Date published: 15 July, 2024
Date last updated: 15 July, 2024
Emergency Preparedness, Resilience and Response

Emergency preparedness, resilience and response (EPRR) annual assurance process for 2024/25

Classification: Official
Publication reference: PRN01335

To:

  • Integrated care boards:
    • accountable emergency officers
    • EPRR leads
  • Trusts:
    • accountable emergency officers
    • EPRR leads
    • NHS England regions:
    • regional directors
    • regional chief operating officers
    • regional deputy directors of EPRR
  • Local health resilience partnership co-chairs

Dear colleagues,

Emergency preparedness, resilience and response (EPRR) annual assurance process for 2024/25

During 2023/24, the NHS managed a year of disruptive incidents and events that threatened our ability to deliver core services to our populations. Once again the NHS rose to these challenges, and for that I thank you. The hard work and dedication of EPRR staff, accountable emergency officers (AEOs) and colleagues across the NHS has been vital to ensuring that services have remained resilient, patients and the public have received the care and information they needed, and staff were supported to work through challenging circumstances.

As always, it is critical that we learn from each incident so that we can improve our response arrangements, and that we annually benchmark our work against a common set of standards. I am therefore asking you to undertake the EPRR annual assurance process set out below before Friday 27 December 2024.

2024/25 EPRR annual assurance process

This year’s process will remain largely unchanged from 2023/24. The process must promote inclusive, open and transparent dialogue; be supportive and encouraging; and enable the sharing of good practice and continual improvement. The following familiar actions are required as part of this year’s assurance process:

  • All NHS funded organisations should undertake a self-assessment against the organisation-relevant NHS core standards for EPRR (attached). The compliance level for each standard is defined as:
    • Fully compliant: fully compliant with the core standard.
    • Partially compliant: not compliant with the core standard. The organisation’s EPRR work programme demonstrates evidence of progress and an action plan is in place to achieve full compliance within the next 12 months.
    • Non-compliant: not compliant with the core standard. Compliance will not be reached within the next 12 months.
  • All NHS funded organisations should generate an overall EPRR assurance rating using the following:
    • Fully: the organisation is fully compliant against 100% of the relevant NHS EPRR core standards
    • Substantial: the organisation is fully compliant against 89-99% of the relevant NHS EPRR core standards
    • Partial: the organisation is fully compliant against 77-88% of the relevant NHS EPRR core standards
    • Non-compliant: the organisation is fully compliant up to 76% of the relevant NHS EPRR core standards
  • The outcome should then be presented and discussed at a public board meeting prior to submission and published in the annual report within the organisation’s own regulatory reporting requirements. For organisations which do not hold public boards, the outcome should be reported as part of a public statement of readiness and preparedness activities and published in the relevant annual report.
  • Integrated care boards (ICBs) are to work with their commissioned organisations and local health resilience partnership (LHRP) partners to agree the process in which commissioners and LHRP partners gain confidence with each organisation’s overall EPRR assurance rating.
  • NHS England regional deputy directors of EPRR and their teams will work with ICBs to agree a process to obtain the organisation EPRR assurance ratings for all commissioners and providers from within their geography.
  • NHS regional chief operating officers will submit the assurance ratings for each organisation in their region and a description of their regional process before Friday 27 December 2024.

2024/25 deep dive

Each year, alongside the annual assurance process, a ‘deep dive’ is conducted to gain valuable additional insight into a specific area. Following recent incidents and common health risks raised as part of last year’s annual assurance process, the 2024/25 EPRR annual deep dive will focus on responses to cyber security and IT related incidents.

The deep dive questions are applicable to those organisations indicated within the EPRR self-assessment tool.

Please note that compliance ratings against individual deep dive questions do not contribute to the overall organisational EPRR assurance rating.

The outcome of the deep dive will be used to identify areas of good practice and further development and as in previous years it is expected that organisations will use their self-assessment to guide the development of local arrangements.

Future EPRR assurance

We are currently reviewing the EPRR assurance process to ensure that it continues to develop and support continual improvement. The NHS core standards for EPRR will continue to be reviewed and updated every 3 years. To give reassurance, each new updated set of standards will be published no less than 12 months ahead of them being used for assurance purposes.

The reviewed process will see changes from 2025/26 which will include:

  • ensuring ICBs are empowered and supported to take the lead with regards to local delivery of the EPRR agenda (in line with the NHS England operating framework, seeking further opportunities to embed new ways of working in all our activities)
    • this includes ICBs being responsible for gaining the NHS EPRR assurance compliance rating from their providers of NHS funded care, under the terms of the NHS Standard Contract
  • NHS England developing its relationship with related regulatory bodies to share and secure a common understanding regarding assurance outcomes, ensuring that compliance is achieved through a single mechanism
    • these organisations include the Care Quality Commission and the Health and Safety Executive
  • identifying any unconditional compliance requirements of the NHS core standards for EPRR
  • NHS England annually self-assessing its EPRR compliance as a single organisation, including all relevant departments and regions
  • evaluating options for a digital solution to facilitate delivery of the overall assurance process

I will write to you in more detail to outline our intentions regarding the delivery and supporting activities and ensure your engagement in this work.

If you have any queries about this year’s EPRR assurance process, please contact your ICB EPRR leads or regional deputy director of EPRR.

Once again, I sincerely thank you for your continued commitment to NHS preparedness and response, to maintain or enhance services for our communities.

Yours sincerely,

Stephen Groves

Director of NHS Resilience (National)
NHS England

Date published: 15 July, 2024
Date last updated: 15 July, 2024