Business Continuity Plan Version: 3 Bodies consulted: - Approved by: EMT Date Approved: 11.1.16 Lead Manager: Health and Safety Manager Lead Director: Deputy Chief Executive Date issued: January 2016 Review date: December 2017 Business Continuity Plan, v3, Jan 16 Page 1 of 42 Contents 1 Introduction ................................................................................................. 3 2 Purpose....................................................................................................... 4 3 Scope .......................................................................................................... 4 4 Definitions ................................................................................................... 5 5 Duties and responsibilities .......................................................................... 6 6 Procedures .................................................................................................. 8 7 Training and Testing ................................................................................... 9 8 Reporting Requirements ............................................................................. 9 9 Process for monitoring compliance with this policy ................................... 10 10 References and Associated documents .................................................... 10 Pandemic ‘Flu Plan ........................................................................................ 10 Appendix 1 11Identified risks to business continuity with note on mitigation Appendix 2 .......................13Specific Consideration to be made under the Plan Appendix 3 Key Action Check lists for Level 1, 2 and 3 disruptions Appendix 4 Equality Impact Assessment Appendix 5 ICT Failure Contingency Plan including ICT Action Card Appendix 6 BCP Action Card s (Gold, Silver and Bronze) Appendix 7 Communication Action Card Appendix 8 Loggist Action Card Appendix 9 Situation Report ( SitRep ) Template Business Continuity Plan, v3, Jan 16 Page 2 of 42 Business Continuity Plan 1 Introduction 1.1 The Tavistock and Portman NHS Foundation Trust’s (The Trust) corporate business continuity plan provides the framework within which the organisation can continue to deliver an appropriate level of service to our service users in the event of any disruption and can comply with the business continuity requirements of the Civil Contingencies Act 2004, by introducing a business continuity management system that aligns with BS25999-2. It is an overarching plan that will operate alongside specific disruption plans that the trust has set out including the Major Incident Plan; Pandemic Flu Plan and IT Failure Contingency Plan. In all cases where a recovery plan is required, the Chief Executive will appoint a senior team responsible for delivery of the plan. 1.2 Whilst it is acknowledged that the Trust is not a designated responder under the definitions of the Civil Contingences Act 2004, it has obligations to its service users and families to continue to deliver an appropriate and acceptable level of care during such times and a role to respond to any psychological consequences thereafter.. 1.4 This plan takes into account all aspects of the Trust’s business (i.e. processes, personnel, external contacts, infrastructure and technology), and prioritises them into phases within which recovery will be required. The various natures of disruptions have been taken into account while doing this. Although it is not possible to accurately predict all incidents that may occur, the plan has identified the most probable causes of disruption (see Appendix 1). By following this plan, and associated service specific plans, it is the Trust’s aim that a full recovery of the Trust’s services can be achieved, minimising the impact of the disruption on services to patients and students, and the Trust’s reputation. 1.5 This plan contains checklists based on the pre-determined possible levels of disruption. These checklists inform staff and stakeholders of the steps to be taken to ensure the continuance of its critical services and progress to the eventual restoration of normal services. 1.6 To remain effective and fit for purpose, the plan will be regularly tested and updated in response to what is learned from these tests and actual events where the plan is activated. Business Continuity Plan, v3, Jan 16 Page 3 of 42 1.7 The NHS Resilience & Business Continuity Management Guidance 2008 asked NHS Trusts to review services for which they are responsible and identify assets that will need to be made available to maintain critical services for the first hour, 24 hours, 3 days and 7 days. This has been carried out as part of the business continuity management process and this information has been collated to give a snapshot of the services that the Trust will aim to deliver in the event of a disruption. Service Specific Recovery Plans have been prepared and others have been programmed in, and Service Managers will be responsible for activating the plans in a timely manner. 2 Purpose The aim of this plan is to ensure that the Trust can recover its services in a timely manner. The objectives of the plan are: To set out the way in which the Trust will manage threats to its business continuity by the identification of risks and setting out mitigations to those risks To allow critical services to continue until the disruption is over; 3 To set achievable recovery aims to enable a phased, efficient and fast recovery to normal level of service. Scope This is a generic document which details the actions and processes required to maintain the operation of Trust’s critical services during times of disruption. It indicates roles, responsibilities, accountabilities, actions, recovery time objectives and decision processes that should be followed and achieved when this plan is activated. This plan is intended for staff that have a role to play in a business continuity response to a disruption affecting normal service levels. Business Continuity Plan, v3, Jan 16 Page 4 of 42 4 Definitions Disruption Levels which determine response Disruption level Level 1 Definition This is a disruption occurring in any service area OR an overall loss of 20% of staff This is a disruption occurring causing Level 2 Level 3 multiple services to be disrupted OR an overall staff loss of 35%. This is an event occurring causing disruption to the whole of the Trust OR an overall staff loss of 50%. Example These events are generally of short duration and a response would be led by the Service Manager, or their nominated deputy if they are unavailable. These events can result in building loss, staff absenteeism and substantial loss of equipment and records. The corporate response is likely to be coordinated by the Emergency Preparedness Steering Group, but service recovery by Service Managers. These events can result in building loss, mass staff absenteeism or substantial loss of equipment and records. Where there is an event causing multiple services areas to be disrupted, or where all of services are affected (say, for example, during an influenza pandemic), co-ordination will be passed to the EPSG under the parameters of the Major Incident Plan and/or the Flu Pandemic Plan, and may also involve