Corporate policy. Business Continuity Management Policy. Issue sheet

Similar documents
Information Security Policy

Corporate Strategy Records management

Date: INFORMATION GOVERNANCE POLICY

WILTSHIRE POLICE FORCE POLICY

Business Continuity Management Policy

Business Continuity Policy

Avenir Digital Limited

REV NO. DATE REVISION DESCRIPTION APPROVAL

EDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK

Information Governance Management Framework

Policies, Procedures, Guidelines and Protocols. Document Details

Business Continuity Management Plan. Policy

Overarching Information Governance Policy

WILTSHIRE POLICE FORCE POLICY

NHS England Emergency Preparedness, Resilience and Response (EPRR) Business Continuity Workshop Delegate Book

Introducing ISO 22301

Business Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017

INFORMATION GOVERNANCE POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

CAPITA PLC POLICY. Environmental [PUBLIC] Classification Version 2.0

Data protection (GDPR) policy

Emergency Preparedness, Resilience & Response (EPRR) Policy

UNIVERSITY OF ABERDEEN ADVISORY GROUP ON BUSINESS CONTINUITY & RESILIENCE BUSINESS CONTINUITY POLICY

Job Description. Operations Manager. Scheduled Care. Band 8A. Centre Manager. Centre Manager

Business Continuity Policy

Business Continuity Management Policy and Framework

COMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY

Office of the Police and Crime Commissioner Devon & Cornwall

Ref Domain Standard Detail

Information Governance Clauses Clinical and Non Clinical Contracts

HEALTH AND SAFETY POLICY

<Full Name> OHS Manual. Conforms to OHSAS 18001:2007. Revision Date Record of Changes Approved By

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager

Head of HSE. Group Services, Risk

IOSH head of policy and public affairs Richard Jones reviews the development of the universal management systems standard due in October.

HAWKE S BAY REGIONAL COUNCIL

[RESTRICTED ACCESS: SECURITY] COMMONS EXECUTIVE COMMITTEE Update on business resilience capability and annual approval of Business Resilience Policy

Public Governing Body Meeting 19 August 2014

Statement of Work Business Continuity Project Submitted on August 8, 2017 for SPC on Finance on August 14, 2017

Records Management Policy

POLICY ON ENVIRONMENTAL MANAGEMENT

Information governance strategy

GROUP HEALTH & SAFETY POLICY

Health and Safety Policy

BUSINESS CONTINUITY & STRATEGY POLICY

Information Governance Policy

Business Continuity Framework v

Phumelela Gaming and Leisure Limited

Business Continuity Policy. Interim Governance Consultant. October Greenwich Executive Group

Environmental Roles and Responsibilities

Garth Hill College WASTE MANAGEMENT POLICY

RISK MANAGEMENT STRATEGY AND POLICY

THE ARCG CHARTER. Issued in March 2008

Customer Advocacy. Complaints Management Policy

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

Internal Audit Charter

Abu Dhabi Occupational Safety and Health System Framework (OSHAD-SF) OSHAD-SF Guidance Document

Policy Work Health and Safety (WHS) RCPA Introduction WHS legislation

Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Business Continuity Policy

This Policy supersedes the following Policy, which must now be destroyed:

Information Governance Policy

NHS NEWCASTLE GATESHEAD ALLIANCE Business Continuity Plan (including Emergency Planning Response and Resilience and Surge Management Arrangements)

City of Saskatoon Business Continuity Internal Audit Report

Records Management Policy

THE HARBOUR MEDICAL PRACTICE EASTBOURNE

Information Governance Policy

POLICY. Occupational Health and Safety Policy. (from Complispace) Approved: 18 April 2018

Head of Security and Business Continuity

Internal Audit Charter. (Board approved 13 April 2012)

Health and Safety Policy

Internal Audit Charter

Risk Management Strategy

A tool for assessing your agency s information and records management

INTERNAL AUDIT AND ASSURANCE MANDATE

ENVIRONMENTAL MANUAL. Page 1 of 26 Uncontrolled when printed NCH Env Manual Vers 11.0 date 01/02/18

Phoenix Energy Holdings Gas Ltd Health & Safety Policy

This Policy supersedes the following Policy, which must now be destroyed:

Boral Limited Audit & Risk Committee Charter

Health, Safety and Wellbeing Policy

29/11/2017. Risk Management Policy

A PUBLIC COMMITMENT. Product Stewardship. Plastics and Chemicals Industries Association CODE OF PRACTICE

PERFORMANCE EVALUATION POLICY

IGPr002 - Information Governance Management Framework

4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles;

BUSINESS CONTINUITY STRATEGY Version 1

WHS Work Health and Safety

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

Records Management Policy

Bowmer. & Kirkland. Kirkland. & Accommodation. Health & Safety Policy.

MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE

Data Protection Policy

The Science Museum Group Health & Safety Policy

INTERNAL AUDIT PLAN AND CHARTER 2018/19

Partners and staff can contribute to maintaining and improving PwC s health & safety standards by:

Introduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance

This policy sets out clear guidelines for what is expected from all NAS employees in relation to health and safety responsibilities.

JOB DESCRIPTION. 3. To ensure the team provide benefits advice, signposting and an effective income collection service.

