crisis management and recovery plan

Plan

1 Crisis and Recovery Management Plan | June 2021

Document number: 2021/0000060 Griffith University - CRICOS Provider Number 00233E

Crisis and Recovery Management

CONTEXT The escalation of occurrences that may trigger emergency management, incident and crisis management or

business continuity events at Griffith University occur through established policies and procedures within

Groups, Divisions and Professional Areas. It will always be preferred, where possible, that occurrences are

dealt with at the lowest possible level, however there are clear escalation and notification procedures

contained in this procedure which should be followed. The activation of this Crisis and Recovery

Management Plan will rely in most cases on Groups, Divisions and Professional Areas working through a

disruptive event and escalating to the appropriate level of Griffith University management.

TABLE OF CONTENTS

1.0 Purpose ........................................................................................................................................ 2

2.0 Scope ........................................................................................................................................... 2

3.0 Plan.............................................................................................................................................. 2

3.1 Plan Objectives ..................................................................................................................................................... 2

3.2 Crisis Management Phases ................................................................................................................................... 3

3.3 Crisis Management Flowchart .............................................................................................................................. 4

4.0 Assessment and Activation ........................................................................................................... 6

4.1 Recognising a Crisis ............................................................................................................................................... 6

4.2 Assessing the Incident – Assessment Team ......................................................................................................... 6

4.3 Convening the Crisis Management Team............................................................................................................. 9

5.0 Managing the Crisis Response ..................................................................................................... 12

5.1 Conducting a Situation Report (SITREP) ............................................................................................................. 12

5.2 Team Meeting Agendas ...................................................................................................................................... 12

5.3 Assessing Business Impacts ................................................................................................................................ 14

5.4 On-going Crisis Actions ....................................................................................................................................... 15

6.0 Managing Post Crisis Actions ....................................................................................................... 17

6.1 Standing-down the Crisis Management and Recovery Planning Teams ............................................................ 17

6.2 Post Incident Review .......................................................................................................................................... 17

7.0 Definitions.................................................................................................................................. 18

8.0 Appendices................................................................................................................................. 19

8.1 Appendix 1: Assessment and RACI Matrix.......................................................................................................... 19

8.2 Appendix 2: SITREP Template............................................................................................................................. 22

8.3 Appendix 3: The Recovery Planning Team ......................................................................................................... 23

8.4 Appendix 4: Stakeholder Contact Details ........................................................................................................... 26

8.5 Appendix 5: Facts, Assumptions and Event Log ................................................................................................. 27

8.6 Appendix 6: Business Continuity Planning Guidance ......................................................................................... 29

8.7 Appendix 7: Recovery Action Plan Template ..................................................................................................... 30

8.8 Appendix 8: Post Incident Review Guide ........................................................................................................... 31



1.0 Purpose

This document has been designed to assist Griffith University to manage any event that has potential to

negatively impact on the organisation’s operational and strategic objectives. This includes guidance on the:

▪ Initial assessment of incident severity including through the Assessment Team (see section 4.2).

▪ Activation of Crisis Management Team and Response Planning Team resources (as applicable) (see

section 4.3).

▪ Assessment of business impacts.

▪ Implementation of crisis management strategies.

2.0 Scope

The plan is to be utilised by Griffith University’s Assessment Team and, as applicable, the Crisis Management

Team and Response Planning Team to coordinate the implementation of crisis management response and

recovery strategies across Griffith University including all campuses, elements, Academic Groups, divisions,

and professional areas. It sets out responsibilities and provides guidance for matters to be considered in a

crisis.

All Griffith University campuses, physical and digital, are covered by this Crisis and Recovery Management

Plan.

Note: This Crisis and Recovery Management Plan is also intended to guide Griffith’s response to crisis events

that occur at facilities owned or managed by third parties. For example, where a crisis event occurs and

impacts Griffith University staff and students located in campuses or facilities not mentioned above (such as

teaching hospitals), or where a crisis event occurs at a tenancy on any property owned or managed by Griffith

or at any Griffith branded enterprise operated by a third party, the Assessment Team should still convene to

assess the situation and activate any management deemed necessary (see Section 4.2). In these

circumstances, the Assessment Team can also assess the adequacy of the disaster management procedures

being applied by the third-party operators.

3.0 Plan

3.1 Plan Objectives

In addressing any disaster, emergency or major incident, Griffith University applies the following critical objectives:

▪ Protect the safety of employees, students, and visitors.

▪ Protect stakeholder value by protecting our property, assets, and brand.

▪ Maintain the loyalty and trust of our key stakeholders including staff and students in order to maintain

and enhance the long-term value of our services.

▪ Re-establish business operations.



3.2 Crisis Management Phases

Griffith University’s crisis management process is divided into three phases as outlined below:

PHASE PHASE NAME DESCRIPTION

Phase 1 Assessment and Activation [see sections 4.2 and 4.3]

▪ Recognising a crisis

▪ Assessing the incident using the Assessment and RACI Matrix in

Appendix 1

▪ Convening the Crisis Management Team and/or Recovery

Planning Team structure (as applicable)

▪ Establishing a Crisis Command Centre

Phase 2 Managing the Crisis Response and implementing Recovery actions [see section 5]

▪ Initial crisis actions

▪ Conducting a Situation Report (SITREP)

▪ Conduct crisis meetings

▪ Assessing business impacts

▪ On-going crisis response

▪ Implementation of Recovery Plans

Phase 3 Post-Crisis Actions

[see section 6]

▪ Standing-down the Crisis Management and Recovery Teams

▪ Facilitate Post Incident Reviews



3.3 Crisis Management Flowchart



4.0 Assessment and Activation

Use this section to determine initial actions following notification of an incident. The primary activity

is to conduct an assessment that will help determine if the incident has potential to escalate to the

point that it causes major loss of damage to the University and its stakeholders. This section will

also support activation of crisis management resources to provide leadership during the incident.

4.1 Recognising a Crisis

A crisis is any ’abnormal and unstable situation that threatens the organisation’s strategic objectives,

reputation or viability’. It is typically an incident that has escalated to the point that it may cause major loss

or damage to the University, its staff, students, or the community. This requires a distinct strategic,

operational, and tactical response that must take priority over normal business activity.

