School Emergency Management and Business Continuity Planning Audit

The Civil Contingencies Act 2004 places a legal obligation upon emergency services and local authorities to assess the risk of, plan, and exercise for emergencies, as well as undertaking Business Continuity Management. Services provided by or via schools are considered to be critical for Kent County Council.

Last year there was a KCC internal audit report that considered the School Emergency Management and Business Continuity (SEMBC) Planning in ten schools.

There were several areas where the audit was satisfied that the measures and plans in place were robust and understood. However, there were three areas that indicated some action was required. This briefing note addresses those issues.

1. SEMBCP Guidance to Schools

The audit found that SEMBC Planning put in place by schools may be inadequate to manage continuity instances resulting in prolonged school closure and/or resumption of services.

KCC already publish the Emergency Planning for Kent Schools document, with the latest iteration being the 2020/21 version. This is a comprehensive document that is designed to support schools and the latest copy can be obtained through the office of the Area Education Officer. It is not available on Kelsi as some of the information is sensitive.

There is a Business Continuity template available on Kelsi.

In the new year, online training in “Introduction to School Emergency Planning”, “Grab Bags” and “Intruders, Incursion and Lockdown”, will be made available to all maintained Kent schools through the TEP platform, free of charge.

These resources should be used together to create, review and update school emergency management and business continuity plans.

2. Recovery and Resumption

The audit found that school systems and data may not be supported sufficiently with regular and effective backups to mitigate data loss in the event of server loss, ransomware attack, cyber-attack or other event.

You are reminded that where you provide your own data storage, you should ensure that there are sufficient protections in the form of backups to recover from a data loss incident.

If your school uses Cantium, you should be proactive about seeking the necessary assurances, by telephoning 03000 41 55 55 or emailing info@cantium.solutions with your customer account number.

3. School Emergency Management and Business Continuity Plan administration

The audit found that plans may need to be updated to deal with changes to services or personnel. New staff, or staff that are given new roles, may not understand their role in enabling the SEMT to respond to and manage events as they occur. Critical services may be unprepared, which may result in a failure to maintain education to pupils for a prolonged period and high costs to re-establish education provision. Similarly, if contact details are not complete or kept up to date, there may be a delay in the ability to engage with providers of critical Services.

You are reminded firstly, to keep plans up to date and to regularly test plans to ensure that assumptions are still valid.

Governors are also reminded of their responsibility to assure themselves that business continuity plans are in place, understood by all staff, are up to date and have been tested.