Garrison and Estate Management System GEMS Incident Management

Garrison and Estate Management System (GEMS) Incident Management Deployment 1 Information Pack 23 February 2017

Incident Management CONTENTS § GEMS Overview § Incident Management Overview § Demonstration of the SAP Incident Management functionality § Roles and Responsibilities ( including training requirements) § Key Terminology § Incident Business and System Processes Ø Incident Recording Ø Incident Processing and Investigation Ø Incident Management Reporting

GEMS Overview

GEMS Overview What is GEMS? The GEMS solution is part of the wider Defence SAP enterprise system which aligns with Recommendation 3 of the First Principles Review and supports the following functions and processes. Estate Planning Estate Financial Programming Recommendation 3: Fully implement an enterprise approach to the delivery of corporate and military enabling services to maximise their effectiveness and efficiency. Acquisitions, Leasing & Proposals PPP facilities Projects Environment Management Hospitality & Catering Contract Management Project Management Notifications & Communication Financial Management GEMS Risk Management Performance Management Reporting & Analysis Estate Operations Land Management Services Waste Management Program Planning & Management Major capital Facilities Development & Delivery Estate technical Governance & Compliance 4

Garrison & Estate Management System Key Business Drivers for GEMS Existing Estate information management environment could not be extended or supported Limited Visibility of a complete picture of the Defence Estate Increasing Costs due to inefficient system dependent business processes Poor Data Quality and integrity of previous system led to duplicated effort through re-keying of financial information Move Away from manual intervention in the transfer of electronic information Limited Ability of previous systems to receive data supplied by external contractors

GEMS Overview How is GEMS integrated into Defence systems architecture? § The GEMS solution, including Base Services, Estate and Infrastructure information, is managed via the Defence SAP Enterprise system. § GEMS will see Defence evolve its finance centric SAP system (ROMAN and BORIS) into a mixed Enterprise Resource Planning system. Defence SAP Environment ROMAN, or Resource & Output Management & Accounting Network, is Defence's core Financial transaction system BORIS, or Budget Output Reporting Information System, is Defence’s corporate budget Development and reporting tool 6

GEMS Overview 7

GEMS Overview Deployment 1 Scope - Environment, Risk and Compliance Incidents Risk (Governance, Risk and Compliance – GRC) SDD Corporate Risk (Very High & High) Environmental Risk Brisbane BSA Environmental Capability/Infrastructure failures Fires Estate Only

Incident Management Overview 9

What will change for SDD? Incident Management Current State Process § No single E&IG incident management system § Adhoc processes across regions People § Adhoc reporting of incidents § Different roles and responsibilities across regions/directorates Technology § Utilises current systems: § Sentinel § Environment Incident Reporting § Defence Policing & Security Mgt § Training Area Incidents Future State (GEMS) § Single source for E&IG related incidents § Deployment 1 to capture: § Environmental incidents § Incidents affecting critical capability § Fires § Estate Incidents Consistent Roles across: § Product Directors § RESOs § BSMs § EMOS/PDS § Online incident form for Estate Incidents § End to end processing of incidents – audit trail and governance § Current mandated systems remain as source of truth

Incident Management Defence SAP (GEMS) - Environmental Health and Safety Management (EHSM) § The EHSM module will manage all E&IG Incidents and Hazards § E&IG will not duplicate/replicate incident reporting and management, where current incident management systems exist. These systems will continue to be the primary reporting system – e. g. Sentinel for WHS, DPSMS for Policing, Security & Fraud § For Deployment 1 E&IG will use GEMS to Capture: • • • All environmental incidents Failure of Critical Capability/Infrastructure Incidents (iaw Services/Groups SLPA) see next slide Estate only incidents Fires Hazards will not go-live in deployment 1

Incident Management INCIDENT TYPES – Failure of Critical Capability/Infrastructure Type Asset Type Capability Support Safety Compliance Environment Personnel Wharves, Airfield Pavements, Airfield Lighting, Headquarters Buildings, Communications Facilities, Tactical targetry and Pre-Deployment Training Facilities, Fuel Installations, Explosive Ordnance Store Sewerage Treatment Plants, Emergency Power Systems, High Voltage Reticulation Systems , Ship Lifts, Communications Infrastructure, Water Treatment Plants, Fuel Hydrant Lines, Air Traffic Control Systems , Drainage Systems, Building Management Systems Hazardous Chemicals Store, Armoury, Lighting Systems, Compressed Air Systems, Cyclone Rated Buildings Medical Treatment Systems, Fire Detection and Suppression Systems, Masts and Towers, Security Systems Contaminated Sites, Endangered Species Communities, Soil Management Areas, Bushfire Management Areas LIA in remote areas, Messes and recreational facilities in remote areas Criticality _________________________________ An overall measure of the importance from a capability or risk perspective of an asset or an asset system to Defence and the degree of reliability and availability required. It is rated on a five point scale: 1 - Highly Critical/Major Importance 2 - Critical or Important 3 - Support 4 - General Purpose 5 - Low Importance E&IG Service Level Partnering Agreements – Groups and Services