our mutual-aid arrangements where the Trust is unable to deal with the incident in isolation. It is likely that a number of recovery teams will be convened to look at specific issues (e.g. communications, IT and telecommunications, legal and corporate issues), rather than individual service managers trying to manage the problems in isolation. SSRP Service Specific Recovery Plan EPSG The Management Team will act as the Emergency Preparedness Steering Group Business Continuity Plan, v3, Jan 16 Page 5 of 42 5 Duties and responsibilities Chief Executive The CEO has ultimate responsibility for planning and management of the Trust’s business continuity arrangements; responsibility for planning has been delegated to the Deputy Chief Executive. Deputy Chief Executive The Deputy Chief Executive (DCE) is the lead for business continuity within the Trust and will lead on the publication, review and development of this overarching plan and related corporate plan in line with best practice and the needs of the Trust, monitor standards and provide support and guidance to service managers. Directors Directors will ensure that their managers are identified and that service specific recovery plans are in place and are reviewed at least annually. Managers Managers will lead on service disruption level 1 by following specific service recovery plans. Managers will ensure local plan are reviewed for effectiveness after each use and update as required, (see definitions above, and detailed responsibility table below) Managers will follow the direction of Emergency response team in the event of disruption at Level 2 or 3 described above, and will usually retain responsibility for local service recovery of their managed areas of service. All staff Must ensure that HR is provided with accurate contact details in case of an emergency Business Continuity Plan, v3, Jan 16 Page 6 of 42 During a disruption the following roles and responsibilities apply Team/ person Disruption level Responsibilities Co-ordination of the SSRP Managers 1, 2, 3 Notification upwards when SSRP is unable to be delivered Maintain communication with staff, Directors and service users Co-ordination of the response; Emergency Preparedness Steering Group 2, 3 Alerting Trust Secretary who will liaise with the Chair to consider communication with the Board of Directors, Camden CCG as host purchaser, of disruption; Agreeing with Commissioners where services are delayed, scaled down or suspended. Have the overview of staff welfare. Director of Marketing and Communications 1 led by service manager 2, 3 led by EPSG Maintain communications links; Ensure service users and key stakeholders are informed: Maintain links with the media Deal with insurance claims: Deputy Chief Executive 1,2,3 Ensure payments are still being made; Establish costs and attribute to cost centres; Ensure legal advice is taken and available Responding to additional cost pressures as a result of the incident Deputy Finance Director 1,2,3 Ensure payments are still being made; Ensure financial reports are being made to finance department Ensure procurement system is functioning Ensuring that ICT services are available to support the recovery services; Director of Information and Technology Ensure email is available; 2,3 Ensure the intranet is available; Ensure that key systems and programmes are available; Ensure telecommunication links are maintained. Estates and Facilities Manager 2,3 Ensuring that services have the necessary facilities support to enable the recovery of services General Maintenance; Business Continuity Plan, v3, Jan 16 Page 7 of 42 Team/ person Responsibilities Disruption level Cleaning; Switchboard/ reception HR 2,3 All staff Ensure points of contact are available for key advice and support. Ensure systems are available for effective coordination of staffing cover. In the event that this plan is activated, staff do not have any direct involvement in the management of the response, unless stated in the table above. Those not directly involved should continue with their normal responsibilities as far as possible and wait for instructions in relation to service delivery from their manager or director. Staff must remain contactable throughout the disruption because they may be required to assist at any point. 6 Procedures 6.1 Service Specific Recovery Plans Each service within the Trust is required to have its own Service Specific Recovery Plan. These plans are the responsibility of the Service Managers. The Service Manager is responsible for implementing the plan, and for informing the relevant Director of its activation, and for situations where the plan will not bring about the recovery of critical services. 6.2 Activation of Trust Wide Plan The Service Specific Recovery Plans (SSRP) will be activated in a Level 1 situation by the Service Manager(s) affected. Directors will be advised, or if the disruption occurs out of hours, the Director on-call will be informed. If a Level 2 or level 3 disruptions occur or where the SSRP cannot deliver the recovery of a critical service, this plan will be activated and in addition, ALL Service Specific Recovery Plans will be activated by the respective service manager where services are substantially inter-dependent. Business Continuity Plan, v3, Jan 16 Page 8 of 42 Specific procedures/considerations for the following will be found in Appendix 2 1 2 3 4 5 6 7 9 10 11 Alternative Buildings Health and Safety issues Human Resources / workforce issues S taff A b se nte ei sm Staff welfar e and support Lone working Communications & Media Management Utilities Finance Legal Advice Due to its importance, the IM&T plan is separate, see appendix 5. 6.3 Stand Down Activation of the overarching plan and related corporate plans will be stood-down when services are able to function at normal levels. Stand down will be the responsibility of the Chief Executive on advice from the Incident Manager. Each Service Manager will continually assess the situation and decide when it is appropriate for them to stand down any additional resources or staff deployed to ensure the functioning of critical activities during a disruption. Decisions to standdown will be cascaded to the relevant Director. 7 Training and Testing The Deputy Chief Executive will lead an annual table top exercise for Trust wide service disruption. Following training and exercising, this Plan, associated Trust wide and the associated Service Specific Recovery Plans, will be reviewed, updated and reissued in the light of the in light of lessons learnt. 8 Reporting Requirements In the event that the Trust activates this plan then it must notify the NHS England (London). Information uploaded will be at the direction of the Deputy Chief Executive, and will be uploaded by the Health and Safety Manager, Business Continuity Plan, v3, Jan 16 Page 9 of 42 Alert NHS England (London) on 0844 822 2888 to report a Major Incident ( see Major Incident Plan ) and that out Business Continuity Plans have been activated. 