Why schools need a Business Continuity Plan
5 Apr 2018
Brendan Lynch is the Business Manager for one of Melbourne’s iconic Catholic schools, Star of the Sea College. He recently worked with CCI to develop a Business Continuity Plan (BCP) to help make the school more resilient during unexpected disruptions. He shared thoughts about identifying potential risks and how to prepare for them.
Business continuity management minimises the impact of disruption and supports an organisation to continue providing services. If we consider the impact of disruption to a school that provides an education to more than 1,000 students, then the knock-on effect of that disruption to families, their employers or their own clients can be far-reaching and costly. It can also be dangerous in some circumstances where those affected have a duty of care to many others as well.
“We had CCI come to spend time at the school and through a Property Risk Review we could identify the dangers around ignition sources that could case fire around the school, or other sources of dangers that could cause damage. The PRR looked at aspects that could trigger a spark in the college canteen where we have deep fryers, and we looked in other places. We thought about how our set up with big ticket items could leave us exposed,” he explained.
It was important to Lynch to get moving with the creation of a strategy by identifying threats and risks to the school. He knew it was to be the first step in ensuring that personnel and assets could be protected and be able to function if there was a disaster or an incident shut down the campus for a period of time.
“When we had the review done, CCI sent in some specialists who were here the whole day with our property manager. They looked at buildings and processes and how we used electrical items and our fire systems.”
“We ended up with a report that outlined high, medium, and low risks. We took action and managed the implementation of all of the recommendations for our two campuses. We have 1,170 students across both campuses.”
Star of the Sea College had not experienced incidents previously, but has actively stayed informed about their responsibilities in protecting their business.
“The Notifiable Data Breaches (NDB) scheme and the legislation that is now in place has made us step up and take note of how we handle data,” he said.
“We attended the 2018 Cyber Focus Forum that CCI hosted in February and found it useful because we have almost 150 staff with access to technology and need to be informed about developing issues. It’s a more fluid concept of business continuity that is evolving along with digital technology developments."
The government’s pledge of $18 million over three years (from 2015-16 to 2017-18) for the new Schools Security Program was to provide funding to government and non–government schools and preschools that were assessed as ‘being at risk of attack, harassment or violence stemming from racial or religious intolerance’.
While the funding does not address student bullying, student violence, child protection or vandalism, Lynch says it signals a clear need for more resources if schools are to safeguard an environment where our youngest members of society spend most of their daytime.
“Child protection is also a hot issue for schools, and we are upgrading access security to manage who attends our school. We are very land-locked. Our buildings are so closely matted together. We’ve taken more precautions with our electronic gates.”
In early 2018, the tragic Florida school shooting had only just lit up TV screens across the world when Lynch recalled a shooting incident much closer to home. In June 2017, two men died, three police officers were shot and a woman was taken hostage in a siege that was only just streets away from Star of the Sea in Melbourne. It was a dramatic incident with dozens of gunshots being fired in the early evening in Bay Street, as crowds ran to a nearby supermarket for safety.
“That still resonates with us,” explained Lynch. “We realised it was a little too close to us and made us more attentive. It’s driven us to take more precautions. We practice evacuations and we’ve even done an ‘active shooter on campus’ evacuation.”
Star of the Sea engaged a security management company as well, who provided the materials and guidance they needed in developing evacuation practice drills.
“We did a lockdown. The students didn’t know it was a practise drill for an evacuation under such severe circumstances, but we did a role play without alarming them. We used an emergency warning system with code speak to create awareness for staff that there was an active shooter on campus. We have an electronic lock and timer on our locking systems. We found the logistics of locking so many doors in our school very quickly is quite challenging.”
He believes that schools need to do more and assess practice drills.
“We need to be more vigilant and so we’ve turned away from just the usual fire alarm to doing something that allows us to do an evaluation and an analysis of what worked and what didn’t work after an evacuation drill.”
“The last thing in our risk review that CCI outlined was to do a BCP that includes cyber security. That’s where our focus is now, as well as on students’ physical security. We didn’t have data security on our radar before, but now all schools have it on their radar. The penalties for not reporting a data breach can be severe and the government is making people take it seriously. Schools have to adapt.”
Lynch explains the importance of a solid business continuity response to any disruption.
“We need to ensure we have a strong first line of defence at the school level. CCI helped us to develop that, and in the event of an incident interrupting our ability to function we will be able to draw on the BCP to get our students and staff through the aftermath and manage until we can get back to normal.”
Brighton siege: Two dead, three police shot, woman held hostage, terror links probed, The Age, 6 June 2017