TRUST SECURITY MANAGEMENT POLICY

Transcription

1 TRUST SECURITY MANAGEMENT POLICY EXECUTIVE SUMMARY The Board recognises that security management is an integral part of good, effective and efficient risk management practise and to be effective should become part of the Trust s culture and strategic direction. The Board is, therefore committed to ensuring that security management forms an integral part of its philosophy, practises and business plans rather than being viewed or practised as a separate programme and that responsibility for implementation is accepted at all levels of the organisation The Board acknowledges that the provison of appropriate training is central to the achievement of this aim. Category: Lead Director: Issue Date: Nov 05 Approved by Trust Board: Policy Julia Buckley Corporate Affairs Director Review Due: Nov 06 Author/Contact: Simon Whitehorn Local Security Management Specialist Review date: December 2006 Page 1 of 11

2 CONTENTS Page 1.0 Introduction Aim Definitions Philosophy of Security Management Corporate and Individual Responsibilities Identification of Security Risks and Reporting Arrangements Communication and Consultation Approval and Review Mechanism 7 Appendices:- Appendix 1 Appendix 2 Appendix 3 Terms of Reference for Security Committee Related Documents and References Management of Security and Reporting Routes Review date: December 2006 Page 2 of 11

3 1. INTRODUCTION The NHS Counter Fraud and Security Management Service (CFSMS) document A Professional Approach to Managing Security in the NHS details how the NHS will provide the best possible protection for its patients, staff, professionals and property. It outlines the legal requirements that apply to all NHS bodies and is intended to provide common goals and a clear business process to achieve them. Whilst it is recognised that all members of staff within The Shrewsbury and Telford NHS Trust are responsible for security (at a level appropriate to their role); responsibility for the effectiveness of organisational systems of security management rests unequivocally with the Board. Successful, cost effective security is a risk management process that identifies risks and implements effective mitigation of those risks. The Trust acknowledges its moral and legal responsibility to ensure that staff are, as far as is practicable, protected from and able to deal with security incidents and are supported in the period following any such incident. The Trust recognises the potential effects of security incidents on the morale and efficiency of staff and that the public image and efficiency of the organisation may be affected by the occurrence of incidents. 2. AIM The aim of this Policy is to create a robust structure, systems and processes that will enable the effective management of security risks to staff, patients, visitors, the organisation and also to stakeholders and other third party interests, by promoting consistency across the Trust. The policy is aimed at creating a deep awareness and responsibility for the assessment and management of security risks at all levels in the organisation through individual practises and in management arrangements. The policy will support the requirements of the Secretary of State Directions to NHS Bodies on Security Management Measures 2004; Directions on work to tackle violence against staff and professionals who work in or provide services to the NHS, and other Statutory duties and requirements placed on the Trust and its Officers. The policy encompasses existing practices and seeks to provide an effective means of integrating security management within the management structure and reporting routines of the Trust. It outlines the minimum management requirements and allows respective line managers freedom to maintain a secure working environment by the most cost-effective means. The policy supports the intention to progress towards achieving Secured by Design status for the Trust. 3. DEFINITIONS There are a wide range of meanings for the word security incuding The protection of assets of all kinds against loss from theft, fire, fraud, criminal acts or other injurious sources Wilson and Brooksbank The Trust categorises risk as Review date: December 2006 Page 3 of 11

4 anything which prevents The Shrewsbury and Telford NHS Trust from achieving its objectives. Trust Risk Management Strategy April A key role of Security Management in the NHS is defined as to ensure that patients can enjoy their rights to healthcare whilst living up to their responsibility to respect and value a service they rely on. A Professional Approach to Managing Security in the NHS NHS CFSMS PHILOSOPHY OF SECURITY MANAGEMENT As a risk based discipline, security management should be an explicit process in every activity of the Trust that its employees take part in, from business planning to the delivery of care to an individual patient. The Trust is required to manage all of its risks including security related risks in such a way that people are not harmed and losses are minimised to the lowest acceptable level that is reasonably practicable. Security is no different to any other activity undertaken by the Trust or its staff and as such the requirements of the Trust Risk Management Strategy are to be followed when dealing with security related risks. This includes the requirement to communicate risks up through the Trust management Structure. 5 CORPORATE AND INDIVIDUAL RESPONSIBILITIES Chief Executive The Chief Executive has the overall stautory responsibility for security management within the trust. Trust Board Board members are encouraged to promote a pro security culture within the trust where the responsibility for security is accepted by all and the actions of a minority who breach security are not tolerated. Corporate Affairs Director As the board member responsible for security the Corporate Affairs Director has specific responsibilities to ensure that security arrangements are adequate in accordance with the assessed risk. Additionally the Corporate Affairs Director is to ensure compliance with the the Secretary of State Directions on tackling violence against staff and professionals who work in, or who provide services to, the NHS. For convenience these will be referred to as the Directions. Non Executive Director The Trust Board have appointed a Non Executive Director to provide advice and guidance on security matters. Heads of Service and Divisional Managers Maintaining a safe and secure environment is a line management function. However this is reinforced by the support of the Security Manager and Security Committee. Heads of Service and Divisional Managers are to: Review date: December 2006 Page 4 of 11

5 Engage with the Security Manager to identify, categorise and resolve security risks within their areas. Security risks are, where appropriate, to be reflected in the Divisional or Trust Risk Register as appropriate. Ensure a regular series of local checks are maintained and corrective actions initiated against any shortfall. The frequency of such checks is determined locally and is dependent on Divisional activities and risks. Produce and maintain a Divisional/Directorate Security plan. Ensure divisional compliance with security related policies and procedures. Demonstrate and promote a pro-security culture across their area of responsibility. Ensure that all security incidents, are reported in accordance with the Trust Incident Reporting Policy. Additionally each Divisional/Directorate Manager is encouraged to appoint a member of staff to act as a Link Worker for Security related matters within each area by attending meetings of the Security Committee. Department and Ward Managers Maintaining a safe and secure environment is a line management function reinforced by the support of the Security Manager and Security Committee. Department and Ward Managers are to: Engage with the Security Manager to identify, categorise and resolve security risks within their areas. Security risks are, where appropriate, to be reflected in the Department, Divisional or Trust Risk Register as appropriate. Ensure ward or department compliance with security related policies and procedures. Support the Security Committee by maximising the availability of staff to attend. Demonstrate and promote a pro-security culture across their department or ward. In office areas a member of staff should be responsible for end of day security, ensuring doors and windows are closed and locked. The manager responsible for the area is to ensure that cease work protocols are sufficient to maintain a secure environment. Ensure that all security incidents, are reported in accordance with the Trust Incident Reporting Policy. Security Manager The Security Manager is responsible for the routine management of security issues; with the exception of Information Systems security, (responsibility for which rests with the IT Dept). The Security Manager is operationally responsible to the Head of Estates and Facilities exercising specific responsibilities on behalf of the Corporate Affairs Director. The Security Manager is responsible for ensuring that the Trust Board and Heads of Directorates are regularly briefed on all security related issues that may affect the Trust. He is to ensure that relevant security information is promulgated to all staff and contractors as appropriate. He is to provide Crime Prevention advice as required and act as the focal point for contact with external agencies with security responsibilities affecting the Trust. The Security Manager is to undertake the role of the Local Security Management Specialist (LSMS) as set out in the directions to NHS Bodies on Security Management Measures issued in 2004; and any other duties, as may be defined in his terms and conditions. In summary the requirements of an NHS LSMS are to : Report and where applicable investigate, incidents of violence and aggression towards Trust Staff Undertake any training as required by the CFSMS. Complete a written work plan for each Financial Year in conjunction with the Corporate Affairs Director. Review date: December 2006 Page 5 of 11

6 Complete a written report at least once in each financial year summarising the LSMS s work for that year. Submit copies of both documents detailed above to the CFSMS. Attend the Trust s Risk Management and Audit Committee meetings as required. Keep full and accurate records of any breaches or suspected breaches of security. Report to the CFSMS any weaknesses in security related systems of the trust or other matters which he considers have implications for security management in the NHS. The Security Manager is to conduct as required an annual programme of security meetings, exercises, audits and inspections. Access to the results of security audits and inspections are restricted to designated personnel. The Security Manager is to convene a meeting of the Security Link Workers at least quarterly. The Security Manager is to ensure that standards relevant to any Security related contracts as may be issued are monitored and reported on. The Security Manager is responsible for ensuring all staff employed or provided under contract, that may be called upon to carry out security related roles are competent and where applicable licensed, to carry out their assigned tasks. In addition the Security Manager is to encourage a pro security culture within the trust where the responsibility for security is accepted by all and the actions of a minority who breach security are not tolerated. Security Committee In order to facilitate the requirements of this policy a Security committee is to be established which will co-ordinate the implementation of the Security management agenda within the Trust Terms of reference and membership of the Trust Security committee are at Appendix B Departmental Security Link Workers Link workers within each area are to act as a focal point for security related matters within their area. They are to support their line manager by Demonstrating and promoting a pro-security culture across their department or ward. Ensure ward or department compliance with security related policies and procedures. Ensure that all security incidents, are reported in accordance with the Trust Incident Reporting Policy. Highlight security issues that they are aware of to their Line manager and where these issues may impact on other wards or departments raise these issues at Security Link Worker Forums. Staff All Staff have a personal responsibility for security. This includes maintaining the confidentiality of security issues within the Trust, ie security codes and procedures and the locations of valuable and attractive property Staff are to comply with all relevant security instructions and are encouraged to report any security concerns to their line manager or the Security Manager. All security incidents are to be reported to the Security Manager in accordance with the Trust Incident Reporting Policy. Review date: December 2006 Page 6 of 11

7 Staff are to inform the Security manager of any official contact they might have with the Police or other external agency with a security responsibility, where such contact is related to or might impact on any Trust activity. 6 IDENTIFICATION OF SECURITY RISKS AND REPORTING ARRANGEMENTS The identification and management of risk is the responsibility of relevant managers. Security risks may become apparent through a number of routes: Following an audit or inspection. This may be conducted internally or by an external agency such as the Health and Safety Executive or Police. Following an incident or occurrence. Following a report from a member of staff, patient or member of the public. Once a potential risk has been identified it should be reported, assessed and managed in the manner described in the following paragraph. The internal reporting of security risks, incidents or near misses should be in accordance with the Trust Risk Management Strategy or Trust Incident Reporting Policy as appropriate. There are specific reporting requirements relating to the reporting of incidents of Physical Assault on staff and further detailed instructions are set out in the Trust Violence and Aggression Policy. 7 COMMUNICATION AND CONSULTATION Managers are responsible for communicating the and associated documents to their staff. The Policy may also be made available on noticeboards in order that Trust stakeholders are able to access it. The Security Committee will be the focus for communicating and consulting on security issues and policies. Security Link Worker Forums will be held regularly to allow communication of security issues. There is a need to communicate certain information externally, e.g crime reporting to the Police and details of Physical Assaults on staff to the NHS CFSMS. The Trust communicates its Strategy and Annual Report to external stakeholders and this may include information relating to Security management. Additionally the Trust is required to comply with the Freedom of Information Act. 8 APPROVAL AND REVIEW MECHANISMS The policy has been developed in the light of currently available information, guidance and legislation that may be subject to review. The Security Committee will review this policy annually and any recommendations for change will be submitted to the Trust Board. Review date: December 2006 Page 7 of 11

8 Appendix 1 Terms of Reference and Membership Security Committee Terms of Reference To co-ordinate the implementation of Security management agenda within the Trust in line with directions provided by the Board. To establish and maintain an effective system of security management. To review the adequacy of: The structures, processes and responsibilities for identifying and managing key security risks facing the organisation; The policies for ensuring that there is compliance with relevant regulatory, legal and code of conduct requirements as set out in relevant guidance; The operational effectiveness of policies and procedures; The policies and procedures for all work related to security as set out in Secretary of State Directions and as required by the Directorate of Counter Fraud and Security Management Services. To support and encourage line managers across the Trust in the evaluation and management of security risks in a co-ordinated and cost-effective manner. The committee will meet quarterly and it minutes shall be submitted to the Executive and Non Executive Directors with security reponsibilities and any other parties as identified. The committee is authorised by the Board to obtain outside legal or other independent professional advice and to secure the attendance of representatives from external agencies with relevant experience and expertise if it considers this necessary. Meetings will be held in closed session as publicity relating to discussions on security matters may be deemed to be prejudicial to the public interest. Corporate Affairs Director Non Executive Director (Security) Security Manager Divisional Managers or Deputies Clinical Site Managers Representative Trust Health and Safety Advisor IT Dept representative Staff Side Representative Membership Review date: December 2006 Page 8 of 11

9 Appendix 2 RELATED DOCUMENTS AND REFERENCES To be reviewed/updated: Trust Violence and Aggression Policy Information Systems Security Policy To be completed: CCTV Policy. Security Awareness Policy Missing patient Procedure. Asset Security. Security of Radiological and Biohazardous Material. Bomb Threat Instructions Cash Security Security Team Instructions References 1 Security Manual, 7 th Ed, Wilson J, and Brooksbank D, 1999, Gower Publishing, Aldershot. 2 Trust Risk Management Strategy 3 A Professional Approach to Managing Security in the NHS, (NHS CFSMS 2003.) Review date: December 2006 Page 9 of 11

10 MANAGEMENT OF SECURITY & REPORTING ROUTES APPENDIX 3 TRUST BOARD Strategic Governance Committee Capital Planning Group Operational Governance Group Director with responsibility for Security Corporate Affairs Director Local Security Management Specialist Trust Security Manager Risk Register Group DIRECTORATE & DIVISIONAL RISK REGISTER Violence & Aggression Trainers Trust Security Committee DIVISIONS; DIRECTORATES; & ALL DEPARTMENTS INCIDENT & ACCIDENT REPORTING SYSTEM (Datix) Police Security Team TRUST CLINICAL SITE MANAGER ALL HOSPITAL STAFF SECURITY INCIDENT Security / Health & Safety Administration

11