At Page 8 and replicated at Appendix 1 is an Assessment and RACI matrix, designed to facilitate efficient

reporting and notification to key stakeholders, and to assist in the determination of the appropriate Team

Activation response.

4.2 Assessing the Incident – Assessment Team

The escalation of occurrences that may trigger Emergency Management, Incident and Crisis Management

or Business Continuity events at Griffith University occurs through established policies and procedures within

Groups, Divisions and Professional Areas.

It will always be preferred, where possible, that occurrences are dealt with at the lowest possible level

utilising these policies and procedures. Where this is not possible or there is a high probability that the

incident will escalate further, an Assessment Team should form to undertake a preliminary assessment of

the incident and to make a determination as to whether to activate the Crisis Management Team. The

Assessment Team must consist of, as a minimum, any two of the Vice Chancellor, Provost and Chief

Operating Officer.

If any executive member is unavailable, and their absence is unavoidable, their alternate or delegate can

attend in their place. The relevant executive member is responsible for selecting their own alternate or

delegate, noting that it must be someone of sufficient seniority and experience, given the critical nature of

the role. The activating member of the Assessment Team may call on secretariat support as required (it is

suggested this support comes from their own staff area).

MEMBER ROLE

Vice Chancellor (Alternate or delegate)

Declare a crisis and convene a Crisis Management Team and/or Recovery Planning Team

Provost (Alternate or delegate)

Provide general guidance and advice to the Vice Chancellor on impacts to the University

Chief Operating Officer (Alternate or delegate)

Provide specific guidance and advice to the Vice Chancellor on impacts to the University

Nominated EG member/s

Provide specific guidance and advice to the Vice Chancellor on impacts to the affected Academic Group and/or Division or Professional Area (with guidance provided by the Chief Operating Officer)

This team will conduct a quick preliminary assessment of the incident using the Escalation Matrix in Appendix

1. To assist in this process, members of the Assessment Team may need to collect information from

impacted Groups, Divisions and Professional Areas relating to:



Whether staff, students and visitors are safe and accounted for:

▪ Can this be confirmed and by whom?

▪ What actions have been taken and by whom?

▪ Is there potential for future harm to staff, students, or visitors?

Whether buildings and/or other infrastructure have been damaged:

▪ Has power/water (potable / non-potable) to the affected site been disrupted? If so, what is the estimated

timescale?

▪ What actions have been taken to make the buildings / site safe and secure?

▪ Is this a precinct event? i.e. have neighbours also been affected?

▪ Is there potential for future damage to buildings and infrastructure?

▪ Does the crisis impact campus entry and exit routes?

Whether there any other potential impacts that may result from the incident:

▪ Measurable / serious environmental harm?

▪ Direct loss or opportunity cost?

▪ Is there a risk of in reputational damage to the University?

▪ Does the incident highlight or trigger a broader or more systemic risk to the University?

▪ Media exposure?

Note: when using the Escalation Matrix, this information will help determine potential areas of future impact,

responsibilities for managing them, team activations and follow-on notifications.

The diagram below represents the life cycle of a level 3 or 4 crisis event, together with the manner in which

the University’s structures and systems (including BECO, Campus ECO, the Assessment Team, the Crisis

Management Team and the Recovery Planning Team) can respond. This diagram can be used by the

Assessment Team in determining whether to convene the Crisis Management Team and whether the CMT

should be supported by other operational teams available to the University.

Level 3 or 4 CRISIS Where CMT Activated



The Assessment Matrix below provides high level guidance for what types of incidents are likely to activate what level of response.

Level Types of Events Areas of Impact (as applicable) Responsibility Team Activation Notification Path

Level

1 -

Min

or Any injury / illness requiring first aid treatment only.

Minor damage to facilities and/or failure of plant & equipment - no disruption to university operations.

Complaint received about University conduct.

Individual adverse social media posts. Minor reputational impact.

Short-term ITC outage.

Potential cyber security or data breach issue that has been contained.

Financial Impact of up to $1m.

People (staff, students & visitors)

BECO

Leadership Team of Group / Division /

Professional Area

Executive Group

Physical environment

University operations (academic, research & corporate)

Brand and reputation

Legal Services

Financial

Cyber

Level

2 -

Mo

dera

te Any non life threatening injury / illness / trauma requiring external medical assistance.

Damage to facilities and/or failure of plant & equipment that results in short-term disruption to university operations.

Multiple complaints received about the same issue relating to University conduct.

Increasing number of adverse social media posts. Moderate reputational impact

ITC outage causing short-term disruption to University operations.

Event that has potential to compromise research outcomes.

Potential cyber security or data breach issue affecting non-critical systems.

Financial Impact of up to $1-5m.


One or more of the following local

Emergency Response Teams:

Campus EMT

Academic Recovery Teams

Communications Response Team

Student Life Incident Management Team

Digital Solution CMT

Executive Group




Legal Services

Financial

Cyber

Level

3 –

Seri

ou

s

Any injury / illness / trauma that may be life-threatening or cause long term harm.

Damage to facilities and/or failure of plant & equipment that results in significant disruption to university operations.

Large volume of complaints received about the same issue relating to University conduct.

Adverse social media posts trending across all major platforms / negative mainstream media reporting. Major reputational impact.

Loss of critical IT and communication systems causing significant disruption to University operations.

Confirmed cyber security event and/or data breach.

Events or potential circumstances that carry highly likely major or catastrophic consequences

Serious compromise to research from loss, negligence or fraudulent activity.

Financial Impact of up to $5-10m


One or more of the local Emergency Response Teams mentioned in Level 2 +


---------- OR --------

Assessment Team

Crisis Management Team

Executive Group

Finance, Resources and Risk Committee

Audit Committee

Chancellor




Legal Services

Financial

Cyber

Level

4 –

Majo

r (C

risis

) Death or permanent incapacitation.

Infectious disease or Pandemic.

Loss or destruction of critical infrastructure.

