Business Operations

QAL has a well-developed, fit for purpose Governance Framework consisting of an appropriate structure, reporting lines, systems, and processes which include assurance so as to ensure that our internal governance standards are met, our objectives are achieved, risks are identified and managed, and that mandated regulatory standards are met or exceeded. QAL utilises strategic level internal controls which apply across all airports, with operational level internal controls, as appropriate and required, for each airport and business unit.  

 

Airport operations staff walking on the tarmac near a utility vehicle and aircraft, representing roles requiring ASIC accreditation.

On this page

Governance Policies and Controls

The Framework utilises a ‘three lines of defense’ model which supports effective governance throughout the tiers of the organisation. A comprehensive suite of control documents is in place to guide our activities and ensure good governance is embedded throughout. These include: 

  • Board & Sub Committee Charters 
  • Health Safety & Wellbeing Policy 
  • Risk Management Framework 
  • Delegations Policy 
  • Incident Reporting and Escalation 
  • Code of Conduct 
  • Fraud and Corruption Control Framework 
  • Whistleblower Framework 
  • Modern Slavery Framework 

Modern Slavery

QAL has undertaken a strategic risk assessment in relation to modern slavery risks and has controls in place to manage the same. In addition to this, QAL assesses any direct operational risks of modern slavery during our usual due diligence processes and approvals. Our reviews consider geographic, sector and product risks in addition to assessing the entity supplying the product or service. Risk Management activities are conducted in accordance with QAL’s Risk Management Framework (aligned with ISO 31000:2018), with specific application to the external and internal modern slavery context and factors.

QAL acknowledges that visibility and understanding of modern slavery risk is developing and improving. Where appropriate, QAL currently utilises open-source data to assist with assessing the risk from modern slavery. QAL continues to develop a clearer and deeper understanding of the materiality of any potential vulnerabilities or risks and just as importantly, the manner in which QAL could potentially cause, contribute or be in some way unknowingly linked to modern slavery. 

Read our Modern Slavery Statement here.

Cyber Security

Cyber security is an important focus area for QAL. We are continuing to uplift our cyber security maturity and dynamically manage the controls we have in place. Our cyber security risk management approach includes: 

  • Adoption of ACSC Essential Eight and the NIST Cyber Security Framework 
  • Vendor Risk Assessment processes in service delivery contracts  
  • Engaging and topical content for all employees and contract staff, delivered through a leading cyber security training and awareness platform  
  • Regular phishing campaigns, with the campaign learnings reflected in training programs 
  • Strong relationships with government bodies in aviation, physical and cyber security and active involvement with industry bodies and threat intelligence groups 
  • Independent review of Cyber Security Strategy to ensure appropriateness.  
aboriginal-flag Acknowledgement of Country

Queensland Airports Limited (QAL), respectfully acknowledge the Traditional Custodians of the cultural landscapes upon which we operate, being the Bundjalung and Yugambeh peoples at Gold Coast Airport; Gurambilbarra Wulgurukaba people at Townsville Airport; Kalkadoon people at Mount Isa Airport and the Traditional Custodians at Longreach Airport.

QAL recognise their continued connections to the lands, seas and skies upon which our airports operate within and across and pay our respect to their Elders past, present and emerging.

QAL also acknowledge all other Aboriginal and Torres Strait Islander peoples.