Issue - meetings

A report of the Director of Legal and Governance Services was presented, the purpose of which was to outline the Council’s approach to Business Continuity management, summarised activity in the past year, and planned activity for 2024, in order to provide the Committee with assurance that the Council had robust arrangements in place, as required by the Civil Contingencies Act 2004.

Business Continuity planning was separate to emergency planning, which set out how the Council responded to emergency incidents that impacted on residents and businesses, though there would be occasions when the two disciplines interrelated.

The Council’s Corporate Business Continuity Plan defined critical functions as those which, if interrupted could result in:

•           Risk of serious injury

•           Risk of death

•           Massive financial losses; or

•           Significant damage to the Council’s reputation.

The following plans were place to respond to a variety of events that could occur:

•           The Corporate Business Continuity plan.

•           Supporting Departmental Business Continuity plans.

•           Relocation Plan.

•           ICT Disaster Recovery Plan.

•           Fuel Plan.

•           Pandemic Plan.

The Council did not publish its business continuity plans as they outlined sensitive information around its critical functions and their recovery that could be misused and contained personal information relating to employees who had agreed to share personal contact details to enable the Council to get in touch with them quickly in the event of an incident.   The content of the Council’s plans in broad terms only were outlined in the submitted report.

The Council aimed to test its plans at least once every 12 months, or produced a lessons learned report if a live incident had occurred during the past year.  Testing of the plans was completed in January 2024.  This was a live test of business continuity which involved senior managers surrounding a marauding attack and vehicle borne improvised explosive device on critical infrastructure.  This ensured that senior management understood their roles and responsibilities during an incident and tested the robustness of plans.

In a normal planning cycle, Business Continuity plans were updated every six months, and reviewed on an annual basis (May and November) with the scale of the review dependent on the level of organisational change that had occurred in the intervening period.  In some years this meant that only minor updates were required.  In other years, fundamental reviews will be required to reflect changes to the Council’s structure or other significant developments for example, where services have been outsourced, or brought back in house.

During the 2023 annual review of plans, there was an increased focus on the impact loss of ICT could have on critical activities to ensure services planned effectively for this event.

Activity in 2023/2024 included generator failover tests at both the Council’s data centres and an emergency response exercise.  All Corporate Business Continuity Plans were updated in November 2023 and an update and full review of Directorate Business Continuity plans had been completed.  A corporate Business Continuity room has been established in Fountain Court.  A Business Continuity  ...  view the full minutes text for item 21