Guidance

Incident response plan

Updated 15 January 2025

Purpose

The UKHSA incident response plan (IRP) provides an overarching framework for the Agency’s response to any significant public health related threat or business continuity incident.

The IRP is an all-hazards approach to managing public health emergencies and describes the activity required at each phase of the response cycle. The IRP is supported by the response centre interoperability plan, which is complementary, and provides further operational detail.

The objectives of the IRP are to set out the:

• 5 phases of UKHSA’s public health and health security response:
  • situational awareness
  • alerting
  • assessment
  • response
• recovery
• UKHSA’s incident response levels, including parameters for escalation and de-escalation
• principle roles and responsibilities within command, control and coordination (C3) structures
• people management protocols during response including health, safety, and wellbeing
• process for initiation of the recovery phase including debriefing and continuous improvement
• relationship to supplementary plans within UKHSA

Who

This plan is for use by all UKHSA staff.

What

This plan sets out the principles for each stage of a response to any form of public health, health security, or business continuity incident.

How

This plan should be used to guide UKHSA incident response teams in line with the principles of how to manage a response. This should be used in conjunction with the wider UKHSA emergency preparedness, resilience and response (EPRR) documentation, hazard-specific response plans, and standard operating procedures (SOPs).

When

This plan covers the cycle of incident response within UKHSA:

• situational awareness
• alerting
• assessment
• response
• recovery

It should be referred to for every incident.

Why

This plan presents a single framework for response, to ensure a coordinated and efficient approach across the agency.

The IRP in relation to other preparedness documents

The IRP is supported by several additional documents including SOPs, hazard and threat specific response plans. The hierarchy of UKHSA’s preparedness and response documentation is in Figure 1.

Figure 1: UKHSA’s systematic approach to preparedness and response

Figure 1 shows a pyramid-shaped model. It has UKHSA’s goals at the apex. The next tier down sets out the 3 core EPRR documents (the UKHSA EPRR Concept of Operations, UKHSA Preparedness Plan, and UKHSA Incident Response Plan) and how these describe:

• our (the UKHSA’s) response to our EPRR statutory duties

• how we prepare our people, plans and infrastructure to be ready to respond

• how our all-hazards response arrangements will function during an incident response

The tier below this sets out the ‘supporting plans’ which include the:

• Training and exercises plan
• Continuous improvement plan
• EPRR assurance assessment
• Business continuity framework
• Response centre interoperability plan

The final tier sets out the ‘threat-specific plans’ including the:

• National power outage plan
• Cyber attack plan
• Chemical, biological, radiological, and nuclear (CBRN) plan
• High consequence infectious disease plan
• Pandemic plan

It notes that additional threat-specific plans may be appropriate as described in the Preparedness plan.

Situational awareness

Within UKHSA, several teams routinely monitor information from a range of sources.  They share information that has the potential to impact wider service areas across regional and national systems. This is to increase situational awareness and inform decision making. Situational awareness from across UKHSA is synthesised and shared internally and to main external partners via the all-hazards situational awareness (AHSA) report and dashboard.

UKHSA holds thrice weekly situational awareness calls providing a mechanism for reporting developing situations or ongoing incidents. Situational awareness across the health sector is also gathered via a dedicated call with multiagency partners. Updates received within these meetings are reviewed by the duty Senior Medical Adviser (SMA) and a senior national response centre (NRC) representative to identify any issues requiring escalation.

Alerting

The receipt of an alert or information on a developing situation may require a risk assessment as part of an alert mode. Alerts may be received by UKHSA from a wide variety of sources which are set out in figure 2.

Figure 2: Alerting sources into UKHSA

Figure 2 shows the list of different teams can alert the UKHSA. These are:

• Department of Health and Social Care (DHSC)
• Cabinet Office
• devolved public health authorities
• UKHSA internal teams
• international agencies, such as the World Health Organization (WHO) or the European Centre for Disease Prevention and Control (ECDC)
• security services
• members of the public
• emergency services
• NHSE (national)
• NHS regions and integrated care systems
• local authorities
• NHS and care service providers
• local resilience forum partners
• other government departments

Notification to UKHSA of localised situations is predominantly via the network of 9 regional response centres (RRCs).  Where specific teams that provide a response function within UKHSA are alerted, information must be shared promptly with all RRCs in the affected area and the NRC.

Notification of a situation that may require national level co-ordination within UKHSA should be communicated directly to the NRC.

Assessment

Dynamic risk assessment

The dynamic risk assessment (DRA) is a structured process to inform the appropriate level of response for UKHSA. At the national level, the DRA process is owned by the NRC, with a defined pool of chairs to maintain consistency of approach and is distinct from a Public Health Risk Assessment.

