Preparing Scotland: business resilience guidance
This guidance focuses on how organisations can become more resilient. In particular, it provides advice to Category 1 responders and information to other readers about the duties set out in the Civil Contingencies Act (2004) and associated Regulations.
Annex 1: The Legislative Context
The statutory duties concerning:
- the ability of Category 1 organisations to continue to be able to perform their functions [22] ,
- the provision, by local authorities, of advice and assistance to businesses and other organisations about the continuance of their activities.
relate primarily to their ability to meet the challenges of emergencies. 'Emergencies' are defined in the Act [23] as events or situations, including war and terrorism, which threaten 'serious damage' to human welfare, the environment or security. The National Risk Register [24] sets out the most serious risks which could lead to such events.
However, these requirements are not limited to their ability to respond to the emergency itself but include the effects of the emergency on the organisation. In order to develop and fulfil the requirements of the Act, planners will therefore need to consider related non-emergency Business Resilience. This may be significant in its own right but also because of its relevance to capabilities that support emergency functions. These include the management of the indirect effects of emergencies, the ability of organisations to sustain emergency capabilities and to recovery (in preparation for subsequent emergencies) and also to some aspects of work with partner organisations.
5.1 Having Business Resilience
The Civil Contingencies Act 2004 and the Civil Contingencies Act 2004 (Contingency Planning) (Scotland) Regulations 2005 set out the following duties in relation to being able to continue to be able to perform organisational functions. [25]
All Category 1 responders must maintain plans to ensure:
- that if an emergency occurs, as far as this is reasonably practicable, they can continue to perform their functions, and
- that if an emergency occurs or is likely to occur, so far as necessary or desirable, they can perform their roles of preventing the emergency; reducing, controlling or mitigating its effects; or taking other action in connection with it.
These two duties can be summarised as: having appropriate level of Business Resilience to continue priority activities and to respond to the emergency.
The regulations also set out some aspects of how these duties must be performed, stating that Category 1 responders:
- must have regard to any relevant risk assessments that have been carried out as part of the duties under the Act
- may maintain plans which relate to a particular emergency or a particular kind of emergency
- must maintain plans which relate to more than one emergency or more than one kind of emergency
- must, when maintaining plans, include arrangements to exercise the plan and to provide training for an appropriate number of suitable staff
- must have regard to any relevant arrangements to warn and to provide information the public about emergencies
5.1.1 Voluntary Sector Organisations
In performing the above duties, Category 1 responders must have regard to the activities of voluntary organisations which are relevant to emergencies and which operate their area. In this context, this means those whose purpose is to prevent an emergency, or to reduce, control or mitigate its effects, or those with a similar role. Whether or not the voluntary organisation carries out other functions in addition to these, does not affect this duty.
5.2 Promoting Business Resilience
Local authorities have additional duties connected with the provision of advice and assistance to other organisations about the continuance of their activities when faced with emergencies [26] . Local authorities:
- must provide advice and assistance to businesses at large about continuing their activities when affected by emergencies
- may provide advice and assistance to individual businesses about continuing their activities when affected by emergencies
- may provide advice and assistance to businesses in identifying and obtaining help from a competent and experienced business continuity consultant
The regulations also set out some aspects of how these duties must be performed. Local authorities:
- must consider relevant community risk registers when doing these things
- must consider any advice and assistance being provided by other responders in their area and need not duplicate that work
- must co-operate with other local authorities in the same partnership area in fulfilling these duties
- may perform these duties jointly with another responder or may make arrangements with another responder to perform the duty on its behalf
- may charge for the cost of providing advice and assistance on a cost recovery basis
These duties refer to 'commercial' activities and 'emergencies'. 'Commercial' is not a straightforward term to define. It should not be taken narrowly to mean only private sector businesses operating for a profit. Others, including charities, building societies and credit unions, carry out commercial activities; they operate as businesses, generate financial benefits and should be considered in performing this duty.
However, this does not mean that local authorities should concentrate solely on emergencies, as defined this way, when working to promote Business Resilience. Thankfully, most organisations will have direct experience of serious emergencies only rarely, and perhaps never in the case of those due to hostilities. Discussing a broader range of more commonplace disruptions is likely to be a more productive way to engage businesses, as very severe emergencies may seem less credible, too difficult to manage, or a problem for the emergency services. Pursuing this indirect route may lead from resilience against smaller disruptions to a greater ability to deal with higher impact events, although the approach taken should be tailored to the circumstances.
5.2.1 Voluntary Sector Organisations
Local authorities have equivalent duties to provide advice and assistance to voluntary organisations, with the exception that they need only provide this to those voluntary organisations which they consider 'appropriate'. In determining whether a voluntary organisation is 'appropriate' in this context, the regulations set out the following factors which must be considered:
- the nature and extent of activities the organisation carries out, particularly, the extent to which the organisation contributes to (i) the prevention of emergencies; (ii) the reduction, control or mitigation of the effects of an emergency; (iii) other actions in connection with an emergency; (iv) social welfare.
- the size of the organisation ( e.g. staff employed and turnover).
- whether the advice and assistance is likely to improve the organisation's resilience in the event of an emergency.
As the voluntary sector is large and diverse, it is unrealistic to expect local authorities to provide advice and assistance for all organisations. Rather, they should prioritise their efforts to those where its uptake would be likely to strengthen emergency resilience or social welfare in their region.
5.2.2 Geographic Scope
These local authority duties apply only in relation to businesses and voluntary organisations which operate in the local authority's area. This includes those which operate in the area for a period of time without being resident, for example, music festivals or major construction projects.
The additional duties placed on local authorities can be summarised as: taking appropriate steps to promote Business Resilience within the commercial and voluntary sectors in their area.
5.2.3 Other Category 1 Responders and Promoting Business Resilience
The regulations require other Category 1 responders in the area to cooperate with local authorities who are delivering these duties. In addition to initiatives led by local authorities, other Category 1 responders can promote Business Resilience in several ways:
- by influencing their suppliers and sub-contractors, thereby also improving the resilience of the Category 1 responder itself
- through the normal work of the organisation which will have Business Resilience consequences, e.g. crime prevention and fire prevention initiatives
- by 'warning and informing' work which makes organisations and the public more aware of risks
Contact
There is a problem
Thanks for your feedback