WILTSHIRE POLICE FORCE POLICY

Transcription

1 Template v4 WILTSHIRE POLICE FORCE POLICY BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS) Date of Publication: January 2017 Version: 3.0 Next Review Date: January 2019

2 POLICY STATEMENT Wiltshire Police has a statutory duty to maintain plans to ensure that they can continue to perform their functions in the event of an Emergency, so far as is reasonably practicable. The Civil Contingencies Act 2004 (CCA) requires emergency responders to exercise all their functions, not just their emergency functions, in the event of an emergency. Business Continuity Management Systems (BCMS) must be put in place to ensure that these functions are carried out so far as is reasonably practicable. BCMS is a management process that helps manage the risks to the smooth running of an organisation or delivery of a service, ensuring it can continue to operate to the extent required in the event of disruption. These risks could be from the external environment (e.g. power outages, severe weather) or from within an organisation (e.g. systems failure, loss of key staff). BCMS is complementary to Risk Management which seeks to understand the wider risks (of which BCMS may be one) to the achievement of the aims and objectives of the force. It is important not to confuse Business Continuity Management with operational response to major incidents. Business continuity management focuses on internal issues to maintain organisational abilities whereas response to major incidents focuses on external events. Wiltshire Police provides the public of Wiltshire with a full policing service 365 days of the year. The purpose of our Business Continuity Management System is to ensure that in the event of any disruption of service, critical core police functions continue to be performed to an acceptable level of service and recovery from disruption is both timely and effective. The BCMS will be complimented by plans which contain force wide, divisional and departmental contingencies and details of how the force will deal with such threats if and when they do arise. Though disruptions in service delivery are anticipated the Force would not be regarded as efficient or effective if in the face of disruptive challenges, it was unable to continue delivery of service to an acceptable level. What is acceptable will depend to some extent on the circumstances and acceptance indicated by public opinion, public or judicial enquiries or inspectorate bodies such as HMIC. Adherence to this policy will ensure compliance with all relevant legislation and internal policies and ensure that the Force has effective BCMS in place which are regularly tested and maintained. Failure to adhere to this policy would be likely to attract criticism from those judging force performance and may expose the force to risks such as loss of reputation, financial penalties or punitive action against individuals. POLICY AIM The aim of this policy is to direct the Force towards a comprehensive framework for a Business Continuity Management System (BCMS) so that in the event of an emergency, Wiltshire Police can continue to provide the best possible service. The policy includes all slow time management activities and is complemented by plans which can be used in the event of a disruption, or threatened disruption, to the service provision of the force. The policy fully supports the Wiltshire Police objective To prevent crime and protect the public. Version: Next Review Date: January 2019 Page 2 of 6

3 In effect this policy will provide a framework for preparing and developing the plan and embedding business continuity within the culture of Wiltshire Police and the plan will detail the response to the threats posed. APPLICABILITY This policy is applicable to the whole Force and, where required in contracts, to persons or organisations contracted to provide goods and services on behalf of the Force. LEGAL BASIS AND DRIVING FORCE Civil Contingencies Act 2004 International Standard for Business Continuity ISO STRATEGIC PRIORITIES The Force Priorities linked to this document are set out below. Force Priorities Linked to this Policy SP4 Developing Sustainable Policing RELATED POLICIES, PROCEDURES and OTHER DOCUMENTS Risk Principles and Procedures Business Continuity Plans AUTHORISED PROFESSIONAL PRACTICE: There are no directly related areas of APP (This is currently being addressed by ACPO). DATA PROTECTION Any information relating to an identified or identifiable living individual recorded as a consequence of this policy will be processed in accordance with the Data Protection Act 2018, General Data Protection Regulations and the Force Data Protection Policy. FREEDOM OF INFORMATION ACT 2000 This document has been assessed as suitable for public release. MONITORING AND REVIEW The effectiveness of this policy will be monitored in line with the Forces Business Continuity Plan and the ability of the Force to minimise the risk of disruption from identified threats and to exercise all their functions, not just their emergency functions, in the event of an emergency. This policy will be reviewed annually in the light of any national policy or procedural change or due to changes to law or Force strategy or at such other times as may become necessary. WHO TO CONTACT ABOUT THIS POLICY This policy is owned by Operations Support, Major Incident Planning Department. All queries regarding this policy, the BCMS or the Business Continuity Plan should be directed to the Major Incident Planning Manager. Ownership and responsibility for activities is addressed in Appendix A below. Version: Next Review Date: January 2019 Page 3 of 6