Reputation damage that potentially effects strategic market position and/or has a catastrophic impact.

Regulatory action.

Cyber-attack on critical systems and/or notifiable data breach.

Research fraud, inappropriate behaviour or other event that brings the University’s reputation into disrepute.

Financial Impact of over >$10m

Critical failure of high-risk equipment with the potential to cause serious injury or death

Events or potential circumstances that carry highly likely catastrophic consequences


Assessment Team

Crisis Management Team supported by

Student Life Incident Management Team, Digital Solution CMT, Campus EMT,

Academic Recovery Team,

Communications Response Team and

other groups as required

Chancellor and University Council


Audit Committee

REF

ER T

O R

AC

I MA

TRIX

BEL

OW



4.3 Convening the Crisis Management Team

For certain level 3 and all level 4 incidents (refer to Appendix 1 for definitions), the Assessment Team has

the option of convening the Crisis Management Team (CMT).

The CMT is the strategic lead that will focus on strategic and other business impacts, manage internal and

external communications, and provide briefings to Council and the Chancellor.

If required, the CMT can also activate a Recovery Planning Team (RPT). The RPT is a multi-disciplinary

team that provides operations support that will focus on logistics including assessing and securing the safety

of staff and students, and proactively managing the practical response to the crisis event to prevent further

escalation, and then focus on the operational critical business functions and Business Continuity of the

University to return to business as usual. An RPT may be necessary where multiple Operational Teams have

already been responding or require activation (for example: Campus EMT and Student Life IMT) to avoid

parallel planning or duplication of effort.

The structure, roles and responsibilities for the RPT can be found at Appendix 3.

4.3.1 Crisis Management Team

Once established to oversee a crisis, the CMT is the strategic lead and central point of accountability for

management of certain level 3 and all level 4 crisis events (being those events or incidents that the

Assessment Team has determined cannot be dealt with through established policies and procedures within

applicable Groups, Divisions and Professional Areas, or for which there is a high probability of further

escalation or significant reputational damage).

The core CMT composition consists of the following personnel (noting that delegates can attend in place

of a person where that person is unavailable, and their absence is unavoidable).

▪ CMT Chair

▪ Chief of Staff

▪ Provost

▪ Chief Operating Officer

▪ DVC-R

▪ VP (M&C).

Additional representation can be sought, as required, as shown in the diagram below.



Key responsibilities of the CMT are to:

▪ Continually assess and manage business impacts stemming from the incident on Griffith University (including people, brand, financial, legal, and strategic).

▪ Assume management of the University’s response to certain level 3 and all level 4 crisis events.

▪ Provide direction and support to the University operational teams that are convened to provide support to the CMT.

▪ Manage top level stakeholder relations.

▪ Approve communication strategies including key messages, etc.

▪ Brief the University Council and Chancellor.

▪ Obtain regular updates from University operational teams (if activated). Notes:

▪ The CMT Chair will be the Vice Chancellor unless this role is delegated to another executive.

▪ Only the Vice Chancellor or an appropriately convened assessment team comprising any two of the

Vice-Chancellor, the Provost, and the Chief Operating Officer, can authorise activation of the CMT.

▪ The CMT can operate in conjunction with or independently of the Recovery Planning Team.

▪ Not all roles within the CMT need to be activated. This will be determined by the Vice Chancellor (via

the Assessment Team).

▪ A member of the CMT may be nominated by the Vice Chancellor to chair the Recovery Planning Team.

CMT roles and responsibilities

ROLE RESPONSIBILITIES

CMT Chair ▪ Convene the CMT.

▪ Provide leadership to the CMT throughout a crisis event.

▪ Act as a key liaison between the CMT and the RPT.

▪ Oversee the development of all crisis management strategies and actions.

Chief of Staff ▪ Provide guidance and support to the CMT Chair including activation of the

Command Room or Virtual Room (Teams), logistical support, provision of advice

to team members and coordinating additional support as required.

CMT Team Members ▪ Provide strategic advice and oversight as required to support the development of

crisis management strategies and actions.

▪ Ensure communications are passed to specific areas and obtain regular updates

on impacts.

▪ Facilitate resource allocation as required within delegated authority.

4.3.2 Establishing a Command Centre for the CMT

The following Command locations have been identified for the CMT to coordinate operations from.

If all members cannot be physically present, a virtual Command Centre can be established

through a Crisis Management Team group on Microsoft Teams or the Virtual Meeting Room.

If a physical meeting is required and/or a local presence from a Senior Executive, the following forward

command centres are available. The Chair of the CMT will determine the appropriate location of the



Command Centre, having regard to the potential impact radius of the crisis and considering whether the

crisis could impact upon the Command Centre personnel.

Once established, the Command Centre will:

▪ Become the focus of supporting crisis management activities and communications.

▪ Provide CMT and members with an effective working environment.

▪ Isolate CMT from the distractions of day-to-day business activities.

▪ Be secured against unauthorized access by internal and external stakeholders (e.g. media).

Nathan Campus (Coord for all meeting to be run from Nathan where possible)

Location: 170 Kessels Road, Nathan QLD 4111

Supporting

rooms:

N79_1.03A (DRMF rooms)

N54_2.06 (Bray Centre)

Site Contact: Hayley Dunn – Executive Officer to the Chief Operating Officer

Email: [email protected] Ph: (07) 3735 7626

Alternate Site: Gold Coast Campus

Location: Parklands Drive, Southport QLD 4215

Supporting

rooms:

G34_2.12 (Leneen Forde Chancellery)

G19 (CLF Office)

Site Contact: Christine Kara – Senior Executive Assistant to the Vice Chancellor


Alternate site: Logan Campus

Location: 68 University Drive, Meadowbrook QLD 4131

Supporting

rooms:

L03_2.27 (meeting room)

L03_2.10 (Security Office)

Site Contact: Sharon Vennell – Executive Support Officer to the PVC Indigenous & Head, Logan Campus


Crisis Event Data Storage Protocols

NOTE: This can be done in preparation for activation. Data repository information should be made

available to all CMT members once complete.

