A report of the Strategic Director of Finance Governance and Support was presented to outline the Council's approach to Business Continuity planning and to testing those plans, present a summary of the findings from this year's tests and detail the review schedule to provide the Committee with assurance that the Council had robust business continuity arrangements in place.
The Council had the following Business Continuity Plans in place:
The Corporate Business Continuity Plan.
Supporting Departmental Business Continuity Plans.
Fuel Plan (held in abeyance).
The Flu Pandemic Plan.
Each department was required to test its plans at least once every 12 months, or to produce a lessons learnt report if a live Business Continuity incident had occurred during the past 12 months. This year this was replaced with Exercise Ironstone, which provided an enhanced test of the Council's business continuity plans. The exercise brought together the Business Continuity Team and the Emergency Management Response Team for the first time to deal with an incident in the Town Centre which involved an impact on the wider community as well as the Council's service areas.
There were a number of lessons learnt for both teams from the exercise and actions had been taken to strengthen Business Continuity Planning as a result and further actions were also planned in relation to additional role based training, improved documentation, clearer communications plans between the two teams and equipment/local arrangements. The implementation of the actions were progressing well.
During the year there had been good progress made on the Council's resilience planning, particularly in two key areas:
The roll out of agile working reduced reliance on a traditional relocation plan, however, there was an increasing reliance on ICT to support continued service delivery. As part of the review of the Departmental Business Continuity Plans this year, further information had been collated on the ability of services identified as critical to have staff work on an agile basis, rather than requiring an office base. This information was mapped against the requirements for critical teams who might need to relocate to other buildings and this had informed the review of the Relocation Plan.
LMT had agreed that managers responsible for critical services would take steps to ensure sufficient staff take agile working equipment off site on a night to maximise the resilience available from agile working capabilities.
A further key development had been the implementation of a second Data Centre that had been built and was now in use which had increased ICT resilience. To take on board the changes that had been implemented, the ICT service was now taking steps to update the Disaster Recovery Plan.
Business Continuity Plans were updated every six months and reviewed on an annual basis. The scale of the review was dependent on the level of organisational change that had occurred in the intervening period. In some years this meant that only minor updates (eg contact details) were required; in others fundamental reviews would be required to reflect changes to the Council's structure or other significant developments, for example, where services had been outsourced or brought back in house.
This year's review had reflected the revised management structure and the increasing impact that agile working capabilities have had on the way services would continue to deliver critical functions as this programme had been rolled out further. In the reviewing of the Business Continuity Plans this year, the Risk Business Partner had met with all critical services plan owners to review and identify any weaknesses or gaps in their arrangements.
It was explained that Business Continuity Plans were not published since they contained sensitive information including contact details.
AGREED that the report was received and noted.