1. Purpose of policy
The purpose of this policy is to plan for, respond to and manage incidents that impact the University and members of the University community. The Incident Management – Governing Policy and supporting procedures are part of the University's broader protection, resilience, and sustainability system.1 The purpose of this suite of documents is to identify and respond to significant incidents, mitigate the loss of University assets and operations, protect the University’s reputation, reduce the impact on our people, the community and the environment and return to business-as-usual as soon as practical.
Under this policy, all areas of the University are required to have adequate response plans and procedures in place that are relevant for their operational areas and consistent with the Incident Management – Governing Policy and procedures.
2. Policy scope and application
This policy is designed for the management of all incidents that have impacted upon or the potential to impact on the University Community, services and operations, property and the environment. These incidents include both physical actions or hazards and other forms which may cause major reputational damage or loss of University functions or operations. It applies to all USC campuses.
This policy also applies to USC staff and/or students who are hosted at sites operated by Third-Party Providers, visiting other Third-Party Sites and on study tours or work placements.
Sites hosting USC staff and/or students which are operated by Third-Party Providers must have appropriate and effective incident management policies and procedures in place.
Please refer to the University’s Glossary of Terms for policies and procedures. Terms and definitions identified below are specific to these procedures and are critical to its effectiveness:
Australasian Inter-Service Incident Management System (AIIMS) – a national system used by all emergency agencies and first responders when organising the managing of a disaster or emergency by function.
Campus – means any campus or site owned or operated by USC.
Comprehensive approach – a risk based systematic approach in managing incidents and emergency events which confront a community. The phases of prevention preparedness response and recovery (PPRR) are not necessarily sequential but comprehensively cover all aspects of planning, collaboration and resource allocation.
Emergency Planning Committee (EPC) – The EPC is established to ensure all applicable legislative requirements are met and sufficient resources (time, finance, equipment and personnel) are provided to enable the development and implementation of emergency (incident) plans in a multi-campus environment. This is a requirement of Australian Standard 3745-2010, Planning for emergencies in facilities. The EPC has broader planning responsibilities under USC’s protection, resilience and sustainability system.
Emergency Control Team – An Incident Response Team that is established in the event of an emergency requiring an immediate response is also known as the Emergency Control Team.
Incident: An incident is an issue that requires a response. An incident may impact on any area of University activity. An incident that is not considered to be significant has a Risk Rating of either insignificant or minor, has a localised containable impact and is unlikely to escalate in severity but requires response and management as part of ongoing business-as-usual.
Incident Response Team (IRT) – A team of specialists that is mobilised to assess and respond to a significant incident that has occurred. An IRT is established with each significant incident which is defined within this policy and its composition will depend on the type of incident requiring action. An IRT that has been established to respond to an emergency is also known as the Emergency Control Team.
Key Management Personnel (KMP) – people with the authority and responsibility for planning, directing and controlling the activities of the University, directly or indirectly, including any director (whether executive or otherwise) of that entity.
Risk Rating – Risk ratings provide a consistent scale for measuring incident severity through the following classifications: insignificant, minor, moderate, major or catastrophic.
Significant Incident – An incident that has a Risk Rating of moderate, major or catastrophic (with an extreme or high-risk rating) under the University’s Risk Management Framework. It requires a focused and concerted response and ongoing management by the Cost Centre Manager in conjunction with the IRT.
Third-Party Providers – Organisations contracted by USC to provider services on its behalf (e.g. Australian Technical and Management College and cloud service providers).
Third-Party Sites – Sites that USC staff or students visit other than USC campuses and Third-Party Providers. This includes sites where staff and students are on work placements or study tours.
University Community – relates to USC students, staff and other stakeholders engaging with the University, including visitors, contractors and volunteers.
4. Policy Statement
USC is vulnerable to a range of events from those with a period of warning to others that occur abruptly. All such incidents are to be assessed according to their Risk Rating which is determined under the principles in USC’s Risk Management Framework. The University will develop and implement systems and processes for appropriate and effective management of incidents. The University will develop these systems and processes in line with State and Federal protocols, relevant standards and legislative requirements.
The University will comply with its reporting and notification requirements in the event of any breaches of relevant legislation, standards or guidelines. This includes but is not limited to privacy requirements, crime and corruption, environmental and health, ethical conduct and student obligations. The University will also comply with its obligations from an insurance reporting perspective.
5. Incident Management Framework
5.1. Emergency planning
The University will establish an EPC which will ensure that site specific emergency plans and procedures are established covering all campus locations. These plans and procedures will be overseen centrally by Asset Management Services to ensure they are consistent and meet the broad requirements of the University. Where relevant, individual campuses will manage their site-specific procedures that are relevant to their operations.
Emergency Plans and Procedures are to be regularly communicated to staff, students and visitors across each campus so that in the event that an incident requires a response, appropriate procedures can be followed.
5.2. Completion of an incident report
Information must be reported and captured for all types of incidents. All health and safety incidents are to be reported to the relevant supervisor immediately and an incident report is to be submitted to Health, Safety and Wellbeing (HSW). If other areas of the University are impacted by an incident, then a copy of the report must be provided as soon as practicable to this area. Confidentiality must be maintained where appropriate. When an incident involves a student, the Director, Student Services and Engagement is informed and provided with a copy of the report. For other types of incidents, these should be reported to the relevant operational area who will follow university escalation and reporting protocols.
5.3. Incident risk assessment
Any incident that occurs is to be evaluated as soon as practicable as to its severity and an appropriate response put in place. Incidents are to be classified as catastrophic, major, moderate, minor or insignificant. The assessment of incidents is to be undertaken by the operational area where the incident occurred or has responsibility for the person(s) involved in the incident. The assessment is made with reference to the consequence tables under the Risk Management Framework.2 A scalable response will be implemented, depending on the nature and severity of the incident.
5.4. Escalated responses and structures
Incidents that are not determined to be significant are to be managed by the respective areas as part of business-as-usual processes.
All significant incidents must be managed by an IRT, unless it is deemed that an alternative management approach is more appropriate, such as in the case when the incident is confidential or sensitive in nature or where an assessment has been made than at IRT is not required. The decision to manage the significant incident under an alternative management approach will be made by the Director, Asset Management Services in consultation with the relevant operational area. For student related incidents, the Pro Vice-Chancellor (Students) must be consulted on the management approach. When an incident has been classified as minor, but impacts multiple areas across the University, it may also be appropriate for an IRT to be established that has representation from all impacted areas. The Director, Asset Management Services is to take the lead on establishing and managing an incident through an IRT, however may choose to appoint another area to lead the IRT if this is appropriate. For significant incidents that are emergencies requiring an immediate and coordinated response, the IRT will also become the Emergency Control Team.
The IRT leader is to involve all impacted areas of the University in the management of, and response to the significant incident.
5.5. Incident Management Response Activation
In the event of a significant incident requiring activation of an IRT, the Director, Asset Management Services will inform the relevant Executive Member/s of the incident before convening an IRT. The Vice Chancellor and President is to be informed via the relevant USC Executive Member (or delegate). The Director, Asset Management Services will mobilise resources which will be specifically created for the management of the significant incident that has occurred. These resources will form an IRT specifically created for the management of the significant incident that has occurred.
For significant large-scale incidents affecting the region and extending beyond the USC facility boundary, The Director, Asset Management Services in managing a large-scale incident may choose to adopt the AIIMS control system in the planning, response and recovery stage of an incident.
5.6. International students on USC campuses
The Education Services for Overseas Students Act 2000 (ESOS Act) sets out the legal framework governing delivery of education to international students in Australia on a student visa. USC is to comply, specifically with Standards 6.8-6.9 of the National Code of Practice for Providers of Education and Training to Overseas Students 2018.
5.7. Incidents impacting USC staff, students and contractors when located off campus
To ensure there is consistency with USC’s policies and procedures, Asset Management Services is responsible for reviewing incident management and emergency management policies and procedures for facilities of Third-Party Providers prior to entering into an agreement and when there are material changes.
Students and staff involved in an incident occurring domestically at a Third-Party Provider or a Third-Party Site are to follow the incident management procedures of the Provider as appropriate. In the event of an off-campus incident, an incident report is required to be submitted that is relevant for the organisation where the incident occurred. A USC specific incident report is also required to be completed, or a copy of the Third-Party report provided to USC.
In the event that a significant incident occurs involving a staff or student at a Third-Party Provider or on a Third- Party Site, an IRT is to be established so the incident can be managed appropriately.
Students and staff involved in an incident occurring domestically or internally while undertaking placements, study tours and University research are to report any incident that has occurred and follow USC specific policies and procedures.
5.8. Offshore Incidents.
For incidents that occur offshore involving USC staff or students, the approach is collaborative in nature with the nearest consular, foreign government agency or host country organisation being responsible for managing events in their area, as well as any contracted provider. Students and staff involved in an incident occurring offshore are to follow the incident management procedures of the organisation where they are based and complete an incident report that is relevant to that organisation. A USC incident report is also required to be completed. Departments and Faculties are responsible for undertaking risk assessments prior to international travel and for maintaining emergency contact details as part of the pre-departure packages.
5.9 Review of response to significant incidents.
Following the completion of a response to a significant incident, a review is to be undertaken to determine the effectiveness of the response and any improvements that can be made going forward.
The Director of Marketing and External Engagement and USC Strategic Communications are to be notified of every significant incident and to assess whether direct action is needed. The Director, Marketing and External Engagement will be a member of the IRT as appropriate and will have responsibility for an Incident Management Communication Action Plan.
7. Recording, Reporting and Statistics
All incidents are to be maintained in an approved record keeping system where appropriate.
External reporting obligations will be undertaken in compliance with legislation, standards or guidelines that are relevant to the particular incident that has occurred. Internally, significant incidents are to be reported to the Risk Management Committee, the Executive and University Committees as appropriate, with confidential incidents confined to key personnel (Vice Chancellor and President, Director Asset Management Services, the Chief Operating Officer and selected individuals based on the nature and type of incident that has occurred).
8. Training and Emergency Exercises
The EPC will ensure that emergency management personnel have the resources for, and are appropriately trained. The USC emergency response capability will be tested in desktop and field exercises every two years.
The following authorities/responsibilities are delegated under this policy:
The protection, resilience and sustainability system is a set of policies, procedures and plans across incident management and business continuity management.
2 Significant incidents involving staff, students or visitors include death, attempted suicide, serious injury, life-threatening illness and drug or alcohol overdose, sexual and/or physical assault, domestic violence, or crime related incidents, missing students, serious threats of violence, mental health issues impacting on safety of self and others and arrest or detention.
Emergency contact numbers:
Campus Emergency: +61 7 5430 1122
Police, Fire, Ambulance: 000