1. Definitions
- Business continuity is defined as the capability of the organisation to continue delivery of services at acceptable predefined levels following a disruptive incident. (source: ISO22300)
- Business Continuity Plans are the documented procedures for responding to a disruptive incident and how the organisation will continue or recover its activities within a predetermined timeframe. (source ISO22301)
2. Scope of the Policy
The purpose of the council is to provide strong civic leadership for the wellbeing and aspiration of Brighton & Hove.
We will be successful if we deliver these four outcomes:
- A good life: Ensuring a city for all ages, inclusive of everyone and protecting the most vulnerable.
- A well run city: Keeping the city safe, clean, moving and connected.
- A vibrant economy: Promoting a world class economy with a local workforce to match.
- A modern council: Providing open civic leadership and effective public services.
The success of the policy will be shown in the ability to continue to deliver the outcomes above during a business continuity incident. During an incident the council will maintain critical services at an acceptable level and ensure resumption of full services as soon as possible after the incident.
All council services and key council buildings come within the scope of the policy. Specific business continuity incidents within the scope of the policy are:
- Loss of premises
- Staff shortages
- ICT failure
- Loss of a supplier or third party
Plans included in the scope are:
Strategic Plans
Corporate level plans and identification of priorities for business continuity.
Tactical Plans
These deal with specific threats or pan-council issues.
Operational Plans
Each service delivery unit should have an operational plan, however whether business continuity plans are required at team level is a Corporate Management Team (CMT) decision.
3. Roles and Responsibilities
a. Chief Executive and Executive Leadership Team (ELT)
- Strategic responsibility for setting business continuity objectives
- Establish the business continuity policy
- Communicate the importance of business continuity throughout the council
- Sign off corporate business continuity plan
- Prioritise services across the council in a business continuity incident
- Ensure resources are available for business continuity
- Promote continual improvement of business continuity
b. Corporate Management Team
- HR, Communications, Legal, Finance, ICT, Property Services all have responsibility for creating and maintaining tactical level plans.
- All CMT members are responsible for deciding which operational plans are required for each service and prioritising teams/services in case of an incident.
- All CMT members are responsible for raising awareness of business continuity within their service areas.
c. Corporate Business Continuity Group Members
The group is tactical rather than strategic and meets quarterly. It:
- Champions business continuity in each directorate
- Creates a consistent approach to business continuity across the council
- Assists colleagues to ensure all areas of the council are covered by a workable business continuity plan
d. Emergency Planning & Resilience (EPR) Team
- Co-ordinates business continuity within the council
- Chairs the Corporate Business Continuity Group
- Co-ordinates Business Continuity policy and structure
- Assists with plan writing, training, reviewing
- Reports to ELT on priorities and progress.
e. Identified Managers
- Responsible for writing, maintaining and reviewing operational plans for their service.
- Ensure business continuity plans are linked to business plans and risk register.
- Escalate any business continuity resource requirements if unable to be met within service.
4. Operational Framework for Management of Business Continuity
- A Business Impact Analysis was undertaken in 2014 and identified critical services within the council. The results will be reviewed annually and are intended to inform ELT decisions on priority services during an incident.
- CMT members are responsible for the creation and maintenance of tactical business continuity plans for specific threat or pan-council issues including ICT recovery; loss of premises; severe weather; communications; staff shortage.
- Each CMT member should nominate a manager to be responsible for the creation and maintenance of operational business continuity plans for each service area. Whether a team requires a business continuity plan or not is a decision for the CMT member.
- There is a corporate template which should be used to complete plans, unless service areas have developed their own agreed template in conjunction with EPR Team. Business Continuity should be a standing item on DMT meeting agendas.
- Completion of designated business continuity plans is a corporate requirement.
- All plans, including the Corporate Business Continuity Plan, should be reviewed annually or sooner if an incident or significant changes have occurred.
- Emergency Planning & Resilience Team will maintain a schedule of table-top exercises to ensure regular training.
- Incident Response to be included within business continuity plans.
- Business Continuity implementation to follow the Business Continuity Institute Good Practice Guidelines (2013), ISO 22301 standard (2012) and the Civil Contingencies Act (2004)
- A copy of all business continuity plans should be sent electronically to the Emergency Planning & Resilience Team who will store them on their shared drive. Each service area is responsible for ensuring they have back-up copies which may include paper copies if appropriate. Plans should be kept securely in line with information governance arrangements.