Continuity, disaster and emergency management policy

Version number 2.0 | Version effective 24 January 2022

Audience

Department-wide

Purpose

This policy outlines the Department of Education's (the department) business continuity, disaster and emergency management arrangements that help minimise the impact of disruptive events, regardless of their nature, scale, impact and duration. These arrangements assist the department to continue or resume critical services during, and effectively return to normal operations following a disruptive event.

Policy statement

Minimising the impact of disruptive events is essential to the department's pursuit of quality outcomes for children, students and the community. The department has a risk-based, multi-tiered approach to managing disruptive events which draws from both business continuity management and disaster and emergency management approaches.

During a disruptive event, the department applies these approaches to achieve critical objectives, which are:

maintaining the safety and wellbeing of children, students, staff and volunteers who work or participate in state schools, institutions and workplaces
continuing direct service delivery, and critical business functions that support community recovery and safeguard the department’s areas of lowest risk appetite:
- safety of children and students
- workplace health and safety of its staff and the community
- security of confidential and personal information held by the department
- fraud and corruption.
protecting assets.

For the purpose of this policy, the Office of Industrial Relations is equivalent to a division.

This policy should be read in conjunction with the:

Principles

Principle	What this means for the department
Comprehensive	The department will employ an all-hazards approach to managing disruptive events in order to recover and resume normal business operations as soon as possible. The department will ensure it continuously improves and strengthens its approach to prevention, preparedness and response to enhance ongoing resilience.
Responsive	Our integrated plans provide us with line-of-sight and are scalable and adaptable to change to manage all disruptive events as they unfold. Our structures and plans enable leaders to access support when they require additional, or specialised capabilities.
Empowering	Leaders in schools, regions, divisions and the department are supported to use consistent approaches and make informed decisions to manage disruptive events in their area of responsibility.
Collaborative	Staff expertise will be identified and leveraged to ensure best practice across prevention, preparedness, response and recovery phases. The department recognises its role in supporting Queensland government efforts to prevent, prepare for, respond to and recover from disruptive events. All staff will seek to proactively identify and establish productive partnerships to meet needs.
Safe	All leaders and staff prioritise the safety and protection of children and students and the health, safety and wellbeing of workers and visitors in our schools and workplaces.

Requirements

1. Legal and other mandatory requirements

The department's requirements are stated in:

Section 61 of the Financial Accountability Act 2009 (Qld), which requires the department to establish and maintain appropriate systems of risk management. This includes managing disruption-related risks which may affect the department's ability to continue to provide services (section 23(2b) of the Financial Performance Management Standard 2019).
Section 18 of the Work Health and Safety Act 2011 (Qld), which requires the department to minimise risks, so far as is reasonably practicable, to maintain the safety and wellbeing of students, staff and volunteers who work or participate in state schools, institutions and workplaces.
The Building Fire Safety Regulation 2008 (Qld) which requires departmental workplaces to have evacuation coordination procedures, including plans and displayed diagrams and signs, for fire and hazardous materials events. Additionally, the regulation requires annual evacuation practice and plan review, and prescribed and maintained fire safety installations for departmental workplaces.
The Queensland State Disaster Management Plan, under section 49 of the Disaster Management Act 2003 (Qld), which requires the department to lead, manage and coordinate the department's planning, preparation, response and recovery from disasters and to provide emergency support functions.
The Commission Chief Executive Directive: Critical Incident Response and Recovery 10/14, which requires the department to determine its contribution to critical incident reserve pools based on the department's critical service priorities.
A range of legislative instruments, which require the department to comply with directions in a disaster or emergency situation. These include, but are not limited to, public health orders under section 21 Public Health Act 2005 (Qld), emergency declarations under section 5 of the Public Safety Preservation Act 1986 (Qld) and disaster declarations under section 64 of the Disaster Management Act 2003 (Qld).

In fulfilling these requirements, the department must:

align to approaches prescribed in AS/NZS 5050 (Int): 2020 Managing disruption-related risk; and
be consistent with the department's Enterprise risk management framework, policy and procedure and the Queensland emergency risk management framework.

2. The department's approach to the management of disruptive events

The department must manage disruptive events in accordance with the department's Continuity, disaster and emergency management framework, policy, procedures and plans. Under this approach, the department applies the PPRR methodology, that is, Prevention, Preparedness, Response and Recovery.

The focus of departmental activity is as follows in each of the phases:

Prevention: The department focuses on developing and implementing strategies to reduce the likelihood of disruptive events and minimise the impact of disruption.
Preparedness: The department builds capability for response and recovery through risk-based planning, resourcing, training, exercising and testing.
Response: To minimise adverse effects, the department activates and tailors teams and plans to address the nature, scale, impact and duration of the disruptive event. The department focuses on communication and coordination to ensure the effectiveness of response activities.
Recovery: The department focuses on returning the department to usual operations through coordinating efforts to address the impact of disruption and leveraging lessons learned to improve organisational resilience.

3. What the department must include within its approach

At a departmental-level, the following plans must be developed and maintained:

a disaster management plan (DMP)
a business continuity plan (BCP), which provides the basis for the department to negotiate its contribution to state-wide critical response and recovery
a range of sub-plans, as required.

Regions and divisions must undertake business impact assessment/s (BIA), at least every two years, and following:

changes to the department's risk profile
machinery-of-government changes or significant internal restructuring
implementation of new services, and/or functions
significant changes to the function, for example, what is included or how it is delivered.

All departmental workplaces must have a fire and evacuation plan (FEP) for fire and hazardous materials incidents.

Additionally, schools, regions and divisions must develop, maintain, test and exercise a range of sub-plans to be used to respond to disruptive events. This includes, for the following areas:

Schools:
- an emergency response plan (ERP)
- planning that enables the transition to alternate delivery models and supports the continuity of learning.
Regions:
- a regional DMP
- BCPs which support the coordination, resumption and continuation of critical business functions identified in the BIA.
Divisions:
- BCPs which support the coordination, resumption and continuation of critical business functions identified in BIAs.

4. How the department responds to disruption

Schools, regions, divisions and the department as a whole must respond appropriately to disruptive events that may interrupt service delivery.

Incident management is appropriate when the incident can be managed within business-as-usual capabilities, using existing structures, resources and processes to return to normal operations. This follows standard reporting and escalation pathways and does not require the activation of a plan (for example, an ERP or BCP).

Business continuity management is appropriate when schools, regions or divisions are unable to deliver one or more critical business functions and the period of disruption is likely to exceed the maximum acceptable outage. Business continuity management includes activating and tailoring one or more BCPs to address the nature, scale, impact, duration and unfolding of the disruptive event.

Disaster and emergency operations are appropriate when additional and/or specialised capabilities are required to safeguard people and assets, continue or resume critical business functions and return the department as quickly as possible to normal service delivery. To address the event's nature, scale, impact and duration, this includes:

activating and tailoring governance arrangements, for example, school, regional and/or executive response teams
activating and tailoring one or more of the following:
- the ERP for affected schools or workplaces
- the FEP for affected schools or workplaces
- the DMP for affected areas
- departmental plans and sub-plans, for large, complex and severe events
- BCPs (including coordination BCPs) for affected critical business functions including alternate delivery models to continue to deliver services, if required.

In disruptive events, including disasters and emergencies, the business continuity needs of schools are primarily addressed by regions, with communication and consultation ensuring business continuity strategies employed are appropriate to:

address the nature, impact, scale, duration of the disruptive event
the needs of the school and wider community.

Business continuity strategies include transitioning to, and enacting contextually appropriate continuity of learning arrangements to continue service delivery in alternate delivery models.

The temporary closure and reopening of state schools may be appropriate in disaster and emergency events, in line with the Temporary closure and reopening of state schools in disaster and emergency situations directive.

In disaster events, the department requires that offers of assistance are managed in line with the Managing offers of assistance in disaster events procedure.

