GOV007
Use this guidance to help you develop the alert levels your organisation needs to move to heightened security in case of emergency or increased threat.
The advice in this guide applies to:
This guide supports the implementation of the Protective Security Requirements (PSR). Under the PSR, government agencies must develop plans and be ready to move to heightened security levels when necessary (GOV7).
The following requirements are related to security alert levels:
Base your decisions about security alert levels on whichever requirements are the highest — the advice in this guide, the related requirements listed above, or any legislation that applies.
Security alert levels communicate information about the security measures you use to reduce risks in emergency situations and other times of heightened risk.
Alert levels also allow you to scale the security measures you use, so they’re appropriate to the type of incident and can change easily as risks increase or decrease.
Developing alert levels helps your organisation to apply security measures quickly before or during an incident. A quick response can greatly increase your ability to protect your people, information, and assets.
Take an ‘all hazards’ approach to developing alert levels. That means including all types of threats from all sources, so you can generate a balanced response. Physical and environmental threats may have the same, or greater, impact on your organisation’s ability to function as traditional security threats.
Any protective security measures you implement with your alert levels should mitigate the risks to your people, information, and assets. They should also make any information and asset sharing arrangements you have more secure.
Base your alert levels on possible sources of risk to your security — risks you’ve identified in your organisation’s security risk assessment.
Sources of physical security risks fall into three main categories:
If your protective security measures are damaged or breached by an event or activity, or you have reliable evidence to support the possibility of a threat, then you may need to escalate the alert level.
Each facility or work area within a facility may have unique security risks. To identify and assess the physical security risks likely to affect each site during events, threats, or activities, your security management people should work with:
Seek information on risks from internal and external sources.
Your organisation’s overall risk assessment is an excellent source of information. Check the assessment and consult with your business areas to learn more.
Your business areas should be able to tell you about:
Other important internal sources of information about risks are your:
External sources include any organisations you work, partner, or co locate with. You should consider the BILs of any collaborative work or sharing arrangements. Do the other agencies have unique risk factors and how might they affect your combined business continuity plans?
Other examples of external sources of information you can draw on are:
When you’re designing or selecting alert levels, aim for a balanced approach as over- or under-protecting your people, information, and assets can create problems.
Over-protection is costly, inefficient, and can be an obstacle to your operations. Over-protection is often caused by:
Under-protection can affect personal safety, and the security of your information and assets.
To prevent under-protection, provide guidance that makes it easy for your people to identify which risk sources require an increase in alert level. And make that increase easy to implement.
The number of alert levels to use depends on your operating environment and expected changes in your risk sources. Essential factors to consider are the nature of your organisation, the types of facilities you use, your operational role, and known risk levels.
The following four examples of alert levels show how you can:
Low
This security alert level applies when there is little likelihood of an event causing harm. The security measures in place would meet normal internal operational requirements.
Medium
This security alert level applies when an event, general threat, or physical activity likely to cause harm might occur. However, there is no specific threat directed to your organisation or facilities.
Any security measures you apply can be maintained indefinitely, with minimal impact to your organisation’s operations.
High
This security alert level applies when an event, threat, or physical activity likely to cause harm is expected to occur to your organisation or any of your facilities.
Any security measures you apply can be maintained for lengthy periods without causing undue hardship to your people, affecting operational capability, or aggravating relationships with the local community.
Extreme
This security alert level applies when an event, threat, or physical activity likely to cause significant harm is imminent or has occurred to your organisation or any of your facilities.
You won’t be able to maintain the necessary security measures for lengthy periods and they may cause hardship to your people, affect operational capability, or aggravate relationships with the local community.
Use your assessment of risk sources and operational requirements for each facility to work out which security measures you need for each alert level.
Several generic measures might be suitable at each alert level. For examples, see Operational security measures for alert levels [PDF, 44 KB].
Your security management people should work with local area managers and consult with your risk managers to develop procedures for each facility and risk source.
You should actively monitor your organisation’s risk environment and change (increase or decrease) the alert level to match any changes to the risks.
Develop a guide to your security alert levels
Developing a guide will help you refine your alert levels and associated security measures. It’s important to consult the different business areas in your organisation. Aim to find out if your guide will be effective or have implications for other security processes within your organisation.
Once your guide is developed, it will be a vital source of information about your security alert levels.
Develop a communications plan
Communicating a change in alert level well is essential to getting the right responses. Your people need to know what has changed and what to do.
Your communications plan will help you create a successful strategy. You need to consider the audiences, messages, methods, and responsibilities.
Audiences: Who needs to know about the alert and what do they need to know? Different communication may be required for different audiences (senior management, staff, security staff).
Messages: Which messages do you need to communicate to each audience? Aim to create concise and unambiguous statements that clearly identify the issues and the actions required.
Methods: How will you communicate the messages? Choose the best medium or combination of mediums to get your messages to your audiences as quickly and effectively as possible.
Responsibilities: Your strategy should clearly identify:
Ask your communications team for expert advice when you’re developing the communications plan.
Related guidance
HB167:2006 Security risk management
This handbook suggests using the IRACI tool (Intervention, Responsibility, Accountability, Consult and Inform) to work out who needs to be involved in developing the strategy.
Review and update your processes
You should review your alert level processes:
Practise and review the activation procedures for your alert levels as well as the security measures for each level. Use what you learn to identify any gaps and update your guide.
Debrief after going to high or extreme alert levels
A debrief can be helpful for improving your response. Consider debriefing after every alert level change to ‘high’ or ‘extreme’. A debrief should consider:
what and where, if any, improvements could be made to alert level procedures and communications.