{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Business Continuity and Disaster Recovery Policy

1. Purpose

The purpose of this Business Continuity and Disaster Recovery Policy is to provide a comprehensive framework for {{org_field_name}} to prepare for, respond to, and recover from potential disruptions that may affect its ability to operate safely and effectively. The policy is designed to ensure that {{org_field_name}} maintains the continuity of essential services, minimises disruption to clients, protects temporary workers, service users, and stakeholders, and complies with legal and regulatory requirements. It establishes clear roles, responsibilities, and procedures for planning, managing, and recovering from a wide range of incidents, including but not limited to natural disasters, pandemics, IT system failures, data breaches, major staff shortages, and other critical incidents. This policy ensures compliance with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, the Civil Contingencies Act 2004, the Health and Safety at Work etc. Act 1974, the Data Protection Act 2018, and the Equality Act 2010.

2. Scope

This policy applies to:

• All temporary workers employed by {{org_field_name}}, including registered nurses, healthcare assistants, and support staff under zero-hours or casual contracts
• All office-based and administrative staff responsible for coordinating temporary workers, managing client relationships, and supporting business functions
• All operational activities of {{org_field_name}}, including recruitment, compliance, placement, safeguarding, payroll, data protection, and communication
• All client organisations receiving services from {{org_field_name}} and all service users affected by the provision of temporary staff

This policy applies to business continuity planning for both planned disruptions (e.g., office relocation) and unplanned disruptions (e.g., floods, pandemics, cyberattacks).

3. Related Policies

• Critical Incident and Serious Incident Policy
• Safeguarding Adults and Children Policy
• Information Governance Policy
• Data Protection and Confidentiality Policy
• Health and Safety Policy
• Staff Wellbeing and Mental Health Policy
• Incident Reporting and Management Policy

4. Definitions

Business Continuity refers to the capability of {{org_field_name}} to continue delivering essential services during and after a disruptive incident. Disaster Recovery is the coordinated process of restoring disrupted business operations to normal after an incident. Disaster refers to any major event that significantly disrupts normal operations, such as fire, flood, data loss, pandemics, terrorism, cyberattack, or prolonged staff shortages. Critical Services are services that, if interrupted, would have a severe impact on clients, temporary workers, or the business, such as placement of staff, safeguarding, and payroll.

5. Principles

{{org_field_name}} is committed to:

• Ensuring continuity of critical operations during and after disruptive events
• Minimising disruption to clients and temporary workers
• Prioritising the safety and wellbeing of service users, staff, and other stakeholders
• Maintaining legal and regulatory compliance at all times
• Ensuring effective and coordinated recovery of business operations
• Communicating clearly and transparently with clients, staff, and stakeholders during incidents

6. Risk Assessment and Business Impact Analysis

The director will:

• Undertake regular risk assessments to identify threats that could disrupt business operations (e.g., IT failure, pandemic, staff shortages)
• Conduct Business Impact Analyses to determine the potential effect of such incidents on clients, workers, and the business
• Identify critical services and functions that must be maintained (e.g., safeguarding reporting, staff placement, client communication)
• Prioritise risk reduction strategies, including preventive measures, training, and investment in resilient infrastructure

7. Key Threats Identified

• Major staff shortages (e.g., due to illness, pandemic, or industrial action)
• IT system failures, including cyberattacks and data breaches
• Natural disasters (e.g., flood, fire)
• Power outages
• Communication failures (e.g., telephone, email, cloud service outages)
• Pandemic or public health emergencies
• Loss of key personnel
• Breach of safeguarding procedures leading to regulatory intervention

8. Business Continuity Plan (BCP)

{{org_field_name}} maintains a documented Business Continuity Plan which:

• Outlines roles and responsibilities for all staff during a disruptive incident
• Details steps to maintain critical operations
• Sets out escalation procedures and communication protocols
• Provides recovery timelines and contingency arrangements
• Is tested and reviewed regularly

Temporary workers must familiarise themselves with relevant sections of the Business Continuity Plan relevant to their role.

