(1) The Critical Incident Management Policy provides guidance for ACU to plan for, respond to and manage Events, Incidents and Critical Incidents from a personnel, hazard identification, and risk management perspective. (2) It ensures the University meets its legislative and duty of care obligations in providing the highest possible standard of health and safety to its staff, students, contractors, volunteers and visitors. (3) The terms ‘Event’, ‘Incident’ and ‘Critical Incident’ are used to define categories and levels of issues or disruptions and their associated response and management. For the purposes of this Policy, the term Critical Incident Management refers to all three levels (Event, Incident and Critical Incident) unless otherwise specified. (4) This Policy and Critical Incident Management Procedure inform parts of ACU’s Business Resilience Program. (5) This Policy applies to staff, students, contractors, volunteers and visitors while they are participating in university-related activities, both on and off campus, within Australia or overseas. (6) No part of this Policy overrides the Code of Conduct for Staff or the Student Conduct Policy. (7) This Policy applies to ACU and is subject to all applicable laws, regulations and codes. (8) The Policy and its related procedures demonstrate ACU’s commitment to: (9) The Vice-Chancellor and President is the Approval Authority for this Policy. (10) The Chief Operating Officer, as Governing Authority, will raise awareness of this Policy and Critical Incident Management Procedure to ensure that all staff, students, contractors, volunteers and visitors comply with their requirements. (11) The Deputy Chief Operating Officer and Director, Campus Leadership, as Responsible Officer, is responsible for the establishment, operation and review of the Policy and Critical Incident Management Procedure. (12) The Director, Student Experience, Director, Student Administration and the Chief People Officer will ensure students and staff receive information about this Policy and related procedures as part of their induction or orientation to the University. All staff who support the University’s business continuity and recovery processes are required to familiarise themselves with this Policy and Critical Incident Management Procedure. (13) The following criteria apply to the categorisation of Events, Incidents and Critical Incidents. (14) Due to the broad definition of what comprises a Critical Incident, ACU has adopted the following coding of incidents to increase its response preparedness and effectiveness. (Refer also to the Incident and Critical Incident Codes for a visual code colour representation). (15) Incidents are allocated to one of the Incident Convenors based on five categories - Students, Staff, Physical, Virtual, and Reputation. (16) The Critical Incident Convener and each Incident Convener must nominate one proxy to act as Convener on their behalf. (17) A new Incident Response Group is formed by the Incident Convener for the management of each Incident. Incident Conveners can select and approve any ACU staff for inclusion in an Incident Response Group. Staff are selected based on the Incident type, colour code and campus, to provide expertise and resources to support the Incident Convener during the management of an Incident. (18) For the purposes of oversight and communication, the Critical Incident Convener and the five Incident Conveners are members of each Incident Response Group. (19) Representatives from Ask ACU Operations, Service Central and Facilities Management must be kept informed of decisions so that they can prepare for queries and provide a response that is consistent with the organisational message coordinated by the Incident Convenor (Reputation). (20) The procedures accompanying this policy provide further guidance on organisational staff positions that may inform an Incident Response Group. (21) The Chief Operating Officer is the Critical Incident Convenor and can declare a Critical Incident at their discretion and activate the Critical Incident Response Group (CIRG) if required. (22) The CIRG includes the Incident Conveners and other officers of the University who can provide their expertise, resources and support to the Critical Incident Convener while managing a Critical Incident. (23) Events (Level 1) are managed by local responsible frontline staff and supervisors including, but not limited to, staff from National Security Centre, campus facilities, fire wardens, first aid officers, Student Accommodation, Campus Ministry, Service Central, Ask ACU Operations, Student Experience. (24) The Event is either resolved or escalated to an Incident and the National Security Centre is notified. (25) Incidents (Level 2) are managed by one of the five Incident Convenors (Students, Staff, Physical, Virtual, Reputation). (26) The National Security Centre notifies the five Incident Convenors and the Critical Incident Convenor. The Incident is allocated to one of the five Incident Convenors who also determines the Incident Colour Code, campus location and Incident Response Group members. (27) The Incident is either resolved or escalated to a Critical Incident. (28) The Critical Incident Management Procedure that accompany this Policy provide further details on the incident management process, refer to the Event, Incident and Critical Incident Response Flowchart for a visual representation of the incident management workflow. (29) Critical Incidents (Level 3) are managed by the Critical Incident Convener in conjunction with the Incident Conveners and the CIRG. (30) The Critical Incident Convenor and the CIRG provide regular updates on the management of, and response to, the Critical Incident to the Vice-Chancellor and President and members of the Vice-Chancellor's Advisory Committee, ACU staff and students, the Chancellor, members of Senate and external regulatory bodies, as required. (31) Any incident involving the unexpected death of a staff or student on campus, in student accommodation or at off-campus, University-related activities will be immediately classified as Critical and managed by the Critical Incident Convenor or their proxy. (32) ACU’s Business Continuity and Business Impact Assessment information is utilised in the management of a Critical Incident. (33) Incident Convenors should communicate regularly with their Incident Response Group and hold work-in-progress or briefing meetings during the management of an Incident. During these meetings, communications to external or other stakeholders should be discussed and managed. (34) All communication to staff, students, contractors, volunteers or visitors concerning an Incident or a Critical Incident will be coordinated by the Incident Convenor (Reputation), who is the Chief Marketing Officer, in consultation with the Critical Incident Convenor. Ask ACU Operations, Service Central and Facilities Management are informed so that they can prepare for queries and provide a response to staff and students that is consistent with the organisational message coordinated by the Incident Convenor (Reputation). (35) Such communication should be sent first and foremost by the Critical Incident Convenor, however, staff designated as ‘Incident Convenor’ or ‘Critical Incident Convenor’, their designated proxies and those additionally listed below, are authorised within the ACU Email Distribution List Policy to send to all Dynamic Distribution Lists for the purposes of communication information regarding a major university disruption. (36) Incident Convenors should consult the Privacy Officer to ensure that any disclosure of personal information associated with an Incident or Critical Incident is managed in accordance with the Privacy Policy and Privacy Inquiry and Complaints Procedure and Third Party Access to Personal Information Protocol. (37) Any external and/or third-party requests for personal information or access to ACU property must be directed to the Privacy Coordinator for the purpose of providing advice to the Privacy Officer concerning the release of personal information. (38) In the event of an Incident or Critical Incident ACU campuses remain open and staff are to stay at work until advice is received only from the Critical Incident Convenor. (39) The decision to close a campus is made when it is requested by State or Federal Government authorities, or decided by the Critical Incident Convenor to be necessary in the best interests of the campus, students and staff. (40) A Post Incident Review (PIR) report should be delivered to Incident Convenors and the Critical Incident Convenor at the next Critical Incident Management meeting. (41) The Post Incident Review (PIR) report should be completed by the Convener who managed the Incident (or a designated member of their response team) and should: (42) Business continuity is the management of the priorities, recovery procedures, responsibilities and resources that support the University and each individual business unit in managing recovery from a business disruption. (43) In the event of a major Incident or Critical Incident, the University can implement business continuity and recovery management measures in addition to the Critical Incident processes identified in this policy and its accompanying procedures. (44) Business resilience resources include: (45) This Policy and Critical Incident Management Procedure will be regularly reviewed to ensure they: (46) ACU may conduct scenario exercises to: (47) Please contact the Office of the Deputy Chief Operating Officer for any proposed changes or amendments.Critical Incident Management Policy
Section 1 - Purpose
Section 2 - Scope/Application
Top of PageSection 3 - Roles and Responsibilities
Approval Authority
Governing Authority
Responsible Officer
Other relevant stakeholders
Section 4 - Categories and Codes
Events, Incidents and Critical Incidents Assessment Categories
Incident and Critical Incident Codes
Top of Page
Section 5 - Responsible Staff
Incident Convenors
Incident Response Group
Critical Incident Convener and Response Group
Section 6 - Activation and Management
Event
Incident
Critical Incident
Section 7 - Communication
Top of PageSection 8 - Privacy
Section 9 - Campus and Service Closure
Section 10 - Post Incident Report
Top of Page
Section 11 - Business Continuity and Resilience
Top of PageSection 12 - Review
Top of PageSection 13 - Further Assistance
View Document
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.
Level
Type
Criteria / Description
Managed by
Level 1
Event
An Event is a localised, minor issue that can be managed with local services and does not affect the ongoing viability of the organisation.
It is unlikely to escalate in severity but still requires response and management by local ACU personnel using appropriate processes and procedures.
Can impact staff, students, contractors, visitors, volunteers, the ACU community and the public.
Has minimal impact on University, personnel or property.
May include minor illness or a wound.
Likely response less than 1 hour.
Local responsible frontline staff and supervisors
Level 2
Incident
An Incident is a moderate issue that can interrupt business processes sufficiently to threaten the viability of the organisation or the welfare of an individual or individuals.
It could escalate unless it is responded to by ACU personnel using operating and incident response procedures.
Can impact staff, students, contractors, visitors, volunteers, the ACU community and the public.
Can result in people being injured, or there is potential of more severe injury (including threats of self-harm).
May require one or multiple emergency services.
Likely to affect one building or campus (but may be more).
May require coordination and evacuation of personnel.
Multiple IT / business systems may be affected.
May require management of key stakeholders.
Could escalate to involve media exposure at the local or state level.
Likely response up to or over 4 hours.
Incident Convenors
Incident Response Group
Level 3
Critical Incident
A Critical Incident is any emergency or adverse situation that will or may have the potential to significantly impact the University’s business viability, threaten the lives of employees or others, and jeopardise ACU’s reputation.
It requires a significant response and ongoing management including implementation of incident recovery processes and business continuity and recovery plans.
Large scale impact on University.
Critical services impacted.
May involve complete campus evacuations or lockdowns.
Requires strategic management of key stakeholders.
Likely to attract local, national or international media coverage.
Likely response more than 4 hours.
Critical Incident Convenor
Colour Code
Type of Incident or Critical Incident
Examples of Threats and Risks
Yellow
Internal Incident
Biological or chemical hazard
Construction accident
Critical equipment failure
Gas leak
Failure of essential services/utilities (non-IT)
Industrial action
Sabotage of building
Structural damage
Theft, fraud, malice
Water damage
White
IT / Business systems
Cyber attack
Data / records / privacy / personal information - loss or breach
Business system failure
IT equipment failure
IT software failure
Red
Fire / Smoke
Visible smoke (not smoke alarm activation)
Fire
Explosion
Purple
Bomb threat
Bomb threat
Suspicious item
Blue
Medical emergency / threat
Medical Emergency
Poisoning
EpiPen use
Asbestos exposure
Pandemic diseases / Pandemic with public or emergency orders
Shock
Black
Personal Threat
Active Shooter
Assault
Robbery / Burglary
Kidnapping
Missing students / staff
Death staff / student
Serious assault
Self-harm, attempted
Suicide
Siege
Violent behaviour
Terrorism
Privacy
Green
Sexual assault / sexual harassment
Sexual assault
Sexual harassment
Safeguarding matter
Family & domestic violence
Orange
Building evacuation
Building evacuation
Brown
External
External party impact
Natural disasters - earthquake / flooding / bushfire
Severe weather and storms
Regulatory investigation or action
Off-campus incident
Partner failure
Public disorder
Reputation
Supplier failure
Third party negligence
Transport accident
Financial threat
Incident Convenors and categories
Students
Director, Student Administration
Staff
Chief People Officer
Physical
Director, Properties and Facilities
Virtual
Chief Information and Digital Officer
Reputation
Chief Marketing Officer
Critical Incident Convenor
Chief Operating Officer