9 Process for monitoring compliance with this policy The Deputy Chief Executive will provide assurance annually to the Corporate Governance and Risk work stream meeting that a desk-top exercise has been undertaken within the previous 12 months (unless a real event has taken place, in which case an exercise would not be required). This exercise, or real life event, shall confirm that this plan to be up to date and fit for purpose, or that a plan is in place to address any indications for action. In the event that an action plan is agreed the work stream will note assurance of progress and completion. 10 References and Associated documents Pandemic ‘Flu Plan Major incident Plan Service Specific Recovery Plans (Directorate Risk Assessments); Adult and Forensic Services Children and Young Adults Service - including Glucester House Day Unit Westminster Family Centre –representing an ‘outreach service’ Estates and Facilities HR Commercial Business Continuity Plan, v3, Jan 16 Page 10 of 42 Appendix 1 : Identified risks to business continuity with note on mitigation (note this is not an exhaustive list) Risk Impact Mitigation Influenza Pandemic outbreak Patients at increased risk Disruption to national supply chains Disruption to national infrastructure Staff at increased risk – contact with symptomatic patients etc Loss of staff due to illness, caring responsibilities, bereavement Disruption to transport problems Disruption to service due to transport problems Loss of access to buildings Transport disruption resulting in reduced staff on site Severe Weather Loss of utilities Loss of telecommunications and IT Loss of, or access to buildings Disruption to normal service delivery Loss of national telecommunications systems Inability to communicate via telephone Loss of support services Disruption to normal services Pan London and Trust Pandemic Influenza Plan Infection control procedures Local service plans for delivery with reduced staff Local decision re patient or student contact to rearrange /reschedule Local Service Area delivery plans determine local decisions on patient by patient basis EPSG determine whether Trust to be closed to patients and/or students to reduce risk to them from travelling Severe weather warnings circulated to raise staff awareness Advice to staff via email re risks and arrangements Senior manager contact via mobile devices Fire evacuation plans Use of alternate sites for essential services BT disaster recovery plan Satellite Phones to enable communications between key responders 999 Failure Plan Facilities SSRP Business Continuity Plan, v3, Jan 16 Page 11 of 42 Risk Impact Mitigation No access to Authorised signatories Disruption to finance system Ensure sufficient number of authorised signatories to cover for leave and unexpected absences No cash in bank Disruption to finance system Mandate schedules set up to ensure cash paid monthly on set date Cash flow forecast completed to ensure Trust remains solvent Business Continuity Plan, v3, Jan 16 Page 12 of 42 Appendix 2 Specific Considerations that need to be made under the Plan (note this list is not exhaustive) 1 Alternative Buildings Where the disruption results in the loss of building access, in the medium to long term, the Trust will make arrangements to relocate the services affected. The business continuity process has not identified buildings that are readily accessible for the immediate relocation of staff; Service Managers would consider relocation to other sites and home working for staff, where this is possible. 2 Health and safety issues Staff remain responsible for their own health and safety. Where staff or service users are injured, the Trust’s Policies in relation to health and safety and Serious Untoward Incidents apply. 3Human Resources / workforce issues NHS Employers and the Department of Health have published Human Resources Guidance that deals with the workforce and human resources issues that may arise from pandemic influenza. Whilst this guidance looks specifically at the implications of pandemic influenza, the principles can be applied to the wider business continuity planning as it may be necessary to take pragmatic decisions to sustain services during a pandemic or any emergency that disrupts services. (See Flu Pandemic Plan Section 5) Staff details are already held securely on the Electronic Staff Records system the Trust need to contact staff out-of-hours in an emergency situation. The Management Team will ensure that HR implications are considered and will take advice from the HR Team where appropriate. 4 S t a f f Ab s e n t e e i s m In the event of substantial staff unavailability it may be necessary to move staff around to keep critical services going, or suspend some services and reallocate staff to tasks within their remit. The workforce mapping information, held in HR, will help to inform this process; staff should not be moved into positions outside their competence. Business Continuity Plan, Ver 1, 2011 13 Services will only be delayed, curtailed or suspended after consideration of all the resources available at the time, and if an individual service is experiencing mass staff absenteeism, it may require skills that are held by members of other services. The workforce mapping information will help to inform these decisions. 5 Staff welf ar e a nd su pport During the early stages of an incident, directors and managers must be aware of staffing levels and seek information regarding the length of time the incident may be expected to last. This may be difficult to assess and the worst case scenario should be planned for. Everyone has a responsibility for their own health and safety. EPSG will coordinate staff welfare, and ensure that there is long-term resourcing and will consider a number of measures, such as redeployment in order to sustain critical services. In an emergency situation, it will be important to ensure that staff continue to receive appropriate rest breaks. Until confirmed as not required, the Service Manager will identify and manage staffing levels and organise a rota or shift system where a response is required outside of normal working hours. During a prolonged incident, issues such as catering, rest periods, duty and travelling time and fatigue should be monitored. Certain situations may be very demanding and stress levels will also need to be considered and Service Managers need to have an overview of the implications for staff welfare. 6 Lone working Due to the nature of some services, some members of staff undertake lone working. Due to the risks this poses to their personal safety they should always follow the Trust’s Lone Worker Procedures in place. This is particularly important during times where this plan has been activated due to the potential disruptions to normal working being caused. 7 Communications & Media Management Communications during the disruption should be clear, concise and constructive. The Trust will make the most of available technology to deliver communications and communications will be delivered in accordance with the Trust’s Communication Strategy. 8 Information Technology and Telecommunications If there are any disruptions threatening the telephone or electronic communications of the Trust, then the IT Failure Contingency Plan should be activated and followed, see appendix 5 Business Continuity Plan, v3, Jan 16 Page 14 of 42 The IT recovery plan is overarching for the Trust. Those outreach services in a building not managed by the Trust will have to follow the local procedures. 