9. Activation of the Business Continuity Plan

The director is responsible for:

• Assessing whether the Business Continuity Plan needs to be activated
• Leading the business continuity response
• Communicating with all relevant parties, including clients, staff, and regulatory bodies
• Assigning roles to office staff for implementing continuity arrangements
• Reviewing the effectiveness of the response after the incident

Temporary workers must:

• Cooperate fully with instructions issued during the activation of the Business Continuity Plan
• Prioritise the safety and wellbeing of clients during assignments
• Report incidents or risks that may impact business continuity immediately

10. Managing Specific Disruptions

10.1 Staff Shortages

{{org_field_name}} will:

• Activate its emergency staffing protocol, prioritising high-risk and essential client placements
• Contact temporary workers who are available to offer additional shifts
• Use partner agencies if necessary, following pre-checked compliance procedures
• Postpone non-essential activities to focus on core service delivery

10.2 IT and Communication Failures

{{org_field_name}} will:

• Utilise backup systems, including secure cloud-based platforms
• Implement manual systems for temporary worker scheduling, client communication, and safeguarding reporting
• Maintain hard-copy contact lists and essential documentation for use in the event of IT failure
• Engage IT specialists promptly to resolve the issue

10.3 Office Closure

In the event of office closure:

• Remote working arrangements will be activated
• Office staff will use laptops and mobile devices to continue key functions
• Telephone lines will be diverted to mobile numbers
• Regular contact will be maintained with temporary workers and client organisations

10.4 Pandemic or Public Health Emergency

During a pandemic:

• {{org_field_name}} will follow all guidance from the UK Government, Public Health England, and NHS England
• Infection prevention and control measures will be enhanced
• Temporary workers will be provided with information about safe working, PPE, and infection control
• Alternative working arrangements will be considered (e.g., virtual training, remote supervision)

11. Communication During Disruption

The director will:

• Ensure that clients, temporary workers, and other stakeholders are kept fully informed
• Use multiple communication methods (e.g., phone, text, email) to reach all affected parties
• Provide clear updates regarding the nature of the disruption, actions being taken, and expected timelines for resolution
• Record all communication made during the incident for audit and learning purposes

12. Disaster Recovery Procedures

Following the stabilisation of an incident, the director will:

• Oversee the recovery of normal operations
• Review business functions to identify any outstanding issues
• Prioritise the full restoration of critical services, including client placements, payroll, safeguarding reporting, and data security
• Notify clients and temporary workers of the transition back to normal business operations
• Conduct a post-incident review to assess the effectiveness of the Business Continuity Plan

13. Training and Awareness

{{org_field_name}} will:

• Train all office staff on the Business Continuity and Disaster Recovery Policy and associated procedures
• Include relevant aspects of the Business Continuity Plan in the induction training of temporary workers
• Conduct regular drills or scenario testing to ensure preparedness
• Provide refresher training following significant incidents or changes to the plan

Temporary workers must:

• Participate in relevant training
• Follow instructions during periods of disruption
• Report any risks or incidents that could affect business continuity

14. Record Keeping

The director will:

• Maintain secure and accurate records of all business continuity plans, incident logs, post-incident reviews, and lessons learned
• Retain records in compliance with the Data Protection Act 2018 and GDPR
• Make records available to regulatory bodies, clients, or auditors where required

15. Director’s Responsibilities

As there is no registered manager, the director will:

• Lead all aspects of business continuity and disaster recovery
• Maintain, test, and update the Business Continuity Plan
• Ensure staff and temporary workers are trained and informed of their roles during disruptions
• Communicate openly with clients, regulators, and other stakeholders during incidents
• Monitor risks continuously and update business continuity arrangements accordingly
• Ensure that learning from incidents is incorporated into future planning and staff training

16. Working with Client Organisations

{{org_field_name}} will:

• Inform clients of business continuity arrangements
• Collaborate with client organisations to maintain essential staffing during disruptions
• Support clients to develop joint solutions when disruptions affect service delivery
• Share relevant information with clients to ensure continuity of care and safeguarding responsibilities are maintained

17. Continuous Improvement

The director will:

• Review the Business Continuity and Disaster Recovery Policy annually or sooner if required by law, best practice, or after an incident
• Monitor incident records, client feedback, and audit findings to identify areas for improvement
• Implement changes to enhance preparedness and resilience
• Promote a culture where risks are managed proactively and business continuity is integrated into daily operations

18. Policy Review

This policy will be reviewed annually by the director of {{org_field_name}} or earlier if required by legislative, regulatory, or organisational changes. Any updates will be communicated to all temporary workers, clients, and relevant stakeholders.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.