Definitions

Term	Definition
Activating and tailoring	Activating involves putting a plan into effect or standing up a governance group (e.g. response team). Tailoring is adjusting the plan or group to suit the situation, such as: selecting the most appropriate strategies changing activation priorities of critical business functions or resourcing requirements selecting capabilities required for the response team.
Alternate delivery model	A model of service delivery used to continue operations to respond to the nature, scale, impact and duration of a disruptive event.
Business continuity management	A holistic approach to managing risks related to disruptive events.
Business continuity plan (BCP)	BCPs detail resources and strategies to support the coordination, resumption and continuation of critical business functions in disruptive events that are identified in BIAs. Critical business functions in all regions and divisions are summarised in the Department of Education Business Continuity Plan.
Business impact assessment (BIA)	In this policy, the business impact assessment is a risk-based process, which: considers the department’s business functions and associated activities, people, processes, infrastructure, resources, information and interdependencies uses identified risk criteria aligned with the achievement of critical objectives to assess the consequences associated with the loss of the department's business functions in disruptive events identifies critical business functions that require plans to support continuation and resumption during and following disruption.
Critical business function	A business function (or part of a business function) that is identified as essential for the department in the achievement of its critical objectives. The identification of critical business functions occurs as part of a business impact assessment (BIA).
Critical incident	Means any event requiring swift, decisive action by the Queensland Government in response to and recovery from such event and occurring outside of the normal course of routine business activities (Critical Response and Recovery Directive 10/14).
Disaster and emergency	An emergency is: any explosion or fire any oil or chemical spill any escape of gas, radioactive material or flammable or combustible liquids any accident involving an aircraft, or a train, vessel or vehicle any incident involving a bomb or other explosive device or a firearm or other weapon any impact of a naturally occurring event such as a flood, cyclone or a landslide any other accident or incident: that causes or may cause a danger of death, injury or distress to any person, a loss of or damage to any property or pollution of the environment, includes a situation arising from any report in respect of any of the matters referred to in the points above which if proved to be correct would cause or may cause a danger of death, injury or distress to any person, a loss of or damage to any property or pollution of the environment. A disaster may be declared for a serious disruption in the community, resulting from the of impact of an emergency or other event and requiring a significant coordinated response by the State and other entities to help the community recover from the disruption.
Disaster and emergency management	Arrangements about managing the potential adverse effects of a disaster or emergency situation. These include arrangements for preventing, preparing for, responding to, and recovering from a disaster or emergency situation.
Disruptive event	Any event which causes disruption to service delivery.
Emergency response plan	A site-specific plan that details ‘all hazards’ responses to events, for example, evacuation, lockdown and temporary closure of facilities.
Hazard	A process, phenomenon or human activity that may cause loss of life, injury or other health impacts, property damage, social and economic disruption or environmental degradation. Hazards are: natural – associated with natural processes and phenomena anthropogenic – induced predominantly/entirely by human activities and choices socio-natural – associated with a combination of natural and anthropogenic factors, including environmental degradation and climate change.
Maximum acceptable outage	Maximum period of time that the department can tolerate the disruption of a critical business function. Disruption may include both the discontinuance of an activity or the inability to perform it to an acceptable quality or with sufficient reliability (these may occur as a result of the loss of enabling resources, including, staff, ICT or infrastructure). The department defines outages in days, for example, 1-day, 2-days, 3 to 5 days etc.
Preparedness	The taking of preparatory measures to ensure that, if an event occurs, the department is able to cope with the effects of that event. It is a critical element in both minimising the consequences of an event on those affected and ensuring effective response and recovery. Preparedness includes capability development and integration, and planning.
Prevention	Involves the identification and application of risk responses (controls and, if required, additional actions) to maintain, reduce (mitigate) or eliminate risks, including those arising from hazards. Risk responses focused on reducing the risk, target reducing the likelihood and/or consequences of the hazard or risk.
Recovery	The coordinated process of: supporting affected communities’ psychosocial and physical wellbeing reconstructing physical infrastructure and the natural environment restoring business-as-usual operations. Recovery includes assessing, through debrief, and, if determined, review, the effectiveness of implemented controls and actions to improve the management of disruptive events.
Response	The use of pre-planned strategies (controls) and the undertaking of additional actions when an event is imminent or occurring, to ensure that its effects are minimised. Response strategies are planned and documented prior to events and tailored, adapted and extended to meet the needs of imminent and occurring events.
Risk	Effect of uncertainty on the achievement of objectives.
Sub-plans	Any plan supporting the department's Disaster Management Plan. Examples include functional plans, for important services before, during and after the impacts of a disaster (e.g. recovery plan, communication plan) or hazard-specific plans, which may outline the department's arrangements to address a particular hazard (e.g. pandemic plan).

Legislation

Building Fire Safety Regulation 2008 (Qld) section 4
Disaster Management Act 2003 (Qld) section 49
Education (General Provisions) Regulation 2017 (Qld) section 4
Financial Accountability Act 2009 (Qld) section 61
Public Health Act 2005 (Qld) section 21
Public Safety Preservation Act 1986 (Qld) section 5
Work Health and Safety Act 2011 (Qld) section 18

Delegations/Authorisations

Other resources

Superseded versions

Previous seven years shown. Minor version updates not included.

1.0 Business continuity management policy

Review date

24 January 2027

Keywords

Business continuity management | disaster and emergency management | disaster | emergency | disruption

Policies and procedures in this group

Continuity, disaster and emergency management policy (current page)

SocialMedia_BottomRight