9 Utilities Trust buildings may suffer from intermittent short-term loss of utilities from time to time. There is little that the Trust can do other than rely on the speedy restoration of supplies by the utilities companies. They will be informed of the disruption and asked for an estimation of when supplies will be recovered. Managers will decide whether it is safe for service users and staff to remain in the building If there is a loss of water, alternative supplies should be sought. If it cannot immediately be sourced a decision should be made, based on information available at the time, on the provision of services. 10 Finance In the event of this plan being activated, the Deputy Director of Finance will be assigned the task of contacting any relevant bodies in relation to the financial impact, and possible costs incurred. All Service Managers will keep a record of expenditure incurred as a result of the disruption to services and will inform their management accountant. 11 Legal Advice The Trust accesses legal advice via the Trust solicitors. Requests for legal advice should be directed through the Associate Director of Quality and Governance or, in her absence, through one of the Trust’s Executive Directors (in hours) or via the Director on call outside these hours. The Trust contributes to the NHS Litigation Authority’s Clinical Negligence, Property Expenses and Liability to Third Parties schemes. These provide insurance against claims for clinical negligence, loss or damage to property and liability to third parties including employer liability. The Associate Director of Quality and Governance is responsible for liaising with the NHS Litigation Authority, their local claims assessor and panel solicitors. Claims against the Trust should be directed to the Chief Executive, Tavistock Centre, 120 Belsize Lane, NW3 5BA.. Business Continuity Plan, v3, Jan 16 Page 15 of 42 Appendix 3 Key Action Check lists for Level 1, 2 and 3 disruption Level 1 Disruption Key action Check list Hours after disruption for task to be completed LEVEL 1 DISRUPTION Action 1 2 3 4 5 6 12 24 48 72 Manager to assess the situation Situation is determined by the Manager to be a Level 1 by: Only one service is affected; 20% staff for one service are not at work. ACTIVATE THIS PLAN for a level one event Manager will take the lead in their Service Specific Recovery Plans implementation. Manager should investigate: − − − − − Which aspect of the service is affected; How many workstations are affected; Which equipment is lost or damaged; Decide if operations can be continued from same work stations/ office; How many staff are affected; What are likely effects on service delivery. Manager to inform the ASSOCIATE DIRECTOR OF QUALITY − AND GOVERNANCE Associate Service Manager should carry out the Director of Quality and following actions based on earlier Governance of any insurance or findings: legal issues. Locate alternate resources, in the − same building if possible, that can be shared; − − Identify essential items of equipment that need immediate replacement and obtain them; Identify any areas of work that can be temporarily transferred to other departments; Identify any possible suspensions of services (in line with the Manager should begin service recovery Business Impact Analysis) as set out in the SSRP. − Business Continuity Plan, v3, Jan 16 Page 16 of 42 LEVEL TWO DISRUPTION Action Check List Hours after event task to be completed in 1 2 3 4 5 6 12 24 48 72 Manager to assess situation. Manager identifies a Level 2 disruption by: - - - Substantial building damage resulting in several areas being unfit for occupation. Substantial loss of equipment and records affecting a number of services. Full redeployment within the remaining property is not feasible. Some recovery of records and equipment could be possible. ACTIVATE THIS PLAN and contact key players (Appendix B), including the Executive Team, whose support may be required. Manager should investigate and log the following: - - - - - - Which aspect of the service/s is affected? How many work stations are affected? Which equipment is lost or damaged? Can the operations be continues from the same work stations / office? How many staff are affected? What are the likely effects on service delivery? Manager to inform Associate - Director of Quality and Governance theshould Deputy The following steps beChief taken by the Manager Executive of any insurance issues or legal Identify issues. critical services of the - Trust and minimum needs to ensure continuance of these. - Begin a record of events to facilitate structured management of the event by gathering as much information as possible, keeping it all up to date for later use. Identify and obtain all required resources, as identified, and Manager designate staffneeded. to call deploy them where service users and suppliers that may need to know of the situation. - Business Continuity Plan, v3, Jan 16 Page 17 of 42 LEVEL TWO DISRUPTION Action Check List - - - Hours after event task to be completed in 1 2 3 4 5 6 12 24 48 72 Organise alternative location for staff to continue work based on needs identified above Ensure IT and communication systems are in place at these locations. Send staff home that are not needed at this point ask them to remain contactable. Relocate necessary staff to a suitable identified alternate work areas Manager and possibly EPSG, should hold a progress meeting and contact staff sent home using the cascade system, if available, to inform them of the progress. Once critical functions are stable the recovery of each service area should begin based on the SSRP of each service. The Manager will coordinate this response along with the staff. - During the implementation of Service Specific Recovery Plans the following plans and policies may need to be consulted, depending on the cause of disruption and impacts being experienced: - HR Policy; - Welfare Policy; - Communications Policy; - Major Incident Plan; - LRF Fuel Plan; Pandemic Influenza Manager should establishPlan. affected building(s) are safe for return – If it is safe to return an assessment should be run by Manager and allocated staff to assess the damage and work needed and begin making arrangements for these repairs. Meeting should be held by Manager - with all staff, and possibly EPSG, to assess the progress of recovery and needs of each service to help improve rate of recovery. Manager should contact staff sent home using the cascade system, if available, to inform them of the progress. Business Continuity Plan, v3, Jan 16 Page 18 of 42 LEVEL TWO DISRUPTION Action Check List Hours after event task to be completed in 1 2 3 4 5 6 12 24 48 72 Meeting should be held by Manager with all staff, and possibly EPSG, to assess the progress of recovery and needs of each service to help improve rate of recovery. Manager should contact staff sent home using the cascade system, if any, to inform them of the progress. Business Continuity Plan, v3, Jan 16 Page 19 of 42 LEVEL 3 DISRUPTION Action Checklist Hours after event task to be completed in 1 2 3 4 5 6 12 24 48 72 EPSG to convene at a suitable alternate location EPSG and Service Managers to assess situation. EPSG identifies a Level 3 disruption by: - - Total loss of buildings, equipment and records; 50% total corporate staff loss. Recovery period estimated to be prolonged. ACTIVATE THIS PLAN and contact key players *Note: The Trust's Major Incident Plan will be activated and priorities in it need to be followed in conjunction with what this plan requires. - EPSG should investigate and log the following: - - - - - Which aspect of the service/s are affected? How many work stations are affected? Which equipment is lost or damaged? Can the operations be continued from the same work stations / office? How many staff are affected? What are the likely effects on service delivery? EPSG to consider insurance and legal issues. The following steps should be taken by the EPSG: - - - Identify critical services of Trust and minimum needs to ensure continuance of these. Begin a record of events to facilitate structured management of the event by gathering as much information as possible, keeping it all up to date for later use Gather the Facilities Team and finance (emergency purchasing) to obtain all required resources, as identified, and deploy them where needed. EPSG designate Service Managers to call service users and suppliers that may need to know of the situation - Business Continuity Plan, v3, Jan 16 Page 20 of 42 LEVEL 3 DISRUPTION Action Checklist Hours after event task to be completed in 1 2 3 4 5 6 12 24 48 72 In the event where the disruption results in the attendance or assistance from the emergency services, or stakeholders, the EPSG will determine the need to appoint specific liaison officers. The EPSG should: - Organise alternative location for staff to continue work based on needs identified above. Establish an emergency telephone line and / or office for public enquires and ensure there is relevant personnel to staff it. - - - - Identify area where the EPSG and emergency services can liaise and use as a control centre for the events coordination. Ensure IT and communication systems are in place at these locations. Send staff who are not required home at this point, if necessary and ask to remain contactable. Relocate necessary staff to the suitable identified alternate work areas. EPSG should hold a progress meeting with key staff and brief them of the impact on Trust and the individual service areas. The EPSG should also discuss introduction of emergency financial expenditure. During the implementation of SSRPs the following plans and policies may need to be consulted, depending on the cause of disruption and impacts being experienced: - - HR Policies; - Communications Policy; - Major Incident Plan; - Pandemic Influenza Plan. Contact key STAKEHOLDERS with current situation and contact staff sent home using the cascade system. Representative designated by EPSG to issue a media statement informing the public as to the situation, services affected and emergency contact numbers. EPSG Should establish teams to help in initial recovery (see para 11.1 of Corporate Business Continuity Plan). Business Continuity Plan, v3, Jan 16 Page 21 of 42 LEVEL 3 DISRUPTION Action Checklist Once critical functions are stable the recovery of each service area should begin based on the SSRP of each service. The EPSG will coordinate this response along with Service Managers. Business Continuity Plan, v3, Jan 16 Hours after event task to be completed in 1 2 3 4 5 6 12 24 48 72 An event of this scale may take over 72 hours before this occurs – If situations allow, start this process as soon as possible. Page 22 of 42 KEY ACTIONS FOR A PROLONGED RESPONSE 4-7 Days 7 Days Onwards Regularly review progress, identify and address problems with the response Regularly review progress, identify and address problems with the response. Review the temporary work areas to ensure they are still able to provide what is required, address any outcomes. SSRP should be well established at this point. Maintain contact with insurers. Work with insurers on claims Review and address current staffing requirements. Begin a rebuilding project normal consultation procedures will apply here. Keep staff who may not be required at this stage up to date Keep staff who may not be required at this stage up to date Maintain media liaison to keep public informed of the situation. Keep key external organisations and contacts up to date (SSRPs). Keep key external organisations and contacts up to date (SSRPs) Maintain media liaison to keep public informed of the situation. Final analysis of Trust’s response to the event as a whole and the creation of a lessons learned document by the Service Manager / Incident Managers to Executive Team to help identify changes that may make the business continuity plan more effective. Assess and address the need for staff support and welfare. Maintain media liaison to keep public informed of the situation. Business Continuity Plan, v3, Jan 16 Page 23 of 42 Appendix 4 : Equality Impact Assessment 1. Does this policy, function or service development affect patients, staff and/or the public? YES 2. Is there reason to believe that the policy, function or service development could have an adverse impact on a particular group or groups? NO 3. If you answered YES in section 5, how have you reached that conclusion? (Please refer to the information you collected e.g., relevant research and reports, local monitoring data, results of consultations exercises, demographic data, professional knowledge and experience) 4. Based on the initial screening process, now rate the level of impact on equality groups of the policy, function or service development: Negative / Adverse impact: Low……. (i.e. minimal risk of having, or does not have negative impact on equality) Positive impact: Low……… (i.e. not likely to promote, or does not promote, equality of opportunity) Date completed 11.7.11 Name Jonathan McKee Job Title Governance Manager Business Continuity Plan, v3, Jan 16 Page 24 of 42 Appendix 5 : IT and Communication failure contingency plan Introduction The Trust operates a Microsoft Windows network comprising over 100 servers and more than 700 PCs and laptops. With this complex set up the Trust recognises that even with robust safeguards there is a continual risk of system problems which could result in loss of access to data on a short, medium or permanent basis.Some key data is held on the Trust’s servers; but several key systems (Digital Care Record; Electronic Staff Record; financial system; Library system; and the Trust’s website) are web-based systems supplied by NHS or commercial organisations. These systems are covered by the suppliers’ contingency plans and by the Trust’s plans to maintain access. Purpose The purpose of this plan is to set out the arrangements in place in the Trust for: • Minimising risk of loss of access to computer systems in the Trust • Detailing the action plan to be followed in the event of medium, long term or permanent loss of part or all of the computer network and systems Scope This plan applies to the management of all Trust computer infrastructure, hardware and software. The failure plan is applicable to all staff affected by the failure who will be required to follow any instructions for action as directed by the lead person as set out in Appendix 1. Definitions ICT Failure • An IT failure is an unplanned incident