business continuity, emergency response and crisis management summary
APA recognises Business Continuity, Emergency Response and Crisis Management as fundamental responsibilities of an organisation. Our people, including suppliers and contractors, are aware of the need to prepare for, respond to and recover from significant incidents and are trained in their roles and responsibilities for Business Continuity, Emergency Response and Crisis Management.
Aligned to APA’s corporate values, the Business Continuity, Emergency Response and Crisis Management Policy and underlying frameworks seek to safeguard the wellbeing of employees, customers, the environment and other stakeholders. Maintenance of this capability protects our assets, property, local communities and the environment we operate in when a significant incident, emergency or crisis occurs.
The Policy and supporting frameworks adopt recognised standards including AS/NZS 5050 for Business Continuity, and set out the approach to maintaining effective plans and responding to a significant incident. The Policy is approved by management and ratified by the Audit and Risk Management Committee.
Based on the level of severity, an incident response will be characterised as one of:
- Emergency Response – for asset related incidents.
- Business Continuity Management – for resource related incidents.
- Crisis Management – strategic or organisation wide incidents where an asset or business continuity incident is escalated as the incident severity increases.
Integral to Business Continuity Management is the ability to recover APA IT systems. This is supported by:
- IT Disaster Recovery – for IT systems incidents
- Cyber Incident Response – for cyber incidents.
Each category has its own framework which provides for specific tools and guidance. These drive the development of emergency response, business continuity and crisis management capability.
Key requirements under the Policy are:
- Maintenance of documented plans for emergency response, business continuity, IT disaster recovery, cyber incident response and crisis management.
- Validation of the plans to reflect business changes, for example, a new asset is built, a new APA business premises is opened, or a business function / capability is established or changed.
- Testing to ensure the plans continue to be effective.
- Maintaining up-to-date contacts for all plans.
- Maintaining and testing Emergency Response/Business Continuity/Crisis response rooms and equipment.
- Ongoing awareness and training for employees and contractors.
We value the vigilance of our employees, other utility operators and community members in keeping asset locations free from damage and disruption.
APA has several mechanisms for emergencies to be reported including: