Security_standards_for_the_management_and_control_of_CDs_in_ambulance_v2_

Tackling fraud and managing security
Security standards and guidance
for the management and control
of controlled drugs in the
ambulance sector
Version 2 – April 2013

Security standards and guidance for the management and
control of controlled drugs in the ambulance sector
Prepared by NHS Protect on behalf of the
Ambulance Pharmacists Network
Version Date Summary
1 June 2012 N/A
2 April 2013 Changes have been made to reflect the introduction of The
Controlled Drugs (Supervision of Management and Use)
Regulations 2013 and NHS reforms. Other changes to note
affect the following paragraphs: 40, 47, 48, 50, 55-58, 129-
134, 145 and 146.

Foreword
The NHS is undergoing significant change which will result in more care being delivered in
the community, and the ambulance service will increasingly play a key role in support of this
development. Therefore, there is a greater need to ensure that the right medicines are in the
right place at the right time, and accessible by the appropriate clinical staff. This is of
particular importance in the case of morphine and the wider range of controlled drugs (CDs).
These security standards have been developed to clarify the legal framework for the safe
management of CDs in the pre-hospital environment. This followed the identification of
variations in practice by the Ambulance Pharmacists Network and the subsequent fieldwork
and interviews undertaken for the National Prescribing Centre for the report on Safe
management and use of controlled drugs in ambulance and paramedic services in England,
2012. The report highlights that guidance was required to improve the management of CDs
through a strengthened whole-system approach.
The aim of this guidance is to act as a single point of reference, creating a practical and
accessible approach to the management and use of CDs. This will not only help support the
delivery of high quality patient care but also protect the public from the risks of mis-
management of these medicines.
Additionally, it is hoped that the guidance will assist ambulance trusts to make efficiency
savings in the management of CDs as well as improve auditing practices. I hope that this
document proves useful.
Peter Bradley CBE
National Ambulance Director

Executive summary
Ambulance service patient care is usually provided by solo responders or by a crew of two
people, from a range of locations and vehicles. This means that NHS staff and premises are
vulnerable from a number of risks and potential security threats. This is particularly the case
with regard to the security of controlled drugs (CDs), used on a daily basis by ambulance
staff in the provision of emergency medical care to patients. The security of CDs has
implications not just for those directly involved, but for the public as a whole.
The purpose of this document is to introduce security standards to improve the safe and
secure management of CDs in ambulance trusts in England. The guidance establishes
minimum security standards that ambulance trusts and their contracted providers are
expected to have in place or be working towards, and makes recommendations for best
practice. The guidance has been developed in consultation with key stakeholders including
the Care Quality Commission, Home Office, Police Controlled Drug Liaison representatives
and ambulance trusts.
The primary aim of the standards is to ensure that patients receive the appropriate care and
medicines at the time they require them. While minimum security standards are defined, the
best practice recommendations are intended to be interpreted in the context of local clinical
practice to meet patients’ healthcare needs. The standards have not been developed to
specifically address the variety of clinical scenarios ambulance staff may find themselves in.
The Ambulance Pharmacists Network commissioned NHS Protect to undertake a review of
ambulance trusts’ management of CDs throughout England, so as to understand current
processes and identify examples of best practice. Although this guidance relates to England,
it was also useful to review arrangements in Wales and Scotland. It was apparent during the
review that current standards for CD management vary across the country and the
challenges for the management of these medicines differ. This is often dependant on rural
and urban geography and the development of local care pathways to meet the local patient
need. Therefore, while the security standards apply to all ambulance services,
implementation of best practice may vary because of different priorities and challenges.
The security standards defined in this document are the minimum standards ambulance
trusts and their contracted providers are expected to achieve. The standards follow the
whole process, from requisitioning, through to the use and destruction of CDs and the
maintenance of the complete audit trail. Particular attention is also given to how these steps
should be outlined in the trusts’ standard operating procedures and policies.
Section 1 provides good practice guidance on the requisitioning process for CDs. The
movement of CDs from their point of delivery and subsequent transfer is covered in section
2. The physical security measures for premises and vehicles where CDs are stored are
discussed in section 3 and storage issues in section 4. Managing access to CDs, including
in particular key security, is covered in section 5. All aspects of the security of CD stationery
including CD Record Books, CD Order Books, stock check and audit forms is covered in
section 6.
Section 7 outlines good practice guidance and minimum security standards, relating to
reporting and audit of the use and management of CDs to reduce the risk of theft or
diversion and highlight any losses. Section 8 provides guidance and best practice for the
secure destruction and disposal of unused amounts of CDs, broken or damaged ampoules,
and out-of-date stock. Guidance on best practice for the upkeep of personnel records of
those staff authorised to possess and access CDs is provided in section 9.

It is anticipated that the length of time to implement these standards will vary widely across
the sector due to varying practices currently in place. However, all ambulance trusts are
expected to develop an action plan with milestones to demonstrate the implementation of
these standards.
This document has been designed for those who are involved in management of CDs in
ambulance trusts and for those who are responsible for ensuring that CDs are managed
appropriately in their organisations or in their part of the organisation. The document may
also be of value to community and hospital pharmacists offering medicines management
support and advice to ambulance trusts; NHS England and ambulance CD Accountable
Officers; and private ambulance providers. The guidance has been prepared in consultation
with key stakeholders who are listed in Appendix A. The style of the document has been
drafted to complement the document Safer management of controlled drugs: A guide to
good practice in secondary care (England) 2007, which provides some reference for
ambulance trusts. The document also takes account of the terminology of that guidance
document and the Revised Duthie Report (March 2005), where the term “should” has been
used for recommendations that relate to good practice and “must” for those governed by
legal requirements.
It is hoped that ambulance trusts use this document as a starting point to review and
improve security standards for the management and control of CDs in their trusts.
Ed England
Chair
Ambulance Pharmacists Network
Dr Alison Walker
Chair
National Ambulance Service Medical Directors
Dermid McCausland
Managing Director
NHS Protect

Contents
Introduction........................................................................................................................... 1
1 Requisitions ................................................................................................................... 2
2 Delivery and transfer...................................................................................................... 7
3 Physical security ............................................................................................................ 9
4 Storage........................................................................................................................ 15
5 Managing access......................................................................................................... 17
6 Security of controlled drug stationery ........................................................................... 19
7 Reporting and audit...................................................................................................... 22
8 Destruction and disposal.............................................................................................. 29
9 Upkeep of personnel records ....................................................................................... 33
References ......................................................................................................................... 35
Appendix A: List of Contributors.......................................................................................... 37

