Business Continuity and Risk Management Policy

Version: 2.0
Approved by: Board of Directors
Effective Date: 27 August 2025
Last Reviewed: 27 August 2025
Next Review Due: 27 August 2026

1. Policy Statement

Tidal Global Ltd (“Tidal”) is committed to maintaining the continuity of its operations, protecting its people, and ensuring the resilience of its services in the face of disruption.

As a trauma-informed training provider operating nationally and internationally, our services support clients across sectors who rely on our availability, consistency, and care-led approach. This policy outlines Tidal’s strategic and operational approach to business continuity and risk management, ensuring we remain responsive, prepared, and compliant with our legal and contractual obligations.

We aim to proactively identify, manage, and recover from risks and disruptions — minimising impact on learners, staff, partners, and stakeholders while safeguarding the long-term sustainability of the organisation.

2. Scope

This policy applies to all Tidal Global Ltd employees, contractors, associates, and delivery partners. It covers all operational locations (physical and virtual), systems, platforms, and services used to deliver training, provide learner support, and manage internal operations.

It is relevant across all delivery formats: in-person, online, hybrid, and asynchronous learning environments.

3. Objectives

This policy is designed to:

Identify and assess strategic, operational, and environmental risks to service delivery

Set out clear plans and procedures to mitigate, manage, and recover from disruptions

Ensure continuity of critical functions including safeguarding, digital delivery, and learner communication

Protect the health, wellbeing, and safety of staff, learners, and customers

Ensure compliance with all applicable legal, regulatory, and contractual obligations, including awarding body requirements

4. Risk Identification and Assessment

Tidal conducts regular risk assessments, feeding into a central Risk Register maintained and reviewed by the Senior Leadership Team on at least a quarterly basis.

Key categories of risk include:

Cybersecurity incidents or major IT failure

Unplanned absence of key personnel or leadership

Natural disaster or severe weather event

Fire, flood, or damage to premises

Public health emergencies or pandemic resurgence

Failure or withdrawal of key suppliers/partners

Legislative, regulatory, or funding disruption

Each risk is evaluated based on likelihood and impact, with controls and response strategies recorded in associated Business Continuity Plans (BCPs).

5. Business Continuity Planning

For each high-risk scenario, a Business Continuity Plan (BCP) is in place. These plans set out:

Immediate actions to protect individuals, data, and critical systems

Internal and external communication protocols

Recovery pathways and service resumption timelines

Assigned roles and responsibilities during an incident

Escalation processes and decision-making routes

All BCPs are reviewed annually, or following any relevant incident, operational change, or emerging risk.

6. Roles and Responsibilities

CEO: Holds overall accountability for business continuity strategy and risk management
Managing Director: Oversees the development, testing, and review of continuity plans, departmental preparedness and alignment with central policy
All Staff & Contractors: Expected to understand relevant procedures, report disruptions, and support incident response
Designated BCP Roles: Specific staff may be assigned roles such as comms lead, safeguarding continuity, or data recovery

Training and simulation exercises will be delivered as required to maintain readiness.

7. Digital Resilience and Data Protection

Tidal’s core systems are secured through:

Regular data backups and encrypted storage

Use of secure, cloud-hosted platforms

Role-based access controls and multi-factor authentication

Regular penetration testing and IT audits

Offline contingency protocols for essential training delivery

These systems align with our internal Data Protection & GDPR Policy and Disaster Recovery Plan.

8. Communication During Disruption

Timely and transparent communication is critical in any business disruption. Tidal will:

Appoint a senior staff lead to manage and coordinate communications

Notify staff, learners, clients, and awarding bodies as appropriate

Use agreed channels (email, SMS, platform announcements, website updates)

Ensure tone and content reflect Tidal’s trauma-informed approach: calm, inclusive, and clear

Keep records of all incident communications for review and regulatory purposes

9. Recovery and Continuous Improvement

Following any disruption, a structured post-incident review will take place. This includes:

Evaluation of what worked well and areas for improvement

Updates to continuity plans and internal processes

Reporting of significant incidents to relevant stakeholders or regulators

Logging outcomes in the Risk Register and Business Continuity Log

Appendix A: Emergency Contact Schedule

CEO: Caroline Strawson [Contact Details]
Managing Director: Helen Mccue [Contact Details]
IT Support/Comms Lead: Tony Holloway [Contact Details]

Appendix B: Client Notification Template

Subject: Service Update – [Brief Description of Disruption]

Dear [Client Name],

We wanted to inform you that due to [describe issue], there may be a short-term impact on [service area]. We are actively managing the situation and will provide regular updates.

Thank you for your understanding and continued partnership.

Best regards,
The Tidal Global Team

Appendix C: Risk Register Snapshot

Example Entry:

Risk: Internet outage impacting remote delivery

Likelihood: Medium

Impact: High

Controls: Backup 4G routers; pre-scheduled contingency materials

Owner: Managing Director

Appendix D: Business Continuity Roles Matrix

CEO: Strategic decisions, regulatory notifications
Managing Director/Comms Lead: Incident coordination, external comms, adjustments to training schedules, system recovery, cyber response, learner protection and wellbeing continuity