Department of Education




PoliciesCorporate managementPolicy, accountability and evaluation ‹ Risk and Business Continuity Management

Risk and Business Continuity Management

4 Procedures

4.2 Line managers

4.2.1 Risk management

Line managers will:

  • identify and assess risks;
  • develop treatment plans;
  • monitor and record risks within the risk management system; and
  • communicate risks to staff, as appropriate.
See Appendix A – Establishing, identifying and assessing risks.
See Appendix B – Sample risk identification worksheet.
See Appendix C – Risk reference tables.

Risk information is contained and mantained within the Department’s risk management system (RiskBase).

For more information on the risk management process, please refer to the Western Australian Government Risk Management Guidelines at

4.2.2 Business continuity management

Line managers will, as appropriate:

  • conduct a Business Impact Analysis that identifies the maximum acceptable outage which lead to critical functions to be reinstated following a major incident;
  • document the Business Impact Analysis in a Business Continuity Management Plan;
  • review the Business Impact Analysis at least every 12 months;
  • review and update the Business Continuity Management Plan at least every 12 months;
  • conduct exercises on a regular basis to test or validate the plans; and
  • draft the Business Continuity Management Plan that, includes:
    • strategies; requirements and procedures for continuity of critical functions; and
    • all resource requirements to support the continuity of identified functions.

The Department’s business continuity strategies and plans should be based on the following parameters:

  • A major incident that will render any one of the Department’s facilities, including premises and IT services to be inaccessible or unusable for a prolonged period.
  • Access will not be possible within a one kilometre radius from the affected site.
  • Public transportation and utilities (power, telecommunications and water) around the vicinity of the incident are cut or severely hampered.
  • Alternate personnel need to be identified as backups for key positions and generally, staff will be available to execute the business continuity plans.
  • Alternate data centres and recovery sites, if required, are not on the same power grid and telecommunications exchange as the primary data centre / business office buildings and are located at a reasonable distance away from each other.
For further information, see Appendix D - Business continuity management process.

Principals would be required to develop Business Continuity Management Plans in circumstances where their continuity of operations is not covered by existing department processes.

4.2.3 Record keeping

Line managers will maintain the following documentation:

  • individual risk reviews;
  • treatment action plans; and
  • Business Continuity Management Plans, as appropriate.
Records are maintained for audit purposes.


Risk and Business Continuity Management

All contents copyright Government of Western Australia, unless otherwise stated.

Aboriginal and Torres Strait Islander people are advised that this site may contain images of people who are deceased.

Copyright material available on this website is licensed under a Creative Commons Attribution 4.0 International (CC BY 4.0) licence
Exclusions may apply: