Public BoD papers 26.5.22

Agenda item 20/22e

Emergency Preparedness, Resilience and Response Annual Report 2021/2022

1. Introduction and background The Christie NHS Foundation Trust has a duty to ensure that its services are maintained irrespective of external or internal incidents, such as a fire or power failure, that could interrupt delivery of services, impact on its estates, service infrastructure or human resources, as well as to work closely with partners and external agencies. The Christie is not an A&E receiving hospital but must still have robust emergency planning procedures and business continuity management in place as required under the Civil Contingencies Act 2004 and NHS England’s emergency preparedness, resilience and response (EPRR) framework. The Christie has been continuously responding to the Covid-19 pandemic since January 2020. This response has accounted overwhelmingly for EPRR work on site, but other activities such as responding to other business continuity events and delivery of training have continued. Some low risk activities such as auditing local business continuity plans have been delayed, but whilst documents may not have been updated, departments have clearly been working in line with their business continuity arrangements in order to maintain their response to the pandemic. 2. Roles and responsibilities The role of Accountable Emergency Officer is fulfilled by the Chief Operating Officer. They are the executive lead for EPRR for The Christie. The Health, Safety and Emergency Planning Lead ensures that the trust’s EPRR statutory obligations and corporate responsibilities are met in relation to EPRR. 3. NHS EPRR Assurance and Audits 3.1 Annual self assessment against EPRR core standards The trust is required to undertake an annual self assessment against the NHS England core standards for EPRR. These standards traditionally cover all aspects of the trust’s EPRR work, including our statutory obligations under the Civil Contingencies Act. The self assessment for 2021/22 was more comprehensive than the previous year, but some elements were still suspended in view of the continued NHS response to the pandemic. This was received and approved by the Board of Directors in September 2021 when members agreed a substantial level of compliance (89-99% compliance with the core standards we are expected to achieve). No queries or concerns have been raised by GM Health & Social Care Partnership following our submission. 3.3 MIAA Audit of data security toolkit compliance The Health, Safety and Emergency Planning Lead met with Digital Solutions to assess our current level of compliance with the business continuity element of the data security and protection toolkit (Assertion 7). For 2020/21 the implications of Covid-19 on our IT infrastructure and security was used to show how we reacted to our business continuity plans. The evidence submitted was confirmed by the MIAA Internal Audit. In November 2021 the Health, Safety and Emergency Planning Lead supported a Cyber Exercise in a Box business continuity assessment, looking at home and remote working. This business continuity exercise had positive trust wide engagement. The Trust’s 2021/22 DSPT submission is due in June 2022,

80