARS TABLE TOP EXERCISES LIVE EXERCISES PLAN TESTING OF AC AT DE NR OF AC AT DE NR OF AC AT DE NR OF AC AT DE NR Business Interruption Manager Chief Executive Business Interruption Management Team NHS Business Continuity Liaison Officer (NHSBCLO) Business Interruption Co-ordinators 42 of 47 (Date for review 14 March 2020)

43 NAME AWARENESS RAISING TABLE TOP LIVE EXERCISES PLAN TESTING SEMINARS EXERCISES OF AC AT DE NR OF AC AT DE NR OF AC AT DE NR OF AC AT DE NR Business Interruption Support Staff (To be identified) 43 of 47 (Date for review 14 March 2020)

44 Amendment procedure NORTH TEES AND HARTLEPOOL FOUNDATION TRUST BUSINESS CONTINUITY PLAN ADVICE OF CHANGE FORM 1. If you have no amendments to make, please tick the following box and return the form to the address below: NIL RETURN 2. If you have amendments to make, please provide details below (add extra sheets if necessary): SECTION PAGE NUMBER AMENDMENT Name: Job Title:..... Contact Telephone Number:.... Signature:... Date:.. Please return Advice of Change form (either electronically or in hard form) to: Emergency Planning Officer at North Tees Hospital Tel. No. (01642) of 47 (Date for review 14 March 2020)

45 Record of Amendments AMENDMENT NUMBER: DATE: PAGE NUMBER AMENDED: AMENDED BY: 45 of 47 (Date for review 14 March 2020)

46 Glossary of Terms Activation Business Continuity Plan Business Interruption Business Interruption Centre The implementation of recovery procedures, activities and plans in response to an emergency or disaster declaration. A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an interruption. Any unwanted incident which threatens personnel, buildings or the operational procedures of the organisation which requires special measures to be taken to restore things back to normal. Room from which the overall Trust overall response will be co-ordinated by the Corporate Management Team. Business Interruption Centre Supervisor Nominated officer who manages the administration and monitoring activities of the Business Interruption Centre. Business Interruption Co-ordinators Nominated officers who act as Service Area Liaison Officers both for business continuity planning purposes in normal circumstances and also during activation of plans. Business Interruption Manager Formulates the Trust s overall strategic response to business interruption. Business Interruption Support Staff Trust staff nominated to perform administrative functions in the Business Interruption Centre and other emergency facilities. Class One Function Class Two Function Class Three Function An essential function needing to be restored within 0-7 hours An important function needing to be restored within 24 hours An important function needing to be restored within 2 days 46 of 47 (Date for review 14 March 2020)

47 Class Four Function Business Interruption Management Team Implement Major Business Interruption Minor Business Interruption An important function needing to be restored within 3-5 days Assist the Business Interruption Manager in formulating the North Tees and Hartlepool Foundation Trust strategic response to a business interruption. Phrase used to request the actual utilization of officers and resources in activation of the plan. A business interruption affecting a number of services in their entirety or 2 or more specific sites. A business interruption affecting either part of a service (located over a variety of sites or one service (based on 1 site) Significant Business Interruption A business interruption affecting a number of service areas or 1 specific site. Stand-by Stand Down Used as an early warning of a situation which might at some later stage require action. Used to signify the end of the activation of the plan. 47 of 47 (Date for review 14 March 2020)