nlg(16)175 - board annual security report 2015-16...nlg(16)175 date of meeting 29 april 2016 report...

NLG(16)175

DATE OF MEETING 29 April 2016

REPORT FOR Trust Board of Directors – Public

REPORT FROM Wendy Booth, Security Management Director

CONTACT OFFICER John Melville, Local Security Management Specialist

SUBJECT Annual Security Report 2015/16

BACKGROUND DOCUMENT (IF ANY) NHS Protect Standards Requirement

REPORT PREVIOUSLY CONSIDERED BY & DATE(S) 2014/15

EXECUTIVE COMMENT (INCLUDING KEY ISSUES OF NOTE OR, WHERE RELEVANT, CONCERN AND / OR NED CHALLENGE THAT THE BOARD NEED TO BE MADE AWARE OF)

The report provides the annual report on security a ctivities for the year ended 31 March 2016 and the work plan for 2016 /17

HAVE THE STAFF SIDE BEEN CONSULTED ON THE PROPOSALS?

The report has been considered by the Security Grou p

HAVE THE RELEVANT SERVICE USERS/CARERS BEEN CONSULTED ON THE PROPOSALS? N/A

ARE THERE ANY FINANCIAL CONSEQUENCES ARISING FROM THE RECOMMENDATIONS?

No

IF YES, HAVE THESE BEEN AGREED WITH THE RELEVANT BUDGET HOLDER AND DIRECTOR OF FINANCE, AND HAVE ANY FUNDING ISSUES BEEN RESOLVED?

N/A

ARE THERE ANY LEGAL IMPLICATIONS ARISING FROM THIS PAPER THAT THE BOARD NEED TO BE MADE AWARE OF?

No

WHERE RELEVANT, HAS PROPER CONSIDERATION BEEN GIVEN TO THE NHS CONSTITUTION IN ANY DECISIONS OR ACTIONS PROPOSED?

Yes

WHERE RELEVANT, HAS PROPER CONSIDERATION BEEN GIVEN TO SUSTAINABILITY IMPLICATIONS (QUALITY & FINANCIAL) & CLIMATE CHANGE?

Yes

THE PROPOSAL OR ARRANGEMENTS OUTLINED IN THIS PAPER SUPPORT THE ACHIEVEMENT OF THE TRUST OBJECTIVE(S) AND COMPLIANCE WITH THE REGULATORY STANDARDS LISTED

Ensure compliance with: Trust Policy and Strategy for Security NHS Protect Standards for Providers 2015/16 NHS Protect Standards for Commissioners 2015/16

ACTION REQUIRED BY THE BOARD

The Board is to approve the report

Northern Lincolnshire and Goole NHS Foundation Trust

of 8

Foreword Security affects everyone who works within the NHS. The security and safety of staff, patients, visitors and property are a priority to enable the delivery and development of health services.

Recognising this priority and the need for staff to feel secure whilst at work and patients and visitors to feel secure whilst on our premises, the Northern Lincolnshire and Goole NHS Foundation Trust has continued to develop its security management arrangements in line with guidance from NHS Protect and other higher authorities during 2015. This has included:

• The development and finalisation of a Joint Working Agreement with Humberside

Police, Crown Prosecution Service, NHS Protect and the Trust. • The updating of Community Lone Worker security devices for some 280 staff that

may be at risk from violence and aggression. • Upgrading of surveillance equipment to provide evidential quality footage to assist in

securing prosecutions against individuals who assault of abuse our staff, in line with the Information Commissioners Office recommendations.

• Upgrading of access systems to wards to ensure a secure environment for patients and staff.

• Undergoing a formal inspection from NHS Protect Quality Assurance Inspection team. It is noted that the number of reported incidents of physical and verbal abuse are still an area of great concern, but the willingness of staff to continue to report the incidents in the numbers they are doing so is pleasing and has resulted in 2 criminal sanctions been given by the courts for assault against members of staff. There have also been 2 convictions against offenders for Criminal Damage and 6 letters sent to patients informally warning them of inappropriate behavior towards staff.

Wendy Booth Director of Performance Assurance & Trust Secretary and Nominated Security Management Director


of 8

1.1 Introduction This report covers all aspects of Security Management at a local level and provides an update on the work streams that have been completed during 1st January 2015 to 31st March 2016. The report has been extended to a 15month period to bring it in line with the Financial Year and the NHS Protect Work Plan.

The Trust is committed to ensuring the provision of a secure environment for staff, patients and visitors and the security and protection of its premises and assets, whilst recognizing the need for accessible clinical services and the desirability of a welcoming non-threatening environment. The Trust aims to achieve this objective through the implementation of appropriate systems and arrangements which meet national, legislative and code of practice requirements issued from various bodies.

In accordance with NHS Standard Contract, in respect of services provided to NHS Commissioners and the Standards set by NHS Protect the four priority areas for the Trust to develop a secure environment are:

• Strategic Governance • Inform and Involve • Prevent and Deter • Hold to Account

The Trusts Security Strategy, which is coordinated at local level by the Local Security Management Specialist (LSMS), focuses on seven generic areas for action:

• Creating a pro-security culture – to engender a culture in which the responsibility for

security is accepted by all • Deterrence – Identifying and implementing ways to deter security incidents and

breaches • Prevention – Identifying and implementing ways to prevent security incidents and

breaches • Detection – Ensuring all security breaches are detected and appropriate

reporting systems are in place • Investigation – Initiating post incident reviews and criminal investigations • Sanctions – Providing advice on relevant sanctions – focusing on the use of

parallel sanctions where appropriate • Redress – Support the Trust to seek redress in all appropriate circumstances

and assessing the true cost of security incidents to the NHS 2.1 Security Management

The Trust appointed John Melville as the organisation’s Local Security Management Specialist in November 2013 having completed the formal accreditation course with NHS Protect.

2.2 Violence and Aggression

The number of incidents reported by staff relating to physical and verbal abuse, disruptive and aggressive behavior continues to be the main areas of concern.


of 8

Violence & Aggression Incidents

Violence and aggression towards staff continues to be the main security concern. Informing staff through Conflict Resolution Training (CRT) and encouragement of staff to report such incidents, with the LSMS attending all induction training and stressing the importance of reporting all incidents and that violence and aggression is not part of the job.

It should also be noted that 2 offenders received custodial sentences for assaults on Trust members of staff, 1 x 3 months and 1 x 4 months.

2.3 Lone Worker – Personal Protective Equipment (PPE)

The Trust has some 264 devices issued to community loan workers with a low usage of the devices. To ensure continuing usage of PPE, usage figures are forwarded monthly direct to line management to assist in enforcing and improving usage.

2.4 Joint Working Agreement (JWA)

A JWA between the Trust, The Crown Prosecution Service, Humberside Police and NHS Protect has now been approved by all parties and was formally signed on the 19th of May 2015. This is under constant review as a working document.

2.5 Security Awareness Days

The LSMS hosted 3 security awareness roadshows through the year to: :

• Encourage staff to report all security incidents with an emphasis on Violence and Aggression


of 8

• Create and promote a pro-security culture within the Trust • Advise staff on security matters of concern

The LSMS also attends the Trust induction program to raise security awareness

2.6 Conflict Resolution Training

The Education and Training Directorate continue to provide Conflict Resolution Training in line with NHS Protect guidelines and have introduced Core learning needs for Challenging Behavior Awareness into the Trust induction program 90% of Trust staff are current with Conflict Resolution Training (31/12/2015). The Challenging Behavior training is currently 57% (31/12/2015) and this will steadily increase through induction training and refresher.

The standard of training and high percentage of training achieved by the Trust was praised by the NHS Protect Quality Assurance inspector.

2.7 Surveillance Systems

The Trust currently operates 3 Security Surveillance Systems, CCTV, Body Worn Video (BWV) devices and non-recording patient cameras and monitors.

The use of monitoring systems for the safety and wellbeing of patients was highlighted during a recent CQC inspection. All monitoring systems have had Privacy Impact Assessments carried out against them and signage placed in the relevant areas. The surveillance policy has been amended to include their usage and ensuring that the patient’s privacy and dignity is maintained.

Currently the CCTV and BWV are registered with the Information Commissioner’s Office in line with the Data Protection Code of Practice for Surveillance Cameras and Personal Information. The non-recording cameras and monitors will be added to our registration.

No covert cameras were deployed during this year.

There has been 1 complaint received regarding the usage of the systems. This complaint is still under investigation with the final report to be issued to the Security Group (and escalated if required) on completion.

2.8 Park Mark - Safer Parking Scheme

After inspection the Trust has again retained the Park Mark Safer Car Parking Award across all Trust car parks including the Park and Ride site. The new Park and Ride location already holds the award.

The Safer Parking Scheme is managed by the British Parking Association. The aim of the scheme is to:

• Reduce crime and the fear of crime within parking facilities • Provide guidance to owners, operators and developers of parking facilities, both new and

existing, on how to establish and maintain a safe and secure environment through the introduction of proven management processes, physical measures and site security systems.

• Raise awareness to those who use the car park facility that the owner/operator has considered and where appropriate taken action to reduce crime within the parking facility that they had chosen to use.


of 8

2.9 Baby/Infant Tagging

The requirement for Baby/Infant Tagging at DPoW Family Services and Disney Ward, Scunthorpe was identified last year, to bring them in line with SGH Maternity Services to provide enhanced security of both mother and babies/infants in a safe environment. This risk has been recorded on the Women and Children’s Risk Register.

2.10 Access Systems

We continue to improve and update the access systems in line with technology throughout the Trust and have introduced swipe-card access to the wards to increase the security of patients and staff.

2.11 NHS Protect

The Trust underwent a focused inspection (Prevent and Deter) by NHS Protect Quality Assurance Inspectors on the 29th of April 2015. A copy of the Inspection Report is presented at Appendix 1 and copy of Action Plan at Appendix 2.

NHS Protect updated the Standards for Providers 2016/17 and issued Standards for Commissioners, which gives the Commissioners the responsibility to ensure that Providers they commission meet the NHS Protect Standards on Security. The Commissioner standards will be further extended to require them to employ or contract a Local Security Management Specialist and a member of the board to be nominated as Security Director, both to be nominated to NHS Protect. This will allow the commissioners to request proof that the Trust, as a Provider is meeting the NHS Protect Standards. This has been reflected in the 2016/17 work plan.

2.12 Work Plan

The 2015/16 LSMS work plan, which outlines progress against agreed security management objectives, has been attached as Appendix 3. The 2016/17 work plan against the amended standards is attached as Appendix 4.

2.13 Theft of Medical Gases

Goole and District Hospital was subject to two medical gas cylinder thefts during June and July 2015. These thefts were part of series of robberies of several hospitals within our region, and were investigated by a regional police task force. The task force has made a number of arrests and the accused are awaiting court appearances.

3.0 Recommendations

It is recommended that the Trust Board notes and approves the content of this report.

4.0 Conclusion

This report demonstrates the continuing improvement of staff engaging with the pro-security culture and, with the reporting of violence and abuse incidents. The most pleasing aspect of the year was the outcome of the NHS Protect inspection where we achieved a higher grading score than we had declared on our Self Review Tool to NHS Protect..


of 8

There are continuing challenges to ensure that the Trust meets the every changing security requirements, both from the legal and guidance authorities which will result in a very challenging forthcoming year. Some of which may require capital funding to ensure the Trust meets the Standards set by NHS Protect and those of the NHS Standard Contract.

John Melville Local Security Management Specialist

Appendix 1

Focused quality assessment of compliance against NHS Protect

standards for providers (Security Management)

Final Report

Northern Lincolnshire and Goole NHS Foundation Trus t

Tackling fraud and managing security

Northern Lincolnshire and Goole NHS Foundation Trust Focused quality assessment 2015-16

Page 1 of 19

Quality Assessment:

Contact Name

Job Title

Name : Tim Barlow Contact number : 07917 266287 Email address : [email protected]

Senior Quality and Compliance Inspector

Introduction Northern Lincolnshire and Goole NHS Foundation Trust provides acute hospital services and community services to a population of more than 350,000 people across North and North East Lincolnshire and the East Riding of Yorkshire. The annual budget is circa £300 million, they have 850 beds across three hospital sites and employ around 8,500 members of staff.

The trust indicated 107 physical assaults in their “Reported Physical Assaults” return to NHS Protect for year 2013/14 of which 41 did not have medical factors and declared no sanctions.

The trust directly employed a full time local security management specialist (LSMS) John Melville who reports directly to the head of fire health and safety. Security management work is overseen by Jug Johal who is the nominated security management director (SMD) and holds the post of director of facilities. The LSMS reported monthly to the SMD at one to one meetings.

The LSMS reported directly to the head of fire, health and safety and is based within the trusts governance team.

The information provided for the purposes of this report is based upon the documentation reviewed, the information provided to


Page 2 of 19

us during the course of the assessment process, interviews with all relevant personnel and/or third parties and the agreed scope and objectives for this assessment as set out in the assessment rationale. This assessment does not, therefore, set out all areas of risk in relation to security management work within the organisation and is limited to the areas that have been assessed as set out in the assessment rationale.

Signature – by email

Tim Barlow

Date

20/05/2015

Ratings

The rating system is based on red, amber and green (RAG) ratings and links directly to the NHS Protect standards for providers (security management).

RED – a risk has been identified but no action has been taken to R mitigate the risk, or the action taken is very limi ted in scope.

AMBER – a risk has been identified and action has b een taken to mitigate the risk. There is evidence of compliance through outputs. A However, the effectiveness of the work conducted ha s not yet been

evaluated or there is no reduction of the risk. The re is therefore little or no evidence of outcomes.

GREEN – a risk has been identified, activity has be en conducted and there has been measurement undertaken to evaluate t he effectiveness G

of the work conducted. The risk has been mitigated or significant progress has been made in mitigating the risk. Outc omes are therefore

present.

Strategic Governance

Organisation self review rating Green

Assessment Rating Not Assessed

Inform and Involve

Organisation self review rating Green

Assessment Rating Not Assessed

Prevent and Deter


Page 3 of 19

Organisation self review rating

Amber

Assessment Rating

Green

Hold to Account

Organisation self review rating

Green

Assessment Rating

Not Assessed


Page 4 of 19

Summary of Quality Assessment

The trust was selected for a focused assessment against the requirements of the NHS Protect 2015/16 standards for providers – security management. A number of documents were received prior to the assessment visit. The bulk of the assessment work was carried out during a site visit on 29 April 2015, with the closing meeting held on 30 April 2015. The LSMS, the SMD, the director of estates and facilities, the emergency planning officer, the head of fire, health and safety, the resilience lead, the head of communications, the director of pharmacy and medicines management, the mandatory training lead, ward sisters, department managers and a number of staff in various wards and departments were spoken with as part of the assessment.

The trust was assessed for compliance with the following key area of activity; prevent and deter which consisted of 14 standards in all.

The trust was assessed as compliant with 11 standards, partially compliant with two standards and not compliant with one standard. The trust demonstrated compliance overall with the requirements of prevent and deter.

With regards to standard 3.11, which was the only red rated standard, we were unable to identify how the trust had identified its critical assets and subsequently reviewed how critical assets are protected.

The trust should be commended for its comprehensive and systematic approach to evidence submission prior to the assessment.

Where the trust was non-compliant with the requirements of the standards, recommendations for improvement were set out in this report.

Following the assessment, a closing meeting was held with the Head of Security and the SMD, where the ratings and recommendations were discussed. It was encouraging that feedback was received in a positive manner. Further advice and guidance on the recommendations made in this report and the issues should be sought from the Area Security Management Specialist (ASMS), Tracey Clark who can be contacted at [email protected] and on 07715369883.

NHS Protect wishes to acknowledge the help and assistance given by the organisation and staff during the assessment process and thank all staff we spoke with for their openness and professionalism.


Page 5 of 19

Prevent and Deter

North Lincolnshire and Goole NHS Foundation Trust meets standards; 3.1, 3.2, 3.3, 3.4, 3.5, 3.6, 3.8, 3.10, 3.12 and 3.13

North Lincolnshire and Goole NHS Foundation Trust partially meets standards; 3.7, 3.9 and 3.14

North Lincolnshire and Goole NHS Foundation Trust does not meet standard; 3.11

Standard

3.1 The organisation risk assesses job roles and undertakes training needs analyses for all employees, contractors and volunteers whose work brings them into contact with NHS patients and members of the public. As a result, the appropriate level of training on prevention of violence and aggression is delivered to them in accordance with NHS Protect’s guidance on conflict resolution training and the prevention and management of clinically related challenging behaviour. The training is monitored, reviewed and evaluated for effectiveness.

The trust had a current Mandatory Training Policy (OWP 018) in place that identified roles and responsibilities and how the trust would maintain a training needs analysis (TNA) for all staff covering all mandatory training. Conflict resolution training (CRT) was identified as a mandatory requirement for all staff on induction.

The policy made reference to the role of mandatory training lead who had responsibility for ensuring that all staff identified on the TNA as requiring training attended within the given timeframe and the mechanisms in place for ensuring non- attenders were identified.

The trust provided comprehensive documentation to support the delivery of CRT which included the current TNA, lesson plans, attendance records and feedback review materials.

During the assessment we spoke with the mandatory training lead for CRT who explained that the trust had fully reviewed its delivery of CRT in 2013. Following a review of previous CRT delivery. the trust had adopted training for all staff on induction with a training package that met NHS Protect guidance. The trust also took the decision to train all staff who were in post at that time and had been identified in the TNA as requiring CRT. Following initial training, the trust stated they were due to commence refresher training in 2016 which would ensure a three year cycle for all identified staff.

The mandatory training lead supplied us with data up to and including April 2015 which indicated that the trust was 88% compliant overall with CRT initial training.


Page 6 of 19

The trainer told us that although this was an overall position the data could be drilled down to staff group and site specific and indicated that two small groups of staff were currently only 40% compliant with training despite efforts made to ensure staff attendance.

Training delivery and content was subject to feedback from attendees and the training content had been regularly reviewed within the training team. The training had recently started to include challenging behaviour within the CRT package to level 1.

The mandatory training lead should be commended for her professionalism and would benefit from trust support when facing challenge from small staff groups non- attendance at CRT.

Rating

Green


Page 7 of 19

Standard

3.2 The organisation assesses the risks to its lone workers, including the risk of violence. It takes steps to avoid or control the risks and these measures are regularly and soundly monitored, reviewed and evaluated for their effectiveness.

The trust had identified the requirement to risk assess those staff who were lone workers and had produced a policy; Lone Working Policy and Procedures (MDP026).

The policy identified the requirement for managers and departments to risk assess its lone workers and implement mitigating action plans. We received examples of these risk assessments from a number of departments prior to the site visit. Risk assessments identified risks and adopted a number of methods to mitigate risk. Methods ranged from buddy systems for lower risk staff groups to lone worker devices for higher risk staff groups.

For those staff identified as higher risk, the trust had contracted Reliance from the NHS Protect framework agreement and held approximately three hundred devices. The LSMS received monthly usage reports from Reliance which were reviewed and any areas of low usage were highlighted to the device holders’ line manager.

Following a recent review of the lone worker device, the trust had committed to extending the contract and refresher training was being delivered to all device holders. The review had also identified that a number of extra devices were required. The review included the review of risk assessments and incident analysis.

Rating

Green

Standard

3.3 The organisation distributes national and regional NHS Protect alerts to relevant staff and action is taken to raise awareness of security risks and incidents. The process is controlled, monitored, reviewed and evaluated.

The trust had a formal written protocol for the distribution and control of security alerts issued by NHS Protect. Alerts where recorded by the LSMS onto a local database and were individually risk assessed to ensure that the appropriate staff received the alert. This was recorded, and following the alert being withdrawn by NHS Protect the LSMS would inform those to whom the original alert had been distributed to withdraw the alert. We had sight of a considerable number of email traffic to support this process.


Page 8 of 19

The LSMS frequently confirmed with staff that they had received alerts during his operational duties and the trust had also had a recent success relating to the apprehension of a subject of an alert on one of their sites.

Rating

Green

Standard

3.4 The organisation has arrangements in place to manage access and control the movement of people within its premises, buildings and any associated grounds.

During the assessment we visited a number of wards and departments at the Scunthorpe General Hospital site where we witnessed a number of access control systems in place. These ranged from manual door locks to electronic automated proximity access control systems. On a visit to the maternity department, we saw how the system on the main entrance restricted access and the ward could only be accessed by staff who had the appropriate authority clearance on their swipe card.

Access could also be granted from the ward desk via an audio and video link from the ward entrance door. It was apparent that the LSMS had considered the problem of tailgating through secure doors and had produced posters to identify the risk which were displayed at every secure door and ward entrance.

The trust had a written protocol in place for the issue of identification badges.

Following analysis of incident data, the LSMS had identified a number of incidents relating to missing patients and uninvited persons wandering into some ward areas. The investigation of these incidents led to a review of manual access controls to a number of wards and subsequently led to the trust funding replacement with swipe access control. This was supported by the LSMS with email evidence which we had sight of during the assessment.

Rating

Green


Page 9 of 19

Standard

3.5 The organisation has systems in place to protect all its assets from the point of procurement to the point of decommissioning or disposal.

The trust supplied comprehensive documentation prior to the site visit which included standing financial instructions (SFI’s), Disposal of Goods and Equipment Policy (ProcDisp2), the materials management protocol, the electronic invoice system protocol and a monthly asset check sheet.

The documents set out the protocols and procedures put in place at the trust to ensure that goods and equipment purchased by the trust, complied with financial security measures and once delivered were kept secure. The methods of disposal for goods and equipment were also set out in the policy.

During the assessment we visited the receipt and distribution department at the Scunthorpe General Hospital site. Staff we spoke with explained and showed us the procedures in place for the receipting of goods and equipment delivered to site. Staff also explained the various methods of delivery of goods to the ward areas which was predominantly undertaken by hospital porters. No goods were allowed to leave the department without being signed for to ensure there was an audit trail. Staff also told us that the department was audited at least once every year.

The majority of stock items were ordered from NHS Supply Chain with deliveries made out of hours. A local protocol had been put in place for delivery drivers which ensured that keys had to be collected from the 24 hour reception and signed in and out.

The stock items, once delivered were dealt with predominantly by the materials management team. During the site visit we spoke with a member of the materials management team who showed us the process and procedures for the ordering and delivery of good directly to wards and departments. The trust was using hand held bar code readers for ordering and receipting of items delivered to the wards and departments which had an audit trail. Abnormal usages of stock items were highlighted in reports running on the system.

On our visits to wards and departments we saw how goods were stored in locked clean utility and stock rooms.

The disposal of goods followed trust policy and we had sight of completed disposal documentation.

Review and evaluation was apparent via a number of routes and examples included the review of materials management stock levels, security risk assessments completed by the LSMS and the review of policy and protocols.

Rating


Page 10 of 19

Green

Standard

3.6 The organisation operates a corporate asset register for assets worth £5,000 or more.

The trust had a current asset register for items valued over £5000.00. The register was managed by the finance department and was broken down into two main sections; one section for medical equipment and one for estates and facilities. Both sections had, as a minimum, annual physical checks that assets were still in the trust’s possession. The annual checks could be supported by maintenance documentation of equipment and the financial net book valuation undertaken by the finance department; examples of both were supplied by the trust. Processes and protocols were reviewed within the SFI review process and through the equipment group who met to approve disposal and purchase of equipment throughout the trust.

Rating

Green


Page 11 of 19

Standard

3.7 The organisation has departmental asset registers and records for business critical assets worth less than £5,000.

The trust gave examples of asset registers in place at the time of the assessment for a number of areas. These included IT equipment which was monitored by utilising software called SNOW. The IT department supplied us with screen shots from the register which identified equipment and its location, however, it was not clear whether the assets were regularly audited to ensure that the equipment remained in its intended location.

Asset registers held by the electro-medical department were audited regularly as part of the maintenance regime.

During the assessment, we could not find evidence of all wards and departments having asset registers for business critical assets however the areas we visited containing assets of higher risk and value did have registers in place.

Following the assessment, the trust provided us with some further supporting evidence of asset management from the equipment group; this supported that records were kept of business critical assets although it is not clear that the trust reviewed and evaluated the effectiveness of local asset registers systematically.

Rating

Amber

Standard Recommended action

3.7 • The trust should ensure there is regular and effective review and evaluation for effectiveness of local asset registers for all business critical assets valued below £5000.00.

• Where appropriate findings from evaluation should lead to improvements.

Deadline for completion

Organisation Response / Action Plan Responsible Officer


Page 12 of 19

Standard

3.8 The organisation has clear policies and procedures in place for the security of medicines and controlled drugs.

The trust supplied us with a detailed medicines management policy which included standard operating procedures (SOPs). All departments using medicines were subject to an annual audit to ensure compliance as a minimum with spot checks held in between the annual audit.

The policy and protocols within it had been reviewed regularly by the trust and were in date at the time of the assessment.

The trust also supplied us with a formal audit report submitted to the trust’s safer medication group in April 2014. The audit looked at twenty four standards identified within the report and reflected performance against each standard.

During the assessment we spoke to the trusts director of pharmacy and medicine safety who described the process and protocols in place. The director of pharmacy and medicine safety also described how he had worked with the LSMS to complete the medicines management toolkit developed by NHS Protect. This had led to a written action plan which was supplied as part of the initial evidence submission.

The trust had recently following review of protocols, adopted an electronic key system for all medicine storage facilities installed by Assa Abloy. The system named PROTEC2 CLIQ ensured that individuals had a single key assigned to them and all access to any locked area and storage facility was recorded. The system had further security mechanisms such as allowing each key to be programed so that key holders only had appropriate access rights. Keys had to also be re-validated every twenty eight days at centralised points. We witnessed the system in operation whilst visiting wards and departments and, speaking to staff they felt security had been increased with the added bonus of speeding up the process of dispensing drugs for patients which was leading to better patient care.

All wards had secure storage for drugs with compliant storage for controlled drugs. Staff we spoke with on the wards had a clear understanding of SOPs for both controlled drugs and all other medicines and verified that annual and ad-hoc checks/audits were undertaken by the pharmacy department.

Staff also confirmed that, for non-controlled drugs an agreed level was maintained on the ward according to usage and agreement with the pharmacy department.

Rating

Green


Page 13 of 19

Standard

3.9 Staff and patients have access to safe and secure facilities for the storage of their personal property.

The trust had a formal protocol and procedure document, Patient Cash, Valuables And Property Procedures For All Staff (FPM004), which clearly instructed staff how to manage patients belongings. The trust supplied us with samples of documentation and patient belonging envelopes, although these were blank documents.

During the assessment we visited a number of wards to test whether the protocols and procedures were being followed. We spoke with a number of staff who were aware of the process however when tested we did not find that the Patient Cash, Valuables And Property Procedures For All Staff was being followed. The staff told us that one of the issues was accessing any belongings placed in the trust safe. These could not be accessed out of normal hours and that if patients placed cash in safe keeping they received a cheque and not cash on return of their belongings. Staff felt that the system was not flexible.

Staff did have access to lockers for their personal belongings and we had sight of locker areas on the wards we visited. However it was not clear if there were sufficient lockers to ensure all staff on duty had access to a locker.

Rating

Amber


Page 14 of 19


3.9 • The trust should review and evaluate the protocols and procedures already in place for effectiveness and where appropriate findings lead to improvements.



Standard

3.10 The organisation records all security related incidents affecting staff, property and assets in a comprehensive and systematic manner. Records made inform security management priorities and the development of security policies.

Prior to the site visit the trust supplied us with the Incident Reporting Policy and Procedure (DCP009) and a number of quarterly incident analysis reports covering the period 2014/15.

The trust used Datix as their electronic incident reporting software and all incidents categorised as security related were automatically sent to the LSMS for comment and approval. During the assessment we had sight of a number of emails sent to the LSMS automatically which all related to security incidents raised by staff across the trust. The LSMS explained that he responded to all reported incidents at varying levels, which ranged from a simple acknowledgement to being part of a detailed investigation.

The LSMS also received quarterly incident reports which had been utilised for trend analysis to ensure an effective use of the resource available for security management. The LSMS had also cross referenced the reports with the number of incidents reported by the trust’s contracted security guards and used this to identify areas within the trust where incidents had not been recorded on Datix. This had then been followed up with the LSMS making direct contact with staff to ensure that incidents were then recorded onto Datix in line with the incident reporting policy.

Incident analysis was reported in the annual report supplied to us for the period 2014/15 which in turn fed into the annual workplan for period 2015/16.


Page 15 of 19

Rating

Green

Standard

3.11 The organisation takes a risk-based approach to identifying and protecting its critical assets and infrastructure. This is included in the organisation’s policies and procedures.

The trust was unable to provide us with supporting documentation which identified that risk assessments had been undertaken to protect its critical assets and infrastructure identified and that this requirement was in the trusts policies and procedures.

Rating

Red


3.11 • The trust should ensure that it takes a risk based approach to identifying and protecting its critical assets and infrastructure.

• This requirement should be written into trust policy or protocol

• The effectiveness of measure put in place should be regularly evaluated and, where appropriate lead to improvements.




Page 16 of 19

Standard

3.12 In the event of increased security threats, the organisation is able to increase its security resources and responses.

The trust had a contracted security guarding provision on each of its main hospital sites and the LSMS gave us a number of examples where there had been an increase in levels of security guarding.

All requests for an increase in guarding were recorded on a contract change request document. During the assessment we had sight of a number of these relating to requests (both planned and un-planned) and the contractor had facilitated extra staff promptly and in line with their contract.

We also received a copy of a post exercise report written by the trust’s emergency planning officer following a live test of a de-contamination exercise at the Scunthorpe General Hospital in which the site security team had been involved along with similar reports following incidents relating to loss of water on site and a loss of IT services.

The trust had been able to evidence that when there had been a requirement to increase levels of security staff it had been able to do so although this is not identified in the current contract for security guarding supplied to us. It would be prudent for the trust to include this requirement at any future contract tenders.

Rating

Green

Standard

3.13 The organisation has suitable lockdown arrangements for each of its sites, or for specific buildings or areas.

The trust supplied us with a number of documents relating to its processes and protocols for lockdown. The trust referenced the strategy to implement lockdown and lockdown training utilising Project Argus.

The trust Policy and Procedure for Lockdown (FMP059) covered lockdown arrangements, procedures and responsibilities in detail. The policy had a clear rationale and aims and set out the procedures to be adopted for different levels of lockdown, for example progressive or full.

The policy had action cards and flow charts to assist staff who may be involved in implementing a lockdown. There was also reference to the potential of implementing


Page 17 of 19

a lockdown due to a major incident and explained how that would interact with bronze, silver and gold command, which was an integral part of the trusts major incident escalation process

The trust also supplied details of training delivered for lockdown utilising the Project Artemis training package. However this was delivered in May 2012 and no evidence was available to suggest that the trust had undertaken this training package since.

There was however evidence to support that the trust had tested some elements of its lockdown procedures when locking down the accident and emergency department as part of the live testing of a decontamination exercise, which took place in late 2013. This exercise was reviewed and evaluated for effectiveness and findings were reflected in a post exercise report presented to the board.

Rating

Green


Page 18 of 19

Standard

3.14 Where applicable, the organisation has clear policies and procedures to prevent a potential child or infant abduction, and they are regularly tested, monitored and reviewed.

The trust had recently adopted a Policy for the Response in the Event of a Suspected or Actual Child Abduction (DCP096) in April 2015. The policy was detailed in its definitions and set out clear responsibilities for all staff and incident reporters and responders.

The policy also outlined what actions should be undertaken should an incident occur, however the trust had not yet had the opportunity to test the policy and evaluate it for effectiveness.

Rating

Amber


3.14 • The trust should test the policy and following testing review and evaluate for effectiveness and, where appropriate findings should lead to improvements.



Post NHS Protect Quality Assurance Inspection Action Plan December 2015

Appendix 2

Directorate of Performance Assurance

NHS Protect Quality Assurance Inspection April 2015

This action plan outlines the post action and the RAG rating in as a result of the receipt of the Formal Report

Standard Rating Comments Target Date Lead

Strategic Governance

1.4 Securi ty Management Annu al Report To include sanctions as per NHS Protect VA return

JM

1.4 Securi ty Work Plan 2015/16 Updated 6/15

1.5 Securi ty Management Strategy/Policy Policy Due for review Oct 15 To Security Group

for Approval Feb 16

JM/BP

Prevent and Deter

3.1 Conf lic t resolut ion Training and Challenging behaviour

Risk Assessments to determine Cat 2 & 3 staff

for additional training.

A&E training figure to be raised

JM/BP/VP

3.2 Lone Workers No Action Required

3.3 NHS Alerts No Action Required

3.4 Access Procedures No Action Required

3.5 Protection of assets from point of procurement to point of disposals

No Action Required

3.6 Asset regis ter over £5k No Action Required

3.7 Records of cri tical assets worth less than £5k

Assets to be listed on BCPs Ward Managers to hold list of Critical Assets

Security and Management of Assets Policy sent

MO/GJ/JM

1

1

2

JJ Jug Johal Director of Security Management

BP Bill Parkinson Health and Safety Manager

JM John Melville Local Security Management Specialist

MU Mike Urwin Chief Pharmacist

GJ Graham Jacques Resilience Manager

VP Vicky Page-chestney CRT Training Lead

KF Keith Fowler ISS Contract Manager

AJ Amanda Jackson Women’s and Children

Standard Rating Comments Target Date Lead

to stakeholders Nov 15 3.8 Securi ty of Medici ne CD cabinet to be continued to be rolled out. Subject to funding MU

Medical Gases Action Plan to be completed Med Gas

Committee

3.9 Staff and Patient Property Staff are not following the Trust Policy and procedures

Discuss with TF on best way forward and audits PLACE team to TF/JM

through Quality Matrons carry out audits on inspections Identify Compensation Costs JM

Consider Abloy safes for wards, ward share £5082 JM

3.10 Reporting of incidents No Action Required

3.11 Risk based approach to ident ifying Critical Assets and infrastructure to be Security and BP/JM/GJ

and protecting cri tical assets and identified by directorates. Management of inf rastructure.

Risk Assessments undertaken of critical Assets

Assets Policy sent

to stakeholders

and infrastructure, secondary critical assets. Mar 16 3.12 Increase of securi ty staff and Response time to be included in the contract July 2015 KF

resources. 3.13 Lockdown To be practiced with Child Abduction Policy October 2015

3.14 Child Abdu ction Policy To be tested and evaluated October JM/GJ/AJ

2015

Key

Standard not Met

Work in progress

Complete

2

Appendix 3

Work Plan for Year 1st April 2015 – 31st March 2016

Local Security Management Specialist: John Melville

Site: Scunthorpe, General Hospital, Diana, Princess of Wales Hospital & Goole District Hospital

Number of Employees: 8449

Area Task/Objective Target Dates Completed

Date

Days/Time

Allocated

Actual

Days

SRT LEVEL STRATEGIC GOVERNANCE

1.1 A member of the executive board or equivalent body is responsible for overseeing and providing strategic management and support for all security management work within the organisation.

LSMS to meet quarterly with SMD or as required. Provision of quarterly reports of security management activity to Security Group Meetings. Investigation or management reports to be provided as required Provide an Annual Security Report to the Trust board

Monthly

Apr/Jun

Sep/Dec

2015

May 2016

2 days

4 days

15 days

1.2 The organisation employs or contracts in a qualified, accredited and nominated security specialist(s) to oversee and undertake the delivery of the full range of security management work.

Trust employs 2 accredited LSMS’s Attend NHS Protect quarterly meeting and supporting events. Attend CPNI training and NHS Protect training as required.

Jun, Sep, Dec

15 & Mar 16

Oct 15

Oct 15

4 days

8 days

3

1.3 The organisation allocates resources and investment to security management in line with its identified risks.

Data provision and audit of Reported Physical Assault requirements and NHS protect Quality Assurance audit. Preparation and provision of annual security management work plan, Self Review Tool.

June 2015

November

2015

June 2015

November

2015

30 days

5 days

1.4 The organisation reports annually to its executive board, or equivalent body, on how it has met the standards set by NHS Protect in relation to security management, and its local priorities as identified in its work plan.

Preparation and submission of annual security management report. LSMS to attend Trust Health and Safety committee and provide appropriate reports. Completion and submission of Security Management Self Review Tool.

May 2015

As required

November

2015

March

2015

November

2015

5 days

2.5 days

2.5 days

1.5 The organisation has a security management strategy aligned to NHS Protect’s strategy. The strategy has been approved by the executive board or equivalent body and is reviewed, evaluated and updated as required.

Security Policy & Strategy

Review of Trust Policy & Procedures, Lockdown. Review of Trust Policy &.Procedure for Deployment of Armed Police Officers. Review of Trust Violence and Aggressive Behaviour Policy. Review of Trust Policy on Direct Surveillance

October 2015

May 2015

June 2015

July 2015

August 2015

Feb 16

Feb 16

October

2015

October

2015

October

2015

3 days

10 days

3 days

2 days

2days

4

Review Policy & Procedure for Bomb Threats and Suspect Packages Review Policy & Procedure for Internal & External CCTV Review of use of Lone worker devices and monthly evaluation report to managers

September

2015

May 2015

Monthly

October

2015

September

2015

Monthly

2 days

5 days

10 days

INFORM & INVOLVE

2.1 The organisation undertakes risk assessments in relation to: a) protecting NHS staff and patients b) security of premises c) protecting property and assets d) security preparedness and resilience.

The organisation develops inclusive policies to mitigate identified risks relating to the above (a-d) and can demonstrate implementation of these policies.

The policies are monitored, reviewed and communicated across the organisation.

LSMS attends Bi-monthly meetings with Police Hate Crime Committee/Counter Terrorism Advisers Conduct Security Risk Assessments of departments and place on SHE LSMS sits on project team for provision of new Secure Patient Lockers Policies Reviewed and developed in 1.5 above published on Intranet for all Trust staff See 1.5 above

Mar, May

Jul, Sep, Nov

15 & Jan,

Mar 16

As Required

As required

As required

Jan 16

1.5 days

15 days

2 days

27 days

2.2 The organisation develops and maintains effective relationships and partnerships with local and

Trust has Joint Working agreement with NHS Protect, Humberside Police, Crown Prosecution Service

5

regional anti-crime groups and agencies to help protect NHS staff, premises, property and assets.

in place. LSMS liaises quarterly or as required with the Trust Local Counter Fraud Specialist. LSMS to meet with Safer by Design Officer LSMS attends Bi-monthly meetings with Police Hate Crime Committee LSMS to liaise with Police, Crown Prosecution Service/NHS Protect Legal Protection Unit. Park Mark Safer Parking

May 2015

As Required

Apr, Jun,

Aug, Oct,

Dec 15 & Feb

16

As required

May 2015

3 days

1 day

2 days

5 days

2.3 The organisation has an ongoing programme of work to raise awareness of security measures and security management in order to create a pro-security culture among all staff. As part of this, the organisation participates in all national and local publicity initiatives, as required by NHS Protect, to improve security awareness. This programme of work will be reviewed, evaluated and updated as appropriate to ensure that it is effective.

LSMS distributes Security Management materials and information. LSMS to facilitate security awareness and NHS Protect awareness presentations. LSMS to provide Trust Communications Team with information and articles for inclusion on team brief and newsletter.

As required

As Required

As available

7 days

5 days

3 days

6

2.4 The organisation ensures that security is a key criterion in any new build projects, or in the modification and alteration (e.g. refurbishment or refitting) of existing premises.

The organisation demonstrates effective communication between risk management, capital projects management, estates, security management and external agencies to discuss security weaknesses and to agree a response.

LSMS to liaise with NHS Property Services Ltd management and staff as required in relation to Trust incidents and projects. Attend Start-up project meetings. Liaise with Safer by Design Officer Carry out Security Risk Assessments.

As required

As required

5 days

5 days

2.5 All staff know how to report a violent incident, theft, criminal damage or security breach. Their knowledge and understanding in this area is regularly checked and improvements in staff training are made where necessary.

Trust incident reporting mechanism DATIX includes SIRs reporting. Completed security incident reports are forwarded to LSMS. Staff can complete incident forms electronically or hard copy. LSMS attends CRT on induction Programme to remind staff to complete incident forms

As required

Daily

As

Requested

2 days

30 days

2.6 All staff who have been a victim of a violent incident have access to support services should they

Lesson learnt meeting held ensure that victim has access to Counselling and victim support service in addition to Line Manager

As required

1 day

7

require it. and LSMS support.

2.7

Pilot

The organisation uses the Security Incident Reporting System (SIRS) to record details of physical assaults against staff in a systematic and comprehensive manner. This process is reviewed, evaluated and improvements are made where necessary

DATIX team liaising with NHS Protect SIRS team to place SIRS on DATIX. Use of SIRS to be written into the Incident Reporting Policy SIRS to be used to complete Trust’s annual return to NHS Protect

July 2015

August 2015

June 2016

July 2015

10 days

PREVENT & DETER

3.1 The organisation risk assesses job roles and/or undertakes training needs analyses for all employees, contractors and volunteers whose work brings them into contact with NHS patients and members of the public. As a result, the appropriate level of prevention of violence and aggression training is delivered to them in accordance with NHS Protects guidance on conflict resolution training and/or the prevention and management of clinically related challenging behaviour. The training is monitored, reviewed and evaluated for effectiveness.

LSMS attend CRT Trust Induction Training Maintain regular contact with training department. Review Trust’s CRT compliance % Monthly Training department evaluates training

Monthly

Monthly

Monthly

As required

Monthly

Monthly

Monthly

3 days

2 days

2 days

1 day

3.2 The organisation assesses the

8

risks to its lone worker, including the risk of violence. It takes steps to avoid or control the risks and these measures are regularly and soundly monitored, reviewed and evaluated for their effectiveness.

LSMS to attend post-incident review meetings and lessons learnt reviews. Risk assessments of lone workers recorded on SHE by managers prior to lone worker devices being issued. Lone Worker Devices Upgrade all Lone Workers to be trained

As required

As required

As required

3 days

1 day

25 days

3.3 The organisation distributes national and regional NHS Protect alerts to relevant staff and action is taken to raise awareness of security risks and incidents. The process is controlled, monitored reviewed and evaluated.

LSMS to manage, review, risk assess and disseminate NHS Protect Security Alerts and additional security related notifications. Records are maintained of distribution and associated actions.

On receipt

As required

2 days

1 day

3.4 The organisation has arrangements in place to manage access and control the movement of people within its premises, buildings and

any associated grounds.

Access control systems for wards across all sites. Periodical Cleansing exercise is conducted of the Control database.

Rolling

programme

Monthly

10 days

5 days

3.5 The organisation has systems in place to protect its assets from the point of procurement to the point of decommissioning or disposal.

Assets over £5,000 are record on asset register along with medical engineering equipment valued at under £5,000.

9

PREVENT & DETER


Capital asset register is maintained and audited within the department of Finance

3.7 The organisation has departmental asset registers and records for critical assets worth less than £5,000.

Register is maintained for Medical Engineering equipment valued under £5k. IT items bought in bulk are also recorded. Liaise with ASMS for advice to turn Green

Policy to be

developed

March

2016

5 days

3.8

The organisation has clear policies and procedures in place for the security of medicines and controlled drugs.

The Medicine Code issued by the

Clinical Director Pharmacy & Medicine

Management

Copy of Audit forwarded to LSMS

NHS Protect Medicine Security

Pharmacy/Ward/Department check lists

reviewed

Medicine Security Self-Assessment Tool

to be reviewed

LSMS to provide additional advice and

guidance.

June 2015

June 2015

June 2015

As required

1 day

1 day

1 day

3.9 Staff and patients have access to safe and secure facilities for the

Finance Department issued procedures for handling patients

4 days

10

storage of their personal property.

Cash, Valuables and Property. Liaise with Chief Nurse Modern Matrons. Remind Clinical staff of the Policies and Procedures

June 2015

June 2015

3.10 The organisation records all security related incidents affecting staff, property and assets in a comprehensive and systematic manner. Records made inform security management priorities and the development of security policies.

LSMS to monitor and audit DATIX and SIRS Trust incident reporting mechanism.

Monthly and

quarterly

report for

Security

Group

25 days


Trust has Lockdown Policy which has been practised. Business Continuity Plans in place for all services. Major Incident Plan in place. Risk Assessments to be undertaken of all critical assets and infrastructure by departments. Requirement for RAs to be written in Policies

Take part in

desktop

exercises as

required

7 days

3.12

In the event of an increased security threats, the organisation is able to increase its security resources and responses.

The Trust’s contractor has the ability to provide additional staff as required. Emergency Planning exercises

As required

As required

.5 day

1.5 day

11

3.13

The organisation has in place suitable lockdown arrangements for each of its sites, or for other specific buildings or areas.

The Trust has lockdown Risk Assessments for all three sites

Feb 2016

Feb 2016

1 day


The Trust has an electronic tagging system in place at one site to prevent potential child of baby abduction. Extend system to both sites. Review, test and evaluate the system Child Abduction Policy to be written in conjunction with Nursing/Safeguarding

July 2015

October

2015

May 2015

April 2015

10 days

1 day

7 days

HOLD TO ACCOUNT

4.1 The organisation is committed to applying all appropriate sanctions against those responsible for security related incidents..

LSMS to attend court, case conferences and other sanction hearings. Assist with police investigations. LSMS to prepare reports and evidence for use at court or other sanction hearings. LSMS sends out letters in relation to unacceptable verbal or aggressive behaviour by patients

As required

As required

As required

As required

2 days

2 days

5 days

4.2 The organisation has arrangements in place to ensure that allegations of security related incidents are

All security incident are reported through DATIX/SIRS reporting systems

See 3.11

above

12

investigated in a timely and proportionate manner and these arrangements are monitored, reviewed and evaluated.

All incidents are analysed on a monthly, quarterly and annual basis to identify trends to enable corrective actions to be put in place

20 days

4.3 Where appropriate, the organisation publicises sanctions successfully applied in case relating to a) unnecessary access to premises b) assaults on NHS staff c) breaching the security of NHS premises and property d) acts of theft and criminal damage.

LSMS sends out letters in relation to unacceptable verbal or aggressive behaviour by patients. See 4.1 Trust has policy in place to exclude patients if necessary

As required

5 days

4.4 The organisation has a clear policy on the recovery of financial losses incurred due to security related incidents and can demonstrate its effectiveness.

Policy included in Trust’s Standing Financial Instructions.

Signature of the Local Security Management Specialist

Print Name: J Melville Date: March 2015

Signature of the Security Management Director:

Print Name: J Johal Date: March 2015

13

Appendix 4

Work Plan for Year 1st April 2016 – 31st March 2017

Local Security Management Specialist: John Melville

Site: Scunthorpe, General Hospital, Diana, Princess of Wales Hospital Grimsby & Goole District Hospital

Number of Employees: 7,582

Area Task/Objective Target Dates Completed

Date

Days/Time

Allocated

Actual

Days

SRT LEVEL STRATEGIC GOVERNANCE

1.1 A member of the executive board or equivalent body is responsible for overseeing and providing strategic management and support for all security management work within the organisation. This person is nominated to NHS Protect

LSMS to meet quarterly with SMD or as required. Provision of quarterly reports of security management activity to Security Group Meetings. Investigation or management reports to be provided as required Provide an Annual Security Report to the Trust board

Quarterly

Apr/Jun

Sep 2016/Jan

2017

March 2017

1 day

4 days

15 days

5 days

1.2 The organisation employs or contracts a qualified, accredited and nominated security specialist(s) to oversee and undertake the delivery of the full range of security management work.

Trust employs accredited LSMS and SMD registered with NHS Protect Attend NHS Protect quarterly meeting and supporting events. Attend CPNI training and NHS Protect training as required.

Jun, Sep, Dec

16 & Mar 17

Mar 2017

4 days

4 days

14

1.3 The organisation allocates resources and investment to security management in line with its identified risks.

Data provision and audit of Reported Physical Assault requirements and NHS protect Quality Assurance audit. Preparation and provision of annual security management work plan, Self-Review Tool.

June 2016

November

2016

10 days

5 days

1.4 The organisation reports annually to its executive board, or equivalent body, on how it has met the standards set by NHS Protect in relation to security management, and its local priorities as identified in its work plan.

Preparation and submission of annual security management report. LSMS to presents work plan to Trust Board. Completion and submission of Security Management Self Review Tool. Present to Security Group

See 1.1

above

Mar 2017

November

2016

5 days

5 days

1.5 The organisation has a security management strategy aligned to NHS Protect’s anti-crime strategy. The strategy has been approved by the executive body or equivalent body and is reviewed, evaluated and updated as required.

Review all policies in line with any legislation changes and NHS Protect guidance. Security Work Plan presented to Board as part of Annual Report Complete a Gap Analysis of Trust evidence against NHS Protect Standards and Standard Contract and update

As Required

See 1.4

above

May 2016

Then ongoing

5 days

10 days

20 days

INFORM & INVOLVE

2.1 The organisation develops and maintains effective relationships

LSMS attends Bi-monthly meetings

Mar, May

1.5 days

15

and partnerships with local and regional anti-crime groups and agencies to help protect NHS staff, premises, property and assets

with Police Hate Crime Committee/Counter Terrorism Advisers Conduct Security Risk Assessments of departments and place on SHE Policies Reviewed and developed in 1.5 above published on Intranet for all Trust staff

Jul, Sep, Nov

16 & Jan,

Mar 17

As Required

As required

15 days

5 days

2.2 The organisation has an ongoing programme of work to raise awareness of security measures and security management in order to create a pro-security culture among all staff. As part of this, the organisation participates in all national and local publicity initiatives, as required by NHS Protect, to improve security awareness. This programme of work will be reviewed, evaluated and updated as appropriate to ensure that it is effective.

LSMS distributes Security Management materials and information. LSMS to facilitate security awareness and NHS Protect awareness presentations. LSMS to provide Trust Communications Team with information and articles for inclusion on team brief and news bulletins.

On going

As Required

As required

2 days

4 days

2 days

2.3 The organisation ensures that security is a key criterion in any new build projects, or in the modification and alteration (e.g. refurbishment or refitting) of existing premises. The

organisation demonstrates effective communication between

LSMS to liaise with NHS Property Services Ltd management and staff as required in relation to Trust incidents and projects. Attend Start-up project meetings and provide security report as required.

As required

7 days

16

risk management, capital projects management, estates, security management and external stakeholders to discuss security weaknesses and to agree a response.

Liaise with Humberside Police Safer by Design Officer.

As Required

2 days

2.4 All staff know how to report a violent incident, theft, criminal damage or security breach. Their knowledge and understanding in this area is regularly checked and improvements in staff training are made where necessary.

Trust incident reporting mechanism DATIX includes SIRs reporting. Completed security incident reports are forwarded to LSMS. LSMS attends Induction Briefing

Daily

Monthly

30 days

1 day

2.5 All staff who has been a victim of a violent incident has access to support services if required.

Lesson learnt meeting held ensure that victim has access to Counselling and victim support service in addition to Line Manager and LSMS support.

As requested

2 days

2.6 The organisation uses the Security Incident Reporting System (SIRS) to record details of physical assaults against staff in a systematic and comprehensive manner. This process is reviewed, evaluated and improvements are made when necessary.

Trust incident reporting mechanism DATIX includes SIRs reporting. Completed security incident reports are forwarded to LSMS.

As required

See 2.4

above

2 days

PREVENT & DETER

3.1 The organisation risk assesses job roles and undertakes training needs analyses for all employees, contractors and volunteers whose work brings them into contact with NHS patients and members of the

LSMS attends CRT Trust Induction Training Maintain regular contact with

See 2.4

above

17

public. As a result, the level of training on prevention of violence and aggression is delivered to them in accordance with NHS Protects guidance on conflict resolution training. The training is monitored, reviewed and evaluated for effectiveness.

training department. Review Trust’s CRT compliance % Monthly Training department evaluates training Training figures are presented to the Security Group

Monthly

Monthly

As required

Quarterly

1 day

2 days

1 day

.5 day

3.2 The organisation ensures that staff whose work brings them into contact with NHS patients are trained in the prevention and management of clinically related challenging behaviour, in accordance with NHS Protect’s guidance. Training is monitored, reviewed and evaluated for their effectiveness.

Level 1 training provided by training department as part of CRT programme.

3.3 The organisation assesses the risks to its lone workers including the risk of violence. It takes steps to avoid or control the risks and these measures are regularly and soundly monitored, reviewed and evaluated for their effectiveness.

LSMS to attend post-incident review meetings and lessons learnt reviews. Risk assessments of lone workers recorded on SHE by managers prior to lone worker devices being issued. Lone Worker Devices Upgrade all Lone Workers trained Usage figure sent to managers on a monthly basis

As required

As required

As required

Monthly

3 days

1 day

5 days

12 days

18

3.4 The organisation distributes national and regional NHS Protect alerts to relevant staff and action is taken to raise awareness of security risks and incidents. The process is controlled, monitored reviewed and evaluated.

LSMS to manage, review, risk assess and disseminate NHS Protect Security Alerts and additional security related notifications and withdrawals. Records are maintained of distribution and associated actions.

On receipt

As required

2 days

1 day

3.5 The organisation has arrangements in place to manage access and control the movement of people within its premises, buildings and any associated grounds.

LSMS to advise project teams on provision of appropriate security access requirements at sites subject to acquisition, refurbishment or change of use. LSMS attends pre-start meetings Trust is part of the Park Mark Safer Parking Scheme Review

As required

As required

Annually

2 days

2 days

.5 day

3.6 The organisation has systems in place to protect its assets from the point of procurement to the point of decommissioning or disposal.

Policies and procedures are in place. Departments to risk assess assets

December

2016


Assets over £5,000 are record on asset register along with medical engineering equipment valued at under £5,000.

PREVENT & DETER

19

3.8 The organisation has departmental asset registers and records for business critical assets worth less than £5,000.

Capital asset register is maintained and audited within the department of Finance

Business continuity plans to include list of critical assets IT assets are recorded on the SNOW system

March 2017

5 days

3.9 The organisation has clear policies and procedures in place for the security of medicines and controlled drugs.

The Medicine Code issued by the Clinical Director Pharmacy & Medicine Management Copy of Audit forwarded to LSMS NHS Protect Medicine Security Pharmacy/Ward/Department check lists reviewed and updated if required

December

2016

December

2016

2 days

3.10 The organisation has policies and procedures in place to ensure prescription forms are protected against theft and misuse. These policies and procedures are reviewed, evaluated and updated as required.

The Medicine Code issued by the Clinical Director Pharmacy & Medicine Management

.

3.11 Staff and patients have access to safe and secure facilities for the storage of their personal property.

Finance Department issued procedures for handling patients Cash, Valuables and Property.

3.12 The organisation records all security related incidents affecting staff, property and assets in a comprehensive and systematic

LSMS to monitor and audit DATIX and SIRS Trust incident reporting mechanism.

Quarterly report for Security

10 days

20

manner. Records made inform security management priorities and the development of security policies.

Group


Business Continuity Plans in place for all services. Policy on the Security and Management of Assets to be Produced and Published .

See 3.8

above

April 2016

2 days

3.14

In the event of an increased security threat level, the organisation is able to increase its security resources and responses.

The Trust’s contractor has the ability to provide additional staff as required. Emergency Planning exercises

As required

As required

.5 day

1.5 day

3.15

The organisation has suitable lockdown arrangements for each of its sites, or for specific buildings or areas.

The Trust has lockdown Risk Assessments for all three sites


The Trust has an electronic tagging system in place at SGH Maternity Unit to prevent potential child of baby abduction. Abduction Policy in place and tested. Trust holds copies of on-site Private Nursery abduction plans

HOLD TO ACCOUNT

21

4.1 The organisation has arrangements in place to ensure that allegations of security related incidents are investigated in a timely and proportionate manner and these arrangements are monitored, reviewed and evaluated.

Security related DATIX reports are sent to the LSMS on a daily basis and any investigations are reported through the Security Group,

See 2.4

above

4.2 The organisation is committed to applying all appropriate sanctions against those responsible for security related incidents.

LSMS to attend court, case conferences and other sanction hearings. Assist with police investigations. LSMS sends out letters in relation to unacceptable verbal or aggressive behaviour by patients

4.3 Where appropriate, the organisation publicises sanctions successfully applied following security related incidents.

LSMS sends out letters in relation to unacceptable verbal or aggressive behaviour by patients. And staffs are informed of action. Trust has policy in place to exclude patients if necessary Sanctions Published in Weekly News Bulletin

As required

5 days

4.4 The organisation has a clear policy on the recovery of financial losses incurred due to security related incidents, and can demonstrate its effectiveness.

Policy included in Trust’s Standing Financial Instructions.

22

Signature of the Local Security Management Specialist

Print Name: J Melville Date: April 2016

Signature of the Security Management Director:

Print Name: W Booth Date: April 2016

nlg(16)175 - board annual security report 2015-16...nlg(16)175 date of meeting 29 april 2016 report...

Documents