Agenda item
Update on Business Continuity
- Meeting of Governance Committee, Tuesday, 7th January, 2020 6.00 pm (Item 48.)
- View the background to item 48.
Chief Executive to report.
Minutes:
The Public Protection Officer and Emergency Planning Officer provided the Committee with an update on Business Continuity.
The Public Protection Officer gave a brief overview of her background, and that of the Emergency Planning Officer who was a new member of staff.
The Public Protection Officer provided the Committee with an update on Business Continuity, covering the following:
· The Council was a category 1 responder under the Civil Contingencies Act (CCA) 2004. This was the same category as that of the NHS agencies and ‘blue light’ emergency services’ (eg Police, Fire, Environment agency).
· The Council was part of the Devon Emergency Planning Partnership (DEPP). The cost of this was £6,500 per annum, with a further payment of £900 towards the forum. The organisations and blue light agencies within the partnership worked closely together. An emergency could be anything from a flu pandemic to severe weather conditions; any event which could impact business continuity.
· The plans currently in place were:
o Business Continuity Management Policy (June 2016)
o Business Incident Management Plan (July 2016)
o Business Resumption Plan (which identified the critical services and the priority order for restoring these services)
o Each service also had its own resumption plan (there were currently 11 such plans across the Authority).
· The Council’s Licensing and Health and Safety teams had worked together to build up the information on the Authority’s website to provide a comprehensive information bank which could be used, for example, by an organisation for event planning. The works could be carried out by the user electronically without further involvement from the officers. The site provided details on noise mitigation, health and safety regulations etc. The site had been used to arrange 25 events via this new method.
· The Business Continuity Plan had been in place since 2016. Critical services had been identified which would have the greatest impact on people and the environment. The Council had experience of a power outage at the Civic Centre in recent years. In that case, staff were relocated to Lynton House where space allowed.
The Emergency Planning Officer confirmed that:
· Business Continuity was the strategic capability of an organisation; providing a framework to assist recovery of critical functions in the event of disruption to the business.
· It was important to ensure that the Business Continuity plans were up to date. There was a duty to plan, and action those plans, as far as practicably possible. The Authority also had a duty to provide general advice and guidance to other organisations (such as local voluntary groups). Local Authorities were the only organisations who had this additional duty under CCA 2004.
The Public Protection Officer, with reference to a report from the Business Continuity Institute, entitled “Horizon Scan report 2019” (published in January 2019), advised the Committee of the following:
· The top three threats (most common) of the prior year (ie in 2018) were:
1. Unplanned IT and telecom outages
2. Health and Safety Incident
3. Lack of talent/key skills
· The top three threats for 2019 had been:
1. Cyber-attack and data breach
2. IT and telecom outage
3. Adverse weather / natural disaster
· Political change had now been listed within the top ten for the first time since 2015.
· As a category 1 responder there was a need to protect the reputation of the organisation; protecting the organisation and achieve minimum impact of any threat.
The External Auditor confirmed that the audit of 2019 had identified the need for improvement and works were underway. There was a need for any plans to be thoroughly tested.
The Public Protection Manager confirmed that a corporate calendar was being created to set out the works required and schedule plan review dates and a schedule of training and exercises.
In response to questions from the Committee, the Emergency Planning Officer confirmed:
· There was a duty to ensure the plans were tested and validated. This would assist in ensuring the roles during a crisis and provide opportunities to practice.
· There was a duty to review the plan regularly. The audit recommendations were the priority. A schedule of works would be drawn up. ‘Table top’ / theoretical practices were the most cost effective method. These were anticipated to be annual, with ‘live’ exercises every two years.
· The duty to provide general advice to other business and voluntary organisations was usually achieved by those organisations approaching the Authority themselves and signposting on our website to business continuity resources.
In response to questions from the Committee, the Head of Resources confirmed:
· The results of the testing of the Business Continuity plans and procedures would be brought back to this committee within the MAZARS Internal Audit Progress report. The results could be presented separately if required.
· Other large organisations would usually have their own plans in place. It was more likely for the mid-sized and smaller organisations to require advice. These contacted the Authority direct.
· When the region had experienced heavy snow in previous years, the Authority proactively provided information to the local area via the website; creating a central hub for communications and advice.
· The Brynsworthy Environment Centre (BEC) had a back-up power generator on site.
· An update on Business Continuity could be provided to local Town and Parish Councils at a future parish forum.
The Chair advised that he was now satisfied that the Authority had adequate plans in place to protect the Authority and its business practices. The recruitment of an Emergency Planning Officer had reinforced this.
RESOLVED that the update on Business Continuity be noted.