Critical Incident and Business Continuity Plan...The Critical Incident and Business Continuity Plan...

Head Office & Campus Address:

Level 4, 303 Collins Street

Melbourne VIC 3000

Phone: +61 3 8648 6610

Email: [email protected]

Website: www.lyons.edu.au

CRICOS Provider No: 03578M

RTO Provider No: 21986

Critical Incident and Business Continuity Plan

Critical Incidents and Business Continuity Plan of 25

Coleraine Share Trading Pty Ltd t/a Lyons College RTO Code: 21986 CRICOS No: 03578M

Level 4, 303 Collins Street, Melbourne, VIC 3000 Ph: +61 3 8648 6610 Email: [email protected]

Background

Lyons College recognises the importance of sustained, uninterrupted delivery of quality education and considers

this to be one of its highest priority. This plan should also be read in conjunction with the following policies:

Critical Incidents and Business Continuity Policy, Health and Safety Policy and Student Welfare Policy

The Risk Management Policy, Framework and Risk Register capture risks that need ongoing monitoring in

order to take action before they have a negative impact on strategic and operational goals and outcomes.

Business continuity planning (sometimes referred to as business continuity and resiliency planning) leverages

processes and systems of prevention as a basis for recovery strategy to identify and deal with potential threats

to the interruption of delivery in the short, medium and long term. In this manner it supports the overall Risk

Management Framework within the College and provides the means to support the continued operations of

Lyons College, even in the event of severe disruption.

Purpose

The Critical Incident and Business Continuity Plan will serve the following purposes:

1. Identification of Lyons College’s essential operations

2. Identification of risks that may impact the College’s ability to continue its essential operations

3. Establishment of the means to prevent the occurrence of identified risks to essential operations

4. Establishment of recovery processes in the event that risks impacting essential operations eventuate

For risk management of non-essential operations refer to Risk management framework and risk register.

Management Team and Directors The management team are responsible for disaster recovery and management of critical incidents. The table

below provides the contact details of the management team. All Directors will be kept up-to-date regarding the

progress of the disaster recovery work and management of critical incidents (the contact details of the Directors

are also provided in the table below).

Name Role Email Phone Notes

Management team

Michelle Lac CEO and Company

Secretary

[email protected] 0403 576 929 Primary contact

Rukesh Sadhai COO [email protected] 0419 799 920 Second in charge

(backup to

primary contact)

Dr Julian Lippi Higher Education

Manager

[email protected] 0419 885 650 Third in charge

Gary Bajaj Finance Manager [email protected] 0418 920 972 Fourth in charge

Raman Singh IT Manager [email protected] 0469 798 278 Fifth in charge

Directors

Duncan

MacCallum

Chair [email protected] 0435 659 996 Keep up-to-date

Graham Lanphier Deputy Chair [email protected] 0407 445 499

Professor Archie

Johnston

Non-Executive

Director

[email protected] 0435 659 996

mailto:[email protected]




Essential Operations

The essential operations of Lyons College, the resources supporting these and the staff responsible for managing

these are defined in the following table. The essential operations are categorised into three broad categories: 1)

academic; 2) administrative/regulatory; and 3) business/finance. The administrative/regulatory and

business/finance operations of the College are in place to sustain and develop the College’s academic operations.

These essential operations are further detailed in the next section below.

Essential College

Operation

Resources supporting essential College

Operations

Responsibility

Academic

1. Course delivery • Academic staff

• Education material

• Education spaces

• Administrative services/facilities

• Student engagement and support

• Higher Education manager

• VET manager

• Teaching staff

• Academic Board

• Learning and Teaching

Committee

• IT Staff

• CEO

• COO

2. Library services • Offline and online library resources

• Library spaces

• Library staff

• Librarian

• COO

• IT Manager

3. ICT resources and

services • IT infrastructure and availability

• IT services, facilities, support

Also refer to ICT Plan.

• IT Manager

• COO

Administrative/Regulatory

4. Staff and Student

services • Staff administrative services (including staff

superannuation, payment, etc.)

• Student administrative services (including

enrolment, student welfare services, etc.)

• Finance Manager

• Administration Staff

• COO

• CEO

5. College policies

and External

regulations

• External legal services

• External financial services

• Higher Education manager

• VET manager

• Risk and Compliance Manager

• COO

• CEO

• Board of Directors

• Academic Board

Business/Finance

6. Financial solvency • Internal financial management

• External financial services

• Finance Manager

• COO

• CEO

• Board of Directors




Risk Identification and Management

The framework for Risk Identification is outlined in the Risk Management Framework along with details of the

purpose and structure of the Risk Register. The Risk Management Framework describes that the Risk Register

is designed to identify Higher Education and Vocational Education risk, its impact, likelihood consequences

and mitigation/recovery strategy and also identifies whether these risks directly challenge the overall strategy

plan, business continuity or regulatory threshold standards critical to both initial and ongoing registration and

accreditation, without which Lyons College does not have licence to operate. This document will therefore be

aligned and adapted to suit the different dimensions of the overall Risk Management Framework on an ongoing

basis.

Recovery of Essential Operations

This Plan is primarily concerned with ensuring that the essential operations of Lyons College are not severely

disrupted and therefore it is necessary to establish the priority and means of recovering from incapacitation of

essential operations, as shown in the tables below.

The following outlines the priority of recovery efforts to restore essential operations. The next section provides

critical incident scenarios, including the recovery and mitigation actions to minimise the impact on essential

operations and to recover from the incapacitation of the College’s essential operations as quickly as possible.

Academic Operations

In the event of severe disruption of operations at Lyons College, reinstatement of academic operations,

especially course delivery, will take priority over all other operations.

Course delivery Essential

operations 1

Disruption to course delivery

No power on campus at Level 4, 303 Collins Street Melbourne and/or Course

delivery cannot be recommenced for a long period of time

Recovery actions • If there are severe disruptions to the delivery of a course, all efforts will be

made to recommence the course as early as possible.

• If a course cannot be recommenced, students will be allowed to transfer into

appropriate alternate courses and the Course Teach-Out Policy will be

implemented.

Mitigation action Refer Critical Incidents and Business Continuity Policy, Health and Safety Policy,

Student Welfare Policy and Course Teach-Out Policy

Primary

responsibility

Higher Education Manager, VET Manager, CEO, COO

Library services Essential

operations 2

Disruption to library services

No access to the Lyons College library

Recovery actions When library services are unavailable to students, alternative academic resources

must be provided for students whilst services are being restored. These resources

will include:

• Online databases accessible outside of the College’s campus

• Libraries at partner Colleges/Universities

• Public libraries

Mitigation action Refer Library plan and Critical Incidents and Business Continuity Policy

Primary

responsibility

Librarian, COO




ICT resources and services Essential

operations 3

Disruption to ICT resources and services

In the case that Information Technology resources are disrupted at the College, the

IT services necessary for educational purposes must be reinstated first.

Recovery actions Refer to Management of Critical incidents section below

Mitigation action Refer ICT plan and Critical Incidents and Business Continuity Policy

Primary

responsibility

IT Manager, COO

Administrative/Regulatory

Staff and student services Essential

operations 4

Disruption to staff and/or student services

If staff and student services are severely disrupted, the services necessary for staff to

deliver courses and for students to recommence courses must be reinstated first.


Mitigation action Refer Critical Incidents and Business Continuity Policy, Health and Safety Policy,

Student Welfare Policy

Primary

responsibility

Finance Manager, Administration Staff, COO, CEO

College policies and regulations Essential

operations 5

Breach of Lyons College’s policies or external regulatory requirements

In the event that Lyons College experiences a breach in the College’s policies or

external regulatory requirements, all efforts will be made to address the breach as

soon as possible with internal expertise and drawing on external expertise as

required.


Mitigation action The Executive Management team, Audit and Risk Committee and Board of

Directors monitor the College’s compliance to its policies and external regulatory

requirements on a regular basis to mitigate the risk and impact of breaches to the

College’s policies or external regulatory requirements.

Primary

responsibility

Risk and Compliance Manager, Higher Education and VET Manager, COO, CEO,

Board of Directors, Academic Board

Business Operations Financial Solvency

Essential

operations 6

Breach of Lyons College’s policies or external regulatory requirements

In the event that Lyons College experiences severe liquidity/financing issues, all

efforts will be made to sustain course delivery.

Recovery actions Utilise the contingency funds held by the College.

Mitigation action The Executive Management team, Audit and Risk Committee and Board of

Directors monitor the College’s financials on a regular basis, including the

contingency funds available to the College to mitigate financial solvency issues.

Primary

responsibility

Finance Manager, COO, CEO




Critical Incident Scenarios

The tables below provide critical incident scenarios, including the recovery and mitigation actions to minimise

the impact on essential operations and to recover from the incapacitation of the College’s essential operations

as quickly as possible. Appendix 3 provides the scenarios with points for discussion for staff awareness and

training purposes.

Scenario 1 Power cut (lack of infrastructure)

No power on campus at Level 4, 303 Collins Street Melbourne

Recovery actions • Switch over to Un-interrupted power supply (UPS) as required

• Determine cause and potential timing of outage

• Notify all staff and students immediately

• Determine if a switch to hold classes off campus is required and

communicate to staff and students accordingly

Mitigation action • UPS in place

• Agreement in place to use the facilities of Milestones English Academy

(Level 11, 190 Queen Street, Melbourne Victoria) as required

Primary

responsibility

CEO, COO, IT Manager

Scenario 2 IT/Computer damage (lack of infrastructure)

All computers on campus are damaged

Recovery actions • Determine cause and potential timing of outage




Mitigation action • A number of computers are stored off campus and will be made available

to staff and students as required.

• Mobile phones will be acquired and made available to staff and students

as required

• Agreement in place to use the facilities of Milestones English Academy


Primary

responsibility


Scenario 3 Fire at Lyons College premises (lack of access)

The campus at Level 4, 303 Collins Street Melbourne is not accessible due to

fire

Recovery actions • Notify all staff and students immediately

• Determine potential timing of addressing the fire damage and when the

campus will be available again



Mitigation action Agreement in place to use the facilities of Milestones English Academy


Primary

responsibility





Scenario 4 Loss of staff & students due to illness (lack of people)

Key staff unavailable due to sickness and/or large number of students sick

Recovery actions • Determine severity of sickness impacting staff and/or students

• Notify all staff and students about the impact and actions that are required to

prevent sickness from spreading

• Determine if a switch to hold classes off campus is required and communicate

to staff and students accordingly

Mitigation action • Cross training of staff to ensure staff can cover for each other in case of sickness

• Communicating to staff and students regarding relevant illnesses that may be

preventable or managed

Primary

responsibility

CEO, COO, IT Manager, Higher Education Manager

Scenario 5 Cyber-attack (lack of infrastructure)

Lyons College’s ICT not available to staff and/or students

Recovery actions • Determine cause and potential impact of cyber attack


Mitigation action • Communicating to staff and students regarding the impact of cyber-attacks and

any actions they can take to potentially prevent such attacks

• Agreement in place to use the facilities of Milestones English Academy (Level

11, 190 Queen Street, Melbourne Victoria) as required

Primary

responsibility

COO, IT Manager

Scenario 6 Unauthorised personnel in building (access)

People that are not Lyons College staff, students or authorised visitors are on

campus

Recovery actions • Determine cause and potential impact of unauthorized personnel on campus


Mitigation action • Communicating to staff and students regarding campus access and reporting any

suspicious personnel on campus

Primary

responsibility

Receptionist, Administration staff, COO

Scenario 7 Urban Disorder (lack of access)

People that are not Lyons College staff, students or authorised visitors are on

campus

Recovery actions • Determine cause and potential impact/severity of urban disorder on staff and

students

• Notify all staff and students immediately what the disorder is about and actions

to be taken

• Determine if a switch to hold classes off campus is required and communicate

to staff and students accordingly

Mitigation action • Communicating to staff and students regarding actions required in the case of

urban disorder

• Agreement in place to use the facilities of Milestones English Academy (Level

11, 190 Queen Street, Melbourne Victoria) as required

Primary

responsibility

COO, CEO




Management of Critical Incidents Critical incidents can arise unexpectedly that may seriously impact on the safety of staff and students and

potentially the College’s business continuity. The College recognises that effective planning, staff

awareness/training and management are the keys to success in the event of a critical incident affecting the

College. This section provides information for those with primary responsibility for the management of critical

incidents and other staff and students to respond appropriately in the event of a critical incident (not outlined in

the previous sections). Both the immediate consequences and the longer-term implications of a critical incident

will be covered, establishing the systems and processes for the College’s response to the incident, management

of the incident, recovery from the incident, and post incident review. Appendix 2 provides a summary of how

Critical Incidents are determined.

