Critical Incident Management Policy

This policy applies to all employees and contractors of Commit Works. This policy encompasses the management of incidents and critical incidents from a human, hazard identification, and risk management perspective. It details the arrangements that apply to critical incident management in the context of the Commit Works’ Risk Management Framework.

This document is effective from 07/08/17.

Purpose

The policy provides the guidance for Commit Works to plan for, respond to and manage incidents and critical incidents ensuring the Commit Works meets its duty of care obligations in providing the highest possible standard of health and safety and upholds its legislative obligations in relation to its employees and contractors to ensure people are safe, and that Commit Works’ reputation is maintained.

Scope

This policy applies to employees and contractors – in the Commit Works workplace or while they are participating in Commit Works-related activities – locally within Australia and overseas.

Nothing in this policy overrides the Code of Conduct for All Employee Policy.

Exclusions

This policy does not apply to minor injuries or accidents that affect an individual or isolated area(s) and do not pose any additional threat or risk to employees and contractors, property or affect the Commit Works’ operations and/or reputation. These minor incidents will be managed by activating Commit Works Accident and Incident Reporting, and Corrective Action processes.

Criterion for Activation of Critical Incident Management Procedures

Commit Works will immediately notify the Incident Lead and Incident Response Group members when a situation is a potential Incident or Critical Incident.

The Incident Lead will select members of the Incident Response Group which includes employees of the Commit Works who will provide the right expertise to resolve the incident and apply learnings to reduce the risk of the incident from reoccurring.

Critical Incident Management Program Framework

Definition of Critical Incident Management

Incident

A moderate incident that has a localised impact on employees, contractors, Commit Works and the public and may entail some property damage. The incident has largely been contained and is unlikely to escalate in severity but still, requires response and management by Commit Works personnel. It can usually be handled using normal operating procedures.

Critical Incident

A major incident or series of events that have the potential to severely damage Commit Works’ people, operations, environment, its long-term prospects and/or its reputation. It requires a significant response and ongoing management.

Incident Categories

Due to the broad definition of what comprises a critical incident, Commit Works is committed to applying the International Coding of Incidents to increase its preparedness and the effectiveness of Commit Works’ response and management of incidents. The Incident Lead will manage an Incident.

Colour Code	Type of incident	Example
Yellow	Internal incident	Asbestos exposure Biological Chemical hazard Conflict of interest Construction accident Critical equip failure Cyber attack Data/records loss Gas leak Failure of essential services/utilities IT equipment failure IT software failure Industrial action Plagiarism Power failure Sabotage of building Security access Employee resignation Structural damage Theft, fraud, malice Water damage
Red	Fire/Smoke	Fire Explosion Discovery of smoke/fire
Purple	Bomb threat	Bomb threat Suspicious item
Blue	Medical Emergency/Threat	Epipen use Death employee Medical Emergency Poisoning Pandemic diseases Shock Suicide
Black	Personal Threat	Active Shooter Assault Child protection matter Intrusion or hold-up Kidnapping Missing employee Self-harm attempted Serious assault Siege Violent behaviour Terrorism
Green	Sexual Assault/Harassment	Sexual assault Sexual harassment
Orange	Evacuation	Building evacuation
Brown	External	External party impact Natural disasters, earthquake, flooding, bushfire Out of office incident Partner failure Public disorder Reputation Severe weather and storms Supplier Failure Third party negligence Transport accident

Critical Incident Management Team

Incident Response Group

Selection of employees and alternates on the Incident Response Group will be made by the Chief Operating Executive, with the key objective of membership being to include experienced employee from all major operational areas of Commit Works.

Depending on the location and nature of the incident, the following employees will assume the role of Incident Leads:

Incident Type / Location	Incident Lead
In office incident (within Australia)	HR
All Sexual Assault and Sexual Harassment incident	HR
Out of office events/activities (within Australia)	HR
International incident	International Team Leader
Reputation Only incident (non-physical incidents)	CEO
Information Technology Only incident (network, information security, software)	CTO

Critical Incident Response Group

The CEO will declare a critical incident if it has the potential to significantly affect Commit Works’ people, operations, environment or its long-term prospects and/or reputation.

The CEO will assume the role of Critical Incident Lead and activate the Critical Incident Response Group (CIRG) that will include employees of the Commit Works who can provide their expertise and additional resources and support to the Incident Response Group in managing the critical incident.

The CIRG will oversee Critical Incident and recovery processes in conjunction with the Incident Lead of the Incident Response Group.

Communication

All communication concerning an incident or a critical incident will be coordinated by the CEO, in consultation with the Incident Lead and/or Critical Incident Lead.

Accountabilities and Responsibilities

The CEO, as the Responsible Officer for the policy, is responsible for the establishment, operation and review, including scheduling and coordinating scenario testing (at least annually) of the Critical Incident Management Policy and Procedures.

The CEO will raise awareness about the Critical Incident Management Policy and Procedures. Commit Works is also committed to ensuring that all employees and contractors comply with the requirements of the policy and its related procedures.

Predefined members of the IRG and CIRG will be trained for their roles and responsibilities within the Critical Incident Management Policy and Procedures. It is their responsibility to ensure employees within their business units are aware of their responsibilities to deliver the policy and related procedures.

Managers who support the business continuity and recovery processes are required to familiarise themselves with the policy and procedures.

Implementation the Critical Incident Management Framework

Threat Identification and Mitigation strategies

Overview

Commit Works will identify strategies to facilitate the protection of people and assets, and recovery of Critical Business Functions within agreed timeframes. This includes strategies to mitigate the impacts of an event, including:

Protecting Commit Works property and infrastructure.
Stabilising the situation.
Continuing, resuming and recovering Critical Business Functions.

Strategies will examine:

Response and recovery team structures and critical roles. This includes activation, escalation and communication procedures.
Incident management procedures. This includes strategies relating to how an event is detected, assessed, monitored, recorded and communicated.
Response action plans.
Redundancy options for physical sites, operational infrastructure and technology.

Methodology

Strategies will leverage off the response and recovery priorities based on the Threat Assessment process in a process to mitigate risk will be applied when selecting strategy options. This includes:

Reducing the likelihood of a disruption.
Reducing the period of disruption.
Limiting the impact of disruption

Testing and Validation

The Commit Works Critical Incident Management Framework will be tested via a combination of scenario exercising and by periodic recovery infrastructure testing to confirm resumption of operational functions.
Testing and exercising will assist to:

Build familiarisation with employee roles, responsibilities, processes and available tools.
Identify practical program improvements.
Provide a high level of stakeholder assurance in the Commit Works’ recovery capability.

The maximum interval between testing and exercising should be 12 months, unless there are valid reasons why the interval needs to be extended or material changes require a variation.

Upon the completion of the testing and evaluation, the CEO has delegated responsibility to make amendments to the Procedures.

Program Management

Review and Evaluations

Commit Works will review and evaluate the performance of the Critical Incident Framework on a periodic basis. The objectives of the performance monitoring process are to:

Facilitate prompt action when adverse trends are detected or a non-conformity occurs.
Ensure that the Commit Works Critical Incident Management Framework continues to be an effective system for managing disruption-related risk.

Maintenance of the Program

The policy will be reviewed by the Members of Executive on an ongoing basis to improve its effectiveness.

Glossary and Terms

Term	Definition
Activation	The implementation of Critical Incident procedures, activities and plans in response to a serious incident, emergency, or event.
Business area	A business area within an organisation e.g. Commit Works.
Business Continuity	The strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.
Critical Incident	A critical incident is any emergency or adverse situation that will or may have the potential to significantly impact the Commit Works’ business viability, threaten the lives of employees or others, and/or jeopardise the public image of the company.
Critical Incident Management	A holistic management process that identifies potential risks to an organisation and provides a framework for establishing resilience to ensure that the organisation is able to respond effectively to people injury, property damage or business disruption. This is achieved by formulating and implementing viable recovery strategies, developing a Critical Incident Management Plan and providing comprehensive training, testing and maintenance programmes.
Critical Incident Management Framework	The Critical Incident Management Framework is the overall approach, policies, and procedures to manage Commit Works in the instance of Incidents and Critical Incidents
Critical Incident Management Program	The Critical Incident Management Program is the schedule of activities to ensure that the Critical Incident Management Policy, Procedures, Roles, and Assigned Employees; remain aligned and ready to serve Commit Works in the instance of Incidents and Critical Incidents
Critical Incident Management Plan	A clearly defined and documented plan for use in the event of a business disruption. The plan provides a formal structure and guidance through checklists, strategies and other practical tools.
Disruption Event	An event that interrupts normal business functions, operations, or processes, whether anticipated (e.g, hurricane, political unrest) or unanticipated (e.g, blackout, terror attack, earthquake).
Incident	A physical event which interrupts business processes sufficiently to threaten the viability of the organisation.
Incident Response Group	A trained group of people responsible for operational management of an organisational-wide incident including response and recovery.
Response Strategy	A strategy to recover, resume and maintain all people safety measures, and infrastructure.
Risk	The effect of uncertainty on objectives.

Articles in this section