Agenda item

The Committee considered a report of the Chief Executive which outlined the Council’s approach to Business Continuity Management and provided an update on activity undertaken during the previous year together with planned activity undertaken during the previous year together with planned activity for 2026. 

The report outlined assurance that the Council had robust arrangements in place that ensured the continued delivery of critical services in the event of disruption, in accordance with the requirements of the Civil Contingencies Act 2004.

The Head of Chief Executive’s Department introduced the report and advised that since the report had been issued, internal audit had undertaken a review of the Council’s business continuity arrangements, and no issues had been identified.  It was noted that the internal audit report remained in draft form.

Members were advised that a range of activities had been undertaken during the previous year to test and strengthen the Council’s business continuity arrangements.  This included joint training exercises between the Emergency Management Response Team and the Business Continuity team, which had tested the Council’s relocation arrangements and response to potential disruption scenarios.

The Committee heard that testing had been undertaken across all Directorates to ensure key systems remained operational in the event of disruption.  Officers reviewed and updated documentation across the organisation to ensure it remained aligned with best practice and reflected organisational changes.  Resilience testing had also been undertaken on the Council’s two data centres to ensure systems continued to function effectively and to identify potential weaknesses.  Additional equipment had also been procured during the year to further strengthen resilience arrangements.

Members were informed that exercises had been undertaken with partner organisations across the Cleveland area to test coordinated responses to potential incidents.  Scenario-based exercises had also been undertaken to test decision-making processes and response arrangements.  The Council’s Pandemic Plan had been used as a template for planning coordinated responses to major incidents.

The Committee was advised that the Council had also worked with the Regional Cyber Crime Unit to undertake further testing of ICT protocols and resilience arrangements, including testing system thresholds and ensuring arrangements met the standards expected of Category 1 responders.

Members acknowledged the work undertaken and commented that it was positive to see planning arrangements being tested against a range of potential emergency situations, including incidents affecting Council buildings such as fire or chemical release scenarios.  Officers clarified that while internal scenario testing took place to ensure critical services could continue to operate in such circumstances, detailed scenario planning was not undertaken in public domain due to the sensitive nature of the information.

During the discussion, Members also noted recent incidents which tested elements of the Council’s business continuity arrangements, including ICT security incidents and flooding events.  It was reported that the Council’s incident response processes had proven effective in responding to such situations and that learning from these events had been incorporated into ongoing resilience planning.

Members were advised that the progress made during the previous year, together with the testing and training undertaken, provided assurance that the Council’s business continuity arrangements remained suitable and effective.

AGREED that:

1.      The arrangements in place to manage Business Continuity and the progress made over the last year be noted.

2.      The information provided be accepted as assurance that appropriate Business Continuity arrangement are in place.