Strivesocial: Business Continuity, Emergency Response, and Disaster Management Plan

Written By Julie Athanasiou

  1. Introduction

    1. Purpose 

The purpose of this Business Continuity, Emergency Response, and Disaster Management Plan is to outline strategies and procedures to ensure the continuity of essential services in the event of a disruption or disaster.


  1. Objectives 

The objectives of this plan are to:

  1. undertake risk management assessment

  2. define and prioritise your critical business functions

  3. detail your immediate response to a critical incident

  4. detail strategies and actions to be taken to enable you to stay in business

  5. review and update this plan on a regular basis.


  1. The Prevention, Preparedness, Response and Recovery (PPRR) framework














This plan incorporates the Prevention, Preparedness, Response and Recovery (PPRR) framework. This framework sets out key stages for:

  1. Prevention — risk management planning identifies and manages the likelihood and/or effects of risk associated with an incident.

  2. Preparedness — business impact analysis identifies and prioritises key activities of a business adversely affected by disruptions.

  3. Response — Incident Response planning outlines immediate actions to respond to an incident in terms of containment, control and minimising impacts.

  4. Recovery — Recovery planning outlines actions to recover from an incident to minimise disruption and recovery times.

  1. Definitions

Strivesocial means Strivesocial Pty Ltd  ABN 22 682 526 147.

Key Management Personnel means Julie Athanasiou and other key management personnel involved in Strivesocial from time to time.

Director means Julie Athanasiou.

Worker means a permanent, fixed term or casual member of staff, a contractor or volunteer employed or otherwise engaged by Strivesocial and includes the Director.

Risk Management means a method involving the identification of hazards, assessing the risks associated with these hazards, and planning and implementing control measures to eliminate or minimise the risks from the identified hazards.

An incident is defined as an act, omission, event, or circumstance. It may mean any of the following: 

  1. Acts, omissions, events, or circumstances that occur in connection with providing NDIS supports or services to a person with disability and have, or could have, caused harm to the person with disability.

  2. Acts by a person with disability that occur in connection with providing NDIS supports or services to the person with disability and which have caused serious harm, or a risk of serious harm, to another person. 

  3. Reportable incidents that have or are alleged to have occurred in connection with providing NDIS supports or services to a person with disability

Sensitive information means a category of personal information that usually receives a higher degree of privacy protection. This encompasses details related to health, genetic makeup, racial or ethnic background, political viewpoints, association with a political group, religious or philosophical beliefs, affiliation to a professional or trade association or union, sexual orientation or behaviour, criminal history, and certain kinds of biometric information.

  1. Risk Management

    1. Risk Management Plan

Strivesocial’s Risk Management Register details risk to the business.


  1. Insurance

Certificates of Currency and Policy details included in the Emergency Kit.


  1. Business impact analysis 

Risk Description

Impact on loss

Preventative Action

Contingency Plans

Natural disasters such as floods, fires, earthquakes or severe weather events

Inability to provide supports and services to Participants. This negatively impacts revenue and will put Participants at risk who rely on the supports and services provided by Strivesocial.

Regular workplace inspections and undertake necessary repairs, installation of disaster prevention equipment, disaster preparedness training for Workers.

Participant Emergency Plans, Evacuation procedures, emergency contact procedures, relocation to a backup location, communication plan to keep Workers and Participant informed, continuity of supports plan (see below).

Covid-19

Workers and Participants are at increased risk of infection and sickness. This may lead to an inability to provide supports and services to Participants. This negatively impacts revenue and will put Participants at risk who rely on the supports and services provided by Strivesocial.

Health and hygiene practices and education, vaccination encouragement, sanitation measures, health screenings.

Remote work capabilities if possible, infection control procedures, communication plan for health updates.

Worker shortages, leading to disruption of service delivery or increased workload for existing Worker

Disruption of service delivery or increased workload for existing Workers, which may lead to a decline in the quality of services provided. 

Worker support and well-being programs, effective recruitment and retention strategies, regular feedback and communication, efficient HR practices

Should any unavoidable changes in service provision occur, such as worker unavailability due to unforeseen or planned leave, the following measures will be implemented to ensure continuity: Firstly, another competent Worker or management personnel, having the required skills and ability, will temporarily take up the responsibilities of the unavailable worker. 


If this solution proves unsustainable or extends beyond a few weeks, our strategy is to bring in temporary assistance from an external labour hire or contracting service, or to recruit for the role. 


In case the Worker's absence becomes permanent, the hiring of a new worker will be pursued. 


Throughout these changes, Participants will be thoroughly informed and their agreement on alternative arrangements sought.

Privacy and Confidentiality Breaches

See Risk Management Register.

Robust information security, worker training, Worker confidentiality agreements, regular audits, follow processes in Privacy and Information Management Policy. 

Incident response plan to address breaches, data recovery from backups, system repair or replacement plan, Participant communication for potential data breaches.

Unplanned Director or Key Management Personnel absence

Critical business functions may be reliant on the presence of the Director and/or Key Management Personnel. In their absence effective and efficient operations may decline which could lead to a decline in revenue and quality of services provided. 

Implement cross-training for key tasks, develop succession plans for management positions, and maintain detailed job documentation for guidance.

In the event of a manager's absence, assign duties to a qualified individual or bring in interim management, and communicate all changes transparently to minimise disruption.







  1. Incident Response Plan

Strivesocial’s Incident Response Plan prepares for a timely response to critical incidents, reduces the impact of those incidents on business operations, and prepares key Workers to provide an effective response to minimise disruption in the event of emergency.


  1. Immediate response checklist 

Incident response

Actions taken

  • Assessed the severity of the incident

  • Evacuated the site if necessary

  • Accounted for everyone

  • Identified any injuries to persons

  • Contacted emergency services

  • Implemented your incident response plan

  • Started an event log

  • Activated Worker members and resources

  • Appointed a spokesperson

  • Gained more information as a priority

  • Briefed team members on incident

  • Allocated specific roles and responsibilities

  • Identified any damage

  • Identified critical activities that have been disrupted

  • Kept Worker informed

  • Contacted key stakeholders

  • Understood and complied with any regulatory/compliance requirements

  • Initiated media/public relations response


  1. Emergency Plans

  1. Medical Emergencies:

    1. If a medical emergency arises, immediately call 000. Be prepared to describe the condition of the person, the location, and any other relevant details.

    2. All Worker members should be trained in basic first aid and CPR. Training should include recognizing signs of medical distress, initiating emergency response, and providing basic care until medical professionals arrive.

    3. A file for each participant containing emergency contacts, medical history, allergies, and any relevant health conditions should be maintained. This information should be quickly accessible in an emergency.

    4. Following the emergency, all involved parties should be gathered for a debriefing. What happened should be discussed, how the situation was handled, and any potential improvements. The incident should be documented in an incident report and any necessary external parties, such as insurance providers or oversight bodies should be notified.

  2. Fire Emergencies:

    1. In case of fire, prioritise human life over property. Follow the established escape routes to evacuate the premises, moving towards the nearest exit, and then assemble at the designated safe assembly point. Call 000.

    2. Smoke alarms should be installed in every workplace location and monthly checks should be conducted to ensure they are working properly. Replace batteries annually, or as needed.

    3. All Workers should be trained in the location, use, and maintenance of fire extinguishers. This training should be refreshed annually.

    4. Fire drills should be conducted regularly, ensuring that each drill involves all parties present at the workplace and covers all exit routes. Record the efficiency and any potential areas for improvement.

  3. Natural Disasters (e.g., floods, earthquakes, hurricanes):

    1. Develop a specific plan for each type of natural disaster likely to occur in the workplace region including Participants homes. This should include potential shelter locations, evacuation routes, and communication systems.

    2. Subscribe to and monitor national and local disaster alert systems. Share any impending disaster alerts with all Workers and Participants promptly.

    3. Identify the safest route to assist Participant and Workers to evacuate to the nearest relief centre and leave well as soon as practicable.

    4. Disaster-specific drills scheduled at least annually. Evaluate and revise the plan based on the drill's outcome.

    5. Consider preparation of an emergency supply kit including enough water, non-perishable food, medicine, blankets, flashlights, and batteries to last at least 72 hours. Also consider the specific needs of the Participants when preparing the kit.

  4. Violent Incidents:

    1. If a violent incident arises, immediately call 000.

    2. Workers are to be encouraged to report suspicious activity or threats to management immediately. Management should evaluate and respond appropriately, potentially including contacting law enforcement.

    3. Establish lockdown procedures that include locking doors, closing blinds, turning off lights, and hiding out of sight. Conduct drills to ensure all Workers and participants understand and can follow these procedures.

    4. Implement an alert system, such as a silent alarm or coded announcement, to notify Workers of a potential threat without escalating the situation.

    5. Provide Workers with training on de-escalation techniques, recognizing potential threats, and responding to active shooter situations.

  5. Power Outages:

    1. Contact the power company to determine the cause of the outage.

    2. Store emergency lighting that can be  turned on in the event of a power outage. Regularly check these lights to ensure they are functioning properly.

    3. Maintain a list of participant's family contacts and have a plan for communicating about the power outage and the steps being taken.

    4. Store data in Cloud storage backup system.

  6. Infectious/Hazardous Exposure

    1. Any potential exposure should be reported immediately to a supervisor or management. Communicate transparently with Workers, participants, and families about the situation and the steps being taken to address it.

    2. Develop procedures for isolating any potentially infected persons from others. 

    3. If a potentially hazardous material is found, the area should be evacuated and quarantined until professionals can address the situation.

    4. For infectious diseases, the area should be thoroughly cleaned and disinfected. If a hazardous material was involved, cleanup should be left to professional cleaning service.

    5. Train all Workers on how to recognize signs of infectious disease or hazardous material exposure. This training should also cover basic prevention measures, such as proper handwashing and disinfection practices.

    6. Ensure that PPE like gloves, masks, and gowns are available and Workers know how to use them properly.

  7. Cybersecurity Breaches

    1. Use firewalls, secure networks, and regularly updated anti-virus software to protect digital systems. Regularly backup data in a secure location.

    2. Regularly train all Workers on safe internet practices, such as identifying phishing attempts, choosing strong passwords, and not sharing sensitive information.

    3. Follow Incident procedures in response to a breach. This should include:

      1. isolating affected systems;

      2. identifying what was accessed; and 

      3. reporting the breach to relevant authorities.

    4. Notify affected individuals and other stakeholders about the breach. Be transparent about what happened, what information was potentially accessed, and what steps are being taken in response.

    5. Work with cybersecurity professionals to clean digital systems, recover lost data if possible, and strengthen cyber security to prevent future breaches. After a breach, retrain Workers on cybersecurity practices and update them on any new procedures put in place.


  1. Emergency Kit

An emergency kit will be kept in the residence of the Director and on Strivesocial’s cloud based storage system. The emergency kit must contain:

  1. This Plan

  2. List of Workers and contact details

  3. Contact details of emergency services

  4. Insurance details

  5. Financial and banking information


  1. Crisis and recovery checklist

Details of the crisis

  • Record details of any injured people, including Workers, Participants and other members of the public.

  • Photograph or record damage to buildings, equipment, company vehicles and stock.

  • Record impact on your business functions.

  • Record any anticipated damage to your business's reputation.

Update Workers

  • Conduct a critical incident debrief within 48 hours (preferably within 24 hours) following a crisis.

  • Hold a meeting with your Workers to ask them about their reactions to the crisis. Your Workers may need time and space to process their thoughts and feelings. Encourage deeply affected Workers to seek support from other Workers or from counselling services and remember to monitor progress in the months following a crisis.

  • Inform Workers about the recovery process and schedule regular updates.

  • Advise Workers about colleagues who may be injured.

  • Keep Workers informed about what is expected of them.

  • Advise Workers whether they should turn up for work the next day.

  • Reassure Workers about job security.

Contact insurer

  • Contact the insurance company to make a claim (before you begin cleaning up and removing goods).

  • Photograph or record damage to your premises, fixtures, vehicles, stock, customer records and/ or equipment to support claims.

Seek support

  • Apply for any government support programs to help the recovery of Strivesocial after a crisis.

  • Investigate support that might be available from banks and other businesses (support is often available after a natural disaster).

Tax assistance

  • Consider contacting the Australian Taxation Office (ATO) to find out about assistance available for individuals and businesses affected by natural disasters.

  • Investigate whether the ATO can fast-track your refund or assistance.

  • Ask the ATO for extra time to pay any outstanding liabilities.

  • Request more time to meet activity statement, income tax and other lodgement obligations

Emotional and crisis support

  • If appropriate, contact Lifeline on 13 11 14 for confidential emotional and crisis support.

  • If appropriate, contact Beyond Blue for depression and anxiety support.

  • Read the mental health and wellbeing resources for businesses.


Review your recovery processes

  • Record what you have learned from this crisis.

  • Review and update your recovery plan.

  • Review and update your overall Business Continuity, Emergency Response, and Disaster Management Plan.

  • Consider and record what went well and what did not.

  • Consider and record key lessons learned.

  • Implement changes needed to improve.

  1. Event Log

Use the event log to record information, decisions and actions in the period immediately following the critical incident or event.

Date

Time

Information/ decisions/ actions

Person responsible


Julie Athanasiou
Previous

Strivesocial: Assessment and Provision of Supports Policy
Next

Strivesocial: Conflict of Interest Policy