Skip to main content

This guidance defines safeguarding and vulnerable people, and outlines your charity's legal obligations. It also covers some of the potential risks of working with vulnerable people, and the steps your charity should take to manage them.

There are also additional resources available, including a safeguarding assessment and checklist, as well as templates for your charity's use.


Safeguarding is protecting the welfare and human rights of people that are, in some way, connected with your charity or its work – particularly people that may be at risk of abuse, neglect or exploitation.

As such, safeguarding is part of a charity’s primary duty of care.

Vulnerable people

While all people must be protected from harm, there are additional legislative and ethical considerations for protecting vulnerable people.

Vulnerable people can include:

  • children and seniors
  • people with impaired intellectual or physical functioning
  • people from a low socio-economic background
  • people who are Aboriginal or Torres Strait Islanders
  • people who are not native speakers of the local language
  • people with low levels of literacy or education
  • people subject to modern slavery, which involves human exploitation and control, such as forced labour, debt bondage, human trafficking, and child labour.

Vulnerable people are not limited to a charity’s beneficiaries or the users of its services. They can include a charity’s staff, volunteers, and people in third parties, such as suppliers and partners.

Being able to recognise vulnerability in its various forms is important, and is the first step towards being able to protect vulnerable people.

Legal obligations

All charities registered with the ACNC must continue to be not-for-profit and pursue solely charitable purposes. They must also keep financial and operational records, and report information to the ACNC annually – including financial information.

Most charities must also comply with the ACNC Governance Standards and for charities operating overseas, the ACNC External Conduct Standards.

The Governance Standards do not refer to specific obligations for safeguarding. However, they do require charities to comply with Australian law (Governance Standard 3), and they set duties for a charity’s Responsible People (Governance Standard 5). These duties include the requirement to act with care and diligence and in the best interests of the charity.

For charities that operate overseas – including those that just send funds overseas – the External Conduct Standards have explicit requirements for protecting vulnerable people (External Conduct Standard 4).

Depending on the location and nature of your charity’s operations, there may be other state, federal or overseas legislation with which your charity must comply. You may consider getting legal advice to fully understand your charity’s legal obligations.

Risks, harms and possible consequences

Safeguarding is a priority for all charities, and your charity must be aware of the risks that come with its work, as well as any potential incidents of harm.

Incidents of harm may include:

  • sexual harassment, bullying or abuse
  • serious sexual offences, such as rape
  • threats of violence or actual violence
  • verbal, emotional or social abuse
  • cultural or identity abuse, such as racial, sexual or gender-based discrimination or hate crimes
  • coercion and exploitation
  • abuse of power.

These incidents of harm can lead to consequences, such as:

  • mental and physical health issues, or even death, for affected people
  • civil or criminal sanctions for the charity or individuals
  • community anger
  • reputational damage and negative media attention
  • disruption to services
  • decrease in team cohesion, morale and productivity
  • inability to attract staff and volunteers
  • loss of donors and access to grants.

Managing risks

While everyone involved in a charity has a role to play in protecting people, the ultimate responsibility sits with a charity’s Responsible People.

Responsible People must ensure the charity is able to identify and manage the relevant risks it faces, and do so in the context of the charity’s unique and specific circumstances.

How charities manage risks will vary significantly, but there are seven steps that every charity can take to help protect people from harm:

  • Identify and assess the risks and any legal and ethical obligations.
  • Commit to managing the risks involved when working with vulnerable people.
  • Prevent harm and mitigate risks with clear and comprehensive policies, procedures and systems.
  • Engage people, including those from third parties, to help manage risks by adhering to those policies, procedures and systems.
  • Detect changes in risks, instances of harm and of non-compliance with obligations.
  • Take action when concerns, suspicion or complaints arise.
  • Assure the charity’s board that risks are being managed.

Your charity may find it helpful to set out these steps, and the actions it will take under each, in a formal action plan. That way, it can keep track of what it is doing, when action is being taken, and who is responsible.

Safeguarding is a serious matter, and it is important that your charity’s staff and volunteers have the appropriate skills and experience to carry out the action in each of the steps.

If they do not, seek outside help. Not doing things properly can lead to more harm.

The three important actions in this step are to:

  • understand your charity’s risks
  • understand your charity’s obligations
  • determine the policies, procedures and systems your charity needs in order to manage those risks and obligations.

Risk assessment

A risk assessment will help your charity identify the risks that come with its work with people, prioritise each risk according to its likelihood and consequences, and identify the policies, procedures and systems that will deal with the risks.

You can conduct risk assessments for the whole organisation, for a department, or even for specific processes, programs or projects. Risk assessments do not have to be complex and bureaucratic. A simple and methodical approach is best.

When conducting a risk assessment, you should:

  • think broadly about all the people your charity affects – what forms of abuse, exploitation or coercion could happen to them, and who might be responsible for them?
  • consider all activities, including those in your charity’s supply chain or of partners and subcontractors – what could go on just beyond your charity’s view?
  • think about the likelihood of your charity’s resources being affected by these risks – how common are incidents like these?
  • consider the consequences of an incident – in particular, the effects on the victim, your charity’s beneficiaries, its reputation, financial position, partners, and the staff morale.
  • seek out information to understand the risks – consult widely, for example through meetings, workshops and surveys, and identify information sources such as previous incidents, reports, events in other organisations, and media reports.

Remember that safeguarding can be confronting, and people may struggle to talk about it – particularly if they have had a traumatic experience. When consulting people about safeguarding, be sensitive to their experiences and approach the topic with care.

It is important that your charity knows its legal obligations. Keeping a register that lists the national, state and international legislation that affects your charity’s work can help.

This register should:

  • identify the jurisdiction and source of the obligation
  • provide a short summary of the obligation
  • record what your charity does to ensure that it complies with the obligation.

Review the obligations regularly to ensure the register is up to date.

Your charity can also use the register to record and monitor other external obligations – such as government policies or professional standards or codes of practices – that may apply.

When your charity has considered its risks and its obligations, it can evaluate whether it has the right policies, procedures and systems to manage them.

Committing to protecting people from harm means:

  • having a clear and accessible safeguarding policy
  • allocating adequate resources, leadership and authority to manage the risks
  • ensuring everyone in your charity shares the commitment.

A policy that outlines your charity’s approach to safeguarding is an important document. This document should:

  • reference your charity’s legal obligations
  • outline the risks that have been identified
  • define key terms (for example, ‘safeguarding’ and ‘vulnerable person’)
  • clearly state your charity’s expectations of staff, volunteers and partners
  • outline your charity’s processes for managing risks
  • identify who is responsible for managing safeguarding
  • clearly define the roles and responsibilities of people involved in safeguarding
  • extend obligations to your charity’s partners and contractors
  • contain supporting resources, such as an incident response plan or an employee vetting document
  • be endorsed by your charity’s board.

Your charity can use our template safeguarding policy as a starting point.

Everyone in your charity should have access to the policy. It is also a good idea to also make it publicly available.

It is important that safeguarding is given appropriate resources and is supported by your charity’s leaders.

Ensure those resources are proportionate to your charity’s work, its risks and its funding. It can be helpful to use the risk assessment, and the priorities that came out of it, to decide where to focus resources.

Ensure your charity's leaders support the safeguarding approach and take it seriously. Have a senior person take responsibility for safeguarding and make sure it features regularly in board meetings.

Internal controls are policies, procedures and systems that can reduce the likelihood and consequences of incidents. It is important that these internal controls are appropriate for your charity and address its specific risks.

Examples of procedures and systems include:

  • due diligence – the research, background checks and preparation that your charity does to minimise the possibility of doing harm to people
  • segregating duties and providing supervision – policies or procedures that ensure the responsibility for high-risk situations is shared by more than one person
  • managing third parties – third parties are people or organisations that your charity works with, and managing them includes ensuring they are capable of, and committed to, protecting people in their work. Written agreements, contracts or memoranda of understanding are useful ways to do this.

Engaging everybody involved in your charity and its work means communicating the charity's expectations, raising awareness of the issue and building a positive culture of protecting people.

Your charity may communicate its expectations and raise awareness of the issue through formal channels such as policies, procedures and training resources, or less formal methods such as email updates, newsletters and staff meetings.

To help develop and maintain a culture that values safeguarding consider these questions:

  • Are your charity’s values expressed in a code of conduct and do these values support safeguarding?
  • Has your charity considered the kind of culture it wants?
  • Does your charity's leadership embody the desired culture, and do their words and actions encourage others to be part of it?
  • How do attitudes and events in your charity compare with the culture it wants to develop?

It is important to detect incidents of harm, but it is also important to detect moments of non-compliance with commitments and indicators that risks might be changing.

To detect an incident of harm effectively, ensure that:

  • staff, volunteers and third parties report any concerns they have, including the option to do so confidentially
  • there are ways for people to provide feedback, raise grievances and report suspected or actual incidents of harm
  • people who report concerns or incidents of harm are protected
  • there is guidance for managers and staff on detecting incidents – what kinds of situations have risks of abuse, neglect and exploitation?
  • there is a supportive culture that encourages staff and volunteers to speak up – perhaps a whistleblower policy may be appropriate
  • there is a clear and transparent system for investigating and responding to concerns.

Examples of ways your charity can do this include:

  • training on safeguarding for new staff and volunteers
  • having clearly defined reporting procedures in its policy
  • providing staff and volunteers with simple guidance on 'red flags' that might indicate incidents of harm
  • a communication campaign that shows volunteers, staff and beneficiaries that it is safe to make reports
  • an e-mail address, contact number or other way through which people can make anonymous disclosures.

In the event of a suspected incident, your charity needs act promptly to understand what might have happened, the risks that might exist, and how to protect the people affected.

To effectively respond to a suspected incident, it is helpful to be able to follow a response plan. This plan will help your charity manage the suspected incident and the risks involved. A response plan should:

  • clearly assign roles and responsibilities for responding to the incident (with major roles and responsibilities reserved for people with appropriate training, skills and experience)
  • set out what is required at each stage of the response
  • include an internal investigation to understand what may have happened
  • provide guidance for when matters should be reported to an external party, for example, the police, the ACNC or a partner or donor agency
  • include a step focused on development and learning lessons.

Your charity can use our template incident response plan as a starting point.

Carefully consider the risks before beginning an internal investigation into a matter. Some incidents may be beyond your charity’s ability to investigate effectively, meaning you may need external help.

Some incidents may be so serious that your charity will need to refer them to the police.

Your charity’s board needs to make sure that there are regular reviews of safeguarding policies, procedures and systems.

Review them at least annually and after any incident. Consider, for example, the following questions:

  • Are they up to date, reflecting the current working environment and legislation or regulation?
  • Do they reflect the current risks for your charity’s work?
  • Do staff, volunteers and third parties follow the policies, procedures and systems properly?
  • Do the policies and procedures work?
  • What feedback has your charity received about its policies, procedures and systems?
  • What improvements could be made?

Safeguarding resources

After reading this guide, you can check your understanding by taking our safeguarding assessment. We also have a checklist that your charity can use to ensure it has policies and procedures in place to safeguard vulnerable people.

You do not need to submit the assessment or checklist to the ACNC – they are optional resources designed to help you measure your understanding of safeguarding, and to identify areas for further training or improvement.

We also have a safeguarding policy template and an incident response plan template that your charity can use as a guide.

Was this page useful?
Why not?