• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security Audits and Security Risk Assessments
 

Security Audits and Security Risk Assessments

on

  • 576 views

Richard Murrie, Managing Director, Loss Prevention Group of Australia delivered this presentation at the 2012 Australian Hospital & Healthcare Security & Safety Conference. The conference is a ...

Richard Murrie, Managing Director, Loss Prevention Group of Australia delivered this presentation at the 2012 Australian Hospital & Healthcare Security & Safety Conference. The conference is a fantastic opportunity to network with hospital security managers, OH&S unit coordinators, senior nursing and management staff of hospital departments, namely emergency departments and mental health units In its 6th annual edition the conference has been rebranded Safe & Secure hospitals to reflect industry feedback we have received through our research calls. For more information, please visit: http://bit.ly/17StSAN

Statistics

Views

Total Views
576
Views on SlideShare
382
Embed Views
194

Actions

Likes
0
Downloads
11
Comments
0

2 Embeds 194

http://iirhealthcare.wordpress.com 181
http://informaaustralia.wordpress.com 13

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security Audits and Security Risk Assessments Security Audits and Security Risk Assessments Presentation Transcript

    • Loss Prevention Group of Australia www.lpga.com.au Hospital & Healthcare Security & Safety Conference 2012 Security Audits & Security Risk Assessments Identifying Key Security Risks October 25, 2012 Presenter: Richard Murrie Managing Director
    • Loss Prevention Group of Australia www.lpga.com.au Outline This Session will explore:  General Security risks faced by healthcare facilities  Security risks relating to the failure of ageing & antiquated electronic security infrastructures  Case study of a major healthcare network and the process of identifying and rectifying electronic security infrastructures
    • Loss Prevention Group of Australia www.lpga.com.au What is Risk Management?  AS/NZS ISO 3100-2009 Risk Management  “The culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects”
    • Loss Prevention Group of Australia www.lpga.com.au What is Risk?  The chance of something happening that will have an impact upon objectives  “What can happen, how can it happen, what impact will it have?”
    • Loss Prevention Group of Australia www.lpga.com.au Risk Categories  Human Resources  Clinical  Financial/Investment  Political  Environmental  Information Technology  Strategic  Market  Security  OHS  Legal  Property
    • Loss Prevention Group of Australia www.lpga.com.au Identifying Risk  Holistic security risk assessments are a mandatory requirement of Australian Standard 4485 “Security for Healthcare Facilities”  The security risk assessment should form the basis of identifying & managing security risks that may impact upon your healthcare facility It is crucial all healthcare facilities undertake a security risk assessment compliant with AS/NZ ISO 301000, Why?
    • Loss Prevention Group of Australia www.lpga.com.au  Security risks will differ for each facility  Once identified, the risks can be managed, strategies developed and security controls implemented  Identified and perceived risks may be mitigated by incorporating the information received into the security design of the facility Identifying Risk cont…
    • Loss Prevention Group of Australia www.lpga.com.au Risk Management Processes  Establishing the context  Identifying the risk  Analyse the risks  Evaluate the risk  Treat the risk.
    • Loss Prevention Group of Australia www.lpga.com.au Risk Management Team  Nominated Team Leader (Risk Manager)  Security Manager  Quality Manager  Senior Nursing staff, E.D Manager, Mental Health Manager, ADON’s etc  Human Resources Manager  OHS Manager  Engineering Manager (external consultant) This is not an exhaustive list
    • Loss Prevention Group of Australia www.lpga.com.au Common Security Risks Common security risks faced by Healthcare Facilities:  Occupational violence & verbal abuse  Unauthorised access to hospital facilities  Inappropriate use of & access to confidential information  Abuse/misuse of pharmaceuticals  Theft of hospital & personal assets  Failure of electronic security infrastructures.  Inadequate recruitment & probity checks.  Inadequate credentialing procedures  Internal Fraud
    • Loss Prevention Group of Australia www.lpga.com.au Introduction-Case Study  LPGA was engaged to undertake an electronic security audit and risk assessment & to develop an Electronic Security Master Plan.  Sites audited included:- – The Northern Hospital – Broadmeadows Health Service – Bundoora Extended Care – Craigieburn Health Service – Panch Health Service
    • Loss Prevention Group of Australia www.lpga.com.au Why?  System & equipment failures were increasing  Repairs to equipment was expensive and largely restricted to one provider as proprietary equipment had been installed when main campus was commissioned in 2000.  The five campuses had a mixture of electronic security infrastructure, (old, older, tired & incompatible)  Lack of confidence in the existing security infrastructure  To officially document the risks associated to the current infrastructure and formally present to the hospital’s Risk Management Committee. (at BOM level).
