Skip to content

Incident Management Intelligence Brief
May 2019 edition

  • CIMT FOCUS AREA
  • THREAT ENVIRONMENT
  • CYBER
  • CASE STUDY

The Value of an Impact Assessment

What is an Impact Assessment?

An Impact Assessment is a tool used by organisations for assessment and response planning following an incident.

The Impact Assessment should be used regularly during the management of an incident to identify areas suffering high impact that require effort and/or resources applied to them to aid resolution. By identifying areas of most concern and addressing them, the organisation can more quickly chart a course back to BAU. As a planning tool, it is important your organisation revisits the tool regularly to reassess the major impacts to the business and, if required, alter the focus of the response to address emerging issues as and when they arise.

Barangaroo Delivery Authority’s Impact Assessment comprises seven strategic considerations for the organisation, see below. Each consideration is rated from Minor to Catastrophic Impact. This combined rating scale allows BDA to determine the scale of impact they might be facing.

Impact Assessment

Impact Assessment 2

How should Barangaroo Development Authority use the Impact Assessment tool?

During the Critical Incident Management Training session in May, the CIMT looked into Impact Assessments and how they could assist Barangaroo Development Authority during a major incident.

To understand the value an Impact Assessment can bring to your organisation during a Critical Incident, let’s look at how it would be applied to an unfolding event over an extended period of time. For this example, we consider a major scaffolding collapse that impacts the workforce, the site and the operations of this example organisation.

Now2 hours4 hours8 hours
People, Health and Safety4333
Reputation & Image1223
Financial1113
Operational2334
Legal & Compliance1133
Environmental3321
Strategic1113

Looking at the above Impact Assessment and how each category shifts from the commencement of the incident through the response period, we can observe the importance of continuously re-evaluating the major focus areas for a Critical Incident Management Team.

In this example, the initial assessment for the impact on People, Health, Safety achieves the highest rating as the potential for catastrophic impacts on the workforce cannot be understated. As this example event unfolds, this rating is downgraded to reflect the major impact of this event of the workplace in line with the relevant risk scale. In situations where members of the workforce are unaccounted for, such as individuals who are not accounted for in an evacuation, this impact may remain high until everyone is accounted for when it returns to the lowest level.

The Operational, and Legal & Compliance impact behave in a different manner in many crises. In this case, in the early stages of response there is little requirement to focus on these areas as only preliminary understanding may exist of the extent of the impact. As the immediate impacts of the event come under management, effort is applied to better understanding the impacts and possible repercussions to areas such as operations. In this example, a better assessment is made on the duration of recovery from the scaffolding collapse and the rating is increased early in the response period. Legal & Compliance lags a little further as much more detail is required, including from workplace safety inspectors or emergency services, to better understand the context of this event. With this additional detail the organisations exposure and requirements for subject areas such as Legal & Compliance are better understood.

As you can see in the Impact Assessment Matrix above, throughout the course of a Critical Incident, the priorities and focus areas for a CIMT will shift as the incident response progresses and longer-term planning commences. An important benefit of conducting regular Impact Assessments is your ability to conduct post-incident reviews and observe the evolution of the response. By regularly conducting Impact Assessments, Barangaroo Delivery Authority’s CIMT can review and allocate their resources, working to get the organisation back to Business as Usual as soon as possible.

For more information please refer to the Barangaroo Delivery Authority Incident Management Plan pages 19 to 20.

Lockdown Procedures

Unfortunately, as the recent events in Christchurch have shown us, the requirement for both public spaces and organisations to conduct a lockdown due to a dangerous incident or threat is increasing. If BDA were to face an active threat, proper education and information regarding both what a lockdown is and the best manner in which to conduct a lockdown is imperative, as it could significantly alter the outcome.

What is a lockdown?

According to the Australian Standard Planning for Emergencies in Facilities an organisation during an emergency situation can enter into either a Shelter-In-Place situation or a Lockdown. The requirement to either Shelter-In-Place or Lockdown is determined based on the nature of the threat requiring a response.There are characteristic differences between these two situations:

Differences between a Shelter in Place and a Lockdown
Shelter in Place
Typically applies for environmental impacts during which everyone is to enter the building, and no one leaves the building.

Your organisation can continue in Business As Usual, unless in a specific circumstance where you need to move people away from windows and into the corridors, stairwells or similar.

A Shelter-In-Place will also occur if there is a lockdown occurring in the greater vicinity, but it doesn’t pose an active threat to the individuals inside the organisation.

This situation means people can remain working inside but should not leave the building.

Lockdown
A Lockdown occurs when there is either a suspected or a confirmed armed offender.

If a Lockdown is activated the applied procedure is: “no one in, no one out.”

People in the impacted area should:

  • Escape (the area if you can)
  • Hide (from the armed aggressor)
  • Tell (the Police)

If an offender is not confirmed, but you believe there is someone in the building – your Wardens should call 000.

If you have confirmed there is an active armed offender, the advice is for every person to call 000. The intent is to support the Police response by providing active intelligence gathering from the people in the affected area. Be guided by the 000 operator and be prepared to share information on where you are, who you are with, and available details of the offender.

There are fundamental differences between the call to Shelter-In-Place and to Lockdown and how people should react to each. It is imperative to communicate these differences to your staff and the nature of any emergency to provide context. The requirement to understand the difference highlights the importance of everyone within an organisation being well trained in these two responses and the actions they will be required to take.

What can Barangaroo Delivery Authority do to prepare for a lockdown?

The best thing an organisation can do to prepare is to train their staff, ensuring they are well informed about what a lockdown entail. This empowers staff to act appropriately, and with haste, if the need arises. Without training in best practice lockdown procedures, there is a significantly higher risk that people could get hurt if an active threat were to occur in the BDA premises.

The Australian New Zealand Counter Terrorism Committee have confirmed their recommended action for individuals placed in a lockdown situation is:

  • Escape: if safe to do so. Occupants of crowded places should consider evacuating the site as soon as possible. The priority in these events is to remove victims from close proximity to the offender.
  • Hide: if occupants of the area are not able to safely evacuate the premises, they need to shelter in place ensuring that people take advantage of available concealment or cover from any offenders.
  • Tell – and Police response: if safe to do so, as many people as possible need to contact the police or site operators and provide as much information regarding the offender and ongoing incident as possible.

For more information:

Active Armed Offender Guidelines for Crowded Places

Australian Standard Planning for Emergencies in Facilities – AS 3745-2010 Amd 2:2017

Safe Surfing Online

The internet as we know it has evolved dramatically from its inception 28 years ago, from basic text-based pages to image and video filled screens that are incorporated into almost every aspect of people’s day to day lives. With an estimated 56.1% of the population currently having internet access, we’ve seen it become an ever evolving and changing function – altering people’s daily lives from the way we communicate, shop, conduct business and even find love.

However, this constantly adapting system has also changed the way people conduct crime. Accordingly, we as a society need to ensure that we are doing everything we can to mitigate against criminal activity on our systems when surfing online.

How could this impact Barangaroo Development Authority?

In their most recent report on Notifiable Data Breaches, the Office of the Australian Information Commissioner reported that the most prevalent form of cybercrime currently impacting Australians are malicious attacks. These attacks, they confirmed, often target vulnerabilities in relation to human error. With technology now occupying almost every aspect of people’s lives, it is imperative BDA employees know the safest and securest ways in which they should be using the internet.

If exposed to a cyberattack, BDA could face serious issues impacting almost every aspect of the organisation:

Human – A cyberattack on BDA could result in the loss or exposure of significant confidential data and information, some of which may impact BDA employees. A breach could see BDA employees reluctant to provide confidential information or, in severe cases, could see employees leave the organisation.

Reputational – A cyberattack on the organisation would not just impact employees of BDA, but also their ongoing relationships with customers and key stakeholders whose confidential data and intellectual property may also be accessed in a hack. The threat of customer information being lost or stolen due to a perceived fault on BDA’s behalf could see organisations reluctant to continue engaging with BDA.

Operational – In many instances, a cyberattack will target specific systems and programs that are used by an organisation. These attacks can significantly impact the functionality of systems and programs that BDA relies on, thereby interrupting critical business functions and impacting operations.

Legal and Financial – BDA are required to report any notifiable data breaches to the OAIC within 30 days of the breach being discovered. Failure to comply with these reporting guidelines could result in a fine of up to $1.8 million. Furthermore, if an investigation is conducted and BDA is found to have not taken adequate steps to mediate the risk of a breach, they may face additional fines and penalties. Breaches that impact BDA’s customers and key stakeholders’ privacy and confidential information may additionally result in legal action from these groups against BDA for loss of intellectual property and confidential data.

What can Barangaroo Delivery Authority do to prepare?

There are five simple steps that BDA staff can take to ensure that they are safely using the internet:

  1. When browsing webpages, ensure that the site has a web address commencing with ‘https’ and that there is a padlock on the left side of the browser address bar.
  2. Make sure the URL is correct if you follow a link from another webpage or email.
  3. Only conduct banking, shopping or payment of bills on a trusted network – like at home, or through your mobile data. Don’t conduct these activities on a public network like in a café or airport.
  4. Don’t post highly personal information on public sites, also ensure that your social media accounts have appropriate levels of privacy settings. Personal information shared publicly can be used to steal an individual’s identity or give unwanted people access to private accounts.
  5. Remain wary of unreputable sites, and possible phishing attempts sent via pop up advertisements or emails.

For more information:

Stay Smart Online (Australian Cyber Security Centre)

Safe web browsing – (Commonwealth Bank)

Safe shopping and banking online – (Commonwealth Bank)

Pandemics

In the words of Game of Thrones ‘Winter is Coming’ and with it a heightened possibility of illness. Whilst the enforcement of proper hygiene practices and vaccines can aid in the prevention of the spread of illness, it is inevitable Barangaroo Delivery Authority will see a greater amount of staff calling in sick during this period. Already in the media, we have seen 29 confirmed cases of Measles since Christmas 2018 and over 10,000 diagnosed cases of Influenza in NSW alone, meaning that this year is looking to be bumper year for pandemics in NSW and Australia as a whole.

If diagnosed with the measles, an individual can expect symptoms such as: fever, tiredness, a rash covering the body, in some cases people will additionally develop ear infections, diarrhoea and will require hospitalisation.

Intelligence Briefs

If diagnosed with influenza, a person can expect symptoms such as: fever and chills, cough, sore throat, muscle aches, joint pains, headache, fatigue, nausea.

Intelligence Brief

Whilst both of these diseases carry levels of risk for the population, the effects and long terms impacts that they can have vary greatly.

How could this impact Barangaroo Development Authority?

People – Both BDA employees and visitors could become ill if a pandemic were to impact the organisation. This could both impact the people working at BDA and could dissuade others from conducting business with BDA or even potentially considering BDA as an employee of preference in the near term.

Operational, Reputational and Financial – Medical outbreaks can lead to serious and lasting negative damage to an organisation, depending on their scale and the number of people impacted. For BDA, this could result in customers and key stakeholders electing to not visit the site or conduct meetings with BDA employees – leading to a loss of business, it could additionally result in organisations wishing to not hold large events in BDA’s public spaces and in the public deciding to not visit the site due to the threat of infection and illness. The loss of key people who have either become sick as a result of an outbreak of illness, or who have elected to not attend BDA because of the threat of illness, could significantly impact BDA’s operations, leading to a loss of productivity.

What can Barangaroo Delivery Authority do to mitigate risk?

Both Measles and the Flu can be prevented through proper hygiene and immunisations, however, additional steps can be taken to ensure that you do not catch or spread illness.

Prevent the spread of disease through the following steps:
Measles
  • A Measles vaccination is the best way to prevent the disease, so:
  • Ensure that you have had the appropriate immunisation
  • Two doses of measles containing vaccines should be given at least 4 weeks apart
  • It is safe to have the vaccine more than twice, so people who are unsure should be vaccinated
  • People who have been diagnosed with the measles should stay home until they are no longer contagious – i.e. 4 days after the rash starts
Influenza 
  • Get the annual flu shot
  • Sneeze into your elbow
  • Wash your hands with soap and water regularly, especially after sneezing or coughing and using the bathroom
  • If you believe that you are unwell or may have been exposed to someone who has influenza, see your GP immediately and do not come into work

For more information:

‘Flu cases hit uncharted territory in NSW, but vaccines at the ready’ (ABC News May, 2019)

Influenza fact sheet

Measles fact sheet

Categorized: intelligence-brief