KEY, SWIPE CARD AND ELECTRONIC FOB POLICY

Transcription

1 KEY, SWIPE CARD AND ELECTRONIC FOB POLICY DOCUMENT CONTROL Version: 3 Ratified by: Risk Management Group Date Ratified: 30 th April 2014 Name of originator / author: Head of Health, Safety & Security Name of responsible Risk Management Group committee/individual: Date Issued: 30 May 2014 Review Date: April 2017 Target Audience: All managers with responsibilities for the security of premises, keys, access swipe cards, access fobs or similar devices. Also all staff who use such devices should be aware of this policy. Page 1 of 13

2 CONTENTS SECTION PAGE 1. INTRODUCTION 3 2. PURPOSE 3 3. SCOPE 3 4. RESPONSIBILITIES, ACCOUNTABILITIES AND DUTIES ASSISTANT DIRECTORS AND HEAD S OF SERVICE ESTATES DEPARTMENT AND PFI MANAGEMENT PERSONNEL MANAGER HEAD OF FACILITIES TRUST SECURITY ADVISOR DOMESTIC SUPERVISORS KEY CUSTODY STAFF ALL TRUST STAFF 5 5. PROCEDURE / IMPLEMENTATION RECORDS IMPORTANT CONCEPTS TYPES OF KEY LOCATION AND CUSTODY OF KEYS CONTROL OF KEYS Location Keys Issued To Staff For Long Term Personal Use Copying Of Keys Loss Of Or Theft Of Keys COMBINATION LOCKS (BOTH DIGITAL AND MECHANICAL) ELECTRONIC KEY CUPBOARD / TRACKER SYSTEMS 9 6. TRAINING IMPLICATIONS 9 7. MONITORING ARRANGEMENTS EQUALITY IMPACT ASSESSMENT SCREENING Privacy, Dignity and Respect Mental Capacity Act LINKS TO OTHER PROCEDURAL DOCUMENTS REFERENCES APPENDICES 11 App.1 Sample Key Issue And Return Record Form 12 Page 2 of 13

3 1. INTRODUCTION The loss of a key, fob or swipe card is detrimental to the good order of the service, either denying that service until entry can be gained, or reducing security and so placing property, possessions or people at risk. The cost of replacing locks can also be a substantial drain on funds. An effective monitoring and storage system for keys will ensure that security is maintained, while allowing entry to authorised personnel and providing a backup when entry is required out of the normal working function. 1.1 DEFINITIONS Key Any device used to open or close a locking mechanism. This could be the traditional metal key, an electronic fob, proximity detector, or combination number for a key pad. Lock Any device used to secure a closure in place to prevent entry or exit. The closure could be a door, cupboard door, safe door, fridge door, desk drawer, cabinet or anything which requires access or exit limited and controlled. Key Custody Staff Staff who are responsible for the safe custody, issue and management of keys for an area. This ranges from small department to a whole hospital 2. PURPOSE The Trust has a duty to protect our service users, visitors and staff from harm, keep confidential and valuable information secure, and protect assets, property and possessions from damage and theft. An important tool in providing this protection is the control of entrances and exits. The purpose of this policy is to detail how to manage the devices which allow access to, and egress from, premises. 3. SCOPE This policy applies to any area within the Trust which has a secure entrance or exit, and that entrance or exit is secured by a locking device which has a key, swipe card, electronic fob or other device for operating the lock. It also applies to secure locations within our premises, such as safes, drug cupboards etc. Areas with different needs, such as Learning Disability Community homes, will have local procedures, these areas should include those local procedures as attachments to this policy after they are ratified. 4. RESPONSIBILITIES, ACCOUNTABILITIES AND DUTIES 4.1 ASSISTANT DIRECTORS AND HEAD S OF SERVICE Required to: Provide adequate storage, recording and management systems in place for the management of keys in line with this policy. 4.2 ESTATES DEPARTMENT AND PFI MANAGEMENT PERSONNEL Page 3 of 13

4 Required to: 4.3 MANAGER Required to: Liaise with the Security Advisor and Fire Safety Advisor before fitting new locks to a premise, to ensure that the chosen device is fit for purpose and does not interfere with the security and fire integrity of the premise. Maintain the security of premises by fitting new/replacement locks as required as soon as is practicable if there is a breach of security. Manage the security of his/her area of control, and to police the custody of keys for that area. Maintain records and key security as stated within this policy Provide suitable key cupboards for storage, and have systems in place for recording the signing out and return of keys. Provide and maintain the lists of authorised people who are able to access the keys Report and investigate all losses of keys and breaches of security. 4.4 HEAD OF FACILITIES Required to: Manage the security of keys held by the domestic services and other central areas within the Trust. Liaise with PFI bodies, if they hold keys for Trust areas, to ensure the security of keys in line with this policy. 4.5 TRUST SECURITY ADVISOR Provide advice on the type and specification of a locking device to be fitted to ensure consistency across the Trust and effectiveness of security. Provide advice on the safe storage of keys, fobs and swipe cards if requested. 4.6 DOMESTIC SUPERVISORS Required to: Issue keys and monitor returns from Domestic staff as stated within this policy. If a key drop facility is in place, the Domestic Supervisors will instruct staff under their control to use the facility correctly. 4.7 KEY CUSTODY STAFF Staff responsible for the safe keeping of keys Required to: Manage the safe storage, custody and management of keys within their designated area, or central point as instructed by their manager. Maintain records as detailed in this policy Page 4 of 13

5 4.8 ALL TRUST STAFF All Trusts staff should be aware of the importance of security of keys for all areas. They should comply with this policy, and any local security measures in place All staff should have and maintain self-awareness while using controlled access points to ensure that safety and security are not compromised 5. PROCEDURE / IMPLEMENTATION Due to the number of local differences across the Trust, it may be necessary to vary from what is detailed in this policy. Any such deviation should be with the agreement of the Security Advisor. All local agreements should be documented and added as an appendix to this policy. 5.1 RECORDS Local records of who can hold keys, who they are issued to, whether level 1 and level 2 keys can be held together and other relevant information are to be kept by the manager. 5.2 IMPORTANT CONCEPTS All Keys (whether in use, spare or master) need to be stored securely Keys need a record of who they are issued to, whether it is for short or long term use. Keys need a record of when they are returned to store Electronic fobs, their control cards and unissued fobs are classed as keys and require secure storage, issue and return Other devices which control the security of an entrance or exit require to be as secure as keys 5.3 TYPES OF KEY There are five levels of lock and key within the Trust; LEVEL ONE Keys to medically, commercially or confidentially sensitive areas, areas of higher security and dangerous areas. For example, medical records office, cashiers office, Boiler room etc LEVEL TWO Keys to medication stores, medication cupboards and medication fridges LEVEL THREE Keys to all external doors, department entrances and outbuildings LEVEL FOUR Keys to rooms within a department which are not external doors, or rooms which require a higher level of security. Keys to the Trust owned vehicles are included in this level LEVEL FIVE All other keys to cupboards, cabinets, machines, and other locks within the work area. These keys are not classed as security keys, but nonetheless require Page 5 of 13

6 careful storage as their loss will prevent access to a location, cupboard or machine. 5.4 LOCATION AND CUSTODY OF KEYS LEVEL ONE Main set to be kept in a central point, such as switchboard or reception, numbered/named and logged out and in. Only issued to specifically identified staff with permission from the relevant Assistant Director/Head of Service, or relevant Domestic Service Manager. If an emergency occurs within the area, then the duty manager can authorise entry. For departments and units which are based within the community, the central location is a suitable area within the department, such as an office, where the lockable key cupboard can be situated. Level one keys are to be kept in a lockable key cupboard, within a lockable room, both of which are to be locked when the area is vacated. The key to the room and key cupboard are to be held by a responsible person identified by the Assistant Director/Head of Service. Copies of these keys can be held by staff approved by the relevant Assistant Director/Head of Service. Copies should be held only by staff that require entry to these areas during their normal working function, or out of normal hours. See section on personally held keys. A level one key can be kept with a level two key and handed from person to person if the relevant Assistant Director/Head of Service has approved this LEVEL TWO These keys are to be held by approved persons only, and are the responsibility of that person. They are normally to be passed from person to person and not stored in a key cupboard. Level two keys are predominantly drug cupboard keys and so for further guidance refer to the Safe and Secure Handling of Medicines Policy LEVEL THREE Main sets to be held in a central location, numbered/named and logged out and in. Only issued to authorised domestic staff, security staff and other staff authorised by the relevant Manager. If an emergency occurs within the area, then the duty manager can authorise entry. For departments and units which are based within the community, the central location is a suitable area within the department, such as an office, where the lockable key cupboard can be situated. Level three keys are to be kept in a lockable key cupboard, which is to be Page 6 of 13

7 locked when the area is vacated. The key to the key cupboard is to be held by a responsible person identified by the Assistant Director/Head of Service. Copies of these keys can be held by staff authorised by the relevant Manager. Copies should be held only by staff that require entry to these areas during their normal working function, or out of normal hours. See section on personally held keys LEVEL FOUR These keys are to be held within the department in a locked key cupboard or similar secure storage. Managers are responsible for the security of these keys. Each member of staff can hold a key to their own office, and a key bunch can be created for the domestic staff if necessary. Keys for store rooms and utility rooms which have to be kept locked should be held in the key cupboard. See section on personally held keys. The key to the key cupboard should be held by a nominated member of the department, and a spare held by the Manager. Vehicle keys are kept secure by the Facilities department and the Finance Department. These departments have local arrangements for controlling these keys LEVEL FIVE These keys are to be held within the department. They will be suitably labelled and stored in the key cupboard. Access to these keys is decided by the Manager. 5.5 CONTROL OF KEYS LOCATION All keys are to kept in a secure location, all keys/bunch of keys are numbered or named for identification. No key is to be issued until the key custody staff have confirmed the identity of the person by Trust identity card or other approved method. The key custody staff should also ensure that the person is authorised to draw those keys. If they are unsure, then they should contact the relevant Manager or Duty Manager before issuing the keys. To draw the keys, the person should sign a log book with date and time of withdrawal, print their name and sign. Once the keys are returned, the date and time of return and initials/signature of the key custody staff should also be recorded. An example of a suitable key log is at Appendix 1. If suitable, a secure key drop facility may be in place for staff to drop returned keys. This facility must be designed so that keys once dropped Page 7 of 13

8 cannot be retrieved by any except the key custody staff. The key custody staff should empty the key drop facility at regular intervals (as soon as practicable) and record the return of the keys in the key log. As a minimum, once a day (more frequently if local procedures dictate) the key custody staff should check the key cupboard and register to ensure that every key is accounted for, either present in the cupboard, or signed for in the register. If the location of a key is not verified, then the key custody staff should attempt to contact the last person to have the keys. If this is not possible, then they contact the Duty manager for instructions KEYS ISSUED TO STAFF FOR LONG TERM PERSONAL USE These keys are only to be issued with the permission of the Manager. It is not normally suitable for staff to be allowed free access to areas other than their normal work area. For example mail delivery staff should not have a key simply because they deliver mail to a location. Staff from outside a work area should be treated as visitors, and request access to a closed area the same way as a visitor. A register of key holders is to be kept for the area, this register is the responsibility of the Manager. When issued keys, the person should sign for them, recording the date of issue, where the keys are for, print their name and sign. The keys now become the responsibility of the person, it is their duty to keep the keys safe and not allow them to come into the possession of anyone else. When a member of staff leaves a work area permanently then the keys must be handed back into the Manager, again being signed for. This should be part of the termination process COPYING OF KEYS No key is to be copied by anyone without the permission of the manager, or assistant director / head of service for level 1 keys. To copy a key the appropriate form (obtainable from the estates department) is to be completed by the manager. The key cutter will check that the form is correctly completed and cut the requested number of keys. Certain types of key will need to be copied by a specialist locksmith or company. This should be arranged via the use of petty cash or purchasing department LOSS OF OR THEFT OF KEYS Immediately a loss is noted, it is to be reported to the Manager, Security Adviser, key custody staff and manager of the area the key concerns. If a level one key is missing then the relevant Assistant Director is to be informed. Outside normal working hours the Duty Manager, Switchboard (for The Balby campus) and Security office (if there is one for the area) are to be informed. An IR1 report is to be complete as well as any local reporting procedures that Page 8 of 13

9 may be in place. A decision of whether to replace the locks will be made and appropriate action taken. If a level one key is missing, then a decision on what immediate security arrangements are necessary will be made. Other electronic lock opening devices may have the ability to decode a lost/stolen device, or recode all remaining devices. The decision on whether to decode or recode will be made by the relevant Manager in conjunction with the Security Adviser. 5.6 COMBINATION LOCKS (BOTH DIGITAL AND MECHANICAL) The number or entry code required to operate these locks should be seen as important as a key, and kept as secure. However, there is much more chance of such a combination entering into the wrong hands. Combinations are not to be Issued to anyone who does not regularly work within the area. Written on notices or similar to be left on view Easy to identify such as a telephone number, or familiar date etc. Combinations are to be; Changed, as a minimum, every 6 months Changed as soon as it is believed they are compromised It is recommended that combinations are changed when a member of staff leaves, or a department relocates out of that area. 5.7 ELECTRONIC KEY CUPBOARD / TRACKER SYSTEMS A variety of key control systems are available which monitor access and control withdrawal of key bunches. As a minimum, these systems must; Be located within a secure room. Keep the key bunches individually secure within a locked cabinet Be able to identify the person removing the keys, either by biometrics or password or similar Allow the removal of only one bunch of keys designated to the person removing Record the date and time of removal and the identity of the person removing Record the date and time of return Allow checking of the keys physical presence Have a power loss protocol which maintains security 6. TRAINING IMPLICATIONS There are no specific training needs in relation to this policy, but the following individual and groups need to be familiar with its contents: Assistant Directors, Head s of Services, Managers, Key Custody Staff, Key Page 9 of 13

10 holders, Domestic Supervisors, all managers with responsibilities for the security of premises, keys, access swipe cards, access fobs or similar devices. and, any other individual or group with a responsibility for, or an interest in, security. 7. MONITORING ARRANGEMENTS Area for Monitoring Centrally held Keys are secure and recording system is up to date Long term issue of keys record is up to date and all keys accounted for Methodology Who by Reported to Frequency Check that all the keys are accounted for and record system is up to date with keys issued Check records against keys issued. Check that keys issued are accounted for Key Custody Staff Exceptions reported to Service manager Service manager Exceptions reported to Assistant Director Each working day Monthly 8. EQUALITY IMPACT ASSESSMENT SCREENING The completed Equality Impact Assessment for the Key, Swipe Card and Electronic Fob Control Policy has been published on the Equality and Diversity webpage of the RDaSH Website as follows: EQUALITY AND DIVERSITY IMPACT ASSESSMENT 8.1 Privacy, Dignity and Respect The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi s review of the NHS, identifies the need to organise care around the individual, not just clinically but in terms of dignity and respect. As a consequence the Trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided). Indicate how this will be met There are no additional requirements in relation to privacy, dignity and respect Page 10 of 13

11 8.2 Mental Capacity Act Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals capacity to participate in the decision making process. Consequently, no intervention should be carried out without either the individuals informed consent, or the powers included in a legal framework, or by order of the Court Therefore, the Trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act. For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act 2005 to ensure that the interests of an individual whose capacity is in question can continue to make as many decisions for themselves as possible. Indicate How This Will Be Achieved. All individuals involved in the implementation of this policy should do so in accordance with the Guiding Principles of the Mental Capacity Act (Section 1) 9. LINKS TO OTHER PROCEDURAL DOCUMENTS This policy should be read and implemented in association with the following Trust policies: Security Policy 10. REFERENCES None 11. APPENDICES App.1 Sample Key Issue And Return Record Form Page 11 of 13

12 ROTHERHAM DONCASTER AND SOUTH HUMBER NHS FOUNDATION TRUST KEY ISSUE AND RETURN RECORD FORM FOR KEYS HELD AT (LOCATION OF KEY STORAGE) DATE KEY / BUNCH NUMBER NAME OF PERSON TAKING KEYS / BUNCH SIGNATURE OF PERSON TAKING KEYS / BUNCH TIME OUT TIME BACK CONFIRM RETURN INITIALS Page 12 of 13

13 DEFINITIONS AND NOTES DATE Date of issue of keys/bunch KEY/BUNCH NUMBER Could also be name of area if key is not numbered, it is a means of identifying the key/bunch NAME OF PERSON TAKING KEYS/BUNCH keys cannot be signed out on behalf of someone else. The person who takes the keys has responsibility for them. SIGNATURE OF PERSON TAKING BUNCH Must be signed for each time, to accept responsibility. TIME OUT Time the keys leave. TIME BACK Time the keys are returned, or the time the keys are removed from the key drop if present. CONFIRM RETURN INITIALS Initials of the key custody staff to confirm that they have custody of the keys again, and the keys are as issued. In the case of a bunch, all the keys are present. Page 13 of 13