Applying the EPRR principles of subsidiarity, a DRA can be requested at any time via the NRC based on a combination of situational awareness and professional judgment. It is a two-stage process comprising a review of the information available on the situation, before assessment against specific criteria. A decision is then made as to whether an incident should be declared or an existing incident escalated.

The outcome of a DRA can be the recommendation of an incident response level or the establishment of a contingency planning team. If a response is indicated, the DRA chair makes a recommendation on incident level in accordance with figure 3 and table 1. The DRA will also identify if a threat specific plan is indicated.

Figure 3: UKHSA incident response levels

Figure 3 shows the 4 levels of incident response severity. The levels increase in severity from top to bottom. They are recreated (and slightly abridged) in table 1.

Table 1: UKHSA incident response levels

Severity	Description	Who can approve
Severe	Exceeds the threshold for an enhanced incident. The majority of UKHSA is reprioritised for the incident response	Chief Executive (CEX)
Enhanced	The scale of the incident response requires a more significant mobilisation of resources and a greater strategic response. It is supported by a strategic response group with oversight from a strategic response director	CEX
Standard	Require co-ordination and/or resources over those provided by normal operational capacity and capability. They are managed by an incident management team (IMT) and lead by an incident director (ID)	Chief Medical Advisor (CMA)
Routine	Manageable within normal operational capacity and capability	DRA chair

Exceptions to the DRA activation process include certain CBRN and high consequence infectious diseases events. In these situations, an incident management team (IMT) may be convened before a DRA has been undertaken. An enhanced incident is automatically declared in these circumstances and a DRA carried out as soon as is feasible. Further details on the DRA are detailed within the response centre interoperability plan.

Contingency planning teams

Where an incident response is not indicated a contingency planning team (CPT) can be established as a flexible structure to proactively manage preparedness activities. This includes international rising tide events with the potential to impact the UK or pre-determined scenarios. The CPT will maintain oversight and situational awareness of the event for UKHSA, coordinating information relevant to the event and sharing appropriately. The recommendation to establish a CPT is an alternative outcome of the DRA to the incident declaration process. The DRA will also determine the level of the CPT. That is; routine, standard or enhanced. The governance and membership of the CPT is agreed via an appointed CPT Lead, NRC and DRA Chair or Deputy Director EPRR. Proportional management and coordination, including escalation or de-escalation will mirror that of the UKHSA Incident Response Arrangements.

Incident notification

Immediately following the DRA, the NRC produces and disseminates an initial incident notification (IIN) which is signed off by either the DRA chair, CMA or CEX.  This enables rapid sharing of information with relevant parties.

De-escalation

In accordance with the EPRR principle of direction the IMT should set clear objectives at the start of an incident including agreeing what a successful outcome would be. The IMT will determine when the response no longer requires the level of coordination associated with the incident level via a review of progress against the incident objectives and in accordance with Figure 3 for de-escalation. 

These objectives should be regularly reviewed during the IMT and a recommendation to de-escalate when it believes they have been met. (See ‘Incident aim and objectives’). Approval to de-escalate sits with either a DRA chair, the CMA and CEX dependent on the level of response (3). As part of the de-escalation process a recovery strategy will be documented and agreed which indicates where any outstanding or ongoing actions will be managed as part of BAU or routine arrangements. The scale of this plan will depend on the nature of the incident.

Following approval of de-escalation, an incident notification is distributed to interested parties and an update provided in the all hazards situational awareness (AHSA) report. The incident level is fluid and may be escalated again following de-escalation.

Response

The move from alert mode to response mode indicates that additional steps are required to manage a situation as identified during the DRA. These are established within a response structure set out by incident response level.

Response levels

UKHSA operates four levels of incident response with the flexibility to escalate or de-escalate its response as required.

UKHSA incident response levels description

Routine

• manageable within normal operational capacity and capability of regional or specialist response centres (SRCs), or nationally based teams

• does not require escalation or activation of a national IMT
• IMTs or OCTs may be convened as part of routine arrangements at the regional or specialist centre level
• liaison and inclusion of relevant external bodies as required
• information on routine incidents fed up as appropriate via the RRC or SRC for awareness to support situational awareness

Standard

• managed by an IMT and led by an incident director (ID)
• national incident coordinated by NRC
• managed proportionately to the level of risk, with support from regional or specialist functions, required for delivery and coordination of the response
• liaison and inclusion of relevant external bodies as required
• agency resources may require reprioritisation to support incident requirements and surge plans activated if needed
• information on standard incidents fed into the AHSA report

