d@rt
Booking Service Provider Safety Risk Register
1. Identifying, assessing and reducing risks
This document records the results of risk assessments carried out in connection with d@rt Pty Ltd’s Booking Service Provider operations.
Events that can impact on safety are called risks.
Identifying risks is the foundation of risk assessment. If risk events are not identified, any associated risks cannot be assessed and eliminated or reduced.
The risk register describes each identified risk and outlines the treatment action to be taken to eliminate or mitigate the risk so far as is reasonably practicable.
The General Manager of the business is responsible for the overall management of risks to safety associated with operating the business. This person is also responsible for ensuring that the procedures defined in this document are adhered to.
- Assessing the risk
In assessing the risks arising from an event, the aim is to determine what the possible consequences and likelihood of occurrence are.
The assessment will include normal operations as well as possible unplanned or abnormal situations.
It will also consider the risk from combinations of events or incidents.
- Treatment Measures
The degree of risk associated with any particular event will depend on the nature and effectiveness of the risk treatment measures that are in place.
The purpose of these measures is to eliminate, prevent or reduce the risks of, and to mitigate the effects of, incidents so far as is reasonably practicable. They can be of a procedural or process nature as well as hardware based.
All existing treatment measures for identified risks will be included.
If the risk assessment determines that existing measures are not adequate, additional treatment measures will be considered so that the risk is reduced.
- Risk Treatments Rejected After Consideration of the SFAIRP Principle
If a control has been rejected due to grossly disproportionate cost, this is documented.
- Review and Maintenance of the Risk Register
The Risk Register is a “live document” and will be updated whenever a new risk becomes known or an incident has occurred within the industry which could have the potential to impact on this operation.
The Risk Register will also be reviewed and if necessary revised annually as part of our Internal Safety Audit, and adjustments made with due reference to incident trends, safety alerts or other potentially impacting factors.
Safety Risk Assessment Matrix
| Consequence | |||||||
| Insignificant
No injuries, low financial cost, little impact |
Minor
First aid treatment, medium financial loss |
Moderate
Medical treatment required, high financial loss, lower level political embarrassment |
Major
Extensive injuries, major financial loss, medium level political embarrassment |
Extreme
Death, huge financial loss, high level political embarrassment |
|||
| 1 | 2 | 3 | 4 | 5 | |||
| Likelihood | Rare
Possible, but not expected to occur |
1 | L | L | L | M | M |
| Unlikely
Something like this happened elsewhere |
2 | L | M | M | H | H | |
| Likely
This event is likely to occur in this business |
3 | L | M | H | H | E | |
| Definitely
This event does occur in this business |
4
|
M | H | H | E | E | |
Risk Legend
L – Low risk: Risk generally acceptable; manage further by routine procedures
M – Medium risk: Take opportunities to reduce risk further so far as is reasonably practicable
H – High risk: Risk to be reduced so far as is reasonably practicable
E – Extreme risk: Action is required to reduce the risk
Risk Register
Ref |
Identified Risk |
Cause |
Likeli-hood |
Conse-quence |
Risk Rating |
Treatment |
| 1 | Non-compliance with Risk Register requirements. | 1. d@rt fails to maintain a Risk Register.
|
1 | 2 | L | Risk Register approved by Board and in place prior to commencement of operations.
The Responsible Person is identified on page 1 of this document. The Risk Register maintenance procedure on page 1 of this document (Item 5) is followed. The Risk Register is a standing item in the Board report. |
| 2. Risk Register not reviewed and if necessary revised at least annually. | 1 | 2 | L | A Risk Register review is scheduled to be undertaken during the annual internal audit.
|
||
| 3. Risk Register not updated when a new risk becomes known. | 2 | 2 | M | Responsibility for risk system maintenance includes ad-hoc updating. | ||
| 4. Risk Register not circulated to Board and executive management when updated or reviewed. | 1 | 2 | L | Risk Register is a standing item in the Board report. | ||
| 2. | Non-compliance with other BSP regulatory requirements. | d@rt fails to be aware of and meet relevant regulatory requirements. | 2 | 2 | M | BSP regulatory requirements and changes are continuously monitored by in-house counsel. |
| 3. | d@rt data breach/hack/leak. | d@rt becomes aware of a data security breach including by ongoing monitoring. | 3 | 2 | M | All data is backed up continuously via cloud server.
Follow BAV data breach policy. Internal data security review triggered by any discovered data breach/hacking/leaking. |
| 4. | Notifiable Incidents not recorded or reported to the regulator (CPVV) as required. | 1. Notifiable Incidents not recorded after being reported to d@rt. | 1 | 2 | L | All incidents are recorded in a database and reviewed to identify any prescribed (notifiable) incidents.
|
| 2. Notifiable Incidents not reported to CPVV as required within 10 business days of d@rt being made aware of the incident. | 1 | 2 | L | Any prescribed notifiable incidents are flagged and notified to CPVV within 10 business days of d@rt being made aware of the incident. | ||
| 5. | Vehicle fitness. | 1. Vehicle inspection certificate not provided. | 1 | 3 | L | Driver unable to complete application requirements. |
| 2. Vehicle Certificates of Roadworthiness not provided annually. | 1 | 3 | L | Roadworthiness certificate expiry date recorded in driver data file.
Email reminder sent 1 month prior to expiry. Driver agreement cancelled if not provided. |
||
| 3. Wheelchair accessible vehicles not meeting appropriate standards including inspection and maintenance. | 1 | 3 | M | Driver and vehicle flagged as needing to provide new certificate by expiry date.
Driver agreement cancelled if not provided. |
||
| 6. | Driver assaulted by passenger. | Drug/Alcohol affected or argumentative passenger | 2 | 2 | M | Driver may refuse to transport such persons.
In case of emergency call 000. User banned from service. |
| 7 | d@rt fails to keep a record of all Schedule 1 information. | 1. Incomplete records for booked commercial passenger services. | 1 | 1 | L | The booking system records at a minimum all information specified in Schedule 1. |
| 2. Records not kept for at least 3 years | 1 | 1 | L | All records are kept for at least three years. | ||
| 8. | Passengers fighting. | Drug/Alcohol affected or argumentative passengers. | 2 | 2 | M | Driver training.
Driver to contact police. |
| 9. | Driver Competence. | Inadequate qualifications or certifications.
|
1 | 2 | L | Driver licence.
Driver accreditation.
|
| 10. | Driver competence
to run wheelchair accessible vehicle. |
Inadequate training for drivers of wheelchair accessible vehicles. | 1 | 2 | L | “W” endorsement on Driver Accreditation. |
| 11. | Driver accreditation not current. | 1. Driver accreditation not provided. | 1 | 2 | L | Driver unable to complete application requirements. |
| 2. Driver accreditation not renewed. | 2 | 2 | M | Email reminder sent 1 month prior to expiry.
Driver agreement cancelled if not provided. |
||
| 12. | Driver fitness. | 1. Driver unable to perform work safely. | 3 | 3 | H | Driver accreditation – medical fitness.
Road Safety Act – CPV requirements.
|
| 2. Driver has alcohol in blood or breath in excess of 0.00 % for CPV requirements | 2 | 3 | M | Drug & Alcohol policy.
Driver accreditation – medical fitness. Road Safety Act – CPV requirements. |
||
| 13. | Records not maintained of all complaints as per Schedule 1 (2). | 1. Incomplete records for booked commercial passenger services. | 1 | 2 | L | Booking system records at minimum all information specified in Schedule 1. |
| 2. Records not kept for at least 3 years | 1 | 1 | L | All records are kept for at least three years. | ||
| 14. | Driver refuses to transport an accompanied service “assistance” animal. | Driver is advised that an accompanied animal is an assistance animal but refuses transport the passenger. | 2 | 3 | M | Cancellation of driver agreement.
If advised at the time by passenger, d@rt will endeavour to prioritise a replacement vehicle. |
| 15. | Driver fails to give “reasonable help” to a person to get them into and out of the vehicle. | Driver fails to give reasonable help if evident or upon request. | 2 | 3 | M | Driver instruction prior to commencement.
Follow complaints handling procedure.
|
| 16. | Passenger attempts to smoke in vehicle or has control over any lighted substance. | Passenger wishes to smoke or use any aerosol or vapor product in the vehicle. | 2 | 1 | L | “No Smoking” signage displayed in vehicles.
Smoking tobacco, e-cigarettes and other smoke or vapor products are forbidden in the Customer Terms and Conditions agreement. Driver instruction that smoking is forbidden in vehicles while in service. User banned from service. |
| 17. | Unsafe services | Services not delivered safely | Follow Safety Management System policies and procedures | |||
| 18. | Driver fatigue | Inadequate rest. | 2 | 5 | H | Fatigue management plan
Driver fatigue management education Auditing of driver work hous
|
| 19. | COVID-19 | Infectious disease | 3 | 3 | H | Follow DHHS directions.
Keep front passenger seat empty if possible. Enhanced cleaning and sanitisation. Maintain CovidSafe Plan.
|
Risk Treatments Rejected After Consideration of SFAIRP Principle
(Where a treatment is rejected including due to disproportionate cost)
| Ref. | Risk Event | Proposed Treatment considered and rejected | Reason for Rejection |
| R.1. | IT system crashes due to power failure, with temporary inability to accept new bookings.
|
No alternative to mains power.
Mitigative action taken – Identify cause and issue apology notice ASAP. |
A mains power failure is beyond the business’ ability to control. |
| R.2. | IT system crashes due to digital communication system failure.
|
No alternative suitable systems.
Mitigative action taken – All data is backed up continuously via cloud server.
|
IT systems are controlled by and dependent on Amazon, Apple, Google Android and Telstra. System outages are beyond the business’ ability to control. |
|
|
|||
|
|