BUSINESS CONTINUITY POLICY & BUSINESS CONTINUITY PLAN
IF YOU ARE RESPONDING TO A BUSINESS CONTINUITY INCIDENT, GO STRAIGHT TO PAGE 19
AND USE THE FLOWCHART ON PAGE 21
Last Review Date
December 2018
Approving Body
Audit Committee
Date of Approval
7 March 2019
Date of Implementation
11 March 2019
Next Review Date
December 2021
Review Responsibility
Head of Corporate Governance
Version
3.1
2
REVISIONS/AMENDMENTS SINCE LAST VERSION
Date of Review Amendment Details
December 2013 New policy developed across South Yorkshire & Bassetlaw CCGs in line with national guidance. Localisation of the template has taken place to reflect the Doncaster position.
September 2016 Refresh of policy in accordance with revised NHS England guidance, and to link to Emergency Preparedness, Resilience & Response. Main changes to policy:
Update of definitions (p.4)
Refresh of policy aim in line with national guidance (p.5)
Update of legislation (p.6) Main changes to procedure:
Definition of CCG responsibilities (p.10)
Revise sections to mirror business continuity management cycle (p10 to p.13)
Expand requirements for exercising in line with national guidance (p.13)
Expand plan activation guidance in line with national guidance (p.13 to p.14)
Add new section on Stand-down (p.14)
Expand requirements for communications strategy in line with national guidance (p.14)
Add new section on Stand-down (p.14)
Add new section on our relationship with external suppliers and contractors (p.16)
Main changes to procedure:
Add Business Continuity Plan to policy (was previously held separately).
o Amendments to reflect the national 5 areas of business impact: people, premises, technology, information, suppliers.
o New flowchart to further explain incident management process (p.21)
o Minor amendments to communication strategy (p.24 to p.25)
o Appendix D – inclusion of reference to externally held action cards
December 2018 Main changes to policy:
Updated email addresses throughout the document.
Change reference Chief of Corporate Services to Associate Director of HR and Corporate Services
3
throughout the document.
Update Communications manager details (p 27).
Removal of reference to Doncaster CVS.
Risk Scoring Matrix amended to reflect the Risk Management Strategy, Policy and Framework (p 36).
4
CONTENTS
Page Definitions 5 Section A – Policy 6-10 1. Policy Statement, Aims and Objectives 6-7 2. Legislation and Guidance 7 3. Scope 7 4. Accountabilities and Responsibilities 7-9 5. Dissemination, Training and Review 9-10 Section B – Procedure 11-17 1. The Approach to Business Continuity Management
11
2. Stage 1 – Understanding the Organisation
12
3. Stage 2 – Determining Business Continuity Management Strategy
12-13
4. Stage 3 – Developing and Implementing the Business Continuity Management Response
13
5. Stage 4 – Exercising, Maintaining and Reviewing
14
6. Plan Activation
14-15
7. Stand-down
15
8. Communications Strategy
15-16
9. Business Continuity and Incident Response Packs
16
10 Training and Awareness
16
11. External Suppliers and Contractors
16-17
Section C – Business Continuity Plan 18-48
5
DEFINITIONS Term
Definition
BCM
Business Continuity Management
BCMS Business Continuity Management System
BCP
Business Continuity Plan
BIA Business Impact Analysis
Business Continuity Incident
A business continuity incident is an event or occurrence that disrupts, or might disrupt, an organisation’s normal service delivery, below acceptable predefined levels, where special arrangements are required to be implemented until services can return to an acceptable level. This could be a surge in demand requiring resources to be temporarily redeployed.
Critical incident A critical incident is any localised incident where the level of disruption results in the organisation temporarily or permanently losing its ability to deliver critical services, patients may have been harmed or the environment is not safe requiring special measures and support from other agencies, to restore normal operating functions.
CCG
Clinical Commissioning Group
Major incident
A major incident is any occurrence that presents serious threat to the health of the community or causes such numbers or types of casualties, as to require special arrangements to be implemented. For the NHS this will include any event defined as an emergency under Section 1 of the Civil Contingency Act 2004:
An event or situation which threatens serious damage to human welfare in a place in the United Kingdom.
An event or situation which threatens serious damage to the environment of a place in the United Kingdom.
War, or terrorism, which threatens serious damage to the security of the United Kingdom.
6
SECTION A – POLICY 1. Policy Statement, Aims and Objectives 1.1. NHS Doncaster Clinical Commissioning Group (CCG) must deliver an
effective Business Continuity Management System (BCMS) in order to secure the best possible outcomes for patients and to successfully deliver our strategic objectives and operational plan. In addition, the CCG must comply with the Civil Contingencies Act (2004).
1.2. Commissioning is a key function of the NHS and CCGs. The CCG plays a key role within the local health system, and therefore it is important that the organisation is able to continue its activities in the face of situations that might be, or could lead to, disruption, loss, emergency or crisis.
1.3. In order to effectively carry out our commissioning functions, the CCG requires access to resources to ensure that all of its activities are delivered effectively. These resources fall into five broad categories:
People
Premises
Technology
Information
Suppliers and partners 1.4. Business continuity is defined as the “capability of the organisation to continue
delivery of products or services at acceptable predefined levels following a disruptive incident.” (ISO 22300).
1.5. A business continuity incident becomes possible when access to resources is threatened. Threats can emerge internally or externally, ranging from a technology failure to an influenza pandemic.
1.6. The CCG’s strategy for dealing with these threats to resources is to implement a robust BCMS to identify and analyse risks to business continuity, where possible take measures to prevent incidents occurring, and to document and implement BCPs in order to minimise the impact of incidents when they do occur. Business continuity management is an essential tool in establishing our organisation’s resilience.
1.7. This policy statement provides a framework for the CCG to follow in the event of a business continuity incident. It also states the process for implementing and maintaining a robust BCMS.
1.8. The policy objectives are:
To identify key CCG functions / services which, if interrupted for any reason, would have the greatest impact on the community, the health economy and the organisation.
7
To identify and reduce the risks and threats to the continuation of these key services.
To develop plans which enable the organisation to maintain and / or resume key services in the shortest possible time.
2. Legislation and Guidance 2.1. The following legislation and guidance has been taken into consideration in
the development of this procedural document:
NHS England Emergency Preparedness Framework.
NHS England Business Continuity Management Framework.
ISO 22301 Societal Security - Business Continuity Management Systems – Requirements.
ISO 22313 Societal Security - Business Continuity Management Systems – Guidance.
