View Document

Critical Incident, Emergency Planning and Business Continuity Procedure

This is the current version of this document. To view historic versions, click on the 'Historic Versions' tab above.

Section 1 - Summary

(1) This Procedure states how Victoria University (VU) will manage critical incidents, emergency planning and business continuity.

Top of Page

Section 2 - Scope

(2) All staff.

Top of Page

Section 3 - Definitions

(3) Business Continuity  

(4) Chief Warden  

(5) Crisis

(6) Critical Incident

(7) Critical Incident Team

(8) Emergency Operations Centre

(9) Emergency

(10) Emergency Control Organisation

(11) Emergency Planning Committee

(12) Incident

(13) Incident Classification

(14) University Incident Controller

(15) Site Emergency Management Plan

Top of Page

Section 4 - Policy/Regulation

(16) See Critical Incident, Emergency Planning and Business Continuity Policy.

Top of Page

Section 5 - Procedures

Part A - Summary of Roles and Responsibilities

Roles

Responsibilities
Vice-Chancellor / Senior Vice-President and Chief Operating Officer Provides strategic direction in consultation with relevant bodies and apprises the University Council. The public spokesperson for the University.
Ensure the continuing strategic purpose of the University is met during a disruption and through recovery.
Chief Human Resources Officer
University Incident Controller (UIC)		 Lead and manage the Critical Incident Team (CIT) and program.
Provide subject matter expertise for critical incident/business continuity management and response for the University.
Declare a critical incident and manage the University’s response.
Chief Student Officer (Deputy UIC) Responsible for student services, support, communications and engagement, including the wellbeing and welfare procedures relating to all students, the Safety and Triage Team and learning and teaching support areas such as Libraries and lab-based Technical Services.  Is the Deputy Incident Controller and will assume the role of the University Incident Controller as required.
Interim Deputy Provost (Students & Academic Services) Responsible for leading the implementation of a variety of initiatives related to technology enhanced learning and teaching, block model initiatives, academic and quality standards, student support services, enhancement and management, and access to higher education.
Deputy Vice-Chancellor Enterprise and Digital Responsible for Facilities, Information and Technology Services, including University Security and systems to detect, respond and report on incidents impacting VU communities.
Senior Vice-President and Chief Operating Officer Responsible for key supporting and enabling services that manage institutional resources, including Finance, Infrastructure and People and Culture.
Responsible for managing, reporting and providing financial approval in managing of the critical incident to maintain business needs.
Chief TAFE Officer Responsible for the delivery of VU’s Vocational programs, overseeing the delivery of all VET programs, as well as commercial operations and learning, quality and support functions.
Senior Vice-President and Deputy Vice-Chancellor, Global (Interim) Responsible for leading  strategy and operations on a number of critical internal and external-facing functions in local and global contexts, including marketing and communications, transnational education programs, international student mobility programs, Victoria University Sydney, and new ventures opportunity development.
Top of Page

Section 6 - Procedures

(17) The UIC may delegate some or all management functions of incident control - planning, intelligence/public information, operations, logistics and finance as the incident or critical incidents escalate in size or complexity.

(18) The CIT will:

  1. Seek advice from Legal Services about any statutory obligations or external reporting obligations arising from a critical incident.
  2. Ensure that stakeholders and regulatory bodies, including but not limited to, the Tertiary Education Quality Standards Agency, Work Safe Victoria and the University's insurer are notified in a timely manner and provided with appropriate information.
  3. Enlist Subject matter experts within the University to:
    1. assist with the response as required;
    2. implement any operational guidelines relating to a specific incident type, e.g. international student incidents, off-shore incidents or national/international disasters.

(19) Each nominated key decision-making member of the CIT has delegated powers for operational decisions made within the scope of their specific role. Such decisions must always place primary importance on the impact on the VU community. These decisions must also be consistent with the purpose, values and objectives of the University.

(20) Predefined members of the CIT will be trained for their roles and responsibilities. It is their responsibility to ensure staff within their business units are aware of their responsibilities. The CIT delegates will ensure the continuity of the team in a prolonged incident.

(21) In the event that an emergency or incident results in a critical incident being proclaimed (or not).

  1. If onshore, the Chief Warden and Security will manage the matter at a local level and will report to the UIC or designated person for direction.
  2. If offshore, the responsible officer will manage the matter at a local level and will escalate the matter to the relevant senior officer and the UIC or designated person for direction.

Activation of Critical Incident Management

(22) The UIC has delegated authority to declare a critical incident and to do all things necessary to manage VU’s response and recovery.

(23) The University will respond with appropriate resources arising from a critical incident. The UIC will activate the emergency operations centre as required, convene regular briefings as required for key senior officers and key subject matter experts. Quick and effective control measures through communication with key stakeholders and the community are required to mitigate against such damage.

(24) The University will maintain a central point from which all critical incidents can be commanded, controlled and coordinated in order to support teams during response and recovery activities. The CIT will identify alternative locations for emergency response operations in the event that the dedicated Emergency Operations Centre is rendered unusable or unsafe.

(25) Any critical incident should be reported and managed through standard procedures via People and Culture for staff matters and safety and triage team for critical incidents relating to students in consultation with University Security. 

  1. Support services available include but not limited to informing supervisors or academics, student counselling, safer community, welfare, employee assistance program and Police.

(26) All critical incidents that immediately threaten people, assets or University operations must be reported to the University's Security Services who will notify the University Incident, Controller or nominee.

  1. Reporting of critical incidents via Quick Safe  aims to achieve timely risk assessment and intervention in the line of supervision extending from students or staff to academics or supervisor through to Senior Executive Group.

(27) The UIC has full discretion over the assigned level of response activated.

  1. Minor incident, with or without any disruption to critical business service/process: this will be managed and dealt with at the local level. For example (but not limited to):
    1. Minor injury during a lecture or staff meeting
  2. Moderate disruption to critical business service/process: the CIT is notified and a response as required. For example (but not limited to):
    1. Equipment malfunction
    2. Email being compromised
    3. Mental health concerns
  3. Major disruption to critical business service/process: CIT involvement is mandatory. For example (but not limited to):
    1. Loss of a University building
    2. Loss of University staff due to pandemic (see Pandemic Influenza Preparedness Framework)
    3. Major Cyber Attack or indiscriminate acts of Violence

(28) The UIC or nominee will coordinate a post-incident operational debrief (within 10 University business days of the incident) to review actions and to ensure lessons learnt are adopted to ensure continuous improvement.

Statements to the media or public

(29) As soon as possible the UIC will liaise with the Communications Team, prepare a critical incident communication plan.

(30) The critical incident communication plan may include but not limited to:

  1. Media update
  2. Communications to staff and students
  3. Liaison with the emergency service media personnel or other regulatory bodies
  4. Maintaining documentation for University’s records.

(31) The Vice-Chancellor or delegate may speak for the University in commenting on matters associated with a critical incident. The Vice-Chancellor may authorise members of the CIT or other officers to issue statements to the media.

Business Continuity

(32) Implementation of an appropriate business continuity response is the responsibility of the relevant delegated officer/s and the relevant most senior officer for that area will liaise with the UIC as required.

(33) Relevant senior officers will be responsible for improving the resilience of their respective areas. This includes ensuring that business as usual operations are fit for purpose and able to cope with a range of disruptions. Contingent to after-hours or before-hours contact arrangements provides additional capability and guidance on approved and adaptive courses of action to be initiated during a disruptive incident (Resilience in Crisis).

Emergency Control Organisation Structure

(34) The University's Emergency Control Organisation has been established in accordance with Australian Standard AS 3745 'Planning for Emergencies in Facilities' and provides members with guidance to the planning for, and management of emergency and critical incident situations across all University Premises.

(35) If an emergency is declared, the campus-based emergency structure will implement an appropriate response to emergency situations in accordance with the Site Emergency Response Plan. In the event that the campus emergency generates into a critical incident, the Emergency Control Organisation hierarchy will come into effect and the CIT will manage the critical incident at the local level, liaising with the Emergency Control Organisation.

(36) During an Emergency or emergency exercise, pending the arrival of the Emergency Services, Emergency Control Organisation personnel shall have absolute authority to issue instructions to evacuate all persons from buildings and/or other areas of the University's Premises.

Records

(37) The UIC or delegated person will ensure records are maintained detailing communications, decisions and actions of the CIT for documentation of the University’s response. Each member of the CIT is responsible for ensuring that similar documentation is developed and maintained for their respective portfolios.

(38) VU will take reasonable steps to ensure that the information it handles is protected from misuse, loss, unauthorised access, modification and disclosure. VU's requirements in relation to information technology security are set out in the Information Security Policy, the Records Management Policy and relevant associated procedures.

Top of Page

Section 7 - Guidelines

(39) Nil.