These guidelines are intended to increase understanding of the threat that active shooter incidents pose to places of mass gatherings. In particular, they seek to illustrate the key role that private sector stakeholders can play in developing and implementing appropriately informed prevention, preparedness, response and recovery arrangements to reduce the risks posed by such a threat. The guidance material has been developed by the Mass Gatherings Advisory Group on behalf of the Australia-New Zealand Counter-Terrorism Committee (ANZCTC), with input from the Mass Gatherings Business Advisory Group. It should be read in conjunction with the National Counter-Terrorism Committee’s National Guidelines for the Protection of Places of Mass Gathering from Terrorism (2011).
Download the Active Shooter Guidelines for Places of Mass Gathering here.
BC-3, under its European label Clearview, is delighted to announce they have won the prestigious ‘Business Continuity Planning Software of the Year’ award at this year’s CIR Business Continuity 2012 Award Ceremony held in London on 30 May.
The CIR Awards are judged by an independent panel of experts, who recognised the innovative approach to using web-based software in a practical and intuitive way for users, without sacrificing sophisticated functionality.
Charles Boffin, CEO of ClearView said “As the fastest growing player in this market, we are very pleased to receive this recognition for our creative use of cutting edge technology and our understanding of the importance of user experience. From our close relationship with all clients, we know exactly where software brings value. It is this that differentiates ClearView and drives everything we do.”
A Winning Combination
BC-3 is brought to you and supported by RiskLogic, one of Australasia’s leading consulting firms focused on building organisational resilience in the private and public sectors. RiskLogic’s business continuity and crisis management capabilities are recognised by industry and regulators alike as being amongst the best available.
RiskLogic has partnered with leading UK technology provider ClearView Continuity to launch the new portable business continuity platform in Australia and New Zealand, branded as BC-3 in the Asia Pacific region.
More details of the Awards can be found at www.businesscontinuityawards.com.
Written by Zoe Moulton – Consultant, Business Continuity
The Australian Prudential Regulation Authority (APRA) released a discussion paper outlining a range of topics to be covered in the new prudential standards for the superannuation industry.
The topics relate to all its regulated industries including Governance, Fit and Proper, Risk Management, Business Continuity Management (BCM), Outsourcing, Audit and Related Matters, in addition to other superannuation specific matters to be reviewed.
APRA Deputy Chairman Ross Jones said the proposed prudential standards will significantly strengthen the superannuation system.
Currently, BCM requirements and guidance material are minimal. However, APRA is proposing to expand them to encompass the differences between superannuation and other APRA regulated industries in the Prudential Standard SPS 232 Business Continuity Management (SPS 232). Particular emphasis will be placed on the obligations of the Board and senior management, the BC Plan itself as well as the industry’s high incidence of outsourcing and the subsequent implications for BCM.
Submissions relating to the APRA discussion paper’s proposals were due by 23 December 2011.
The “Prudential Standards for Superannuation – September 2011” can be found at http://www.apra.gov.au/Super/Pages/superannuation-prudential-standards-consultation.aspx
Event date: 23 February 2012
Location: Pymble Ladies’ College
Written by: Cheryl Hambly, Senior Consultant, Emergency Management
Download PDF version: Emergency Management School Forum Report 230212
While all schools are unique, the high risk, complex nature of the school environment creates many shared challenges for managing an emergency incident. These challenges are exacerbated by the number of students, age of students, size of school premises and difficulty completing emergency training in school timetables.
A unique opportunity to share information and discuss these challenges was provided by RiskLogic during a recent inaugural Emergency Management School Forum. Held on the 23rd February 2012 and hosted at Pymble Ladies’ College, the forum encouraged interaction amongst representatives from 8 of Sydney’s leading schools with the aim of building stronger emergency response capabilities between its participants.
This report provides a summary of the Forum outcomes, including:
- An overview of School compliance requirements
- Identification and discussion of emergency management challenges
- Discussion of solutions for the identified challenges
“I enjoyed hearing other schools’ experiences and hearing that we all have common issues/challenges” (School Forum Participant)
Schools that attended the Forum included:
- Loreto Normanhurst
- Saint Ignatius College Riverview
- Monte Saint Angelo Mercy College
- St Andrew’s Cathedral School
- Pymble Ladies’ College
- St Catherine’s School
- Ravenswood School for Girls
- The King’s School
RiskLogic facilitators included:
- Cheryl Hambly
- Grant Ziarno
Summary of emergency management requirements
Complying with best practice emergency management is important in ensuring staff and students remain safe during emergencies. The emergency management requirements are outlined in Australian Standard 3745 Planning for Emergencies in Facilities. These requirements include:
- Formation of an emergency planning committee (EPC)
- Formation of an emergency control organisation (ECO) – wardens
- Development of an emergency response plan
- Development and placement of evacuation diagrams
- Conducting of emergency response training:
- Bi-annual chief warden training
- Bi-annual ECO training
- Annual staff awareness training
- Annual EPC training
- Annual evacuation drills
- Annual lockdown drills
“I enjoyed the willingness for all participants to be open and discuss issues at their schools” (School Forum Participant)
To identify the existing emergency management challenges within schools, participants brainstormed the issues they presently face at their school. These included:
- Staff not understanding the evacuation process
- Staff not responding to alarms
- Difficulty in securing the school premises during an emergency
- Difficulty in accounting for all persons on site
- Non-compliance of third party tenants
- Suitability of evacuation assembly areas
- Poorly documented out of hours procedures (for example Saturday sport)
- Implementing partial evacuations and lockdowns
- Lack of knowledge of emergency equipment on-site
- Evacuation and accounting for a large number of persons
- Minimal practice of evacuation process for boarding houses
- Managing emergencies during break periods
- Emergency services familiarisation with the school
- Controlling social networking communications from students during emergencies
- Communicating emergency information to all persons on site
Given the duration of the forum, it was decided that two challenges would be explored in more detail. Participants discussed in greater detail the challenges around out-of-hours emergency procedures and evacuating large numbers of people.
- Assumption that wardens will be present at a Warden Intercom Phone (WIP)
- External persons on-site without warden training
- Not knowing who is on the school premises
- Lack of persons to take responsibility of each area after hours
- Communicating emergency details during functions and events
- Securing the school premises with limited resources
- Induction of external parties (for example coaches)
Evacuating large number of persons
- People on-site lacking knowledge of emergency procedures, equipment, alarms sounds, and out-of-hours assembly points
- Lack of space at the assembly point
- Lack of control at the assembly point
- Difficulty in securing the school premises
- Reduced capability of communications to outside areas
- Lack trained emergency response staff
- Keeping emergency procedures simple
The following were discussed as potential solutions or actions to reduce the challenges around both the out-of-hours response and evacuating large numbers of people.
- Document out-of-hours procedures
- Document emergency procedures for large events
- Keep procedures simple. The same process can usually be followed, just applied to the different circumstances
- Train all wardens and all staff in the emergency response processes
- Provide safety instructions to external persons using parts of the school (may be dependent on the parts of the school they are using)
- Induct new contractors – provide them with maps and instructions on what to do and who to report to during an emergency
- Train boarding staff in responding to an emergency. This training may need to be conducted after hours to capture all staff
- Conduct after-hours evacuation and lockdown drills for boarding staff and residents
- Communicate out-of-hours procedures to relevant people
- Control communications to parents. Think about setting up systems to SMS parents, direct lines to radio stations for broadcasting messages, internet and website messages
- Communicate to staff the existing emergency communications and processes
- Place a sticker on phones with the security response number. This would be a speed dial number and mobile number, that phones the appropriate person, and acts as one point of contact for staff
- Investigate if messages can be sent to nominated persons from the fire monitoring company when an alarm has been activated
- Establish a specific warden team for large events
- Appoint whoever is in charge of the activity/event as the person to step up to the Chief Warden role if required
- Utilise non-teaching staff as wardens
- Assign people to take on the role of chief warden out-of-hours and for events. Some schools have a roster of key management personnel who are located near the school to take on this role
- Utilise security staff (if your school has them) to assist during an emergency
- Appoint two reserves for the chief warden and communications officer role
- Appoint and train regular out-of-hours staff to warden roles
- Contain the emergency early to avoid panic and secondary incidents by liaising with emergency services and controlling outside communications
- Establish a sign in system for contractors – some schools have a dual sign-in system for accounting for both during-hours visitors, and out-of-hours visitors/contractors
- Establish an evacuation kit with communications equipment, emergency procedures and other equipment that may be required at an assembly area.
The forum was a valuable learning and networking experience for all participants. Participants shared experiences and built networks, and will further enhance their existing emergency management programs by implementing some or all of the discussed solutions. Future forums will explore the remaining challenges with the aim of continued emergency resilience within schools.
Should you have questions, feedback or suggestions, please contact Cheryl Hambly or Grant Ziarno on 02 9037 1888.
Written by Zoe Moulton – Consultant, Business Continuity
From July 2012, Australian financial services firms must comply with four (4) new standards outlined by the Australian Prudential Regulation Authority (APRA) in September last year.
The CPS 232 is one of the four new standards which consolidates and replaces the existing twelve standards contained in APS 232 [applicable to authorised deposit-taking Institutions (ADIs)], the GPS 222 (applicable to general insurers) and the LPS 232 (applicable to life companies).
The remaining three standards relate to governance, outsourcing and fitness and propriety. In APRA’s view, the risks arising from outsourcing business continuity management, governance and the fitness and propriety of responsible persons are similar regardless of the industry.
Currently, there are three individual, almost identical, prudential standards covering the business continuity management requirements for each APRA-regulated industry. The standards essentially relay that a regulated institution must implement a whole-of-business approach to business continuity management appropriate to the nature and scale of its operations.
APRA emphasised that the process “did not seek to review the content and scope of the behavioural standards, beyond that required to harmonise application across industries.”
The regulator received a number of submissions from institutions and industry groups in a related “consultation package” that was released in December 2010.
The submissions supported the harmonisation initiative.
Other key features of CPS 232 include:
- An amendment to clarify the definition of Business Impact Analysis. That is, “a process performed to identify the critical business operations. That is, a regulated institution cannot just perform a BIA for critical business operations it must perform the analysis for all operations in order to determine which are critical.”
- Clarity around the role and obligations of the Board (or equivalent) in complying with the standard.
- A requirement for the Board of the Head of the Level 2 banking group to ensure that all group members have in place BCM policies. That BCM is applied to each part of the group and that the business continuity policy is internally and externally reviewed at least annually.
- Extension of the application of the standard to include registered life Non Operating Holding Companies (NOHCs).
- Greater clarity around the application of the standard to foreign branches.
- Extension to life companies the requirement, currently applying to ADIs and general insurers, to conduct a periodic review of the Business Continuity Plan by the internal auditor or an external expert.
- Extension to ADIs and general insurers APRA’s ability, under LPS 232, to request the external auditor (or an external expert) to undertake an assessment of BCM arrangements.
- Transfer of requirements for Level 2 insurance groups to comply with BCM requirements from Prudential Standard GPS 221 Risk Management: Level 2 Insurance Groups (GPS 221);
The consolidated standards are found on the APRA website under the ‘Prudential Framework’ page for each industry.
Written by Grant Ziarno, Consultant – Emergency Management
This article provides a snapshot of the Incident Management training provided in South West Queensland and the effects the training had on the emergency response during the 2010/11 flood event. With Emergency Management Queensland, I was involved as a facilitator of the scenario-based training and was also an operational employee deployed to Local and District Disaster Coordination Centres during the event. Below are some of my observations after the event.
In November 2010, Incident Management Teams within district and local disaster management groups in the South Western Region of Queensland were tested on their response to an extreme weather event. It was an opportunity for these groups to test their evacuation plans, re-supply arrangements, personnel and asset coordination, internal communication protocols and external communications.
Participants responded as they would in a real event using their Incident Management Plans (IMP), standard operating procedures, supporting documentation and local knowledge.
This exercise allowed participants to identify gaps in their emergency response, which became extremely beneficial during the flood event.
These findings included:
- Inappropriate size and location of Incident Coordination Centres (ICS)
- Lack of specific identified roles during an emergency including the Incident Management Team (IMT) and support staff. Lack of updated contact lists
- Communication issues between external agencies, isolated communities and other stakeholders
- Lack of Liaison officers
- The need for predetermined evacuation centres
- The need for continued training
- Ineffective information management protocols
- Under estimation of resources required to respond to an incident
- Lack of appropriate escalation points
Even though (due to the size of the affected area) some participants felt the November scenario exercise was unrealistic, the extreme weather event became a reality in December and January of 2011.
So how did the Incident Management Teams respond during the event? Did the recent training they received assist them in their response? Simply, the answer is yes.
Although there was little time between the exercise and the actual event, a great deal had been learned and major changes had begun to be implemented. The exercise meant incident management and the emergency response was front of mind and local IMTs responded quickly and more effectively than in the past.
Four main improvements could be observed during the response to the emergency; clearly defined structure, defined and communicated roles and appropriate allocation of resources and communications.
Given members of the IMT had a better knowledge of the incident control system in place there was little need for further communication of the process during the response. This allowed IMTs to concentrate on an effective coordinated response to the emergency and not on the processes involved. Having the procedures, protocols, forms and boards in place saved time and reduced confusion.
Considerations regarding the scale and scope of the emergency were made and appropriate Incident Action Plans (IAP) were put in place quickly. As the emergency evolved and conditions changed, the IAPs were revised to reflect the most appropriate response.
Roles and responsibilities
The IMT was able to respond effectively and work together in a cohesive manner given the roles and responsibilities of IMT members were recently highlighted and communicated to all members. There was no question who was in command at Incident Coordination Centres and the roles of Operations, Planning, Logistics and Communications were for the most part clearly identified and allocated appropriately.
Deficiencies highlighted during the exercise had been addressed and support staff within the business as usual structure were identified and quickly utilised during the response.
Allocation of resources
The allocation of resources, especially in relation to personnel, had mostly been addressed directly after the exercise and appropriate resources were allocated immediately in the emergency. The allocation of internal resources enabled a quick response both in the development of Incident Coordination Centres but also in response to the flood event.
Identifying resources and establishment of MOUs with external suppliers enabled the IMTs to formulate responses within an IAP without having to waste time determining resource availability and cost. This was paramount in enabling a quick effective response given the magnitude of the emergency.
Although there was little opportunity to improve communication protocols before the flood event, enhancements were made during the emergency. As the shortfalls in communication were identified during the exercise, it was quickly apparent what improvements must be made and how it would be managed.
IMTs were able to recalibrate and adopt standardised forms. Communication and action logs were used effectively to determine appropriate responses. Communication protocols internally and externally were refined and contact lists were updated and added to.
These changes identified during training were quickly implemented and not only assisted greatly in the response of IMTs, but also provided a record of actions taken and the reasons for these actions.
Allowing for the fact that each local IMT had a differing ability to respond to the emergency either due to varying levels of experience or resources, as a general rule, each IMT responded more effectively than they would have previously. While some teams gained more from the exercise than others, this can be put down to a number of variables; skill level and experience before the exercise, level of participation during the exercise and the willingness of local teams to learn from the outcomes and instigate change.
The value of having Incident Management Plans in place cannot be overrated and the same can be said for testing the response by utilising these plans. Having and Incident Management structure and testing it certainly allowed IMTs across South Western Queensland to respond much more effectively than they ever could have before.
Cloud computing and mobile applications have the power to revolutionise business continuity management in Australia.
Business continuity strategies have traditionally been paper intensive, making plans cumbersome to update and difficult to access in the event of a crisis. Without the consistent attention and ongoing investment that the business continuity process requires, organisations find themselves significantly underprepared when it matters most.
While business continuity continues to embed itself into the psyche of corporate Australia, the spate of recent incidents, locally and abroad, has heightened its importance. As a consequence, the expectations placed on the performance of business continuity plans have significantly increased, according to leading business continuity firm RiskLogic.
RiskLogic Director, Joshua Shields, says many organisations have now had an opportunity to activate their business continuity programs in genuine situations. “Learning from their experiences, organisations are now demanding business continuity outcomes that are more flexible, portable and easier to execute” he says.
Mr Shields believes the accessibility and affordability of new technology holds the answer. “Technology, such as cloud computing and mobile applications, provides opportunities to significantly improve how organisations develop, control and activate their business continuity strategies,” he says.
While business continuity software is not new, previously available products have been inflexible, limited in functionality and excessively priced.
In response to this need, RiskLogic has partnered with leading UK technology provider ClearView Continuity to launch a new portable business continuity platform that allows users to control and coordinate their business continuity strategies with ease.
Developed by business continuity professionals, RiskLogic’s web-based platform ‘BC-3’ utilises the power of cloud computing and mobile applications to allow clients fast access and control of information anytime, anywhere during a crisis.
“The challenge was to deliver an intuitive, easy to use interface that provides the flexibility to adapt to the client’s unique approach and methodology. BC-3 provides a scale of functionality and degree of adaptability never seen before, and at a lower cost than competing products,” says Mr Shields.
BC-3 supports the end-to-end management of business continuity programs and seamlessly interacts with existing internal systems, such as HR programs. It also provides automated audit trails and full compliance reporting, equipping users will full visibility and control of their programs, no matter how large or complex the organisation.
“The future of business continuity programs is in technology. Companies that do not adapt will continue to struggle to meet ever growing corporate governance and business demands,” said Mr Shields.
ClearView Chief Executive, Charles Boffin, said they are delighted to partner with business continuity specialist, RiskLogic, to provide Australian companies with a high impact, cost effective solution that has the power to revolutionise the way organisations approach business continuity.
“The combination of ClearView and RiskLogic as a recognised industry leader in business continuity creates an enviable partnership, and it is clients that will benefit most,” he said.
For further information please contact:
Phone: 1300 731 138
RiskLogic is a leading consulting firm delivering crisis management, business continuity and emergency management solutions across multiple sectors, including government, financial services, utilities, infrastructure, manufacturing, education, healthcare and not-for-profit, throughout Australia and New Zealand.
ClearView is a family of web based technologies that help businesses manage their Business Continuity Management (BCM) activity and support the processes associated with Threat Assessment, Impact Analysis, plan development, exercise and testing management, approval, and measurement of BCM policy compliance. With a global client base in all sectors, we partner with best in class collaborators to deliver end to end BCM solutions.