PAS 2015 - Framework for Health Services Resilience.
Civil Contingencies Act 2004. 3. Scope 3.1. This policy applies to those members of staff that are directly employed by the
CCG and for whom the CCG has legal responsibility. For those staff covered by a letter of authority / honorary contract or work experience this policy is also applicable whilst undertaking duties on behalf of the CCG or working on the CCG premises and forms part of their arrangements with the CCG. As part of good employment practice, agency workers are also required to abide by the CCG policies and procedures, as appropriate, to ensure their health, safety and welfare whilst undertaking work for the CCG.
4. Accountabilities and Responsibilities 4.1. Overall accountability for ensuring that there are systems and processes to
effectively manage business continuity lies with the Chief Officer. Responsibility is also delegated to the following individuals:
Chief Officer / Executive
Team
Have delegated responsibility for:
Reviewing the business continuity status and the application of the policy and standards in all business undertakings.
Enforcing compliance through assurance activities, provision of appropriate levels of resource and budget to achieve the required level of business continuity competence.
Coordinating the overall management of an incident, providing strategic direction of organisational recovery plans.
Ensuring information governance standards continue to be
8
applied to data and information during an incident.
Deciding when to escalate to the EPRR Policy framework and deciding when to escalate to the Area Team.
Leading the recovery plan after the incident.
Associate Director of HR and Corporate
Services (or equivalent)
Has delegated responsibility for:
Determining the criteria for implementing the BCP.
Overseeing the implementation of the BCP and standards.
Corporate Governance
Manager
Has delegated responsibility for:
Supporting staff across the organisation to develop operational BCPs.
Ensuring that the organisational BCP is reviewed and updated at regular intervals to determine whether any changes are required to procedures or responsibilities.
Managing training and awareness of the plan and maintaining the plan including change control and testing.
Audit Committee
Has delegated responsibility for:
Ratifying this policy.
Seeking assurance that up to date policies and plans are being implemented effectively in the event of a business continuity incident.
Line Managers
Have delegated responsibility for:
Assessing their specific area of expertise and planning actions for any necessary recovery phase, setting out procedures and staffing needs and specifying any equipment or technical resource which may be required in the recovery phase.
Holding two hard copies of the BCP allocated to them. It is intended that one copy should be located at the holder’s home address so it is easily accessible and the second in a Folder clearly marked BCP at their office base. The BCP folder will also contain recovery procedures, contacts, lists of vital materials or instructions on how to obtain them.
Staff
Responsibilities of staff (including all employees, whether full/part time, agency, bank or volunteers) are:
Achieving an adequate level of general awareness regarding business continuity.
Being aware of the contents of their own business areas disaster recovery plan and any specific role or responsibilities allocated.
9
Participating actively in the business continuity programme where required.
Ensuring information governance standards continue to be applied to data and information during an incident.
5. Dissemination, Training and Review 5.1. Dissemination 5.1.1. The effective implementation of this procedural document will support
openness and transparency. The CCG will:
Ensure all staff and stakeholders have access to a copy of this procedural document via the organisation’s website.
Communicate to staff any relevant action to be taken in respect of complaints issues.
Ensure that relevant training programmes raise and sustain awareness of the importance of effective complaints management.
5.1.2. This procedural document is located in the General Policy Manual. A set of
hardcopy Procedural Document Manuals are held by the Governance Team for business continuity purposes and all procedural documents are available via the organisation’s website. Staff are notified by email of new or updated procedural documents.
5.2. Training 5.2.1. All staff will be offered relevant training commensurate with their duties and
responsibilities. Staff requiring support should speak to their line manager in the first instance. Support may also be obtained through their HR Department.
5.3. Review 5.3.1. As part of its development, this procedural document and its impact on staff,
patients and the public has been reviewed in line with the CCG’s Equality Duties. The purpose of the assessment (refer to Appendix G) is to identify and if possible remove any disproportionate adverse impact on employees, patients and the public on the grounds of the protected characteristics under the Equality Act.
5.3.2. The procedural document will be reviewed every three years, and in
accordance with the following on an as and when required basis:
Legislatives changes
Good practice guidelines
Case Law
10
Significant incidents reported
New vulnerabilities identified
Changes to organisational infrastructure
Changes in practice 5.3.3. Procedural document management will be performance monitored to ensure
that procedural documents are in-date and relevant to the core business of the CCG. The results will be published in the regular Governance Reports.
11
SECTION B – PROCEDURE 1. The approach to Business Continuity Management (BCM) 1.1. The CCG is responsible for commissioning a wide range of patient services
for the local population and in the event of an emergency or business interruption, it is essential that critical services which support our commissioning activities can be restored and maintained as soon as is practically possible.
1.2. BCM is a holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause. It provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
1.3. The diagram below illustrates the BCM cycle which we have adopted in order to develop a robust BCM culture across the organisation.
1.4. In the event of an emergency or business interruption the CCG will endeavour to maintain services as usual or as close to the usual standard as is practically possible, however it may be evident that this is unachievable. The functions of the organisation will therefore been identified, defined and prioritised using a BIA.
2. Stage 1 – Understanding the Organisation 2.1. The BIA is the process of analysing business functions and determining the
effect that a business disruption might have upon them, and how these vary over time. The aim of the business impact analysis is to ensure that the CCG has identified those activities that support its key services in advance of an incident, so that robust business continuity plans can be put into place for those identified critical activities.
2.2. Our BIA process:
12
Defines the function and its supporting processes.
Determines the impacts of a disruption.
Defines the recovery time objectives (where ISO 22313 defines Recovery Time Objective (RTO) as the period of time following an incident within which a product or service must be resumed, activity must be resumed, or resources must be recovered);
Determines the minimum resources needed to meet those objectives.
Considers any statutory obligations or legal requirements placed on the CCG.
2.3. Our BIA results in the identification of those activities whose loss would have
the greatest impact in the shortest time and need to be recovered most rapidly.
2.4. The community risk register will be considered when undertaking BIA in order to enable the organisation to understand the threats to, and vulnerabilities of, critical activities and supporting resources, including those provided by suppliers and partners.
3. Stage 2 – Determining Business Continuity Management Strategy 3.1. There are many and varied possible causes of service disruption.
3.2. Business continuity planning will be carried out to minimise the effects of a
number of potentially disruptive events. A series of robust plans and mitigation will be developed for these priority areas. The list is not exhaustive and judgement will be applied in each case:
People: Loss of key staff short and long term including significant national or international incidents impacting on the CCG, such as a pandemic.
