Articles in this section

See more

Critical Incident Management Policy

Avatar
Alex Retzlaff
  • Updated
Follow

This policy applies to all employees and contractors of Commit Works. This policy encompasses the management of incidents and critical incidents from a human, hazard identification, and risk management perspective. It details the arrangements that apply to critical incident management in the context of the Commit Works’ Risk Management Framework.

This document is effective from 07/08/17.

Purpose

The policy provides the guidance for Commit Works to plan for, respond to and manage incidents and critical incidents ensuring the Commit Works meets its duty of care obligations in providing the highest possible standard of health and safety and upholds its legislative obligations in relation to its employees and contractors to ensure people are safe, and that Commit Works’ reputation is maintained.

Scope

This policy applies to employees and contractors – in the Commit Works workplace or while they are participating in Commit Works-related activities – locally within Australia and overseas.

Nothing in this policy overrides the Code of Conduct for All Employee Policy.

Exclusions

This policy does not apply to minor injuries or accidents that affect an individual or isolated area(s) and do not pose any additional threat or risk to employees and contractors, property or affect the Commit Works’ operations and/or reputation. These minor incidents will be managed by activating Commit Works Accident and Incident Reporting, and Corrective Action processes.

Criterion for Activation of Critical Incident Management Procedures

Commit Works will immediately notify the Incident Lead and Incident Response Group members when a situation is a potential Incident or Critical Incident. 

The Incident Lead will select members of the Incident Response Group which includes employees of the Commit Works who will provide the right expertise to resolve the incident and apply learnings to reduce the risk of the incident from reoccurring.

Critical Incident Management Program Framework

Definition of Critical Incident Management

Incident

A moderate incident that has a localised impact on employees, contractors, Commit Works and the public and may entail some property damage. The incident has largely been contained and is unlikely to escalate in severity but still, requires response and management by Commit Works personnel. It can usually be handled using normal operating procedures.

Critical Incident

A major incident or series of events that have the potential to severely damage Commit Works’ people, operations, environment, its long-term prospects and/or its reputation. It requires a significant response and on­going management.

Incident Categories

Due to the broad definition of what comprises a critical incident, Commit Works is committed to applying the International Coding of Incidents to increase its preparedness and the effectiveness of Commit Works’ response and management of incidents. The Incident Lead will manage an Incident.

Colour
Code

Type of incident

Example

Yellow

Internal incident
  • Asbestos exposure
  • Biological
  • Chemical hazard
  • Conflict of interest
  • Construction accident
  • Critical equip failure
  • Cyber attack
  • Data/records loss
  • Gas leak
  • Failure of essential services/utilities
  • IT equipment failure
  • IT software failure
  • Industrial action
  • Plagiarism
  • Power failure
  • Sabotage of building
  • Security access
  • Employee resignation
  • Structural damage
  • Theft, fraud, malice
  • Water damage

Red

Fire/Smoke
  • Fire
  • Explosion
  • Discovery of smoke/fire

Purple

Bomb threat
  • Bomb threat
  • Suspicious item

Blue

Medical Emergency/Threat
  • Epipen use
  • Death employee
  • Medical Emergency
  • Poisoning
  • Pandemic diseases
  • Shock
  • Suicide

Black

Personal Threat
  • Active Shooter
  • Assault
  • Child protection matter
  • Intrusion or hold-up
  • Kidnapping
  • Missing employee
  • Self-harm attempted
  • Serious assault
  • Siege
  • Violent behaviour
  • Terrorism

Green

Sexual Assault/Harassment
  • Sexual assault
  • Sexual harassment

Orange

Evacuation
  • Building evacuation

Brown

External
  • External party impact
  • Natural disasters, earthquake, flooding, bushfire
  • Out of office incident
  • Partner failure
  • Public disorder
  • Reputation
  • Severe weather and storms
  • Supplier Failure
  • Third party negligence
  • Transport accident

Critical Incident Management Team

Incident Response Group

Selection of employees and alternates on the Incident Response Group will be made by the Chief Operating Executive, with the key objective of membership being to include experienced employee from all major operational areas of Commit Works.

Depending on the location and nature of the incident, the following employees will assume the role of Incident Leads:

Incident Type / Location

Incident Lead

In office incident (within Australia)

HR

All Sexual Assault and Sexual Harassment incident

HR

Out of office events/activities (within Australia)

HR

International incident

International Team Leader

Reputation Only incident (non-physical incidents)

CEO

Information Technology Only incident (network, information security, software)

CTO

 

Critical Incident Response Group

The CEO will declare a critical incident if it has the potential to significantly affect Commit Works’ people, operations, environment or its long-­term prospects and/or reputation.

The CEO will assume the role of Critical Incident Lead and activate the Critical Incident Response Group (CIRG) that will include employees of the Commit Works who can provide their expertise and additional resources and support to the Incident Response Group in managing the critical incident.

The CIRG will oversee Critical Incident and recovery processes in conjunction with the Incident Lead of the Incident Response Group.

Communication

All communication concerning an incident or a critical incident will be coordinated by the CEO, in consultation with the Incident Lead and/or Critical Incident Lead.

Accountabilities and Responsibilities

The CEO, as the Responsible Officer for the policy, is responsible for the establishment, operation and review, including scheduling and coordinating scenario testing (at least annually) of the Critical Incident Management Policy and Procedures.

The CEO will raise awareness about the Critical Incident Management Policy and Procedures. Commit Works is also committed to ensuring that all employees and contractors comply with the requirements of the policy and its related procedures.

Predefined members of the IRG and CIRG will be trained for their roles and responsibilities within the Critical Incident Management Policy and Procedures. It is their responsibility to ensure employees within their business units are aware of their responsibilities to deliver the policy and related procedures.

Managers who support the business continuity and recovery processes are required to familiarise themselves with the policy and procedures.

Implementation the Critical Incident Management Framework

Threat Identification and Mitigation strategies

Overview

Commit Works will identify strategies to facilitate the protection of people and assets, and recovery of Critical Business Functions within agreed timeframes.  This includes strategies to mitigate the impacts of an event, including:

  • Protecting Commit Works property and infrastructure.
  • Stabilising the situation.
  • Continuing, resuming and recovering Critical Business Functions.

Strategies will examine:

  • Response and recovery team structures and critical roles. This includes activation, escalation and communication procedures.
  • Incident management procedures. This includes strategies relating to how an event is detected, assessed, monitored, recorded and communicated.
  • Response action plans.
  • Redundancy options for physical sites, operational infrastructure and technology.

Methodology

Strategies will leverage off the response and recovery priorities based on the Threat Assessment process in a process to mitigate risk will be applied when selecting strategy options. This includes:

  1. Reducing the likelihood of a disruption.
  2. Reducing the period of disruption.
  3. Limiting the impact of disruption

Testing and Validation

The Commit Works Critical Incident Management Framework will be tested via a combination of scenario exercising and by periodic recovery infrastructure testing to confirm resumption of operational functions.
Testing and exercising will assist to:

  1. Build familiarisation with employee roles, responsibilities, processes and available tools.
  2. Identify practical program improvements.
  3. Provide a high level of stakeholder assurance in the Commit Works’ recovery capability.

The maximum interval between testing and exercising should be 12 months, unless there are valid reasons why the interval needs to be extended or material changes require a variation.

Upon the completion of the testing and evaluation, the CEO has delegated responsibility to make amendments to the Procedures.

Program Management

Review and Evaluations

Commit Works will review and evaluate the performance of the Critical Incident Framework on a periodic basis. The objectives of the performance monitoring process are to:

  • Facilitate prompt action when adverse trends are detected or a non-conformity occurs.
  • Ensure that the Commit Works Critical Incident Management Framework continues to be an effective system for managing disruption-related risk.

Maintenance of the Program

The policy will be reviewed by the Members of Executive on an ongoing basis to improve its effectiveness.

Glossary and Terms

Term

Definition

Activation

The implementation of Critical Incident procedures, activities and plans in response to a serious incident, emergency, or event.

Business area

A business area within an organisation e.g. Commit Works.

Business Continuity

The strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.

Critical Incident

A critical incident is any emergency or adverse situation that will or may have the potential to significantly impact the Commit Works’ business viability, threaten the lives of employees or others, and/or jeopardise the public image of the company.

Critical Incident Management

A holistic management process that identifies potential risks to an organisation and provides a framework for establishing resilience to ensure that the organisation is able to respond effectively to people injury, property damage or business disruption. This is achieved by formulating and implementing viable recovery strategies, developing a Critical Incident Management Plan and providing comprehensive training, testing and maintenance programmes.

Critical Incident Management Framework

The Critical Incident Management Framework is the overall approach, policies, and procedures to manage Commit Works in the instance of Incidents and Critical Incidents

Critical Incident Management Program

The Critical Incident Management Program is the schedule of activities to ensure that the Critical Incident Management Policy, Procedures, Roles, and Assigned Employees; remain aligned and ready to serve Commit Works in the instance of Incidents and Critical Incidents

Critical Incident Management Plan

A clearly defined and documented plan for use in the event of a business disruption. The plan provides a formal structure and guidance through checklists, strategies and other practical tools.

Disruption Event

An event that interrupts normal business functions, operations, or processes, whether anticipated (e.g, hurricane, political unrest) or unanticipated (e.g, blackout, terror attack, earthquake).

Incident

A physical event which interrupts business processes sufficiently to threaten the viability of the organisation.

Incident Response Group

A trained group of people responsible for operational management of an organisational-wide incident including response and recovery.

Response Strategy

A strategy to recover, resume and maintain all people safety measures, and infrastructure.

Risk

The effect of uncertainty on objectives.
Print Friendly and PDF

Related articles

Comments

0 comments

Please sign in to leave a comment.