that results in a significant or total loss of telecommunications, data or the IM&T service to one or more of the Trust’s sites arising from: damage to, loss or destruction of critical parts of the IM&T infrastructure; non-availability or destruction of information systems resulting from a virus attack or other external threat. • An IM&T failure can result from any cause including: fire, flood power failure, human error, sabotage of system etc… Note: Temporary loss of service due to equipment malfunction, cable breaks etc. is not classified as a failure. Business Continuity Plan, v3, Jan 16 Page 25 of 42 Duties and responsibilities Chief Executive The CEO has ultimate responsibility for ensuring the Trust has in place suitable and sufficient arrangements to respond to any loss of access to computer systems (both temporary and permanent) and that the Trust actively mitigates against such loss happening. The CEO has delegated the day to day responsibility for this function to the Deputy Chief Executive. The CEO may declare an ICT Failure, which activates this plan. Director of Information Management and Technology The director is responsible for the Trust’s IM&T services and the Head of ICT reports directly to him. The director may declare an ICT failure, which activates this plan. Head of Information Communication Technology (ICT) The Head of ICT manages the ICT team and is responsible for maximising the resilience of the Trust’s systems. This includes ensuring that the day to day back up processes (see below) are carried out and that all relevant members of staff are fully conversant with the procedures as stipulated in the document; virtualisation ; and testing the DR procedures and recording the results of these tests. In the event of an ICT failure, the Head of ICT is responsible for prompt action to restore service, ensuring that the procedures (Annexes 1 and 4) are followed and that there are no delays. The Head of ICT will ensure prompt, clear and regular communication with all users regarding any interruption to service, the action being taken, and the expected time when service will be restored. The Head of ICT may declare an ICT failure, which activates this plan. Business Continuity Plan, v3, Jan 16 Page 26 of 42 Annex 1 : Measures for Reducing Risk of Data Loss Back-up • Single stage central backup to tape. Every Friday an automated full data backup is run. This backs up data from all servers onto a tape library. Incremental backups are run Monday through Thursday. This records all the additions and changes made to the data after the full back up the previous Friday. All tapes are stored in a fire proof safe in the Monroe building and are rotated on a monthly basis. o Single stage central backup to tape (Month) This is essentially the same backup job as described above. However, these tapes are rotated on an annual basis. The tapes for this job are stored in a fireproof safe at Monroe Building. o Single stage backup to disk In addition to the tape backup described above the same backup jobs separately onto a storage server. This is done in order to provide two copies of the same backup data but produced through two separate and independent methods. The disk backup data is kept for a month. o Continuous Data Protection (CDP) CDP is used to make real time backups of the two file servers and scheduled backups of the Exchange server and the finance servers SQL database. There are two CDP devices; the primary device holds the backup data which is then replicated onto the secondary device located at Monroe Building. o Backup to Cloud The backup to disk is synchronised to the cloud based service on a daily basis providing a further layer of resilience. Virtualisation The Trust currently has physical servers running a number of virtual server instances or containers on them. These containers behave as individual servers and have the added benefit of being able to be backed up into single files. These backup files can be restored onto another virtual container or physical host in a few minutes. Failure Recovery: Data Testing The IT department undertakes failure recovery testing on a regular basis Business Continuity Plan, v3, Jan 16 Page 27 of 42 o o o o o o o o IT has a dedicated server for this purpose. The server is deleted and the operating system is reinstalled. A backup point is chosen (at random or in sequence) which is then restored onto the new server. Users are requested to access the server to a) confirm the server can indeed be accessed and b) the data on the server is valid. Once this is done the failure recovery/restoration is written up a success and documented. Each system will be tested at least once every 2 years. This will be done by a cycle of testing through the year, with at least one system being tested every three months. DR testing will be led by identified members of the IT team. However, the Head of IT will ensure that all staff have the required skills to carry out a restore if required. Details and results of the tests will be recorded (in a central record available for audit) by the performing engineer. Any issues will be escalated to the Head of IT who will responsible for ensuring appropriate action is taken. Recovery testing will establish, among other things, that the back-up data is not corrupted and can be utilised as intended. Process for monitoring compliance with this measure The Head of ICT will review the backup and testing records regularly, will take action if any gaps are identified, and will report on his findings and on any concerns to the Information Governance work stream. This plan will be subject to an annual review and report to the Director of IM&T. The backup and testing records will be reviewed by Internal Audit and assurance reported to the Information Governance Work Stream, with exception reports to the Audit Committee. This will be part of the overall internal audit cycle, and will not necessarily be included in each year’s work programme. Business Continuity Plan, v3, Jan 16 Page 28 of 42 Annex 2 : Process and action plan in the event of an ICT failure An ICT failure is defined in section 4 above. Grades of ‘Failure’ Event Temporary loss of service with anticipated recovery of less than one day Temporary loss of service with anticipated recovery of less than 1 week Full loss of service with no anticipated recovery date Grade of responsiveness Lead Green Head of ICT Amber Director of Information Management and Technology Red Gold Commander (action cards to be followed) The Trust has established a set of action cards that are to be followed in the event of a system failure resulting in data or communication loss. These are shown below. What does IT back up? The backups have been separated into three jobs on separate tapes and Disk folders. Backup jobs concentrate on the servers; no PCs or laptops are included. o Main backup. This includes all databases, file servers and Active Directory data. A full backup is taken every Friday with incremental Monday through Thursday. Every last Friday of the month a full backup is run and kept for 12 months. o Email. This backs up the Microsoft Exchange server information store which contains all email, attachments, contacts and calendar items. A full backup is