View Document

Critical Incident, Emergency Planning and Business Continuity Procedure

This is not a current document. To view the current version, click the 'Current Version' tab above.

Section 1 - Summary

(1) This Procedure states how Victoria University will manage critical incidents, emergency planning and business continuity.

Top of Page

Section 2 - Accountability

Accountable/Responsible Officer

Role
Accountable Officer Vice-President, Planning and Registrar
Responsible Officer Senior Project Coordinator (Critical Incident & Business Continuity)
Top of Page

Section 3 - Scope

(2) All staff.

Top of Page

Section 4 - Definitions

(3) Business Continuity  

(4) Chief Warden  

(5) Crisis

(6) Critical Incident

(7) Critical Incident Team

(8) Emergency Operations Centre

(9) Emergency

(10) Emergency Control Organisation

(11) Emergency Planning Committee

(12) Incident

(13) Incident Classification

(14) University Incident Controller

(15) Site Emergency Management Plan

Top of Page

Section 5 - Policy/Regulation

(16) See Critical Incident, Emergency Planning and Business Continuity Policy.

Top of Page

Section 6 - Procedures

Part A - Summary of Roles and Responsibilities

Roles

Responsibilities
Vice-Chancellor / Deputy Vice Chancellor Provides strategic direction in consultation with relevant bodies and apprises the University Council. The public spokesperson for the University. Ensure the continuing strategic purpose of the University is met during a disruption and through recovery.
Vice-President, Planning and Registrar
University Incident Controller		 Lead and manage the Critical Incident Team and program. Provide subject matter expertise for critical incident/business continuity management and response for the University. Declare a critical incident and manage the University’s response.
Vice-President, People and Culture
Deputy (UIC) 		 Responsible for the health, wellbeing and safety procedures relating to staff & incident reporting, including local emergency arrangements.
Deputy Vice-Chancellor, Academic and Students Responsible for providing vision, direction and leadership in relation to the University's learning, teaching and quality enhancement strategies, with an initial focus on VU's Blended Learning Strategy.
Vice-President, Resources and Transformation Responsible for Facilities, Information and Technology Services, Student Services including University Security and systems to detect, respond and report on incidents impacting VU communities.
Deputy Vice-Chancellor, Vocational Education and Pathways Responsible for Victoria University Polytechnic emergency procedures/business continuity management and response in consultation with relevant delegated or responsible officer.
Pro Vice-Chancellor, Students Responsible for student administration, services and other student activities including the wellbeing and welfare procedures relating to students as well as the Safety and Triage Team.
Senior Vice-President, Future Students and Planning Responsible for engagement, marketing and communication, transnational education programs, international student mobility programs, Victoria University Sydney and International Operations. Responsible for appointing designated person to manage and respond to international student incident in consultation with relevant areas.
Senior Vice-President and Chief Operating Officer Responsible for managing, reporting and providing financial approval in managing of the critical incident to maintain business needs.
Top of Page

Section 7 - Procedures

(17) The University Incident Controller may delegate some or all management functions of incident control - planning, intelligence/public information, operations, logistics and finance as the incident or critical incidents escalate in size or complexity.

(18) The Critical Incident Management Team will:

  1. Seek advice from the Legal Office about any statutory obligations or external reporting obligations arising from a critical incident.
  2. Ensure that stakeholders and regulatory bodies, including but not limited to, the Tertiary Education Quality Standards Agency, Work Safe Victoria and the University's insurer are notified in a timely manner and provided with appropriate information.
  3. Enlist Subject matter experts within the University to:
    1. assist with the response as required;
    2. implement any operational guidelines relating to a specific incident type, e.g. international student incidents, off-shore incidents or national/international disasters.

(19) Each nominated key decision-making member of the Critical Incident team has delegated powers for operational decisions made within the scope of their specific role. Such decisions must always place primary importance on the impact on the Victoria University community. These decisions must also be consistent with the purpose, values and objectives of the University.

(20) Predefined members of the Critical Incident Team will be trained for their roles and responsibilities. It is their responsibility to ensure staff within their business units are aware of their responsibilities. The Critical Incident Team delegates will ensure the continuity of the team in a prolonged incident.

(21) In the event that an emergency or incident results in a critical incident being proclaimed (or not).

  1. If onshore, the Chief Warden and Security will manage the matter at a local level and will report to the University's Incident Controller or designated person for direction.
  2. If offshore, the responsible officer will manage the matter at a local level and will escalate the matter to the relevant senior officer and the University Incident Controller or designated person for direction.

Activation of Critical Incident Management

(22) The University Incident Controller has delegated authority to declare a Critical Incident and to do all things necessary to manage VU’s response and recovery

(23) The University will respond with appropriate resources arising from a Critical Incident. The University Incident Controller will activate the emergency operations centre as required, convene regular briefings as required for key senior officers and key subject matter experts. Quick and effective control measures through communication with key stakeholders and the community are required to mitigate against such damage.

(24) The University will maintain a central point from which all critical incidents can be commanded, controlled and coordinated in order to support teams during response and recovery activities. The Critical Incident Team will identify alternative locations for emergency response operations in the event that the dedicated Emergency Operations Centre is rendered unusable or unsafe.

(25) Any critical incident should be reported and managed through standard procedures via people and culture for staff matters and safety and triage team for critical incidents relating to students in consultation with University Security. 

  1. Support services available include but not limited to informing supervisors or academics, student counselling, safer community, welfare, employee assistance program and Police.

(26) All critical incidents that immediately threaten people, assets or University operations must be reported to the University's Security Services who will notify the University Incident, Controller or nominee.

  1. Reporting of Critical Incidents via Quick Safe  aims to achieve timely risk assessment and intervention in the line of supervision extending from students or staff to academics or supervisor through to Senior Executive Group.

(27) The University Incident Controller has full discretion over the assigned level of response activated.

  1. Minor incident, with or without any disruption to critical business service/process: this will be managed and dealt with at the local level. For example (but not limited to):
    1. Minor injury during a lecture or staff meeting
  2. Moderate disruption to critical business service/process: the critical incident team is notified and a response as required. For example (but not limited to):
    1. Equipment malfunction
    2. Email being compromised
    3. Mental health concerns
  3. Major disruption to critical business service/process: critical incident team involvement is mandatory. For example (but not limited to):
    1. Loss of a University building
    2. Loss of University staff due to pandemic
    3. Major Cyber Attack or indiscriminate acts of Violence

(28) University Incident Controller or nominee will coordinate a post-incident operational debrief (within 10 University business days of the incident) to review actions and to ensure lessons learnt are adopted to ensure continuous improvement.

Statements to the media or public

(29) As soon as possible the University Incident Controller will liaise with the Communications Team, prepare a critical incident communication plan.

(30) The critical incident communication plan may include but not limited to:

  1. Media update
  2. Communications to staff and students
  3. Liaison with the emergency service media personnel or other regulatory bodies
  4. Maintaining documentation for University’s records.

(31) The Vice-Chancellor or delegate may speak for the University in commenting on matters associated with a Critical Incident. The Vice-Chancellor may authorise members of the Critical Incident Team or other officers to issue statements to the media.

Business Continuity

(32) Implementation of an appropriate business continuity response is the responsibility of the relevant delegated officer/s and the relevant most senior officer for that area will liaise with the University's Incident Controller as required.

(33) Relevant senior officers will be responsible for improving the resilience of their respective areas. This includes ensuring that business as usual operations are fit for purpose and able to cope with a range of disruptions. Contingent to after-hours or before-hours contact arrangements provides additional capability and guidance on approved and adaptive courses of action to be initiated during a disruptive incident (Resilience in Crisis).

Emergency Control Organisation Structure

(34) The University's Emergency Control Organisation has been established in accordance with Australian Standard AS 3745 'Planning for Emergencies in Facilities' and provides members with guidance to the planning for, and management of emergency and critical incident situations across all University Premises.

(35) If an emergency is declared, the campus-based emergency structure will implement an appropriate response to emergency situations in accordance with the Site Emergency Response Plan. In the event that the campus emergency generates into a critical incident, the Emergency Control Organisation hierarchy will come into effect and the Critical Incident Team will manage the critical incident at the local level, liaising with the Emergency Control Organisation.

(36) During an Emergency or emergency exercise, pending the arrival of the Emergency Services, Emergency Control Organisation personnel shall have absolute authority to issue instructions to evacuate all persons from buildings and/or other areas of the University's Premises.

Records

(37) The University Incident Controller or delegated person will ensure records are maintained detailing communications, decisions and actions of the Critical Incident Team (CIT) for documentation of the University’s response. Each member of the CIT is responsible for ensuring that similar documentation is developed and maintained for their respective portfolios.

(38) VU will take reasonable steps to ensure that the information it handles is protected from misuse, loss, unauthorised access, modification and disclosure. VU's requirements in relation to information technology security are set out in the IT Security Policy, the Records Management Policy and relevant associated procedures.

Top of Page

Section 8 - Guidelines

(39) Nil.