Enhanced

• managed by a National IMT and led by an ID
• national Incident coordination by NRC
• managed in accordance with level of risk and including regional or specialist functions, required for delivery and coordination of the response
• strategic oversight provided by strategic response group (SRG), led by a strategic response director (SRD)
• incident likely to involve complex stakeholder management and attract media and political interest
• agency resources will require reprioritisation to support incident requirements and surge plans activated
• information on enhanced incidents fed into the AHSA report

Severe

• initiated if enhanced level resource requirements or risk threshold is exceeded
• SRD identified by ExCO – SRG comprised of supporting director general (DG) level individuals and/or nominated individuals
• majority of UKHSA resource reprioritised for incident response
• central coordination provided by NRC
• all surge plans activated (internal and external)
• top-down response likely coordinated by COBR with UKHSA feeding into response

Response structure, roles and responsibilities

The incident response structures within UKHSA follow the principles of C3 which uses resource and direction applied at operational, tactical and strategic command levels. This incident management structure (IMS) establishes several key roles for the activation, implementation and continued management of the arrangements set out in this plan.

The level of command assigned at each role does not convey seniority within the organisation, but the level of command an individual has within the response, based on appropriate expertise, competency and training.

Incident director

The ID leads UKHSA’s tactical response to an incident; they ensure an appropriate, effective and equitable response under the public sector equality duty. For routine and standard level incident response the ID provides overall leadership, decision making and accountability. For Enhanced level response the ID provides tactical and operational leadership whilst the SRD provides strategic oversight and direction. Further detail on the ID role (including action cards) can be found in Annexe B and the response centre interoperability plan.

Strategic response director

The SRD provides the overall strategic direction of an incident within the context of the wider resource, capacity, public health objectives of the agency, and leads on cross-government liaison. An on-call SRD is available 24/7 via on call arrangements to support strategic decision making in response to an acute situation. A dedicated SRD is only required during an enhanced or severe level response. Further detail on the SRD role (including action cards) can be found in Annex B and the response centre interoperability plan.

Response centre

Response centres across the agency utilise the skill and experience across their teams to provide the tactical coordination function for each response. They liaise directly with the main roles set out in the response structure.

It is the responsibility of the response centre to advise the ID on how the response structure should be implemented or adapted in line with the incident requirements. The response centre should also provide the recommendation for any additional functional roles to support the incident director and enable them to maintain oversight of the incident. Much of the further detail around the role of the response centre can be found in the response centre interoperability plan.

Incident coordination and management

Incident management team

The IMT comprises the ID and key roles required for the incident response. The IMT meeting is the main decision-making forum for the incident and is chaired by the ID to ensure a coordinated, timely and efficient response.

The IMT meeting is a closed meeting with a limited attendance determined by the ID to ensure efficiency, protect sensitive information and on occasion to comply with security clearance requirements. Dependent on the incident it may be appropriate to invite attendees from the wider health sector (NHS, DHSC), other government departments or the public health agencies of the devolved administrations. A template IMT agenda is documented within Annexe C. A core cast list and list of potential additional IMT members can be found within incident specific incident action plans held by the NRC.

Information and updates brought to IMT for discussion should be kept brief to facilitate decision making. Detailed technical or operational matters should be discussed within incident cells and an update or escalation provided to IMT via the cell lead.

Incident objectives

Incident objectives are set by the ID and agreed by IMT to define both the incident scope and support ongoing monitoring of progress.

In the context of goal setting, objectives should be SMART:

• specific: clearly defined and focused on a particular aspect
• measurable: progress can be tracked and quantified in some way
• achievable: challenging but attainable with effort and resources
• relevant: aligns with your overall goals and priorities
• time-bound: has a specific deadline or timeline for achievement

Aims and objectives can be split into 4 main categories;

• protection of public health
• containment of the incident
• investigation and assessment
• communication and coordination

The range of objectives established should reflect the size and complexity of the incident. Example objectives can be found within the incident action plan template (Annexe C).

Objectives are owned by the IMT (and where established, SRG) and must be reviewed regularly to ensure the focus of the incident remains on track. The IMT may propose escalation or de-escalation of the incident against the status of the objectives set.

Strategic response group

The SRG meeting is convened for incidents running at enhanced or severe levels and is chaired by the SRD. The purpose is to provide strategic oversight to an incident or concurrent incidents and to promote the joint understand of shared risks between UKHSA and its partners.

The ID maintains overall responsibility for the tactical and operational aspects of the response and reports into the SRD who provides strategic leadership. A sample SRG agenda can be found within Annexe B. A core cast list and list of potential SRG members is held by the NRC.

Incident cells

Operational level support for the incident response is achieved via several cells, which use specialist skills or functions available across UKHSA to respond effectively to the specific requirements of an incident, and to operationalise the actions or decisions identified at the IMT.

There are 8 core cells available to support an incident, which are described in Annexe D. In support of each core cell, detailed terms of reference (TORs) are held by the NRC and contained within a cell pack. The ID will decide which cells are required to support the response. Cells can be used to support an incident at any response Level.

A template terms of reference for the core cells is provided in Annexe D. Note that the core cells are supported by core enabling functions such as IT infrastructure, Testing, infection prevention control and others. Where required given the scale or intensity of an incident, enabling functions may be established as a standalone cell.  

Activities in each cell are led by an appointed cell lead and coordinated via individual cell meetings. These meetings enable cell members to consider in detail the operational or technical information to support the response, which is summarised for the IMT. Cell leads are identified from a pool of trained individuals documented within the completed cell terms of reference. Wider support for staffing cells is provided by people group and or people cell.

Organisational responsibilities

The potential scale and nature of an enhanced or severe response means that its management is a priority and the responsibility of the entire UKHSA.

All UKHSA staff have a responsibility to support emergency response when required, with suitable training provided.

The people group lead on ensuring that the skills and capabilities available to UKHSA are known and that the necessary processes, technology, and supplier relationships to enable the agency to action requests effectively are in place.

Health equity

UKHSA works as part of a wider system to tackle health inequalities. Our role is to consider and address the needs of different groups within the health protection services we provide, and we must meet our legal obligations on health equity.

Our first legal obligation is the Public Sector Equality Duty (PSED). This is a statutory requirement under s.149 of the Equality Act 2010 that requires public authorities to have due regard to:

• eliminate unlawful discrimination, harassment, victimisation
• advance equality of opportunity between those people who share a protected characteristic (which are listed on PSED page) and those who do not
• foster good relations between people who share a protected characteristic and those who do not

Our second obligation concerns tackling health inequalities. Tackling health inequalities is a duty under the Secretary of State in the Health and Social Care Act 2012, where it is framed as a duty to prevent unfair and avoidable differences in health outcomes.

In incident response, everyone has a responsibility for tackling health inequalities, with the ID having overall legal responsibility for adherence to the relevant legal duties.

Incident response structures, processes and decisions should promote equitable access to health services, resources, and information, prioritising vulnerable populations to ensure a fair response to a public health threat:

• identify populations and groups most at risk from health protection inequalities, both directly from the hazard and arising from the public health response
• systematically consider the needs of these groups and prioritise action to support them
• apply mitigations to minimise avoidable harm, identify and implement opportunities to improve equitable outcomes
• continuously evaluate actions planned and taken to address health equity at all stages of the response
• support all those working in an incident to meet the legal duties on Public Sector Equality Duty (PSED) and Health Inequalities, considering specific characteristics including those protected in law, such as sex, ethnicity or disability

The principle of proportionality is applied throughout the incident lifecycle to ensure all measures taken in response to an incident are necessary and justified.

Incident concurrency

The usual arrangement for the UKHSA incident response structure is for an ID to lead a single incident via a single IMT.

However, UKHSA deals with multiple and concurrent incidents and must be able to flex its response mechanisms to suit the situation. As required, incident management can be combined into either a multi-incident IMT or a multi-incident SRG as set out by the incident structures in Figure 4 and Figure 5, allowing lead roles to spread across multiple incidents. This will be a decision determined as part of the DRA and in consultation between the SMA and senior NRC representatives.  

In some instances, a situation may require greater operational management over technical input (for example, to coordinate ongoing monitoring and information cascade activity). As highlighted in the first section, the contingency planning group can be used to facilitate this function, particularly for those incidents that span the gap between ongoing BAU activity and incident response.

Figure 4: Concurrent incident structure. Single ID, multiple IMT

Figure 5: Concurrent incident structure. Single SRD, multiple ID

Figure 4 shows the flow of information to the ID. The ID received information from the NRC, which contains IMTs. The NRC receives information from the:

• regional or specialist response IMTs
• regional response centre

The regional or specialist response IMTs monitor the incidents.

Figure 5 shows the flow of information to the strategic response director. It is the same as figure 4, except it posits multiple IDs, who report into a strategic response group which in turn reports to a strategic response director.

Response processes

The following sets out key processes that underpin an effective response. The focus on the incident response is on managing the impacts of the incident and ensuring that UKHSA continues to be able to protect and improve the nation’s health. The investigation into the root cause of the incident is outside the scope of UKHSA response plan.

Situational updates and communications during response

Situation reports

The situation report (SitRep) is the main mechanism to provided situation awareness to internal and external interested parties and can be used for standard, enhanced and severe incidents. Information includes a summary of the current situation, progress and any ongoing challenges. The SitRep is produced by the response centre at regular intervals, the frequency of which is determined by the IMT.

The SitRep will usually be distributed to all members of the IMT and SRG alongside a standard distribution list consisting of UKHSA directors, DHSC, NHSE and COBR officials. Despite the inclusion of external partners, the SitRep is still considered an internal communication and is not for wider distribution beyond the recipients unless overwise agreed. The SitRep should be protectively marked as appropriate and distributed accordingly. The Sitrep template and distribution list are held by the NRC.

For certain incidents a decision may be made to extract information contained within the SitRep and convert to a commonly recognised information picture (CRIP) used with other government departments (OGDs).

National patient safety alerts (NatPSAs)

NatPSAs are official notices giving instruction to NHS bodies on how to prevent risks that might cause serious harm or death. These risks include:

• communicable diseases, such as outbreaks of infectious disease, microbial contamination of medicines or illicit substances (but not medical devices), deliberate attacks
• non-infectious hazards, such as chemical or radiation exposure, chemical contamination of medicines or products, deliberate attacks
• service delivery failure, such as supply disruption (vaccines)

Any proposed NatPSA must meet the National Patient Safety Alerting Committee (NaPSAC) agreed threshold of “more likely than not of one or more potentially avoidable deaths or disability in healthcare in England in a year”. If a proposed alert does not meet this threshold, it must be communicated via an alternative channel.

Briefing notes

Briefing notes are a tool that can be used in business as usual and response situations to communicate, primarily internally with instructions on further cascades to external partners, on appropriate responses to new events, hazards, concerns or knowledge that have operational significance. They are considered formal reports communicated both within the organisation and between agencies. The intention of the briefing note is to provide:

• an overview of current situation
• details of the operational response
• analysis or interpretation of the significance of the briefing’s subject
• guidance on what to do, including actions to take and information to provide if contacted by external partners, such as local authorities or other stakeholders

Once a briefing note has been signed off by the appropriate ID the NRC is responsible for initiating the cascade process, other response centres or teams are responsible for the onward distribution as detailed in the briefing note.

Communication with partners

The response communications team engages with communications counterparts in other government departments and the NHS (and others) via the comms cell to plan and agree communication activities throughout an incident. Basic principles for joint working should be applied including identifying priorities, resources, capabilities, and battle rhythms. The comms cell lead decides on the level of engagement needed in conjunction with the ID and this includes communications with internal UKHSA staff, other government departments and international stakeholders amongst others. The communications cell as such will need to engage with the relevant other functions to achieve this, for example policy colleagues, IHR, Internal comms teams ad others. Communications outputs may include the development of joint materials, coordinated distribution, stakeholder cascades, stakeholder toolkits and publications. This will be agreed with the ID and will form a parallel process to complement operational coordination between officials.

National and regional communication coordination

Regional communications form part of the communications cell, with liaison back to all UKHSA regional comms teams. All regional comms activities and stakeholder engagement are driven by the regional team working closely with the cell lead, their regional deputy director (RDD), RRC and local stakeholders. The comms cell lead will be the liaison between regional communications and the IMT.

Research and scientific evaluation

Incident response activities must be underpinned by scientific evidence and where knowledge gaps exist, research and scientific evaluation activities are coordinated by the research support and governance office and evaluation and epidemiological science division to inform response and preparedness.

Business continuity incidents

As a Category 1 responder, UKHSA is required to put in place an effective business continuity management system (BCMS) that ensures that it can maintain continuity of service as well as responding to incidents. Any incident with the potential to impact the service UKHSA provides, should be managed within the same framework as a public health threat. Further details are provided in the UKHSA BCMS.

Multi-agency response

UKHSA has a duty to cooperate with other Category 1 responders and across the wider health sector. Figure 6 highlights the interrelations within the health sector from the local level up to national level.

Figure 6: Multi-agency relationship

Figure 6 shows the different organisations that cooperate with eachother. The ambulance serce, NHS provider oganisations, other relevant health related organisations and integrated care boards cooperate with the NHS strategic commander, who comes from the ICB or NHSE. These bodies also cooperate with the strategic coordinating group, but this co-operation is less formal. The NHS strategic commander co-operates with NHS Improvement, which collaborates with NHS England. NHS England collaborate loosely with UKHSA national and formally with COBR. COBR also collaborates with UKHSA national and is supported by DHSC.

UKHSA national supports DHSC. UKHSA national collaborates with UKHSA regional and, less formally, SAGE. UKHSA national is supported by a specialist response centre. The specialist response centre supports the science and technical advice cell (STAC). STAC also collaborates with the strategic co-ordinating group. The strategic co-ordinating group collaborates loosely with local authorities and police, fire and other Category 1 responders. The strategic co-ordinating group collaborates formally with the government liaison team, who in turn collaborate with the lead government department, which supports COBR. This is captured in a flow diagram format in Figure 6.

UKHSA’s remit (in emergency response) is described within the EPRR CONOP. When working with other government departments it is important to ensure that all parties are aware of UKHSA’s organisational remit within response to ensure efficiency in escalation and information routes, access to senior experts and effective decision making and this should be set out through the IMT when setting objectives

There is a direct recognition of the need for collaboration across the public health system, devolved public health administrations (DPHa), Crown Dependencies, local authorities and other system partners to ensure threats are effectively managed as part of an incident response but also as part of ongoing priority programmes.

STAC, SCG, SAGE

UKHSA may be required to provide advice and guidance as part of an ongoing multiagency response. This may be as part of the STAC or as part of a strategic co-ordinating group (SCG) at the local or regional level. Dependent on the scale of the emergency this may also be nationally into COBR and into SAGE. Further information can be found within the response centre interoperability framework.

In situations requiring an acute response and/or rapid decision making to support partner agencies or first responders, advice may be provided by the on-call or appointed officer outside of the IMT structure. This should be made alongside consultation with the SMA on-call. Further information can be found within the response centre interoperability framework.

Information management

An essential element of UKHSA response is to ensure that all records and data are captured and stored in a readily retrievable manner. A comprehensive record should be kept of all events, decisions, reasoning behind important decisions and actions taken so to support requirements for later business use and/or potential disclosure in any legal proceedings or other type of inquiry.

The incident manager should ensure that all the centrally produced documentation (such as logs of meetings) are kept in a central incident file, but other teams that are contributing will need to keep their records too. 

The main commitments in the records management policy are ensuring processes for effectively and securely managing records are in place, but also processes for proactively managing information through to its destruction. This is supported by the records retention and disposal schedule (RRDS).

Regardless of the nature or scale of incident, the ID is responsible for approval of all advice and documents relating to the incident, provided by any part of UKHSA.

Incident records

It is vital to ensure that all key decisions in incident response are formally recorded. These are captured within IMTs and SRGs via official written minutes and as part of incident logs. Outside of the IMT this may be via email to the incident inbox. Every response centre is responsible for ensuring the secure storage of all documentation including clinical records and patient Identifiable Information relating to the incident, in accordance with UKHSA information governance policy.

Information classifications

All UKHSA staff must be aware of information classification levels and protect information accordingly. The 3 information classification levels are show in Table 2. In recognition of this classification, UKHSA manage incidents using standard systems up to official sensitive.

Table 2. Information classification level

Classification level	Description
Official	Day to day business of public sector, routine activities and commercial or contractual information.
Official sensitive	Sensitive personal information, policy development or security information.
Secret	Highly sensitive information relating to defence, diplomacy or national security.
Top secret	The most sensitive information requiring the highest levels of protection from the most serious threats.

People management

Staff welfare

UKHSA must ensure welfare of its staff during incident response. The IDs and cell leads must maintain awareness of the potential for stress and or fatigue to impact upon individual performance and decision making. The people cell will lead on wellbeing and the forward look is an important opportunity to consider medium term demands on people of the incident.

There is provision by the employee assistance programme psychological support to all staff who want it. Managers should ensure that all staff are aware of this provision and are able to access it. The cccupational health team can provide support and advice in this area if required.

There are many staff across the organisation who are trained in mental health first aid who may be called upon if required.

Health and safety responsibilities

Incident response activity is not exempt from health and safety legislation and non-compliance can lead to staff or public harm, enforcement action including prohibition, prosecution, and consequent civil claims.

Health and safety, including wellbeing, of staff involved in incident response is not the sole responsibility of the ID or SRD. The ID’s responsibility must be in the context of UKHSA’s health and safety policy statement, which says that “health and safety is the responsibility of all staff and accountability rests with the Chief Executive”.

Response staffing

Security clearance

Each incident response has its own sensitivities regarding information exchange or attendance at meetings. UKHSA’s arrangements for managing the flow of information will follow the UK governments security classification policy. To fully adhere to this policy, UKHSA must ensure that staff responsible for incident response have either the appropriate level of security clearance or are able to work under the guidance of individuals with approved clearance status.

Shift working and resource coordination

Incident teams should deploy all available resource in the early phase of an incident, and some teams may need to be staffed continuously for an extended period. Responsibility for deciding on the scale of response, shift patterns and numbers of shifts, including maintaining capabilities overnight, rests with the ID in consultation with the coordinating response centre and people representative. In the event of an incident having a substantial impact on the UK, it may be necessary to continue operation of incident teams for several days, weeks or months.

A robust and flexible system will need to be established to effectively manage an incident through each phase. This will require managers across UKHSA releasing staff, in accordance with their business continuity management processes (BCMPs) (to maintain their essential services), to fulfil incident response roles as required.

Mutual aid

Mutual aid may be required as part of a standard, enhanced or severe incident. Every member of staff within UKHSA is expected to support incident response if required. Mutual aid is requested via the Response Centre or an established People Cell (if available) who will engage across the organisation, supported by the SRD to identify resource. Legal and human resources (HR) representation may also form part of the people cell to engage with short term contractual amendments or rapid recruitment of trained individuals from across His Majesty’s Government (HMG) arrangements. All staff within the organisation are required to have a basic level of understanding within EPRR and regular training within incident response supporting roles.

Financial administration

UKHSA’s response to routine or standard public health incidents is normally considered within the organisation’s BAU remit, therefore costs (including overtime) are incurred against the BAU budget of each responding UKHSA division.​ In extenuating circumstances and subject to approval by the Director of EPRR, costs may be incurred against a standard incident up to a value of £20,000. These costs, and any costs against enhanced and severe incidents are considered ‘incremental costs of incident response’. There is no designated UKHSA budget for this activity and such incremental costs relate only to activity that has been agreed as essential to the response and that would not otherwise have been incurred.

It is the responsibility of the NRC to request a cost code is set up to capture incident costs for standard, enhanced and severe incidents.

Agreement of incremental costs is via an appointed task manager usually the ID who is assigned approval rights when the cost code is set up. Should work associated with the new/re- emergence of a threat be required that is not directly attributable to response, this may necessitate replanning or reprioritisation against BAU budgets.

Incremental costs of incident response are captured in order to inform incident management decision makers, to support rationalisation of corporate financial reporting to DHSC and to facilitate BAU budget monitoring for each UKHSA area. The UKHSA enhanced incident accounting guidance details the mechanisms by which different elements and levels of expenditure are authorised and allocated to the appropriate cost centres.

All regular UKHSA policies, for example, those relating to the procurement of goods and services, overtime claims, establishment or extension of posts and recruitment activity, must be adhered to during incident response. The appropriate incident cost code must be cited on any required submissions and EPRR Business Operations contacted to coordinate approval from EPRR Director and finance or HR business partners.

On de-escalation of an Enhanced incident, cost capture codes are closed. Exceptionally, and with agreement from EPRR Director, the cost code may remain open for a defined period to capture pending costs or to allow for ongoing activities to be incorporated into BAU.

People, pay and expenses

During an incident, it may be necessary to reallocate and redeploy employees with minimal notice. This may include asking employees to undertake duties outside their normal area of responsibility. This should be managed with people group who can provide further guidance on contractual terms and conditions. Costs associated with reallocation or redeployment should be captured as incremental incident costs.

Where the pace of an incident requires staff to work outside of contracted hours then overtime may be accrued as per the UKHSA enhanced incident pay policy. Note that in exceptional circumstances overtime may be enabled outside of these conditions subject to approval by CEX.

Recovery

The recovery phase should begin at the earliest opportunity following the onset of the response phase. See further guidance on recovery.

The state to be recovered should be planned for from the start of the incident and form part of the Action Plan and associated objectives for the response. Objectives should be reviewed as part of an ongoing response, with progress updated on a consistent basis. The review of progress against objectives gives the response mechanism the authority to, and provides evidence for, a proposal to de-escalate a response level by demonstrating that key objectives have been met. This places emphasis on the importance of setting and tracking objectives in a timely way.

Standing down

The incident stand down process commences following a response mechanism recommendation for de-escalation, as evidenced in the progress against the response objectives, and once approval has been provided for the response to move to a BAU arrangements, or where the incident structure is no longer required. The objective review evidence and recommendation to de-escalate must be reviewed and agreed by the appropriate senior approver.

In situations where an element of residual public health risks remains but the IMT is satisfied that the incident objectives have been met, a decision is made on the need to maintain the incident management structure to complete any outstanding tasks or actions. It may be more appropriate to use BAU or routine arrangements. Consideration should be made of the impact of transferring activity back to BAU and discussion held if necessary, as to the mechanism by which the business can continue follow-up or recovery work.

On agreement that an incident has been de-escalated the response centre will commence the stand down procedures.

Debriefing and lessons identified

Debriefs must be carried out following the response to any incident or exercise, for all response levels in accordance with the EPRR Preparedness Plan. Debriefs can be held face to face or virtually as required. UKHSA will also participate in cross-government structured debriefs as appropriate.

The purpose of debriefing in this context is to identify issues that need to be addressed, and to identify and assign lessons to improve future response.

For long running incidents it is useful to implement a periodic debriefing approach via an in-action review. This allows for the IMT to rapidly identify and possibly rectify any issues or lessons over the course of the incident as opposed to waiting for the recover or stand down phase.

