This policy applies to all employees and contractors of Commit Works. This policy encompasses the management of incidents and critical incidents from a human, hazard identification, and risk management perspective. It details the arrangements that apply to critical incident management in the context of the Commit Works’ Risk Management Framework.
This document is effective from 07/08/17.
Purpose
The policy provides the guidance for Commit Works to plan for, respond to and manage incidents and critical incidents ensuring the Commit Works meets its duty of care obligations in providing the highest possible standard of health and safety and upholds its legislative obligations in relation to its employees and contractors to ensure people are safe, and that Commit Works’ reputation is maintained.
Scope
This policy applies to employees and contractors – in the Commit Works workplace or while they are participating in Commit Works-related activities – locally within Australia and overseas.
Nothing in this policy overrides the Code of Conduct for All Employee Policy.
Exclusions
This policy does not apply to minor injuries or accidents that affect an individual or isolated area(s) and do not pose any additional threat or risk to employees and contractors, property or affect the Commit Works’ operations and/or reputation. These minor incidents will be managed by activating Commit Works Accident and Incident Reporting, and Corrective Action processes.
Criterion for Activation of Critical Incident Management Procedures
Commit Works will immediately notify the Incident Lead and Incident Response Group members when a situation is a potential Incident or Critical Incident.
The Incident Lead will select members of the Incident Response Group which includes employees of the Commit Works who will provide the right expertise to resolve the incident and apply learnings to reduce the risk of the incident from reoccurring.
Critical Incident Management Program Framework
Definition of Critical Incident Management
Incident
A moderate incident that has a localised impact on employees, contractors, Commit Works and the public and may entail some property damage. The incident has largely been contained and is unlikely to escalate in severity but still, requires response and management by Commit Works personnel. It can usually be handled using normal operating procedures.
Critical Incident
A major incident or series of events that have the potential to severely damage Commit Works’ people, operations, environment, its long-term prospects and/or its reputation. It requires a significant response and ongoing management.
Incident Categories
Due to the broad definition of what comprises a critical incident, Commit Works is committed to applying the International Coding of Incidents to increase its preparedness and the effectiveness of Commit Works’ response and management of incidents. The Incident Lead will manage an Incident.
Colour |
Type of incident |
Example |
Yellow |
Internal incident |
|
Red |
Fire/Smoke |
|
Purple |
Bomb threat |
|
Blue |
Medical Emergency/Threat |
|
Black |
Personal Threat |
|
Green |
Sexual Assault/Harassment |
|
Orange |
Evacuation |
|
Brown |
External |
|
Critical Incident Management Team
Incident Response Group
Selection of employees and alternates on the Incident Response Group will be made by the Chief Operating Executive, with the key objective of membership being to include experienced employee from all major operational areas of Commit Works.
Depending on the location and nature of the incident, the following employees will assume the role of Incident Leads:
Incident Type / Location |
Incident Lead |
In office incident (within Australia) |
HR |
All Sexual Assault and Sexual Harassment incident |
HR |
Out of office events/activities (within Australia) |
HR |
International incident |
International Team Leader |
Reputation Only incident (non-physical incidents) |
CEO |
Information Technology Only incident (network, information security, software) |
CTO |
Critical Incident Response Group
The CEO will declare a critical incident if it has the potential to significantly affect Commit Works’ people, operations, environment or its long-term prospects and/or reputation.
The CEO will assume the role of Critical Incident Lead and activate the Critical Incident Response Group (CIRG) that will include employees of the Commit Works who can provide their expertise and additional resources and support to the Incident Response Group in managing the critical incident.
The CIRG will oversee Critical Incident and recovery processes in conjunction with the Incident Lead of the Incident Response Group.
Communication
All communication concerning an incident or a critical incident will be coordinated by the CEO, in consultation with the Incident Lead and/or Critical Incident Lead.
Accountabilities and Responsibilities
The CEO, as the Responsible Officer for the policy, is responsible for the establishment, operation and review, including scheduling and coordinating scenario testing (at least annually) of the Critical Incident Management Policy and Procedures.
The CEO will raise awareness about the Critical Incident Management Policy and Procedures. Commit Works is also committed to ensuring that all employees and contractors comply with the requirements of the policy and its related procedures.
Predefined members of the IRG and CIRG will be trained for their roles and responsibilities within the Critical Incident Management Policy and Procedures. It is their responsibility to ensure employees within their business units are aware of their responsibilities to deliver the policy and related procedures.
Managers who support the business continuity and recovery processes are required to familiarise themselves with the policy and procedures.
Implementation the Critical Incident Management Framework
Threat Identification and Mitigation strategies
Overview
Commit Works will identify strategies to facilitate the protection of people and assets, and recovery of Critical Business Functions within agreed timeframes. This includes strategies to mitigate the impacts of an event, including:
- Protecting Commit Works property and infrastructure.
- Stabilising the situation.
- Continuing, resuming and recovering Critical Business Functions.
Strategies will examine:
- Response and recovery team structures and critical roles. This includes activation, escalation and communication procedures.
- Incident management procedures. This includes strategies relating to how an event is detected, assessed, monitored, recorded and communicated.
- Response action plans.
- Redundancy options for physical sites, operational infrastructure and technology.
Methodology
Strategies will leverage off the response and recovery priorities based on the Threat Assessment process in a process to mitigate risk will be applied when selecting strategy options. This includes:
- Reducing the likelihood of a disruption.
- Reducing the period of disruption.
- Limiting the impact of disruption
Testing and Validation
The Commit Works Critical Incident Management Framework will be tested via a combination of scenario exercising and by periodic recovery infrastructure testing to confirm resumption of operational functions.
Testing and exercising will assist to:
- Build familiarisation with employee roles, responsibilities, processes and available tools.
- Identify practical program improvements.
- Provide a high level of stakeholder assurance in the Commit Works’ recovery capability.
The maximum interval between testing and exercising should be 12 months, unless there are valid reasons why the interval needs to be extended or material changes require a variation.
Upon the completion of the testing and evaluation, the CEO has delegated responsibility to make amendments to the Procedures.
Program Management
Review and Evaluations
Commit Works will review and evaluate the performance of the Critical Incident Framework on a periodic basis. The objectives of the performance monitoring process are to:
- Facilitate prompt action when adverse trends are detected or a non-conformity occurs.
- Ensure that the Commit Works Critical Incident Management Framework continues to be an effective system for managing disruption-related risk.
Maintenance of the Program
The policy will be reviewed by the Members of Executive on an ongoing basis to improve its effectiveness.
Glossary and Terms
Term |
Definition |
Activation |
The implementation of Critical Incident procedures, activities and plans in response to a serious incident, emergency, or event. |
Business area |
A business area within an organisation e.g. Commit Works. |
Business Continuity |
The strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level. |
Critical Incident |
A critical incident is any emergency or adverse situation that will or may have the potential to significantly impact the Commit Works’ business viability, threaten the lives of employees or others, and/or jeopardise the public image of the company. |
Critical Incident Management |
A holistic management process that identifies potential risks to an organisation and provides a framework for establishing resilience to ensure that the organisation is able to respond effectively to people injury, property damage or business disruption. This is achieved by formulating and implementing viable recovery strategies, developing a Critical Incident Management Plan and providing comprehensive training, testing and maintenance programmes. |
Critical Incident Management Framework |
The Critical Incident Management Framework is the overall approach, policies, and procedures to manage Commit Works in the instance of Incidents and Critical Incidents |
Critical Incident Management Program |
The Critical Incident Management Program is the schedule of activities to ensure that the Critical Incident Management Policy, Procedures, Roles, and Assigned Employees; remain aligned and ready to serve Commit Works in the instance of Incidents and Critical Incidents |
Critical Incident Management Plan |
A clearly defined and documented plan for use in the event of a business disruption. The plan provides a formal structure and guidance through checklists, strategies and other practical tools. |
Disruption Event |
An event that interrupts normal business functions, operations, or processes, whether anticipated (e.g, hurricane, political unrest) or unanticipated (e.g, blackout, terror attack, earthquake). |
Incident |
A physical event which interrupts business processes sufficiently to threaten the viability of the organisation. |
Incident Response Group |
A trained group of people responsible for operational management of an organisational-wide incident including response and recovery. |
Response Strategy |
A strategy to recover, resume and maintain all people safety measures, and infrastructure. |
Risk |
The effect of uncertainty on objectives. |
Comments
0 comments
Please sign in to leave a comment.