4 Appendix A Chief Constable Strategic Lead (SRO) Deputy Chief Constable Force Business Continuity Working Group (FBCWG) (Force Business Continuity Manager / Force Business Continuity Coordinator/ Command SPOCS) Tasking & Coordination Command People Services Local Policing Operational Support Protective Services Finance and Logistics 1. The Chief Constable The Chief Constable is responsible and accountable to the Police Authority for the delivery of policing services. This includes business continuity. 2. Strategic Lead (Senior Responsible Officer) The Deputy Chief Constable (or nominated person) has overall responsibility for the Business Continuity Management (BCM) process and will assume the role of the Senior Responsible Officer (SRO). This member of the executive management board will: Ensure that Wiltshire Police fully complies with its statutory duties under the Civil Contingencies Act 2004 Provide clear strategic direction for the Business Continuity Programme (BCP) Ensure that BCM is effectively implemented in line with the agreed policy and strategy Oversee the development of the governance framework for the management of the organisation s BCM programme including responsibilities, monitoring and reporting to senior management Ensure that all senior managers fully support the BCM programme and the principles of BCM are embedded into the organisation Delegate responsibility for the ongoing management of the BCP to the Force Business Continuity Manager Version: Next Review Date: January 2019 Page 4 of 6

5 3. Force Business Continuity Manager The SRO will appoint a Force Business Continuity Manager. They will have a tactical level of responsibility for the Business Continuity Programme (BCP). Their primary roles are to: Consult with the SRO to ensure the BCP is progressing in line with the approved Business Continuity Strategy Ensure Wiltshire Police s BCP is project managed and a clear audit trail is in place Coordinate the work of the BCWG to ensure Wiltshire Police s BCP is progressed consistently and effectively Ensure the BCP is managed and progressed throughout the force on a day to day basis Produce and maintain key supporting documents required for the BCP Develop the methodology for creating business continuity plan(s) and oversee their implementation Provide advice and support to staff and all stakeholders involved in Wiltshire Police s BCP Quality assure Business Continuity documents completed by command SPOCs Provide a schedule for the reviewing, testing and exercising of Business Continuity Plans, to ensure that they are up to date, relevant and fit for purpose Promote Business Continuity awareness throughout Wiltshire Police through consultation, training, exercising and the testing of plans Act as the Force Business Continuity SPOC for all internal and external audits 4. Force Business Continuity Working Group The role of the forum will be to: Ensure Wiltshire Police is compliant with its legal and other requirements Ensure the development and implementation of the Business Continuity Programme within Wiltshire Police Ensure Wiltshire Police is able to respond to a disruption, irrespective of the cause Consider interdependencies between all stakeholders, including outside organisations and suppliers, that require collaborative working to promote force level Business Continuity planning Embed the principles and understanding of Business Continuity throughout Wiltshire Police by means of consultation, training and exercising Identify gaps and make recommendations to the force Executive and Command Heads Attend the Force Assurance and Organisational Learning Group Identify areas of the business at most risk and propose action to mitigate this risk 5. Force Business Continuity Coordinator The Force Business Continuity Coordinator will be appointed by the Force Business Continuity Manager. Their primary role will be to: Provide support to Force Business Continuity Manager Undertake planning and coordination work as required by the Force Business Continuity Manager Represent Wiltshire Police at relevant local, regional and national Business Continuity meetings as agreed by the Force Business Continuity Manager Version: Next Review Date: January 2019 Page 5 of 6

6 Maintain an awareness of local, regional and national events and publications that may impact on the BCP within Wiltshire Police 6. Heads of Command The Heads of Command are responsible for the production and maintenance of their respective Business Continuity Plans. They will also: Identify an appropriate manager(s) within their directorate to be the single point of contact(s) (SPOCs) for all Business Continuity work. Provide support and commitment to the Business Continuity SPOC(s) within their Command Promote the understanding and importance of Business Continuity within their Command Ensure the principles of Business Continuity are embedded within their command through training, exercising and raising staff awareness Ensure the completion of an analysis of critical functions within their command Oversee the production and regular maintenance of their Business Continuity plans Promote and support proactive work with contractors, suppliers and partners required to promote the BCP Ensure Business Continuity plans and associated documents are reviewed and tested effectively Approve and sign off completed Business Continuity documents Ensure Business continuity arrangements within their Command remain current to reflect any changes including human resources, office moves, working practices and processes. 7. Functional Commands Business Continuity Single Point of Contact (SPOC) This role will be fulfilled by staff deemed most appropriate by the Functional Commander. Their responsibilities include to: Support, promote, develop and manage the Business Continuity Programme within their Command Take an active role within the Force Business Continuity Working Group (BCWG) to ensure a consistent and progressive approach to Business Continuity within their Command and across Wiltshire Police Liaise closely with the Force Business Continuity Manager and Coordinator Participate in Business Continuity training, workshops and exercises to enable the development and testing of Business Continuity plans Promote embedding the principles of Business Continuity within their Command through training, exercising and raising staff awareness Ensure there is an effective audit trail in place for all Business Continuity activities within their Command Proactively seek to mitigate risks and vulnerabilities Identify alternative, off site facilities and services Present options and recommended solutions to senior management for approval Provide Heads of Command with completed Business Continuity documents to be approved and signed off Version: Next Review Date: January 2019 Page 6 of 6