In Part 4 we look at how to take into account your regulatory obligations in your Business Continuity Plan.
For many businesses who have regulatory obligations some of the considerations will be bespoke to them and outside the scope of this Blog, however there are regulatory considerations that will apply to the majority of businesses and principles we can all take into account.
General principles you should consider:
● If you have designated roles such as Data Protection Officer, Health & Safety Officer, First Aider, Fire Marshall etc then you need to consider what would happen if that person was not available – consider having a deputy who could step into that role if and when necessary .
● Key dates – it’s important to know across the business the key dates that need to be complied with – the dates for filing reports, inspections, taking remedial action, renewing insurances etc – Consider having a centralised diary for key dates
● Information in a person’s head is no use if that person is not there – Consider having a manual/how to guide for that role so that all the information is in one place, and all key contacts and their details in one place
There are regulatory steps that can only be taken by certain people – for example only Directors can sign off the annual accounts or sign off the annual confirmation statement. Sometimes for security or data protection reasons certain organisations will only deal with named individuals – for example Banks will only communicate with those on the bank mandate. You need to consider what would happen if those people are not available. Directors in particular may want to consider having in place a Business Lasting Power of Attorney to legally appoint an attorney to act in the Director’s place if they were incapacitated or unavailable. For more information on Business LPAs contact either Dawn Cash or Elaine Williams on 01384 811 811.
Also consider how you would maintain compliance in situations such as we face now where the majority of your workforce may be working from home:
What steps can you take to maintain health and safety (you are still responsible for your employees’ health and safety when they are working from home)
● Think about the equipment you are providing;
● Ensuring working hours are maintained and people do not go overboard because the lines between home and work are blurred
● Risk assessments regarding their working space
Guidance on how to work safely at home – for example a reminder of how a desk should be set up taking into account the type of seating, monitor height etc
What steps can you take to maintain data protection compliance
● How information should be accessed, what should and should not be printed
● Security of equipment and data bases – are they all password protected?
● Email and telephones – using own equipment
If you do not have them in place then consider whether you need an IT policy, a Bring Your Own Device to Work policy, a Home working policy or agreement, a confidentiality agreement. For assistance with these please call Hannah Scott or Courtney Hawkins on 01384 811 811.
Finally it’s important to ensure that the team meetings still happen – this is a good way to share knowledge and check up on what is and is not happening.