View all news

A business continuity…Really is as easy as ABC

The importance of international standards for business continuity:

Origin of the ISO 22301 standard heralds back to the ISO technical committee ISO/TC 23, which focussed on addressing concerns related to societal security. The standard is now managed by ISO/TC 292 – Security and Resilience. The first iteration of the ISO 22301 standard was published in 2012. The second edition was published in October 2019, and is more flexible in the approach of documented information, though clearly defines the requirement to effectively plan changes to business continuity through a clear strategy and forms the basis of the delivery model that PCC offer to its customers, which includes an ISO_22031:2019 standard pack for completion by healthcare providers.

Jo Fox
Jo Fox

ISO 22031 and the link to PDSA

The PDSA cycle, also known as the Deming wheel or the Shewhart cycle has become a regular fixture in healthcare, with many now recognising its value in managing successful services or being utilised for service redesign exercises. The PDSA cycle can be applied not only to the management system but to each individual element detailed below, to provide an ongoing focus on continuing improvement.

pdsa

The 11 key elements to the business continuity management strategy (BCMS) :

This aims to keep the standard simplified in bite sized chunks that can be implemented and managed ongoing, by the multiple persons involved. This includes:

Scope of the strategy documentWhat the document means
The importance of it
Normative referencingWhat else does the BCMP link to in an organisation, system, or even legal context
Terms and definitionsRemember not everyone understands acronyms
Simplify technical jargon so people can follow the flow of actions required
Context of the organisationSize, sites, services, populations, personnel numbers
Leadership approachRoles and competency
Chain of command, communications leads, key contacts
PlanningConsiderations of master events lists, estimations of maximum tolerated period of disruptions), recovery time objectives
Support requirementsWho else externally to link with e.g., IT infrastructure, ICS, local authority, as well as referring to the level of competence in delivery of BCMP.
OperationalBusiness impact analysis, risk assessment (safety), response structure, training programmes
Performance appraise/auditManagement review, internal audits, simulations, and exercise programmes
Improvement(s) implementedNon conformities and corrective action
Root cause analysis, with a human factors’ lens.

Business continuity planning at a primary care network level:

In general practice business continuity management planning (BCMP) may be familiar, with most practice managers conducting updates to their internal documents, not least to keep them aligned to being well led, and safe, which sits within their commitment to a regulatory umbrella within Care Quality Commission (CQC) requirements.

BCMP in healthcare is the process of preparing for and responding to major events and potential disruptions to the organisation’s operations, and could affect the delivery of health services, and impact patient care.

The most common examples that we observe in GP practices, when delivering training on this subject matter is, but not limited to; pandemics, cyber-attacks, power outages, or staff shortages.

There is a common misconception that trainers often hear, during training sessions; whereby business continuity is seen a formality centred around risk assessment. It is something that is viewed occasionally, by a select few and updated annually by even less, that staff are trained in upon commencement of employment but seldom encounter again.

In truth BCMP is more than a process security blanket, as plans offer reproducibility across different teams, and the opportunity to systemically reduce mistakes and introduce improvements.

The clear benefits of having a sound BCMS:

Peace of mind: it minimises the reputational damage caused by disruptions. It involves identifying and assessing the risks, implementing safeguards and procedures, and testing and updating the plan regularly. A business continuity plan can help an organisation maintain its key services and operations in the event of a disruption, such as a natural disaster, a cyber-attack, or an economic downturn.

Visible resilience: demonstrating a preparedness for disruption to services. Also enhances the confidence and trust of the stakeholders such as patients, commissioners, and partners in the wider healthcare organisations in your ability to cope with challenges while minimising the ripple effects on the wider health eco system.

Protects organisational values: it ensures the safety and well-being of the employee’s patients and public, during and after an event. In some cases, it also reduced the financial losses that may be incurred.

Enhanced security: It enables the organization to seize opportunities and scale effectively during periods of growth or recovery. It also allows organisations to really challenge the IT infrastructure afforded to them to manage disruption, especially those which are digitally technical and cyber related.

Picture

PCC deliver workshops: in business continuity, because we understand the importance of compliance, the delivery methodology is that of a humanistic approach, we create psychological safe spaces for attendees to be open about the work they currently do, and we inspire them towards congruence, with out being too prescriptive or theoretical, our aim is to keep the sessions balance and delivered based on real world situations that may arise locally, that our participants may not have considered the impact of or the consequence to their delivery of services.

If you would like to find out more about PCC workshops on business continuity management strategy and planning, please get in touch enquiries@pcc-cic.org.uk.

Author of this Article:
Mrs Joanna Fox l CMgr FCMI, FREC, FPMA, ACIEHF, PGCert, CEBA, ACIPD, ACCA Cert, IOSH, HND Sc, Prince2, MSP & QSIR Practitioner. MSc Y2 Patient Safety and Clinical Human Factors

Last Updated on 30 January 2024