HEALTH & SAFETY POLICY TABLE OF CONTENTS RESPONSIBILITIES

5. Effective controls and risk management

Transcription:

Corporate policy Business Continuity Management Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review BCM Policy\Current and Final NHS Business Services Authority Business Continuity Management Policy Gordon Wanless All NHSBSA staff For information / action Last reviewed 30 March 2016 Review cycle Date of Equality Assessment Date of Fraud Review Annual Revision details Version Date Amended by Approved by Details of amendments Initial release 4.09.2007 - IGSG In 1.2 add in where disaster recovery fits in with business continuity including a definition of terms In 5.2 amend the fourth bullet point to add provision of advise / guidance on the after the. Insert a 6.10 covering Internal Audit a 27.10.2011 G Wanless IGSG Change Overall BC Owner to be CEO from COO Make changes required as per PwC Audit findings b 31.01.2014 G Wanless BCMF Change of BS25999 to BS ISO 22301

Updating/adding of business area Business Continuity Managers c 17.04.2015 C Gooday BCMF Update 6.4 with change of role titles d 17.11.2017 C Gooday G Wanless Update for ISMS format and revised IG Policy links 2

1. Policy Summary 1.1. This policy will ensure the protection of all NHSBSA s products and services in accordance with the international requirements standard for business continuity management (BCM) (i.e. BS ISO 22301). 2. Introduction 2.1. The NHSBSA s records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision-making, protect the interests of the NHSBSA and the rights of patients, staff and members of the public. They support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways. 2.2. The NHS Business Services Authority (NHSBSA) has a legal obligation to comply with all appropriate legislation in respect of managing records. It also has a duty to comply with guidance issued by NHS England, NHS Digital, and other advisory groups to the NHS and guidance issued by professional bodies. 3. Scope 3.1. This policy applies to all employees, Non-executive Directors, contractors, agents, representatives and temporary staff working for or on behalf of the NHSBSA. These will be referred to as Staff in the remainder of this policy. 3.2. This policy applies to all products and services provided by the NHSBSA, whether or not the provision of these is outsourced. 3.3. The recovery of Technology services from a Business Continuity incident will be covered by the IT Disaster Recovery Policy. 3.4. The resilience and security of NHSBSA information in a Business Continuity incident will be governed by the Information Security Policy. 4. Objectives 4.1. The objectives of this policy are: ensures that all BCM activities are conducted and implemented in an agreed and controlled manner. ensures that the NHSBSA achieve a business continuity capability that meets changing business needs and is appropriate to the size, complexity and nature of the NHSBSA. puts in place a clearly defined framework for the ongoing BCM capability. 3

5. Key outcomes (or Expected Results) 5.1. Minimise the disruption to NHSBSA services from a BCM incident. 5.2. Ensure staff and stakeholders are informed of recovery progress so that they can take appropriate actions to minimise any wider impact. 6. Principles 6.1. In meeting with the international requirements standard for BCM, the NHSSBA will ensure: 7. Responsibilities the set-up activities for establishing a business continuity capability. These incorporate the specification, end-to-end design, build, implementation and initial testing of the business continuity capability. the ongoing management and maintenance of the business continuity capability. These activities include embedding business continuity within the NHSBSA, testing plans regularly, and updating and communicating them, particularly when there is significant change in premises, personnel, process, market, technology or NHSBSA structure. Corporate Business Continuity Manager The Corporate Business Continuity Manager responsibilities have been allocated to the Head of Information Governance role within the NHSBSA. The Corporate Business Continuity Manager responsibilities include: Ensuring that an appropriate BCM policy for the NHSBSA is produced and kept up to date. Ensuring that the appropriate BCM procedures, practices and plans are formulated and adopted by the NHSBSA in support of this policy. Representing the NHSBSA on BCM matters. Providing the appropriate leadership and direction for the BCM team operating within the NHSBSA. Setting the standard of BCM training for staff across the NHSBSA. Acting as a central point of contact on BCM within the NHSBSA. Implementing an effective framework for BCM. 4

Head of Communications The Head of Communications responsibilities include. Ensuring that there is an appropriate BCM communication plan produced and kept up to date. Information Asset Owners All Information Asset Owners across the whole of the NHSBSA are directly responsible for: All responsibilities detailed in the Information Governance Policy. Assisting in the preparation and maintenance of policies, procedures, protocols, plans and guidance in compliance with BCM. BCM plans should be reviewed no less frequently than annually. Ensuring that staff that have a role in the BCM team for the business area have an awareness of their role and what they need to do to fulfil that role. Providing advice and guidance to all enquiries from internal and external sources. Auditing appropriate systems in accordance with risk analysis reviews. Ensuring that business continuity is included as part of their business area s risk register and business plan. Ensuring that a statement on business continuity preparedness is included as part of the annual divisional letter of management representation. Ensuring that testing of the business area s BCP preparedness is carried out no less frequently than annually. Ensuring that a complete copy of the business area s BC plan is stored in a secure but accessible off-site location. Ensure that a copy of the business area s BC plan is available on the business area s intranet. ensuring that staff are made aware of any BCM notices and BCM responsibilities. ensuring that staff have had suitable BCM training. All Staff All staff are directly responsible for: All responsibilities detailed in the Information Governance Policy. Being aware of the existence of the business unit s BCM plans and where these are located. Keep a copy of the emergency contact number and use it in a business Continuity situation. 5

All staff have a responsibility to inform their business area Business Continuity Manager or the NHSBSA Corporate Business Continuity Manager of any new product or service as soon as possible after it has been identified. 8. Related policies 8.1. This policy follows: Information Governance Policy Information Security Policy IT Disaster Recovery Policy 9. Penalties 9.1. Any user who violates this policy will be subject to disciplinary action up to and including dismissal, including criminal prosecution. 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback