Critical Incident Management - Operational Policy | UniSC | University of the Sunshine Coast, Queensland, Australia

Accessibility links

Critical Incident Management - Operational Policy

Download PDF
Approval authority
Vice-Chancellor and President
Responsible Executive member
Chief Operating Officer
Designated officer
Director, Facilities Management
First approved
9 September 2008
Last amended
28 August 2024
Review date
3 June 2025
Status
Active
Related documents
Linked documents
Related legislation / standards
  • University of the Sunshine Coast Act 1998 (Qld)
  • Privacy Act 1988 (Cth)
  • Education Services for Overseas Students (ESOS) Act 2000 (Cth)
  • Work Health & Safety Act 2011 (Qld)
  • Building Fire Safety Regs 2008
  • National Code of Practice for Providers of Education and Training to Overseas Students 2018
  • Information Privacy Act 2009 (Qld)
  • AS 3745 -2010 Emergency control organisation and procedures for buildings, structures and workplaces
  • Fire & Emergency Services Act 1990
  • Environmental Protection Act 1994
  • AS ISO/IEC 27035 IT - Security techniques - Information security incident management
  • Disaster Management Act 2003 (Qld)

1. Purpose of policy

1.1 The purpose of this policy is to plan for, respond to and manage incidents that impact the University and members of the University community. The Critical Incident Management – Governing Policy and supporting procedures are part of the University's broader protection, resilience, and sustainability system.(1) The purpose of this suite of documents is to identify and respond to critical incidents, mitigate the loss of University assets and operations, protect the University’s reputation, reduce the impact on the University’s people, the community and the environment and return to business-as-usual as soon as practical.

1.2 Under this policy, all areas of the University are required to have adequate response plans and procedures in place that are relevant for their operational areas and consistent with this Critical Incident Management – Governing Policy and procedures.

2. Policy scope and application

2.1 This policy is designed for the management of all incidents that have impacted upon or have the potential to impact on the University Community, services and operations, property and the environment. These incidents include both physical actions or hazards and other forms which may cause major reputational damage or loss of University functions or operations. It applies to all University campuses.

2.2 This policy also applies to staff and/or students who are hosted at sites operated by Third-Party Providers, visiting other Third-Party Sites and on study tours or work placements.

2.3 Sites hosting staff and/or students which are operated by Third-Party Providers must have appropriate and effective incident management policies and procedures in place.

3. Definitions

Please refer to the University’s Glossary of Terms for policies and procedures. Terms and definitions identified below are specific to this policy and are critical to its effectiveness:

Australasian Inter-Service Incident Management System (AIIMS) – a national system used by all emergency agencies and first responders when organising the managing of a disaster or emergency by function.

Campus – means any campus or site owned or operated by the University.

Comprehensive approach – a risk based systematic approach in managing incidents and emergency events which confront a community. The phases of prevention preparedness response and recovery (PPRR) are not necessarily sequential but comprehensively cover all aspects of planning, collaboration and resource allocation.

Critical Incident – An incident that has a Risk Rating of high or extreme under the University’s Risk Management Framework with a consequence of at least moderate or higher. It requires a focused and concerted response and ongoing management by the Organisational Unit Manager in conjunction with the IRT.

Emergency Planning Committee (EPC) – The EPC is established to ensure all applicable legislative requirements are met and sufficient resources (time, finance, equipment and personnel) are provided to enable the development and implementation of emergency (incident) plans in a multi-campus environment. This is a requirement of Australian Standard 3745-2010, Planning for emergencies in facilities. The EPC has broader planning responsibilities under the University’s protection, resilience and sustainability system.

Incident: An incident is an issue that requires a response. An incident may impact on any area of University activity. An incident that is not considered to be critical has a localised containable impact and is unlikely to escalate in severity but requires response and management as part of ongoing business-as-usual.

Incident Response Team (IRT) – A team of specialists that is mobilised to assess and respond to a critical incident that has occurred.

Key Management Personnel (KMP) – people with the authority and responsibility for planning, directing and controlling the activities of the University, directly or indirectly, including any director (whether executive or otherwise) of that entity.

Risk Rating – Risk ratings provide a consistent scale for measuring incident severity through the following classifications: extreme, high, medium or low.

Third-Party Providers – Organisations contracted by the University to provider services on its behalf.

Third-Party Sites – Sites that staff or students visit other than the University’s campuses and Third-Party Providers. This includes sites where staff and students are on work placements or study tours.

University Community – relates to students, staff and other stakeholders engaging with the University, including visitors, contractors and volunteers.

4. Policy Statement

4.1 The University is vulnerable to a range of events from those with a period of warning to others that occur abruptly. All such incidents are to be assessed according to their Risk Rating which is determined under the principles in the Risk Management Framework. The University will develop and implement systems and processes for appropriate and effective management of incidents. The University will develop these systems and processes in line with State and Federal protocols, relevant standards and legislative requirements.

4.2 The University will comply with its reporting and notification requirements in the event of any breaches of relevant legislation, standards or guidelines. This includes but is not limited to privacy requirements, crime and corruption, environmental and health, ethical conduct and student obligations. The University will also comply with its obligations from an insurance reporting perspective.

5. Principles

5.1. Incident Management Framework
5.1.1 Emergency planning and management

5.1.1.1 The University will establish an Emergency Planning Committee which will ensure that site specific emergency plans and procedures are maintained covering all campus locations. These plans and procedures will be overseen centrally by Facilities Management to ensure they are consistent and meet the broad requirements of the University. Where relevant, individual campuses will manage their site-specific procedures that are relevant to their operations.

5.1.1.2 Emergency Plans and Procedures are to be regularly communicated to staff, students and visitors across each campus so that in the event that an incident requires a response, appropriate procedures can be followed.

5.1.2 Incident risk assessment

5.1.2.1 Any incident that occurs is to be evaluated as soon as practicable as to its severity and an appropriate response put in place. Incidents are to be classified in accordance with the University’s Risk Management Framework. The assessment of incidents is to be undertaken either by the operational area where the incident occurred or the area with responsibility for the person(s) involved in the incident. The assessment is made with reference to the consequence tables under the Risk Management Framework.(2) A scalable response will be implemented, depending on the nature and severity of the incident.

5.1.3 Escalated responses and structures

5.1.3.1 Incidents that are not determined to be critical are to be managed by the respective area as part of business-as-usual processes.

5.1.3.2 All Critical Incidents must be managed by an IRT, unless it is deemed that an alternative management approach is more appropriate, such as in the case when the incident is confidential or sensitive in nature or where an assessment has been made that an IRT is not required. Incidents that have a moderate consequence may be managed as part of business-as-usual if this is deemed appropriate. The decision to manage the Critical Incident under an alternative management approach will be made by the IRT Leader in consultation with the relevant operational area. For student related incidents, the Academic Registrar and Director, Student Services must be consulted on the management approach.

5.1.3.3 When an incident has been classified as non-critical, but impacts multiple areas across the University, it may also be appropriate for an IRT to be established that has representation from all impacted areas. The IRT Leader is to take the lead on establishing and managing an incident through an IRT, however may choose to appoint another area to lead the IRT if this is appropriate.

5.1.3.4 The IRT Leader is to involve all impacted areas of the University in the management of, and response to the Critical Incident.

5.1.4. Incident Management Response Activation

5.1.4.1 In the event of a Critical Incident requiring activation of an IRT, the IRT Leader will mobilise resources which will be specifically created for the management of the Critical Incident that has occurred. The IRT Leader will inform the VCP and Executive of the nature and severity of the incident and any rectification plans.

5.1.4.2 For critical large-scale incidents affecting the region and extending beyond the University facility boundary, the IRT Leader may choose to adopt the AIIMS control system in the planning, response and recovery stage of an incident.

5.1.5 Review of response to Critical Incidents

5.1.5.1 Following the completion of a response to a Critical Incident, a review is to be undertaken to determine the effectiveness of the response and any improvements that can be made going forward.

5.2. International and off-campus considerations
5.2.1 International students on campuses

5.2.1.1 The Education Services for Overseas Students Act 2000 (Cth) (ESOS Act) sets out the legal framework governing delivery of education to international students in Australia on a student visa. The University is to comply, specifically with Standards 6.8-6.9 of the National Code of Practice for Providers of Education and Training to Overseas Students 2018.

5.2.2 Incidents impacting staff, students and contractors when located off campus

5.2.2.1 To ensure there is consistency with University policies and procedures, Facilities Management is responsible for reviewing incident management and emergency management policies and procedures for facilities of Third-Party Providers prior to entering into an agreement and when there are material changes.

5.2.2.2 Students and staff involved in an incident occurring domestically at a Third-Party Provider or a Third-Party Site are to follow the incident management procedures of the Provider as appropriate. In the event of an off-campus incident, an incident report is required to be submitted that is relevant for the organisation where the incident occurred. A University specific incident report is also required to be completed, or a copy of the Third-Party report provided to the University.

5.2.2.3 In the event that a Critical Incident occurs involving a staff or student at a Third-Party Provider or on a Third- Party Site, an IRT is to be established so the incident can be managed appropriately.

5.2.3 Offshore Incidents.

5.2.3.1 For incidents that occur offshore involving staff or students, the approach is collaborative in nature with the nearest consular, foreign government agency or host country organisation being responsible for managing events in their area, as well as any contracted provider. Students and staff involved in an incident occurring offshore are to follow the incident management procedures of the organisation where they are based and complete an incident report that is relevant to that organisation. A University incident report is also required to be completed. All areas are responsible for undertaking risk assessments prior to international travel and for maintaining emergency contact details as part of the pre-departure packages.

5.3. Communication

5.3.1 The Director, Marketing is to be notified of every Critical Incident and to assess whether direct communication action is needed. The Director, Marketing (or appropriate delegate if unavailable) will be a member of the IRT and will have responsibility for managing communication during the incident.

5.4. Recording, Reporting and Statistics

5.4.1 The IRT Leader is responsible for ensuring all documentation relating to incidents are maintained in an approved record keeping system where appropriate.

5.4.2 External reporting obligations will be undertaken in compliance with legislation, standards or guidelines that are relevant to the particular incident that has occurred.

5.4.3 Requirements regarding recording information during an incident (once an IRT is invoked) will be conducted in accordance with the procedures outlined in the IRT Support Manual.

5.4.4. Completion of an incident report

5.4.4.1 Information must be reported and captured for all types of incidents. All health and safety incidents are to be reported to the relevant supervisor immediately and an incident report is to be submitted to Health, Safety and Wellbeing (HSW). If other areas of the University are impacted by an incident, then a copy of the report must be provided as soon as practicable to this area. Confidentiality must be maintained where appropriate. When an incident involves a student, the Academic Registrar and Director, Student Services is informed and provided with a copy of the report. For other types of incidents, these should be reported to the relevant operational area who will follow university escalation and reporting protocols.

5.5. Training and Emergency Exercises

5.5.1 The EPC will ensure that emergency management personnel have the resources required for incident management and are appropriately trained. The University emergency response capability will be tested in desktop and field exercises every two years.

6. Authorities/Responsibilities

6.1The following authorities/responsibilities are delegated under this policy:

Activity

University Officer/Committee

Responsible and accountable to the University Council for Incident Management

Vice-Chancellor and President

Provide the Audit and Risk Management Committee with summary information concerning any critical incidents.

Director, Governance and Risk Management

Develop, implement, resource and maintain the protection, resilience, and sustainability system, including emergency plan, incident response procedures, and the readiness, training and awareness sessions for all persons responding to incidents and emergencies

Chief Operating Officer

Trained in incident management procedures and prepared to convene an Incident Response Team to evaluate and manage incidents across campuses

Key Management Personnel. Key Management Personnel are required to nominate an appropriate delegate who will be trained to manage an IRT in their absence.

Advise staff within their area of responsibility of this policy and its associated procedures on a regular basis

Organisational Unit Managers

Responsible for the administration of the University Critical Incident Management – Governing Policy

Chief Operating Officer

Act as Incident Controller for a Critical Incident or for Local/District Disaster Management responses

Director IRT Leader or Deputy

Develop and maintain close liaison with relevant Intelligence and Government Agencies, Queensland Police Services, other Emergency Response Services, and Disaster Management Groups to ensure an effective notification, alert, support and response to potential or actual University incidents. Regulatory relationship management with the University’s regulators (including but not limited to the Office of the Information Commissioner, WorkSafe and the Tertiary Education Quality Standards Agency) remain the responsibility of the designated staff member within each relevant area

Senior Manager, Security/ SafeUSC or delegate

Ensure students receive information about this policy and its associated procedures as part of their induction or orientation to the University

Academic Registrar and Director, Student Services

Ensure staff receive information about this policy and its associated procedures as part of their induction or orientation to the University

Director, People and Culture

Notified of all student related incidents, informed about all critical student-related incidents, consulted prior to IRT and involved in the management of all critical student related incidents.

Academic Registrar and Director, Student Services

Ensure staff and students on field trips or study tours are prepared for any incident in terms of orientation, induction, in country briefings, incident responses, host nation contacts, third-party emergency contact in country of activity

Heads of Schools

Notes

(1) The protection, resilience and sustainability system is a set of policies, procedures and plans across incident management and business continuity management.

(2) Significant incidents involving staff, students or visitors include death, attempted suicide, serious injury, life-threatening illness and drug or alcohol overdose, sexual and/or physical assault, domestic violence, or crime related incidents, missing students, serious threats of violence, mental health issues impacting on safety of self and others and arrest or detention.

Emergency contact numbers:

Campus Emergency: +61 7 5430 1168

Police, Fire, Ambulance: 000

END