Incident Management Roles & Responsibilities

Incident Management SAP Role Business Role § Direct Entry – Any SAP endorsed user Incident Reporter § via Phone or PDF: § Any member of Defence Creates an incident report – direct entry Incident Management (Incident manager and investigator roles are the significant transactors within SAP – the incident reporter and task implementer will be more adhoc users) Task Implementer § Any person with a trusted email address (CIOG approved) via PDF – outside the DRN (accessed via DEQMS) § Checks workflow notifications § EMOS (NPS/PDS) for Estate related works § Carries out tasks needed § Any user appointed by the incident manager or investigator. § Confirms tasks have been completed § Tasks may be managed off system and reported to the Incident Manager as appropriate. Incident Manager Incident Investigator § Reviews, accepts or rejects the incident § Workflow to Incident Manager (RESO / BSM / EMOS) § Gathers and records additional information such as: extent and complexity of damage, assets involved, breach of legal obligations, cost estimates. § Environmental incidents – iaw DNES Schedule 3 § Detailed investigation § Any user appointed by the Incident Manager § Identifies, records the likely drivers of the incident, § An SME in the area of investigation. § Lessons learnt § Initiates Tasks, Work Order(s) or Project(s) § Can be on-forwarded to alternate Incident Manager (e. g. PD for management). § The incident manager may also act as the investigator. § Note: Not all incidents may require an investigation.

Incident Management Training is available on Campus and consists of: E-Learning (7 hrs): § GEMS Overview § Environmental Risk and Compliance Module (ERC) Overview § Incident Processing, Investigation and Reporting § Facility Service Management Overview § Business Intelligence Reporting Overview Knowledge Transfer – Skills Development: § The GEMS Readiness Team will deliver workshops to support knowledge and skill development across key stakeholder groups – e. g. BSMs, RESOs, EFS, EMOS, DEPU, WHS, RSM’s § These will be held just in time to coincide with each GEMS deployment § The workshops will step through system and business processes § DEQMS – will contain incident processes and support materials

Incident Management TYPE CAMPUS ID COURSE NAME REQUIRED EST. TIME 00010891 GEMS Overview Mandatory 2 hours 00010892 Environmental Risk & Compliance Overview Mandatory 1 hour 00011612 Incident Processing, Investigation & Reporting Mandatory 4 hours 00010893 Facilities and Service Management (FSM) Overview Optional 1 hour Incident Management - Awareness Workshop Role Based KTWS-IMW 01 Total Incident Management Training 1 -2 hours 9 -10 hours

Incident Management Key Terminology 17

Incident Management Term Description Incident An Incident is an unplanned, undesired event that adversely affects the completion of a task and/or endangers the safe operation of the Defence estate and/or the environment. Incident Management is the end-to-end process of recording, processing, investigating, undertaking corrective actions and closing incidents that relate to the Defence estate. Task A Task (notification) is a link used for quick access to the Edit Incident window. Tasks are available to multiple users from various functional areas by accessing the Work Overview item. Tasks may also be accessed via the Universal Work List (UWL). Asset An Asset is any item, object or structure that is a part of the Defence estate. Release A Release is a substance (solid, liquid or gas) that is discharged into the environment during an incident. A Notice of Violation (NOV) could be in the form of: Notice of Violation § a breach in legal obligations § a breach in policy § a non-conformance to a Defence guideline § a non-conformance to a Standard Operating Procedure (SOP). An Environmental Factor is an aspect of the estate's environment, such as the presence of Environmental Factor threatened species, pests and weeds, and man-made aspects and impacts upon the environment such as the presence of Heritage Sites, Asbestos and Contaminated Sites. Health and Safety refers to the function where users can create and manage information about incidents and hazards related to the estate's assets and environment.

Incident Management Business Processes

Incident Management Incident Records Incidents may be reported on-line (via an interactive PDF form); however notification and immediate management of incidents are to continue as per existing base plans. For deployment 1 only: For the Brisbane BSA - where the PDF form is used Spotless Services will upload the form and create an initial Incident Record for workflow to the ‘Incident Manager’. Where the PDF form is used in areas outside of the Brisbane BSA, the EMOS contractor for that region will forward the PDF form to the BSM or Regional Environment & Sustainability Officers (RESO) for off system action.

Incident Management Process GEMS supports the following key processes in the Incident Management process: § Incident Occurs § Incident Reported / Recorded § Incident Accepted / Rejected § Incident Investigated § Incident Closed § Business Reporting – Dashboard & BI Incidents that will be recorded into GEMS will fall into the following categories: § Environmental Incidents § Estate only related Incidents § Critical Capability Failures § Fire Incident Reported and Recorded Incident Processed and Investigated

Incident Management Report, Record & Create Incident Record Incident PDF Completed Upload PDF Form Create Record One of two methods can be used to report an incident: 1. An Incident Reporter completes the electronic PDF Incident form (via DRN or DEQMS); Or 2. An Incident Reporter calls the BSSC who records the incident. On submission of a completed PDF form an email is generated and sent to the respective EMOS depending on the location selected. NOTE: In the future solution a completed incident report once submitted will be automatically uploaded. This will trigger a workflow and notify system users that an incident needs to be actioned.

Incident Management Report, Record & Create Incident Record Incident PDF Completed Upload PDF Form Create Record The EMOS monitors an email inbox for any new incident PDF notifications. Once an email with a completed incident PDF form is received, the form is uploaded into SAP or can be stored on a local drive to complete a batch upload activity for multiple forms. Note: Upload must occur at least daily. The BSSC/EMOS can also receive a phone call from an incident reporter and enters the details of the incident directly into the SAP System.

Incident Management Report, Record & Create Incident Record Incident PDF Completed Upload PDF Form Create Record The SAP System will process the uploaded PDF form and create an incident record. This will trigger a workflow notification to the Incident Manager to action the incident report. The Incident Manager views the incoming incident report notification by navigating to the Work Overview screen and selecting the link to the Incident Record. NOTE: The notification is sent to multiple Incident Managers, the first person to accept responsibility for managing and assessing the incident will become the Incident Manager. Once accepted all sent incident report notifications are removed from other SAP Inboxes.

Incident Management Deployment 1 – Brisbane BSA Is it an Estate only Incident Is it an Environmental Incident? Is it a Structural Fire or Bushfire? Does it affect capability? (SLPAs at the local level know critical infrastructure / estate / Service Delivery)

Incident Management Incident Processing and Investigation Review / Accept Incident Assessed Incident Processing and Investigation Incident Investigated Tasks Assigned Incident Closed

Incident Management Review / Accept Incident Processing and Investigation Incident Assessed Incident Investigated Assign Tasks Close Incident The Incident Manager reviews the incident and either accepts or rejects the incident report. At the same time the Incident Manager will decide whether immediate action is necessary to make the area safe and also reviews what action if any has already taken place. If the Incident Manager rejects the incident report the incident record is closed and the reason for the rejection is documented. If the Incident Manager accepts the incident as being valid, remedial action such as tasking or Work Order notifications may be created in the SAP system.

Incident Processing and Investigation Processes Incident Processing and Investigation Review / Accept Incident Assessed Incident Investigated Assign Tasks The Incident Managers assesses the incident and selects an incident category. The Incident Manager also updates the following incident attributes: § § Damage to Asset Notice of violation Releases EFR’s (Environmental Factor Records) Close Incident

Incident Management Incident Processing and Investigation Review / Accept Incident Assessed Incident Investigated Assign Tasks Close Incident The Incident Manager decides whether the incident needs to be investigated. If no investigation is required the incident record is CLOSED. If an investigation is however needed the Incident Manager assigns an Incident Investigator via a Work Overview item within the SAP system. The Incident Investigator examines the processed Incident record completed by the Incident Manager and determines the Investigation Type: § Lessons Learned (LL) A critical part of contributing to the correct methods of managing incidents affecting assets on the Defence estate and could also be used to improve existing Standard Operating Procedures (SOPs). § Incident Cause Analyses Method (ICAM ) The root cause of incidents are categorised to allow consistency across investigation records and provide trend analysis in reporting.

