Aims and objectives:
The Nottinghamshire Police Business Continuity Management Policy provides the framework within which the Force can comply with its statutory duties as a category 1 responder under the Civil Contingencies Act 2004 and the business continuity requirements of the organisation and all interested parties, by introducing a Business Continuity Management System (BCMS) that aligns with ISO 22301:2012 Societal security – Business Continuity Management Systems - Requirements.
Business continuity management is being established to ensure the Force can continue to deliver a minimum level of service in the event of any disruption. Plans must be made, published and tested for key services and critical functions as agreed by the Chief Officer Team (COT), Divisional Commanders and Departmental Heads.
Application:
The policy applies to all areas of the Force. All employees and departments must be made aware of this policy. The policy applies in particular to Departmental Heads Business Continuity single points of contacts (SPOCs) and plan writers.
Purpose:
The Nottinghamshire Police Business Continuity Management Policy provides a structure through which:
- A comprehensive BCMS is established and maintained
- Key services together with their critical processes and activities and supporting resources and interdependencies, will be identified
- Business impact analysis and risk assessment will be applied to our critical processes and activities, supporting resources and interdependencies
- Plans will be developed to ensure continuity of key services at a minimum acceptable level and within specific timeframes following disruption
- Invocation of Business Continuity plans and communication with our customers (the public), partners, suppliers and other interested parties can be managed
- Plans are subject to ongoing exercising and revision; and regularly tested against an agreed Force timetable
- The COT and the Nottinghamshire Office of the Police & Crime Commissioner (NOPCC) can be assured that the Force complies with the requirements of the Civil Contingencies Act 2004 and that BCMS remains up to date and relevant
Policy Statement:
- Departmental Heads will be designated Business Continuity plan owners and ensure:
- A Business Continuity SPOC is appointed for each department
- Crisis management team members are identified, and details regularly updated within the plan
- Business impact assessments are carried out to identify critical functions/services, which are then subject to risk assessment
- Plans, capable of maintaining a minimum acceptable standard of service delivery are in place for each critical function/service within their area of operation
- All plans will take into consideration any reliance on, or support to, any regional or collaborative operational unit or service provider and include risk mitigation for any disruption to shared services
- Functional departments (e.g., Information Services) will provide professional support to improve resilience of critical functions and resources that support those functions
- Each department will carry out regular reviews of its Business Continuity process. The Force Business Continuity Lead will monitor the review process, benchmark where appropriate the results, and provide support where necessary
- Each department will exercise its Business Continuity plans to ensure relevance and make modifications where necessary, to take account of the changes in staffing and structure
- Contracts with suppliers of critical goods and services to the force will include a requirement for the supplier’s Business Continuity processes to be approved and to be exercised to the satisfaction of the Force
- All staff must be made aware of Business Continuity plans that affect their area and/ or department, how any disruption may affect their normal working practices and any specific role they may have following invocation of the plan
- All interested parties, key customers, suppliers and partners are to be kept informed about our Business Continuity Management arrangements as they affect the service provided to them
Benefits:
The policy provides a clear commitment to establishing a BCMS within Nottinghamshire Police that will enable the Force to:
- Continue to provide critical functions and key services in times of disruption
- Reduces the organisations vulnerability to any business discontinuity in the future
- Make best use of personnel and other resources at times when both may be scarce
- Reduce the period of disruption to the Force our partners and the public we serve
- Resume normal working more efficiently and effectively after a period of disruption
- Comply with standards of corporate governance
- Improve the resilience of the Forces infrastructure to reduce the likelihood of disruption
- Reduce the operational and financial impact of any disruption
Responsibilities:
- The Deputy Chief Constable (DCC) holds the responsibility for Business Continuity issues
- This policy is owned by the DCC
- The Force Business Continuity Lead will attend the Organisation Risk, Ethics and Learning Board to report updates on Business Continuity and issues raised through testing and implementation of Business Continuity Plans
- Heads of Department will be designated Business Continuity plan owners
- The Force Business Continuity Lead is the professional lead for Business Continuity within the Force and will:
- Review and develop the policy in line with ISO 22301, industry best practice and the needs of the Force
- Monitor the performance of the BCMS and compliance with the policy
- Provide support and guidance to the COT, Business Continuity Forums, Departmental Heads, Business Continuity SPOCs and plan writers
- Provide advice and assistance to the NOPPC, Regional and National Business Continuity Forums and assist with the production of Business Continuity plans for regional/collaborative units
Related documents and Appendices
Force Business Continuity Strategy
Civil Contingencies Act 2004
British Standard – ISO 22301:2012 Societal security – Business Continuity Management Systems - Requirements
--------------------------------------------------------------------
Date:
April 2022
Version 4
Registered Owner:
Andrew Burton, Force Risk and Business Continuity Officer
Author:
Andrew Burton, Force Risk and Business Continuity Officer