Purpose
Bubble Fresh (Bubblefresh Limited, company number 12691029) is a specialist cleaning and clearance company based in Rushden, Northamptonshire. We work with vulnerable adults and council partners across Northamptonshire, Milton Keynes, Bedford, and Norfolk. Many of the people we serve rely on us during critical situations, and our council partners depend on our availability around the clock. This policy sets out how we maintain service delivery during disruptions, how we recover quickly, and how we protect the people who depend on us. The Director, Lance James, has overall responsibility for business continuity and for keeping this policy up to date.
Scope
This policy applies to all Bubble Fresh employees, including the Director, team leaders, and cleaning staff. It covers all services we deliver, including emergency referrals, council contract work, and direct client bookings. It applies during any event that disrupts or threatens to disrupt our normal operations, whether affecting a single job or the whole business. This includes disruptions caused by staff absence, equipment failure, IT incidents, severe weather, supply chain problems, premises loss, or any other event that could prevent us from delivering services safely and on time.
Key risks
We have identified the following key risks to business continuity: loss of key personnel through illness, injury, or sudden unavailability; vehicle breakdown or loss; equipment failure; severe weather or flooding; pandemic or infectious disease outbreak affecting staffing capacity; loss of IT systems or data; cyber attack, including ransomware; supply chain disruption affecting cleaning products, Personal Protective Equipment (PPE), or waste disposal services; loss of premises or storage facilities; and failure of a key supplier or subcontractor. We review our risk assessment at least once a year and after any significant disruption. Each risk has a named owner, a likelihood and impact rating, and documented mitigations. For cyber attacks, our response follows the incident management procedures in our Information Security Policy, including containment, data breach notification, and recovery from backups.
Recovery targets
Our target Recovery Time Objective (RTO) for critical council services is 24 hours. Critical services are those involving emergency referrals, safeguarding-related work, and jobs where delay would pose a risk to the health or safety of a vulnerable person, for example emergency deep cleans following biohazard incidents. For non-critical services, such as scheduled routine cleans, our target RTO is 72 hours. Our Recovery Point Objective (RPO) for digital data is 24 hours, meaning we accept no more than 24 hours of data loss, achieved through daily backups. We prioritise restoring services to the most urgent and vulnerable clients first. We test these targets through our annual scenario exercises to make sure they are realistic and achievable.
Key-person dependency and succession planning
We acknowledge that as a small company, key responsibilities are concentrated in a small number of people. To reduce this risk, the Deputy Designated Safeguarding Lead (DSL), who is the senior team leader on duty, is trained to assume safeguarding responsibilities if the Director is unavailable. Operational procedures, contact lists, council partnership details, and supplier agreements are documented and accessible to authorised staff through our secure systems. If the Director is unavailable for an extended period, the senior team leader assumes day-to-day operational management and communicates directly with council partners. Beyond immediate cover, our succession arrangements include: written procedures for all critical business functions so that another authorised person can carry them out; named deputies for safeguarding, council liaison, and financial approvals; cross-training of team leaders so that no single person is the only one who can perform an essential task; secure storage of essential credentials, access details, and legal documents so they are available to authorised staff in an emergency; and contact details for our external professional advisors, including our accountant and solicitor, so that authorised staff can seek professional guidance during a prolonged absence of the Director. In the event that the Director is permanently unable to fulfil their role, the senior team leader will manage operations while the company arranges a permanent replacement, with support from our external professional advisors. We review our succession arrangements annually as part of our business continuity testing.
Insurance and financial resilience
We maintain insurance cover appropriate to our business and the services we deliver. Our current insurance includes Public Liability Insurance of not less than five million pounds, Employer's Liability Insurance of not less than ten million pounds, motor fleet insurance covering all company vehicles, and professional indemnity cover. We review our insurance cover annually and whenever we take on new services or council contracts to make sure it remains adequate. We keep copies of all insurance certificates and can provide them to council partners on request. To protect our financial resilience during disruption, we maintain a cash reserve sufficient to cover at least three months of core operating costs, including staff wages, vehicle costs, and essential supplies. We do not rely on a single source of income, and our contracts with multiple council partners provide a spread of revenue. If a disruption causes significant financial pressure, we will prioritise spending on staff wages and the delivery of critical services to vulnerable clients. We notify our insurers promptly of any incident that may give rise to a claim.
Data backup and IT resilience
We back up all critical business data, including client records, council contact details, job records, financial information, and operational procedures, at least once every 24 hours. Backups are stored securely in a separate location from our primary systems, using encrypted cloud storage hosted in the United Kingdom. We test backup restoration at least twice a year to make sure we can recover data within our 24-hour Recovery Point Objective. Our backup arrangements cover all systems that hold personal data or are needed to deliver services, including our scheduling and job management systems, client and council contact databases, financial and payroll records, and email and communications systems. In the event of a complete IT failure, we can access backed-up data from any device with an internet connection, allowing staff to work remotely if our primary systems or premises are unavailable. For full details of our approach to information security, see our Information Security Policy. For our approach to personal data protection, see our Privacy Policy.
Remote working capability
If our usual premises or systems become unavailable, key staff can continue essential operations remotely. Our cloud-based systems allow authorised staff to access job schedules, client records, and council contact details from any secure device with an internet connection. Team leaders can coordinate jobs and communicate with staff by phone and messaging. The Director can manage council communications, financial approvals, and safeguarding decisions remotely. Our main telephone number (01933 213045) can be diverted to a mobile phone so that our 24/7 availability is maintained even if our premises are inaccessible. We make sure that all remote access is protected by strong passwords and multi-factor authentication, in line with our Information Security Policy. Remote working does not change our obligations around data protection, confidentiality, or safeguarding. Staff working remotely must follow the same policies and procedures as they would in our normal workplace.
Supplier failure contingency
We depend on a number of suppliers for cleaning products, PPE, waste disposal, and vehicle maintenance. To reduce the risk of disruption from a supplier failure, we identify at least one alternative supplier for every essential product and service. We keep a minimum stock of essential cleaning products and PPE sufficient for at least two weeks of normal operations. We do not rely on a single waste carrier and maintain relationships with more than one licensed waste disposal provider. For vehicle maintenance, we have arrangements with more than one garage. If a key supplier fails, our priority is to switch to an alternative supplier as quickly as possible while maintaining service quality and compliance. We review our supplier arrangements annually as part of our business continuity planning.
Mutual aid arrangements
As a specialist provider, we recognise that certain disruptions could exceed our own capacity to respond. Where appropriate, we maintain informal mutual aid arrangements with other reputable cleaning and clearance providers who meet our standards for insurance, DBS checks, and safeguarding training. These arrangements allow us to call on additional support during large-scale disruptions, such as when a pandemic or severe weather affects a significant proportion of our workforce. Any provider we call on for mutual aid must meet the same vetting standards set out in our Subcontractor Policy, including enhanced DBS checks and appropriate insurance. We would inform the relevant council partner before deploying any external support on their contract work and would obtain their approval where required by our contractual terms.
Council contract obligations during disruption
We take our obligations to council partners seriously, including during periods of disruption. Our current council partnerships include Northamptonshire Council, Milton Keynes Council, Norfolk County Council, and Norwich City Council. Each council contract sets out specific requirements for service levels, response times, reporting, and communication. During a disruption, we will notify each affected council partner as soon as we become aware that our service may be affected. We will provide an honest assessment of the impact and our expected recovery time. We will agree with the council how to prioritise cases, focusing on the most urgent and vulnerable clients first. We will keep the council updated on progress at agreed intervals until normal service is restored. We will meet all contractual reporting requirements, including any requirement to provide a formal incident report after the disruption. Where a disruption affects our ability to meet a contractual deadline or service level, we will communicate this to the council in advance and work with them to agree interim arrangements. We document all communications with council partners during a disruption and retain these records for audit purposes.
Continuity measures
We maintain sufficient trained staff to cover absences and increased demand. We cross-train employees across different roles so that no single absence can prevent us from delivering a service. We maintain vehicles and equipment regularly to reduce the risk of failure, and we hold breakdown cover on all company vehicles. We maintain our 24/7 availability commitment during disruptions through flexible staffing arrangements and on-call rotas. We keep essential supplies in stock and have alternative suppliers identified for all critical products. We store a printed copy of our emergency contact list, including council partner details, in a secure location accessible to authorised staff in case digital systems are unavailable. Our pandemic preparedness measures include maintaining a stock of PPE for infection control, the ability to adjust working patterns to reduce close contact, and the remote working capability described in this policy.
Activation and escalation
Any employee who becomes aware of an event that could disrupt our services must report it immediately to their team leader or the Director. The Director decides whether to activate our business continuity arrangements. If the Director is unavailable, the senior team leader on duty makes this decision. We activate our business continuity arrangements when a disruption is expected to affect service delivery for more than four hours, when a disruption affects an emergency or safeguarding-related service regardless of expected duration, or when a disruption affects our ability to meet council contract obligations. Once activated, the Director or senior team leader takes charge of the response, assigns roles to staff, and begins communication with affected parties. We stand down our business continuity arrangements only when normal service has been confirmed with all affected council partners and clients.
Communication during disruption
In the event of a disruption, we will notify affected clients and council partners as soon as possible, and no later than four hours after we become aware of a disruption to critical services. We will assign a clear point of contact to manage communications and coordinate the response. Clients and council partners can contact us on 01933 213045 at any time during a disruption. We will provide regular updates until we restore normal service. Our communication plan covers who needs to be told (clients, council partners, staff, suppliers, and regulators where relevant), how we will contact them (phone, email, and in writing where required by contract), how often we will provide updates, and who is responsible for each communication. We keep a log of all communications during a disruption for review afterwards.
Recovery and restoring normal service
Our priority in any disruption is to restore services to the most urgent and vulnerable clients first. We will work with council partners to prioritise cases and deploy resources accordingly. Our recovery process follows a clear order: first, we restore emergency and safeguarding-related services; second, we resume time-sensitive council contract work; third, we reschedule any routine or non-urgent bookings that were delayed. As we restore services, we will confirm with each council partner that we have returned to normal service levels. We will check that no client has been left without support during the disruption and will follow up on any delayed or rescheduled work as quickly as possible. Where a disruption has lasted more than 24 hours, the Director will carry out a welfare check with any vulnerable client whose service was delayed to make sure they are safe and their needs have been met.
Post-incident review
After any significant disruption, we carry out a formal post-incident review. The review is led by the Director and includes input from staff who were involved in the response. The review covers what happened and what caused the disruption, how quickly we identified the problem and started our response, whether our recovery targets were met, what worked well in our response, what did not work well or could be improved, whether our communication with clients, council partners, and staff was timely and clear, and any changes needed to this policy, our risk assessment, or our procedures. We document the findings of each post-incident review and share a summary with affected council partners where appropriate. We track any actions arising from the review and make sure they are completed. The results of post-incident reviews feed directly into our annual business continuity testing and policy review.
Testing and exercising
We test our business continuity arrangements at least once a year through scenario exercises. These exercises test different types of disruption, such as loss of a key person, IT failure, or a vehicle breakdown affecting multiple jobs. We involve staff at all levels in the exercises so that everyone understands their role during a disruption. We use the results to update and improve our plans. We record the date, scenario, participants, findings, and actions from each exercise. We share the results with council partners where our contractual obligations require it.
Data protection during disruption
During any disruption, we continue to meet our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, including the security of personal data and notification of any data breaches to the Information Commissioner's Office where required. Staff must follow the same data protection procedures during a disruption as they would during normal operations, including when working remotely or using alternative systems. If a disruption causes or reveals a personal data breach, we will follow the breach notification procedures in our Privacy Policy and Information Security Policy.
Staff training
All employees receive an overview of our business continuity arrangements during induction, including who to contact in an emergency, how disruptions are reported, and what their role is during a disruption. We provide refresher training annually and after any significant changes to this policy or our procedures. Team leaders receive additional training on activating the business continuity plan, communicating with council partners, and coordinating the response. Training on business continuity forms part of each employee's minimum 20 hours of annual training, as set out in our Training and Development Policy.
Related policies
This policy should be read alongside our Information Security Policy, Privacy Policy, Health and Safety Policy, Safeguarding Policy, Subcontractor Policy, Risk Assessment Policy, Incident Reporting Policy, and Training and Development Policy. Together, these policies set out how we manage risks to our operations, our staff, and the people we serve.
Changes to this policy
We may update this policy from time to time to reflect changes in our operations, new risks, lessons learned from disruptions, or changes in best practice. Where we make material changes, such as changes to our recovery targets, succession arrangements, or council notification procedures, we will notify our council partners and make sure all staff are briefed before the changes take effect.
Contact us
If you have any questions about our business continuity arrangements or need to report a disruption, contact us on 01933 213045 at any time, or by post at Bubblefresh Limited, 6 Carnegie Street, Rushden, Northamptonshire, NN10 9SN. If you are deaf, hard of hearing, or have a speech impairment, you can call us through Relay UK by dialling 18001 then 01933 213045.
Review
The Director, Lance James, reviews this policy annually and following any significant disruption to our operations. We also review it after each business continuity exercise and after any post-incident review that identifies changes needed. Last reviewed: February 2026. Next review due: February 2027.
© 2026 Bubble Fresh. This policy is protected by copyright (Copyright, Designs and Patents Act 1988) and may not be copied, reproduced, or redistributed without our written permission. See our Terms of Use.