Beruflich Dokumente
Kultur Dokumente
Security management
Summary of changes made to previous years standards
Standard Changes
1.1
Ratings section changed as follows:
Amber:
There is an individual with executive authority at the organisation who has a
clearly defined responsibility for the strategic management and support of
security work.
There is no evidence that executive oversight or strategic support is delivered
effectively for security management at the organisation.
1.2
1.3
1.4
2.2
2.3
culture among all staff. As part of this, the organisation participates in all
national and local publicity initiatives, as required by NHS Protect, to raise
security awareness. This programme of work will be reviewed, evaluated and
updated as appropriate to ensure that it is effective.
Further explanation included in the rationale.
Ratings section changed as follows:
Red
The organisation has not raised awareness of security measures and security
management among staff and has not created a pro-security culture.
There is some work within the organisation to raise and maintain security
awareness, but it is limited in scope and reach.
The awareness work carried out does not take identified organisational risks into
account and is not fully in line with NHS Protect strategic requirements
The organisation has not participated in any national or local publicity initiatives,
as required by NHS Protect, to improve security awareness.
Amber:
The organisation has an ongoing programme of work to raise awareness of
security measures and security management among all staff, based on local risk
and needs and in line with NHS Protects strategy.
A range of methods are used to reach the widest possible audience.
The organisation participates in all national and local publicity initiatives, as
required by NHS Protect to improve security awareness.
Advice is taken from the organisations communications staff, where appropriate,
and from the Deterrence and Engagement team in NHS Protect.
There is limited or no evaluation of awareness work carried out or, where
evaluation has been carried out, it is not on recent data or it is not sound enough
to demonstrate a positive impact.
Green:
The organisation has an ongoing programme of work to raise awareness of
security measures and security management among all staff using a range of
methods that are appropriate to different staff groups.
There is evidence that presentations and other awareness materials are
targeted to specific staff groups.
The organisation meaningfully evaluates the success of the programme of work
and measures levels of awareness.
The results of the evaluation inform planning for future awareness work.
2.4
2.5
2.6
2.7
Standard 2.5 from 2014/15 standards deleted. What was standard 2.6 becomes
standard 2.5.
What was standard 2.7 in 2014/15 becomes standard 2.6.
This was added as a new pilot standard for 2015-16. The standard reads as
follows:
The organisation uses the Security Incident Reporting System (SIRS) to record
details of physical assaults against staff in a systematic and comprehensive
manner. This process is reviewed, evaluated and improvements are made
where necessary.
Accompanying ratings also new.
3.1
Green:
There is evidence that the organisation uses sound data to regularly evaluate
the effectiveness of training delivered in relation to prevention of violence and
aggression and the prevention and management of challenging behaviour.
Where appropriate, the results from the evaluation lead to improvements in the
training.
3.2
3.3
Amber:
There is evidence that the organisation issues all relevant national or regional
NHS Protect alerts to staff.
The organisation has a process to identify the appropriate staff to receive the
alerts.
The organisation can demonstrate that there is a system in place to control the
issue of alerts, which meets statutory requirements.
In addition, NHS Protect guidance in relation to the issue, distribution and
withdrawal of alerts has been taken into account.
There is little or no evidence that the organisation has monitored, reviewed or
evaluated the issue of national and regional NHS Protect alerts to see whether
they have raised awareness of the issues communicated through them.
Green:
The organisation uses sound data to evaluate the success of the alert process
and measures the levels of awareness generated by it.
Where appropriate, the results of the evaluation inform the process for issuing
alerts in order to maximise its effectiveness.
3.4
3.5
3.6
3.7
What was previously standard 3.5 in 2014/15 now becomes standard 3.4.
What was previously standard 3.6 in 2014/15 now becomes standard 3.5.
What was previously standard 3.8 in 2014/15 now becomes standard 3.6.
What was previously standard 3.9 in 2014/15 now becomes standard 3.7.
Standard reworded as follows:
The organisation has departmental asset registers and records for business
critical assets worth less than 5,000.
3.8
What was previously standard 3.7 in 2014/15 now becomes standard 3.8.
Standard reworded as follows:
The organisation has clear policies and procedures in place for the security of
medicines and controlled drugs.
The list provided in the Guidance, supporting documentation and evidence
section was changed to the following:
The NHS Security Management Manual
NHS Protect guidance Security standards and guidance for the management
and control of controlled
drugs in the ambulance sector
NHS Protect guidance Guidance on the security and storage of medical gas
cylinders
NHS Protect checklist Security of medical gas cylinders General Checklist
NHS Protect checklist Security of medical gas cylinders Physical security
and storage checklist
NHS Protect toolkit Medicine security self-assessment tool
9
What was previously standard 3.10 in 2014/15 now becomes standard 3.9.
3.10
What was previously standard 3.11 in 2014/15 now becomes standard 3.10.
Standard reworded as follows:
The organisation records all security related incidents affecting staff, property
and assets in a comprehensive and systematic manner. Records made inform
security management priorities and the development of security policies.
The ratings changed as follows:
Red:
There is little or no evidence that the organisation maintains a detailed record of
security related incidents affecting staff, property, and assets.
The organisation maintains some records of security related incidents affecting
staff, property and assets, but they are not comprehensive, systematically made
or updated in a timely manner.
There is no evidence that the organisation has sought to use the records to
inform security management priorities and develop security policies.
Amber:
There is evidence that the organisation records security related incidents staff,
property and assets in a comprehensive and systematic manner.
There is little or no evidence that the organisation regularly and soundly reviews
or evaluates its systems for recording security related incidents affecting its staff,
property and assets.
10
Green:
The organisation can demonstrate that data from its security related incidents
affecting staff, property and assets informs security management priorities.
The organisation is able to demonstrate a link between reporting and
improvements in the level of security related incidents affecting staff, property
and assets.
There is evidence that the organisation regularly and soundly evaluates the
effectiveness of its reporting system on security related incidents affecting staff,
property and assets. Where appropriate, the findings contribute to
improvements in the management of security within the organisation.
3.11
What was previously standard 3.12 in 2014/15 now becomes standard 3.11.
Standard reworded as follows:
The organisation takes a risk-based approach to identifying and protecting its
critical assets and infrastructure. This is included in the organisations policies
and procedures.
Ratings section changed as follows:
Red:
There is little or no evidence that the organisation applies a risk-based approach
to identifying and protecting its critical assets and infrastructure.
There is little or no evidence that the protection of critical assets and
infrastructure is included in the organisations policies and procedures.
Amber:
There is evidence that the organisation applies a risk-based approach to
identifying and protecting its critical assets and infrastructure.
There is evidence that the organisation, as part of its business continuity work,
has identified its critical assets and infrastructure, risk assessed them and put in
place the appropriate control measures.
There is little or no evidence that the organisation has reviewed or evaluated its
work to identify and protect its critical assets and infrastructure, or that the riskbased approach is influencing relevant organisational polices.
Green:
There is evidence that, using its risk-based approach to identifying and
protecting its critical assets and infrastructure, the organisation makes
improvements to relevant policies.
The organisation can demonstrate that it regularly evaluates its approach to
identifying and protecting its critical assets and infrastructure and that, where
appropriate, evaluation results lead to improvements.
The organisation tests its business continuity response through rehearsals and
table top exercises in critical areas, and the outcomes lead to changes in
training, policy and processes.
11
What was previously standard 3.13 in 2014/15 now becomes standard 3.12.
Standard reworded as follows:
In the event of increased security threats, the organisation is able to increase its
security resources and responses.
Ratings section changed as follows:
Red:
The organisation is unable to demonstrate that, in the event of increased
security threats, it is able to increase its security resources and responses in a
timely manner using a risk-based approach.
The organisation may be able to increase its security resources and responses
but this cannot be shown to be appropriate for the level of risk.
Amber:
The organisation can demonstrate that it has taken a risk-based approach to
security threats and is able to increase and deploy its resources in a timely
manner in response to those threats.
There is little or no evidence that the organisation regularly and soundly
evaluates its ability to deploy appropriate resources in a timely manner in the
event of increased security threats.
Green:
The organisation is able to demonstrate that arrangements for increasing its
security resources and responses following an increase in security threats
receive an appropriate level of executive and management support and are
included in the organisations risk processes.
The impact of the risk-based approach to responding to increased security
threats is regularly and soundly evaluated and relevant policies and processes are
updated as required.
3.13
What was previously standard 3.14 in 2014/15 now becomes standard 3.13.
Standard reworded as follows:
The organisation has suitable lockdown arrangements for each of its sites, or
for specific buildings or areas.
Ratings section changed as follows:
Red:
There is little or no evidence that the organisation has suitable lockdown
arrangements in place.
The organisation may have some lockdown arrangements in place, for example
12
What was previously standard 3.15 in 2014/15 now becomes standard 3.14.
Ratings section changed as follows:
Green:
The organisation is able to demonstrate that its policies and procedures in
relation to child and infant abduction have resulted in a decrease in the number
of incidents, where applicable.
There is evidence that the organisation regularly tests, monitors, evaluates and
reviews its policies and procedures on child and infant abduction. Where
required, changes are made to policies and procedures to ensure that they are
effective.
4.1
4.4
16