Definitions Critical Incident means an event which may cause or is likely to cause extreme physical and /or emotional

distress to staff, students and other workers or visitors to Lyons College, and which may be regarded as outside

the normal range of experience of the people affected.

A critical incident:

• may not necessarily require an initial emergency response;

• may significantly disrupt the operations of Lyons College and impact on business continuity; and/or

• may have the potential to bring Lyons College into disrepute; and/or

• may impact on several areas of Lyons College for example, student life, staff work, physical assets or

Information Technology (IT).

Examples of events which may be deemed critical incidents include

• any fatality, near fatality or incident likely to affect seriously a number of staff and/or students;

• serious traffic accidents e.g. an accident during a student field trip;

• murder or suicide involving students/staff and their family members;

• development of a Pandemic;

• fire, explosion, bomb threat;

• hold-up or attempted robbery;

• threats of violence to staff/students;

• storms/natural disasters that cause major damage;

• major failure in internal processes e.g. discovery of a significant fraudulent activity;

• interruption to utilities (e.g. electricity, water) for an extended period; and

• disruption to IT technology that impacts on the ability of Lyons College to deliver its services for an

extended period to students or for staff (Academic and General) thus impacting on work completion.

Emergency Critical Incident means those incidents which involve the possibility of immediate or imminent

threat, physical and/or emotional distress to staff, students and other visitors to Lyons College; and which may

be regarded as outside the normal range of experience of the people affected.

Non-emergency Critical Incident means those critical incidents which do not involve the need for an initial

emergency response but which nevertheless involve the possibility of threat, physical and/or emotional distress

to staff, students and other visitors to Lyons College; and which may be regarded as outside the normal range

of experience of the people affected. If you have any doubt as to whether an event is a Critical Incident advise

your Supervisor immediately.

Critical Incident Leader (CIL) means the staff member who has overall responsibility for coordinating Lyons

College’s response to the critical incident. The CIL will be a member of the CIT.

Critical Incident Phases means the various management phases of critical incidents. At Lyons College the

following critical incident phases are identified:

• Phase 1 – Immediate Response to a Critical Incident

• Phase 2 – Crisis Management during a Critical Incident




• Phase 3 – Recovery from a Critical Incident

• Phase 4 – Evaluation and Critical Incident Review.

Critical Incident Team (CIT) means the team that will be formed in the event of a critical incident to

coordinate the management of the incident. Appendix 1 provides further details of the responsibilities of the

Critical Incident Teams.

CITs may include:

• Staff Incident Team;

• Student Incident Team;

• Facilities Incident Team;

• Technology Incident Team; and

• Site Specific Incident Teams.

Critical Incident Response means the initial response to the incident. The response may be managed: (i) by an

external party e.g. the police or fire brigade, because of the nature of the incident; or, (ii) by Lyons College i.e.

internally.

Phases of a Critical Incident The tables below outline the roles, responsibilities, actions and communications with the management during

each phase of a critical incident (also see appendix 2 critical incident flow chart).

Phase 1 – Immediate response to a critical incident Role Actions and Responsibilities Communications

Individual initially

identifying the

critical incident

If the event is an emergency see Lyons College’s

Critical Incidents and Business Continuity Policy.

If the event does not present an immediate threat to the

safety or wellbeing of individuals report the event

immediately to the CEO.

• If the event is an emergency report

the incident in line with Lyons

College’s Critical Incidents and

Business Continuity Policy

• If the event is not an emergency

promptly advise the CEO

Supervisor in the

immediate vicinity

of the incident

If necessary and safe to do so put evacuation

procedures in place before contacting the Critical

Incident Leader.

Alert the relevant emergency services as required.

• Contact the CEO if this has not

already been done so by the

individual identifying the incident

• Communicate with the relevant

emergency services

• If necessary communicate the

need to evacuate to staff, students

and visitors

CEO/COO

• Promptly attend the site of the incident

• Assess the situation upon arrival at the incident

• Co-ordinate the initial response

• Assess the incident and when appropriate

officially declare the incident to be a critical

incident

• Appoint a Critical Incident Leader from the

Critical Incident Team

• Keep Directors up-to-date of the situation

• Advise/communicate with

affected area supervisors

• Communicate as necessary with

staff, students, others at scene

until management of the incident

is taken over by others

• Communicate the official

declaration of a critical incident

and the further enacting of Lyons

College’s Critical Incident and

Business Continuity policy to the

relevant stakeholders within

Lyons College and wider

community

• Announce the appointment of the

Critical Incident Leader




Phase 2 - Crisis management during a critical incident Role Actions and Responsibilities Communications

CEO/COO • Receive regular reports from the Critical

Incident Leader

• Provide timely responses to requests made from

the Critical Incident Leader or Team

• Keep Directors up-to-date of the situation

• Approve the communications

strategy and/or wording of

and/or conduct of all internal or

external communications

• Ensure those affected by the

incident are provided with

timely, accurate and factual

information as soon as

reasonable to do so

• Keep staff, students and other

stakeholders up-to-date with the

situation

Critical Incident

Leader • Manage and co-ordinate the efforts of the CIT

and Lyons College’s response to the critical

incident through to recovery phase

• Arrange the formation and initial meeting of the

CIT

• Chair meetings with the CIT

• Co-ordinate the actions of the CIT

• Gather relevant information and options from

various teams to enable accurate decision

making

• Coordinate the development of a Critical

Incident Action Plan by the CIT

• Delegate and follow up tasks and agreed actions

to ensure agreed time frames are met

• Declare when the incident has moved from a

critical phase to a recovery phase

• Maintain the Critical Incident Action Plan

• Notify the CIT that a critical

incident has occurred and of

their appointment to the Critical

Incident Team

• Notify the CIT of the venue and

timing of the initial meeting of

the CIT

• Maintain communication with

the CEO and COO as

appropriate/possible during

Phase 1

• Communicate with the CIT

• Advise the CEO when an

incident has moved from critical

phase to a recovery phase

Critical Incident

Team

(members of)

• Take and follow through on directions given by

the CIL or agreed by the CIT

• Meet as soon as directed by the CIL to discuss

the management of the incident

• Gather and ascertain the facts on: casualties; the

damages to property and equipment; the impact

on academic services, IT systems, telephones

and media

• Set the response priorities and develop Critical

Incident Action Plans

• Co-ordinate the actions of others to progress the

incident from Phase 2 to Phase 3

• Arrange for the implementation of actions

agreed to by the CIT at the operational level

• Minimize risk and damage to Lyons College’s

business continuity

• Minimize damage to ensure that appropriate

lines of communication are kept open

• Take the actions necessary and reasonable to

obtain whatever resources are reasonably

required to deal with the critical incident

whether they are human or material, internal or

external

• Maintain records that include:

o Critical Incident and Business Continuity

Policy

• Continue to report regularly on

the progress or status of actions,

tasks or duties assigned to the

CIL

• Arrange for relevant experts to

provide advice to the CEO on a

communication strategy as

required

• Arrange for relevant experts to

develop the recommended

wording for messages to go out

to affected parties by the CEO

• Maintain a log of the facts

arising from the incident

• Arrange for the initial fielding of

all media enquiries or requests

for comment to be given to the

CEO/COO




o Current membership list of the CIT and

contact details

• Details of the CIT site

Compliance Provide risk control, policy advice and assistance to

the CIL in managing the critical incident on all

phases

Arrange for communications with

relevant external parties as required

Phase 3 – Recovery from a critical incident Role Actions and Responsibilities Communications

CEO • Receive regular reports from the CIL

• Declare when a critical incident officially moves

from Phase 2 to Phase 3

• Provide timely responses to requests made from

the CIL and/or CIT

• Approve the communications

strategy and/or wording of and/or

conduct of all internal and

external communications

• Report to stakeholders on the

recovery from the critical

incident, including the Board of

Directors and the Audit and Risk

Committee

• Ensure those affected by the

recovery strategy for the incident

are provided with timely,

accurate and factual information

as soon as reasonable to do so

Critical Incident

Leader • Continue to play an oversight role during the

recovery stage from the critical incident

• Approve the critical incident recovery strategy

• Monitor and review to ensure that recovery

progresses in line with the agreed action plans

• Review and refine as necessary plans from Phase

2 and formulate a response/recovery strategy

• Develop and implement recovery plans

• Continue to implement remaining elements of the

strategy decided upon during Phase 2 of the

incident

• Implement appropriate recovery actions

Continue to report as appropriate on

the recovery process and progress in

relation to the critical incident to the

CEO

Critical Incident

Team • Continue to play an oversight role during the

recovery stage from the critical incident

• Approve the critical incident recovery strategy

• Hand over operational responsibility to assigned

people

• Monitor the recovery to ensure that it progresses in

line with the agreed action plans

Continue to report any relevant

information to the CIL

Compliance Provide risk control, policy advice and assistance to the

CIL in managing the critical incident on all phases

Arrange for communications with

relevant external parties as required

Phase 4 – Evaluation and critical incident review Role Actions and Responsibilities Communications

CEO Provide final report to Management • Review, approve and

communicate the final reports to

relevant stakeholders, including

the Board of Directors and the

Audit and Risk Committee

• Approve updates and changes to

the Business Continuity and

Critical Incidents plan and policy




Critical Incident

Leader

Prepare the consolidated report on the effectiveness of

the response to the incident. The report will also be

used by the CIT to recommend changes to the policy

and procedure if considered necessary

Provide a final report to the CEO

upon review of and reflection on the

incident

Critical Incident

Team • Post Incident Review – meet within one month of

the critical incident being designated Phase 3 to

evaluate the implementation of procedures and

responses

• Determine and recommend changes to the Critical

Incident Policy and Procedure based on review of

the incident and Lyons College’s response

• Determine what types pf debriefing sessions may

need to be held depending on circumstances and

the need.

Communicate recommendations for

change to the Critical Incident and

Business Continuity Policy to the

CIL and CEO




APPENDIX 1 – Critical Incident Teams

Every critical incident is unique and will need to be dealt with differently, according to the needs of the people

affected. Specialist teams have been identified that may be called upon to work with the CIT to provide

additional advice, guidance and updates, and to implement recovery plans in relation to their particular area of

responsibility:

➢ Staff Incident Recovery Team

➢ Student Incident Recovery Team

➢ Facilities Incident Recovery Team

➢ Technology Incident Recovery Team

➢ Site Specific Incident Recovery Team

Other specialists may be invited by the CIL to join as required, to ensure the incident is efficiently and

effectively dealt with.

2.1 RESPONSIBILITIES OF THE CITs

Responsibilities of CITs may include the following.

Staff Recovery Team:

➢ provide those affected by the incident with educational material covering common responses to

trauma and strategies for coping with these effects;

➢ monitor the need for counseling. Assess the need for additional support from outside agencies;

➢ provide advice to the CIT on response scenarios;

➢ provide and verify information from the affected area back to the CIT; and

➢ liaise with WorkCover and external agencies.

Student Recovery Team:

➢ provide educational material covering common responses to trauma and strategies for coping with

these effects;

➢ monitor the need for counseling. Consult Lyons College’s Counselling Service for assessment of the

need for counseling and for the provision of counseling services as required. Assess the need for

additional support from outside agencies;

➢ organise transport and alternative accommodation;

➢ provide advice to the CIT on response scenarios;

➢ provide and verify information from the affected area back to the CIT; and

➢ provide specific advice to the CIT in relation to international students.

Facilities Recovery Team:

➢ establish the facilities recovery strategy;

➢ liaise with Emergency Services;

➢ restrict access to affected areas;

➢ assess replacement or repair options;

➢ secure area to an acceptable level of safety;

➢ ensure power supply;




➢ coordinate cleanup of site; and

➢ engage contractors as required.

Technology Recovery Team:

➢ establish & implement a Technology Recovery Strategy and

➢ engage external ICT service provider(s) as necessary.

Site Specific Recovery Team:

➢ provide information to the CIT on site specific information and

➢ assist in the implementation of action plans at the site




APPENDIX 2 – Critical Incident Flow Chart

Incident designated a CRITICAL INCIDENT by the CEO CEO keeps the Board of Directors and Audit and Risk Committee members up-to-date regularly with the

developments of the critical incident and how it is being managed

CEO appoints the Critical Incident

Leader (CIL)

CEO and CIL determine the

composition of the Critical Incident

Team (CIT)

Individual areas deal with incident

Yes

No

CIL and CIT manage the incident in line

with the Critical Incident and Business

Continuity policy and plan

Critical Incident Leader to provide a report to Lyons College

management on the incident. The report should highlight any

suggested changes to the Business Continuity Plan

Recovery process complete and Business resumes

If at any time an incident

deteriorates and is potentially a

Critical Incident it should be

referred to the CEO

Administration staff provide assistance

to the area managing the Incident

Critical incident reported to the CEO

CIT and CIL determine if any specialists

will be involved in the management of

the Incident and recovery


Coleraine Share Trading Pty Ltd t/a Lyons College RTO Code: 21986 CRICOS No: 03578M Level 4, 303 Collins Street, Melbourne, VIC 3000 Ph: +61 3 8648 6610 Email: [email protected]

APPENDIX 3

Scenarios for staff awareness and training

1) Power cut (lack of infrastructure)

Think about this simple scenario yourself and/or talk it through with your colleagues.

Initial information

You arrive at Lyons College on Thursday morning to find out that the storm force winds overnight appear to have caused

a tree to fall across power lines, cutting off the electricity to your building. Your office/building has no power.

Points for discussion:

➢ What, if any, is the immediate impact on Lyons College?

➢ What are your initial priorities?

➢ Are there any Health and Safety issues?

Update

It is now 11.00 and power has not been restored. You have been told that although work is underway to fix the problem

as soon as possible, power is unlikely to be available today.


➢ What, if any, is the short-term impact on Lyons College operations? Students? Staff?

➢ What are our short-term priorities?

➢ What information would you now give to members of our team, where would you get this from and are all,

including out of hours contact details up-to-date?

➢ What response and/or recovery plans are you going to initiate?

Longer term implications

Finally, power was restored overnight and by midday on Friday, you are able to resume near normal activities a College,

albeit with a backlog of information to record electronically and several outstanding queries from staff, students and

prospective students. A few members of staff at the front desk are burdened with most of these but others have offered

to help.


➢ What, if any, is the long-term impact on your Lyons College?

➢ What are your long-term priorities?

➢ Are there any actions that you could take now to reduce the likelihood or impact of this happening in the future?

➢ Do our business continuity and recovery plans have all the information you required to manage this scenario?

In relation to this scenario

➢ Many buildings do not have a backup generator, so alternative working arrangements may need to be made to

keep critical functions active. Does this building have backup generator facilities?

➢ Digital phones are reliant on electricity so would not work in the event of a power cut (once any battery power

had run out).




➢ IT UPS systems are not designed to work for a long time.

➢ Home-working may be possible but the ICT connections may not be operational

➢ With so many areas affected (fire alarms, heating, technologies) the impact of a power cut would be similar to the

loss of a building.

➢ As a power failure would undoubtedly affect your current work place, you need to consider where you could work

from as an alternative i.e. Work Area Recovery site.

➢ The following technologies could be unavailable through a power cut. E.g. phone, ICT, radio base station, CCTV,

security swipe cards

➢ There may be Health and Safety issues arising from a power cut e.g. emergency lighting in stairwells is not

designed to work for a long time.

➢ There may be access issues as Lifts may not work.




2) IT/Computer damage (lack of infrastructure)


Initial information

A leaking water pipe was discovered in the early hours of this morning by security guards patrolling the building. the

leak could not be stopped before water got into several PCs. At 6am, the IT was shut down until damage could be

assessed and alternative arrangements or repairs made. It is now 9am and no email or internet access is available at your

place of work. There are no data communications available.





Update

It is 3pm and no systems are available as the machines damaged were concerned with logging into various applications.

Other machines have had to be moved to allow repairs to take place. The data blackout is complete i.e. (no internet, email

or software systems which rely on logging in over the internet). It is likely that there will be no systems for at least a week

while repairs take place and systems are restarted. The phone system is connected to the ICT and that is down as well.


➢ What, if any, is the short-term impact on Lyons College?

➢ What are your short-term priorities?





With nowhere for ICT to be relocated and no backup system capable of taking over all activities, it took two weeks for the

resumption of access to applications, email and the internet. Despite best efforts the impact was widely felt across Lyons

College and it will be a long time before the media stories about the effects dissipate..


➢ What, if any, is the long-term impact on Lyons College?





➢ In the event of such an incident, which applications and users will be prioritised for recovery?

➢ It is possible that in the event of problems accessing electronic data some critical activities may need support to

cope with a more manual style of working

➢ The website and IP phone system would also be down and it is possible that staff would be deployed elsewhere.




3) Fire at Lyons College premises (lack of access)


Initial information

It is 9.50am on a Monday morning. The fire alarm sounded at 9:20am while several staff were in kitchen area or just arriving

at their desks. Initially staff left the building and congregated outside in Collins St. Now, many staff have drifted away –

some are sitting at coffee shops, while others are huddling together watching the fire engines which arrived a few minutes

ago. There are rumours that wherever the fire is, it might be serious, and that nobody will be allowed back into the building

today.





Update

It is now 12pm. Nobody has been allowed back into the building as there is concern that there may be damage. It is

now clear that your area of the building will be out of use for up to a week while investigations are carried out.








Your team was without its regular place of work for ten days due to damage and the unavailability of a replacement part

for the fire alarm system. There was no structural damage and at no point was there a major ICT failure as critical systems

were held some distance from the fire. Some of our staff were able to work remotely, but those with this ability were not

always those who needed it most.







➢ Reminding staff about fire procedures, assembly points, evacuation routes etc. is essential.

➢ Ensure your Emergency Evacuation Plan is up to date.




➢ People with specific evacuation needs must have a Personal Emergency Evacuation Plan (PEEP). Visitors may

need a General Emergency Evacuation Plan (GEEP).

➢ People should evacuate as calmly as possible. Lifts are not to be used during a fire evacuation.

➢ Any fire marshals in your team need to have had sufficient training.