    • Loss Prevention Group of Australia www.lpga.com.au Case Study-Scope  The scope of engagement included: – Examination of existing security infrastructure, including current condition and capacity; – Identification of security risks for the site; – Review of existing security arrangements; – Assessment and rating of security risks; – Recommendation of risk mitigation strategies; – Development of Baseline Security design standards; – Recommendation of security upgrades and provision of budgets; and – Audits & Risk Assessments have been documented on a site by site basis for future reference.
    • Loss Prevention Group of Australia www.lpga.com.au Case Study-Findings  Many of the security systems installed across Northern Health portfolio were below satisfactory condition and required updating.  A significant portion of Security Systems utilised outdated technology and were not supported by mainstream security providers.  Most of the systems installed no longer met minimum security design guidelines for health facilities.  In a number of cases, the systems could be subject to the possibility of total or partial failure.
    • Loss Prevention Group of Australia www.lpga.com.au Summary Case Study-Findings  Below is a high level summary of the condition of the security systems at each campus TNH BHS BECC CHS PHS ITEM Swipe Card Readers      Electronic Locks      Alarm Monitoring      Duress Alarms      Control Panels      Security Management System      CCTV Cameras      CCTV Recording      Guard Tour      Intercoms      LEGEND  Acceptable technology for next 5 years  Requires replacement or major upgrade within less than 5 years  Requires urgent repair or upgrade
    • Loss Prevention Group of Australia www.lpga.com.au Summary of Risk Assessments  Northern Health staff will engage in a range of tasks which have implications for security risks, for example: – Managing patient related and sensitive information; – Engaging with members of the public who are in stressful situations, under the influence of drugs and/or alcohol – Dealing with criminal activities (e.g. assaults) – Working on cases which attract public or media attention.  As a result of this, staff, patients, residents and visitors are subjected to a range of security risks
    • Loss Prevention Group of Australia www.lpga.com.au Summary of Risk Assessments TNH BHS BECC CHS PHS THREAT Harm to People EXTREME HIGH MEDIUM MEDIUM HIGH Preventable Fatality HIGH HIGH HIGH MEDIUM MEDIUM Abduction of Infant HIGH N/A N/A N/A N/A Theft of Property MEDIUM MEDIUM MEDIUM LOW MEDIUM Theft of Drugs LOW LOW VERY LOW VERY LOW VERY LOW Property Damage LOW LOW VERY LOW LOW LOW Unauthorised Disclosure of Confidential Information MEDIUM MEDIUM MEDIUM MEDIUM LOW Loss of Productivity MEDIUM N/A N/A N/A N/A Disruption of Operations LOW LOW LOW LOW LOW The outcomes from each of the site specific security risk assessments are summarised in the table below. A rating of medium or higher requires immediate action. The level of Risk at each facility was used as the basis for developing upgrade recommendations.
    • Loss Prevention Group of Australia www.lpga.com.au Key Design & Upgrade Strategies  To prepare an upgrade plan & determine costs, a number of key design strategies were developed. – Establish baseline Security & CCTV Design Standard – Establish a security maintenance contract to reduce risk of systems failure – Upgrade all CCTV & Security systems to a common operating platform and implement a digital IP network – Utilise existing IT network infrastructure for communications between each site & Central Control Room – Establish a central Security Control Room for the monitoring and management of Security & CCTV
    • Loss Prevention Group of Australia www.lpga.com.au Key Design & Upgrade Strategies Cont  These strategies will deliver a consistent standard of security across all of the Northern Health sites, reducing risk and allowing for improvements in efficiency  (i.e. standardisation, multi vendor solutions & implementation of a single access control smart card).
    • Loss Prevention Group of Australia www.lpga.com.au Master Plan  A range of recommendations were provided to guide the maintenance and renewal of the security systems at each campus which can be implemented over a number of years.  The recommendations have been arranged according to a prioritised, phased upgrade strategy.  Delivery Phases:  Phase 1 – Develop baseline standards and determine standard operating platforms  Phase 2 – Critical Repair and Urgent Upgrades  Phase 3 – Monitoring & Control System Upgrades and Expansion  Phase 4 – Field Equipment Upgrades, including cameras, card readers, etc.  Phase 5 – Establish Central Control Room & Inter-Connect All Sites
    • Loss Prevention Group of Australia www.lpga.com.au Master Plan Current Position  * BOM Risk Management Committee accepted the report and allocated CAPEX over the next few years.  Phase 1 & 2 have been completed  Phase 3 is 75% complete  Expected prior to 2017 all infrastructure upgrades will have been completed across the 5 campuses.
    • Loss Prevention Group of Australia www.lpga.com.au Summary  Conduct a security risk assessment at your healthcare facility  Identify the risks, develop mitigation strategies and ensure you engage with executive management  Prepare a “Master Plan” to support the “business case” for all security infrastructure improvements
    • Loss Prevention Group of Australia www.lpga.com.au Questions? Richard Murrie Managing Director Loss Prevention Group of Australia rmurrie@bigpond.net.au www.lpga.com.au Mobile: 0408 312 657