If you have a copy of your organisation’s heat policy on your desk, it probably runs to a few pages. It will name a measurement tool: a Heat Stress Risk Index, a WBGT reading, an ambient threshold table. It will describe the response tiers: water breaks, mandatory shade, suspension. It will be signed off by a board, a medical advisor, or a national governing body.

Now picture a Saturday morning in February. Twelve community grounds, all running fixtures at the same time. A hundred and twenty umpires, coaches, and duty officers between them. The temperature climbs through the morning. The policy is doing nothing, not because anyone is ignoring it, but because the documented workflow to actually run it was never realistic in the first place.

This is the conversation Cracking Flags exists to have.

What the mandated process actually looks like

The Cricket Australia Community Cricket Playing in the Heat Guidelines (v4.0, September 2023) describe a typical compliance-grade heat check. Reading the document end-to-end, the workflow is:

  1. Open the Bureau of Meteorology website. Locate the weather station closest to the ground.
  2. Read four data points: air temperature in the shade, wind speed, relative humidity, and sun exposure category.
  3. Open one of two standalone Excel files hosted on play.cricket.com.au: a different file depending on whether the players are adults or under-18s.
  4. Manually enter the four data points into the spreadsheet.
  5. Read the resulting Heat Stress Risk Index value.
  6. Open the separate Cricket Australia policy document and look up what action that index value triggers.
  7. Communicate the action to the umpires and the club representatives.
  8. During any match running above HSRI 4, repeat the entire process hourly.

That’s three separate documents, manual data entry, performed field-side, on the morning of play, at every one of potentially hundreds of grade games happening simultaneously across a state.

This is not a complaint about Cricket Australia. It’s a description of what compliance, as written, requires of a volunteer or community administrator before the first ball is bowled. And it sits in the middle of the pack.

A review of more than twenty Australian sporting organisations across cricket, AFL, NRL, rugby, football, tennis, athletics, netball, hockey, triathlon, swimming, and surf life saving found that several community codes impose higher friction than cricket. NRL Community directs clubs to comply with a policy that requires a Kestrel HSI device, a piece of measurement hardware almost no community club owns. Rugby Australia points all domestic competitions to World Rugby’s heat guidelines, which require an Environmental Monitoring Unit; World Rugby purchases EMU devices for its own sanctioned competitions, not for member unions or community clubs. AFL Community’s national policy specifies no measurement tool at all and asks administrators to “regularly review BOM information” and exercise judgment.

These are not edge cases. They are the floor.

What actually happens on the field

Cricket Australia’s own policy quietly acknowledges where this lands. It contains an explicit escape clause:

If the weather data is NOT available to calculate the HSRI, the Match Officials, Tournament Organisers and Club Representatives should make a common-sense decision about the likelihood of heat stress illness.

The clause was presumably written to cover a tablet failing or a network dropping out. In practice it has become the entire workflow at almost every ground. The data has never been unavailable. It has been impractical to retrieve, enter, and interpret in the available time, by someone who is also setting up stumps and managing parents and waiting for a late umpire.

So the actual workflow on a typical match day, across most codes, is: look at the sky, feel the air, talk to the umpire, decide. The policy exists. The workflow that would let anyone actually run it does not.

This isn’t negligence on the part of clubs or umpires. It’s the predictable outcome of a process designed by people who never had to do it in the field.

Read how this plays out for a state cricket body →

Why this matters more than it used to

The gap between a documented heat policy and the workflow that runs it has been a soft fiction in Australian sport for years. Two things have made it harder to hold onto.

The first is incident exposure. The 2024 inquest into the death of Keith Titmuss — a young rugby league player who died of exertional heat stroke after a pre-season training session at Manly Sea Eagles — made formal recommendations that the NRL mandate heat-check reporting and strengthen record-keeping procedures. At the time of writing, the NRL’s response to both recommendations is publicly recorded as “awaited.” Earlier, the 2018 collapse of fifteen-year-old Torran Thomas during rugby league training in 44.4°C in Perth led to coronial recommendations about heat-illness recognition. These are the cases that sit behind every board-level conversation about duty of care.

The second is what the same landscape review found about audit. Across more than twenty Australian sporting organisations at every level — elite, community, junior, school, and the institutes of sport — not a single body mandates that routine heat-stress checks be logged or retained. The closest exception is Football SA, which requires a 48-hour post-abandonment report to the federation; that is a reactive obligation triggered only when a match is called off, not a proactive pre-match compliance record. Academic surveys going back to 2018 reach the same conclusion.

The compliance bar today, across the entire industry, is effectively “did you think about it?”, not “did you measure it, and can you prove it?”

That gap is comfortable until an incident occurs. Once an incident occurs, the absence of an audit trail becomes the centre of every subsequent conversation: with the insurer, the player’s family, the player association, the media, the coroner, and the regulator. The organisation does not need to be shown to have been reckless. It only needs to be shown to have a documented standard it cannot demonstrate it followed.

What a workable heat policy actually requires

A policy that can be followed in the field looks different to a policy on paper. It requires four things at the point of decision:

  1. One location. The person making the call is at the ground. The policy needs to talk about this ground, not a regional average from a station thirty kilometres away.
  2. One number. Pulling four BOM values into a spreadsheet to derive an index is a task; reading the index directly is a decision.
  3. The organisation’s own response. Not a generic risk reading. The wording, the tiers, the actions the organisation has signed off on, surfaced where the decision is made.
  4. A record that exists without anyone having to keep it. If keeping the record is a job, it doesn’t get done. If it’s the by-product of the decision being made, it does.

Almost nothing in the current published-workflow-plus-BOM-plus-Excel ecosystem provides any of these. The free risk-reading tools that do exist — the Sports Medicine Australia heat policy tool is the most prominent — give a competent risk number for healthy adults, which is genuinely useful as a category-of-day reading. They do not run your policy, they do not enforce your response tiers, and they keep no record of what was checked or what was said to do.

That’s the gap. It’s not a calculation gap. It’s a policy-enforcement and audit-trail gap.

What we built

Cracking Flags collapses the entire mandated workflow into a single screen. The user picks a location — saved ground, GPS, or address — and sees a live Heat Stress Risk Index value calculated from current weather conditions, paired with the organisation’s own policy response for that risk tier, in their own wording. Every check is logged automatically: location, timestamp, weather inputs, calculated risk, and the policy response that was returned.

That last point is the one most people miss on first read. The compliance record is not a feature that runs alongside the calculation; it is the by-product of the calculation having been made. The administrator never has to ask anyone to keep a record. The record exists because the work was done.

There’s an honest postscript here. Cracking Flags does not, today, automatically email pre-match heat alerts or generate packaged monthly audit reports. The data underneath both is complete; the artefacts on top will be built in response to demand. What exists today is the foundation: a queryable record of every check that was made, where, when, by what login, with what data, returning what policy response. That is the answer an incident inquiry, an insurer, or a board needs. The current BOM-spreadsheet-policy-PDF workflow with no recording requirement cannot produce that answer at all.

The honest framing

If you run a sporting organisation, the question isn’t whether your heat policy is good. The published policies in Australian sport are mostly written by serious people taking the problem seriously. The question is whether the workflow that would let your people actually follow that policy exists.

For most organisations, today, it doesn’t. The process is designed for a desk; the decision is made at a ground. The two are not going to meet without something between them.

Cracking Flags is that something. The policy is yours. The workflow is automated. The record is permanent.