Debriefs can be undertaken dependent on when they are carried out after an incident, as determined by the response centre in consultation with the ID. Formats include:

• a hot debrief (incident-wide or cell level) – immediately after the incident or period of duty, within 48 hours
• structured, organisational or cell debrief – within 2 weeks post incident
• multi-agency debrief – within 4 weeks of the close of the incident
• post incident reports – within 6 weeks of the close of the incident

Lessons identified process

The response centre activates and oversees the lessons identified process for an incident. Whilst the incident is active any lessons identified from response day-to-day activities are recorded on the lessons tracker and are reviewed at regular intervals by the ID. During an incident, the response centre may undertake an intra action review (IAR) to review the actions being taken to respond to an incident identifying best practice and areas for improvement. At the recovery phase of the incident the response centre undertakes a structured debrief where recommendations are synthesised.

All synthesised recommendations from incidents are then submitted to the EPRR Continuous Improvement Group (a subgroup of EPRR Delivery Group). The EPRR Continuous Improvement Group assigns and actions these recommendations arising from incident debriefs as well as recommendations from simulation exercises, audit, research, and isomorphic learning to agreed timeframes.

Relevant lessons from previous incident responses are provided to the ID by the response centre for review at the start of an incident and help inform the approach to ensure notable practises are taken forward.

Continuous improvement

The EPRR Continuous Improvement Plan describes UKHSA’s systematic approach to learning from experience, to prepare its people, its plans, and its infrastructure to be ready to respond to all threats and hazards. This plan describes how the Agency prepares for, responds to, and recovers from incidents and for its cross-system responsibilities as detailed in UKHSA’s annual priorities letter. It is applicable to all groups and directorates who deliver or support the Agency’s preparedness or response functions and is a key component in ensuring UKHSA’s continued compliance with its Civil Contingencies Act 2004 duties as a Category 1 responder.

Supporting information

Governance

Governance within UKHSA’s incident arrangements is assured via the following.

Leadership and coordination

Clear lines of escalation and reporting, coordinated by the NRC/RRC. Each of the leadership roles in an incident is supported by action cards that clarify responsibilities and accountabilities during a response. Incident management within UKHSA is further assured through management and executive committees who remain informed of incident status or business as usual workstream progress.

Decision-making processes

Decisions are identified and recorded within formal settings or communications and at the most appropriate level in line with the Joint Emergency Service Interoperability Programme (JESIP) joint decision model. Approval of any decisions should be made at the lowest possible to reflect the need for subsidiarity in response.

Multi-agency collaboration

The role and remit of UKHSA within the health sector and between other Category 1 responders is clearly defined within the UKHSA EPRR CONOPS with multi-agency collaboration achieved in line with the JESIP principles, promoting the sharing of communications, joint situational awareness, sharing of situational reports, attendance at IMTs/SRGs, joint debriefing and via the sharing of lessons identified.

Information management

Effective governance relies on timely and accurate information. Established alerting and assessment routes within the incident response structure and for BAU routes ensure that information is escalated rapidly to those that require it. Centralised coordination via a response centre provides a standardised approach to the management and storage of all incident related records. Information classification promotes the use of appropriate information sharing between parties.

Plan maintenance procedures

The maintenance of this document is the responsibility of the director of the EPRR via the NRC. The plan should be reviewed on an annual basis and revised if a new risk assessment indicates that the plan is out of date, or a new risk is identified. Lessons identified, organisational change and changes in key personnel should also be considered to the requirement to revise UKHSA Incident Response Plan.

Further details are provided in the EPRR Assurance Plan.

Assurance, verification, and validation

Within the regulations of the CCA 2004 every plan maintained by a Category 1 responder under section 2(1) (c) or (d) of the regulations must include provision for:

• the carrying out of exercises for ensuring that the plan is effective
• the provision of training of an appropriate number of suitable staff and such other persons considered appropriate, for the purposes of ensuring that the plan is effective

Details on how these requirements are met are set out in the EPRR Assurance Plan.

Training, exercising and testing programme

The exercising of this plan supports verification, training, and validation procedures, ensuring that the plan is effective. Training, as distinct from exercising, builds confidence in the procedures to be carried out successfully. It is particularly important that participants in training understand the objectives of the plan and operational response roles.

The IRP will be exercised through simulation or live response on an annual cycle and those with an identified role trained on a regular basis. Further details on Training and Exercising are provided in the EPRR Training and Exercising Plan.

Plan assurance

An annual assessment of the organisation’s EPRR capability will be carried out through audit against UKHSA EPRR core standards. This will be co-ordinated by the director of the EPRR and in line with the UKHSA EPRR Assurance Plan.