{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Business Continuity and Contingency Planning Policy

1. Purpose

The purpose of this Business Continuity and Contingency Planning Policy is to ensure that {{org_field_name}} is fully prepared to continue the safe and effective delivery of its services during any disruption, whether anticipated or unforeseen. The agency is committed to providing uninterrupted staffing services to care homes and healthcare settings and to ensuring the safety and wellbeing of service users, clients, temporary workers, and other stakeholders during times of crisis. The aim is to minimise disruption to clients and uphold regulatory compliance even when external or internal circumstances impact the agency’s capacity to operate normally.

This policy supports {{org_field_name}}’s legal and contractual duties as an employment business supplying temporary workers in England. It is designed to support continuity of critical staffing, payroll, recruitment, compliance, safeguarding escalation, communication, record keeping and data protection functions during disruption.

This policy is aligned with the Employment Agencies Act 1973, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, the Agency Workers Regulations 2010, the Employment Rights Act 1996, the Working Time Regulations 1998, the National Minimum Wage Act 1998 and National Minimum Wage Regulations 2015, the Equality Act 2010, the Immigration, Asylum and Nationality Act 2006, the UK GDPR and Data Protection Act 2018, the Health and Safety at Work etc. Act 1974, the Safeguarding Vulnerable Groups Act 2006, the Police Act 1997, the Rehabilitation of Offenders Act 1974 and relevant DBS requirements.

Where {{org_field_name}} supplies staff to CQC-regulated clients, the agency will support those clients by supplying workers who have been recruited, checked and deployed in line with agreed contractual requirements. However, {{org_field_name}} does not itself provide regulated care, direct care delivery or carry on regulated activities requiring CQC registration unless the business model changes.

2. Scope

This policy applies to:

• All temporary workers, agency workers, employees, workers, contractors or candidates engaged, supplied or introduced by {{org_field_name}}, including registered nurses, healthcare assistants, support workers and other healthcare or care-related staff, whether engaged on zero-hours, casual, fixed-term, worker, employee, PAYE, umbrella or other lawful arrangements.
• All permanent staff, including directors and administrative staff
• All client organisations relying on {{org_field_name}} for temporary staffing provision
• Any umbrella company, payroll provider, outsourced compliance provider, IT supplier, recruitment platform or other third-party supplier that supports a business-critical function.
• All services and functions of {{org_field_name}} including recruitment, placement, compliance, safeguarding, record keeping, and communication

This policy covers disruptions including but not limited to pandemics, public health emergencies, IT failures, cyber-attacks, power failures, natural disasters, severe weather, office closures, staff shortages, and business-critical incidents.

This policy also applies where disruption affects legal or compliance-critical activities, including right-to-work checks, DBS checks, professional registration checks, reference checks, worker suitability checks, issuing or updating Key Information Documents, confirming assignment details, payroll processing, holiday pay, National Minimum Wage compliance, Agency Workers Regulations monitoring, safeguarding referrals, incident reporting, personal data breach management and communication with clients and workers.

3. Related Policies

• Health and Safety Policy
• Data Protection and Confidentiality Policy
• Information Governance Policy
• Infection Prevention and Control Policy
• Recruitment and Staffing Policy
• Incident Reporting and Management Policy
• Safeguarding Adults and Children Policy
• Right to Work and Prevention of Illegal Working Policy
• Agency Worker and Assignment Management Policy
• Key Information Document and Terms of Engagement Procedure
• Working Time, Holiday Pay and National Minimum Wage Policy
• DBS and Safer Recruitment Policy
• Cyber Security and IT Disaster Recovery Policy
• Personal Data Breach Response Procedure
• Modern Slavery and Labour Exploitation Policy
• Remote Working and Information Security Policy
• Complaints Policy
• Whistleblowing Policy
• Supplier and Subcontractor Management Policy

4. Principles

{{org_field_name}} will ensure:

• Continuity of services during emergencies as far as is reasonably practicable
• The safety and wellbeing of temporary workers, service users, and clients during and after any disruption
• Transparent and timely communication with all stakeholders
• A rapid and organised recovery from any disruption
• Ongoing compliance with relevant legal and regulatory requirements
• Critical recruitment, compliance, payroll and safeguarding functions are prioritised during any disruption
• Temporary workers are not supplied into assignments unless required pre-assignment checks have been completed or a lawful and risk-assessed exception applies
• Workers continue to receive legally required information about assignments, pay, deductions, holiday entitlement and working conditions
• Personal data, DBS information, health information and right-to-work records remain secure during business disruption
• Any suspected labour exploitation, modern slavery, unsafe working practice or safeguarding concern is escalated without delay

5. Risk Assessment and Business Impact Analysis

The director will:

• Regularly assess risks that could affect the continuity of operations
• Identify critical business functions (e.g., staff placement, payroll, communication, safeguarding reporting)
• Identify legal and compliance-critical deadlines, including payroll deadlines, right-to-work follow-up checks, DBS renewal or update service checks, professional registration verification, safeguarding escalation deadlines, personal data breach assessment and reporting deadlines, and time-sensitive client notification requirements
• Assess whether disruption could cause workers to be paid late, underpaid, incorrectly deducted, incorrectly assigned, or supplied without required compliance checks
• Assess whether disruption could prevent workers from receiving assignment information, Key Information Documents, health and safety information, or changes to shift arrangements in a timely way
• Analyse the potential impact of disruptions on clients, service users, and temporary workers
• Develop plans to mitigate these risks wherever possible
• Update the risk register accordingly

Key risks considered include:

• Major staff shortages due to illness, resignation, or other crises
• Office closure due to flood, fire, or other physical damage
• IT or communication failures
• Pandemic or infectious disease outbreaks
• Cybersecurity incidents
• Disruption to key suppliers (e.g., payroll services, IT providers)
• Payroll failure, delayed wages, incorrect deductions, holiday pay errors or National Minimum Wage compliance risks
• Loss of access to recruitment, rostering, payroll, CRM, compliance or document management systems
• Loss, theft, corruption or unauthorised access to candidate, worker, DBS, health, right-to-work or payroll data
• Inability to complete or evidence right-to-work, DBS, professional registration, reference or suitability checks
• Inability to issue or update Key Information Documents, terms of engagement or assignment details
• Failure to monitor Agency Workers Regulations qualifying periods and equal treatment rights
• Sudden client closure, outbreak, embargo, safeguarding incident, suspension of placements or withdrawal of a major client contract
• Failure of an umbrella company, payroll provider, IT provider or subcontracted staffing partner
• Sudden change in legislation, government guidance, public health guidance, immigration rules, enforcement priorities or client contractual requirements
• Labour exploitation, modern slavery, worker coercion, fee-charging concerns, or unsafe accommodation / transport arrangements linked to work

6. Business Continuity Objectives

{{org_field_name}} aims to:

• Maintain critical staffing operations to ensure clients receive safe and reliable services
• Protect the safety, health, and welfare of temporary workers and clients
• Prevent avoidable disruption through proactive risk management
• Recover to normal operations as quickly and safely as possible following an incident
• Keep accurate records and evidence of actions taken during a disruption for regulatory and learning purposes
• Maintain payroll continuity so workers are paid accurately and on time wherever reasonably practicable
• Maintain compliance continuity so that workers are not supplied to clients without required legal, contractual and safeguarding checks
• Maintain communication continuity so that clients and workers receive timely information about assignment changes, cancellation, emergency arrangements, safety risks and reporting routes
• Maintain data protection continuity so that personal data remains secure and any personal data breach is identified, assessed, contained, recorded and reported where required
• Maintain evidence of compliance with the Conduct Regulations, Agency Workers Regulations, Working Time Regulations, National Minimum Wage legislation, right-to-work requirements, DBS requirements and client contractual requirements

7. Roles and Responsibilities

7.1 The Director

The director of {{org_field_name}} will:

• Assume overall responsibility for business continuity and contingency planning
• Approve and regularly review the business continuity plan
• Lead incident responses and business recovery processes
• Communicate promptly with clients, temporary workers, and staff during and after incidents
• Coordinate with appropriate external bodies where applicable, including safeguarding teams, the DBS, the police, insurers, local authorities, the Information Commissioner’s Office, the Health and Safety Executive, the Fair Work Agency, the Home Office, professional regulators and CQC-regulated client organisations. CQC will only be contacted directly where there is a lawful, contractual or safeguarding reason to do so, or where the agency’s activities change so that CQC registration may be required.
• Oversee the maintenance and testing of business continuity arrangements
• Ensure that emergency decisions do not compromise legal requirements relating to right-to-work checks, DBS checks, professional registration, suitability, pay, working time, holiday pay, National Minimum Wage, equality, health and safety or safeguarding
• Ensure that any use of partner agencies, subcontractors, umbrella companies or alternative suppliers is approved, documented and subject to appropriate due diligence
• Ensure that personal data breaches are escalated immediately and assessed against UK GDPR reporting requirements
• Ensure that workers and clients are informed promptly where disruption affects assignment arrangements, payment arrangements, reporting lines, health and safety arrangements or safeguarding escalation routes
• Monitor changes to employment law and agency worker regulation, including phased implementation of the Employment Rights Act 2025 reforms

7.2 Office Staff

Office staff will:

• Follow business continuity procedures as directed by the director
• Support temporary workers and clients during periods of disruption
• Maintain communication channels, data security, and essential records
• Follow manual fallback procedures for rostering, availability checks, assignment confirmations, timesheets, payroll information and compliance records where electronic systems are unavailable
• Escalate immediately any disruption affecting payroll, right-to-work checks, DBS checks, safeguarding, client safety, worker safety, personal data, cyber security or assignment compliance
• Ensure that no worker is confirmed for an assignment during a disruption unless the required checks and client requirements have been verified and recorded
• Maintain confidentiality and data security when working remotely or using alternative communication systems

7.3 Temporary Workers

Temporary workers are expected to:

• Follow instructions given by the director or their delegated representative during emergencies
• Prioritise the safety and wellbeing of service users when on assignment
• Report any concerns relating to client welfare, safeguarding, or safety immediately during periods of disruption
• Follow the lawful and reasonable instructions of the client organisation while on assignment, including site-specific emergency, infection prevention, fire safety, health and safety and incident reporting procedures
• Notify {{org_field_name}} immediately if they are unable to attend an assignment, are asked to work outside their competence, are asked to work unsafe hours, are exposed to unsafe working conditions, or believe service users may be at risk
• Submit timesheets, availability information, incident reports and other required records through the usual system or the temporary manual process notified by {{org_field_name}}
• Keep agency and client information confidential and secure during any disruption

7.4 Employment Business Compliance During Disruption

During any disruption, {{org_field_name}} will continue to operate in accordance with the Employment Agencies Act 1973 and the Conduct of Employment Agencies and Employment Businesses Regulations 2003. The agency will ensure, as far as reasonably practicable, that disruption does not prevent it from providing required information to workers and clients, agreeing terms, confirming assignment details, maintaining records, checking suitability, and avoiding prohibited fees to work-seekers.

{{org_field_name}} will maintain arrangements to issue and retain Key Information Documents before agreeing terms with agency workers and will ensure that workers receive clear information about pay, deductions, holiday pay, benefits, employment business details, umbrella arrangements where applicable, and representative examples of take-home pay where required.

Where electronic systems are unavailable, the agency will use approved manual processes to record worker terms, client requirements, assignment details, pay rates, deductions, holiday arrangements, timesheets, cancellation information and communications.

7.5 Agency Workers Regulations Continuity

{{org_field_name}} will maintain arrangements to monitor Agency Workers Regulations 2010 qualifying periods and equal treatment rights during business disruption. This includes monitoring whether an agency worker has completed the relevant 12-week qualifying period in the same role with the same hirer, subject to applicable breaks and pauses.

The agency will continue to communicate with clients to obtain accurate information about relevant pay, duration of working time, night work, rest periods, rest breaks, annual leave and other basic working and employment conditions.

Day-one rights, including access to collective facilities and information about relevant vacancies, remain the responsibility of the hirer, but {{org_field_name}} will support workers by signposting concerns to the client and escalating unresolved issues where appropriate.

The agency will not use pay-between-assignments arrangements as a means of avoiding equal pay rights under the Agency Workers Regulations.

7.6 Payroll, Holiday Pay and National Minimum Wage Continuity

Payroll is a critical business function. {{org_field_name}} will maintain contingency arrangements to ensure workers are paid accurately and on time wherever reasonably practicable, including manual timesheet verification, alternative payroll access, emergency payroll contacts and backup records of agreed pay rates and hours worked.

During disruption, the agency will continue to comply with National Minimum Wage requirements, Working Time Regulations requirements and holiday pay rules. For irregular-hours and part-year workers, the agency will apply the current statutory holiday entitlement and holiday pay rules applicable to leave years beginning on or after 1 April 2024, including lawful use of rolled-up holiday pay only where permitted and clearly shown to the worker.

Any payroll error, underpayment, unlawful deduction, holiday pay error or National Minimum Wage risk identified during a disruption must be escalated to the director immediately, investigated, corrected and recorded.

7.7 Right to Work Continuity

{{org_field_name}} will not deploy any worker unless a compliant right-to-work check has been completed before work starts, unless a lawful Home Office process confirms that the person may work. The agency will maintain contingency arrangements for right-to-work checks, including access to Home Office online checking services, share code checks, document verification processes, follow-up check reminders and secure storage of evidence.

Where disruption affects the agency’s ability to verify right to work, the worker must not be supplied until the check has been completed and recorded. Where a time-limited right to work is held, the agency will maintain a system for follow-up checks and will not rely on expired evidence.

Any concern that a worker does not have the right to work, has provided false documents, or is working in breach of immigration conditions must be escalated immediately to the director.

7.8 Safeguarding, DBS and Regulated Activity Continuity

{{org_field_name}} will maintain safe recruitment and safeguarding escalation processes during disruption. Workers must not be supplied into roles involving regulated activity, vulnerable adults, children, clinical duties or client-specified safeguarding requirements unless the required DBS, barred list, professional registration, reference, identity, right-to-work and suitability checks have been completed and recorded.

DBS certificate information and any related safeguarding information must be handled securely, used only for the purpose for which it was obtained, shared only where lawful and necessary, retained only for as long as necessary, and destroyed securely when no longer required.

Where {{org_field_name}} is acting as a personnel supplier and becomes aware of information that may trigger a legal duty to refer to the DBS, the director will ensure that the matter is assessed promptly and that any required referral is made. This applies even where a matter has also been referred to a local authority safeguarding team, the police, a client organisation or a professional regulator.

Safeguarding concerns arising during disruption must be escalated without delay in accordance with the Safeguarding Adults and Children Policy.

7.9 Data Protection and Personal Data Breach Continuity

{{org_field_name}} will maintain appropriate technical and organisational measures to protect personal data during disruption, including candidate, worker, client, payroll, health, DBS, right-to-work, safeguarding and assignment records.

Where a cyber incident, IT failure, loss of device, email error, unauthorised access, ransomware attack, data loss or accidental disclosure occurs, the incident must be reported immediately to the director or designated data protection lead.

The director or designated data protection lead will assess whether the incident is a personal data breach under UK GDPR, whether it is likely to result in a risk to individuals’ rights and freedoms, and whether notification to the Information Commissioner’s Office is required. Where notification is required, this will be made without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to individuals, affected individuals will also be informed without undue delay.

All suspected and confirmed personal data breaches must be recorded, including the facts of the incident, effects, remedial action taken, decisions about notification, and learning points.

7.10 Cyber Security and IT Disaster Recovery

{{org_field_name}} will maintain cyber security and IT disaster recovery arrangements proportionate to the size and risk profile of the business. These arrangements will include secure backups, access controls, multi-factor authentication where available, secure password practices, device security, anti-malware protection, software updates, phishing awareness, secure remote working and supplier management.

The agency will maintain backup access to critical information needed to continue safe operations, including client contacts, worker contacts, emergency contacts, availability records, assignment records, payroll contacts, safeguarding contacts, insurance contacts, IT support contacts and key supplier contacts.

Where a cyber incident affects access to systems, the agency will activate manual contingency processes for rostering, communication, compliance verification, timesheets, payroll and incident recording.

The director will consider National Cyber Security Centre guidance, including Cyber Essentials principles, when reviewing cyber resilience and business continuity arrangements.

7.11 Health and Safety During Assignments

{{org_field_name}} will take reasonably practicable steps to ensure that temporary workers are supplied only to assignments where health and safety arrangements have been considered and communicated. During disruption, the agency will continue to obtain and share relevant information from clients about workplace risks, infection prevention arrangements, PPE requirements, fire safety, lone working, manual handling, travel disruption, violence and aggression risks, and emergency reporting procedures.

Clients remain responsible for day-to-day direction, supervision and workplace safety arrangements at their premises, but {{org_field_name}} will not ignore concerns raised by workers. Any worker concern about unsafe conditions, inadequate PPE, unsafe staffing, excessive hours, lack of breaks, violence, harassment, discrimination or being asked to work beyond competence must be escalated and risk assessed.

Where the agency reasonably believes an assignment presents an unacceptable risk to a worker, service user or client, the agency may refuse, pause or withdraw supply until the risk has been addressed.

7.12 Modern Slavery and Labour Exploitation Continuity

{{org_field_name}} will remain alert to signs of modern slavery, labour exploitation, debt bondage, worker coercion, unlawful fee charging, document retention, unsafe transport, unsafe accommodation, threats, intimidation, excessive working hours or workers being controlled by another person.

Disruption must not be used as a reason to relax recruitment, identity, right-to-work, payroll, safeguarding or welfare checks. Any concern about labour exploitation or modern slavery must be escalated immediately to the director and managed in accordance with the Modern Slavery and Labour Exploitation Policy.

Where legally required, {{org_field_name}} will maintain a modern slavery statement. Where not legally required, the agency will still maintain proportionate anti-slavery procedures because of the risk profile of temporary labour supply.

8. Contingency Measures

8.1 Staff Shortages

In the event of staff shortages, {{org_field_name}} will:

• Prioritise essential client placements (e.g., complex needs, safeguarding risks)
• Offer overtime or additional shifts to available temporary workers
• Use only approved subcontractors, partner agencies or alternative staffing suppliers where this is permitted by the client contract, has been authorised by the director, and appropriate due diligence has been completed. Due diligence must include, where relevant, evidence of employment business compliance, right-to-work processes, DBS and safeguarding checks, insurance, professional registration checks, data protection arrangements, pay and National Minimum Wage compliance, health and safety arrangements and modern slavery controls.
• Maintain an up-to-date availability list of workers willing to be deployed at short notice
• Suspend non-essential tasks to focus on critical functions
• Do not lower recruitment, suitability, right-to-work, DBS, safeguarding or professional registration standards because of staff shortages
• Prioritise placements based on client risk, worker competence, continuity of care, contractual obligations and safeguarding considerations
• Keep a written record of decisions where the agency is unable to fill a shift, has to withdraw a worker, or has to prioritise one client over another

8.2 IT and Communication Failures

In the event of IT or communication failure, {{org_field_name}} will:

• Implement manual contingency plans for scheduling, timekeeping, and record-keeping
• Use approved alternative communication methods, such as business mobile phones, secure email, secure cloud-based platforms or encrypted messaging where appropriate, ensuring that confidentiality and data protection requirements continue to be met
• Ensure secure backup copies of key business continuity information are available, including emergency contact lists, client escalation contacts, worker contact details, safeguarding contacts, payroll contacts, insurance contacts, IT supplier contacts and manual forms for assignments, timesheets, incidents and communications
• Engage IT support to resolve issues as quickly as possible
• Notify clients and temporary workers of alternative communication arrangements
• Activate the Personal Data Breach Response Procedure where an IT failure may involve loss, theft, corruption, unauthorised access or unauthorised disclosure of personal data
• Use manual records only where necessary, keep them secure, and transfer them back into the main system as soon as reasonably practicable
• Verify worker compliance status before confirming shifts, even where the electronic compliance system is unavailable

8.3 Office Closure

In the event of office closure, {{org_field_name}} will:

• Activate remote working arrangements
• Ensure staff have access to cloud-based systems, secure emails, and communication platforms
• Redirect incoming calls and enquiries to designated mobile numbers
• Use virtual platforms for meetings, training, and staff support
• Ensure business-critical documents are securely stored and accessible remotely
• Ensure remote working is carried out in accordance with the Remote Working and Information Security Policy
• Ensure staff do not use personal email accounts, personal cloud storage or unauthorised messaging platforms for confidential agency, worker, client, DBS, payroll or safeguarding information
• Ensure paper records used away from the office are kept secure, transported securely and returned or destroyed securely when no longer needed
• Maintain arrangements for receiving post, legal notices, client correspondence, DBS correspondence, insurance correspondence and regulatory communications during office closure

8.4 Pandemic or Public Health Emergency

During a pandemic or public health emergency, {{org_field_name}} will:

• Follow current guidance from the Department of Health and Social Care, the UK Health Security Agency, NHS England where relevant, local health protection teams, the Health and Safety Executive and client organisations.
• Implement infection prevention and control measures for temporary workers
• Coordinate with clients to ensure safe deployment of staff
• Provide workers with up-to-date information on infection risks and protective measures
• Review staffing arrangements regularly in response to changing circumstances
• Confirm with clients any site-specific infection prevention and control requirements before deploying workers
• Communicate PPE, vaccination, testing, isolation, outbreak, reporting and travel requirements to workers where applicable and lawful
• Assess whether workers are fit and safe to attend assignments, taking account of current public health guidance and client requirements
• Keep records of public health guidance relied upon, client instructions, worker communications and deployment decisions
• Ensure that equality, disability, pregnancy, health condition and religious or belief considerations are assessed fairly and lawfully when applying public health measures

8.5 Payroll System Failure

In the event of payroll system failure, {{org_field_name}} will:

• Notify the director immediately
• Contact the payroll provider or payroll lead as a priority
• Use backup payroll records to identify workers due to be paid, hours worked, agreed rates, deductions, holiday pay and payment deadlines
• Use verified manual timesheets or client confirmations where electronic timesheets are unavailable
• Prioritise payment of wages and correction of any underpayments
• Communicate promptly with affected workers where payment may be delayed or corrected
• Keep a written record of the issue, action taken, workers affected, payments made, corrections required and learning points
• Review whether any payroll failure creates National Minimum Wage, unlawful deduction, holiday pay or contractual risks

8.6 Loss of Access to Compliance Records

In the event that {{org_field_name}} cannot access compliance records, the agency will not assume that a worker is compliant. Before confirming or continuing an assignment, the agency must verify required checks using backup records, secure copies, client-held evidence where appropriate, or direct confirmation from the relevant source.

Required checks may include identity, right to work, DBS, barred list checks where applicable, professional registration, references, training, occupational health or fitness information, client-specific requirements, terms of engagement and assignment details.

If compliance cannot be verified, the worker must not be newly deployed until the issue is resolved, unless the director has completed and documented a lawful, proportionate and client-approved risk assessment.

8.7 Major Client Disruption or Withdrawal of Assignments

Where a client closes, suspends placements, experiences an outbreak, loses registration, becomes subject to enforcement action, cancels large numbers of shifts, or raises concerns about supplied workers, {{org_field_name}} will:

• Confirm the facts with the client and record the reason for the disruption
• Communicate promptly with affected workers
• Assess whether workers should be redeployed, stood down, paid for cancelled work, or supported in line with their contract and legal rights
• Consider whether any safeguarding, whistleblowing, health and safety, payroll, discrimination, Agency Workers Regulations or contractual issue arises
• Retain records of client communications, worker communications and decisions made
• Escalate serious concerns to safeguarding bodies, professional regulators, the DBS, the police, the HSE, insurers or other bodies where required

9. Communication During Disruption

The director will:

• Establish regular communication updates to clients, temporary workers, and office staff
• Use multiple communication methods (e.g., email, telephone, text, video conferencing) to ensure essential information is disseminated
• Document all communications made during the disruption for transparency and accountability
• Ensure communication is accessible and non-discriminatory, taking account of language, disability, neurodiversity, health, digital access and urgency
• Ensure confidential information is shared only with those who need to know and through secure communication channels
• Ensure communications affecting pay, assignments, cancellations, health and safety, safeguarding, working time or legal rights are confirmed in writing wherever reasonably practicable
• Maintain a central log of key decisions, instructions, notifications and approvals

Clients will be informed:

• About the nature of the disruption
• How services will be maintained
• Any limitations or temporary adjustments to service delivery

Temporary workers will be informed:

• About their duties and assignments during the disruption
• Any changes to travel, reporting, or PPE requirements
• Who to contact if they have concerns
• Any changes to pay arrangements, timesheet arrangements, payroll dates or payroll contacts
• Any changes to assignment start times, cancellation arrangements, reporting lines or client instructions
• Any temporary manual process for submitting timesheets, incidents, availability or expenses
• How to raise concerns about unsafe work, safeguarding, discrimination, harassment, pay, excessive hours, fatigue or being asked to work outside competence

10. Testing, Monitoring, and Reviewing

The director will:

• Test the business continuity plan at least annually, including mock scenarios where appropriate
• Review performance after any actual incident to identify learning points
• Ensure that all staff are briefed on the policy during induction and at regular intervals
• Review and update the business continuity plan following significant changes to operations, staffing, or identified risks
• Test at least annually a scenario involving IT outage or cyber incident
• Test at least annually a scenario involving payroll failure or timesheet system failure
• Test at least annually a scenario involving inability to access compliance records
• Test communication cascades for clients, workers, office staff and key suppliers
• Review whether backup records are accurate, accessible and secure
• Review whether business continuity arrangements remain compliant with current employment agency, agency worker, working time, holiday pay, right-to-work, DBS, data protection and health and safety requirements
• Monitor legislative changes, including phased implementation of the Employment Rights Act 2025 and any regulations affecting zero-hours, low-hours, agency worker or shift cancellation rights

11. Documentation and Record Keeping

The director will ensure that:

• Copies of the business continuity plan are securely stored and accessible
• Incident logs are maintained during disruptions
• Records of actions, communications, and decisions taken during disruptions are accurately documented
• Clients, insurers, regulators, enforcement bodies, safeguarding bodies, professional regulators or other lawful recipients are provided with records where required by law, contract, safeguarding necessity or legitimate regulatory request.
• Records are retained in accordance with the Data Protection and Confidentiality Policy and the agency’s retention schedule
• DBS certificate information is handled, stored, retained and destroyed in accordance with DBS requirements
• Manual records created during disruption are transferred to the main system as soon as reasonably practicable and then securely destroyed where no longer required
• The agency maintains evidence of decisions affecting worker deployment, compliance checks, payroll, safeguarding, data breaches, client notification and withdrawal from assignments
• Records are sufficient to demonstrate compliance with the Conduct Regulations, Agency Workers Regulations, Working Time Regulations, National Minimum Wage legislation, right-to-work requirements, DBS requirements, UK GDPR and contractual obligations

12. Supporting Temporary Workers During Disruption

{{org_field_name}} will:

• Provide additional supervision and guidance to workers during disruptions
• Ensure temporary workers receive timely updates regarding assignments
• Ensure appropriate support is available for temporary workers who may experience stress, anxiety, or other challenges related to the disruption
• Facilitate access to professional support services if required
• Provide clear information about who to contact regarding pay, assignments, timesheets, health and safety, safeguarding, discrimination, harassment, fatigue, sickness absence or inability to attend work
• Take reasonable steps to avoid workers being pressured to accept unsafe shifts, excessive hours, work outside competence or assignments for which they have not received required information
• Consider fatigue, travel disruption, rest breaks, night work and working time risks when offering or confirming shifts during disruption
• Ensure workers are not treated unfavourably because they raise genuine health and safety, safeguarding, whistleblowing, discrimination, pay or legal compliance concerns
• Signpost workers to emergency support, safeguarding support, mental health support or external advice where appropriate

13. Director’s Governance and Oversight

As {{org_field_name}} is not registered with CQC and does not have a CQC registered manager, the director will retain overall responsibility for business continuity governance and oversight.