Premises: Loss of primary workplace in the short and long term.
Technology: Loss of information and communications technology infrastructure services.
Information: Loss of data.
Suppliers & Partners: Business continuity affecting suppliers and/or partners.
Any other requirements as identified by the business impact analysis process.
4. Stage 3 – Developing and Implementing the Business Continuity
Management Response
4.1. The following areas will be included in the organisation’s BCP:
BIA / Hazard Identification – Local Risk Assessment
13
The process of identifying business functions and the effect a business disruption will have on them. Risk assessment is the process of risk identification, analysis and evaluation using a risk matrix.
Critical Activities Those activities whose loss would have the greatest impact in the shortest time and need to be recovered most rapidly. Critical activities will be reflected on our Assurance Framework or Risk Register, as appropriate.
Communications Strategy Internal and external communications and how the CCG cascades information.
4.2. The response to an emergency or business continuity incident does not
necessarily or automatically translate into the declaration of a major incident and the implementation of a full recovery operation. Incidents may cause a temporary or partial interruption of activities with limited or no short term or longer term impact. It will be the responsibility of the CCG Executive team, as available, to evaluate and declare the appropriate level of response.
4.3. The severity of an incident will be identified as follows, and this has been
linked to the CCG risk scoring matrix:
CCG Risk scoring matrix
description and score
Business Continuity
incident rating
1-3 Low Insignificant
4-6 Medium Minor
8-12 High Moderate
15-20 Very High Major
25 Extreme Catastrophic
4.4. The severity level will indicate the urgency of recovering the business service,
and also the order in which services should be reinstated.
4.5. The CCG is not responsible for the direct provision of health services, however it is responsible for some functions that could have an impact on providers of health services, for example contractual financial payments and safeguarding. Therefore the risks to our stakeholders resulting from an incident affecting the CCG could be significant.
5. Stage 4 – Exercising, Maintaining and Reviewing 5.1. Exercises can expose vulnerabilities in an organisation’s structure, initiate
processes needed to strengthen both internal and external communication and can help improve management decision making during an incident. They are also used to assess and identify gaps in competencies and further training that is required for our staff.
14
5.2. The on-going viability of the business continuity programme can only be determined through continual tests and improvements. The Associate Director of HR & Corporate Services and Corporate Governance Manager will be responsible for ensuring regular tests and revisions are made to the business continuity plan to ensure they provide the level of assurance required.
5.3. Exercises and tests will:
Be consistent with the scope and objectives of the BCMS;
Be based on appropriate scenarios that are well planned with clearly defined aims and objectives;
Minimise the risk of disruption of operations;
Produce post-exercise reports;
Be conducted at planned intervals and when there are significant changes within the organisation or to the environment in which it operates.
5.4. We aim to exercise and test our business continuity arrangements alongside
partner NHS organisations, where practicable. 5.5. We will share lessons learned and post-exercise reports with all interested
parties.
5.6. We will aim to run or participate in:
A live partnership exercise every three years;
A desktop exercise annually;
A communications test 6-monthly. 6. Plan Activation 6.1. The Chief of Service in the work area concerned will decide in discussion with
other available Chiefs of Services and the Chief Officer whether the plan or any part of it should be activated.
6.2. Out of hours the decision will be made by the On-Call lead officer.
6.3. Immediate response and management functions required to handle an incident will be led by the most senior CCG Officer on site/on call.
6.4. Once the plan is activated, the incident will be managed by the Chief of Service of the work area in which the incident occurred.
6.5. The relevant Chief of Service has responsibility for convening a response team to ensure that essential services are maintained and that recovery plans are put into place. The response team membership is at the discretion of the senior manager as each incident is different. Members could include another Chief of Service, Chief Officer or Chief Finance Officer, Corporate Governance Manager, and a member of the Communications Team.
6.6. Anyone called to attend the response team by the lead Chief of Service must attend as soon as practicable. There are no exceptions.
15
6.7. Good record keeping is paramount if the BCM plan is initiated. The Director leading the crisis is responsible for ensuring that accurate records are kept of all decisions and actions (including expenses) taken once the BCM plan is initiated.
7. Stand-Down
7.1. The Chief of Service managing the incident has authority to stand down the
plan in consultation with the Chief Officer.
7.2. Following activation and stand down of the plan a de-brief report detailing the incident, actions taken and lessons learned will be provided to the Audit Committee. The Corporate Governance Manager will lead the creation of this report.
7.3. We will risk assess recovery, and liaise with partners to minimise our recovery impact upon them.
8. Communications Strategy 8.1. Good communication is essential at a time of crisis. A communications
strategy will be developed to ensure there are appropriate statements for internal and external communication and processes for ensuring communication to all staff in the case of an emergency. This strategy will be the same across all plans.
8.2. The strategy will include reference to procedures for regular communications with partner organisations and other interested parties. This is particularly important during the planning stage for known disruptions such as winter weather. Formal reporting and situation updates may also be required in the lead up to and during a disruption to create a local, regional and national overview of effects across the NHS.
8.3. The main aims of the strategy will be to:
Deliver relevant messages about the incident to the relevant stakeholder group/s
Utilise relevant media channels to reassure and inform the public and patients
Ensure that messages are timely and relevant to the target audience
8.4. A cascade structure will be developed to ensure key individuals within and external to the organisation have been informed of incidents.
16
9. Business Continuity and Incident Response Packs 9.1. The Corporate Governance Manager will develop business continuity packs to
be held in the CCG headquarters. The contents of these packs will be checked for completeness and updated regularly, or whenever there is a change in the organisational activities which may affect its contents.
10. Training and Awareness 10.1. All Governing Body members and Senior Management Team members need
to be aware of the contents of this policy, and ensure that they are acquainted with the CCG’s BCP and have access to the appropriate templates.
10.2. The Associate Director of HR & Corporate Services and Corporate Governance Manager will identify appropriate levels of training and awareness raising for CCG staff to ensure business continuity becomes part of CCG culture and daily business routines, improving the organisations resilience to the effects of emergencies.
10.3. The Associate Director of HR & Corporate Services and Corporate Governance Manager will also receive relevant training to ensure they can perform their role effectively and participate in testing.
11. External Suppliers and Contractors 11.1. The CCG will request and assess business continuity plans from partners and
providers. For our main providers and partners, this will be through the LHRP, and for suppliers through procurement requirements, and, subsequently, through contractual arrangements.
17
[Page left deliberately blank]
18
BUSINESS CONTINUITY PLAN
19
CONTENTS
Page 1. Introduction 20 2. Incident Identification 20-21 3. Incident Declaration 21-22 4. Managing a Declared Business Continuity Incident 23-25 5. Communications Strategy 25-27 6. Business Continuity Governance 28 Appendices 29-48 Appendix A – Key contacts 29-30 Appendix B – Business Impact Analysis / Hazard Identification 31-36 Appendix C – Categorisation of CCG Critical Activities 37-39 Appendix D – Action Cards
Incident Manager
Nominated Business Continuity Administrator
40 41-44 44-45
Appendix E – Service-specific Action Cards 46 Appendix F – Debrief Template 47-48
20
1. Introduction 1.1. As Category 2 responders under the Civil Contingencies Act 2004, a Clinical
Commissioning Groups (CCG) is required to have a Business Continuity Plan (BCP) in place to manage the effects of any incident that might disrupt its normal business.
1.2. Our plan lays down the process to be followed in the event of an incident
which impacts upon the delivery of CCG functions by adopting a generic approach to such incidents.
1.3. Appendix A shows key contact numbers to use during a Business Continuity incident.
1.4. Based on the Business Impact Analysis (BIA) shown at Appendix B, the following functions are considered to be critical (Appendix C):
CCG Emergency Preparedness, Resilience & Response (EPRR) 1.5. The CCG has staff located at: Sovereign House Heavens Walk Doncaster DN4 5HZ (Main Headquarters)
White Rose House Ten Pound Walk Doncaster DN4 5DJ (Continuing Healthcare team)
722 Prince of Wales Road Sheffield S9 4EU (Previously Unassessed Periods of Care Team)
2. Incident Identification 2.1. An incident or set of circumstances which might present a risk to the
continuity of a CCG function or service may be identified by any member of staff. When an incident or set of circumstances which might present a risk to the continuity of a CCG function or service is identified, it is important that the person identifying the incident knows what to do. In the initial stages, this will involve making sure that the right people have been informed.
2.2. The BIA / Hazard Identification matrix (Appendix B) sets out a list of priority incidents:
Staffing shortage: Loss of key staff short and long term including through epidemic / pandemic illness, industrial action, school closures, transport disruption.
Loss of operating premises: Contamination, disruption to utilities (water, gas, electricity, heating/cooling), fire, flooding, structural defect / failure, cordon.
21
Information Technology failure: major electronic attacks or severe disruption to the IT network and systems (telephone network, data network, active directory, hardware failure, loss of major application, loss of mobile phone network, loss of switchboard, server failure).
Information/data loss: Data stolen / lost, destruction of paper files, failure of back-up or failsafe, temporary loss of connection.
Supplier failure: Contract breach, industrial action, stock management failure, supplier goes into administration, supply chain collapse.
3. Incident Declaration
3.1. The following Officers of the CCG (or in their absence their Deputies) can
declare an incident where business continuity is disrupted or at risk of disruption:
DESIGNATION TELEPHONE
Chief Officer
01302 566061 (x1061)
Chief Finance Officer (Deputy Chief Officer)
01302 566078 (x1078)
Chief Nurse
01302 566211 (x1221)
Director of Strategy & Delivery
01302 566331 (x1331)
Associate Director of HR & Corporate Services
01302 566050 (x1250)
3.2. If the incident is categorised as a Major Incident, move to follow the steps in
the CCG EPRR Policy. See EPRR Policy for details. In summary, the actions are:
Nominate a Team Leader.
Team to operate from the Incident Control Centre (ICC), which is the Chair’s Office, Sovereign House, Heavens Walk, Doncaster DN4 5HZ, Telephone: 01302 566300, Safe Haven Fax: 01302 566321, Email: . [email protected]
Follow the Escalation Flowchart in the CCG’s EPRR Policy. 3.3. The diagram over the page describes the process for invoking and then
progressing a business continuity incident.
22
INCIDENT OCCURS
Can incident
be managed
within current
resources?
No further action
YES
Discuss with Senior
Management Team member(s)
NO
Activate
Business
Continuity
Plan?
NO
YES
DECLARE & ASSESS INCIDENT Refer to action cards where relevant.
COMMUNICATE & UPDATE Develop communication strategy – notify
affected staff/partners/stakeholders
GET SUPPORT Set up incident response team if required
COORDINATE Monitor progress and amend business
continuity plan as required
Consider
stand-
down
YES
NO
DEBRIEF Organise debrief. Produce lessons learned report.
23
4. Managing a Declared Business Continuity Incident 4.1. The overarching aim is to systematically review the situation and maintain
overall control of the CCG response.
INCIDENT
DECLARED
Identify an incident manager.
Move to the Incident Control Centre.
Start a log of the incident (Appendix D), documenting information and actions.
If it is a major incident, STOP and move to EPRR policy and escalation flowchart.
ASSESS
INCIDENT
Assess the risk and impact of the incident to the organisation – this may be based on which resources are affected:
o People o Premises o Technology o Information o Suppliers and partners
Assess the likely duration of the incident
Identify which critical functions are affected by the incident (Appendix C).
Assess any wider implications of the incident (e.g. to providers / stakeholders / partners).
Take any actions required to ensure Category A functions continue unhindered and Category B functions can be resumed within 3-7 calendar days (see Action Cards – Appendix E).
Ensure Health and Safety of staff is prioritised.
GET SUPPORT
Identify who can help to manage the incident (this will be dependent on the type of incident).
Form an incident response team, if required.
24
COMMUNICATE
Develop a communications strategy for the incident – the generic strategy is detailed below.
Ensure that staff are briefed about the incident and given clear instructions, including, if applicable, on whether they should relocate or go home, and when they are expected to return.
Inform key chain partners as necessary.
Where a major incident has been declared, escalate according to the Escalation Flowchart in the CCG’s EPRR Policy.
UPDATE
Update staff and other key stakeholders with recovery plans and estimated recovery time objectives.
COORDINATE NEXT STEPS
Once the main priorities have been dealt with, you might consider scaling down the Business Continuity Team, or handing over to another member of staff to deal with the medium and long term issues, or the day to day recovery of the incident.
If an incident is going to go on for more than 4-8 hours, establish a rota for staff within the team and regular hand over for the Business Continuity Manager role.
Incident Manager to authorise Stand Down.
ORGANISE DEBRIEF
Ensure debrief meetings are held, logged information is retained and lessons learned captured in a final report. A debrief tool is shown in Appendix F.
4.2. The CCG Incident Control Centre is not kept on permanent stand-by and will
be enacted by the Emergency Accountable Officer or their nominated Deputy as required. The CCG Incident Control Centre is located in:
Chair’s Office Sovereign House Heavens Walk Doncaster DN4 5HZ Telephone: 01302 566300
25
Safe Haven Fax: 01302 566321 Email: [email protected] The decant plan, should the Incident Control Centre be compromised, will be the premises of one of the other South Yorkshire & Bassetlaw CCGs. This has been agreed with the partner CCGs under mutual aid and can be enacted via contact with the Chief Officer (or their nominated Deputy) of each CCG:
NHS Barnsley Clinical Commissioning Group
NHS Bassetlaw Clinical Commissioning Group
NHS Rotherham Clinical Commissioning Group
NHS Sheffield Clinical Commissioning Group
5. Communications Strategy 5.1. During a period of business continuity it is vital that communication is
managed effectively with a variety of stakeholders. This plan supports this management before, during and after any incident that is detailed within the BCP.
5.2. The CCG already has a range of communication channels with our key stakeholders, partners, providers and supply chain. These will continue to be used and built upon during management of a business continuity incident.
5.3. For a CCG specific incident the business continuity team and communications leads will work together to ensure clear and consistent communications activity. The main aims will be to:
Deliver relevant messages about the incident to the relevant stakeholder group(s);
Utilise relevant media channels to reassure and inform the public and patients;
Ensure that messages are timely and relevant to the target audience. 5.4. Stakeholders: Our stakeholders are divided into two categories with specific
communications mechanisms for each one:
Internal Staff in Headquarters buildings, and those who work remotely
External Doncaster Metropolitan Borough Council (DMBC)
NHS England local Area Team
Rotherham Doncaster & South Humber NHS Foundation Trust (RDaSH)
Doncaster and Bassetlaw Hospitals NHS Foundation Trust (DBHFT)
Fylde Coast Medical Services Ltd (FCMS) – Urgent Care
Care Homes and Domiciliary Care organisations
Member Practices
Media
26
Voluntary Sector via Doncaster Health watch
NHS Property Services (landlord for headquarters premises)
5.5. Communication methods: The communication activity used will be activated
in conjunction with any incident detailed in the business continuity plan and will be specific to each of the relevant stakeholders affected.
Internal Staff, Governing Body Members and GP Leads It is essential that we inform staff and keep them up-to-date with any incident that impacts on the ability to undertake their role or has a direct impact on the organisation. This incident could be triggered by a multi-agency source or from within the CCG. The methods used to communicate with staff will be:
Text message/phone call via Chiefs of Service to their teams (or deputies, in their absence) – used to disseminate an initial message about the incident, containing immediate actions needed and how further messages will be communicated.
Email – Staff can receive messages via the CCG’s distribution lists (held electronically) in normal working hours, and via remote working.
Website – Staff can get up-to-date information without having access to CCG specific systems. This section of the public site can be updated remotely and will ensure that everyone could access accurate, timely information.
External GP Member Practices Member Practices of the CCG will be informed of any incidents relating to business continuity via email. Contact details for the CCG throughout the affected period will be shared and practice staff advised to visit the CCG website for updates. Media – Print and Broadcast Managing the media should take place in line with the CCG’s existing media protocols. The Communications Lead has good links with the media, which will be utilised for any incident that requires information communicating to local people and patients. Local radio stations would be able to broadcast public information in their regular bulletins. Information will be issued to the local printed media dependent on the incident timing in relation to the paper publication day. Media statements may be required following an incident and once normal business has resumed. Information will also be published using the CCG’s social media sites e.g. Twitter and Facebook with links to the website for more detail.
27
Partners When an incident impacts on the business of the CCG it is imperative that we inform colleagues at our local partner organisations. Depending on the nature of the incident this will be done either by telephone or by email – via the Chief Officer, Chair or Business Continuity Lead. Partner organisations would be encouraged to disseminate the details to their staff via communication channels. Providers – All Providers from whom we commission a healthcare service Depending on the nature of the incident this would be done either by telephone or by email – via the Chief Officer, Chair or Business Continuity lead. Provider organisations will be encouraged to disseminate the details to their staff via communication channels, providing details of alternative ways to contact the CCG during the period of the incident. Notice will then be given once the incident was resolved and normal business resumed. Key contacts within the CCG should advise counterparts in the provider organisations of their contact details during the incident.
Out of Hours
There is no formal out-of-hours communication service within the CCG, however senior officers have been provided with the Communication Manager’s mobile number who should be contacted in the case of an incident that may affect business continuity. Messages and notifications can be posted on the public website using an internet connection in any location and there are a number of officers with the organisation who have access to the admin section.
5.6. NHS Doncaster CCG’s Communications Manager is:
Mr Paul Hemingway NHS Doncaster Clinical Commissioning Group (CCG) Sovereign House Heavens Walk Doncaster DN4 5HZ
Tel: 01302 566042 Email: [email protected] Twitter: @doncasterccg
28
6. Business Continuity Governance 6.1. This plan will be ratified in its initial form by the Audit Committee.
6.2. The plan will be reviewed by the CCG’s Corporate Governance Manager on a
quarterly basis and updated for any changes that have occurred during the last quarter, e.g. changes in staff contact details, changes in CCG functions etc. It will also be updated with any recommendations arising from a debrief session.
6.3. The CCGs only Category A function (EPRR) will be monitored via the Governing Body Assurance Framework.
6.4. The financial implications of this business continuity plan are nil. Unexpected expenditure will be covered via the CCG’s 0.5% annual contingency.
6.5. Communication of this Plan to staff will be via email. The plan will also be available on the CCG website. Key stakeholders and partners will also be informed of this.
6.6. The CCG will ensure that staff are trained with the knowledge and skills required of them in this area, as defined by the National Occupation Standards for Civil Contingencies and NHS England competencies.
6.7. This plan will be tested using risk-assessed worse-case scenarios.
29
Appendix A Key contacts
A detailed list of contacts for all providers and partners is held by On Call team members and stored in the Emergency Box in Sovereign House
Partner Telephone number(s) Lead contact(s) Address
NHS England (South Yorkshire & Bassetlaw
Team) [email protected] Director
South Yorkshire and Bassetlaw office Oak House
Moorhead Way Bramley
Rotherham S66 1YY
Rotherham, Doncaster & South Humber NHS
Foundation Trust 01302 796000
Chief Executive
Emergency Planning Lead
Woodfield House Trust Headquarters
Tickhill Road Hospital Tickhill Road
Balby Doncaster DN4 8QN
Doncaster & Bassetlaw Hospitals NHS Foundation
Trust 01302 366666
Chief Executive
Emergency Planning Lead
Armthorpe Road Doncaster DN2 5LT
Doncaster Metropolitan Borough Council
Office Hours: 01302 736000
Out of Hours: 01302 341628
Chief Officer
Emergency Planning Lead
Civic Office Waterdale Doncaster DN1 3BU
NHS Barnsley CCG 01226 730000 Chief Officer
Emergency Planning Lead
49/51 Gawber Road Barnsley
South Yorkshire S75 2PY
30
Partner Telephone number(s) Lead contact(s) Address
NHS Bassetlaw CCG 01777 274400 Chief Officer
Emergency Planning Lead
Retford Hospital North Road
Retford Nottinghamshire
DN22 7XF
NHS Doncaster CCG 01302 566300
Chief Officer
Associate Director of HR & Corporate Services
Corporate Governance Manager
Sovereign House Heavens Walk
Doncaster DN4 5HZ
NHS Rotherham CCG 01709 302000 Chief Officer
Emergency Planning Lead
Oak House Moorhead Way
Bramley Rotherham
South Yorkshire S66 1YY
NHS Sheffield CCG 0114 305 1000 Chief Officer
Emergency Planning Lead
722 Prince of Wales Road Sheffield S9 4EU
31
Appendix B Business Impact Analysis / Hazard Identification – NHS Doncaster Clinical Commissioning Group
Hazard How the hazard affects business
Consequence Likelihood Risk
Score Controls in
Place Short Term (under 72 hours)
action Longer term action
Epidemic / pandemic
illness
Loss of key staff in the short or long
term
4 3 12 Flu vaccinations. National alerts to support planning.
Prioritise work around critical functions.
Prioritise work around critical functions.
Appoint temporary staff where feasible, including secondments from other
organisations.
Industrial action
4 2 8 Staff engagement and HR policies
Prioritise work around critical functions.
Prioritise work around critical functions.
Appoint temporary staff where feasible, including secondments from other
organisations.
Simultaneous resignation of a number of
staff (e.g. lottery
syndicate win)
4 1 4 Notice period in
contracts N/A
Accelerate normal recruitment processes.
Seek secondments or agency staff to cover gap and provide
continuity.
School closures
3 2 6 Advisory notices
from schools.
Prioritise work around critical functions.
Staff work at home where they can do this around childcare
responsibilities.
Prioritise work around critical functions.
Appoint temporary staff where feasible, including secondments from other
organisations.
32
Hazard How the hazard affects business
Consequence Likelihood Risk
Score Controls in
Place Short Term (under 72 hours)
action Longer term action
Travel / transport disruption preventing
staff getting to base or home
4 3 12
Receipt of severe weather alerts
and planning for staff working from home – adverse
weather procedure.
Hotels within walking distance of headquarters
for staff who cannot get home.
Prioritise work around critical functions.
Staff work at home or at other
premises or organisations
As short term, if necessary (long term impact less likely).
Car share.
Use mutual aid bases where
these are closer to home than usual base.
Contamination of premises or
access to premises
Loss of operating premises or access
to operating premises
4 1 4 Emergency
response plan
Staff work at home or hot desk at other sites where they have
access.
Transfer of main switchboard telephone line and safe haven fax line remotely to alterative
location.
Temporary alternative work base for business critical staff via mutual aid arrangements to enable point of contact and
email/internet access.
Disruption of utility supply to
premises 4 2 8
NHS Property Services
contracts with utility providers
Fire 4 2 8
Fire Procedures; annual CCG fire inspection & risk assessment with remedial action
plan
Flooding 4 1 4
Council Flood Plan; local
drainage courses behind building
33
Hazard How the hazard affects business
Consequence Likelihood Risk
Score Controls in
Place Short Term (under 72 hours)
action Longer term action
Structural defect / failure
4 1 4
NHS Property Services building inspections; CCG annual building
inspection & risk assessment with remedial action
plan
Terrorist or criminal attack
4 1 4 Emergency
Response Policy
Cordon preventing access to premises
4 1 4 Emergency
Response Policy
Major electronic attacks
Loss of information technology support
structure
4 2 8 IT back-up systems
IT back-up system comes online.
Remote working through
NHSNet.
Access to limited paper files.
As short term.
Severe disruption to
the IT network and systems including loss
of data network, major
applications
4 3 12 IT back-up systems
IT back-up system comes online.
Remote working through
NHSNet.
Access to limited paper files.
As short term.
Hardware failure
3 2 6
Spare equipment held.
Remote working devices kept at home by Senior
Management Team.
Use spare equipment / “at home” devices.
Order replacements via contract with IT provider.
34
Hazard How the hazard affects business
Consequence Likelihood Risk
Score Controls in
Place Short Term (under 72 hours)
action Longer term action
Loss of landline
telephones including
switchboard
3 2 6
Mobile phones for key staff.
Contract with IT provider.
Use mobile phones.
Transfer of main switchboard telephone line and safe haven fax line remotely to alterative
location.
As short term.
Loss of mobile phone network
4 2 8
On Call staff have provided landline numbers to the call coordination
centre.
Use landlines. As short term.
Electronic data stolen / lost
Data loss, affecting CCG
service/function delivery
4 3 12
Cloud based solutions where
possible. Contract with IT provider includes
resilience & testing.
Attempt to recover data from originating source.
Identify data loss and assess risk.
Notify Information
Commissioner.
Destruction of paper files
3 2 6
Very few paper records kept.
Contract for hard archiving –
resilient and secure.
Attempt to recover data from originating source.
Identify data loss and assess risk.
Notify Information
Commissioner.
Failure of back-up or
failsafe 4 1 4
Contract with IT provider includes
resilience & testing.
Attempt to recover data from originating source.
Identify data loss and assess risk.
Notify Information
Commissioner.
Temporary loss of
connection to data
3 1 3
Contract with IT provider includes
resilience & testing.
Only critical functions maintained.
