SECURITY TOOLKIT 4/21/2015. Page 1 of 49

(1)

Page 1 of 49

SECURITY TOOLKIT

(2)

Page 2 of 49 Working Group Members

Name Organization

Brenda Snider Service Employee International Union Clinton Hodges Toronto East General Hospital

David Borwick Extendicare

DJ Sanderson Southlake Regional Health Centre

Heather Ramore Peel Police

John Tcherkezian Yee Hong Centre for Geriatric Care Kelly Walker Northumberland Hills Hospital

Sherri Bastos Revera

(3)

Page 3 of 49

TOOLKIT OBJECTIVES

 To incorporate knowledge from both empirical and experiential evidence to enhance the PSHSA Workplace Violence Risk Assessment Tool (WVRAT) for Acute Care and Long Term Care.

 To confirm and refine key components of the PSHSA WVRAT, including the risk matrix of probability and impact, hazards, corresponding controls, and potential solutions.

 To address risk assessment for all 4 types of workplace violence.

 To develop considerations for prioritization when implementing workplace violence risk assessment.

(5)

Page 5 of 49

Introduction

Workplace violence, vandalism, theft and property damage are not uncommon events in the healthcare industry and at times unfortunate and tragic events can occur. Workplace security is considered an important workplace violence prevention control with regards to all four types of workplace violence (i.e., Type 1: External, Type 2: Client or Customer, Type 3: Worker to Worker, Type 4 Domestic Violence). Healthcare Security is the prevention of harm to and protection of persons and property. Security is ensured through proactive measures, processes, monitoring, patrol, and emergency responses as necessary. It may include but is not limited to the implementation of a safety management plan, appropriately trained and competent personnel that fulfills security functions, policy, procedures, activities; and the use and application of equipment and materials. Although important, this toolkit does not address security as it relates to computer and or client health information or privacy legislation as it is beyond the scope of this document.

Employers, managers, supervisors, and employees can all make a difference in keeping the workplace safe. Everyone in the workplace has roles and responsibility for both safety and security. Security can be integrated as part of the care team and also into the provision of care. Whether your organization has a formal security department and/or personnel or not, organizations in all subsectors of healthcare (i.e., acute care, community care, and long terms care) need to ensure security measures and procedures are in place to protect employees and the people they serve.

Through the Discovery Phase of the Prevention and Management of Workplace Violence Initiative, the topic of security was identified as a priority area for toolkit development because of the limited

resources available to healthcare organizations, including commonly accepted standards. Criteria need to be developed for healthcare organizations to adopt in order to ensure adequate and appropriately trained security guard or personnel responsible for security. Further, guidelines are required for ensuring worker safety for organizations that do not have designated security personnel. However, it is not within the scope of this toolkit to recommend security staffing levels.

The goal is to develop a Security Toolkit that can be used by health care organizations with or without designated security personnel to ensure security functions are adequately performed by competent and trained staff. Specific objectives are:

 To develop a Security Program Self Assessment Checklist and Action Plan incorporating occupational health and safety program, continuous quality improvement principles, and comprehensive Security functions.

 To develop a framework of policies and procedures that corresponds to the Security Program checklist.

 To develop a list of training topics for both security personnel and general staff based on leading practices and training standards.

 To compile a list of resources on relevant topics related to Security, such as legislations, training standards, industry guidelines.

(6)

Page 6 of 49

Understanding Security Functions

The International Association for Healthcare Security & Safety (IAHSS) is “the only organization solely dedicated to professionals involved in managing and directing security and safety programs in

healthcare institutions.” The IAHSS Handbook on Healthcare Security Basic Industry Guidelines assists healthcare administrators in fulfilling their obligation to provide a safe and secure work environment. The guidelines describe a comprehensive list of Security Functions (Table 1) that can be helpful for healthcare organizations when conducting self assessment on roles and accountabilities for each of the security functions and whether the identified roles fulfilling security accountabilities have the required knowledge, skills, training and organizational support to competently fulfill these security functions. It is understood that some of the identified security functions may not be applicable to all healthcare

settings.

Table 1: Sample Security Functions

Security Functions Specific Components

Program Development  Security Management Plan

 Security Risk Assessments Program Management  Security Administrator

 Violence in Healthcare

 Prisoner Patient Security

 Security Role in Patient Management

 Security Officer Use of Physical Force

 Home/Community Health Security

 Security Staffing and Deployment

 Searching Clients and Client Areas for Contraband

 Security Response to a Critical Incident

 Emergency Measures & Procedures (e.g., Active Shooter)

 Restricting Weapons in the Healthcare Environment

Training  Security Guard/Personnel Training

 General Staff Security Orientation and Education

Investigations  General

 Covert Investigations

 Drug Theft/Misappropriation Documentation  Security Incident Reporting Program

Measurement/Improvement

 General

Access Control  Identification System

 Facility Restricted Access (Emergency Lockdown)

 Approaching Persons of Interest

 Client Access

Physical Security  Electronic Security Systems

 Use of Video Surveillance Areas of Higher Risk  Security Sensitive Areas

 Infant/Pediatric Abduction Response and Prevention

 Security in the Emergency Care Setting

(7)

Page 7 of 49

 Behavioural/Mental Health Emergency Management  General

 Security Role in an Emergency Operations Centre

 Security Role in a Communicable Disease Outbreak Adapted from IAHSS Guideline (2012)

About the Security Tools

The security toolkit provides sample tools to assist healthcare organizations in identifying security program gaps in their organization and developing an action plan. In addition many of the tools focus on developing a better understanding of the security function components and security training

requirements, many of which are based on leading practices and/or standards. Security Program Self Assessment, Gap Analysis and Action Plan

Many organizations are unaware of their security program gaps. The Security Program Self Assessment tool can be used to determine specific security program gaps related to:

 Senior management commitment;

 Security oversight, functions, roles and responsibilities;  Security program needs assessment;

 Security program documentation such as policies and procedures, safe work practices: security training;

 Security training and awareness;

 Provision and installation of security-related equipment and its maintenance;  Security-related incident reporting and investigation;

 Security program evaluation.

See Appendix A for the Security Self Assessment Checklist and instructions on “how to use the tool”. Appendix A also provides a list or resources that an individual organization may want to explore further when assessing and/or implementing a security program. Note the resources are not an all inclusive list. Once organizations have completed the self assessment, they can move on to indentifying security function and program gaps; developing an action plan; and assigning responsibilities and target dates for completion. In addition the organization can make recommendations to senior management as needed. See Appendix B Security Program Gap Analysis and Action Plan and “how to use the tool”.

Security Policies and Procedures

Healthcare organizations should have a corporate security policy or standard that outlines the purpose and scope. The policy should demonstrate the organization’s commitment to workplace security and provide direction regarding communication, training and evaluation of the program. Most importantly the security policy should provide clarity regarding roles, responsibilities and expectations of the relevant workplace parties. Appendix C provides a sample policy that can be customized to meet the needs of an organization whether the organization has a formal security department and/or security guards, or not. Note the sample Corporate Security Policy promotes consultation with Joint Health and

(8)

Page 8 of 49

Safety Committee (JHSC) and/or Health and Safety Representative (HSR) and it also highlights the need for organizations to comply with reporting requirements as outlined in the health and safety legislation (Occupational Health and Safety ActR.S.O. 1990; Ontario Regulation 67/93 Healthcare and Residential Facilities Regulation).These legislated inclusions will help protect the health and safety of workers in the workplace.

Community and healthcare organizations are diverse in their security needs. Organizations will have to determine which additional security-related standards, policies and/or procedures apply to their situation based on their organizational risk assessment and knowledge of industry-related risks. Appendix D provides a sample list of additional security-related policies and/or procedures that may apply to an organization and there is an explanation on “how to use the tool”.

Security Administrator Training

The security administrator or designated leader who is authorized to oversee the security portfolio in a community or healthcare organization requires knowledge and training to fulfill their duties whether there is a security service and/or security guard(s) or not. In small organizations where there is no security manager or security guards, the security oversight needs to be delegated to a manager. In these cases other persons in the organization may share the various security roles. A summary of suggested training is summarized in Appendix E.

Security Guard Training

Background

The Private Security and Investigative Services Act (2005) replaced the Private Investigators and Security Guards Act (1966). It now regulates private investigators, security guards and companies who are in the business of providing the services of private investigators and security guards. The training & testing provisions of the Private Security and Investigative Services Act (2005) came into force on April 15, 2010 (Training & Testing - Ontario Regulation #230/2010). These provisions were based on the previously published curricula.

The new Act defines a security guard as “a person who performs work for remuneration that consists primarily of guarding or protecting persons or property”. This would include persons performing duties in provincial hospitals, mental health care settings and forensic units.

As of this date, all persons desiring to become a licensed security guard in Ontario are first required to successfully complete the “40 hour” security guard training program and the government “security guard” test. Once a person has successfully passed the government “security guard” test, they are then able to apply for a security license. Those security guards failing to successfully pass the government “security guard” test were required to complete the basic “40 hour” security guard training program prior to re-taking the government “security guard” test. Licensing of security guards in the province of Ontario is overseen by the Ministry of Community Safety and Correctional Services.

(9)

Page 9 of 49

Furthermore, the Canadian General Standards Board (CGSB) is a federal government organization that provides client-centered comprehensive standards development, training programs and conformity assessment services in support of the economic, regulatory, procurement, health, safety and environmental interests of the stakeholders that includes government, industry and consumers.

The 2008 CGSB Security Training Program (Can/CGSB-133.1-2008) provided a 54-hour curriculum that was developed and intended for persons performing security related duties/functions. See Table 2.

Table 2. Training Program Content Suggested Hours of

Training

 Administration/Introduction/Evaluation of Candidates Knowledge

 Introduction to Duties and Responsibilities

 Professionalism and Public Relations

 Legal Authorities, Duties and Responsibilities

 Alarm and Protection Systems

 Traffic Movement

 Personnel and Material Access Control

 Report Writing, Note Taking, Evidence and Crime-Scene Sketching

 Response to Emergency Situations (Bombs, Fires, etc)

 Patrol Procedures

 Labour Disputes

 Relations with Police

 Use of Force Principles

 Effective Communications

 First Aid / CPR Training

3 2 3 6 2 1 3 4 9 4 2 1 6 8 Additional Hours as Required CGSB Security Training Program (Can/CGSB-133.1-2008)

Training Program Considerations

While security guards play a key role in workplace violence prevention and management, there is a lack of consistent approach to orientation and ongoing training and development of security guards. This outline is developed based on a current training model at a large community hospital. It is informed by best practice and is consistent with the expectations and obligations in respect to the provision of services as a security guard. The intent of the training outline is to assist healthcare organizations to determine the validity and quality of training programs when acquiring a provider.

(10)

Page 10 of 49

When evaluating a training program or considering an RFP for services, the following items should be considered.

1. Qualifications of the program developer/writer?

2. When the program was last updated / is the content current? 3. What are the qualifications of the trainers?

4. Does the company providing service have insurance related to the provision of opinion related to the subject material?

5. Will the company maintain records of training for your organization?

6. Can the company testify and defend the subject material if the course content is challenged through legal process?

7. Cost structure for both initial training and recertification process?

All training should be conducted annually and should have testing processes to ensure both the course content is understood and that the students in training are able to perform the physical skills to a reasonable level of proficiency.

Training Outline

There are a number of training programs available to the security profession that are designed and intended to provide the requisite skills to enable persons to exercise judgment, display due

diligence and to meet a duty of care. This includes persons performing security provision in provincial hospitals, mental health care settings and forensic units. These programs are the basis for industry standards, and are utilized and continue to be utilized throughout the province of Ontario. It is important to note that industry standards represent a method or technique that has consistently shown results superior to those achieved with other means, and that is used as a benchmark. See Appendix F for Sample Security Guard Training Program Components.

The security guard position may possess many inherent health and safety risks. Under the Occupational Health and Safety Act (OHSA) the employer is required to ensure that worker’s receive appropriate health and safety information and instruction including training. To demonstrate due diligence, the employer must provide training but also keep records of training content, and all new hire orientation training and refresher training. In addition the frequency of training should be established. Appendix G provides a Security Guard Training for Healthcare Institutions Checklist that demonstrates security topics and suggested frequency. Organizations with a security guard function can use this sample as a starting point and customized their training to meet their needs.

Management and Worker Training

Under the OHSA employers are required to acquaint workers and those with the authority over workers of existing and potential hazards, and also provide workers with information and instruction on

(11)

Page 11 of 49

measures and procedures to ensure their health and safety. This also applies to health and safety hazards related to security. A security training “needs assessment” should be conducted for managers and workers. This can be partly based on the findings of the organizational risk assessment and on staff surveys or focus groups. A sample of relevant security topics may include but are not limited to:

 Corporate security policy  Department security protocols

 Workplace violence prevention policy and procedures  Emergency measures, codes and responses

 Non-violent crisis intervention

 Access control including sensitive areas  Photo identification

 Reporting hazards and incidents  Personal alarm systems

 Pandemic planning and infectious agents security protocols  Working alone

 Protection of personal belongings  Security in the community and home  Parking lot security and safety  Medication security

 Patient assessment  Use of restraints

Employers and managers or supervisors may find it easier to develop training matrices to ensure that all parties receive the appropriate training in a timely fashion. Raising awareness about the importance of security for everyone’s safety is also an important step. Everyone needs to understand their roles and responsibilities related to security as well as the responsibilities of others. Security should be top of mind. To enhance workplace security awareness a Security Awareness Fast Fact in Appendix G outlines workplace party responsibilities and security safety tips and “how to use the tool”.

Health and Safety Training Consultation

Healthcare organizations such as hospitals, private hospitals, psychiatric facilities, long term care, group homes, and child and family services for instance are governed under the Healthcare and Residential Facilities Regulation (HSRFR). For organizations where the HSRFR applies, employers in consultation with and in consideration of the recommendations of the JHSC and/or HSR must develop, establish and provide training and education in health and safety measures and procedures for workers. These healthcare organizations need to establish clear processes to ensure that the JHSC and/or HSR are consulted as required in the regulation.

(12)

Page 12 of 49

APPENDIX A. SELF ASSESSMENT SECURITY CHECKLIST

How to Use this Tool

1. A multi-disciplinary committee or task force should complete the self-assessment checklist and recommended action plan. This committee or task force typically reports to senior management so it is important that the committee has the support and permission from senior management to proceed. Senior management should assign a committee lead that will coordinate the

activities and act as a liaison between the two parties. Senior Management will need to establish which individual(s) at the Senior Management will receive the final report and any updates from the committee or task force. To ensure clarity of objectives, roles and responsibilities, the committee should establish a terms of reference.

2. Membership composition for the committee should be diverse and include management and worker members including joint health and safety committee (JHSC) and/or health and safety representative (HSR) and union. Various functional departments should be included but not limited to: client care programs; environmental services, maintenance and support programs; human resources and occupational health and safety; education; security services if any; and other relevant functions as the organization sees fit. Every organization is different and each organization will need to determine their committee structure and composition. For instance some organizations may utilize an existing workplace violence prevention steering committee and others may use their JHSC or a subcommittee of the JHSC. Using existing committee structures can add value to the process.

3. The committee should review the completed workplace violence organizational risk assessment to identify security-related risks as well as security-related controls that should be in place. Knowledge from the risk assessment will enhance completion of the self-assessment checklist. 4. There are 12 elements in the self-assessment security checklist for consideration. Those

completing the tool are required to carefully read and review each element and determine whether the element applies. If it does not apply then select N/A for not applicable. If the element or sub-element applies use a check mark in the sub-element box and also indicate in the designated column whether the element is present yes, no or partial.

5. Document any comments regarding what is in place and what is not in place. The organization should use any evidence available to determine whether the element is in place or not e.g. documents, training records etc. Be specific as this will assist the organization in identifying security program gaps.

6. Ensure all committee members understand how to use the tool prior to commencing its use. 7. Once the Security Program Self Assessment Checklist is complete the organization can move

onto completing the Security Program Gap Analysis and Action Plan (Appendix B), a sister document to Appendix A.

(13)

Page 13 of 49

SECURITY PROGRAM SELF ASSESSMENT CHECKLIST

ITEM KEY ELEMENTS CHECKLIST N/A Yes No Partial Comments Resources

1.0 There is commitment from senior management to develop, implement and maintain a security plan and program.

There is senior leadership commitment to:

 financial and human resources

 appointment of a security program administrator or leader

 establishment of multidisciplinary steering committee, including joint health and safety committee

representatives

 provision of adequate training to enable roles to carry out the security functions.

 to oversee the development, implementation and monitoring of the security plan and program.

PSHSA (2006)

Hollier (2014)

2.0 There is a security administrator or designated leader who is qualified and authorized to oversee the security program.

Security administrator as designated leadership with primary responsibilities for the security functionOR A designated leader in an alternate role when there is not a security administrator position:

 Security functions are clearly articulated in the job description(s) of the role(s) performing security administrator

 Has the relevant training and education to oversee the security program

 Has policy-making authority

 Has the authority to address imminent threat of danger

 Has the standing authority to deploy and implement necessary measures in response to the threat

 Is entitled to be consulted in building renovations and new building planning – architectural design principles such as CPTED (Crime Prevention Through

Environmental Design) and care principles

 Takes on a lead role in coordinating the

Competent Supervisor: Occupational Health and Safety Act R.S.O. 1990

International Association for

Healthcare Security and Safety (2012)

Crime Prevention Though Environmental Design

(14)

Page 14 of 49

multidisciplinary team that is appointed to develop and maintain the workplace violence program

 Takes on a lead role in the workplace violence risk assessment process and design of any safety plan

ITEM KEY ELEMENTS CHECKLIST _N/

A Ye s No Parti al Comments Resources

3.0 Security functions are clearly articulated in the job descriptions of roles performing security roles and responsibilities.

Security roles and responsibilities:

 Carry out authorities available to a security officer under the Criminal Code, common law, protection of other persons, defense of property, self-defense, seizure and use of force; and under provincial and municipal legislation e.g. trespass and provincial offences legislation and parking by-laws; and duties as outlined by the employer (CAN/CGSB-133-2008)

 Conduct patrols, inspections, guarding and fulfill routine service requests

 Respond to emergencies in compliance with the organization’s policies and procedures

 Report any hazards and deficiencies

 Complete documentation in accordance with the accepted standards

 Carry out other activities as required by the manager/administrator e.g. represent security on committees etc.

 Participate in investigations related to security matters and communicate findings in compliance with the organization’s policies and procedures

Competent Supervisor: Occupational Health and Safety Act R.S.O. 1990

4.0 Security role in client management

 Policies and procedures are developed that identify responsibilities and scope of activities of security in performing client intervention activities.

 Client intervention activities may include performing

(15)

Page 15 of 49

client watches, holds, restraints and seclusions relative to the medical evaluation or treatment of clients.

 Security’s client intervention activities should be documented.

 Training is provided to security pertaining to its role in client management.

 Collaborative training with clinical staff should include de-escalation, proper client restraint techniques, and non violent crisis intervention.

5.0 Security role in emergency management

 An emergency management program is developed and maintained to identify and address

threats/hazards/emergencies that may impact the facility and its operations.

 Security Role in an Emergency Operations Centre: security personnel may be assigned to fulfill the security functions including monitoring and having authority over the general security of the facility and its people, management scene/facility protection and traffic control.

 Security Role in a Communicable Disease Outbreak that requires security to activate, adapt and

supplement processes and mechanisms in order to continue the provision of a safe care environment. Planning for outbreaks should include identification of essential security services and measures to address shifting demand for security resources.

6.0 The organization has conducted a risk assessment to assess security program needs.

 Identify people and property assets that are to be protected

 Review of current security measures and procedures in place

- Inventory of policies and procedures in place - Inventory of security and security-related

equipment

   International

Association for

(16)

Page 16 of 49

- Inventory of security personnel

 Risk assessment of environmental security

 Analysis of internal documents such as security logs and security incidents, client/client/workplace violence incidents and hazard reports, local police crime statistic, information from like organizations, legislative requirements and security standards

 Security program climate survey - workplace survey

 Best practice is to have questions in the staff

engagement/satisfaction survey and incorporating into the organization’s plan

 Security plan should be part of the organizational plan

7.0 There is a documented security program in place and evidence of program implementation.

 Written security policy demonstrating senior management commitment, goals, definitions, scope, roles and responsibilities and commitment to annual review and evaluation

 Written procedures and protocols for both clinical and non-clinical situations; both prevention and protection, for example:

- Prohibition of carrying firearms and weapons - Prevention and responding to targeted violence - Prisoner Client Security

- Client Management – security role - Communications

- Training needs assessment , training matrix, training requirements for security personnel, administrator

- Use of force - Premises safety - Home health security

- Security staffing and deployment based on risk assessment

- Duties and expectations of security staff

- Searching clients and client areas for contraband - Response to critical incident

- Active Shooter

- Incident reporting and investigation

   Canadian General

Standards Board. (2008).

Healthcare Security and Safety Handbook (2012)

PSHSA (2006) PSHSA (2012) Fast Fact: Protecting workers working alone PSHSA (2010) Fast Fact: Tips for guarding your personal safety on home visits The NHS Staff Council (2009) Improving Safety

(17)

Page 17 of 49

- Other e.g. covert investigations, drugs - Policies for community

- Policies for long term care - Safe travel

- Organizational Risk Assessment - Client Risk Assessment

 Documented training program for security personnel

 Documented training program for administrator or person in charge of security

 Awareness training and communication for all staff, management

 Awareness communication to visitors and clients

 Access control – staff ID, facility restricted access, emergency lock down, approaching persons of interest, visitor access, signage

 Physical Security systems – electronic security, video surveillance,

 High Risk Areas

 Emergency responses and codes

 Security during emergency management (incident management system)

 Security during infectious disease outbreak or pandemic

 Security in Emergency Department

 Security Safety Program is developed and reviewed at least annually

 Joint Occupational Health and Safety Committee (JHSC) or Health and Safety Representative (HSR) is consulted in revisions and training

 Security participation on committees and clinical teams

for Lone Workers Carlson (2011) Dooley (2014)

Fox & Whitehorn (2014) Hollier (2014)

Morris & Oswalt (2014) See Security Policies List Document

8.0 There is a security training and awareness program.

 Any individuals performing security services should be trained to meet regulatory or legislatively required standards for security training and healthcare security industry standard practices.

 Security orientation and education needs of general staff should be identified and a orientation/education program should be implemented.

Canadian General Standards Board (2008).

Healthcare Security and Safety Handbook

(18)

Page 18 of 49

 Security Personnel – training matrix

 Security administrator with security personnel

 Security administrator without on site security personnel

 Employee and Management training – training matrices including awareness training

 Personal protective equipment

 Awareness Training Campaign

(2012)

Ministry of Community Safety and Correctional Services. (2009). Hollier (2014) ,Morris Oswalt (2014)

9.0 Security equipment is available and maintained.

Examples:

 Video camera surveillance

 Access control systems

 Intrusion alarms

 Personal alarms, panic buttons, GPS/cellular distress systems

 Other

10.0 Work environment design or redesign

 Security is considered in new and existing work environment design or redesign

Crime Prevention Though Environmental Design (n.d.)

11.0 Incident Reporting and Investigation

 All related security incidents, accidents and hazards are reported and investigated promptly to identify immediate and root causes and implement timely corrective actions and/or recommendations. Ensure

PSHSA (2006) Occupational Health and Safety Act

(19)

Page 19 of 49

JHSC/HSR involvement e.g. critical and fatal injury investigations; and hazard, accident and illness summaries and notifications as per OHS act.

12.0 Security Program Evaluation

 Security quality indicators both leading (e.g., training, patrol frequency, etc.) and lagging (e.g., use of force %, incident rate, loss time) have been selected and are used for evaluation.

 There is a process to evaluate the program at least annually

 JHSC/HSR is consulted in program revisions and training

 Security safety quality improvements recommendations are considered by senior

management and where appropriate recommendations are implemented as required.

PSHSA (2006)

(20)

Page 20 of 49

APPENDIX B. SECURITY PROGRAM GAP ANALYSIS AND ACTION PLAN

1. Once the Security Program Self Assessment Tool Checklist is complete, the steering committee or task force can move on to completing the Security Gap Analysis and Action Plan Tool.

2. The multi-disciplinary committee will need to review each element. If there is a gap in a Security Program Self Assessment Tool Checklist element please check the corresponding element and/or sub-element box in the Security Program Gap Analysis checklist.

3. Based on the findings identified in the Security Program Self Assessment Tool Checklist the committee should clearly develop actions to reduce the security program gap. This may include clear actions to remedy the gap in addition to further investigation of gap or identification of needed resources such as training. Robust discussions and brain-storming should take place by the committee members to ensure comprehensive actions are developed.

4. The next step is to assign responsibilities to a person that has the authority and ability to carry out the action. Consultation with management may be required.

5. Identify a target date for completion. Note that the action completion date will be entered when the activity is completed.

6. Once the document is complete the committee can develop a report for Senior Management outlining the purpose of committee activities, the findings from the Security Program Gap Checklist, Gap Analysis and the recommendation as outlined in the Security Program Action Plan. 7. The report including the recommendations established by the committee should be provided to

(21)

Page 21 of 49

SECURITY PROGRAM GAP ANALYSIS AND ACTION PLAN

ITEM SECURITY PROGRAM KEY ELEMENTS GAPS

(Check the box if it is a gap)

Action Plan Person

Responsible

Target Date

Date Completed

1.0 There is commitment from senior management to develop, implement and maintain a security plan and program.

 There is senior leadership commitment including financial and human resources e.g.

- appointment of program administrator or leader - development of multidisciplinary steering

committee

2.0 There is a security administrator or leader who is qualified and authority to oversee the security program

Security administrator :

 Has the training and is competent to oversee the security safety program

 Has policy-making authority

 Has the authority to address imminent threat of danger and has the authority to deploy and implement necessary measures in response to the threat

 Entitled to be consulted in building renovations and new building planning – architectural design principles such as CPTED (Crime Prevention Through

Environmental Design) and care principles

 Integration of security leadership role with other leadership functions

 Security functions are added in the job descriptions of roles performing security administrator responsibilities

3.0 Security Guard functions are clearly articulated in the job descriptions of roles performing security roles and responsibilities.

Security Guard roles and responsibilities :

(22)

Page 22 of 49

Responsible

Target Date

under the Criminal Code, common law and case law, protection of other persons, defense of property, self-defense, seizure and use of force; and under provincial and municipal legislation e.g. trespass and provincial offences legislation and parking by-laws; and duties as outlined by the employer (CAN/CGSB-133-2008)

 Conduct patrols, inspections, guarding and fulfill routine service requests

 Respond to emergencies in compliance with the organizations policies and procedures

 Report any hazards and deficiencies and ensure corrective actions are taken

 Complete documentation in accordance with the accepted standards

 Carry out other activities as required by the manager/administrator e.g. represent security on committees etc.

Participate in investigations related to security matters and communicate findings to the security administrator as required

4.0 Security role in patient management

 Policies and procedures are developed that identify responsibilities and scope of activities of security in performing patient intervention activities.

 Patient intervention activities may include performing patient watches, holds, restraints and seclusions relative to the medical evaluation or treatment of patients.

 Security’s patient invention activities should be documented.

 Training is provided to security pertaining to its role in patient management

 Collaborative training with clinical staff should include de-escalation, proper patient restraint techniques, mental health holds, and against medical discharges

(23)

Page 23 of 49

Responsible

Target Date

5.0 Security role in emergency management

 An emergency management program is developed and maintained to identify and address

threats/hazards/emergencies that may impact the facility and its operations.

 Security Role in an Emergency Operations Centre: security personnel may be assigned to fulfill the security functions including monitoring and having authority over the general security of the facility and its people, management scene/facility protection and traffic control.

 Security role in a Communicable Disease Outbreak that requires security to activate, adapt and supplement processes and mechanisms in order to continue the provision of a safe care environment. Planning for outbreaks should include identification of essential security services and measures to address shifting demand for security resources



6.0 The organization has conducted a security program risk assessment to assess security program needs lead by qualified and trained individuals

 Identify people and property assets that are to be protected

 Review of current security measures and procedures in place

- Inventory of policies and procedures in place - Inventory of security and security-related

equipment

- Inventory of security personnel

 Risk assessment of environmental security

 Analysis of internal documents such as security logs and security incidents, patient/client/workplace violence incidents and hazard reports, local police crime statistic, information from like organizations, legislative requirements and security standards

 Security safety program climate survey - workplace survey

(24)

Page 24 of 49

Responsible

Target Date

 Best practice is to have questions in the staff

engagement/satisfaction survey and incorporating into the organization’s plan

 Security safety plan should be part of the organizational plan

7.0 There is a documented security program in place and evidence of program implementation

 Written security policy demonstrating senior management commitment, goals, definitions, scope, roles and responsibilities and commitment to annual review and evaluation

 Written procedures and protocols for both clinical and non-clinical situations; and prevention and protection,

 Security training for security personnel

 Security training for administrator or person in charge of security

 Awareness training and communication for all staff, management

 Awareness communication to visitors and patients

 Access control – staff ID, facility restricted access, emergency lock down, approaching persons of interest, visitor access, signage

 Physical Security systems – electronic security, video surveillance,

 High Risk Areas

 Emergency responses and codes

 Security during emergency management (incident management system)

 Security during infectious disease outbreak or pandemic

 Security in Emergency Department

 Security Safety Program is developed and reviewed at least annually

 Joint Occupational Health and Safety Committee (JHSC) is consulted in revisions and training

 Security participation on committees and clinical teams

(25)

Page 25 of 49

Responsible

Target Date

8.0 There is a security training and awareness program

 Security Personnel – training matrix

 Security administrator with security personnel

 Security administrator without on site security personnel

 Worker and Management training – training matrices including awareness training

 Awareness Training Campaign

9.0 Security equipment is available and maintained

Examples:

 Video camera surveillance

 Access control systems

 Alarms

 Personal alarms

 Other for example security staff personal protective equipment

10.0 Environment and equipment design and planning take into consideration

 Security safety is considered in new work environment design or redesign

 Security is considered external premises. E.g. lighting, parking lot safety etc.

11.0 Incident Reporting and Investigation

 All related security incidents, accidents and hazards are reported and investigated promptly to identify immediate and root causes and implement timely corrective actions and/or recommendations. Ensure JHSC involvement e.g. critical and fatal injury

investigations; hazard, accident and illness summaries and notifications as per OHS act.

(26)

Page 26 of 49

Responsible

Target Date

12.0 Security Program Evaluation

 Security safety quality indicators both leading and lagging have been selected and are used for evaluation.

 There is a process to evaluate the program at least annually

 JHSC/HSR is consulted in program revisions and training

 Security safety quality improvements recommendations are considered by senior

management and where appropriate recommendations are implemented as required.

(27)

Page 27 of 49

APPENDIX C. SAMPLE CORPORATE SECURITY POLICY TEMPLATE

1. The following is a sample corporate security policy that organizations can use as a policy template.

2. Organizations will need to review their own organizational structure, workplace violence risk assessment, and security program self assessment checklist and action plan to determine which sections to include in their own corporate policy and procedures.

3. Organizations should customize the sample corporate policy including roles and responsibilities to ensure that it reflects the needs of their own organization.

(28)

Page 28 of 49

SAMPLE CORPORATE SECURITY POLICY

Organization Name Policy Number: XXX Subject: Security Policy

Date Approved: XXX Date Reviewed: XXX

POLICY Purpose

The purpose of the security policy is to ensure the:

 protection of organizational property and people working, visiting, receiving and/or providing services at or for the organization; and

 prevention of incident and accidents related to security risk factors and other related workplace hazards.

Policy Commitment Statement

<Name of the Organization> is committed to the providing a safe environment for everyone. <Name of the Organization> recognizes the significant hazards related to workplace violence and potential security risk factors; and the legal and moral responsibility to take every reasonable precaution under the

circumstances to protect employees and others. Our organization is committed to providing financial and human resources for the development, implementation and maintenance of a sustainable security protection and prevention program that will help to prevent or minimize security risk factors through hazard recognition, assessment, control and evaluation processes. All workplace parties are required to comply with the policy and any associated procedures as appropriate.

Goals

 Develop, implement, maintain and annually evaluate the security program

 Prevent and/or reduce the harm to people related to security risks and workplace violence hazards

 Prevent and/or reduce the incidence of property damage

 Increase security awareness to all workplace parties and the public

 Ensure those participating in security prevention and protection receive the necessary training and records of training are maintained

 Ensure that security equipment, materials and resources are provided and maintained

Scope

(29)

Page 29 of 49 Definitions

Security: Healthcare security is the prevention of harm and property damage, and protection of property and of all persons from potential harm related to workplace violence exposures, various occupational health and safety hazards in healthcare. Security is ensured through proactive measures, processes, monitoring, patrolling, and through emergency responses as necessary. It may include, but is not limited to, the implementation of a safety management plan, appropriately trained and competent personnel that fulfill security functions, policy, procedures, processes, protocols, activities; and the use and application of equipment and materials.

Security Guard: A security guard is a person who performs work, for remuneration, that consists primarily of guarding and/or patrolling for the purpose of protecting persons or property. [Private Security and

Investigative Services Act, 2005, c. 34, s. 2 (4)] Roles and Responsibilities

Employer

 Appoint a competent person to administer the security program

 Ensure the development, implementation, maintenance and evaluation of a security protection and prevention program

 Ensure a workplace violence risk assessment is conducted including security risks  Advise the JHSC or HSR of workplace violence assessment including risks associated with

security

 Provide any OHS security-related reports to the JHSC

 Ensure the review and revision of the security measures and procedures for the health and safety of their workers is done at least once a year, in light of current knowledge and practice  Where the security program requires revision consult with the JHSC or HSR and consider their

recommendations when developing, establishing and putting into effect the revised measures and procedures

 Consult the JSHC or HSR on security program training

 Provide fiscal and human resources to support the security program including the necessary resources for training and equipment

 Approve and annually review the security corporate program policy and procedures  Enforce the security policy and procedures

 Ensure there are processes in place to identify and assess security risks and hazards; and identify, implement and evaluate security controls

 Promote a culture of security and safety awareness

 Take every reasonable precaution under the circumstances for the protection of the worker

Supervisor

 Participate in security risk factor and hazard recognition, assessment, control and evaluation processes in the areas under their authority

 Be familiar with the security risks and health and legislation that applies to their work area  Enforce the security policy and procedures

(30)

Page 30 of 49  Monitor security strategies in the area under their authority by, but not limited to, conducting

management inspections and auditing worker safe work practice related to security  Encourage employees to report security hazards and risk immediately

 Respond to security reports and participate in investigations of security hazards and incidents in the area under their authority

 Communicate security concerns, solutions and controls to employees and others in a timely manner

 Develop a training matrix for employees that includes security

 Ensure employees attend regular security awareness training and workplace violence prevention training that pertains to their work area for instance emergency responses, non-violent crisis intervention, working alone, alarms etc.

 Ensure employees know what to do in the case of an emergency and where indicated participate in mock drills

 Maintain training records (scope and content, date, length of training, signatures, evaluation of understanding)

 Promote a culture of security and safety awareness

 Take every precaution reasonable in the circumstances for the protection of a worker

Worker

 Participate in security hazard recognition and controls  Comply with security policies and procedures as required

 Attend regular security and workplace violence prevention training

 Report any security hazards or incidents to the supervisor or employer immediately  Respond to a security incident within their scope of knowledge and training

 Cooperate in any investigations as required

Security Administrator or Delegate

 Must be competent and qualified because of knowledge, training and experience to oversee the security administrator function

 Be familiar with the security risks and relevant legislation that applies to the work

 Take a leadership role in corporate security and promote a security and safety culture through an ongoing security awareness communications and marketing plan

 Develop written corporate security program including a plan, policies, procedures, safe work practices, training and determining appropriate security staffing levels as appropriate; and coordinate the annual review of the policy

 Ensure consultation with JHSC/HSR when revisions of the security policies and procedures are required

 Implement, maintain and evaluate the security program

 Identify metrics and quality indicators to evaluate the security program

 Develop, implement, maintain and evaluate processes for recognizing, assessing, controlling and evaluating security risk factors and hazards

 Obtain and maintain appropriate security equipment and materials in compliance with organizational purchasing policies and procedures, and approval processes

 Address imminent threats of danger and has the authority to deploy and implement necessary measures in response to the threat and where required notify the JHSC/HSR

(31)

Page 31 of 49  Entitled to be consulted on building renovations and new building planning including

architectural design principles related to security

 Ensure security functions are added to the job description of those performing security administrator and security guard roles and responsibilities

 Ensure those hired for security purposes are competent, qualified and adequately trained  Enforce policies and procedures

 Participate in investigations related to security matters and communicate improvements  Ensure that security is represented on the workplace violence prevention committee

 Take every precaution reasonable in the circumstances for the protection of workers and others

Security Guard/Protection Agent (if applicable)

 Must be licensed by the Ministry of Community Safety and Correctional Services (Ministry of Community Safety and Correctional Services, 2009).

 Maintain the license as a condition of employment and be able provide proof of licensing at least annually

 Loss of licensed status must be reported to the manager

 Participate in basic security training and mandatory hospital training upon hire

 Complete annual certification / re-certification in security training as well as any mandatory hospital re-certifications

 Effectively perform and carry out security duties both verbally and physically; and in a manner that reflects the core values of the organization

 Carry out authorities available to a security officer under the Criminal Code, common law and case law, protection of other persons, defense of property, self-defense, seizure and use of force; and under provincial and municipal legislation e.g. trespass and provincial offences legislation and parking by-laws; and duties as outlined by the employer (CAN/CGSB-133-2008)  Comply with security and organizational policies and procedures

 Conduct patrols, inspections, guarding and responds to emergencies in compliance with the organizations policies and procedures

 Report any hazards and deficiencies and ensure corrective actions are taken  Complete documentation in accordance with the accepted standards

 Carry out other activities as required by the manager/administrator e.g. represent security on committees etc.

 Participate in investigations related to security matters and communicate findings to the security administrator as required

Joint Health and Safety Committee

 Be consulted in the revisions of the workplace violence prevention policies and program including security per the Ontario Regulation 67/93 Health and Residential Facility Regulation  Participate in investigations as outlined in the occupational health and safety act

 Entitled to receive OHS-related security reports regarding worker safety

 Receive and review the workplace violence risk assessment including areas pertaining to security

 Conduct monthly inspections that include identification of security concern or hazards  Make recommendations for improvement in writing to management as needed

(32)

Page 32 of 49 Communication

This policy will be communicated to all management and employees at the time of hire and on a regular basis.

Training

<Name of the Organization> is commitment to develop and provide all management and employees with security policy training, security awareness training and department specific security training relevant to the security related risks in their employment and work locations. The development of the training will be done in consultation with and in consideration of the recommendation of the JHSC/HSR as required by legislation. Training will be provided at orientation and refreshers will be provided on an ongoing basis. All training and training content will be documented and maintained by the designated party e.g. human resources, educator or manager. Employees will be required to sign and date training records and where applicable perform tests of competency.

Evaluation

The Corporate Security Policy will be evaluated, reviewed and approved annually by Senior

Management.Should the policy review lead to the conclusion that the measures and procedures should be revised, senior management will consult with the JHSC or HSR and consider their recommendations when developing, establishing and putting into effect the revised measures and procedures.Quality improvements will be implemented as required and these will be communicated to JHSC/HSR, employees and management.

PROCEDURES

Note procedures and safe work practices would be developed and customized by the organization and these would reflect the requirements identified on the risk assessment. Additional security related policies and procedures may also be made by the employer.

Approval

_____________________________________ _____________________________________ Senior Executive Name Senior Executive Signature

Date: ________________________________

Developed in Consultation with:  Security Services

 Senior Management  Patient Programs

 Joint Health and Safety Committees  Workplace Violence Prevention Committee  Emergency Measures Committee

(33)

Page 33 of 49 References

Canadian General Standards Board. (2008). Security Officers and Security Officer Supervisors,

CAN/CGSB-133.1-2008. Gatineau, Canada: Canadian General Standards Board. Retrieved from < https://www.scc.ca/en/standards/work-programs/cgsb/security-officers-and-security-officer-supervisors>

Ministry of Community Safety and Correctional Services. (2009). Training Curriculum for Security Guards. Private Security and Investigative Services Branch: Toronto, On, Canada: Queen’s Printer for Ontario. Retrieved from

<http://www.mcscs.jus.gov.on.ca/english/PSIS/Training/SecurityGuardCurriculum/PSIS_sec_grd _curr.html>

Ontario Regulation 67/93 Health Care and Residential Facilities Regulation Occupational Health and Safety ActR.S.O. 1990, Chapter 0.1.

(34)

Page 34 of 49

APPENDIX D. SAMPLE LIST OF SECURITY RELATED POLICIES AND

PROCEDURES

Complete the workplace violence risk assessment and the security self-assessment to determine what security policies and procedures are needed or required by your organization. The following list is a sample of security-related policies and procedures that your organization may consider. Note this is not an all inclusive list. The policies and procedures selected will depend on whether the organization has onsite security personnel or not as well as the nature of the work and locations.

1. The designated security administrator collaboratively with the multi-disciplinary committee and other stakeholders may complete this checklist.

2. Determine whether the organization should have policies and/or procedures that apply to the entire “organization”; and/or “security services” that is specific to security guards or security departments; or whether the policy and procedures are not applicable. Use a check mark to indicate which policies and procedures are needed. Check all that apply. In some cases there may be organizational and/or security services specific policies and/or procedures on the same topic.

3. Provide comments as needed for discussion at your organization.

4. The multi-disciplinary committee may choose to provide recommendations to Senior Management regarding needed policies and/or procedures.

Name of Policy and/or Procedure Organization Security

Services

Not Applicable

Comments

Access Control

Approaching a Person of Interest Arrests

Call for Assistance and Service Closed Circuit Television (CCTV) Code of Conduct

Code of Ethics

Communications and Education Initiatives Community and Home Health

Complaints Process Computer Use Confidentiality Co-op Students

Critical/Fatal Injury Response – securing the scene Deliberate Damage to Hospital Property

Departmental Responsibilities - Security

Documentation, record keeping e.g. memo books Dress and Deportment (Behaviour)

Electronic Security Systems and Alarms Elevator Control- Grounding and Service

(35)

Page 35 of 49

Emergency Department Door Access

Emergency Management, Codes and Response Employee Injury Reporting and Investigation Security Equipment and Use

Environmental Design and Renovation – Security Role External and Emergency Service Interaction

Fire Panel Procedures Fire Pump Testing Procedure Fire Protection – Red Tag Permit Hospital Restraint Cleaning Hot Work Permits

Illegal/Street Drug Disposal Impairment and Disorderly Conduct Incident Reporting and Documentation Incident Investigations and Documentation Lock ups and Unlocks

Lockdown - Facility Lost and Found

Mechanical Restraints and Seclusion Media Relations

Metal Detector Use Minor Event Log Morgue Duty

Notification of Manager

OHS Competent Supervisor Training - Mandatory OHS Supervisor Awareness Training - Mandatory OHS Worker Awareness Training - Mandatory On Call Assignment List

On Call Room System Operation

Patient Elopement – Departure Without Notification Patient/Client/Resident- Non-violent Crisis Intervention Patient Management – Security Role

Parking and Traffic Control Patrol System and Standards Personal Alarm System Pet Visitation to Hospital Photo Identification System Prisoner Patient Security Privacy Legislation Radio Protocol

Release of CCTV and Digital Media Release of Incident Reports Reporting For Duty

(36)

Page 36 of 49

*Security Sensitive Areas: Emergency Department, Mental Health, Surgery, Laboratory, Pediatrics, Maternal Child, Intensive Care Unit, Plant Operations, Pharmacy

Security may participate in the following committees and teams:  Joint Health and Safety Committee

 Workplace Violence Committee

 Emergency Codes and Response Committee  Clinical Team e.g. Mental Health

References

International Association for Heathcare Security and Safety. (2012). IAHSS handbook. Illinois: IAHSS. Retrieved from < http://iahss.org/About/Guidelines-Preview.asp>

Toronto East General Hospital, Toronto, Ontario Resistance Management

Search and Seizure

Security and Safety Inspections

Security Awareness and Training for Workplace Parties Security Accompaniment e.g. escort to parking lot Security Mission Statement and Management Plan Security Sensitive Areas*

Security Staffing

Security Training New Employee Orientation

Security Training – Ongoing training and re-certification Travelling in the community by vehicle, transit, on foot Travelling and staying at accommodations e.g. hotel Trespassing

Use of Force

Weapons – restricted and concealed Working Alone Other Other Other Other Other Other Other Other

(37)

Page 37 of 49

APPENDIX E. SECURITY PROGRAM ADMINISTRATOR TRAINING

(38)

Page 38 of 49

APPENDIX F. SAMPLE SECURITY GUARD TRAINING PROGRAM

COMPONENTS

Training Program Components

Description

Laws, Statues and Principles

All security professionals require training with respect to relative laws, statutes and principles governing their operational duties and responsibilities. The training material should consist of and not be limited to:

 Relevant legislation respecting security licensing and provision

 Trespass to Property Legislation and the principles of eviction

 The Criminal Code of Canada with emphasis on a citizen’s power of arrest and the lawful application of force

 Human Rights Legislation

 Occupational Health and Safety Legislation

 Principles associated with documentation and the retention of documentation Crisis

Management Training

 Training on principles of crisis management is to improve their communications and crisis resolution skills, tactical knowledge and physical skills.

 Crisis management training is designed to provide security professionals the necessary information and skills to recognize when a subject is in crisis and to respond proactively and professionally to a displayed crisis stage. Four Stages of Crisis Management are:

o Anxiety Stage

o Defensive Stage

o Acting-Out Stage

o Tension Reduction Stage

 Each of the four “stages of crisis” has a specific and recommended response option that is geared to “de-escalate” crisis, not “escalate” it.

Effective Communication

 The use of effective or appropriate communications is the vital link to reducing a person’s crisis level and establishing a basis for mitigating adversity. This training material centers on the skills required to respond to a crisis situation utilizing verbal strategies that are designed, intended and applied to calm a person down.

 Security professionals are instructed to use words that maintain professionalism, create subject accountability and permits justification of actions. Effective communications material outlines the need to utilize:

o The First Contact Approach – A standard approach to commencing communications with persons that includes; a personal greeting and the reason behind the interaction.

o The importance of sending appropriate verbal and non-verbal messages.

o The need to utilize “active listening skills” – This includes the need and the ability to listen to subjects and the recognition of “barriers to

communications”.

o The relevance of “Paraverbal communications” – Not what was said, but how it was said. This includes; tone of one’s voice, the volume of one’s speech, the cadence of speech, etc.

o The relevance of displaying appropriate “body language” – The messages one may send with the use of facial gestures, hand gestures, etc.

o The need to utilize verbal strategies that include; feedback, providing messages to persons at reasonable rates, use of simple language, the use of empathy, etc.

 These programs are intended to enable a reasonable and prudent person to effectively communicate with “persons in crisis” and in a manner deemed to display a “standard of care”.

SECURITY TOOLKIT 4/21/2015. Page 1 of 49