Business Continuity Management System (BCMS) Policy

At Well Wise Hub Ltd., we recognise the importance of ensuring the continuity of our business operations in the face of disruptions. This Business Continuity Management System (BCMS) Policy outlines our commitment to maintaining and developing effective business continuity plans to protect our employees, customers, and key business functions.

This policy complies with relevant UK laws and regulations, including ISO 22301:2019, which provides international standards for business continuity management systems.

Purpose of the Policy

The purpose of this BCMS Policy is to:

• Ensure the continuity of business operations in the event of unforeseen disruptions, emergencies, or disasters.
• Minimise the impact of business disruptions on our services, employees, and stakeholders.
• Establish a framework for developing, implementing, and maintaining effective business continuity plans.
• Comply with ISO 22301:2019, UK laws, and industry best practices.

Scope of the Policy

This policy applies to:

• All business operations and services provided by Well Wise Hub Ltd.
• All employees, contractors, and third-party service providers working on behalf of Well Wise Hub Ltd.
• All physical and digital infrastructure that supports our critical business activities.

Our Commitment to Business Continuity

At Well Wise Hub Ltd., we are committed to:

• Protecting the health, safety, and welfare of our employees and customers.
• Maintaining the availability of our critical services and operations during and after a disruption.
• Implementing proactive measures to identify and mitigate business continuity risks.
• Ensuring the resilience of our IT systems, data, and infrastructure.
• Providing training and guidance to employees on business continuity processes and responsibilities.
• Regularly reviewing, testing, and updating our business continuity plans to adapt to changing risks and requirements.

Key Objectives

The key objectives of our BCMS are:

• Risk Assessment and Identification: Continuously assess risks and potential threats to our business operations, including natural disasters, cyber-attacks, IT failures, and supply chain disruptions.
• Business Impact Analysis (BIA): Identify and assess critical business functions and the potential impact of disruptions on these functions.
• Incident Response: Develop clear procedures to respond to and recover from incidents quickly and effectively, minimising downtime and impact on customers.
• Recovery Planning: Ensure that we can restore normal business operations within agreed timeframes, with minimal disruption to our customers and stakeholders.
• Compliance and Certification: Maintain compliance with ISO 22301:2019 standards and applicable UK laws governing business continuity and disaster recovery.

Roles and Responsibilities

Effective business continuity management is the responsibility of all employees and contractors at Well Wise Hub Ltd. Key responsibilities include:

• Senior Management: Responsible for overall business continuity governance, including providing the necessary resources to implement and maintain the BCMS.
• BCMS Manager: The appointed Business Continuity Manager is responsible for coordinating all BCMS activities, including risk assessments, development of continuity plans, testing, and monitoring.
• Department Heads: Responsible for ensuring that business continuity plans are developed, maintained, and effectively implemented in their areas of responsibility.
• Employees: All employees are responsible for understanding their role in the business continuity plan and participating in training and exercises as required.

Risk Assessment and Business Impact Analysis

We will regularly conduct risk assessments and business impact analyses to:

• Identify potential threats to our business, including physical, environmental, technological, and human risks.
• Assess the potential impact of these risks on our critical operations, resources, and stakeholders.
• Prioritise the development of recovery strategies and plans for the most critical business functions.
• Ensure appropriate preventive measures are in place to mitigate risks where possible.

Business Continuity Plans (BCPs)

We will develop and maintain comprehensive Business Continuity Plans (BCPs) that:

• Address a wide range of potential disruptions, including IT failures, natural disasters, cyber incidents, power outages, and supply chain disruptions.
• Provide step-by-step procedures for responding to and recovering from incidents, ensuring the safety of employees and customers.
• Outline the roles and responsibilities of employees, key decision-makers, and external service providers during a disruption.
• Include clear communication protocols for internal and external stakeholders.
• Identify alternative facilities, systems, and procedures that can be utilised to ensure the continuation of critical business functions.

IT Disaster Recovery

To ensure the resilience of our IT systems and data, our BCMS includes robust IT Disaster Recovery (DR) Plans, which:

• Detail recovery procedures for all critical IT systems and infrastructure.
• Include secure data backup and recovery processes, ensuring that essential data is protected and recoverable.
• Specify clear recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical IT systems.
• Ensure cybersecurity measures are in place to protect against threats such as hacking, data breaches, and ransomware attacks.

Testing and Exercising

We will regularly test and exercise our business continuity plans to:

• Ensure the effectiveness of our response and recovery strategies.
• Identify any gaps or weaknesses in the current plans and address them.
• Provide training and awareness to employees, ensuring that they are familiar with their roles during a disruption.
• Conduct scenario-based exercises, including tabletop and full-scale simulations, to test different types of potential incidents.

Communication and Notification

Effective communication is critical during a business disruption. Our BCMS includes communication protocols that:

• Ensure timely and accurate communication with employees, customers, suppliers, and other key stakeholders.
• Outline the use of various communication channels, including email, phone, and social media, to keep all parties informed.
• Include clear processes for notifying relevant authorities, regulators, and industry bodies where required by law.

Continuous Improvement

We are committed to the continuous improvement of our BCMS by:

• Conducting regular reviews and audits of our business continuity plans and procedures.
• Collecting and analysing feedback from employees and stakeholders after incidents or exercises to identify areas for improvement.
• Staying updated with changes in business continuity standards, UK regulations, and industry best practices.
• Reviewing and updating this policy annually or in response to significant business changes or identified risks.

Compliance and Legal Requirements

Our BCMS is designed to comply with the following UK laws and regulations:

• Civil Contingencies Act 2004: Sets out the responsibilities of businesses in planning for emergencies and disruptions.
• ISO 22301:2019: The international standard for Business Continuity Management Systems.
• The Data Protection Act 2018: Ensures the protection of personal data during business continuity and recovery efforts.

Monitoring and Review

This policy and the associated business continuity plans will be reviewed at least annually, or more frequently in response to:

• Significant organisational changes.
• The identification of new risks or changes to existing risks.
• Outcomes of business continuity tests, exercises, or real-life incidents.
• Updates to relevant laws, standards, or industry best practices.

14. Contact Information

For any questions or concerns regarding this BCMS Policy, or to report a potential business continuity risk, please contact:

Well Wise Hub Ltd.
12 Barn Close, RG12 2TR, Bracknell, England.
Email Address: privacy@wellwisehub.co.uk
Contact Number: +44 7709 573 550

This Business Continuity Management System Policy is governed by the laws of England and Wales and aligns with the requirements of ISO 22301:2019.