Melanie Quinlan, Business Continuity & Compliance Manager, Resources & Quality Assurance

Similar documents
Update from the Business Continuity Working Group

INDUCTION POLICY AND PROCEDURE

WORCESTERSHIRE MENTAL HEALTH PARTNERSHIP NHS TRUST JOB EVALUATION AND REBAND POLICY

POLICY ON MANAGING POLICIES, PROCEDURES AND GUIDANCE DOCUMENTS

IG01 Information Governance Management Framework

Information Governance Policy and Management Framework

Exercise Tangaroa Evaluation Plan. V1.0 4 February 2016

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Business Continuity Management Policy

STAFF APPRAISAL AND MANAGEMENT SUPERVISION POLICY

Records Management Plan

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

BUSINESS CONTINUITY AS A SERVICE

HSCIC Audit of Data Sharing Activities:

The postholder will work as a key member of the senior team for Organisational Learning and Development.

Job information pack. Executive Assistant to the Chief Executive and Senior Management Team

RISK MANAGEMENT STRATEGY

INFORMATION GOVERNANCE STRATEGY. Documentation control

1.1 Contributes to the Trust s Organisational Development strategy to improve overall organisational performance and effectiveness

INFORMATION GOVERNANCE POLICY

GOVERNANCE STRATEGY October 2013

Risk Management Strategy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Health and safety. Strategy and action plan 2016/17. Safety first. Health and safety strategy and action plan 2016/17 (04/16) (V1)

The Strategy, Process and Application of Clinical Audit in the London Ambulance Service

Information Governance Management Framework

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

INFORMATION GOVERNANCE POLICY

Audit of Departmental Security

Job Description. Compliance Officer (Data Protection) Compliance and Quality Manager N/A. Responsible for line managing

A Quality Assurance Framework for Knowledge Services Supporting NHSScotland

Business Continuity Plan Activation and Review

R&D Manager Hillingdon Hospital. Revision History Effective Date Reason For Change. recommendations Version no:

Environment and resource efficiency Strategy and action plan 2016/17

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

Defending the Fortress Women in FM 15 th July Samantha Bowman Senior Facilities Manager

Information Governance Assurance Framework

SEVERE WEATHER and DISRUPTIONS to PUBLIC TRANSPORT POLICY

FCAT SUPPORT PACKAGE

Draft terms of reference for the Staff Forum and communicate relaunch.

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Audit of Human Resources Planning

IPSec Professional Risk Victorian Protective Data Security Standards Compliance Services Overview in Brief

RISK MANAGEMENT POLICY

Fixed Term Staffing Policy

Yale University Business Continuity Planning Quick Start Guide

CAPITAL DELIVERY HUB. Programme Manager Education Construction. Permanent Placement Package to 67,000. Background

US Business Continuity Safeguarding Your Business from a Disaster

PRESIDENT. Requirements: Must be an SHRM member in good standing for entire term of office.

CHILDREN S HOSPICE ASSOCIATION SCOTLAND

DOCUMENT CONTROL PAGE. Health and Safety Policy Statement

Bowmer. & Kirkland. Kirkland. & Accommodation. Health & Safety Policy.

Information Governance Management Framework Version 6 December 2017

Care.data Programme Board Terms of Reference

EQUALITY AND DIVERSITY COMMITTEE. Terms of Reference

British Gas Report to Ofgem in response to Ofgem s open letter on Supplier Complaints Handling dated 26th September 2014

Information Governance Policy

NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016

SESSION 405 Tuesday, November 3, 10:00am - 11:00am Track: Industry Insights

University of Birmingham

BUSINESS CONTINUITY MANAGEMENT POLICY. Organisational

RTC EDUCATION LTD T/A REGENT COLLEGE REGENT SKILLS TRAINING

JOB DESCRIPTION AMNESTY INTERNATIONAL INTERNATIONAL SECRETARIAT

Group Accountant (Children s Services)

WEST HERTFORDSHIRE HOSPITALS NHS TRUST WORKFORCE COMMITTEE

Standard Operating Procedures for timely preparation and implementation of management responses to evaluations commissioned by the Evaluation Office

Personal Assistant. Property Group, Shared Services. What we do matters our purpose. How we do things around here our principles

PERSONAL DEVELOPMENT AND REVIEW (PDR) Guidance notes for departments introducing PDR for support staff and academic-related staff

Department HR Operations. Approved by Pay and Reward Sub Group. Approval and Review Process Workforce & Organisational Development Committee

Head of marketing production

DECISION 10/2014/GB OF THE GOVERNING BOARD OF THE EUROPEAN POLICE COLLEGE ADOPTING THE EUROPEAN POLICE COLLEGE S INTERNAL CONTROL STANDARDS AND

Personal Assistant. Service Delivery and Operations. What we do matters our purpose. How we do things around here our principles

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

PARTNERSHIP SELF ASSESSMENT GUIDANCE & QUESTIONNAIRE JUNE 2009

Risk and risk management

To provide leadership and strategic direction for individual support services, across the MS Society

Loch Lomond & The Trossachs National Park Authority. Annual internal audit report Year ended 31 March 2015

HSCIC Audit of Data Sharing Activities:

CAMBRIDGESHIRE COUNTY COUNCIL SAFETY OF SPORTS GROUNDS FUNCTION POLICY DOCUMENT

STATUTORY POWERS, DUTIES, ROLES AND RESPONSIBILITIES OF GOVERNORS

JOB DESCRIPTION. Community Led Local Development (CLLD) Programme Manager. The four CLLD Local Action Groups across Cornwall (Functional Management)

JOB DESCRIPTION TEMPLATE JOB IDENTIFICATION

BUSINESS CONTINUITY MANAGEMENT POLICY

Invitation to tender for internal audit services

What. (what activities or tasks are planned to achieve the outcome)

Framework and Guidance for Applicants Assessors Verifiers

Humber Information Sharing Charter

Achieve. Performance objectives

South Lanarkshire Leisure and Culture Job Evaluation Scheme Handbook

NATIONAL QUALITY BOARD

(d) Continuous Professional Development CONTINUED PROFESSIONAL DEVELOPMENT STATEMENT

THE UNIVERSITY OF NOTTINGHAM. Recruitment Role Profile. Governance Services and Executive Support (Executive Office)

GROUP AUDIT COMMITTEE TERMS OF REFERENCE

Grievance Procedure. Version: 4.0. Date Approved: 30 October Date issued: 30 October 2017 Review date: October 2022

NIHR Local Clinical Research Networks

Information Governance Strategy and Management Framework

Public Information Manager

Data Quality Policy

WORCESTERSHIRE MENTAL HEALTH PARTNERSHIP NHS TRUST

Regulation pertaining to disciplinary & related procedures for academic staff

Post: Head of Standards Governance Department/Region: Science and Standards Location: London Purpose of post:

Transcription:

Executive Board meeting, 26 June 2017 Agenda item: 8 Report title: Report by: Action: Business Continuity Working Group update Melanie Quinlan, Business Continuity & Compliance Manager, Resources & Quality Assurance melanie.quinlan@gmc-uk.org, 0161 240 8310 To note Executive summary The Business Continuity Working Group oversees the development, maintenance and improvement of the GMC s business continuity management system. We follow the good practice guidelines published by the Business Continuity Institute and align to the national ISO 22301:2012 standard. This paper summarises the work undertaken by the BCWG since the last report to the Performance and Resources Board on 23 June 2016 and key activities planned to deliver the 2017-2018 work programme. Recommendations The Executive Board is asked to note: a The work of the Business Continuity Working Group (BCWG). b The updated Business Continuity Working Group Terms of Reference (Annex A).

Executive Board meeting, 26 June 2017 Agenda item 8 Business Continuity Working Group update Background 1 The Business Continuity Working Group (BCWG) is chaired by the Director of Resources and Quality Assurance and reports to the Executive Board annually. Business continuity ensures that the GMC can respond effectively in the event of a disruption to normal operations. 2 Operationally, the work of the BCWG is led by Melanie Quinlan who joined the GMC in September 2016 as Business Continuity and Compliance Manager, to manage both business continuity and health and safety. Overview of the BCWG 3 The BCWG meet bi-monthly to review and discuss: Any business continuity incidents or events that caused a business interruption. The business continuity annual work plan and training matrix. New procedures and plans. Any potential new risks. Business Continuity work since June 2016 4 All of the over-arching organisational Business Continuity plans have been reviewed and updated, to include changes resulting from the change programme along with some minor changes to the format and the addition of aide memoires. List of plans: Organisational Business Continuity plan. Emergency Response plan 3HS. Emergency Response plan MPTS. Emergency Response plan London. Pandemic Response plan. 5 All plans are now available on staff desktops and on GMC Samsung mobile phones, through the Content app. In addition to this, a piece of work is being carried out with IS to ensure that the plans are available on SMT s IPhones. 2

Executive Board meeting, 26 June 2017 Agenda item 8 Business Continuity Working Group update 6 The business continuity risk register has been reviewed and updated. All risks that are no longer relevant have been removed and the previous risk register archived. No new risks have been identified. 7 A programme of business continuity training has been delivered by Mel Quinlan for staff members who will be involved in the initial response to an incident and department business continuity champions, including: Incident Management (four sessions). Incident Controller (two sessions). Log Keeper (three sessions) Business Continuity workshop phase 1 (six sessions). Business Continuity workshop phase 2 (five sessions) 8 A scenario based organisational exercise facilitated by external consultants Glen Abbot, has been scheduled in June to provide colleagues in the senior management and incident management teams with the opportunity to experience responding to an incident in real time. 9 In order to ensure a life-like scenario, each area of the business has been contacted to discuss what level of disruption the scenario may have on their service delivery. This information will be provided to the exercise attendees so that they have an awareness of the impact across the organisation. 10 A significant amount of work has been carried out to develop the Business Continuity plans at department level, and to increase awareness of business continuity throughout the organisation. Departmental recovery plans 11 Each service area of the organisation now has an appointed Business Continuity Champion to ensure that departmental recovery plans are in place, reviewed and kept up to date. To ensure that each Champion is recognised and valued for the work that they complete, we have worked with HR and the L&D team to include a business continuity objective in their personal objectives. 12 In February 2017 all Business Continuity Champions attended a business continuity workshop, which provided support for carrying out Business Impact Assessments (BIA), including: An introduction to business continuity. 3

Executive Board meeting, 26 June 2017 Agenda item 8 Business Continuity Working Group update A discussion around the GMC s time sensitive activities. An introduction to the new BIA template. The offer of a 1-2-1 session to assist with completing the BIA template. 13 Since February we have reviewed 48 Business Impact Analysis forms. Each time sensitive activity and internal dependency has been taken from each form and added to an organisational spreadsheet. This information is currently being analysed to ensure that each department sets realistic and achievable recovery times. 14 The Business Impact Analysis form also asks each business area, which software application they depend on for each activity. This information has been collated to include in the IS Disaster Recovery plan. 15 In May the Business Continuity Champions attended a second business continuity workshop, which provided them with: An overview of business continuity strategies and tactics. A mini exercise to look at organisational challenges. An introduction to the new Departmental Business Continuity (DBC) plan template. The offer of a 1-2-1 session to assist with completing the Departmental Business Continuity plan. 16 We are currently in the process of reviewing all 49 Departmental Business Continuity plans. Business Continuity e-learning package 17 A new mandatory Business Continuity E-learning course has been produced to raise business continuity awareness across the organisation. The course will be live in June, with staff being given a 3 week deadline for completion. Business Continuity Incident Response Cyber Security Incident 12 May 2017 18 On the 12 May 2017 there was a global ransomware attack. The media advised that several NHS trusts, as well as another 45,000 companies across 99 countries were targeted. 19 The IS Cyber Security plan was activated; however there was no evidence that the GMC had been affected. The Cyber Technical Response Team worked late into the evening and throughout the weekend, to ensure that our systems were secure. 4

