Security Services Policy and Procedures

Transcription

1 and Procedures January 2011

2 Contents Heading Page Policy Policy Statement: 3 Procedures Aims and objectives: 3 Responsibilities: 4 Introduction: 6 Security Service management remit: 6 Overall aims of the policy: 6 Implementation of the policy: 7 Managing security in the university: 8 Responsibilities for heads of departments and faculties: 10 Information for students and others with access to buildings: 10 Security management initiatives: 11 Protecting property assets: 11 Professional and ethical framework: 12 Specific areas of action: 12 Personal security: 13 Right of search: 14 Drugs and illegal substances: 14 The ten principles for risk analysis: 14 Property marking and security of equipment: 15 Monitoring and review: 16 Appendix A: Action Plan 17

3 Policy Statement The University will endeavour to ensure, as far as is reasonably practicable, the personal safety and security of all students, staff and visitors at all University campuses and University controlled buildings. The Facilities Management Directorate is responsible for the effective operation and enforcement of the Security Policy and Procedures. Students, staff and visitors to the campus must also take responsibility for their security and personal safety. In particular, students, staff, visitors and contractors should assist the Security Service to ensure the success of the Policy. Whilst minor breaches of the Policy may be dealt with informally, serious or repeated breaches will invoke disciplinary action. Policy Aims The University will: Provide and promote, as far as reasonably possible, a safe and secure environment for all users Make reasonable efforts to protect its property Encourage all users to promote a secure environment through their own conduct Provide an agreed level of response against criminal activity affecting the University Attempt to monitor authorised access and prevent unauthorised access to university property Security Section Aims The University Security Services will: Establish a realistic level of risk on campus Outline procedures to deal with reports of crime, threats and damage Identify trends and react quickly to remove or reduce risk Raise security awareness in the University community without engendering fear Key Objectives a) Ensuring the safety and security of staff, students and visitors b) Protecting the property and assets of the university c) The prevention, investigation and detection of crime d) Reducing the incidence of reported crime e) The apprehension and prosecution of offenders by the police. University of Reading January 2011 Page 3 of 17

4 Procedures Organisation and Responsibilities: Governing Body The Governing Body has overall responsibility for the security of the University. Vice Chancellor The Vice Chancellor is responsible on behalf of the Governing Body for ensuring that the responsibilities of the University are fulfilled. Senior Managers (Heads of Schools, Heads of Directorate and other university department heads) Senior Managers are responsible for security matters in the areas for which they are accountable. This includes: Ensuring they are familiar with the contents of the Security Policy Maintaining an asset register (as per the University s financial regulations) Undertaking security risk assessments for their area of responsibility Ensure all members of staff or students within their area of responsibility understand and exercise their security responsibilities. It is recognised that senior managers may wish to delegate responsibility for the routine involved in these tasks to a nominated individual in their area, but the overall responsibility for security matters will remain with them. Staff Every member of staff has a responsibility to: Work with due regard to the security of themselves and others, including other staff, students and members of the public Ensure that the security of any University property they may use has been considered and that appropriate measures are in place to prevent its loss or damage. Ensure that the area in which they work is properly secure at the end of the working day. Report any suspicious activity to the security department Comply with the University s security policy Students Every student has a responsibility to: Use University premises, including residences where appropriate, with due regard to the security of themselves and others, including other staff, students and members of the public Report any suspicious activity to the security department Comply with the University s security policy University of Reading January 2011 Page 4 of 17

5 Visitors (including commercial guests) Visitors, whilst on University premises, using its facilities or taking part in activities must comply with the University s security policy. Special Responsibilities: Director of Estates and Facilities Management The Director has overall responsibility for Development and implementation of the University security policy Ensuring the integration of the security policy with other University policies and procedures Head of Campus Services The Head of Campus Services has responsibility for: Development, implementation and monitoring of security related policies and procedures Security Services Manager The Security Services Manager has responsibility for: Day to day management of security Control of keys and access cards Control of CCTV usage and associated data protection requirements. The supervision of security officers Senior Security Team Leader The Senior Security Team Leader, in cooperation with the Security Services Manager, has responsibility for: The control of the day-to day delivery of an efficient and effective security service to the University of Reading, the supervision of security officers matters relating to the administration of the service the provision of security hardware including keys, access control, CCTV and intruder and fire alarm installations. Security Operatives The security operatives have responsibility for the security duties as outlined in the relevant assignment instructions. These include: University of Reading January 2011 Page 5 of 17

6 Monitoring of CCTV cameras External patrols of all sites Locking and unlocking of buildings Monitoring of car parks Monitoring of alarms Introduction The university s Security Services Manager, in conjunction with their team, proposes to maintain the present low crime rate, and where possible reduce this crime rate within the University of Reading by introducing a fully integrated strategy with the aim of ensuring a secure and safe environment for all who study, work, undertake research or visit any of its premises. This strategy comprises a twofold initiative. a. Security is provided 24 hours per day, 365 days per year and all students, staff and visitors are asked to participate by reporting crime or disruptive behaviour immediately, in person or by telephone (extension 7799, or 6300 in an emergency), and to follow the guidelines laid down regarding access to buildings and the protection of equipment, whether it is university owned or personal property. b. The security team works closely with Thames Valley Police. Together we can give comprehensive protection to our people, property and assets, providing we receive prompt and accurate information and the directions listed in this document are followed at all times. 1. Security services management remit 1.1 The Security Services Manager will determine policy, operational guidance and the standards necessary to achieve the objective of providing a secure environment for the university. The security team will work to raise standards and professionalism within the service being delivered. Security within departments and faculties will remain the responsibility of the individual departments and faculty but specific advice will be provided by the Security Services Manager. 1.2 The security team approach will be inclusive and place great value on involving stakeholders, both from within and outside the university, in the development of security management within the university. 1.3 The approach is comprehensive, in that it will include the setting of standards and implementation of policy as well as supporting staff performing security-related work. 1.4 The Security Services Manager and the security team are therefore charged with tackling security-related issues throughout the entire university. 2. Overall aims of the policy 2.1 The delivery of an integrated strategy in all areas of the university to provide a secure environment for those who use, study or work in the university, ensuring the provision of the highest possible standard of education. University of Reading January 2011 Page 6 of 17

7 2.2 Adopting the areas of specific action (see section 14) to ensure that a clearly defined security strategy is delivered. 2.3 Through its approach and the application of the business process, the security team aims to address these issues; encouraging good practice and experience to increase the university s capacity to tackle specific security management problems. 2.4 Where there are specific problems, the security team will seek to identify their nature and scale; the essential first step to providing a solution. In respect of incidents of crime, we have established an effective incident reporting system to provide accurate quantitative information and collate data about trends in crime. 2.5 As problems are identified and risks assessed, appropriate solutions will be developed. This process will allow progress to be measured and evaluated to ensure that solutions have the intended impact. 3. Implementation of the policy 3.1 The security team will apply a clear business process model in respect of university security management. The key elements are: Identifying problems by analysis of trends and risks. Working within a clear strategic framework to establish a common language of aims, objectives and methodologies. Creating a strong, flexible working structure to focus collective and professional expertise on the issues to be addressed. Using the structure to take a range of actions in respect of each specific area where security needs to be strengthened. Continually reviewing policies and procedures to learn from operational experience to minimise risks and prevent future security related incidents. 3.2 The various elements of the process and the range of actions, both generic and specific, link together and support each other; a comprehensive approach integrating both policy and operational work to provide a seamless service. University of Reading January 2011 Page 7 of 17

8 3.3 This is shown diagrammatically as follows: Managing security in the university Identify the problem Assess the risk Comprehensive risk assessment(s) Risk assessment processes repeated regularly to provide assurance on meeting targets A framework of AIMS and OBJECTIVES with which ACTION can be prioritised and taken Clear statements that can be used to motivate, communicate and help develop a real pro-security culture Create an effective STRUCTURE to implement the STRATEGY Security team that can co-ordinate all policy and direct operations Training strategy delivering all required skills for Security Services staff Take action in all key areas Within the strategic plan apply particular TACTICS to counter the problem University of Reading January 2011 Page 8 of 17

9 GENERIC ACTION PRIORITY ACTION Creating a pro-security culture Deterrence of security breaches /incidents Prevention of security breaches /incidents Detection/reporting of incidents Investigation of incidents Sanctions following incidents Redress following investigation Quality Assurance/support To include the protection of the following: Student, staff and visitors University property and assets Faculties and departments Specialist units (LRC) Areas of special interest DELIVERING IMPROVEMENTS PROTECTING THE UNIVERSITY University of Reading January 2011 Page 9 of 17

10 4. Responsibilities for Heads of School, Directorates and other University organisations 4.1 All Schools, Directorates and other university organisations have responsibility for internal security and, to ensure co-ordination with the security team. 4.2 Staff should be made aware of the security strategy, paying particular attention to those issues relevant to the activity of their department or faculty. 4.3 Staff and students should be aware of, and exercise their security responsibilities, including where appropriate the displaying of university campus identification cards and have due regard for university property, in particular the security of IT equipment. Valuables should not be left in unsecured rooms. 4.4 Liaison with the security team on any security matters. 4.5 Arranging for a security risk analysis to be undertaken in the department or faculty areas, in liaison with the security team, to remove or reduce security risks. 4.6 Controlling access to their department or faculty areas by management of the issue of keys and authorising staff/students to have out of hours access only as necessary. 4.7 Ensuring that staff and students return to their department or faculty their university campus identification card and any issued keys on their last day of work or attendance. 4.8 Notifying the security team of any new security risk, such as the purchase of expensive equipment, for provision of advice on any additional security or protection and permit informed investigation into any crime or incident. 4.9 Where security systems have been installed, such as door control, it is the responsibility of the person granted access that they do not admit unauthorised persons. If unauthorised persons gain access the security control room should be informed immediately 5. Information for students and others with access to buildings 5.1 Security awareness advice and information will be given to students during Freshers Week and during various campaigns/initiatives run throughout the year. 5.2 Where security systems have been installed, such as door control, it is the responsibility of the person granted access that they do not admit unauthorised persons. If unauthorised persons gain access the security control room should be informed immediately. 5.3 Students should ensure valuables are not on public view through windows and that rooms are locked when unoccupied. 5.4 The security team may remove unattended valuables, such as laptops, to lost property for safekeeping. Students should check with lost property in person or by telephone, if such an item goes missing. This way it can be returned promptly or, in the case of theft, dealt with by the police. 5.5 Students should be aware that their work is valuable and they should protect their documents on the computer with passwords. University of Reading January 2011 Page 10 of 17

11 6. Security management initiatives 6.1 The security team will develop both pro-active and reactive initiatives in relation to university security management. 6.2 All Schools, Directorates and other university organisations should inform the security team of all security related matters and work with the Security Services Manager on issues relating to their specific area. 6.3 Develop a positive security environment amongst staff, students and visitors to encourage a culture where the responsibility for security is accepted by all and the actions of a minority who breach security is not tolerated. 6.4 Deter those who may be minded to breach security by using publicity to raise awareness of initiatives being used to thwart their intended actions. 6.5 Prevent security incidents or breaches from occurring, wherever possible, or minimise the risk of them occurring by learning from operational experience, using technology wisely and sharing best practice. 6.6 Detecting reported security incidents or breaches in a simple consistent manner across the university so that trends and risks can be analysed. This will allow the collation of data to inform the development of preventative measures or the revision of policies and procedures. 6.7 Investigate security incidents or breaches in a fair, objective and professional manner. This practice will ensure that those responsible for such incidents are held to account for their actions and that the causes of such incidents or breaches are fed into prevention work to minimise reoccurrence. 6.8 Apply a wide range of sanctions against those responsible for security incidents and breaches, involving a combination of procedural, disciplinary, civil and criminal action as appropriate. 6.9 Seek redress through the criminal and civil justice systems against those whose actions lead to loss of university resources as a result of security incidents or breaches. 7. Protecting property and assets 7.1 Everyone who works, studies, uses or provides services to the university has a collective responsibility to ensure that property and assets are secure. 7.2 Property is defined as the physical buildings in which university staff and students live, work and study, where students are taught and from where the business of the university is delivered. Assets, irrespective of their value, are materials and equipment used to deliver university services. In respect of staff and students it can also mean the personal possessions they retain whilst working in, studying in, using or providing services to the university. 7.3 Protecting property involves buildings from where the university services are delivered. Damage to or theft from them impacts on the delivery of those services and deprives the university of resources. Poorly designed buildings or extended sites with numerous exits and public rights of way makes the securing of property difficult and creates the potential for those who have no official business to gain unchallenged access. University of Reading January 2011 Page 11 of 17

12 7.4 University assets are the tools that allow the staff and students to fulfil their roles. Whilst assets are often regarded as items over a certain value recorded on the university asset register, all items owned by or donated to the university should be considered as assets and properly secured, irrespective of whether they are low value stationery items, catering supplies, furniture, IT equipment or consumable goods. 8. Professional and ethical framework 8.1 All staff involved in security work should maintain the highest standards of professionalism. 8.2 Security management work should be undertaken with an open mind, particularly in relation to assessment of incidents, evidence or information. Consideration should be given to all interpretations that may be placed on such incidents, evidence or information. 8.3 A polite and courteous approach should be adopted with the absence of any form of preconception or discrimination in accordance with current equal opportunity or valuing diversity policy. 8.4 All staff working in university security-related positions have a duty to maintain the highest level of expertise and ensure that this is applied thoroughly and comprehensively. 8.5 Work relating to university security must be understood in the context of overall improvement of the university and overall strategic aims, including the continual development of a pro-active culture and effective joint working with other agencies. 8.6 All staff working in university security related positions are to hold an enhanced CRB check. 9. Specific areas of action 9.1 The remit of the security team is very broad and will translate into specific action in many different areas. In order to ensure that real progress is made, there is a need to focus initial effort and priorities on key areas of security management within the university. 9.2 It is essential to the security team operations that the control room continues to be maintained to the required standards. 9.3 Good security management of buildings emanates from the design stage of refurbishment or new build. Security by design is cost effective; working in partnership with outside agencies such as Police Crime Reduction Officers and Crime Prevention Design Advisers during the design stage can reduce the need for measures to be introduced at a later date. Initial consultation also leads to potential design faults being eliminated prior to construction. University of Reading January 2011 Page 12 of 17

13 9.4 It is the responsibility of all staff and students within the university to report all activity of a criminal nature, whether suspected or real. Incident reporting is crucial to the identification of criminal activity as it permits investigation and recommendations to be made to prevent recurrence. Comprehensive reporting of incidents provides an accurate picture of the level of crime throughout the university and thus ensures that adequate resources are provided to combat crime. 9.5 It is very difficult to achieve the fine balance required in the university environment between access to buildings for the people who require it and to deny access to potential criminals attracted to buildings by the valuable contents. Departments and faculties should develop and promote an access policy tailored to their specific needs and share this with the security team. Such policies should contain current out-of-hours procedures for each department and faculty as well as plans for shut down periods and a list of relevant people to contact in cases of emergency. 9.6 Key and sensitive areas of buildings covered by access control should be used effectively in order to reduce unauthorised personnel gaining access. 9.7 A universal system with regard to signing in of visitors to departments and faculties should be adopted by the university to prevent giving the opportunist criminal the ability to gain access to these areas. 9.8 Risks may vary depending on the time of day, level of building use or if any alterations to buildings are in progress. A risk analysis should be carried out annually or more frequently if there are physical changes to the building. Once a risk analysis is prepared, it should be evaluated in consultation with the Security Services Manager to decide if the risks are acceptable, the level of protection required and the order of priorities. 10. Personal security Whilst it is the responsibility of the security department to help ensure a safe and secure working environment, it is the responsibility of all staff, students and visitors on university premises to take all reasonable measures to ensure their own personal security. When moving around the university, staff, students and visitors should note the following advice: Endeavour to be familiar with your surroundings and aware of other people. Try to avoid poorly lit or isolated areas. Report any deficiencies in pathways or lighting to FMD Helpdesk on extension Report any suspicious behaviour to the security control room on ext If working late, inform the security control room giving details of your name and location and expected finish time. University of Reading January 2011 Page 13 of 17

14 11. The right of search 11.1 In exceptional circumstances and when a criminal offence is suspected, any personnel on university property, may be liable to a search of their offices, personal possessions, vehicles or accommodation. Such searches will be carried out by trained security operatives, after permission has been given by the owner/occupier. If permission is denied, depending on circumstances, the police may be contacted University staff and security officers have the authority to carry out searches of a person under the Violent Crime Reduction Act 2006 part 2 Weapons Section 85b. This legislation provides for members of staff of an institution within the further and higher education sector who has reasonable grounds for suspecting that a student at the institution may have with him/her or in his/her possession: a. An article to which section 139 of the Criminal Justice Act 1988 applies (knives/blades) or b. An offensive weapon under the Prevention of Crime Act 1953 The term 'offensive weapon' is defined as: "Any article made or adapted for use to cause injury to the person, or intended by the person having it with him for such use The legislation does stipulate that it must be on the institutions premises and that a person may only carry out the search if: a. He/She is the principal of the institution or b. He/She has been authorised by the principal to carry out the search. 12. Drugs and illegal substances 12.1 Any drugs which are categorised as class A, B or C under the Misuse of Drugs Act 1971 are not permitted on any university property. The only exceptions to this would be drugs that are authorised to be used in official research or teaching or related activity. The following are criminal offences: Unlawful possession of a controlled substance. Possession of a controlled substance with intent to supply. Supplying or offering to supply a controlled substance (even when no charge is made for the substance). Allowing premises you occupy or manage to be used unlawfully for the purpose of producing or supplying a controlled substance. 13. The ten principles for risk analysis 13.1 A risk analysis, must be reasonable, realistic and risk commensurate. Where funding is limited and risks are considered low, often a simple solution can be just as effective as a more complex one. For example, a window lock can be a cheap and effective investment to prevent burglary instead of the expense of installing an intruder alarm Removal of the target, (valuable item); ensuring that it is not on public view. For example, expensive computing equipment should be housed on an upper floor rather than the ground floor or away from external windows. Expensive or critical IT equipment should be housed off site at purpose-built IT premises. University of Reading January 2011 Page 14 of 17

15 13.3 Make the target resistant to attack. Areas that have alarm protection or are covered by CCTV systems deter criminal activity and the criminal will look for a softer target Restrict access to a room, area, floor or building by using access control; the university electronic card system, digital lock or traditional key Ensure that anything an offender may find useful to assist in their crime, such as keys, tools or ladders, are locked away and not easily accessible Consider the value of the loss if something was stolen; property marking of expensive articles, either with post code, department or name is advisable Three methods of surveillance should be considered: natural, where the area is visible to other occupants or passers-by; formal by using technology and/or people to monitor the area and deter offenders and formulating a procedure to deal with suspicious persons; informal, encouraging employees to be vigilant Incorporating a range of security measures at the design and planning stage of a building or refurbishment to reduce the risk of crime. Perimeter controls or surveillance methods should be considered Local procedures, as well as university policy, should be utilised; efficient evening locking up procedures for offices and IT rooms, key issue and control, exit procedures for staff leaving the employment of the university (hand in identity cards, parking permits, uniform, keys and change access codes) Any measure that hinders an offender should be implemented. The longer it takes to commit an offence the more vulnerable the perpetrator becomes, which increases the chance of their being apprehended. Discouragement, detection by CCTV or Smart Water, should be publicised by warning signs. 14. Property marking and security of equipment 14.1The University has a number of high risk areas 14.2 These areas have been risk assessed and a high level of security has been provided including internal and external CCTV and management system to control access etc Regular updated risk assessments are carried out to these locations. In the future if any further high risks areas are created they will be subject to full risk assessment with the user and relevant university staff and measures put in place to ensure the security of the location/equipment Individual computers or laptops located in communal areas should be enclosed with a steel enclosure, or similar security entrapment device, or secured when unattended. A vacated area or room should be locked and AV equipment should be secured, dependent on the functionality of the equipment. A security risk assessment should be conducted by the security team (in conjunction with the university insurers) at any time with the resultant report or recommendations to improve security made to the head of department or faculty. Computers should be password protected, encrypted as necessary and/or switched off when not in use to prevent unauthorised access to information Consideration should be given to using a security marking system (Smart Water for example). University of Reading January 2011 Page 15 of 17

16 14.6 Keys are the responsibility of heads of departments and faculties, to be kept secure and their issue and return recorded. Applications for keys should be made in writing and issued subject to satisfactory fulfilment of criteria ensuring need, use and availability. Loss of keys must be reported to the head of department or faculty who must inform the Security Services Manager. Persons leaving the university or transferring to another department must return their key(s) to their head of department or faculty. Keys must not be passed directly to a replacement employee All lost and found property must be recorded centrally through Palmer reception, not via an individual department, to provide an audit trail to facilitate the location of lost property. 15. Monitoring and review 15.1 The security strategy will be reviewed every 24 months, or sooner, if required by the Security Services Manager Key performance indicators will be established which will measure the effectiveness of the security service provided and the security strategy: The number of all reported incidents on a monthly and annual basis to identify the nature of the incident and any trends. The number of all crime related incidents on a monthly and annual basis to identify areas that require attention and to take action to reduce the incidence of crime in the university. The number of complaints received per month relating to university premises and from the wider Reading community to identify and address any trends and to reduce the number of external complaints received. The number and nature of incidents where support is given to university customers, to identify trends and recommend appropriate actions. The number and nature of incidents attended in the wider Reading community to identify any hot spots that are developing and then taking appropriate actions to address these issues. University of Reading January 2011 Page 16 of 17

17 Appendix A : Action Plan No. Action Responsible Date 1 This security policy is applied throughout the university 2 The Security Services Manager to attend early project meetings to review security issues and liaise with outside agencies. 3 Security marking system to be considered to identify, and thus protect, valuable assets. 4 Continue to provide on-line incident reporting facilities and software for all staff and students. 5 Schools, Directorates and other university organisations carry out security risk assessments with the assistance of the Security Services Manager using the ten principles for risk analysis 6 All Schools, Directorates and other university organisations to introduce procedures for the effective management of key issue and storage. 7 All Schools, Directorates and other university organisations to introduce procedures to manage visitors to their area. All Security Services Manager Schools, Directorates and other university organisations Security Services Manager Schools, Directorates and other university organisations Schools, Directorates and other university organisations Schools, Directorates and other university organisations ongoing ongoing October 2011 ongoing ongoing October 2011 October 2011 University of Reading January 2011 Page 17 of 17