➢ Nobody must re-enter the building until the ‘all-clear’ is sounded.




4) Loss of staff & students due to illness (lack of people)


Initial information

Two weeks ago, first reports were issued in the media about a seasonal flu outbreak abroad. Now, the first case in Melbourne

has been diagnosed. Some members of your team and students are worried about their health and that of their families here

and overseas, and a few staff members are even talking about staying away from work. Others are dismissing the possibility

of large scale sickness altogether and are expecting the media hype to blow over.





Update

Twelve weeks after the first cases were reported in the Melbourne, our team is suffering a 20% reduction in staff and students.

Some of them are ill; others are caring for relatives or looking after their children following widespread school closures.

Estimates of when the worst of the effects will pass are unclear, and it is thought that staff numbers will not recover to

previous levels for at least eight weeks.








Four months later, the end of the flu epidemic is declared. Our team gets together for a regular team meeting and preparing

for a similar event is on the agenda. It is taking time to return to a ‘usual’ level of service, and a couple of members of staff

are still away having become ill more recently. One of these staff members has knowledge of a particularly important student

management system and other staff are struggling to answer queries on their behalf.







➢ You should consider if your staff with no symptoms of any such illness would continue to come to work unless

national guidance advised differently?

➢ Check what your organisations personnel procedures are for taking sick leave and compassionate leave under

these circumstances. Sorting this out now could save a lot of confusion later.




5) Cyber Attack (lack of infrastructure)


Initial Information

One of our students has called to say that when she went to check results on the Lyons College student website portal, and

an overseas agent called to complain that they couldn’t download key documents to enrol a student. Our website seemed to

have been hacked into. The usual Lyons College homepage has been replaced with a hacker’s message.





Update

Several more students and agents have now phoned in to ask if there is a problem. Our service provider has phoned to say

that, according to their system records, a new front page was posted to your web site address at 01:23 last night. Our in-house

IT person confirms that the webpage was indeed been hacked and recommends a complete system restore from 2 days ago.

This will take 24 hours and 2 days any data entered in that time period will be lost








The web site was restored within 24 hours. The front page is normal and the online access to student data is now working

properly. You have contacted all our students, agents and staff and assured them that ‘this is a one off and won’t happen

again’. You don’t seem to have lost any business but don’t know if any ad-hoc agent enquiries were lost.







➢ Make sure only fully authorised staff have access to our website administration.

➢ Make sure our system is backed up regularly.

➢ Ensure you have the facility to inform students electronically if you have a problem.

➢ Make sure you have a robust manual process in case the electronic version fails.




6) Unauthorised personnel in building (access)


Initial Information

Good news. Despite the general economic situation Lyons College is expanding. The student and staff recruitment drive

must be kicking in as you have already noticed that there is someone new in your office that you don’t recognise.





Update

An important printed email with detailed contractual terms, conditions and prices has gone missing. You thought you got

to the printer as soon as possible but it was not there and no one can find it. You are starting to get concerned as you

haven’t seen the new recruit recently. They have probably been reassigned to an off-campus program.








No-one knows who the new recruit was or who their manager was. They have ‘disappeared’. The

printed email copy fax has definitively gone missing and so has a memory stick that one of your

colleagues left on a desk.







➢ Ensure there are systems in place to induct new employees and students.

➢ Ensure that all employees and students wear ID badges, cards, lanyards

➢ Ensure memory sticks, DVSs, CDs and confidential documents are not left lying around

➢ Do not leave documents on the printer, pick them up as soon as you send them to print




7) Urban Disorder (lack of access)


Initial Information

At first it sounded as if someone in the office above had dropped something heavy on the floor but as you rush outside to

see what had happened, you can hear people screaming, car alarms and smell something burning. The scene outside is like

a disaster movie, most of the windows in the area have been shattered, there are people walking around in a daze and some

are obviously bleeding, there seems to be a body lying on the ground across the street. A bomb attack in here? Surely not

and yet…..





Update

It seems as if there was a large explosion in the street close to Lyons College. TV and radio has stopped their normal

scheduled programmes and is broadcasting eyewitness accounts from the scene. Police have cordoned off the area which

includes the carpark down the road where many of our staff cars are parked. Staff and students are nervous and want to go

home. You have a large group of new students due to arrive in two hours.








You have still not been able to get back onto the campus and have been working from temporary facilities in another building

since this event. Staff and students are not happy with this as it is not as near to public transport and the carpark.







➢ Consider having a Grab Bag available so that in the event of a sudden departure from your normal place of work

all necessary vital information is to hand.

➢ Staff may need counselling after such an event. You could consider having contact details for a suitable

organisation available.




➢ Staff travel arrangements may be severely disrupted; you may want to support them in making alternative

arrangements.

(Acknowledgement – Business Lincolnshire)

Faculty, Staff or Student report emergency by calling 000 from a campus phone or 000 from a mobile

If possible also contact CEO

The CEO assesses damage and will decide as to whether the Catastrophic Incident Team should be established. If the CEO is not contactable any other available Associate Dean or Manager will take charge.

If warranted, the CIT will be established away from the incident; all outside information flows into this area and out to the scene of the incident.

Convene the Catastrophic

Incident Team?

CIT will convene and manage/direct the activities of the various departments involved in crisis response and recovery.

Yes No

The Student Services Manager’s office will serve as the Emergency Operations Center; all outside information flows into this area and out to the scene of the incident.

Establish Catastrophic Incident Team.

GENERAL EMERGENCY PROCEDURE

PROCEDURE: Active Shooter

Immediate Action

• What is happening• The location of the incident• Who is involved• Description of suspect(s) and their clothing• A direction of travel, if known• Type of weapon(s) involved, if any• Your name and address

The first person to witness an Active Shooter to call 000 from a campus phone or 000 from a mobile

Contact the CEO if possible

If you are in a campus building where an active shooter incident is occurring and can’t safely get out, lock and barricade yourself in an office or classroom away from the assailant(s). DO NOT ATTEMPT TO INTERVENE.

Be prepared to provide as much information as possible, such as the following:

If the suspect(s) have not yet been properly contained within a building or area by law enforcement, all surrounding buildings will be locked down. All occupants will need to remain within these areas or will be asked to leave. Pedestrians within the endangered area will be instructed to move to a safe zone established by the school or will be required to leave the campus.

The CEO will be in charge of the scene until the arrival of the Police Department and will work closely with them until all danger is removed.

The decision to call in additional law enforcement agencies will be made by the Police Department, as needed.

PROCEDURE: Bomb Threat (Initial Contact)

Faculty, Staff or Student receives a bomb threat in writing or by telephone.

The CEO is in charge at the scene of the incident unless such responsibility has been assumed by emergency response authorities; the decision to reoccupy a building that was closed/evacuated at the onset of the incident will be made by those authorities or the CIT.

WRITTEN

Contact the CEO immediately. If not available contact 000 from a Campus phone or 000 from a mobile.

It is vital as few people handle the document as possible.

If the threat is received via email; do NOT reply, forward or delete.

TELEPHONE

Remain calm and refer to the Bomb Threat Checklist (see appendix); if applicable, note the information in your telephone display window.

Keep the caller calm and on the line as long as possible to gather information.

Attempt to obtain information on the location of a device (building, floor, room, etc.; the time of detonation; and, type of detonator.

Immediately after the caller has ended the call, call 000 from a campus phone or 000 from a mobile.

If the threat was left on your voicemail, do not erase; notify the CEO immediately.

Remain calm and await further instruction from Police.

PROCEDURE: Bomb Threat (Police Notified)

CEO to convene CIT CIT to assess the incident

prepare action plan and act on it .

Implement Evacuation

Plan?

CIT will dispatch a search team and organize the search

Other emergency units will be alerted to the threat.

Any student who wants to leave the building should coordinate decision with lectures

No Evacuate via the pathway advised by Emergency

Services to the designated “safe” area. (Note that this may not be the usual Assembly Area).

Do not use the Lifts.

Yes

Wait at the designated area, for further information

Each Department establish a “buddy” system in which volunteers and alternates are recruited and paired with persons who have self-identified

disabilities that would create special evacuation needs, should emergency personnel be unavailable to assist with evacuation.

If a device, package, bag, etc. is discovered, CIT will notify the Police for assistance.

The decision to resume normal activities in the building will be made jointly by the CEO and the

authorities involved.

PROCEDURE: Civil Protest

A protest should not be disrupted unless one or more of the following conditions exists as a result of the demonstration:

1.  Disruption of the normal operations of the Institution.

2.  Obstructing access to offices, buildings or other Institutions facilities.

3.  Threat of physical harm to persons or damage to Institutions facilities.

4.  Willful demonstrations within the interior of any Institutions building or structure, except as

specifically authorized and subject to reasonable conditions imposed to protect the rights and

safety of other persons and to prevent damage to property.

5.  Unauthorized entry into or occupation of any Institution room, building or area of the campus,

including such entry or occupation at any unauthorized time, or any unauthorized or improper

use of any Institution property, equipment or facilities.

If any of the above conditions exist, the CEO should be notified and will be responsible for contacting and informing the Police.

PROCEDURE: Civil Protest (Peaceful, Non-Obstructive)

Protestors are asked, at the Managing Director’s or designee’s request, to leave but refuse to

leave by regular facility closing time.

Arrangements will be made by the Student Services Manager to monitor the situation during non-business hours.

Generally, peaceful protests should not be interrupted. Protestors should not be obstructed or provoked and efforts should be made to conduct school business as normally as possible.

Determination will be made to treat the violation of regular closing hours as a disruptive protest.

OR

The Student Services Manager or his/her designee will go to the area and ask the protestors to leave or to discontinue the disruptive activities.

If the protestors persist in disruptive activity, the following statement will be read by a selected Institutions administrator as circumstances permit:

“I am ___________, speaking on behalf of Lyons College. The student conduct code and community life standards have been established by the institution to protect its educational purpose, to provide for the orderly conduct of activities, and to safeguard the interests of the institutions students and staff. Unauthorised demonstrations within the interior of the institutions building are in violation of these standards. Individuals present may be subject to disciplinary action for criminal trespass

If the protestors persist in disruptive behavior after the above administrative message is read, the following statement shall be read as circumstances permit::

“The institutions has requested that law enforcement clear this area. The institution’administration will now withdraw from this area to permit law enforcement to do so.”

PROCEDURE: Civil Protest (Violent, Disruptive)

A violent protest in which injury to persons or property occurs or appears imminent.

Contact Managing Director

Managing Director to convene CIT

CIT to determine any further actions. If necessary, contact Police.

If possible, an attempt should be made to communicate with the protestors to convince them to desist from engaging in violent activities in order to avoid further escalation of possible violent confrontation.

Efforts should be made to secure positive identification of protestors in violation to facilitate later testimony, including photographs if deemed advisable. Additionally, efforts should be made to video tape any police action for future reference.

DURING BUSINESS HOURS AFTER BUSINESS HOURS

Contact CEO, if still on campus, otherwise contact Police directly

CEO to determine if necessary to contact Police

PROCEDURE: Explosion

There is an explosion

An explosion is cause by rapid expansion of gas from chemical reactions or incendiary devices. Signs of an explosion may be a very loud noise or series of noises and vibrations, fire, heat or smoke, falling glass or debris, or building damage.

Get out of the building as quickly and calmly as possible.

Are items falling from

shelves, etc.?

Is there a fire?

Are you trapped in

debris?

Stay low to the floor and exit the building as quickly as possible.

No

No

Yes

Get under a sturdy table or desk.

Yes

Tap on a pipe or wall so rescuers can hear where you are.

Yes

Call 000 from any campus phone or 000 from a mobile phone

No

Transportation of persons shall be coordinated with appropriate staff for the purpose of evacuation and relocation of persons threatened by or displaced by the incident.

The emergency unit or agency in control will decide when to turn control of the scene back over to the appropriate Institutes entity, e.g., CEO. Depending on the nature of the incident, other public response and law enforcement agencies may be involved in decisions or control of the scene, e.g., criminal actions.

Each Department establish a “buddy” system in which volunteers and alternates are recruited and paired with persons who have self-identified disabilities that would create special evacuation needs, should emergency personnel be unavailable to assist with evacuation.

If a shelter or facility for injured people is needed, approach businesses in the neighbor hood and ask for assistance/shelter etc.

PROCEDURE: Fire (Discovery)

There is a fire

A fire may include visible flames or strong odors of burning. The appropriate emergency action is for persons to evacuate the building quickly and safety.

Can the fire be extinguished

safely?

Yes No Pull the nearest fire alarm.

Extinguish only if you can do so safely and quickly.

After the fire is extinguished, Contact CEO, who will determine if it is necessary to contact the Fire Brigade.

Confine the fire by closing the doors.

Pull the nearest fire alarm, if there is one.

Call 000 from a campus phone or 000 form a mobile phone

Alert others.

Evacuate building (follow evacuation procedure)

Inform a Fire Warden or if Fire Brigade arrives before can contact a Fire Warden, inform Fire Brigade of location of fire and any other important information

The Fire brigade will make decisions regarding the control and abatement of the fire incident, and issuing or not issuing the “all clear” for safe building re-entry and occupancy.

PROCEDURE: Fire (Evacuation)

Evacuating the immediate fire area and building

A fire may include visible flames or strong odors of burning. The appropriate emergency action is for persons to evacuate the building quickly and safety

Is the door hot?

Close the doors to your immediate area.

EVACUATE the building via the nearest exit. Assist others in exiting the building. No Yes

DO NOT USE ELEVATORS.

IMMEDIATE FIRE AREA

Feel the door from top to bottom.

Crouch Low and open the door slowly.

The Fire brigade will make decisions regarding the control and abatement of the fire incident, and issuing or not issuing the “all clear” for safe building re-entry and occupancy.

BUILDING

Go back; find another way to exit the area.

Is smoke present?

Exit the building via the nearest stairwell or exit.

Close the door quickly to avoid smoke inhalation.

No Yes

Is there heavy smoke in the

stairwell?

Go back; find another way to exit the area.

Yes Exit the building.

No

Avoid smoke filled areas.

PROCEDURE: Flood

There is a flood.

Floods may be caused by water systems or the inability of storm sewers to handle rain run off. Floods caused by domestic systems do not endanger people but can cause extensive damage to the building and equipment. Floods caused by storm sewer overflows can be more damaging and potentially more dangerous.

WATER SYSTEM STORM SEWER

CIT will make decisions regarding control and access to buildings/areas affected by floods, and issuing or not issuing the “all clear” for safe building/area re-entry and continued occupancy.

In extreme cases of flooding, it may be necessary to request assistance from local, state or federal agencies. Such requests for assistance will be coordinated by the Critical Incident Team (CIT).

Contact the building manager from Phileo Australia on 03 9663 8018

Contact CEO and convene CIT

The CIT in conjunction with the Property Manager will control and make decisions at the flood scene.

If flood is imminent, occupants will be asked to move property for its protection

Students and staff should be prepared to evacuate if advised to do so by the CIT or Property Manager

Contact the building manager from Phileo Australia on 03 9663 8018

Contact CEO and convene CIT

Protect institutions property from damage where possible.

The CIT in conjunction with the Property Manager will control and make decisions at the flood scene.

PROCEDURE: Hazardous Materials Incident (General Information)

A hazardous materials incident may be a spill or release of chemicals, radioactive materials or biological materials inside a building or to the environment. The user may manage simple spills. Major spills or emergencies require emergency assistance from the FESA Fire and Rescue Service. They will arrange for the HAZMAT Emergency Advisory Team (HEAT) to manage the emergency.

Simple Spill • Does not spread rapidly.

• Does not endanger people.

• Does not endanger environment.

• Trained individual can clean up.

Major Spill or Emergency • Spreads rapidly.

• Endangers people.

• Endangers environment.

The decision to call for emergency assistance may be made by the user, a person discovering an incident, or the CEO receiving a call for assistance.

Depending on the nature and needs of the incident, assistance and services may be brought in from other public support agencies or specialized contractors.

The decision that an incident is controlled and stabilized is made by the emergency response agency, i.e. the Incident Commander from the Fire Department or the HAZMAT Team. After immediate hazards have been controlled and stabilized, the Incident Commander will transfer authority and responsibility back to the CEO, as appropriate for the situation.

PROCEDURE: Hazardous Materials Incident There is a spill

Does the spill spread rapidly,

endanger people or endanger the environment?

Do not: - Ignore the incident- Touch or breathe in the chemical

Yes No Warn people in the close vicinity, call 000 from a campus phone or 000 from a mobile and notify the CEO.

Evacuate and assemble at a safe distance. Account for individuals.

Simple spills should be cleaned up by the person causing the spill.

Depending on the nature and needs of the incident, assistance and services may be brought in from other public support agencies or specialized contractors. Provide as much information as possible (without endangering yourself): - location address of spillage- name of chemical and the UN number- amount of chemical split- form of chemical (solid, liquid, gas)

The decision that an incident is controlled and stabilized is made by the emergency response agency, i.e. the Incident Commander from the Fire Department or HAZMAT Team. After immediate hazards have been controlled and stabilized, the Incident Commander will transfer authority and responsibility back to the CEO, as appropriate for the situation.

PROCEDURE: Infrastructure Failure

Electricity out

Different types of infrastructure problems can render the work site unsafe or uninhabitable such as electric, telephone, or computer failures.

Notify the CEO Contact the building manager from Phileo Australia on 03 9663 8018.

Telephones down Computers Down

Notify the CEO and Administration Manager immediately. The Administration Manager will contact the telephone or IT contractor.

She will then request that the Department Managers notify their staff.

PROCEDURE: Violent Incident

Immediate Action

Contact the CEO immediately. If not available ring 000 from a Campus phone or 000 from a mobile.

Violent incidents including but not limited to acts of terrorism, assaults and incidents of workplace violence can occur on the campus with little or no warning. It should be noted that the following instructions are intended for incidents that are of an emergency nature (i.e., imminent or having just occurred).

Be prepared to provide as much information as possible, such as the following:

• What is happening• The location• Who is involved

• Description of suspect(s) and their clothing• Type of weapon(s) involved, if any• Your name and address

Taking the time to provide such information will not delay law enforcement response. Complete information may allow them to handle the matter more effectively.

Critical Incident and Business Continuity Plan...The Critical Incident and Business Continuity Plan...

Documents

Transcript of Critical Incident and Business Continuity Plan...The Critical Incident and Business Continuity Plan...