1
Introduction
The purpose of this guidance is to improve the standards in the security, management and
use of Controlled Drugs (CDs) in ambulance trusts in England. This document refers to CDs
as they are listed and defined in the Misuse of Drugs Regulations 2001 and its amendments;
however the emphasis is on those contained in Schedule 2 as they are subject to the highest
levels of control. The guidance covers CDs that paramedics may possess under the Misuse
of Drugs Regulations 2001 and that healthcare professionals are authorised to supply, offer
to supply or administer under a Patient Group Direction. The guidance has been developed
in consultation with key stakeholders led by NHS Protect on behalf of the Ambulance
Pharmacists Network.
All standard operating procedures (SOPs) and policies for the management and use of CDs
in ambulance trusts in England, Scotland and Wales were reviewed in the development of
this guidance. Although the remit is specific to ambulance trusts in England, it was useful to
review the procedures in use in other parts of the UK.
The review of the policies was followed by further investigation into the governance
arrangements for CDs via communication directly with the Controlled Drugs Accountable
Officers (CDAOs) of the ambulance trusts. This was either through tailored questionnaires or
interviews with eight of the 11 ambulance trusts in England.
The questionnaires and interviews focused on identifying existing physical security
measures; storage, issue and disposal procedures; and key/access management and
auditing processes. The purpose of this was to identify good practice and gain an
understanding of the operational issues around managing CDs in an ambulance setting.
The document aims to set out robust systems for the requisitioning, delivery, transfer,
physical security, storage, supply, recording and safe disposal of CDs. All of these systems
and each step of the CD journey should be written into a SOP. The Department of Health
document Safer Management of Controlled Drugs: Guidance on Standard Operating
Procedures for Controlled Drugs defines the SOP as “an unambiguous document, describing
the responsibilities and the procedures, including audit, necessary to safely and accountably
manage any set of processes, in this case around the total management of CDs.”
The research identified two distinct systems in operation for managing CDs in NHS
ambulance trusts. For the purpose of this document they are referred to as personal based
issuing system and vehicle based issuing system. In a personal based issuing system, CDs
are signed out to individual paramedics for the duration of the shift. In a vehicle based
issuing system, CDs are assigned to a particular vehicle and are accessed and used by
those authorised to do so in the course of their duties.
The guidance does not recommend a particular system but does highlight the fact that there
are different risks associated with each system.
Trusts should review current policies and procedures in light of this guidance and make
amendments as needed. This should be done in consultation with a pharmacist.
The role of the CDAO, which is referred to throughout this document, is set out in The
Controlled Drugs (Supervision of Management and Use) Regulations 2013. The NHS
National Prescribing Centre (NPC) Handbook for controlled drug Accountable Officers in
England (March 2011) is based on regulations which have been since superseded, but still
contains useful guidance on the role of the CDAO.

2
1 Requisitions
1. This section provides good practice guidance on the process of ordering and receiving
CDs. It is recognised that ambulance trusts operate differing systems with regard to
requisitioning CDs. In particular, some trusts order CDs to a central store, from which
they are distributed to individual stations and/or paramedics; this is referred to in this
chapter as a centralised ordering system. In other cases, individual paramedics are
able to place orders to replenish CD stocks in their own possession or held on
individual vehicles; this is referred to as an individualised ordering system. In all cases
it is the aim of this guidance to reduce the opportunity for diversion of CDs, or any risk
of loss, theft, or other irregularity during the process of requisitioning.
Accountable individuals
▪ CDAO
The CDAO must ensure that appropriate systems for the safe management of CDs
are established, operated and reviewed regularly, and that they comply with
relevant statutory requirements. With regard to CD requisitioning, the CDAO must
ensure that adequate and up-to-date SOPs are in place which specify roles,
responsibilities and procedures to be followed for all aspects of the CD journey. The
details for ordering, collecting, and receiving CDs should be specified in a SOP.
▪ Responsible managers
Operational and station managers are accountable for ensuring that trust policies
and SOPs are implemented correctly and consistently within their area of work and
locality.
▪ Registered paramedic
In some trusts, Health Professions Council (HPC) registered paramedics are
directly involved in the requisitioning of CD stock (i.e. in an individualised ordering
system) and in these cases are solely accountable for the ordering and receiving of
CDs in their possession or held on individual vehicles.
▪ All staff
All staff who are involved in the ordering, collecting or receiving of CDs are
responsible for carrying out their respective roles in accordance with local policy
and SOPs and for reporting any discrepancies or untoward incidents using the local
reporting procedure (see section 7).
Minimum and maximum stock levels
2. CD stock levels should be kept at all times between agreed minimum and maximum
levels, according to any local operational directives which are determined by need and
based on historical clinical data. Appropriate minimum and maximum stock levels
(whether by station, vehicle or paramedic) help to limit the risk of loss due to large
amounts of CDs being stored in one place, while ensuring that there is no danger of
running out in periods of unexpectedly high demand.
Authorised signatories
3. The local SOP should specify which members of trust staff are authorised signatories
for placing CD orders. This list, along with a specimen of the signature of each
authorised signatory, should be available at all supplying pharmacies for validation.

3
Similar lists should be held and maintained to cover staff authorised to collect or
receive CD orders.
4. It is the responsibility of the trust to ensure that the list of authorised signatories for the
requisitioning of CDs is kept up-to-date. As a matter of good practice, a system should
be put in place so that the list of authorised signatories for each function is
automatically updated when staff change positions or leave the trust (see section 9).
Requisition forms
5. Orders should be written on suitable stationery, such as a CD Order Book containing
requisition forms on numbered, self-carbonating pages. One copy is to be given to the
supplying pharmacy, and the other is to be retained in the Order Book as a record. If
requisitions are completed using electronic rather than (or in addition to) paper
systems, care should be taken to ensure the integrity and reliability of records. Both
paper and electronic ordering records must be maintained in accordance with the NHS
Code of Practice on Records Management.
6. This guidance for requisition forms is the same for the process of ordering from a
supplying pharmacy as for intra-trust ordering from a central store (see below).
7. All orders should include the following information:
Date of order
Name and address of the organisation ordering (i.e. the trust)
Name of supplying pharmacy
Name of the CD, formulation and strength
Quantity
Purpose for which the drug supplied is required (for ambulance trusts, this
would be ‘for emergency care’ or similar)1
Name (legible), profession, signature and either HPC or General Medical
Council PIN of person placing the order
Name (legible) and signature of the person supplying the order.
The information in bold is legally required to be obtained by the supplier under the
Misuse of Drugs Regulations 2001.
8. The CD Order Book should be treated as controlled stationery and kept securely
stored at all times with access restricted to authorised staff only. In cases where an
electronic system is used for requisitioning of CDs, it should also be secured and only
accessible by those with the authority to place orders (see section 6).
9. The CD Order Book should not be amended or corrected in any way. If a mistake is
made, the word ‘VOID’ should be written across the spoiled form and a new one made
out. Both copies of the self-carbonating form should be voided and remain in the book.
10. A standard requisition form FP10CDF has been introduced by the Department of
Health for requisitioning CD stocks. As paramedics are not prescribers, individual
paramedic usage cannot be monitored. However, the supplier will submit all CD
1
NB: The Misuse of Drugs Regulations 2001 require requisition forms to include the purpose for
which the drug supplied is required (Regulation 14(2)). In the case of Ambulance Trusts, this will
always be for administration to patients in the context of emergency care. This requirement may be
satisfied by way of a statement printed on the proforma requisition form, rather than written by hand
for each individual order.

4
requisitions that they have processed to the NHS Business Services Authority for
statistical analysis. The FP10CDF forms can be obtained from NHS England. All
requisitions for CDs must comply with Regulation 14 of the Misuse of Drugs
Regulations 2001.
Ordering from supplying pharmacies
11. A service level agreement (SLA) should be in place with supplying pharmacies,
defining the responsibilities of the parties. Additionally, a local SOP should indicate the
person(s) responsible for ordering CDs from supplying pharmacies. This person must
be legally authorised under current legislation to requisition CDs and retains
responsibility even if certain activities are delegated.
12. Where CDs are ordered for trust stock, orders must be approved and signed for by a
doctor who is either directly employed or is acting on behalf of the trust. He or she
retains final responsibility for CD stock ordered by the trust, even if some tasks are
delegated to other members of staff.
13. As a matter of good practice, the person receiving or collecting CD orders should not
be the same person who placed the order. This increases the transparency of the
process and reduces the opportunity for diversion of stock by one individual. However,
this may not be practical where a trust operates an individual ordering system and
personal issue system for CDs, as paramedics may both order and collect or receive
their own supply. In this case, the trust can compensate for the increased risk by
implementing additional measures of control and monitoring (see section 7).
Ordering from central store
14. Where an ambulance trust has an arrangement by which stations and/or hubs submit
orders to a trust central store to replenish their CD stocks, similar procedures should
be put in place for this process as for ordering from supplying pharmacies. The local
SOP should define the person(s) responsible for ordering CDs from the trust central
store.
Collecting or receiving orders
15. As far as reasonably practicable, all stages of the collection, delivery and receipt of
CDs should be witnessed and supervised by an appropriate member of trust staff.
16. Some trusts employ dedicated staff to collect medicine orders from supplying
pharmacies and distribute them (either to individual vehicles, stations, or to a central
store). The names and titles of staff authorised to collect orders should be recorded in
the local SOP and communicated to the supplying pharmacies.
17. Where orders are delivered by pharmacy couriers to the trust, the local SOP should
indicate which members of staff are permitted to receive and sign for them, and their
names and titles should be communicated to the supplying pharmacies.
18. Where the person(s) collecting or receiving a CD order is not in their own right
authorised to possess CDs, there needs to be a written instruction signed by the
requisitioning person authorising them to do so on their behalf. This can be dealt with
through a SOP or local agreement that is continuous in provision and regularly
updated to cover staff changes. This meets the requirements set out in Regulation
14(1) of the Misuse of Drugs Regulations 2001.

5
19. A process for verification of the identity and authorisation of staff collecting or receiving
medicine orders must be adhered to. This should state, at a minimum, that staff must
be in uniform and present a trust ID card, showing the individual’s photo and full name,
when collecting orders; and that pharmacy or trust staff handing over CDs to
operational staff must always check ID cards and inspect the individual’s signature
against the specimen held with the authorised signatories list. Pharmacy or central
store staff should never rely just on a uniform, a signature or familiarity with staff, as
this could enable a member of staff who has left or been suspended from the trust and
has had their ID card taken from them to still collect CDs. It is the trust’s responsibility
to develop and agree working arrangements with supplying pharmacies that
incorporate these verification procedures.
20. Upon delivery or collection, the received CDs should be checked against the delivery
note and the original requisition form to verify that the correct type, formulation,
strength and quantity have been received. They should also be examined to ensure
that any tamper-evident seals on packs are intact so that stock balance can be
accurately determined by counting sealed packs. Orders that have been correctly
delivered or collected should be confirmed by signature of both the person delivering
and the person collecting or receiving, as part of the audit trail.
21. Any discrepancies should be notified immediately to the responsible manager and to
the supplying pharmacy which filled the order. The most secure method of rectifying
the mistake would be for the order to be returned and then re-delivered or re-collected
once it has been corrected. In all cases this should be clearly recorded in the CD
Order Book and/or electronic system, and witnessed where practicable.
22. Medicine deliveries which contain CDs should never be left unattended in an
unsecured location if a courier is unable to find a staff member on station who is
authorised to receive them. Ideally, all deliveries should be signed for and witnessed
by an appropriate member of trust staff. However if this is not possible (e.g. because
all staff on that station are currently deployed operationally), the delivery of CDs should
be left in an agreed secure location, which should be determined by the trust by
undertaking a risk assessment. Where this is the case, the CDs should be checked
and signed into the station CD safe or cabinet (hereafter referred to as the ‘CD safe’)
at some point during the shift by authorised staff.
Record of received CDs
23. On the day on which a CD is obtained by the trust (or if that is not reasonably
practicable, on the following day), the organisational register2
must be updated with the
quantity and other details of all CDs that have been requisitioned and received by the
trust.
24. Additionally, once the CDs have been placed into a CD safe on station and/or in a
vehicle, the relevant CD Record Book should be updated to include:
Date and time of entry
Name of supplying pharmacy
Quantity received
Name (legible), signature and HPC PIN (if appropriate) of the person making the
entry
Name (legible) and signature of the witness
2
As defined in the Misuse of Drugs Regulations 2001.

