PCC Business continuity plan

Transcription

1 PCC Business continuity plan Last reviewed September 2014 Background The business continuity policy was ratified in January As part of this policy, PCC is committed to producing for each work area a risk register that identifies the key threats and which risks will be covered by business continuity plans. Business continuity plans should then be established for each contract, project or development area and reviewed by senior team at least quarterly. The grid at Annex 1 provides a draft risk profile for each general contract area, actions to be undertaken in the event of an emergency and preparatory activities to mitigate the risk. Legal requirement Whilst it is not a legal requirement for PCC to have a business continuity plan, it is a prerequisite for working with many public bodies to have a business continuity policy and / or plan in place. PCC is not bound by the business continuity policy of Bedford Hospital. Focus of the business continuity plan The aims of the plan are to ensure: That PCC is able to cope with the effects of an emergency situation, be that predicted or unforeseen. That such an event is handled in a manner that enables PCC to continue with minimal disruption to its customers, ensuring also the welfare of its staff and the minimisation of financial loss. Roles and Responsibilities As set out in the business continuity policy, the Chief Executive has overall accountability for the successful implementation of business continuity. Senior team has responsibility for the quarterly review of business continuity plans. Line management have responsibility for successful implementation of business continuity within their area of responsibility. To succeed, business continuity management must be owned by line management and implemented as an integral part of operational planning. Activation of the Business Continuity Plan The escalation triggers for the notification of a business continuity-related critical incident include: Loss of access to the PCC premises. This includes loss of the actual physical facility itself, as well as loss of access to the area surrounding the building, facility or workplace. Loss of amenities that support the building, facility or worksite, including power, water and gas. Loss of inputs and outputs from suppliers and contractors. PCC Jan

2 Loss of ICT access or services for all staff in the PCC premises Loss of key staff. Activation of the business continuity plan of organisations on whose site PCC staff are working. Actions to be taken on activating the business continuity plan On activation, the Chief Executive or a nominated deputy will need to take a number of actions. These may include: Alerting key members of staff. Agreeing with key staff the activities needed and implement a recovery plan. Advising other staff of when and where to report. Notifying key contacts (stakeholders, suppliers, next of kin where appropriate). Establishing immediate business needs. Considering working arrangements for staff. Establishing a Communications plan both internal and externally. Advising all stakeholders of the plan activation and services disrupted. Actions to be taken on identification of an incident that may require activation of the business continuity plan The process in managing an incident is much the same irrespective of the cause of the incident. Any member of staff Identify the problem. Alert immediate team who may be affected Alert Chief Executive or PA Prevent escalation of incident. Seek outside assistance as appropriate. Commence process to return to normality. Information recording Clear recording of decisions taken will help avoid confusion and ensure consistency at a time of significant disruption. It is also important to have an audit trail in terms of working with clients. As a minimum, these will include: The nature of the decision. The reason for the decision. Who has taken the decision / authority designation. Who has been notified of decisions made. Recovery The basis of the recovery for this Plan will vary depending on the nature of the incident and whether or not a part of the premises are useable and readily accessible, or whether a full off-site recovery is required. During the recovery period, the emphasis will be on getting services back to normal. However, this needs to be set against the situation and potential impacts will be considered including backlog of work, availability of staff, disruption and reputational damage. Debriefs will be held during the recovery period and at an appropriate time thereafter.

3 Continuous improvement This plan be reviewed and potentially updated: In light of feedback from actual incidents and interruptions to business activities On a quarterly basis subsequent to review by senior team.

4 Annex 1 Adviser support to commissioners and providers CE or, if unavailable, AD to redeploy staff Medium functions Agreed back-up for each staff member Ensure up-to-date contact details circulated; all staff Loss of or disruption to transport deemed necessary to maintain daily operations to Remote working for all staff have home working facilities available Loss of telecommunications Medium Use alternative telecoms systems available None required Loss of utilities Remote working for all staff None required Unable to access premises Remote working for all staff None required Disruption to supplies Not applicable None required Use alternative IT systems available Regular back-up of - monitored with reminders sent to staff; regular back of websites; availability of additional IT supplies in two locations National / consultancy contracts Senior team member to contact client and Agreed back-up for each staff member; provision in High redeploy staff functions where possible contract to replace staff in event of emergency Remote working, unless otherwise directed Loss of or disruption to transport Medium by client Ensure up-to-date contact details circulated Loss of telecommunications Medium Use alternative telecoms systems available Force majeure clause to be included in contracts Remote working, unless otherwise directed Loss of utilities * by client None required Unable to access premises * Remote working, unless otherwise directed None required PCC Jan

5 by client Disruption to supplies * Not applicable None required * * Dependent on business continuity policy of client Use alternative IT systems available, where possible Regular back-up of - monitored with reminders sent to staff; regular back of websites; availability of additional IT supplies in two locations Finance and events team work CE or, if unavailable, AD to redeploy staff High functions Agreed back-up for each staff member Loss of or disruption to transport Medium Remote working for all staff Ensure up-to-date contact details circulated Loss of telecommunications Medium Use alternative telecoms systems available None required Loss of utilities Unable to access premises Disruption to supplies Medium Medium CE to assess impact on advice of staff and confirm whether remote working necessary Remote working for all staff with homeworking facilities Team lead to assess impact Use alternative IT systems available, where possible All staff deemed necessary to maintain daily operations to have home working facilities available None required up to 0.5m insurance available if alternative premises required on a transitional basis Test no essential supplies dependent on single supplier Regular back-up of and finance systems; secure storage of HR and finance systems; regular back of websites; availability of additional IT supplies in two locations