taken on Fridays with incrementals taken Monday through Thursday. o Archive Manager. This backs up the email archive database server. Backup and DR roles Role Routine backup schedule. Checking backup job logs. Resolving issues. Rotating tapes. Business Continuity Plan, v3, Jan 16 Responsible Deputy IT manager Page 29 of 42 Restorations. Parallels virtual server administration, backup, restore Business Continuity Plan, v3, Jan 16 Deputy IT manager or technician Head of IT Page 30 of 42 Annex 3 Contacts Support Partner Block Solutions Responsibility Cisco IPT Solution Cisco LAN (switches, routers, network) Contact details BLOCK Operations Centre Block Solutions D +44 (0)20 7740 3920 T +44 (0)20 7740 3959 F +44 (0)20 7252 3497 W www.block-solutions.net E [email protected] ISL Jason Richards Technical Manager Internal Systems Ltd +44 (0) 845 894 4906 Virginmedia Cisco ASA Firewall Remote ASAs Remote internet connections (Barnet, St Pancras, Crowndale) ICT dept. internet connection Juniper SSL Bloxx web security Tavi LES 10 circuits Bloxx Bloxx web security Cable and Wireless telecommunications 0500050748 BT N3 telecommunications 0800590222 0800800150 NTS Business Continuity Plan, v3, Jan 16 NTS(UK) 0844 815 5925 Steve Roberts Health & Emergency Services T: 07807-011047 [email protected] www.virginmediabusiness.co.uk Tel: +44 (0)1506 425 465 [email protected] Page 31 of 42 Annex 4 :Action Cards for ICT team Activity area Key Tasks Lead Establish a central coordination team with a Failure Commander to manage failure, and to recruit members appropriate to the nature of the failure, and ensure all key staff have mobile phones Establish a central control command location for the duration of the failure Appoint loggist to keep event log Central coordinating team Determine which (if any) external bodies need to be informed and communicate as appropriate Take decision re extent of clinical services that can be maintained and review decision at regular interviews throughout the failure CEO/Director of IM&T /Head of IT (i.e. person who called the failure) The event will be logged as a ‘red’ incident and subject to full RCA at the conclusion of the failure period Assess extent of damage and report to central team: Determine the likelihood and timing for any system restore Assessment of extent of damage and likely recovery time Engage help of agreed external expert contractors for support at the direction of the Failure commander Head of IT Reassess situation on at 4 hourly intervals during the failure and provide updates to command team Manage location and set up of any agreed temporary equipment as advised by external experts Determination of responsibility for IT service Determine the extent of the responsibilities for responding to IT failure between Trust staff and other providers Head of IT Make contact with relevant contact if or other service provider as appropriate Business Continuity Plan, v3, Jan 16 Page 32 of 42 Normally the responsibility of the Head of IT. Set up a communications point and get notification to staff by any means possible (mobile phones, personal laptops etc) Communications Arrange central hot line number for all external inquiries and provide brief to staff answering phones Work with Communications ‘on call’ for further communications to stakeholders, via Web , Text and Social Media Business Continuity Plan, v3, Jan 16 See also the Trust’s Business Continuity Plan: In the event of a serious disruption to services (levels 2 or 3), the Emergency Preparedness Steering Group is responsible for managing communications. Page 33 of 42 Annex 5 : Recovery priorities list In the event that there is an option as to the order in which recovery is achieved the following schedule of priority will be followed: 1 Underlying infrastructure such as network and Active Directory 2 Digital Care Record 3 DET databases 4 Finance system (ESR, SBS) 5 Email 6 File Servers Business Continuity Plan, v3, Jan 16 Page 34 of 42 Appendix 6 Action Cards GOLD COMMANDER – Strategic (Either a Departmental Director or the Medical Director) Responsible to – The Chief Executive and the Trust Board Purpose – Overall responsibility for executive and strategic decisions and external accountability Seek a briefing from Silver Commander as soon as possible To decide whether to notify/call in Chief Executive/Chairman Be accountable for Silver Commander and prompt any command shift arrangements in conjunction with the Silver Commander To decide whether to notify Strategic Health Authority. If so, to Alert NHS London Manager 0844 822 2888 and ask for NHS01 and / or NHS London Communications Manager LON01 to declare an incident and / or media support. To provide higher level support to Incident Manager and Deputy To take action to manage events external to the Trust and incident To co-ordinate press releases, public information and internal communication. To decide who to notify/call in, and set process in motion To be main point of communication for Emergency Services or Contractors To take control of Control Centre and allocate staffing to areas of need. To take overall control of events from Control Centre and delegate responsibilities Business Continuity Plan, v3, Jan 16 Page 35 of 42 Silver Commander – Director Level – Tactical (Service Line Manager or Director of CG and Facilities) Purpose – Manages the strategic direction from Gold and makes it into sets of actions that are completed by Silver and Bronze teams. Purpose; Responsible ‘Director in Charge’ of strategic planning To declare 'stand down' after event. Seek and get a briefing from the manager for the affected area/site manager on the incident. This briefing will cover the following: What the incident is and what caused it Where the incident is and how far it affects When the incident started and how long it will go on for Who and how many patients are affected Who and how many staff members are affected How the incident will affect services (i.e. to what extent the service normally provided in or by that area will be curtailed) Inform the Gold Commander of this information to determine whether or not the incident warrants the declaration of an internal incident, and which wave should be implemented: Start a log and delegate role of Loggist as soon as is possible to an appropriately person ( Seek advice from the H&S Manager) Business Continuity Plan, v3, Jan 16 Page 36 of 42 Action Card 2 - Page 2 / 2 Delegate other roles from this action card to members of the Silver Team who will be accountable to this role for their completion. Nominate staff for roles to the Silver team Ensure the cause of the incident is being investigated further by senior managers from the appropriate area, co-opting as appropriate (e.g. Clinical lead, E&F, IT ) If the incident involves the emergency services who have instigated their own Silver and Gold controls, the Silver leader should request the presence of an Incident Liaison Officer from the emergency services to help coordinate the trust’s response to the incident with those of the emergency services Attend meetings with Gold Commander as required, designating a deputy to manage the Silver Team during his or her absence At the end of the incident, confirm the decision to stand down with the Gold