Executive Board meeting, 26 June 2017 Agenda item 8 Business Continuity Working Group update During this time regular updates were sent to members of the Incident Management Team and the Senior Management Team. 20 The Cyber team established themselves quickly, and soon identified the need to switch off the link to the NHS system. Following on from this they isolated all GMC email systems and servers to prevent an attack. 21 A crucial role throughout the response was the gathering of intelligence, in order to safeguard our systems. In order to do this, the IS team worked with security partners to assess the particular nature of the threat. 22 The level of patching on GMC laptops meant that if an individual laptop had been affected, our systems would have prevented the virus spreading across our network. 23 Once the incident was stood down Adam Walker (Infrastructure Manager) and Melanie Quinlan (Business Continuity & Compliance Manager) conducted an internal debrief of the incident. Manchester Bomb 22 May 2017 24 On Monday the 22 May at 22.30hrs, the Manchester Arena was attacked by a suicide bomber. The media advised that 22 people died and another 59 were injured. 25 The following morning transport links to the city centre were severely disrupted. The Incident Management Team quickly gathered information and identified the potential implications to colleagues travelling into Manchester. 26 At approximately 07.15hrs on Tuesday morning, HR sent an all staff text message and email to colleagues, encouraging them to work from home or delay their journey into work. The message also provided colleagues with the contact details of our Employee Assistance programme. 27 The Staff Incident Line was also updated with new information. 28 Staff working in the Contact Centre, Clinical Assessment Centre, on MPTS hearings, receptions and the switchboard came into the office to ensure that operationally there was no disruption to services. 29 Throughout the course of the day the incident was monitored. At 10.30hrs the Incident Management Team convened, followed by the Senior Management Team at 11.00hrs, to review the situation as it developed. At 16.00hrs there was a final Incident Management Team meeting. Business Continuity Standard 5

Executive Board meeting, 26 June 2017 Agenda item 8 Business Continuity Working Group update 30 A business continuity gap analysis was conducted in September 2015, which aligned our procedures to the IS22301 standard. Since this date we have enhanced our procedure, which has brought us closer to the standard. 31 Our Business Continuity Consultants Glen Abbot advised that the ISO 22301 is currently under review. In addition to this they have worked with organisations who have implemented the ISO standard; however they found the process too prescriptive, as well as not meeting the needs of individual organisations. We will continue to align to the standard and review this position in 12 months time. Next Steps 32 Business Continuity has a continuous lifecycle, which ensures the improvement of resilience procedures. In order to keep the momentum and continue to enhance procedures we will: Provide an internal debrief report following the Organisational Business Continuity exercise. Complete Loggist training with the Admin Network group. Conduct the annual review of organisational plans. Add the Departmental Business Continuity information to the Pandemic Response plan. Plan and conduct a Business Continuity awareness week. Validate the 48 Departmental Business Continuity plans by conducting a mini table top exercise. Conduct annual reviews of the Organisational Business Continuity plans. Document review 33 Updated documents are submitted to the group for review and the BCWG has approved the Terms of Reference document at Annex A following the annual review of the document. 6

Executive Board meeting, 28 June 2017 8 Business Continuity Working Group update 8 Annex A BCWG Terms of Reference Business Continuity Working Group: Terms of Reference Author Melanie Quinlan Version 5.0 Issue Date 17th May 2016 Review Date One year File Location Document: Pdf: Intranet

Executive Board meeting, 28 June 2017 Agenda item 8 BCWG Terms of Reference Introduction 1 The purpose of this document is to formalise the roles and responsibilities of the Business Continuity Working Group (BCWG). Background 1 The BCWG provides direction and support in order to develop and maintain the Business Continuity Management System (BCMS). The work of this group enables the GMC to be assured that appropriate actions are taken in the event of any unplanned business interruption and that potential threats are reviewed. 2 Our Business Continuity Policy sets out the framework to develop and sustain our business continuity plans and procedures, which we align to the ISO22301:2012 standard. In order to achieve this we continually look for ways to improve our processes and raise awareness across the business. 3 The business continuity plans include pre-identified procedures along with aide memoires to assist the incident response teams. The annual review of the plans ensures that they are fit for purpose with the most current information. In addition to the incident response plans, each service also has an individual Departmental Recovery plan. 4 Our Document Management system supports the systematic approach to the management of the business continuity, as it identifies the various review dates for each of our plans and procedures. Scope 5 This document details the terms of reference for the BCWG, and its role in developing and managing the BCMS. Responsibilities 6 The Director of Resources and Quality Assurance (R&QA) is the chair for the BCWG meetings and ensures that the group operates in accordance with the Terms of Reference. In addition to this the Director will also lead on all business continuity matters. 7 The BCWG is accountable to the Executive Board and the R&QA Director will refer matters if necessary. The Executive Board comprises of the Chief Executive, Chief Operating Officer and all Directors. A2