6
New stock balance.
Further information about CD Record Books can be found in section 7.
25. It is good practice to also record the batch numbers for the CDs, which will allow for a
clearer and more robust audit trail.
26. Ideally numbers should be recorded in words as well as figures to reduce the chance
of entries being altered. Regulations state that errors must not be cancelled or
obliterated in any way. Rather, the correct entry must continue on the line below. It
must be dated and should also be initialled.
Private work by NHS paramedics
27. Any paramedics undertaking private work in addition to NHS work must ensure that
their stock for that private work is properly obtained in accordance with regulatory
requirements and that an audit trail of the requisition is retained.

7
2 Delivery and transfer
28. This section provides good practice guidance on the movement of CDs from their point
of delivery and subsequent transfer. It is essential that all CDs are traceable from
receipt into the ambulance trust to their use and disposal; this particularly includes
delivery and transfer. The related policy and procedures should make it clear who has
custody and most importantly responsibility of the CDs at any point in time.
▪ CDAO
The CDAO must ensure that appropriate systems for the safe management of
CDs are established, operated and reviewed regularly, and that they comply with
relevant statutory requirements. With regard to delivery and transfer, the CDAO
must ensure that adequate and up-to-date SOPs are in place which specify roles,
responsibilities and procedures to be followed for delivery and transfer of CDs.
Operational and station managers are responsible for ensuring that trust policies
and SOPs are implemented correctly and consistently within their area of work
and locality. With regard to delivery and transfer, this includes ensuring that
authorised couriers and staff who may receive CDs on delivery are aware of the
procedures and of their own role in respect of them.
Storage of CDs during transfer
29. When being transferred between trust locations, CDs should be in a secure, locked CD
safe that meets the specification given in the CD physical storage section (section 4) of
this guidance. The vehicle should not bear any visible indication of the fact that it is
carrying CDs. If a CD order is unable to be delivered, it should not be left on the
vehicle and should be signed back into the CD safe at the medicines store (or
equivalent) on return.
30. When the authorised courier accepts an order for delivery, a check should be made
that the order is correct; any discrepancies should be discussed and resolved before
the order is taken away for delivery. Those transferring CDs should be on duty, in trust
uniform, and be in possession of a trust photographic ID card (except for contracted
couriers).
31. CDs should only be transferred in trust-approved vehicles. The Safer Management of
Controlled Drugs: A guide to good practice in secondary care guidance stipulates that
a taxi can be used for the delivery of CDs as long as certain conditions are followed.
Given that one of the tasks of the ambulance service is to be a transport provider this
should never be necessary.
Removing CDs from a vehicle
32. CDs and associated documentation should be transferred from a vehicle and stored
securely if:
The vehicle is taken out of service or is permanently decommissioned
The vehicle's CD safe has failed
Non-trust personnel are working on the vehicle unattended

8
The vehicle is not operational, is parked off a trust site and will be unattended (this
particularly applies to manager/officer lease cars, e.g. where the person is on
annual leave and the vehicle is at a home address)
The vehicle breaks down or is involved in an accident and is to be recovered.
33. If a vehicle is involved in an untoward incident, i.e. a road traffic collision, and taken
directly to a repair facility or police compound for evidential review, then a trust
officer/manager should attend the scene and remove and secure all CDs as soon as
practicable.
34. The trust should have a SOP in place for how CDs will be returned to the safe from
which they were drawn in the event that a paramedic is taken ill whilst on duty and
does not return to the ambulance station (e.g. hospital admission or going straight to
their home address).

9
3 Physical security
35. This section provides good practice guidance on the physical security measures for
premises and vehicles where CDs are stored. Not all of the recommended features will
be applicable to existing buildings; however any new build or planned refurbishment
should take these into consideration as part of crime prevention and security planning.
 Security Management Director (SMD)
The SMD is responsible for leading and communicating at executive board level
on security management in the organisation. The SMD also shares with the Chief
Executive final responsibility for security management matters3
.
 Local Security Management Specialist (LSMS)
The LSMS takes forward security management work locally in accordance with
national standards, reporting directly to the SMD. The LSMS will be able to identify
specific security risks and offer advice on measures that can be implemented to
reduce them.
 CDAO
The CDAO is responsible for all aspects of the safe and secure management of
CDs in his or her organisation. This includes ensuring that safe systems are in
place for the management and use of CDs, monitoring and auditing of the
management systems themselves and investigation of concerns and incidents
related to CDs.
 Responsible manager
An appropriate manager should be responsible for ensuring staff comply with trust
policies around all aspects of security, including on station and vehicles. This
manager is also responsible for ensuring that all defective vehicles are repaired.
Depending on the structure of the trust, the responsible manager may be an
operational manager or a clinical manager.
General design issues
36. Ambulance premises are subject to security risks which can have a significant impact
on operations and business continuity. These risks include:
burglary
theft of drugs, equipment and vehicles
criminal damage to property
vandalism
antisocial behaviour on premises
violence against staff
lone worker risks
theft of staff property
unauthorised actions by disgruntled staff or staff facing disciplinary action
unauthorised access by members of the public who could tamper with CDs
3
For further details on the roles and responsibilities of the SMD, see NHS Protect, Guidance for
Security Management Directors and Non-executive Directors (2010).

