Public BoD papers 26.5.22

analogue phone being disconnected was considered to be minimal, however contingency arrangements and timescales for reinstatement were discussed as part of the exercise. 5.1.3 Cyber tabletop exercise (remote working) - 9 November 2021 This exercise was undertaken to meet the exercising requirement of the data security and protection audit process. There were representatives from a number of clinical and non-clinical services. The aim of the tabletop exercise was to understand the controls and measures in place for data security and protection when working from home/remote working. There was some good discussion over a number of points such as what is available in terms of equipment, how it can it be used effectively, and connectivity. 5.2 Internal training Ten training sessions for duty managers and on call executive directors were delivered over the year to 19 people. 5.3 External The exercises that have taken place across Greater Manchester have not been applicable to the trust. 6. Policies and procedures Several EPRR documents were reviewed and received approval during 2021/22. These were: • Major incident plan • Winter plan • Pandemic flu plan 7. Lessons learned Opportunities for learning are identified during exercises, following incidents and through the self-assessment process. Some of the lessons learned and actions taken in 2021/22 are: • Local awareness of where analogue phones are located • The need to provide guidance and support for new or alternative digital applications • Wider communication of support numbers including full dialing code and prefixes of extension numbers for staff working from home 8. Recommendation The Board of Directors is asked to note current compliance and the work that has been undertaken during 2021/22.

82