Executive Board meeting, 28 June 2017 Agenda item 8 BCWG Terms of Reference 8 The Business Continuity and Compliance Manager is responsible for business continuity and will ensure that: The annual work plan is on target. All plans and documents are maintained and reviewed on time. Training sessions are designed and disseminated. Business continuity awareness is raised across the organisation. All incidents and exercises are reviewed. Procedural changes are updated as and when necessary. Membership 9 The BCWG includes representatives from all business areas; however the primary group consists of those responsible for any identified time sensitive activities. BCWG member list: Director of Resources and Quality Assurance (Chair) Business Continuity and Compliance Manager Assistant Director of Information Systems Head of Facilities Assistant Director of Human Resources Head of IS Operations Assistant Director of Registration and Revalidation Assistant Director of Strategy and Communications Assistant Director of Fitness to Practise Assistant Director of Education and Standards Assistant Director of MPTS Health, Safety and Compliance Officer A3

Executive Board meeting, 28 June 2017 Agenda item 8 BCWG Terms of Reference Where the member is unable to attend a nominated deputy will attend on their behalf. Meetings 10 The group will meet bi-monthly and the Business Continuity Manager will ensure that all necessary paperwork is circulated. Responsibilities of the BCWG 11 The Business Continuity Working Group supports the business continuity management framework which aligns to the ISO 22301:2012 standard. 12 The key responsibilities of the group include the following points which align to both the standard and the Good Practice Guidelines (published by the BCI). Plan Develop business continuity policies, strategies, plans and procedures. Develop a reporting schedule for the management of reviews and audits. Do Ensure that business continuity policies, strategies plans and procedures are implemented. Support the Business Continuity Manager in coordinating the implementation of business continuity. Ensure that all staff are aware of the BCM Policy. Horizon Scan so that any emerging risks, issues or changes to legislation, regulation and interested party management can be incorporated into the necessary parts of the BCMS. Ensure that all necessary roles for the development, maintenance and review of the BCMS are allocated and training is provided. Identify all critical suppliers and ensure their Business Continuity arrangements are reviewed. Implement a safe and secure documentation storage medium for the BCMS. A4

Executive Board meeting, 28 June 2017 Agenda item 8 BCWG Terms of Reference Check Approve business continuity policies, strategies, plans and procedures. Review status reports covering business continuity implementation, exercising, training, post-incident reports, risk management and corrective actions. Using the Management Review check that the BCMS remains effective and report the finding to top management. Act Implement corrective actions arising from implementation, risk management, postexercise reviews, post-incident reviews, management reviews and internal audit. Recommend changes to policies, strategies, plans and procedures based on business continuity incidents and changes in risks. Promote and manage continual improvement of the BCMS process. Document Control Version History Version Status* Author Reason for Date issue 4.0 Agreed by BCWG and by SMT on circulation Sheila Tuffrey Creation 3 June 2011 4.1 Published Sheila Tuffrey Changes in organisation and maturity of BC 4.2 Published Sheila Tuffrey Changes requested by BCWG/AD R&QA 4.21 Reviewed in 2014 and 2015 Sheila Tuffrey Reviewed by - no changes made BCWG by circulation no changes 4. 3 Draft updated to new Sheila Tuffrey Circulated to template. Note added about BCWG deputies and management April/May 2013 15 May 2013 29 May 2014 April/May 2016 A5

Executive Board meeting, 28 June 2017 Agenda item 8 BCWG Terms of Reference review 4.3 Final Sheila Tuffrey Approved at 24 May 2016 meeting 5.0 Draft Melanie Quinlan Review May 2017 Maintenance and Review Date of Review Action Required Responsible person Year from approval Review content for consistency and currency Melanie Quinlan Sign off Reviewed by Method How approved BCWG By circulation Feedback by email and at meeting Distribution All members of the Business Continuity Working Group (BCWG) A6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback