Unfortunately, we live in a world today where terrorist attacks have become far too common. Counter-terrorism strategies and tactics are rightly in the consciousness of governments, employers and the public at large in the wake of attacks in Kenya, Beirut, Paris, Nice and many other locations around the world which experienced massive losses of life by the actions of extremists (not to mention the numerous shootings, bombings, and bio-attacks that continue to take place). In August 2016 there was a terrorist attack on a Pakistan hospital which killed more than 50 people.23 Locally, we have had our own challenges with the loss of life arising from the Martin Place Siege and attack on NSW Police Headquarters in Parramatta.

Security challenges in the workplace have, however, existed for centuries. Work Health and Safety (WHS) laws require employers to develop strategies to eliminate or control these risks. This responsibility applies equally to the security-related risks and threats.

The best method for addressing workplace violence is to prevent it from occurring in the first place. Violence in the form of terrorism can take many forms and occur virtually anywhere at any time, so public institutions such as hospitals and aged care facilities must be diligent in taking all possible measures to avoid such incidents at their worksites, and have a risk management framework in place should they occur.

A terrorist act is not defined in the WHS legislation24 however it is defined in the Terrorism (Commonwealth Powers) Act 2002 (NSW)25 as:

  1. action that is done or the threat is made with the intention of advancing a political, religious or ideological cause; and
  2. the action is done or the threat is made with the intention of:
    1. coercing, or influencing by intimidation, the government of the Commonwealth or a State, Territory or foreign country, or of part of a State, Territory or foreign country; or
    2. intimidating the public or a section of the public.

that

  1. causes serious harm that is physical harm to a person;
  2. causes serious damage to property;
  3. causes a person's death;
  4. endangers a person's life, other than the life of the person taking the action;
  5. creates a serious risk to the health or safety of the public or a section of the public; or
  6. seriously interferes with, seriously disrupts, or destroys, an electronic system including, but not limited to:
    1. an information system;
    2. a telecommunications system;
    3. a financial system;
    4. a system
    5. used for the delivery of essential government services;
    6. a system used for, or by, an essential public utility; or
    7. a system used for, or by, a transport system.

The most common types of terror attacks that may occur at a workplace include:

  • Fires and Explosions: Caused by arson or an explosive device on a targeted location or building. Although employers cannot be expected to reasonably identify and attempt to control these hazards, they should have effective fire prevention plans in place and provide employees with action plans to safely respond to threats and incidents;
  • Bioterrorism: The intentional use of micro-organisms to bring about ill effects or death to humans, livestock, or crops. Employees who receive materials and packages to their worksites must be trained to identify suspicious substances and minimize exposures in the work environment; and
  • Radiological Dispersal Devices (RDD): Known as "dirty bombs," these consist of radioactive material combined with conventional explosives. Their purpose is to disperse the radioactive chemicals over a large area, killing those in the immediate area and causing panic in the target population.

A comprehensive framework to risk management is imperative to managing the threat and risk of terrorist acts. The risk management process involves the following:

  • Establishing Context – Looking at the environment the organisation operates in to ensure that the strategies to mitigate risk are cost effective, operationally effective and appropriate;
  • Identification – Identifying all security risks which the framework will be responsible for assessing and mitigating;
  • Analysis – Assessing the likelihood and consequences of each risk occurring. This involves looking at worksite vulnerabilities, recognized threat, and anticipated consequences of the event. Keep in mind that although many vulnerable locations are typically identified as public spaces, they are still the worksites for thousands of employees. These factors include the extent to which a site:
    • Uses, handles, stores, or transports hazardous materials;
    • Provides essential services;
    • Has a high volume of pedestrian traffic;
    • Has limited means of egress, such as a high-rise complex; or underground operations;
    • Has a high volume of incoming materials;
    • Is considered a high profile site;
    • Is part of the transportation system;
  • Evaluation – Involves the application of metrics to determine relative values for each risk category and is often achieved using a risk analysis matrix (e.g. Very Low, Low, Medium, High and Critical);
  • Treatment – Involves determining the most appropriate strategy to mitigate the risk by applying different treatment options such as accepting, avoiding, reducing or transferring the risk;
  • Communication and Consultation – Stakeholder consultation is integral at each stage of the process and ensures and effective gathering of information and assistance with mitigating any identified risks. Consultation with local and federal agencies to discuss potential threats will assist so that they can work with you to better plan your preparedness and response procedures; and
  • Monitoring and Reviewing the Risks – Periodic assessments and checks should be undertaken to ensure changes in the risk environment are reflected in the security measures and for public institutions assessments may need to be made more frequently than other employers.

Preventative measures that may be considered as part of a comprehensive approach include:

  • Pedestrian and vehicle access controls;
  • On-site security guards;
  • Appropriate surveillance systems;
  • Emergency response plan and lock down capabilities - It is critical to implement an emergency response plan which facilitates and organizes employer and employee actions during workplace emergencies in the event of a terror incident. Employees should be trained to understand their roles within the plan, conduct regular fire and evacuation drills so that employees know their best way out of the worksite and where to find a safe space, and providing accessible safety equipment such as fire extinguishers and masks;
  • Human resources and employee assistance programs – a Human Impact Team that is trained and prepared to specialise in the human side of crisis response and a Family Assistance Program Team as well as temporary arrangements for employees such as personal protection coaching, time off, personal security provisions, flexible work schedule and relocation to another facility may be included in these plans;
  • Premises hardening (i.e. locks and other controlled-access systems that keep out unwanted intruders);
  • Employee workplace violence orientation;
  • Hostility Management Training;
  • Threat notification system – employees need to know that they share responsibility for safety and to report threats promptly and who to and what will happen next;
  • Threat Response Team – Ideally you should also have a trained, multidisciplinary Threat Response Team to plan for, investigate, assess and, where possible, diffuse threatening situations. Employees should know that the organisation has a team trained to respond to significant threats;
  • Crisis communications – these need to be managed to and from affected stakeholders to ensure appropriate personnel are prepared to respond effectively; and
  • Insurance cover for such events.

A terror attack can be catastrophic to an organisation financially, on the employees and to its reputation. Although there is no way to completely eliminate the threat of a terrorist attack taking place at a worksite, organisations that are effective in managing the risk are more likely to be prepared for such an event were it to take place and minimise the loss of life as result and less likely to be accused of being negligent for failing to prepare and plan for it.

Footnotes

23 http://www.un.org/apps/news/story.asp?NewsID=54641#.V8ZHoa2tH9M

24 Work Health and Safety Act 2011 (NSW) and Work Health and Safety Regulation 2012 (NSW)

25 Schedule 1 of the Terrorism (Commonwealth Powers) Act 2002 (NSW)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.