Transcript The Business Continuity Plan
The Business Continuity Plan
Chris Owens/Annette Mercer Public Health Knowsley MBC
Local Pharmaceutical Committee 18 June 2014
Business Continuity Plan
• A Business Continuity plan is developed to ensure that business can return to "business-as-usual“ as quickly and painlessly as possible in the event of a major disruption.
• Any number of events can bring business grinding to a halt; the purpose of business continuity is to ensure that you can respond sensibly as an organisation and as individuals.
• A plan should identify all the requirements which are essential for keeping the business running and include processes to keep disruption to a minimum. It also ensures that you can manage a crisis effectively.
Business Continuity Team
The Business Continuity Team is the group of key staff who will be called together to: • manage the response to an incident • monitor the maintenance of critical activities • oversee the post-incident recovery process (This ranges from one or two people to a team that includes staff from Head Office)
Business Plan Checklist
Advice on what to put in the Plan
• Contains a version history / date the plan was last updated (ideally updated every six months) • Identifies a plan owner • Identifies a business continuity or incident management team (ideally with deputies) who will implement the plan • Contains a clear index / list of contents • Is protectively marked and contains a data protection statement
Contents of the Plan
• Identifies the criteria / scenarios in which the plan will be activated • Includes step-by-step checklists for the actions to be taken • Identifies how actions will be prioritised • Identifies realistic recovery timescales • Identifies specific IT recovery, telephony diversion and manual workaround arrangements
Contents of the Plan
• Event log • Service Specific Information e.g. key partners (local authority, drug service, stop smoking service, sexual health service) • Critical records and documents • Staff contact details who would be expected to respond to an incident • All staff contact details • Skills audit
Contents of the Plan
• The dates and frequency at which the plan is tested • The type of testing carried out (e.g. desktop ‘walkthrough’ exercise • The findings from tests and exercises, i.e. what learning points were captured and how these have been used to improve the plan • Number, duration and type of outages / disruptions to business-as-usual experienced in the last five years • The findings from post-incident debrief, i.e. what learning points were captured after the incident and how these have been used to improve the plan
Who will hold copies
• Business Continuity Team • Electronic master copy • Copy kept in the ‘Battle Box’
Battle Box
• • Business continuity plan Standard operating procedures • • PGD’s Staff contacts • • Logging record books List of all the contracts / service specifications etc
FOR CONSIDERATION
• Major incident plan • Outbreak plan • Cold weather plan • Heat wave plan • Pandemic flu plan
Storing of data
• To ensure minimal loss it is important to save data in the appropriate place.
• Is your system backed up on a 24 hour basis so if there was a loss of IT the loss would be negligible?
• Remember Information Security. In particular, remember that sensitive data should not be e-mailed to personal (home) e-mail accounts.
Debrief
• Held after any incident /disruption • Lessons learned collected from whole team
Summary
• Corporate document • Used in the event of a major disruption • Regular walkthrough exercises • Updated every 6 months