10
risks to patients as a result of individuals impersonating paramedics.
37. While security risks will vary depending on the building, environment and other
external factors, there are a number of general security considerations which, if
incorporated at the design and planning stage of ambulance buildings, can mitigate
some threats. Suitable physical security measures that address identified risks and are
supported by a strong pro-security culture among staff provide further protection for
CDs.
38. Security advice taken on board at the design and planning stage will prevent additional
security costs being incurred at a later stage.
39. For new build and refurbishment projects, the pharmacist or pharmacy advisor and the
LSMS should be included as part of the project team to ensure that all security risks
are identified and addressed in the new plans. The pharmacist will understand the law
and best practice around the safe and secure management of CDs and the LSMS will
have data on security incidents that can inform the design and aid in the selection and
use of physical security measures. The local police architectural liaison officer (ALO)
or crime prevention design adviser (CPDA) should also be consulted in conjunction
with the police Controlled Drugs Liaison Officer (CDLO) on any new build or major
refurbishment projects. The ALO or CPDA will be able to provide a Crime Impact
Assessment for the local area of the ambulance building and the CDLO will be able to
provide input into planning the location of storage facilities for CDs.
Perimeter security
40. The installation of perimeter fencing and perimeter access control to ambulance
premises should have due regard to the Crime Impact Assessment and any other
issues identified by the LSMS. Fencing certificated to LPS 1175 SR1are stored. There
are a number of points the project team should consider when planning the layout of
external areas and the site perimeter:
defining public and private areas with the use of defensive landscaping and
barriers
permeability issues if the site location overlaps with public footpaths/access rights
to other premises
creating a buffer zone with low-level defensive landscaping to provide protection
to ground floor windows
lighting schemes particularly at all entrances, so as not to allow any areas of
shadowing/pooling
neighbouring businesses (type and/or activity)
vehicle access and traffic management.
Landscaping
41. Any vegetation at the site should be kept to a maximum height of 1000mm in respect
of ground planting and any tree foliage should fall to no lower than 2m from the
ground. The resulting height differential allows for clear lines of sight between lower-
level vegetation and taller tree foliage. As well as ensuring that natural surveillance of
and from the building or parked vehicles is not impeded by trees or other vegetation,
this avoids creating any potential hiding places for would-be offenders to exploit.
Foliage and trees can also be used as a climbing aid and will need to be cut back and
maintained on a regular basis to prevent this.

11
42. Hard landscaping can inadvertently create seating or loitering spots and encourage
antisocial behaviour, therefore if used it should be designed to avoid this problem.
Building security
43. The external building fabric should offer no opportunities or climbing aids to would-be
criminals, such as canopies, projecting windowsills or exposed rainwater downpipes.
44. The internal layout of buildings is also an important consideration. The project team
should consult with the LSMS and ALO/CPDA when planning the placement of
security-sensitive areas such as the CD safe/store room, control room, IT server room
etc. to provide multiple opportunities to deter, detect and delay security breaches.
45. For a new build or refurbishment project it is recommended that CD safes are placed
within a lockable room that is monitored by CCTV. This room should be located so that
it also allows for natural surveillance.
46. Where there are no plans for refurbishment, trusts should review the location of their
CD safes and take additional precautions. The area/room where the CD safes are
placed must be lockable.
Doors
47. All doors should be capable of being locked. All external doors and those along the
route to the CD storage area should be certificated to LPS 1175 SR2 or similar as a
minimum requirement.
48. Emergency escape doorsets (as with external doors) should be certificated to LPS
1175 SR2 as a minimum requirement. It is important that the required panic hardware
(certificated to BSEN179) is permitted under the product’s certification. These doors
should be fitted with door contacts programmed in to a 24-hour alarm circuit which is
armed at all times. Audible alarms on opening, relayed to external security or alarm
control receiving centre or main control room, may also be included to identify
unsecured doors.
49. The lockable door to the room where the CD safe is stored should have a door viewer
to aid observation.
Access control
50. All doors, particularly those leading to security-sensitive areas such as CD safes and
storage rooms containing valuable medical equipment and consumables, should be
access controlled. Only certain doors are appropriate for use with access control
systems, therefore the type of door used should be when implementing the system.
51. CDs should be protected using a dual system, i.e. the CD safe should be stored within
a lockable room. It is recommended that numeric key pads are avoided for the
lockable room where CDs are stored, because codes can be easily observed, written
by staff on door frames, or not changed on a regular basis, compromising security.
They also do not provide a means of auditing movement into an area (see section 5 on
managing access to CDs). If numeric key pads are used, the codes should ideally be
changed monthly. In addition, key pads should be monitored for signs of wear and
replaced as worn keys can indicate the access code.

12
52. An access control system provides an audit trail and allows the trust to control access
levels for its staff; therefore this system should have strong links to Human Resources
(HR) processes, so that starters and leavers information is reconciled with access
permissions. The system should also be monitored and reviewed on a regular basis to
ensure compliance, and modifications should be made when necessary. The LSMS
should have oversight of the implementation and maintenance of this system and
incidents of abuse or weaknesses reported to them so that further deterrent and
preventative measures can be put in place. Access control measures work best when
used properly by staff.
53. Trusts should consider undertaking a cost-benefit analysis of installing and utilising
appropriate technology to control access, such as a swipe card access system. This
can provide a more accurate audit trail of individuals accessing CDs, makes staff more
accountable and reduces the number of keys in circulation which can be lost or stolen.
These systems also allow for the immediate management of an individual’s access in
the event of an incident.
Alarms
54. If an alarm is installed, it should be linked to contacts on all external doors. Ideally
central CD stores or the room where the CD safe is located should be alarmed. A risk
assessment would assist the trust in determining the requirement for the CD safe or
lockable room to be alarmed, whom the alarm will alert, and the response required.
55. Best practice recommends that door alarms should be activated both in case of forced
entry and if a door is left unsecured. There should be a local SOP in place for the
response when the alarm is activated. Ultimately it should be a police response for
activated alarms in un-staffed ambulance trust buildings where CDs are stored. Alarms
should be installed to BSEN 50131:2008 grade 2 requirements. Alarm receiving
centres should be certificated to BS5979.
Windows
56. All windows should be certificated to BS PAS 24:2012 or similar (minimum
requirement) and opening lights should be fitted with restrictors (limited to 100mm
opening). Windows at ground level should be lockable.
57. All glazing in windows and doors that are at ground floor level or easily accessible from
ground floor level should be laminated (on at least one pane in double-glazed units) or
certificated to BSEN356:2000 Performance Specification P5a (minimum requirement).
Lamination prevents the glass from shattering or breaking if struck.
58. It is recommended that the room where CDs are kept does not have windows as this
provides a potential means of access. If this is unavoidable, the window should be a
non-opening light, with laminated glass certified to BSEN356:2000 Performance
Specification P5a (minimum) or a fixed security grille installed from the inside. Any
such grille should be tested and certificated to LPS1175 SR2 or similar.
CCTV
59. The use of CCTV as part of an overall integrated security strategy can help to deter,
prevent and detect security-related incidents, as well as providing evidence for
investigations following an incident. CCTV can be intrusive and its operation must
comply with the provisions of the Data Protection Act 1998 and the Information
Commissioner’s Office CCTV code of practice (2008).

13
60. The installation of overt and well-publicised CCTV cameras should be considered for
areas where there is an identified security risk. In particular it is recommended that
CCTV is used to monitor access points to the CD central stores and/or drug safe. The
CCTV cameras should be placed at an angle that allows them to capture activity at the
safe in addition to the identification of the individuals accessing the safe and the room.
Lighting
61. Lighting in the lockable room where CDs are stored should be motion-activated to
support CCTV coverage when individuals enter the room. Lighting schemes should
ensure there are no dark corners or areas that could be used as hiding places. They
also need to take account of CCTV, as they can help or hinder the identification of
individuals onscreen. This applies to both external and internal lighting schemes.
62. Ambulance trusts should also ensure there is a requirement for staff entering the room
to remove any face coverings, with due regard to religious and cultural customs.
Motorcycle paramedics should also remove their helmets, and bicycle paramedics
should remove anti pollution cycle masks and fashion eyewear not including
prescription sunglasses.
63. Lighting fixtures should produce white light as opposed to yellow or orange light. Metal
halide light bulbs (or bulbs with comparable output) offer superior colour rendition over
alternatives such as high- and low-pressure sodium bulbs. Lighting systems should
meet the requirements of BS5489:2003 or EN13201. Further information on ‘Lighting
Against Crime’ is available from ACPO Secured by Design.
Vehicle security
64. Ambulance trust vehicles containing CDs should be locked, alarmed and immobilised
when not occupied or when left unattended (i.e. out of sight of the crew) at the scene,
hospital or treatment centre. If the vehicle is not resourced and left in the station
compound or garage, it should be locked and the keys placed in the secure designated
place on station. When resourced and on station, the vehicle and CD keys should not
be left on the vehicle or in the ignition and should instead be on the paramedic’s
person.
65. Any vehicle CD safe keys should not be joined or bound to the main ambulance
vehicle ignition key. This prevents the CD safe key accidentally going to a garage or
maintenance facility attached to the vehicle ignition key, or being left in the ignition
should ‘run lock’ fail or should it not be utilised by a crew who leave a vehicle
unattended.
66. Vehicles that have security features such as locks or ‘run lock’ that are defective or
non-operational should be reported and repaired as soon as possible. These vehicles
should be taken ‘off the road’ and not used operationally.
67. Un-liveried lease or officer cars that are parked at non-trust premises overnight, such
as at a staff member’s home address, potentially carry more risks. Cars should have
the magnetic blue light removed so as not to draw attention to the fact that there may
be CDs and other valuable trust property inside the vehicle. Any lease or officer car,
liveried or un-liveried, should be locked, alarmed, and ideally garaged, and should not
have an excessive number of CDs stored, just the minimum stock required for
operational response requirements overnight. All vehicles (particularly cars) should

14
have tinted windows which ensure that CD safes are not visible from the outside of the
vehicle.

15
4 Storage
68. This section provides good practice guidance on the physical storage of CDs on
premises and vehicles.
 CDAO
The CDAO is responsible for all aspects of the safe and secure management of
CDs in his or her organisation. This includes ensuring that storage arrangements
for CDs meet legal requirements and recommended security standards.
69. The Misuse of Drugs (Safe Custody) Regulations 1973 (SI 1973 No 798) cover the
safe custody of CDs in community pharmacies and care homes. The regulations do
not apply to ambulance trusts, but are considered to be the minimum standard for
storage of CDs. Ambulance trusts do not have to obtain an exemption certificate from
their CDLO for CD safes, as this only applies to the premises specifically mentioned in
the regulations.
70. CD safes must be locked when not in use. The lock must not be common to any other
lock in the ambulance station or vehicle. The CD safe should only store CDs and
associated CD records; no other item or medicine should be stored in the safe.
Premises
71. As ambulance premises do not have a 24-hour staff presence, the CD safes should be
tested and certificated to the SOLD SECURE standard silver rating. As previously
discussed in section 3, CD safes in ambulance premises should be placed in a
lockable room (ideally with no windows) that is monitored by CCTV. The CD safe
should be installed in accordance with SOLD SECURE specifications and wherever
possible to the silver grade.
72. Due consideration should be given to which wall the CD safe is fitted to and the
associated risks. For example, attaching a safe to an external wall carries the risk that
it can be accessed or removed from the outside of the building; while an internal wall
made of plasterboard or other material may not be robust enough to hold the safe if
force is exerted with the intention of removing it.
73. See section 3 for further information about building security.
Vehicles
74. CDs should only be carried in trust-approved vehicles, and generally not in private
vehicles unless they are approved for off-duty responder activities, and meet the
minimum standards outlined below.
75. For ambulance vehicles, the CD safe should be tested and certificated to the SOLD
SECURE standard silver rating. To achieve the adequate protection, all brackets and
fixtures supplied with the safe should be utilised in accordance with the manufacturer’s
instructions. CD safes in all types of vehicles should be fixed to a secure vehicle
mounting point (metal structure of the vehicle) on the vehicle chassis with bolts which
can only be accessed from within the safe.

16
76. Some makes or models of ambulance cars may have a false floor; this should be
checked and extra precautions taken by installing a bracket (supplied and installed to
the manufacturer’s instructions) to a secure mounting point on the vehicle chassis.
The bolts used to secure the safe to the bracket should only be accessible from within
the safe.
77. Ambulance cars with CD safes should be alarmed and stored overnight in a garage, if
CDs are left in situ because of operational requirements.
Storage on the person
78. Where CDs are stored on the person of the paramedic rather than in a vehicle safe, it
is recommended that they are held in a specially designed ampoule holder or pouch,
either attached to the belt or in a secure pocket to prevent breakages.
79. CDs should be kept out of sight as much as possible when being stored on the person.
Under no circumstances should staff place themselves in danger by attempting to stop
someone if threatened to hand over medicines or when witnessing a person stealing
medicines.
Patients’ own CDs
80. CDs taken with a patient on admission into hospital are individually dispensed for a
named patient and therefore considered to be in the patient’s possession. They should
not be stored in the ambulance’s CD safe and therefore not recorded in the CD Record
Book. The same applies to CDs that are part of discharge medication.