Upon activation of the CMT, a data repository should be established for team members to store and access

critical documents related to the crisis event.

While the system and management of the repository can be determined at the time of the event, with access

permissions restricted to activated team members only, the intended approach will be to establish a dedicated

Microsoft Team site for data repository.

mailto:[email protected]






5.0 Managing the Crisis Response

This section will provide guidance during the early stages of the incident including immediate

actions to prevent escalation of the incident, how to conduct a SITREP to facilitate effective

information flows, tools to assess follow-on business impacts and ongoing actions for members of

the CMT and (if convened) the RPT.

5.1 Conducting a Situation Report (SITREP)

A SITREP is designed to provide a snapshot summary of the situation, actions, and issues. A SITREP should be completed as soon as possible after the incident has occurred by each key stakeholder / impacted area, and then repeated as key information changes. Completed SITREPS are to be provided to the CMT and/or RPT Chair prior to team meetings.

Refer Appendix 2 for SITREP Form.

5.2 Team Meeting Agendas

Use the following meeting agendas to guide team meetings:

Initial meeting

# Agenda Item By whom Refer ✓

- Establish Log Keeping and Records CMT Chair / RPT Chair

A4

1 Convene meeting and confirm welfare of all Team Members. Ensure there are no conflicts of interest that may compromise management.

CMT Chair / RPT Chair

-

2 Agree team meeting protocols:

▪ Purpose of meeting.

▪ Duration.


-

3 Confirm roles and responsibilities. Determine need to stand down members and/or include subject matter experts, as required.


1.3.1 (CMT) 1.3.2 (RPT)

4 Share information: ▪ Summary of events to date based on received SITREPs. ▪ Confirmation of employee/student safety, potential

injuries & follow-on welfare. ▪ Communications and Media. ▪ Additional information.

All members A2

5 Determine if any team members have previous experience in a similar event


-

6 Conduct joint impact assessment for current situation. All members 2.3

7 Set Objectives for Response/Recovery. All members -

8 Confirm data storage protocols for crisis event documentation.

Chief of Staff (CMT) / RPT Secretariat

-

9 Allocate immediate tasks/actions from joint assessment to members.


A4

10 Confirm time of follow-up meeting. Chief of Staff (CMT) / RPT Secretariat

-



Follow-on meeting agenda

# Agenda Item By whom Refer ✓

1 Re-convene meeting and confirm welfare of all team Members. Ensure there are no conflicts of interest that may compromise management.


-

2 Provide update to team: ▪ Summary of new information and response actions to

date. ▪ Confirmation of employee/student safety, potential

injuries & follow-on welfare. ▪ Communications and Media. ▪ Disruption to services. ▪ Additional information from members.

All members A2

3 Review of potential impacts. All Members 2.3

4 Confirm “problem ownership” and responsibility delegation between University and external agencies (e.g. policy, fire service, government body).


-

5 Allocate subsequent tasks/actions from joint assessment to members.


A4

6 Agree time of regular meetings. Chief of Staff (CMT) / RPT Secretariat

-

Important Notes:

▪ Tailor the team with the most appropriate and available personnel.

▪ Use team timeouts, typically 20-30 minutes to directly engage stakeholders by telephone or meetings.

Timeouts become longer when implementing crisis strategies.

▪ Use disciplined team updates, less than 5 minutes in duration to refocus the team when returning from

a timeout outside the Command Centre.

▪ Once the team has assembled in person or via video / tele-conference, the team Chair should conduct

the first meeting.

▪ Information should be collected as facts, assumptions or issues and recorded digitally or on visible

boards within the Command Centre. All tasks should be recorded and delegated to an individual with

a due time and date.



5.3 Assessing Business Impacts

The following tool should be used to forecast operational (RPT) and strategic (CMT) impacts to Griffith University resulting from the crisis. The outcomes of this assessment should be used to formulate crisis management strategies.

1. People: To what extent is the event likely to impact the health and safety of staff, students, visitors, and campus partners? (Think Strategic. eg. Close Campus based on Pandemic / Water Inundation / Bush Fire. Restrict Travel based

on conflict)

Impact and Secondary effects:

Consider impacts on the following stakeholder groups:

▪ Students ▪ Staff ▪ Contractors ▪ Visitors ▪ Members of the community ▪ Retailers ▪ Other stakeholders and campus partners (such as AEIOU, Yarranlea School, Griffith College)

Mitigating Actions:

Ownership:

2. Operational: To what extent is the event likely to result in disruptions / delays to University services and/or operations?

Impact and Secondary effects: Consider impacts on:

▪ Learning & teaching ▪ Research ▪ Campus facilities and infrastructure

Mitigating Actions:

Ownership:

3. Strategic & Market: To what extent is the event likely to result in a loss of profitability or strategic direction?


Mitigating Actions:

Ownership:

4. Financial: To what extent is the event likely to result in financial losses to Griffith University?




4. Financial: To what extent is the event likely to result in financial losses to Griffith University?

Mitigating Actions:

Ownership:

5. Legal and Compliance: To what extent is the event likely to result in legal and compliance issues?


Mitigating Actions:

Ownership:

6. Reputation: To what extent is the event likely to result in strategic reputational damage to Griffith University?


Mitigating Actions:

Ownership:

Use the information collected above to prioritise actions, formulate Recovery Action Plans, and prepare

briefing documents for communicating critical information to stakeholders. The CMT / RPT should

periodically re-assess impacts and crisis response strategies. This is particularly important for rapidly

evolving incidents.

Refer Appendix 7 for Recovery Action Plan template.

5.4 On-going Crisis Actions

Once a forecast of business impacts has been conducted, the CMT (and if convened, the RPT) should use

this information to develop Recovery Action Plans for each portfolio that will assist with:

▪ Preventing further escalation of the incident.

▪ Minimising loss or damage the University and its staff, students, and other stakeholders.



▪ Returning the University to a business-as-usual status.

