Department of Human Services

Governance and compliance

This page provides a checklist of activities and considerations over a “do now”, “do next” and “do as needed” basis across the four key areas of focus listed in the introduction. It also provides a range of links to useful State and Federal Government information sources as well as applicable DHS and other South Australian Government Department policies and procedures.

Considerations

Items in orange you should “do now”, items in yellow, “do next” and items in green should be done as needed and applicable

Pandemic Planning

Do now

  • Agree to your organisation’s priorities, document them and ensure all of the management team understands them.
  • Review your existing business continuity plans (if they exist) for weaknesses and unidentified impacts specific to COVID-19 (supply chain, staff availability, customer demand). Consider likely trigger points for decision-making.
  • If you need to develop a pandemic plan, a simple template can be found from the Trusted Information Sharing Network (PDF 231 KB).
  • Establish a response team with clear roles, accountabilities and objectives to manage your pandemic planning and response.
  • Establish and agree processes for pandemic related decision making with your management team and Board and agree on critical milestones. Refer to the Decision Log template (DOCX 91.9 KB).
  • KPMG have a useful Crisis Management Meeting Agenda, and other templates within their Managing Critical Moments Workbook
  • Agree on approach to communications to staff and stakeholders - and feedback loops. Balance transparency and preparedness with not wanting to appear to be overreacting.
  • Keep a detailed record of all decisions. Refer to the Decision Log template (DOCX 91.9 KB).

Do next

  • Appoint functional workstreams and owners, and align activity with response objectives.
  • Confirm critical stakeholders and suppliers and agree communication strategies for them.
  • Verify that technology infrastructure can support alternative means of working for both corporate functions and service delivery.
  • Review supplier service availability and resilience.
  • Consider the need to expand delegations for various types of authority (where required).
  • Consider how staff will be paid under various scenarios (i.e. where payroll functions cannot be performed remotely).

Do as needed

  • Use trusted sources of information to monitor the spread of the pandemic, compliance requirements and emerging clusters of cases, ensuring staff and clients are also aware of these trusted sources. It may be beneficial to allocate a single person to be responsible for monitoring these sources.
  • Review the previous DHS coronavirus online forums and ensure your organisation is invited to all future forums
  • Consider conducting simulations of various contingency scenarios to ‘stress test’ continuity plans (using for example,” best case” and “worst case” options for income / expenditure) and assess impact on associated services, support processes, controls and cash flows.
  • Adapt policies and procedures as required and ensure they remain up-to-date, accurate, relevant and accessible.
  • Consider explicit staff succession planning and upskilling / training for key roles (in case people become ill or have to care for an ill person) while maintaining compliance with quality and regulatory requirements
  • Ensure alignment of activities with your organisations reputation, purpose and values (e.g. supporting the wider community response).

Cyber Security and information risk management

Do now

  • Be aware that organisations are often at their most vulnerable to cyber security threats such as phishing emails (e.g. selling hand sanitisers and masks etc.) when dealing with a crisis that dominates their attention.
  • If, for example, you have moved to staff working from home, perhaps using their own ICT equipment, you must realise that new channels for cyber-attacks have opened up. This increases the risk of client and employee personal information being compromised. Please refer to Understanding OAIC guidance on privacy issued on COVID-19.
  • It is critical therefore that staff are vigilant and that IT monitoring continues unabated.

Do next

  • If any changes are made to the way that your work, review your information security / document management policies and update as required.
  • ICT security requirements for SA Government agencies (including supporting guidelines and templates) can be used as a source of good practice and can be found at the DPC Cyber Security webpage here.
  • Practice sound information risk management by
    • reviewing and updating Standard Operating Procedures (SOPs) on the management of client and employee personal records.
    • ensuring knowledge and skills are distributed across geographically dispersed people / offices.

Do as needed

  • The application of security and information risk policies should be monitored and enforced.
  • Practice sound knowledge management:
    • ensure effective data gathering and sharing processes are in place
    • manage critical information through a vital records analysis.

Contractual arrangements

Do now

  • Review funding agreements / arrangements to determine if flexibility exists (for example, NDIS Plans, contractual arrangements with DHS etc.). Contact your contract manager to discuss terms.

Do next

  • Consider that some contractual agreements may require amendments and / or authorisations outside of usual contractual terms and begin to put in place measures to accommodate these.
  • For disability service providers:
    • Understand how and where there may be flexibility in NDIS plans to allow for altered services and service delivery.
    • Understand any directives or advice from the National Disability Insurance Agency (NDIA) regarding plan reviews or renewals.
    • Understand your obligations under your terms of registration and the Code of Conduct, including to provide continuity of services.
    • Understand your obligation to inform the Quality and Safeguards Commission in relation to changes in your capacity to provide services as well as reportable incidents.
  • Consider any changes to subcontractor or supplier arrangements that need to be negotiated and communicated.

Do as needed

  • Monitor ongoing compliance with confirmed requirements.

Legislative and regulatory compliance

Do now

Do next

  • Understand the potential impacts of any changes made to your staffing / working practices on the legislative and regulatory requirements for your organisation.
  • Identify areas where changes to arrangements will make it difficult for you to comply and raise that with the appropriate regulatory body proactively.

Do as needed

  • Maintain communications with relevant regulatory authorities
  • Monitor ongoing compliance with confirmed requirements.
  • Adapt policies and procedures as required and ensure they remain up-to-date, accurate, relevant and accessible.
  • Ensure compliance with any insurance policy disclosure requirements.

Insurances

Do now

N/A

Do next

  • Understand the scope and any potential limitations in insurance coverage for staff, operations, assets and Directors. Talk with your insurance broker about the impact of COVID-19 and any business changes so that the business’ insurance best reflects the current operating environment and any areas of new exposure.

Do as needed

  • Ensure compliance with any response / disclosure requirements in your insurance policies

Decision-making

Do now

  • Review decision-making hierarchy and meeting rhythm to ensure it supports making well-informed decisions in a timely way.

Do next

N/A

Do as needed

N/A

Monitoring and reporting

Do now

  • Consider establishment of a system to collect Coronavirus (COVID-19)-related data, e.g. case register, and ensure clinicians are aware of data input processes.
  • Document implementation of Coronavirus (COVID-19) response plan to facilitate communication and review processes.

Do next

  • Plan strategies and methods to monitor response and adjust as required, e.g. screening and triage processes, infection control measures, physical layout of clinics/client flow, resource use and stockpiles, clinical management, communication strategies.
  • Plan strategies and methods to capture staff, client and family concerns, feedback.

Do as needed

  • Develop a process by which to assess the impact of a Coronavirus (COVID-19) response on the service so that any lessons learned can inform future planning.

Commonwealth and State Public Authorities

Regulatory and professional bodies

Your organisation may need to keep in contact with the following organisations:

Page last updated : 05 May 2020

State Government of South Australia © Copyright DHS .[sm v5.4.7.1]