This strategy sets out the approach to be taken within the NHS Counter Fraud Authority (NHSCFA) to provide a robust business continuity management framework that establishes a strategic and operational framework that:
- proactively improves the NHSCFA’s resilience against the disruption of its ability to achieve its key objectives
- provides a rehearsed method of restoring the NHSCFA’s ability to supply its key services to an agreed level, within an agreed time period following disruption
- delivers a proven capability to manage business disruption and protect the NHSCFA’s reputation
There are two key components that underpin this strategy:
- the NHSCFA’s Business Continuity Plan (BCP); and
- NHS Digital’s Data Security and Protection Toolkit which sets out a baseline assessment standard for business continuity management.
The Head of Business Support has overall responsibility for overseeing the implementation of this strategy and the BCP. They will report to the Senior Management Team (SMT) to ensure that the BCP is embedded within the organisation.
This strategy should not be considered in isolation as continuity of business processes play a key part in governance, strategic risk, service planning and performance management. The strategy therefore links into all aspects of the organisation and its implementation can help to reduce the overall level of these risks.
Fundamental to the success of delivering the business continuity strategy will be raising awareness and developing a business continuity culture within the organisation. Awareness training will be provided to all staff utilising ‘information’ in their day-to-day work to successfully promote this culture.
Any associated resource implications that may be incurred as result of implementing the BCP, will be identified by the Head of Business Support, as the BCP Manager. A business case will then be developed and submitted to the Board for approval.
Adherence and performance information will be shared with the Information Governance Lead, with appropriate details submitted to NHS Digital as part of the Data Security and Protection Toolkit return, which is submitted on an annual basis.
NHSCFA’s organisational objectives are set out in its 2020 to 2023 organisational strategy. The organisation’s on-going strategic objectives for business continuity management are to:
- Adopt a proactive approach to improve the resilience against disruption to achievement of the organisation’s vision, values and strategic objectives
- Provide a framework to identify the core services of the organisation and to understand the critical functions, processes resources that support the resilience of the core functions
- Deliver the DH Strategy strategic plan and lead the counter fraud activity in the NHS in England, through effective business continuity arrangements
- Have a planned and effective governance structure in place to support and assure BCP arrangements
- Have documented systems, technology and procedures in place to support BCP arrangements
- Ensure that BCP arrangements are fit for purpose by ensuring there is a planned schedule of testing
- Ensure its staff is made aware of the organisation’s BCP arrangements and their role within it, through a structured training and awareness programme; and
- Have the above arrangements reviewed to ensure continued effectiveness, at an interval agreed after consultation with the Governance and Assurance team and/or other internal or external auditors, but not exceeding a three year period.
Monitoring compliance with the Strategy
Compliance will be monitored as follows:
- Business continuity planning will be included as part of the organisation’s internal audit programme
- The results of exercises and tests will be formally documented and relevant action plans developed. Recommended actions will be tracked via the Board Assurance Framework and any un-actioned matters will be added to the Corporate Risk Register and those risks managed in accordance with the organisations Risk Management Policy.
- Assurance on business continuity planning will be presented to the Board annually.
The implementation of the business continuity strategy will ensure that business continuity management is effectively managed within NHSCFA.
Each year the BCP will be reviewed by the Information Governance Lead and where required, an action plan developed against the Data Security and Protection Toolkit to identify key areas for continuous improvement.