ROLE ACTIONS

Chair ▪ Agree actions required to stabilise the situation and prevent the crisis from escalating further addressing:

- Welfare of staff and students

- Restoration of infrastructure

- Recovery of critical operations including protection of research projects

- Management of reputational issues

▪ Agree a crisis communications strategy including:

- Method/mode of communication and frequency of updates

- Audiences

- Liaison with authorities

- Nominated spokespersons

- Timing of external announcements

▪ Establish approval processes to approve on-going crisis response and recovery actions including the communications strategy.

▪ Establish reporting mechanisms to update the Assessment Team and all other relevant stakeholders of progress with crisis response strategies.

▪ Confirm delegated authorities are in place for CMT / RPT members to enable activation of crisis response strategies.

▪ Implement management controls to minimise ongoing financial impacts associated with recovery efforts.

▪ Monitor ongoing impacts. i.e., financial, legal, operational, reputational, and human.

▪ Agree protocols for on-going CMT / RPT meetings including welfare requirements for CMT / RPT members.

Chief of Staff ▪ Manage Crisis Command Centre facilities, resources and media including whiteboards, PCs, internet connections, telephony, and breakout rooms.

▪ Identify requirement for specialist support to assist with key decisions. ▪ Facilitate preparation of SITREPS and stakeholder briefings. ▪ Update Recovery Action Plans so they provide team members with a rolling record

of analysis and decisions. ▪ Oversee Secretariat to ensure that all relevant information is being recorded in a

clear, concise, and accurate manner. ▪ Manage ongoing welfare requirements for CMT / RPT members including catering

and rostering of CMT / RPT members. ▪ Oversee CMT / RPT team meeting protocols to ensure that a productive environment

is maintained. Team members ▪ Lead your stream for all response and recovery activities. This may include managing

a sub-team in your area of responsibility. ▪ Prepare updated SITREPS as the situation evolves. ▪ Ensure Group / Division / Professional Area response is aligned with strategy (e.g.

communications).

▪ Advise any changes or updates to Group / Division / Professional Area response and recovery efforts.

Secretariat ▪ Maintain Crisis Logs to capture all facts, decisions, actions, responsibilities, and timings.

▪ Ensure catering arrangements are established if incident is likely to be prolonged.

▪ Ensure accommodation and/or travel is booked if required.



6.0 Managing Post Crisis Actions

This section will provide guidance to the CMT and RPT in the post-crisis phase including returning

to a Business-as-Usual state, standing down teams and conducting post-incident reviews. This

phase will typically commence after the situation has been stabilised, impacts are being managed

and minimal potential exists for further escalation.

6.1 Standing-down the Crisis Management and Recovery Planning Teams

There are three parts to closing an incident:

Step Details

Return to Business-as-Usual (BAU) – noting that what constitutes BAU post-crisis might be different from BAU pre-crisis

▪ The CMT Chair, in conjunction with the RPT (if established) should determine the point in time that the incident has been controlled sufficiently and the affected areas of the University can return to BAU. At this point, a declaration should be made that the crisis is over.

▪ Depending on the nature of the incident, it may be necessary to implement a temporary BAU state, which would differ to the pre-incident situation.

▪ Any protocols which have been put in place should revert back to BAU processes and/or handed over to an on-going recovery team.

Document important lessons and findings from management of current crisis event

▪ It is important to record lessons and findings from the management of the current crisis event to inform:

o Future BAU processes

o Management of future crisis events.

Log outstanding items and allocate

▪ Outstanding actions should be logged and allocated to a recovery team and/or business-as-usual owners to follow-up.

▪ A handover of these actions should occur with the respective personnel.

▪ Any requirements to support an investigation of the incident should be identified and actioned.

Stand-down team ▪ The CMT, RPT and any other activated response teams should formally disband.

▪ The stand down needs to be communicated to all parties who have been interacting with these teams and a new point of contact established for necessary continued communications.

▪ A series of debriefs should be scheduled to bring all team members together prior to formally standing down the respective teams.

6.2 Post Incident Review

Post Incident Reviews should be conducted to fully debrief all team members and capture the successes,

learnings and recommendations following an incident. The CMT / RPT should utilise the Post Incident Review

template in Appendix 8.



7.0 Definitions

For the purposes of this Plan and related policy documents, the following definitions apply:

Activation means the act of declaring that an organisation's business continuity arrangements need to be put

into effect in order to continue delivery of key products or services.

Alternate Site means a pre-established site held in readiness for the recovery and resumption of business

operations in the event of a disaster to maintain the organisation’s mission critical activities and objectives.

Building Emergency Control Organisation (BECO) means a team that will initiate an appropriate response to

any emergency situation, ensuring the safety and wellbeing of all employees and visitors. The team may include

a Chief Warden, Area Wardens, Wardens and First Aid Officers.

Command Centre means a pre-established physical or virtual facility from which the Crisis Management Team

and/or Recovery Planning Team manages the crisis and coordinates the recovery of the business including the

assessment of the incident and the management of internal and external communications.

Crisis means an abnormal and unstable situation with a high level of uncertainty that disrupts the core activities

and/or credibility of an organisation and requires urgent action.

Crisis Management means the overall coordination of an organisation’s response to a crisis, in an effective,

timely manner, with the goal of avoiding or minimising damage to the organisation’s profitability, reputation, or

ability to operate.

Crisis and Recovery Management Plan (CMP) is a response document outlining key information including who

has authority and responsibility for key decision and actions in a crisis, internal and external crisis

communications, activation mechanisms, details of levels of response across the organisation and key templates

to be used during a crisis.

Crisis Management Team (CMT) is a trained group of people responsible for providing strategic guidance to

the University supporting certain level 3 and all level 4 incidents.

Critical means a qualitative description used to emphasise the importance of a resource, process or function

that must be available and operational constantly or at least at the earliest possible time after an incident,

emergency or disaster has occurred.

Disaster means a physical event which interrupts business processes sufficiently to threaten the viability of the

organisation.

Disruption means an event that interrupts normal business functions, operations, or processes, whether

anticipated (e.g., hurricane, political unrest) or unanticipated (e.g., blackout, terror attack, earthquake).

Emergency means a sudden, unexpected incident requiring immediate action due to its potential threat to health

and safety, the environment, or property.

Emergency Management Team (EMT) is a trained group of people with defined roles and responsibilities,

assigned to respond and manage an incident.

Incident means an adverse event that might cause disruption, loss or emergency, or lead to a crisis.

Recovery Planning Team (RPT) is a trained group of people with defined roles and responsibilities for

implementing the organisation’s Crisis and Recovery Management Plan.

Resources means all assets, people, skills, information, technology (including plant and equipment), premises,

and supplies and information (whether electronic or not) that an organisation has to have available to use, when

needed, in order to operate and meet its objective.

Risk means a combination of the probability of an event and its consequence.

Threat means a potential cause of an unwanted incident, which can result in harm to individuals, the environment,

or the community.



8.0 Appendices

8.1 Appendix 1: Assessment and RACI Matrix

The Assessment Matrix below provides high level guidance for what types of incidents are likely to activate what level of response.

Level Types of Events Areas of Impact (as applicable) Responsibility Team Activation Notification Path

Level

1 -

Min

or Any injury / illness requiring first aid treatment only.

Minor damage to facilities and/or failure of plant & equipment - no disruption to university operations.

Complaint received about university conduct.

Individual adverse social media posts. Minor reputational impact.

Short-term ITC outage.

Potential cyber security or data breach issue that has been contained.

Financial Impact of up to $1m.


BECO

Leadership Team of Group /

Division / Professional Area

Executive Group




Legal Services

Financial

Cyber

Level

2 -

Mo

dera

te Any non-life threatening injury / illness / trauma requiring external medical assistance.

Damage to facilities and/or failure of plant & equipment that results in short-term disruption to university operations.

Multiple complaints received about the same issue relating to University conduct.

Increasing number of adverse social media posts. Moderate reputational impact

ITC outage causing short-term disruption to University operations.

Event that has potential to compromise research outcomes.

Potential cyber security or data breach issue affecting non-critical systems.

Financial Impact of up to $1-5m.


One or more of the following local

Emergency Response Teams:

Campus EMT

Academic Recovery Teams


Student Life Incident Management

Team


Executive Group




Legal Services

Financial

Cyber

Level

3 –

Seri

ou

s

Any injury / illness / trauma that may be life-threatening or cause long term harm.

Damage to facilities and/or failure of plant & equipment that results in significant disruption to university operations.

Large volume of complaints received about the same issue relating to University conduct.

Adverse social media posts trending across all major platforms / negative mainstream media reporting. Major reputational impact

Loss of critical IT and communication systems causing significant disruption to University operations.

Confirmed cyber security event and/or data breach.

Events or potential circumstances that carry highly likely major or catastrophic consequences.

Serious compromise to research from loss, negligence or fraudulent activity.

Financial Impact of up to $5-10m


One or more of the local Emergency

Response Teams mentioned in Level

2 + Communications Response Team


---------- OR --------

Assessment Team

Crisis Management Team

Executive Group


Audit Committee

Chancellor




Legal Services

Financial

Cyber

Level

4 –

Majo

r (C

risis

)

Death or permanent incapacitation.

Infectious disease or Pandemic.

Loss or destruction of critical infrastructure.

Reputation damage that potentially affects strategic market position and/or has a catastrophic impact

Regulatory action.

Cyber-attack on critical systems and/or notifiable data breach.

Research fraud, inappropriate behaviour or other event that brings the University’s reputation into disrepute.

Financial Impact of over >$10m

Critical failure of high-risk equipment with the potential to cause serious injury or death

Events or potential circumstances that carry highly likely catastrophic consequences


Assessment Team

Crisis Management Team supported

by Student Life Incident Management Team, Digital Solution CMT, Campus

EMT, Academic Recovery Team,

Communications Response Team and

other groups as required

Chancellor and University Council


Audit Committee

REF

ER T

O R

AC

I MA

TRIX

BEL

OW



Note: The above matrix indicates who / which stakeholder may be allocated to each of the below categories. The most appropriate person / people / stakeholder will be

decided based on the nature of the incident.

Advisors: Refers to support staff that can provide subject matter expertise or support through an event ie. WHS advisors, Finance business partners, HR business

partners

Responsible: People / stakeholders who carry out the task. There may be one or several. They will have actions and tasks directly allocated to them as part of any action

plan developed.

Accountable: Person / stakeholder who is the ‘owner’ of the task. Provide oversight to those who are responsible. An appropriate person / stakeholder will be chosen

depending on the nature of the event / incident. This person is required to ensure information flow to those nominated as INFORMED.

Consulted: People / stakeholders who may be required to give input to the decision-making process. They may be required to attend crisis management meetings.

Informed: People/ stakeholders who need to be kept informed (e.g. through SITREP) on any decisions made from the person ACCOUNTABLE. They are not directly

involved in the management so may not be present at the meetings.

Response Type Emergency Response Emergency Management / Incident Management / Operational Business Continuity Crisis Management



8.2 Appendix 2: SITREP Template

SITUATION REPORT

Time and Date: Author: Report #:

Highlights

Situation (A brief summary of the incident details - location, time, who / summary of situation to date. On update, delete old information)

Issues (Present brief description of issue(s) that are known/reasonably expected to arise before the next SITREP is issued)

Actions taken (Brief report of actions completed to date (New))

Actions to be taken (Report on planned/scheduled actions)

Other considerations (Anything else that may be relevant to current or future management of the incident)

Next SITREP due:

Produced by Griffith University | Commercial in Confidence | Not for public distribution under any circumstances



8.3 Appendix 3: The Recovery Planning Team

The RPT operationalises (by providing practical and logistical actions) the CMT’s direction and provides a central co-ordinating and support role during certain level 3 and all level 4 crisis events (being those events or incidents that the Assessment Team has determined cannot be dealt with through established policies and procedures within applicable Groups, Divisions and Professional Areas, or for which there is a high probability of further escalation). Structure of the RPT is dependent on the impact of the event and may include any of the following areas:

Key responsibilities of the RPT are to:

▪ Communicate with and provide advice to the CMT if it has been convened.

▪ Verify that the appropriate actions have been taken by the impacted campus, Academic Group, Division and/or Professional Area in both incident response and Business Continuity.

