• Section 1 - Purpose
• Scope
• Section 2 - Glossary
• Section 3 - Policy
• Section 4 - Procedure
• Section 5 - Guidelines
• Incident notification
• Incidents to be considered
• Membership of the Crisis Management Team
• Crisis Management Team support roles
• Standing up the Crisis Management Team
• Role of the Crisis Management Team
• Overseeing an incident
• Emergency contact information and protocols
• Primary phase of incident oversight
• Establishing a Critical Incident Management Team
• Information coordination
• Post initial response
• Secondary phase of incident oversight
• Stand down of the Crisis Management Team
• Recovery phase of an incident
• Incident debrief
• Associated information and record requirements

Section 1 - Purpose

(1) In accordance with the University’s Resilience Policy and Resilience Framework, the purpose of this guideline is to guide the executive leaders of the University in the strategic oversight of the University’s response to an incident. This guideline identifies the membership of the Crisis Management Team (CMT) and outlines its operational roles, responsibilities and conduct. The guideline includes advice as to:

1. when and how to establish incident management arrangements and stand up the CMT,
2. when and how to establish a Critical Incident Management Team to assist with operational incident management,
3. how the Crisis Management Team is intended to operate, and
4. when and how to transition incident management arrangements to recovery and stand down the Crisis Management Team.

(2) The Crisis Management Team (CMT) may also direct the operational response to an incident or, depending on the extent, complexity and anticipated duration of the incident, the CMT may elect to stand up a Critical Incident Management Team to support the CMT in the operational response.

(3) Where the CMT retains operational responsibility for an incident, it is to oversee Charles Sturt University's response by guiding and advising response teams.

(4) These guidelines have been developed with the most complex and extensive incident management requirements in mind. It is anticipated that the breadth and depth of this response can and will be adapted to suit the nature of the specific incident being overseen.

Scope

(5) This guideline applies to the permanent standing members of the Crisis Management Team (CMT) and any other person co-opted to provide assistance and/or expertise to the CMT in relation to the management of an incident.

(6) The Resilience Framework sets out three streams of activity to ensure the preparedness of the University to plan for, respond to and recover from incidents. The roles and responsibilities of CMT members (as members of the Executive Leadership Team) are to ensure the preparation of the University to be able to adequately respond to incidents are set out in the Resilience Policy.

(7) The University has established a resilience structure whereby the CMT, representing the executive leadership of the University, retains strategic oversight for response to all incidents that have actual or potential significant impact on the University.

(8) The CMT should also be aware that, in accordance with the Resilience Policy, the University has documented several purpose-specific plans to respond to a variety of incidents, including:

1. emergencies, operationally responded to through facility-based emergency plans,
2. identified crises, those plans are listed as associated information to the Critical Incident Management Guidelines,
3. disruptions to business processes triggering business continuity plans, and
4. significant information technology service interruption responded to through IT disaster recovery.

(9) During any incident, the CMT retains responsibility for all internal and external stakeholder communications and is to consider the implications of the incident for the University more broadly.

(10) These guidelines are closely connected to the Critical Incident Management Guidelines. Any changes to these guidelines should be considered for inclusion and/or impact on those guidelines.

Section 2 - Glossary

(11) In addition to the terms defined in the Resilience Policy, for the purpose these guidelines, the following terms have the definitions stated:

1. Facility – in terms of Charles Sturt University's Resilience framework, facility is intended to have the broadest possible interpretation. In this context, a facility may have the conventional meaning of an occupied building, or it may refer to elements of or an entire campus site. Likewise, it may apply to an external location where staff and/or students are conducting University business. 

Section 3 - Policy

(12) Refer to the Resilience Policy.

Section 4 - Procedure

(13) Nil.

Section 5 - Guidelines

Incident notification

(14) It is not possible to anticipate every combination of circumstances that may result in the requirement to establish incident management arrangements for the University. It has also been demonstrated that, despite the most rigorous of written procedures relating to incident notification, there are inevitably numerous ways in which senior staff may become aware of a significant incident. The University’s various resilience plans may set out notification processes for incident responders to follow in order to alert the Crisis Management Team (CMT) to an incident but it is relevant to note that a senior staff member may become aware of an incident through a variety of means.

(15) All staff should be aware of incident notification protocols and mechanisms for reporting.

(16) Senior staff are expected to contact a CMT member directly, usually their portfolio leader, on becoming aware of a serious incident. It is expected that senior staff, particularly those who report directly to a CMT member, will have direct contact details to be able to make this notification out of hours.

(17) It is the responsibility of the Vice-Chancellor, in consultation with relevant CMT members, to decide if standing up a CMT is appropriate for a particular incident. It is not appropriate for any other staff member to make a decision that the CMT is not required. Simply put, senior staff are to report all incidents of significance to their management structure in order for the CMT to assess this requirement.

Incidents to be considered

(18) A CMT may be stood up for a variety of incidents, including:

1. Emergencies. These are the kind of incidents that may adversely affect the occupants or visitors in a facility, and which require an immediate response to ensure safety and preserve life. They are typically responded to through facility evacuation, and in some cases shelter in place orders. Response is usually led through the Chief Warden on each campus to a predetermined emergency plan. Involvement of the emergency services is common.
2. Critical incidents. Critical incidents are unexpected non-routine situations that are beyond the capacity of normal management structures and processes to deal with effectively. A considered and coordinated response is required to minimise harm and restore normal operations. Critical incidents are responded to via selected responders, assembled by the portfolio leader in the area most impacted by the incident. In the main, critical incidents are incidents that the University has not anticipated and has not developed a predetermined response plan to address.
3. Incidents. In many cases, the University has developed predetermined plans to respond to anticipated incidents. These incident plans are developed for a specific purpose, are reviewed and approved by the proper delegates, and are attached to Charles Sturt University's Critical Incident Management Guidelines. In some cases, these incident plans will pre-empt the establishment of a CMT to advise, guide and oversight the incident responders.
4. Disruptions. These are business continuity related events that threaten the maximum allowable outage time of a critical service provided by the University. Business continuity incident management is often required following the initial phase of an emergency or other incident response. In the context of the University, business continuity related disruptions are usually less acute than emergencies and incidents and require a longer term focus to address. They are primarily responded to through business continuity plans.
5. Information technology disaster recovery. The activation of the IT disaster recovery plan is considered an IT related business continuity response. The IT disaster recovery plan is initiated by the Executive Director, Division of Information Technology.
6. Other significant incidents. From time to time the University may be engaged with the local emergency management committees (LEMCs) which mount an interagency response to major incidents threatening the wellbeing and assets of the broader community. Agencies involved in these arrangements include emergency services, local government and state government departments. In the main, the University will participate and respond to these matters on a case by case basis considering the general processes set out in these guidelines.

Membership of the Crisis Management Team

(19) The standing membership of the Crisis Management Team (CMT) is set out below:

1. Leader: Vice-Chancellor (or properly authorised delegate).
2. Facilitator: One staff member with experience in the University’s incident management processes, nominated by the Vice-Chancellor (e.g. Director, Risk and Compliance, team member of the Risk and Compliance Unit, Executive Director, Safety, Security and Wellbeing, Manager, Work Health and Safety).
3. Executive support: Executive officer or executive assistant to the Vice-Chancellor, or other appropriately skilled member of staff.
4. Portfolio leaders: Chief Operating Officer, Deputy Vice-Chancellor (Academic), Deputy Vice-Chancellor (Research).
5. University Secretary.
6. Media and communications: Director, Office of the Vice-Chancellor.

(20) The CMT membership may also include subject matter experts nominated by the CMT leader as required.

Crisis Management Team support roles

(21) In the event of an incident warranting the establishment of a CMT the following roles are to be put on notice to be available to provide advice or to take direction from the CMT:

1. Executive Director, Safety, Security and Wellbeing
2. Executive Director, People and Culture
3. Director, Public Relations and Communications
4. Director, Facilities Management
5. Executive Director, Division of Information Technology
6. Chief Financial Officer
7. Chief Security Officer

(22) Where the required operational response to an incident is complex, impacts stakeholders across multiple portfolios, or is anticipated to be required for an extended period of time, the CMT support roles may be formally established into a Critical Incident Management Team (CIMT).

(23) In the event of the establishment of a CIMT, it is likely that a broader range of participants will be required. Refer to the Critical Incident Management Guidelines for further information.

Standing up the Crisis Management Team

(24) Any CMT member notified of a significant incident is to review the circumstances and extent of the incident with the Vice-Chancellor.

(25) It is ultimately the responsibility of the Vice-Chancellor, in consultation with other relevant CMT members, to decide if formally standing up the CMT is required.

(26) Considerations to inform the requirement to stand up a CMT include:

1. the potential of the incident to cause, or causing, serious harm to any person,
2. the potential of the incident to cause, or causing, significant loss to any of the physical assets of the University,
3. the requirement to ensure overall University observance of regulatory and legal compliance,
4. the potential of the incident to cause, or causing, serious harm to the reputation of the University,
5. the requirements to control expenditure and minimise extraordinary costs arising from the incident,
6. the requirement to manage institutional risk and provide extraordinary approvals for variation to operational practices,
7. the complexity of the incident and whether coordination across multiple portfolios and/or facilities is required at the executive level,
8. the extent of Council, public and/or media interest in the incident,
9. to expedite the return to business as usual operations.

(27) In general terms, the CMT are encouraged to be stood up relatively early during an incident. The activation of the CMT is the mechanism by which the CMT members can obtain a consistent and comprehensive overview of any evolving incident.

(28) In addition to conventional means of contacting each other during normal business hours, there are protocols in place to raise a CMT outside of normal hours. CSU Safe is configured with the mobile contact details of all standing CMT members and can be accessed for SMS messaging through the Director, Facilities Management.

(29) In the event of a member of a CMT member being uncontactable, or otherwise unavailable, it is the responsibility of the remaining CMT members to raise an alternate CMT participant if required.

Role of the Crisis Management Team

(30) The role of the CMTis to ensure:

1. strategic oversight is applied to the management of incidents impacting the University,
2. governance, risk management and compliance obligations are satisfied,
3. an appropriate response to the needs of staff and students is developed and implemented,
4. corporate responsibilities in relation to stakeholder engagement and communication are satisfied,
5. an appropriate media response is developed and implemented, preferably with only one spokesperson,
6. relevant policy, procedure and special purpose response plans are followed,
7. the responders at the front line of an incident have the resources they need to mount an appropriate operational response, including establishing a Critical Incident Management Team where additional operational support is required,
8. business as usual continues for the remainder of the University, 
9. an orderly transition to the recovery phase of an incident occurs, and
10. continuous improvement opportunities arising from incident management are realised through the incorporation of learnings into relevant University knowledge bases and documentation.

Overseeing an incident

(31) Once the Vice-Chancellor has determined to stand up a CMT the team is to assemble:

1. given the distributed regional footprint of the University, the most likely means of assembling the team is through an online digital platform:
   1. If conventional access to Zoom is not available, go to https://charlessturt.zoom.us/ from any device, and follow the options to create (or join) a Zoom meeting. The meeting host can invite participants or obtain the meeting code to provide to other CMT members.
   2. For OneDrive access to Incident Preparedness resource materials, go to https://office.com from any device and log in with your Charles Sturt credentials.
2. these arrangements rely on CMT members having access to an internet enabled device with (battery) power:
   1. A mobile phone with hotspot capability can be used to access the internet over the mobile network.
   2. To access the Incident Preparedness OneDrive, one of the two Sydney based data centres must be operational to go through the University user identity authentication systems.

(32) The Office of the Vice-Chancellor is to ensure contact is made with an appropriate CMT facilitator and an executive support officer is identified and appointed.

(33) The CMT executive support officer is to follow the actions and activities of the CMT leader and is to ensure:

1. a detailed sequence of events is recorded for the incident, including date and time stamps. Matters to be incorporated in the sequence of events include:
   1. communications between key stakeholders,
   2. the occurrence of milestone events that establish the course of the incident,
   3. details of review meetings, including attendees and nature of discussions, and
   4. the decisions relating to determining a course of action, including the rationale for decision making, and
2. that action items are identified, assigned to a person, tracked through to completion and a status report is available for the CMT leader’s reference.

(34) A comprehensive and accurate sequence of events is critical to the effectiveness of post incident review and debrief and may be required for external agency investigation especially if the incident involves criminal activity or death or serious injury of a person.

(35) Prior to attending the initial CMT meeting, CMT members are to contact their senior staff to:

1. advise them that the CMT has been stood up,
2. obtain a situation report from relevant staff of the current status of the incident and to determine if there are any matters requiring the immediate attention of the CMT, and
3. agree with senior staff the method and frequency of forward communications.

(36) The CMT facilitator is to determine what emergency plan, incident plan or business continuity plan has been activated and provide copies of these to the CMT members.

(37) The CMT executive support is to contact the Executive Officerin the Office of the Chief Operating Officer to coordinate putting on notice the positions identified as the CMT support roles. A CSU Safe circulation group for SMS messaging has also been established for this purpose.

Emergency contact information and protocols

(38) During periods of normal IT systems operation, emergency contact information for staff, including personal details and next of kin, is available:

1. to a staff member’s management line through Web Kiosk, or
2. from the human resources information system via the Division of People and Culture.

(39) During periods of normal IT systems operation, emergency contact information for students, including personal details and next of kin, is available through the Banner Production system via Student Administration.

(40) At time of publishing these guidelines, there is no mechanism in place to access staff or student emergency contact or next of kin information without access to the electronic systems identified above. It is noted that most staff members will have informal arrangements with their immediate work colleagues for contact outside normal business hours.

1. One exception is the on-call staff member for CSU Global, who has access to the emergency contact information for:
   1. Charles Sturt University students on temporary placement overseas (outbound mobility students), and
   2. Third party institution students on temporary study exchange at Charles Sturt University (inbound mobility students).

(41) Any member of the CMT can request staff or student emergency contact information from a formal University information system for the purposes of communicating with a person or their next of kin in the event of an incident management situation.

(42) Where it is consistent with the purpose for which the information was collected, the University may release emergency contact information to third parties. For example, information regarding a person’s next of kin may be released to a relevant agency to make appropriate notifications where a person has suffered a serious injury or death.

Primary phase of incident oversight

(43) The CMT executive support is to maintain a formal record of all CMT meetings and decisions made with particular emphasis on items to be actioned.

(44) The CMT meeting process must be responsive to the nature of the incident being overseen and as such the agenda for each meeting will vary according to business need. The CMT facilitator is to monitor the conduct of the CMT meetings and ensure that adequate consideration is given to the following areas:

1. Administration and process:
   1. Attendance and attendees at meetings.
   2. Adequate coverage for CMT roles.
   3. Roles and responsibilities of CMT members and supporters.
2. Incident response overview:
   1. Note that in the event of an emergency incident where the facility emergency plan is activated the site based Chief Warden is the site controller until the all clear is declared. The Chief Warden has absolute authority to issue instructions to direct and evacuate all persons from buildings and/or other areas of the University.
   2. Incident controller – identify the person or agency with delegated incident control authority: Chief Warden, emergency services or other delegate.
   3. Identify the primary incident responder at the scene – assign a specific CMT member to maintain communications with this person, or delegate to a Critical Incident Management Team member.
   4. Emergency services status and issues - include emergency liaison for both University and emergency services.
3. Information gathering to ensure the CMT are fully informed as to the nature and extent of the incident:
   1. Situation report from site.
   2. Identify nature of the incident - emergency, critical incident, disruption or IT related.
   3. Impact analysis – consider the extent of incident impact or loss arising from the incident, horizontal and vertical consequences. Determine if on-site response resourcing is adequate.
   4. Identify technology impact, potential downtime or outage.
   5. Buildings and physical assets – consider damage, security, insurance and/or salvage.
4. Communication activities to inform stakeholders about disruptive events as well as the incident response actions taken by the University:
   1. Staff, students, Council, internal stakeholders, external stakeholders, media and community.
   2. Establish schedule, frequency and mechanism.
5. Containment considerations to prevent the spread of the incident:
   1. Identify interrelationships and potential to impact additional areas and/or systems.
6. Stabilisation considerations to allocate the appropriate level of resourcing to the incident response.
7. Suppression considerations to reduce the impact at the source of the incident and the application of appropriate counter measures:
   1. Provide temporary and/or alternate services.
   2. Telecommunications – is redirection of service(s) required? Are additional or amended service messages required?
8. Contingency considerations through the implementation of established plans and other protocols.
9. Wellbeing and welfare considerations:
   1. Staff impacts – consider personal impacts on staff and deploy EAP if required. Identify if emergency contact or next of kin information is required.
   2. Student impacts - consider personal impacts on students and deploy welfare support if required. Identify if emergency contact or next of kin information is required. Refer to the special purpose Student Critical Incident plan if appropriate.
10. Any other matters.

Establishing a Critical Incident Management Team

(45) In circumstances where the operational needs of the first line incident responders require a degree of support and guidance beyond the capacity of the Crisis Management Team. The Crisis Management Team may elect to establish a CIMT.

(46) The role of the CIMT is to provide a forum for the coordination of operational incident response, especially where this impacts across operational areas and or campuses.

(47) The CIMT is an operational extension of the Crisis Management Team, making decisions and authorising actions within the delegated authority of each CIMT member.

(48) A CIMT is most likely to be a useful management tool in circumstances where there are no predetermined plans to respond to an incident.

(49) The CIMT performs its functions in accordance with the Critical Incident Management Procedure.

(50) The Crisis Management Team stands down the CIMTas part of the transition to the recovery phase of incident management.

Information coordination

(51) Depending on the complexity of the incident response and the likely duration of the requirement for formal Crisis Management Team (CMT) operational oversight, the CMT facilitator and the CMT executive support may establish information management practices guided by the following subject areas:

1. Current operations - showing all tasks currently being carried out and actions required for follow up.
2. Contacts - used to record important contact information in regular use.
3. Resources allocation - recording resources location, resources committed and resources available.
4. CMT roster (incl breaks) for protracted assembly of the CMT.
5. Sequence of events - recording of timing of briefings, meetings situation report etc.
6. Media releases - copies of publicly released materials.

Post initial response

(52) Subsequent to the oversighting the initial response to an incident, consideration should be given to:

1. scheduling a site visit,
2. identify and providing oversight, support and direction to ensure BAU in non-affected business areas,
3. formal notifications to stakeholders; including community, local government agencies, higher education regulators,
4. updates and communication requirements for students, including on-site, online and others,
5. organisational debriefing (town halls, staff meetings, etc.), and
6. requirements for alternate work locations or learning delivery.

Secondary phase of incident oversight

(53) Once the initial phase of the incident concludes and the response environment becomes less urgent, the CMT may continue oversight and decision making through more conventional business as usual processes. While the CMT will continue to perform its delegated duties and responsibilities, this may occur through the standard operational Executive Leadership Team structure with appropriate administrative support and with the Director, Office of the Vice-Chancellor, performing the CMT facilitator’s role. This transition will be at the discretion of the CMT leader.

(54) If the circumstance requires, the CMT can continue in its more formal arrangement for any period of time.

(55) The considerations of the CMT should continue to be guided by the subject areas identified for the primary phase of response.

(56) The CMT facilitator and CMT executive support are to ensure that comprehensive records continue to be kept of CMT meetings and decisions as well as the tracking to completion of any agreed action items.

(57) When appropriate, the CMT is to stand down the Critical Incident Management Team. This is anticipated to occur when the CMT have adequate capacity to oversee any remaining operational incident response.

Stand down of the Crisis Management Team

(58) CMT operations are to continue until the CMT leader formally stands down the CMT.

(59) Stand down of the CMT should occur at whatever point in time the recovery phase can be managed under business as usual operational arrangements. In some cases, this may be at the commencement of the recovery phase, at an intermediate point in the recovery phase, or at the end of the recovery phase.

Recovery phase of an incident

(60) The Resilience Policy outlines the strategies, processes, oversight and implementation that is required to recover from an incident. The recovery phase is characterised by the return to business as usual operations and the restoration of services.

(61) The recovery phase can be oversighted by the CMT or this can be delegated to a specialist appointed recovery committee. The recovery committee should be established with a clear articulation of membership, responsibilities, reporting requirements and expected timeframes for completion. The Resilience Framework anticipates that the recovery committee may be supported by a recovery team, though the exact requirements will be determined by the CMT on an incident by incident basis.

Incident debrief

(62) The transition from CMT oversight of incident response to the recovery phase is to include:

1. debrief with all process participants, including incident responders, CMT members, CIMT members, plan owners and any other relevant stakeholders to identify and document improvements to any aspect of the Resilience Framework and the incident oversight and response structures, and
2. debriefs can be conducted in multiple settings with different cohorts of participants, but in each case the outcomes of the debrief are to be provided to the business area overseeing the recovery phase of the incident.

Associated information and record requirements

(63) Records relating to the response made by the University to any crises incident in accordance with the Resilience Framework is to be retained in the appropriate folder in UniRecords at