Serious-incident reporting & escalation
Assesses whether the organization has a clear, documented process for identifying, reporting, and escalating serious incidents to the board and all relevant regulatory bodies in a timely manner. The organization must maintain an ‘Applicable Regulators Matrix’ mapping its activities (e.g., children’s work, healthcare, housing, overseas operations) to relevant notification regimes (e.g., Charity Commission/OSCR/CCNI, ICO, HSE/RIDDOR, LADO/police, OfS, CQC/Ofsted/RSH, HMRC, Fundraising Regulator) to ensure precise compliance.
| Metric | Incident reporting and policy compliance |
|---|---|
| Target | ≥95% internal ≤24h; 100% external on time; ≥95% training; ≥90% PIR ≤30 days; quarterly board review. |
| Frequency | Quarterly |
| Method | Monitor median and 95th-percentile time to internal notification; % regulator filings on time; training coverage; % PIR completed ≤30 days. |
| Unit | Percentages and time (hours) |
Level 1: Initial/Ad-hoc
No formal process for reporting or escalating serious incidents exists. Issues are handled in an ad-hoc, reactive manner, if at all.
Level 2: Developing
An informal or inconsistent process for reporting serious incidents exists. There is some awareness of the need to report, but no documented policy, clear timelines, or defined responsibilities.
Level 3: Established
A formal, documented Serious Incident Reporting policy and procedure is in place. It defines what constitutes a serious incident, outlines the reporting process, and assigns roles and responsibilities. The policy has been communicated to relevant staff and volunteers.
Level 4: Advanced
The Serious Incident Reporting process is consistently implemented and monitored. Board receives at least biannual assurance reports including timeliness metrics and sample file reviews. Staff and volunteers receive regular training on the policy.
Level 5: Optimizing
The incident reporting process is fully integrated with risk management. Annual tabletop exercises and independent assurance (every 2-3 years) are evidenced. Lessons learned drive measurable reductions in repeat incidents.
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | partial | Formal matrix and deputy leads are disproportionate; requires only basic awareness of Charity Commission reporting requirements. |
| Small | partial | Scaled down to a basic policy and single lead; complex regulator matrix and strict 24h internal protocols may be disproportionate. |
| Medium | partial | Requires a formal policy and lead, but a dedicated deputy and complex matrix may be scaled down depending on their regulatory footprint. |
| Large | full | |
| Major | full |
Applicable When
- Organization has staff, volunteers, beneficiaries, or other stakeholders and operations that carry a risk of serious incidents.
- The organization is subject to regulations or laws requiring incident reporting (e.g. charities legislation).
Not Applicable When
- The organization is legally dormant, with no active operations, staff, or financial transactions.
- The organization is an unincorporated, informal group not subject to any legal or regulatory framework that mandates formal incident reporting to an external body.
- The organization is a non-operational holding entity whose sole purpose is to hold an asset (e.g., a property title, a trademark) on behalf of another entity, and it has no staff, volunteers, or interaction with beneficiaries.
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.