▪ Facilitate the implementation of any other immediate actions (in addition to those identified by the CMT) that are required to help prevent the incident from escalating further.

▪ Identify, assess, and prioritise any other broader issues caused by the incident such as impacts on other Griffith campuses, impacts on research, financial impacts, brand damage, etc.

▪ Develop recovery plans that facilitate timely decision making and resolution of critical issues.

▪ Access and consider Business Continuity Plans at Group, Divisions and Professional level to incorporate into Recovery Planning Actions – (See Appendix 5 for additional guidance).

▪ Ensure consistent communications with all key internal and external stakeholders as required (subject to any communications strategies developed by the CMT).

Notes:

▪ The RPT Chair will be a CMT member nominated by the Vice Chancellor depending on the nature of the incident.

▪ Only the Chair of the CMT (via the Assessment Team) can authorise activation of the RPT.

▪ The RPT can operate as part of or separately from the CMT.



▪ Not all streams within the RPT need to be activated. This will be determined by the RPT Chair in consultation with the Vice Chancellor depending on the nature of the incident.

▪ Stream Leaders may be required to establish sub-teams to support completion of actions within their areas of responsibility (for example, a Communications Team). These teams must operate outside of the primary RPT room and be led by the relevant Stream Leader (or their delegate).

RPT roles and responsibilities: The actions set out in the table below are designed to identify an appropriate person for each role. They should guide preparatory actions for individuals in order to confirm they have the appropriate delegations and authorities in place. Specific actions and responsibilities will be determined as a result of the impact assessments carried out.

Role Actions

RPT Chair ▪ Provide ongoing leadership to the RPT throughout the event and in determining recovery planning actions.

▪ Receive direction from the Assessment Team and the CMT.

▪ Confirm membership of RPT including roles and responsibilities of each member.

▪ Facilitate initial RPT meeting – refer sample agenda in section 5.2.

▪ Ensure ongoing liaison with Incident Manager is established. The Incident Manager will be the person with overall ‘Responsibility’ for the incident, if applicable, as determined by the RACI (Appendix 1).

▪ Set operational response and recovery objectives and priorities.

▪ Set planning timelines for any breakout working groups.

▪ Ensure all information, actions and decisions are recorded and visible.

▪ Oversee initial crisis communication protocols with the Stream Leader for Communications to enable a coordinated response to initial media and communications issues.

▪ Facilitate allocation of initial resources or recruit specialist advisors as required.

▪ Establish reporting schedules and requirements with the Vice Chancellor and/or CMT (I.e. preferred update frequency, summary of impacts, changes to damage assessments, decisions that need to be made by the CMT, etc).

▪ Identify Support Officer to RPT Chair.

Support Officer to RPT Chair

▪ Assist RPT Chair in identifying required team members and subject matter experts to activate.

▪ Provide guidance and support to the RPT Chair including activation of the Command Room (physical and/or digital), logistical support and provision of advice to team members.

▪ Attend initial RPT meeting.

▪ As required, assist RPT Chair in facilitating initial RPT meeting.

▪ Contribute to RPT discussion on impacts, actions, next steps and resourcing.

RPT Secretariat ▪ Assist RPT Chair in establishing Crisis Command Centre and ensure it is set up with all logistic requirements.

▪ Notify all RPT members of time and place of initial RPT meeting.

▪ Compile consolidated SITREP from RPT members and circulate to activated RPT members.

▪ Collect Crisis Resource Kit and relocate to identified Command Centre.



Role Actions

Stream Leader – Staff ▪ Advise the status of the safety and wellbeing of employees and other impacted stakeholders.

▪ Provide advice and manage employee and people related issues.

▪ Coordinate for the Stream Leader for Students to ensure a consistent approach to managing people welfare.

Stream Leader - Students

▪ Advise the status of the safety and wellbeing of students.

▪ Provide advice and manage student related welfare issues.

▪ Coordinate with the Stream Leader for Staff to ensure a consistent approach to managing people welfare.

Stream Leader - Operations

▪ Provide co-ordination of operational support to the affected campus (including Digital Campus), building or site.

▪ Facilitate resource allocation to support response and recovery efforts.

Stream Leader – Learning & Teaching / Research

▪ Provide guidance and support to minimise the impacts of the incident on the provision and quality of education provided by the University.

▪ Facilitate resource allocation to support response and recovery efforts.

Stream Leader - Communications

▪ Provide advice to the RPT Chair and the team on reputational issues, impacts and messaging issues.

▪ Prepare and present a communications plan for approval by the CMT.

▪ Manage all crisis-related internal and external communications.

▪ Coordinate the endorsement / approval of all key messages.

▪ Coordinate the Communications Response Team.

Subject Matter Experts ▪ Provide advice on issues impacting the University within their area of specialty. Other specialist personnel may be called upon as required depending on the nature of the incident.



8.4 Appendix 4: Stakeholder Contact Details

All internal contact details can be located on staff directory: https://www.griffith.edu.au/search – Please note a secure site with all CMT supporting

contact details will be established on Teams with restricted access.

(i) Campus Contact Details:

Campus Address Contact Name Phone

Nathan 170 Kessels Road, Mt Gravatt, Qld 4111 Security Switchboard

(07) 3735 7777 (07) 3735 7111

Mt Gravatt 176 Messines Ridge Road, Mt Gravatt, Qld 4122 Security Switchboard

(07) 3735 7777 (07) 3735 7111

Gold Coast Parklands Drive, Southport, Qld 4215 Security Switchboard

(07) 5552 7777 (07) 5552 8000

Logan 68 University Drive, Meadowbrook, Qld 4131 Security Switchboard

(07) 3382 1717 (07) 3382 1234

South Bank QCGU 140 Grey Street, South bank, Qld 4101 Security Switchboard

(07) 3735 6226 (07) 3735 6111

South Bank QCA 226 Grey Street, South bank, Qld 4101 Security Switchboard

(07) 3735 6226 (07) 3735 3111

https://www.griffith.edu.au/search



8.5 Appendix 5: Facts, Assumptions and Event Log

Facts Assumptions Actions to Resolve



Time Event/Action CMT/RPT Member Comment



8.6 Appendix 6: Business Continuity Planning Guidance

The Griffith University approaches Business Continuity Management (BCM) through the development, implementation and maintenance of strategies and plans to assist the University to manage a business disruption event and build resilience. It is the capability that assists in preventing, preparing for, responding to, managing and recovering from the impacts of a business disruption event.

At a Strategic Level the University must protect and make all efforts to recover the core functions of:

It is the function of the RPT to coordinate the operational response to a disruption by engaging the Business Continuity Plans and data from within Groups, Divisions and Professional Areas. RPT Members will be responsible for the collation of impacted, critical business functions and the highlighting of recovery requirements to support continuity.

Business Continuity Actions

1 RPT is required to conduct an Impact Assessment (see section 5.3 (Assessing Business Impacts) and Appendix 2: SITREP Template) with members to determine the extent and severity of the disruption in their portfolios.

2 Identify with the RPT members what critical functions that can be restored within agreed recovery timeframes and resources.

3 Identify with RPT members any gaps in recovery processes and resources

4 Manage recovery process and provide support to CMT.

5 Identify and request additional resources from CMT if required.

6 Provide CMT with status updates as required.

Stra

tegi

c Fu

nct

ion

University Services St

rate

gic

Fun

ctio

nLearning and Teaching St

rate

gic

Fun

ctio

n

Research



8.7 Appendix 7: Recovery Action Plan Template

RECOVERY ACTION PLAN

Time and Date: Author: Version #:

Situation (A brief summary of the incident details)

Actions to be taken (Report on planned/scheduled actions)

Responsible Person Time/Date for Completion

Issues (Present brief description of issue(s) that are known/reasonably expected to arise before the next plan release is issued)

Next Plan due:

Produced by Griffith University | Commercial in Confidence | Not for public distribution under any circumstances



8.8 Appendix 8: Post Incident Review Guide

POST INCIDENT REVIEW

FACILITATOR:

LOCATION:

DATE:

What occurred? Summary of facts: Sequence of events:

Actions taken Describe key decisions made and actions taken:

Emergency Response

Questions: ▪ Was an evacuation required?

▪ Were any staff or students injured or affected by the

incident?

▪ Were any visitors or members of the public injured or

affected by the incident?

▪ Was the building/site secured to prevent re-entry?

▪ Were emergency procedures followed correctly?

▪ Were incident details reported using the correct

escalation processes in a prompt manner?

Additional Comments:

Yes No N/A

Yes No N/A Yes No N/A

Yes No N/A

Yes No N/A

Yes No N/A

Assessment of Impacts

Questions: ▪ Was an impact assessment conducted?

▪ If an impact assessment was conducted, how was this

information used?

▪ Were the outcomes of the impact assessment

reported to the CMT/RPT?


Yes No N/A


Team Activation and Escalation

Questions: ▪ Were teams activated in accordance with the agreed

structure?

▪ Was the incident given an incident classification

(Level 1 to 4 incident)?

▪ Was the incident escalated to the appropriate team/s?

▪ Were formal CMT/RPT meetings held?

Yes No N/A

Yes No N/A

Yes No N/A




▪ Were incident command facilities activated?

▪ If teams were activated, were all key portfolios

represented by appropriately qualified personnel?

▪ Were hand-over procedures implemented to ensure

the sustained operation of the CMT/RPT?


Yes No N/A

Yes No N/A

Yes No N/A

Yes No N/A

Communications Questions: ▪ Were all key stakeholders notified?

▪ Were communications appropriate for the type, size

and scale of the incident?

▪ Were communications undertaken in a timely

manner?

▪ Was the media communicated with in an effective

manner?

▪ Were communication templates used?

▪ Was an action log maintained throughout?


Yes No N/A

Yes No N/A Yes No N/A Yes No N/A

Yes No N/A

Yes No N/A

People Management

Questions:

▪ Were appropriate actions and strategies identified to

manage the welfare of people impacted by the

incident?



Yes No N/A

Yes No N/A

Business Recovery

Questions: ▪ Were operations disrupted as a result of the incident?

▪ Was a Recovery Action Plan developed to facilitate

resumption of critical business functions?



Yes No N/A


What went well? Identify and examine actions that had positive results and why




What could be improved? Identify actions or areas that could benefit from improvement and why

Actions arising Identify actions arising from this debrief and responsibilities for following up

Acknowledge Ask for any additional questions from participant/s

Sign-off

Facilitator Name and Signature

Date:



INFORMATION Printable version (PDF) Downloadable version (Word)

Title Crisis and Recovery Management Plan

Document number 2021/0000060

Purpose This document has been designed to assist Griffith University to manage any

event that has potential to negatively impact on the organisation’s operational

and strategic objectives.

Audience Staff

Category Operational

Subcategory Safety

Approval date 30 June 2021

Effective date 30 June 2021

Review date 30 June 2024

Policy advisor Chief Operating Officer

Approving authority Executive Group

RELATED POLICY DOCUMENTS AND SUPPORTING DOCUMENTS

Legislation N/A

Policy Code of Conduct

Business Continuity Management and Resilience Policy

Enterprise Risk Management Policy

Procedures Business Continuity Management and Resilience Framework

Enterprise Risk Management Framework

Emergency Management Plan

Local protocols N/A

Forms N/A

https://sharepointpubstor.blob.core.windows.net/policylibrary-prod/Code%20of%20Conduct.pdf

https://sharepointpubstor.blob.core.windows.net/policylibrary-prod/Code%20of%20Conduct.pdf

https://sharepointpubstor.blob.core.windows.net/policylibrary-prod/Business%20Continuity%20Management%20and%20Resilience%20Policy.pdf

http://policies.griffith.edu.au/pdf/Risk%20Management%20Policy.pdf

http://policies.griffith.edu.au/pdf/Business%20Continuity%20Framework.pdf

http://policies.griffith.edu.au/pdf/Risk%20Management%20Framework.pdf

crisis management and recovery plan

Documents