Incident Management Incident Processing and Investigation Review / Accept Incident Assessed Incident Investigated Assign Tasks The Incident Investigator proceeds with the planning of the investigation including: § Gather and record additional information (Root Cause Analysis/ICAM) § Analyse the incident and record Lessons Learned § Define and record tasks if required NOTE Incident Managers may also perform the investigation. Both a LL and ICAM may be performed Close Incident

Incident Management Incident Processing and Investigation Review / Accept Incident Assessed Incident Investigated Assign Tasks Close Incident The Incident Investigator identifies tasks to be performed which could either be: § An Action: primarily performed by Defence Personnel e. g. improving Standard Operation Procedures (SOP’s) OR § A Work Order Notification: requires work (or an assessment) to be carried out. The Incident Manager / Investigator creates a work order notification from the task tab within the incident record. This will trigger workflow for a work order to be created and actioned.

Incident Management Review / Accept Incident Processing and Investigation Incident Assessed Incident Investigated Assign Tasks Close Incident The Incident Investigator completes the investigation. The Incident Manager manages the progress of the maintenance actions and reviews and confirms the completion of all actions by: 1. Ensuring the investigation is not marked as In Process and that the investigation/s are displayed as Complete 2. Verifying that there are no outstanding action tasks or maintenance notification tasks relating to the Incident 3. Confirming that completed tasks can be marked as Closed

Incident Management Incident Processing and Investigation Review / Accept Incident Assessed Incident Investigated Assign Tasks The five statuses of a Maintenance Notification are: Maintenance Notification Statuses ATCO All tasks Completed NOCO Notification completed NOPR Notification in process OSNO Outstanding notification OSTS Outstanding task(s) exist(s) Close Incident

Incident Management Incident Processing and Investigation Review / Accept Incident Assessed Incident Investigated Assign Tasks Close Incident The Incident Manager updates the incident record to confirm closure and closes the incident Record in the SAP System. NOTE Once the investigation process is completed the status is set to CLOSED. The Incident records can still be viewed and accessed after the incident is closed.

Incident Management Reporting There are two types of analytical reports available through the Reporting functional area in Defence SAP that can be utilised to perform incident related analysis: § Dashboard Reports Gives a broad overview of incident activities and provide graphical representations of data providing graphical displays such as bar charts and graphs § Analysis Reports Produces a list of items that fall within specific parameters, or a list of specific aspects of a report. The reports display data in different formats, and both types of reports can be customised by setting different filter options. Analysis reports are different to Dashboards as the parameters e. g. date, time, location must be set in the prompts window before the report can be viewed. The reports provide a broad overview of Incident activities and can be customised by setting different filter options.

Incident Management Environmental Incidents DEQMS – DNES for Environmental Incidents, general process and incident severity still applies. Environmental Releases An environmental release is when, during an incident, a substance (solid, liquid or gas) discharges into the environment e. g. steam, asbestos dust or fuel. More than one release can be added to an Incident in Defence SAP When processing the Incident record data such as disposal method of the tools used to mitigate the release need to be specified. Accuracy is important when recording environmental releases as Defence needs to comply with the Environmental Protection, Biodiversity, and Conservation Act (EPBC Act). Risk Recording the release provides a source from which to associate tasks to undertake corrective Reporting actions for the remediation of the environment where the release happened. 36

Incident Management Notice of Violation A Notice of Violation (NOV) can be issued from within or outside of Defence. A NOV describes what Defence needs to do in order to comply with regulations. NOV’s assists Defence in identifying any failures in organisational procedures, guidelines, and policies and triggers corrective actions and improvements to be taken. A Notice of Violation could be in the form of: § § a breach in legal obligations a breach in policy a non-conformance to a Defence guideline a non-conformance to a Standard Operating Procedure (SOP) As part of incident processing, data about any Notices of Violation related to the incident will need to be entered and updated. An incident may have multiple Notices of Violation. Risk Reporting 37

Incident Management Reporting At present the incident reporting output of GEMS is being worked through to determine the type of reports available against the requirements of the Business. Workshops are scheduled to be held once the system has been used for a period of time and the Business is in a position to As a result of an Incident Investigation, reports and further define reporting requirements. There are two standard types of analytical reports available through the EHSM reporting area in GEMS: § Dashboard Reports Gives a broad overview of incident activities and provide graphical representations of data providing graphical displays such as bar charts and graphs § Analysis Reports Produces a list of items that fall within specific parameters, or a list of specific aspects of a report. Business Intelligence (BI) Reports These are customised reports that pull together information across all GEMS modules - BI Reports will be made available post deployment 1. Incident BI reports will mature as the business matures it’s understanding of EHSM and GEMS functionality. 15

Garrison & Estate Management System END 17