N/A
35
Hazard How the hazard affects business
Consequence Likelihood Risk
Score Controls in
Place Short Term (under 72 hours)
action Longer term action
Supplier / provider contract breach
Supplier failure, affecting CCG
service/function delivery
4 3 12
Contracts with providers including
resilience / business
continuity clauses
Work with provider in accordance with contract.
Contract termination and re-tendering.
Supplier / provider industrial
action
4 2 8
Contracts with providers including
resilience / business
continuity clauses
Work with provider to ensure maintenance of critical
functions in accordance with contract.
As short term.
Stock management
failure 3 2 6
Ordering from NHS regional
distribution centre.
Alternative local purchasing options.
As short term.
Supplier goes into
administration / supply chain
collapse
3 2 6
Contracts with providers including
resilience / business continuity clauses.
Performance monitoring of
providers.
Alternative local purchasing options.
Contract termination and re-tendering.
Partner CCGs unable to delivery hosted
functions
4 2 8 Memorandums of
Understanding
Use directly employed staff and/or agency staff to deliver
critical functions.
Host CCG to remedy. If it cannot, seek alternative
sources of support or deliver internally.
36
Risk Matrix Consequences / Severity
Insignificant Minor Moderate Major Catastrophic
Likelihood of Occurrence
1 2 3 4 5
(1) Rare
1 2 3 4 5
(2) Unlikely
2 4 6 8 10
(3) Possible
3 6 9 12 15
(4) Likely
4 8 12 16 20
(5) Almost Certain
5 10 15 20 25
CCG Risk scoring matrix
description and score
Business Continuity
incident rating
1-3 Low Insignificant
4-6 Medium Minor
8-12 High Moderate
15-20 Very High Major
25 Extreme Catastrophic
37
Appendix C Categorisation of CCG Critical Activities / Services / Functions
CA
TE
GO
RY
A
(Cri
tic
al
fun
cti
on
–
mu
st
co
nti
nu
e)
Emergency Preparedness, Resilience & Response (EPRR) via On Call function
CA
TE
GO
RY
B
(Hig
h P
rio
rity
/ M
ed
ium
Pri
ori
ty -
R
esu
me w
ith
in 3
to
7
cale
nd
ar
day
s)
Finance & Contracting:
Approval and funding of Urgent Placements (Continuing Health Care)
Invoice payments to providers
Quality:
Continuing Healthcare – clinical review of current cases needing assessment for urgent care packages
Safeguarding Children and Adults
Medicines Management (Controlled Drugs)
Strategy & Delivery:
IT via Contract through RDaSH
Corporate:
Communication (to support management of business continuity incident only)
Information Governance (relating to the Category B services) and Freedom of Information
Facilities management
Health & Safety function
38
CA
TE
GO
RY
C
(Re
su
me
as s
oo
n a
s p
racti
cab
le)
Finance & Contracting:
Year End Accounts (may escalate to Category B depending on time of year)
Ensuring accuracy / availability of reports to NHS England & Governing Body
Financial probity
Contracting
Procurement
Quality:
Continuing Healthcare – clinical review of current cases needing re-assessment for routine care packages
Previously Un-assessed Periods of Care team reviews
Overseeing patient safety issues through quality reporting & dealing with Serious Incidents
Medicines Management (general)
Strategy & Delivery:
Strategic Planning
Managing workstream meetings (ensuring CCG remains on track with Business Plan)
Performance Management / Business Intelligence
Corporate:
Managing corporate meetings (ensuring CCG remains on track with Business Plan)
Human Resources function
Engagement, Experience and Equality
Corporate Governance reporting
Corporate meeting infrastructure
Organisational Development
Partnerships & Primary Care:
Primary Care contracting and performance management
Partnership commissioning
39
PRIORITY SERVICE CATEGORISATION
Category Impact Recovery Timescale
Category A (Critical Function)
Loss of this service would immediately: Directly endanger life Endanger the safety of those individuals for whom the CCG
has a legal responsibility Prevent the operation of another service in this category Seriously affect the CCG’s finances or accuracy of critical
records Prevent communication of vital information
This service must continue to be provided This group will include Services that usually provide a full service 7 days a week, all year
Category B (High Priority /
Medium Priority)
High Priority: Loss of Service would immediately: Present a risk to Health or Safety Prevent the CCG fulfilling a statutory obligation Prevent the operation of another service in this category Would seriously adversely affect the CCG’s reputation
This service must be resumed within 3 calendar days Services included in this group are mainly those that provide a reduced service at weekends and during holiday periods
Medium Priority: Loss of service would lead to: Serious knock on effects for the operation of a Critical or High
Priority service The CCG’s reputation being adversely affected
This service must be resumed within 7 calendar days Services included in this group will include those that normally close during weekends and during holiday periods
Category C (Low Priority)
Loss of this service would lead to: Potential knock on effect in disrupting the activities of other
services within the CCG, but no immediate impact upon the provision of Critical or High Priority services
This service should be resumed as soon as practicable Includes all other service areas that are required in order for the CCG to go about its usual business
40
Appendix D
Your Role Action Card for Incident Manager
Your Base
Chair’s Office Sovereign House Heavens Walk DN4 5HZ Telephone: 01302 566300 Safe Haven Fax: 01302 566321 Email: [email protected]
Your Responsibility
Coordinating the response to the business continuity incident.
Your Immediate Actions
Identify which critical functions have been disrupted (Appendix C), assessing the facts, evaluating the impact, and clarifying the lines of communication accordingly.
Decide on contingency actions to be taken (consider action plans – Appendix E). Identify any particularly urgent issues e.g. legal / contractual.
Identify staff, resources & equipment required and assign responsibility and timescales.
Consult the Chief Officer or nominated deputy about activating the BCM Plan and suspending non-critical functions where necessary.
Convene a CCG BCM Team as required.
Inform Staff.
Inform Stakeholders of disruptions and action plan.
Consider escalation to the relevant Category 1 according to the CCG’s EPRR Policy if necessary.
Allocate rooms, telephone lines and support staff as required.
Record all relevant details of the incident and response.
Ongoing Management
Convene CCG BCM Team as necessary to monitor progress made, obstacles encountered and decide on continuing recovery process.
Provide updated information to staff and stakeholders.
Maintain action log.
Stand down If the incident can be dealt with using normal resources, notify the appropriate personnel and maintain a watching brief.
Continue to reassess the situation as further information becomes available and determine if any additional action is required.
Undertake a de-brief (Appendix F).
41
National Decision Making tool:
1. Gather information and intelligence
Define the situation (what is happening or has happened). Clarify matters relating to any initial information and intelligence.
What is happening?
What do you know so far?
What further information (or intelligence) do you want/need?
What resources are available at this time and what further resources may be needed
2. Assess risks and develop a working strategy
Assess the situation, including any specific threat, the risk of harm and the potential for benefits.
Do you need to take action immediately?
Do you need to seek more information?
What could go wrong? (and what could go well?)
How probable is the risk of harm?
How serious would it be?
Is that level of risk acceptable?
Is this a situation for the NHS alone to deal with?
Are you the appropriate person to deal with this?
Develop a working strategy to guide subsequent stages:
What are you trying to achieve?
3. Consider powers, policies & procedures
Consider what powers, policies and legislation might be applicable in this particular situation
Does the CCG have the power to require action?
Does NHS England have the power to require action?
Does this incident require escalation?
Is there any NHS England or Civil Contingency Act guidance covering this situation?
Do any local Local Resilience Forum (LRF) or Local Health Resilience Partnership (LHRP) plans or guidelines apply?
What legislation might apply?
4. Identify options and contingencies
Consider the different ways to make a particular decision (or resolve a situation) with the least risk of harm.
Options:
What options are open to you? Consider the options for response, the limits of information to hand, the amount of time available, available resources and support, your own knowledge/experience/skills, and the impact of potential actions on the situation/ the public.
Contingencies:
What will you do if things do not happen as you anticipate?
5. Take action and review what happened
This stage requires you to make and implement appropriate decisions. It also requires you, once an incident is over, to review what happened.
Action:
Respond: Implement the option you have selected. Does anyone else need to know what you have decided?
Record: If you think it appropriate, record what you did and why.
Monitor: What happened as a result of your decision? Was it what you wanted or expected to happen? If the incident is continuing, go through the National Decision Making tool again as necessary.
Review: If the incident is over, review your decisions. What lessons can you take from how things turned out? What might you do differently next time?
42
Incident Response Team Notes – in the event of activation of the Business Continuity Policy/Plan or Emergency/Major Incident Declared
Reason for Activating Plan
Date
Time
Brief summary of situation
Departments / functions affected
Other organisations affected
Other organisations alerted (include date and time)
43
ACTIONS REQUIRED
BY WHOM
Immediate
Within 8 hours
Within 1 Working Day
Within 3 Working Days
Within 1 Week
Situation to be reviewed every
……………… hours ……………….days
Name and role of person completing (include date and time)
Name and role of person responsible for monitoring / updating (include date and time)
44
Your Role Action Card for Nominated Business Continuity Administrator
Your Base
Chair’s Office Sovereign House Heavens Walk DN4 5HZ Telephone: 01302 566300 Safe Haven Fax: 01302 566321 Email: [email protected]
Your Responsibility
Provide administrative support to the management of the business continuity incident.
Your Immediate Actions
1. Report to the Business Continuity Manager for a briefing. 2. Assist in setting up the Incident Control Room with
telephones, computers etc.
3. Provide administrative support as required.
Ongoing Management
Provide updated information to staff and stakeholders.
Stand down Following stand down evaluate admin effectiveness and any lessons learned.
45
Incident Log [Incident name]
Loggist initials
Date & Time Description of action / decision / communication
Action taken by / Decision made by
Page number [ ]
46
Appendix E
Service-specific Action Cards
Action cards for service-specific functions / individual teams are available in the online business continuity folder, and in the emergency
box in Sovereign House.
47
Appendix F Debrief Template
BUSINESS CONTINUITY INCIDENT REPORT
Date / time of incident: Date / time of stand-down:
Business Continuity Team Members:
1. Description of Incident
2. Cause/Reasons
3. Could the Incident have been prevented? If so how?
48
4. Summary of Event
5. Issues Arising from the Incident
6. Recommendations/Lessons Learnt
Action Plan Drafted Yes / No
49
Appendix G
Equality Analysis Form
Subject of equality analysis
Business Continuity Policy and Plan
Type Tick
Policy √
Strategy
Business case
Commissioning service redesign
Contract / Procurement
Event / consultation
Owner Name: Helen Harris
Job Title: Head of Corporate Governance
Date 13 December 2018
Assessment Summary
The overall purpose of the policy is to set out the CCG’s approach to .
Stakeholders
Tick
Staff √
General public
Service users
Partners
Providers
Other
Data collection and consultation
Please note that due to the small number of staff employed by the CCG, data with returns small enough to identity individuals cannot be published. However, the data should still be analysed as part of the EIA process, and where it is possible to identify trends or issues, these should be recorded in the EIA. Consultation on the updated policy has taken place locally. Other policies related to or referred to as part of this analysis: Legal framework: •
Protected characteristic
Positive Neutral Negative
Negative: What are the risks?
Positive: What are the benefits / opportunities?
50
Protected characteristic
Positive Neutral Negative
Negative: What are the risks?
Positive: What are the benefits / opportunities?
Age
x
This policy applies to all regardless of age
Disability
x
This policy applies to all regardless of disability.
This Policy is not currently available in other formats. The assumption is that all staff will have the correct physical equipment on
their desktops to ensure that they will be able to
view this document. The CCG website does provide
the facility to view documents in larger fonts.
Gender
x
This policy applies to all regardless of gender
Race
X
This policy applies to all staff regardless of
race/ethnicity. Analysis of employee data
indicates that the percentage of white
employees is reflective of the local population.
However, the proportion of BME staff is lower than
that of the local population it serves
All staff require competencies which
include the ability to read and understand English or to request the information in another format available
to them.
Religion &
Belief
x
This policy applies to all regardless of religion or
belief
Sexual
Orientation x
This policy applies to all, regardless of sexual
orientation
51
Protected characteristic
Positive Neutral Negative
Negative: What are the risks?
Positive: What are the benefits / opportunities?
Gender
reassignment
x
This policy applies to all regardless of
transgender/gender reassignment
Pregnancy &
Maternity
x
This policy applies to all regardless of pregnancy or
maternity
Marriage & Civil
Partnership
x
This policy applies to all regardless of marriage or
civil partnership
Social Inclusion / Community
Cohesion x This policy applies to all.
Conclusion & Recommendations including any resulting action plan
As the policy is written in English there is a potential impact on employees whose first language is not English and therefore may struggle reading the policy. The CCGs internal ‘portal’ and external website signpost individuals to alternative formats such as large print, braille or another language. Responsible lead: CCG Communications.
Review date December 2020