Business Continuity

Standards module

v3.3

At some point, most organisations will be faced with a disruptive business continuity incident and/or corporate crisis. There have been many high profile events – acts of terrorism, Pandemic Flu, SARS, Boscastle, Buncefield, Enron, Lehman, Exxon-Valdez. However, it is often the less dramatic, more common incidents that can be particularly problematic to deal with.


The impact of an incident is not determined by the cause, but rather the effect on an organisation’s service delivery. The philosophy of Business Continuity Management is therefore geared towards reducing the impact of any interruption to specific resources by restoring critical functions, as quickly as possible, irrespective of the nature of the disaster.


Whilst disaster recovery planning has traditionally focused on IT recovery, business continuity planning addresses all of the essential requirements to keep the business running and includes processes to keep disruption to users, carers and employees to a minimum. In short, it is about ensuring that a crisis is managed effectively before it escalates to a disaster.


Key outcomes


  • Organisations will properly develop, document and understand their role and relationships with other organisations: local authorities, CCGs, housing and the emergency services   
  • Organisational infrastructure will become more resilient reducing the likelihood of significant disruption   
  • Organisations will embed incident management capability to ensure continuity of priority functions and key services to stakeholders during a disruptive event, making best use of personnel and other resources

Audit process


The Audit Process will seek robust evidence that the key outcomes have been met. 


As a minimum, TEC Quality certified organisations must: 


  • Have a named ‘accountable officer’ who is responsible for ensuring compliance with the Business Continuity Plan and associated procedures. 
  • Provide evidence that Business Continuity Plans are in place covering each service delivery area. These shall be reviewed regularly and at least annually and/or in response to a business continuity incident.
  • Provide evidence that the Business Continuity Plan and associated procedures are tested (minimum 6 monthly) and a post review report for each test is completed to identify any changes necessary and an action plan for implementation.  
  • Have written agreements with key suppliers and sub-contractors describing actions in the event of a Business Continuity Incident.   
  • Provide evidence that a Business Impact Analysis is undertaken at least annually covering each service delivery area.   
  • Provide evidence that key members of staff have received awareness training in relation to the Business Continuity Plan.   
  • Provide evidence that formal and structured on-call arrangements are in place, which ensure that a senior member of staff is available 24/7/365.   
  • Be able to define the key operational parameters, which ensure that the service is fit for the intended purpose(s).   
  • Implement processes, which ensure that the service achieves the key operational parameters.
  • Be able to identify a competent Design Authority, who has end-to-end responsibility for ensuring that the combination of enabling. technologies and the use of data are fit for use by care staff and users, and hence the intended purpose(s) of the Service.
  • Provide evidence and risk mitigation that the end to end system design is documented and reviewed by the Design Authority as a minimum every 6 months, or where there is a change within the system design or from analysis of a system failure or incident. This shall include but not limited to: 

- Avoidance/mitigation of single points of failure 

- Risk mitigation of single communication components.

 -A change management process that requires DA risk review and approval for any significant changes

Evidence might include


  • Business Continuity Plan
  • Service Continuity Procedures
  • Business Impact Analysis
  • Pandemic Flu Plan
  • Severe Weather Policy Involvement in:
  • Local Resilience Forum (LRF)
  • Emergency Planning exercises
  • Fuel Resilience Plan
  • Business Continuity Action cards
  • NHS England EPRR (emergency preparedness, resilience and response) return

“Technology Enabled Care Services (TECS) have a key role to play in maintaining independence and protecting people from harm. They should complement traditional support and not replace human contact. It is essential that services should be tailored to the individual and that when considering appropriate telecare/telehealth, the risks of the person coming to harm should be balanced against their right to autonomy.”



Madeleine Starr, MBE, Carers UK


Share by: