Upload
informa-australia
View
798
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Richard Murrie, Managing Director, Loss Prevention Group of Australia delivered this presentation at the 2012 Australian Hospital & Healthcare Security & Safety Conference. The conference is a fantastic opportunity to network with hospital security managers, OH&S unit coordinators, senior nursing and management staff of hospital departments, namely emergency departments and mental health units In its 6th annual edition the conference has been rebranded Safe & Secure hospitals to reflect industry feedback we have received through our research calls. For more information, please visit: http://bit.ly/17StSAN
Citation preview
Loss Prevention Group of Australia www.lpga.com.au
Hospital & Healthcare Security & Safety Conference 2012
Security Audits & Security Risk Assessments Identifying Key Security Risks
October 25, 2012
Presenter: Richard MurrieManaging Director
Loss Prevention Group of Australia www.lpga.com.au
Outline
This Session will explore:
General Security risks faced by healthcare facilities
Security risks relating to the failure of ageing & antiquated electronic security infrastructures
Case study of a major healthcare network and the process of identifying and rectifying electronic security infrastructures
Loss Prevention Group of Australia www.lpga.com.au
What is Risk Management?
AS/NZS ISO 3100-2009 Risk Management
“The culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects”
Loss Prevention Group of Australia www.lpga.com.au
What is Risk?
The chance of something happening that will have an impact upon objectives
“What can happen, how can it happen, what impact will it have?”
Loss Prevention Group of Australia www.lpga.com.au
Risk Categories
Human Resources
Clinical
Financial/Investment
Political
Environmental
Information Technology
Strategic
Market
Security
OHS
Legal
Property
Loss Prevention Group of Australia www.lpga.com.au
Identifying Risk
Holistic security risk assessments are a mandatory requirement of Australian Standard 4485 “Security for Healthcare Facilities”
The security risk assessment should form the basis of identifying & managing security risks that may impact upon your healthcare facility
It is crucial all healthcare facilities undertake a security risk assessment compliant with AS/NZ ISO 301000, Why?
Loss Prevention Group of Australia www.lpga.com.au
Security risks will differ for each facility
Once identified, the risks can be managed, strategies developed and security controls implemented
Identified and perceived risks may be mitigated by incorporating the information received into the security design of the facility
Identifying Risk cont…
Loss Prevention Group of Australia www.lpga.com.au
Risk Management Processes
Establishing the context
Identifying the risk
Analyse the risks
Evaluate the risk
Treat the risk.
Loss Prevention Group of Australia www.lpga.com.au
Risk Management Team
Nominated Team Leader (Risk Manager)
Security Manager
Quality Manager
Senior Nursing staff, E.D Manager, Mental Health Manager, ADON’s etc
Human Resources Manager
OHS Manager
Engineering Manager
(external consultant)
This is not an exhaustive list
Loss Prevention Group of Australia www.lpga.com.au
Common Security Risks
Common security risks faced by Healthcare Facilities:
Occupational violence & verbal abuse
Unauthorised access to hospital facilities
Inappropriate use of & access to confidential information
Abuse/misuse of pharmaceuticals
Theft of hospital & personal assets
Failure of electronic security infrastructures.
Inadequate recruitment & probity checks.
Inadequate credentialing procedures
Internal Fraud
Loss Prevention Group of Australia www.lpga.com.au
Introduction-Case Study
LPGA was engaged to undertake an electronic security audit and risk assessment & to develop an Electronic Security Master Plan.
Sites audited included:-
– The Northern Hospital
– Broadmeadows Health Service
– Bundoora Extended Care
– Craigieburn Health Service
– Panch Health Service
Loss Prevention Group of Australia www.lpga.com.au
Why?
System & equipment failures were increasing
Repairs to equipment was expensive and largely restricted to one provider as proprietary equipment had been installed when main campus was commissioned in 2000.
The five campuses had a mixture of electronic security infrastructure, (old, older, tired & incompatible)
Lack of confidence in the existing security infrastructure
To officially document the risks associated to the current infrastructure and formally present to the hospital’s Risk Management Committee. (at BOM level).
Loss Prevention Group of Australia www.lpga.com.au
Case Study-Scope
The scope of engagement included:
– Examination of existing security infrastructure, including current condition and capacity;
– Identification of security risks for the site;
– Review of existing security arrangements;
– Assessment and rating of security risks;
– Recommendation of risk mitigation strategies;
– Development of Baseline Security design standards;
– Recommendation of security upgrades and provision of budgets; and
– Audits & Risk Assessments have been documented on a site by site basis for future reference.
Loss Prevention Group of Australia www.lpga.com.au
Case Study-Findings
Many of the security systems installed across Northern Health portfolio were below satisfactory condition and required updating.
A significant portion of Security Systems utilised outdated technology and were not supported by mainstream security providers.
Most of the systems installed no longer met minimum security design guidelines for health facilities.
In a number of cases, the systems could be subject to the possibility of total or partial failure.
Loss Prevention Group of Australia www.lpga.com.au
Summary Case Study-Findings
Below is a high level summary of the condition of the security systems at each campus
TNH BHS BECC CHS PHS
ITEM
Swipe Card Readers
Electronic Locks
Alarm Monitoring
Duress Alarms
Control Panels
Security Management System
CCTV Cameras
CCTV Recording
Guard Tour
Intercoms
LEGEND
Acceptable technology for next 5 years
Requires replacement or major upgrade within less than 5 years
Requires urgent repair or upgrade
Loss Prevention Group of Australia www.lpga.com.au
Summary of Risk Assessments
Northern Health staff will engage in a range of tasks which have implications for security risks, for example:
– Managing patient related and sensitive information;
– Engaging with members of the public who are in stressful situations, under the influence of drugs and/or alcohol
– Dealing with criminal activities (e.g. assaults)
– Working on cases which attract public or media attention.
As a result of this, staff, patients, residents and visitors are subjected to a range of security risks
Loss Prevention Group of Australia www.lpga.com.au
Summary of Risk Assessments
TNH BHS BECC CHS PHS
THREAT
Harm to People EXTREME HIGH MEDIUM MEDIUM HIGH
Preventable Fatality HIGH HIGH HIGH MEDIUM MEDIUM
Abduction of Infant HIGH N/A N/A N/A N/A
Theft of Property MEDIUM MEDIUM MEDIUM LOW MEDIUM
Theft of Drugs LOW LOW VERY LOW VERY LOW VERY LOW
Property Damage LOW LOW VERY LOW LOW LOW
Unauthorised Disclosure of Confidential Information
MEDIUM MEDIUM MEDIUM MEDIUM LOW
Loss of Productivity MEDIUM N/A N/A N/A N/A
Disruption of Operations LOW LOW LOW LOW LOW
The outcomes from each of the site specific security risk assessments are summarised in the table below. A rating of medium or higher requires immediate action.
The level of Risk at each facility was used as the basis for developing upgrade recommendations.
Loss Prevention Group of Australia www.lpga.com.au
Key Design & Upgrade Strategies
To prepare an upgrade plan & determine costs, a number of key design strategies were developed.
– Establish baseline Security & CCTV Design Standard
– Establish a security maintenance contract to reduce risk of systems failure
– Upgrade all CCTV & Security systems to a common operating platform and implement a digital IP network
– Utilise existing IT network infrastructure for communications between each site & Central Control Room
– Establish a central Security Control Room for the monitoring and management of Security & CCTV
Loss Prevention Group of Australia www.lpga.com.au
Key Design & Upgrade Strategies Cont
These strategies will deliver a consistent standard of security across all of the Northern Health sites, reducing risk and allowing for improvements in efficiency (i.e. standardisation, multi vendor solutions & implementation
of a single access control smart card).
Loss Prevention Group of Australia www.lpga.com.au
Master Plan
A range of recommendations were provided to guide the maintenance and renewal of the security systems at each campus which can be implemented over a number of years.
The recommendations have been arranged according to a prioritised, phased upgrade strategy.
Delivery Phases: Phase 1 – Develop baseline standards and determine standard operating
platforms
Phase 2 – Critical Repair and Urgent Upgrades
Phase 3 – Monitoring & Control System Upgrades and Expansion
Phase 4 – Field Equipment Upgrades, including cameras, card readers, etc.
Phase 5 – Establish Central Control Room & Inter-Connect All Sites
Loss Prevention Group of Australia www.lpga.com.au
Master Plan
Current Position
* BOM Risk Management Committee accepted the report and allocated CAPEX over the next few years.
Phase 1 & 2 have been completed
Phase 3 is 75% complete
Expected prior to 2017 all infrastructure upgrades will have been completed across the 5 campuses.
Loss Prevention Group of Australia www.lpga.com.au
Summary
Conduct a security risk assessment at your healthcare facility
Identify the risks, develop mitigation strategies and ensure you engage with executive management
Prepare a “Master Plan” to support the “business case” for all security infrastructure improvements
Loss Prevention Group of Australia www.lpga.com.au
Questions?
Richard Murrie
Managing Director
Loss Prevention Group of Australia
www.lpga.com.au
Mobile: 0408 312 657