Commander and the issue the “stand down” order clearly and unambiguously Conduct a hot debrief and record briefly the main findings: submit main findings to the Emergency Planning lead immediately who will be conducting a full debrief report Attend meetings with Gold Commander as required, designating a deputy to manage the Silver Team during his or her absence At the end of the incident, confirm the decision to stand down with the Gold Commander and the issue the “stand down” order clearly and unambiguously Conduct a hot debrief and record briefly the main findings: submit main findings to the Emergency Planning lead immediately who will be conducting a full debrief report Business Continuity Plan, v3, Jan 16 Page 37 of 42 SILVER TEAM MEMBER Consists of; Health and Safety Manager Service Manager Director of Estates and Facilities Estates and Facilities Projects Manager Director or Manager of IT Risk Advisor Communications Lead Loggist Purpose – Flexible and proportionate support to incident management Gather information on the Incident; Establish site for Command centre (Tavistock or Centre Height ) Ensure everyone is using the guidance in the BCP and the Major Incident Plan Organise bronze team members to cordon off areas or be used as runners between sites Take immediate steps to repair/replace or make alternate arrangements for service provision. Communicate and report back regularly to Silver Commander Ensure the resources for Bronze team to be on site until the incident is stood down Business Continuity Plan, v3, Jan 16 Page 38 of 42 BRONZE TEAM MEMBER Support services Security Departmental Receptionists / Administrators Departmental Managers Service line Managers (Clinical) Fire Wardens RFH on call engineer Estates & Facilities contractors Follow instructions from Silver team Ensure safety of staff and patients at all times Cordon off and secure area Contact patients / students / visitors of cancellation of services and alternative arrangements, via telephone, text or website, ensure communications are clear and relevant Ensure all updates are fed up the chain of command Practical support to Emergency Services Business Continuity Plan, v3, Jan 16 Page 39 of 42 Appendix 7 Communications Action Card Communications during an incident should be handled by a member of the Trust Communications Team. If unable to contact Trust staff, the Incident Manager should request assistance from the Communications Team at NHS England (London) for assistance. All staff should follow the Trust’s communication policy and should not speak directly to the media. Maintain a rota for the role of Communications Lead. Regularly liaise with the Incident Manager regarding situation updates. Agree key stakeholders and primary channels for communication. Co-ordinate media response with local responding organisations and NHS England Call 0844 822 2888 0844 822 2888 Ask for LONØ1 (NHS England London Communications Manager) Agree key messages and information which can be released to the public, regularly review these messages as the event unfolds. Compile a list of Frequently Asked Questions by / for the media / public and agree answers / response with Incident Manager for use by nominated spokesperson. Ensure patient data is kept confidential when speaking to the Media Keep media statements factual and general; do not disclose confidential information as determined by the Date Protection Act. Provide information and guidance for staff as to what to do if the media contact them Issue guidance for staff on how to inform patients of the incident and where appropriate draft communications to support departments with their own updates via webpages, text messages and social media Liaise with multi-agency communications personnel. Inform team of time and location of press briefings. Ensure up to date information is made available to spokesperson in time for briefing. Provide regular communications bulletins for staff, patients, stakeholders and the media Update Trust website and intranet and ensure website and all relevant pages are updated to reflect impact of incident. Use social media platforms as appropriate. Activate and coordinate helpline to deal with general public and media enquiries if necessary. Ensure Incident Stand-down is communicated. Ensure all staff have opportunity to participate in debrief process. Work with team on communicating Lessons Learnt from the Debriefs. Assist with information for use in the Incident Report and arrange for publication Business Continuity Plan, v3, Jan 16 Page 40 of 42 Appendix 8 Loggist Action Card Reporting to the Incident Coordination Centre Prepare the Incident Coordination Centre for use: Clear walls of pictures, arrange furniture and equipment, provide and identify numbers of two telephones (one phone for ICC direct line with the second dedicated for Silver Commander), provide and identify number for direct ICC fax, clear whiteboards for use, display site maps, ensure IT equipment set-up with access to ICC emails (NHS.NET) Open other offices as required (i.e. Command Room for Gold Commander including a direct telephone line) Open incident log and maintain throughout incident – ensure that all details are being entered on the log Messages details – time of call, name of caller (check spelling), their contact number, spelling of technical names, spelling of locations and company names Actions and decisions taken – time of decision, exact nature of decision, spelling of technical names, spelling of locations and company names Challenge anything you are unsure about Receive calls on the direct ICC line Record caller’s details and time of call on log sheet. Record name, organisation and contact numbers. Check spelling of unfamiliar names with caller. As well as their landline number, ask for their mobile phone and pager numbers Ask if email contact is possible. Take email details Answer queries or divert calls to appropriate person as necessary – ask for detailed feedback from the person receiving the call and record this on the log especially any decisions or information requested/provided Arrange refreshments for ICT and Gold Commander as required Act on instructions of Gold, Silver and ICT Supporting information: Depending on the situation, you may have someone else to help you with these tasks. The Silver Commander will let you know if this is the case. If you have any problems you should ask the Silver Commander or EPRR Working Arrangements At the end of your shift you will hand over to someone with similar skills to your own Please make sure that you hand this card to them at that time Make sure they know what arrangements you have made for storing records etc. You will usually be expected to work an 8 hours shift with two 30-minute breaks halfway Business Continuity Plan, v3, Jan 16 Page 41 of 42 Appendix 9 : Action Card for Incident Manager SitRep (Situation Report) Date: Time: Completed by: Department/ Team Name: Notified by: Contact Details: What has actually happened or is the anticipated scenario? What is the current / possible impact on sites / services / critical activities Incident Level: 1 2 3 4 Support Required: Next Update at : Date: Time: Authorising Officer: Business Continuity Plan, v3, Jan 16 Page 42 of 42
© Copyright 2025 Paperzz