 The director will:

• Take personal responsibility for all business continuity and contingency planning activities
• Lead communication, decision-making, and risk assessment processes during crises
• Ensure that up-to-date contact information for all clients and workers is maintained
• Review the effectiveness of continuity plans following each incident
• Embed business continuity into the wider quality assurance framework of {{org_field_name}}
• Ensure the agency’s business continuity arrangements reflect its role as an employment business and temporary staffing agency, not as a provider of regulated care
• Keep under review whether any change to the agency’s operating model could trigger CQC registration, Home Office sponsor duties, additional health and safety duties, or other regulatory requirements
• Ensure that client contracts do not require the agency to take responsibility for direct care delivery unless this has been legally reviewed and approved
• Ensure that the agency’s policies remain aligned with current law, government guidance, enforcement arrangements and client requirements
• Maintain oversight of high-risk areas including payroll, right to work, DBS, safeguarding, professional registration, Agency Workers Regulations, National Minimum Wage, holiday pay, data protection, cyber security and modern slavery

14. Commitment to Clients and Stakeholders

{{org_field_name}} is committed to:

• Ensuring that clients continue to receive high-quality staffing support during adverse events
• Acting with transparency, integrity, and professionalism at all times
• Involving clients and key stakeholders in discussions about service adjustments when needed
• Supporting clients to protect the dignity, safety and rights of service users by supplying suitable, checked and appropriately informed workers, while recognising that the client remains responsible for the direction, supervision and delivery of care or clinical services at its premises unless otherwise agreed in writing and legally reviewed.
• Being transparent with clients where the agency cannot safely or lawfully fill a shift
• Not supplying workers where required checks, competence, right to work, safeguarding suitability or client-specific requirements cannot be verified
• Supporting CQC-regulated clients with staffing-related evidence where contractually appropriate, while not representing itself as a CQC-registered provider
• Cooperating with lawful safeguarding, regulatory, insurance or contractual enquiries following a disruption

15. Legal and Regulatory Framework

This policy should be read in the context of the following legislation, regulations and guidance, where applicable to {{org_field_name}}’s activities as an employment business and temporary staffing agency in England:

• Employment Agencies Act 1973
• Conduct of Employment Agencies and Employment Businesses Regulations 2003
• Agency Workers Regulations 2010
• Employment Rights Act 1996
• Employment Rights Act 2025 and phased implementation regulations / guidance where applicable
• Working Time Regulations 1998
• National Minimum Wage Act 1998 and National Minimum Wage Regulations 2015
• Equality Act 2010
• Immigration, Asylum and Nationality Act 2006 and current Home Office right-to-work guidance
• UK GDPR and Data Protection Act 2018
• Health and Safety at Work etc. Act 1974
• Safeguarding Vulnerable Groups Act 2006
• Police Act 1997
• Rehabilitation of Offenders Act 1974 and Exceptions Order 1975
• Modern Slavery Act 2015
• Civil Contingencies Act 2004, where relevant to wider emergency planning and local resilience arrangements
• Current guidance from the Department for Business and Trade, Fair Work Agency, Home Office, ICO, DBS, HSE, UKHSA, NCSC and other relevant public bodies

{{org_field_name}} recognises that it is not a CQC-registered provider and does not provide regulated care. The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 and CQC assessment framework are therefore relevant mainly to the agency’s CQC-regulated clients, unless {{org_field_name}} changes its services so that it directly carries on regulated activities.

16. Policy Review

This policy will be reviewed at least annually by the director of {{org_field_name}} or sooner where there is a significant incident, near miss, client concern, safeguarding issue, data breach, cyber incident, payroll failure, regulatory change, change in employment law, change in public health guidance, change in immigration or right-to-work requirements, change in DBS requirements, change in agency worker regulation, change in the agency’s operating model, or material change in client contractual requirements.

The director will specifically monitor developments relating to the Employment Agencies Act 1973, the Conduct Regulations, Agency Workers Regulations 2010, Employment Rights Act 1996, Employment Rights Act 2025 implementation, Working Time Regulations 1998, National Minimum Wage legislation, Equality Act 2010, right-to-work requirements, UK GDPR, DBS requirements, health and safety law and modern slavery requirements.

All amendments will be communicated clearly to relevant office staff, temporary workers, clients, suppliers and other stakeholders where the changes affect their responsibilities or rights.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.