For Australian organisations, emergency response is no longer just a telecommunications issue — it is a workplace safety, governance, and enterprise risk management obligation.
Triple Zero (000) underpins emergency response across Australia. For many years, the assumption was simple: any phone can call 000. That assumption is no longer universally true.
Network changes, the national 3G shutdown, and the ongoing circulation of grey-market and outdated mobile phones mean some devices cannot reliably access emergency services — even though users believe they can. This creates a hidden risk for BYOD policies, Work Health and Safety (WHS) compliance, and executive IT governance.
While telecommunications providers and regulators have issued awareness campaigns, employers cannot outsource their duty of care — especially once public attention fades.
The Australian Communications and Media Authority (ACMA) has been clear: not all mobile devices are suitable for use on Australian networks, particularly when it comes to emergency calling.
Grey-market phones — devices imported outside official Australian distribution channels — may:
Lack full compatibility with Australian carrier networks
Use firmware and radio configurations designed for overseas markets
Fail to meet Australian emergency-calling standards
ACMA has warned that non-compliant devices may not be able to access Triple Zero, even if they appear to function normally for calls, data, and messaging.
Australia’s 3G shutdown removed the fallback many older phones relied on to make emergency calls. As a result:
3G-only devices no longer function at all
Some early 4G devices cannot reliably place 000 calls
Phones that appear “usable” day-to-day may still fail during emergencies
This is why carriers now actively identify and restrict devices that cannot reliably access emergency services.
Many organisations operate under an unspoken belief:
“Employees carry mobile phones, so they can call 000 if needed.”
That belief is increasingly unsafe.
Most BYOD policies:
Do not define minimum device standards
Do not verify emergency-calling capability
Do not address grey-market or non-compliant phones
Implicitly rely on personal devices as safety controls
From a WHS and corporate governance perspective, this creates a serious gap between assumed protection and actual capability.
If emergency communication is assumed and fails, responsibility remains with the employer, not the carrier.
One of the most underestimated risks is the presence of old phones kept “just in case.”
These are commonly found:
In desk drawers and cupboards
In vehicles, site offices, and depots
In first-aid stations and emergency kits
Among legacy IT equipment awaiting disposal
These devices may be:
3G-only
Grey-market imports
Incompatible with current Australian emergency-calling standards
Yet in a crisis, people will reach for the nearest phone, assuming it can call 000.
If a device is kept on site, it is implicitly trusted.
If it cannot reliably access emergency services, it should not be there at all.
Some organisations attempt to manage legacy devices by informally allocating them to “safe” or “low-risk” staff — such as:
Warehouse, facilities, or field teams
Contractors and casual workers
Temporary staff and interns
Site or vehicle-based roles
This practice creates a false risk transfer.
From a WHS, governance, and legal perspective, there is no such thing as a “low-risk” employee in an emergency. If a device cannot reliably access Triple Zero, assigning it to any staff member extends — not reduces — organisational liability.
Handing down old or unverified phones:
Normalises the use of non-compliant or grey-market devices
Creates a two-tier safety model — where some staff have reliable emergency access and others do not
Undermines duty of care and WHS obligations
Weakens IT governance and audit defensibility
Increases privacy and data security exposure if devices are not properly wiped and managed
In an incident, the question will not be who the phone was given to — it will be why the organisation allowed a non-compliant device to remain in service at all.
This risk cannot be solved by awareness alone. It requires physical, auditable action.
Organisations should:
Conduct sweeps of offices, sites, vehicles, and storage areas
Retrieve and remove outdated or incompatible mobile devices
Treat legacy phones as safety hazards, not dormant assets
Securely wipe and responsibly recycle all retired devices
This is not just IT hygiene — it is risk elimination, the highest order of safety control.
When an organisation no longer requires a mobile device, a common and well-intentioned practice is to give the phone to the employee who last used it.
While this may seem efficient, it introduces hidden legal, safety, and governance risk that spans WHS, privacy, procurement, and ESG accountability.
A phone that leaves the organisation is no longer just an asset — it becomes a potential:
Emergency-calling risk if the device is outdated or non-compliant with Australian network requirements
Data protection risk if any corporate data, credentials, or application access remains
Governance and audit risk if the organisation cannot demonstrate how the asset was retired
Reputational and ESG risk if the device is later misused, resold, or disposed of improperly
If a former company device later fails to access Triple Zero — whether used by an employee or a family member — the link back to the organisation can still raise duty-of-care and brand-trust questions.
Corporate-owned mobile devices must not be gifted, sold, or informally transferred to employees, contractors, or third parties when they are retired from service.
All devices removed from operational use must be processed through an approved Mobile Device Lifecycle Management pathway, including:
Secure removal of all corporate data and credentials
Verification of emergency-calling compliance status
Certified recycling or formally authorised resale
Transfer of ownership may only occur through a documented, auditable process that preserves records for WHS, privacy, procurement, and ESG compliance.
This is where structured, enterprise-grade Mobile Device Lifecycle Management becomes critical.
The VoicePlus Atrium Platform provides an end-to-end Managed Mobility Service that helps organisations move beyond ad-hoc clean-ups to a repeatable, defensible governance process.
Key capabilities include:
Device Lifecycle Management — controlled deployment, tracking, retrieval, and retirement of mobile devices
Secure removal of corporate data — reducing information security and privacy risk
Environmentally responsible recycling and disposal programs
Full visibility and reporting — ensuring legacy devices are removed from circulation, not left in drawers or handed down informally
Integration with enterprise Telecom Expense Management (TEM) and procurement workflows — aligning safety, cost control, and compliance
By closing the loop — from procurement through to disposal — organisations reduce:
Emergency-calling risk
Data leakage and compliance risk
Environmental impact (ESG exposure)
The false confidence created by “just in case” devices
Lifecycle management turns device disposal into a safety, security, and sustainability control, not an afterthought.
Carriers and regulators have issued warnings. Media attention has followed. But:
Not everyone read or understood the messaging
New staff may never have seen it
Over time, people forget
Old devices quietly remain in circulation
Silence does not equal safety.
Organisations should explicitly communicate that:
Not all phones can call Triple Zero
Grey-market and outdated phones may fail in emergencies
Stored or personal devices must not be assumed safe
This should be embedded into:
WHS briefings and toolbox talks
BYOD and IT governance policies
Onboarding and induction programs
Executive risk and compliance reporting
This risk does not stop at the workplace.
Many households keep old phones:
In drawers “for emergencies”
As hand-me-downs for children
As backup devices in cars or bags
If a phone cannot reliably access Triple Zero, it creates false confidence.
Staff and families should:
Remove outdated or incompatible devices from the home
Use approved recycling programs
Avoid passing on phones that cannot reliably access emergency services
Triple Zero remains vital — but access to it now depends on device compatibility, not intention.
For executives, procurement leaders, WHS managers, and CIOs:
Convenience does not equal safety
Storage does not equal preparedness
Assumption is not a control
By implementing clear communication, removing legacy devices, and adopting end-to-end Managed Mobility Services through the VoicePlus Atrium Platform, organisations can eliminate hidden risk rather than leaving it to chance.
Because in an emergency, false confidence can be as dangerous as no phone at all.