17
5 Managing access
81. This section provides good practice guidance on the management and control of
access to CDs.
 CDAO
The CDAO has statutory responsibility for ensuring that appropriate arrangements
are put in place and operated at the trust for the management of access to CDs, in
order to comply with misuse of drugs legislation. The CDAO must ensure that a
SOP is in place covering who has access to CDs.
 Responsible managers
The area manager or station manager with overall responsibility for key holding and
access to CDs in their area or locality should ensure that arrangements are in place
to only enable access to CDs by appropriate registered health care professionals.
 Registered paramedics and other registered healthcare professionals
Key holding and access to CDs for which access is controlled under the Misuse of
Drugs (Safe Custody) Regulations 1973 is also shared with all registered
paramedics and other registered healthcare professionals who may legally possess
CDs for the treatment of sick and injured persons. This includes CDs that
healthcare professionals can supply, offer to supply and/or administer under a
Patient Group Direction.
 Other staff
Access can also be delegated to other suitably trained, authorised staff (e.g.
logistics manager/staff) for specific operational purposes such as stock checking,
auditing, investigating discrepancies and delivery of stock. Where these staff
members do not have authority to possess CDs in their own right, these tasks
should be supervised, and legal responsibility rests with the registered healthcare
professional who delegates the task or activity.
CD key management
82. In the event that keys rather than swipe card access are used to access CDs, the
following precautions should be taken to securely manage CD keys.
All CD keys should be signed for on initial issue.
A SOP should be established for the distribution of CD keys which includes an
audit trail that shows how keys are managed and used.
As part of the system to manage CD keys, a regular inventory should be
undertaken of the keys in possession of individuals/departments. The frequency of
this inventory should be determined by a local risk assessment.
There should be much stricter controls around the access to, and use of, master
keys which open all the locks of a particular set. In the event that a master key is
used to provide access, its use should be supervised. The number of staff with
key holding responsibility for master keys should be strictly limited to a small
number of authorised staff.

18
83. There are now secured key cabinets that can provide an electronic audit trail and only
provide access to authorised users. However the use and implementation of this type
of system can be costly; ambulance trusts are advised to undertake a risk assessment
and cost benefit analysis before considering such an investment. The LSMS should be
involved in this process.
CD key security
84. CD keys should be kept in a secure cabinet in a secure location (locked room within a
supervised area) and on sealed, numbered rings with no other means of identification.
CD keys should not be marked or labelled with the terms ‘Morphine’, ‘Drugs’, ‘CDs’ or
‘Medicines’.
85. Key holders should be advised that they are not to duplicate CD keys and made aware
of the ambulance trust’s protocol for reporting lost or missing keys. If CD keys are lost
or missing, extra precautions should be taken to ensure that a secure environment is
maintained.
86. In a vehicle-based system while a vehicle is not being used but contains CD stock, the
vehicle CD safe key should be kept in a locked safe that is certified to LPS 1175 SR1
and located in a secure room.
CD stock for doctors’ use
87. CD stock that only doctors can use – e.g. those which are used by air ambulance
doctors – should be stored separately from other CDs at the trust.

19
6 Security of controlled drug stationery
88. This section provides minimum security standards and good practice guidance for the
security, use and management of CD stationery. This refers to CD Registers, CD
Record Books, CD Order Books, stock check and audit forms, and all other types of
paper-based forms and records used in CD management, whether blank, currently in
use, obsolete or completed.
89. CD stationery should be subject to the same rigorous security controls as CDs
themselves, in order to prevent the illicit use of forms and the manipulation, falsification
or destruction of records with the aim of obtaining CDs for improper use. An important
aspect of this is to ensure that there is a clear audit trail from receipt of CD stationery
items to the use of and return of completed stationery.
▪ CDAO
The CDAO has statutory responsibility for ensuring that appropriate arrangements
are developed and implemented at the relevant body for the safe and secure use
and management of CDs. The security of CD stationery also falls under the CDAO’s
responsibility as it is directly related to the security of the CDs themselves. The
CDAO should ensure that a local SOP is in place which details the storage, access,
issuing, use, return and destruction of CD stationery.
▪ LSMS
The trust’s LSMS should be involved in providing input on secure storage and
security-related aspects of the policies and procedures around management of CD
stationery. In the event of suspected theft of CD stationery or other security-related
incidents, the LSMS should be involved in the ensuing investigation.
locality.
▪ Authorised staff
Authorised staff who use and/or conduct audits of CD stationery have responsibility
for carrying out their respective roles in accordance with the local SOP detailing the
requirements for storage, access, issuing, use, return and destruction of CD
stationery.
Storage
90. Standards for secure storage of CD stationery (blank, in use and completed) are the
same as those for secure storage of CD stocks, which have been described in detail in
section 4. This means that as a minimum, CD stationery items should be kept in a
locked cabinet within a lockable room or area.
91. As a matter of good practice, CD Record Books should be stored in the same safe as
the CDs to which they refer. This minimises the need to carry the book from one place
to another and also serves as a reminder for the paramedic or other healthcare
professional to complete the necessary record when adding, removing or counting
stock. Securing the CD Record Book can also help prevent fraudulent entries being

20
made by unauthorised individuals. Additionally, the loss or theft of the book would
make it more difficult to recognise a loss or theft of CDs and/or to determine the
amount of the loss.
92. The ambulance trust’s local SOP should specify which members of staff have access
to the various items of CD stationery. CD Record Books should only be accessible to
staff who are authorised to possess the CDs to which they refer, as well as managers
and delegated staff responsible for stock checks and audits. Likewise, CD Order
Books should only be accessible to staff who are authorised to order CDs, those
involved in the transfer of ordered stock between the supplying pharmacy and the
trust, and managers and delegated staff involved in stock checks and audits.
Issuing CD stationery
93. In most cases CD Record Books, CD Order Books and other CD stationery are issued
from the trust headquarters or hub to individual stations. There should be a procedure
in place for an operational manager to make a request to the relevant department for
blank CD stationery. Ambulance trusts should consider operating a system similar to
the requisitioning of CDs, with requisition forms completed, approved and witnessed,
and copies retained by both the ordering station and the supplying department.
94. During transfer from one location to another, CD stationery should be secured in the
same way as CD stocks (see section 2). It is not recommended to send blank CD
books or forms through the post; however if this is unavoidable, additional security
measures should be put in place in case the package is intercepted. For example, the
books and packs of forms should be sealed in a way that is tamper-evident.
95. In addition, as a matter of good practice, all controlled stationery should be serial
numbered and the numbers recorded. Where stationery goes missing during transfer,
the serial numbers can be noted, which will enable staff to detect attempts to use
stolen forms or books to obtain CDs illicitly. The use of serial numbers can also assist
in detecting fraudulently produced CD stationery.
96. CD stationery orders should ideally be received, checked and signed for by a
designated member of staff on station, and should never be left unattended in an
unsecured location. Similar security precautions should be taken as with delivery of
CDs in instances where no staff members are present to receive an order.
97. Where necessary, similar controls – e.g. verification of identity and authorised
signatories – should be implemented as those described in section 1 relating to the
collection, delivery and receipt of CD stock.
Returning items
98. In the case where CD stationery has been updated or amended in some way, all
unused and obsolete items should still be treated as secure stationery. All items
should be collected and disposed of with the same considerations as apply to
completed CD stationery.
99. There should be a procedure in place and detailed in the local SOP for returning
completed or obsolete CD Record Books and CD Order books to the facility where
they will be stored. They should be clearly marked to indicate that they are no longer to
be used, and any remaining lines should be struck through.

21
100. If it is unavoidable that completed or obsolete CD stationery is returned through the
post, the healthcare professional responsible for mailing it should ensure that the
forms/books are very clearly marked as void before they are posted, in order to
eliminate the risk that they will be intercepted and used fraudulently. Serial numbers of
completed/void stationery should be reported to the relevant department.
Destruction
101. Used CD stationery should not be retained by the trust for longer than necessary. The
legal requirement for records relating to CD use and management is two years from
the date of the last entry, although a longer period of storage may be required in order
to comply with other statutory requirements. Best practice is to keep records of CD
destruction for a minimum of 7 years.
102. Where old CD stationery awaiting destruction contains details of administration to
patients – e.g. in the CD Record Book – this should be treated as confidential waste.
All trusts should have a local SOP in place for the destruction of confidential waste.
See chapter SB7 ‘Security of NHS stationery and destruction of confidential waste’ in
NHS Protect’s NHS Security Management Manual for more on standards for secure
destruction of these items.

22
7 Reporting and audit
103. This section provides good practice guidance and minimum security standards relating
to reporting and audit of all aspects of the use and management of CDs. The aim is to
reduce the risk of theft or diversion, as well as to ensure an appropriate and timely
response to any identified loss, discrepancy or other irregularity.
▪ CDAO
The CDAO has a statutory responsibility for ensuring that suitable arrangements
are in place for the monitoring and auditing of the management and use of CDs by
relevant individuals4
who are employed by or work on behalf of the trust. In addition,
the CDAO is responsible for ensuring that the trust establishes and operates
appropriate arrangements for monitoring, assessing and investigating concerns
about the improper management of CDs, in compliance with relevant legislation,
and that the trust takes appropriate action where concerns in relation to the
management or use of CDs are well-founded. Furthermore, the CDAO must ensure
that arrangements are established for the proper sharing of information with
responsible bodies and participation in the CD Local Intelligence Network (CDLIN)
on behalf of the trust.
▪ LSMS
In the case of a concern regarding the use and management of CDs, the LSMS
may undertake or participate in undertaking an investigation at the request of the
CDAO. Where specific security issues are identified – for example in the case of
suspected theft – a separate investigation via NHS Protect security management
processes should be undertaken by the LSMS.
Appropriate managers should be specified in the SOP as having responsibility for
ensuring that CD stock checks and audits are carried out with the correct frequency;
and that reports of discrepancies or incidents are investigated and escalated
properly. Managers who are not legally authorised to possess CDs will need to
conduct CD tasks in conjunction with someone authorised to do so.
▪ Registered paramedics and other registered healthcare professionals
Registered healthcare professionals are accountable at all times for CDs in their
possession. They are responsible for recording the withdrawal, movement,
administration, and disposal of all CDs in their possession in the CD Record Book,
and for ensuring that the running total is kept up-to-date and accurate. Where a CD
has been administered to a patient, it is the responsibility of the healthcare
professional to ensure that the details are also documented on the Patient Report
Form (PRF).
▪ All staff
All staff involved in the use and/or management of CDs are obliged to report any
discrepancies or concerns to an appropriate on-duty manager as soon as
practicable and before completion of their shift so that these can be investigated in
a timely manner.
4
The term ‘relevant individual’ is defined in section 17(8)(b) of the Health Act 2006.

23
CD Register
104. Trusts are required under the Misuse of Drugs Regulations 2001 to keep an
organisational register for CDs. A separate register must be used for each type of CD.
The organisational register must be updated on the day on which a drug is obtained,
supplied or destroyed.
105. As stated in Regulation 20(c) of the Misuse of Drugs Regulations 2001, entries must
be made consecutively in date order and written in indelible ink. No obliteration or
alteration must be made; any corrections must be made only by way of a marginal
note or footnote; or otherwise by a single line through the erroneous entry with a new
entry written underneath. Corrections must be dated and should be initialled.
106. The CD Register should be treated as controlled stationery and kept securely stored at
all times with access restricted to authorised staff only (see section 6).
CD Record Book
107. The requisition, use, movement and disposal of CDs should be recorded in a
dedicated CD Record Book which pertains to the particular station or vehicle safe. The
design of the CD Record Book may vary, but in all cases it should be bound, with
numbered pages. A separate book should be used for each type of CD, even if they
are stored in the same CD safe.
108. The CD Record Book should be able to record:
Amount in/out
Amount administered/wasted (if applicable)
Patient name and details (if applicable)
PRF reference number and case number (if applicable)
Amount removed for disposal
Name (legible), signature and HPC PIN (if appropriate) of healthcare professional
Name (legible) and signature of witness (if possible)
Current stock balance
Notes.
109. Every entry in the CD Record Book should, wherever possible, be countersigned by a
witness.
110. For a more robust audit trail, the CD Record Book should also record the batch
number of CD ampoules that are stored, issued, administered or destroyed. However it
is acknowledged that this is not possible in all cases. Consideration should also be
given to the recording of DOOP (Destruction of Old Pharmaceuticals)/denaturing kit
reference numbers for entries on CD disposal.
111. It is good practice for entries in the CD Record Book to follow the requirements set out
in Regulation 20(c) of the Misuse of Drugs Regulations 2001 for organisational CD
registers. Entries should be made consecutively in date order and written in indelible
ink. No obliteration or alteration should be made; any corrections must be made only
by way of a marginal note or footnote; or otherwise by a single line through the
erroneous entry with a new entry written underneath. Corrections should be dated and
initialled.

24
112. The trust should keep a signature specimen for each member of staff who will make
entries in the CD Record Book.
113. The CD Record Book should be treated as controlled stationery and kept securely
stored at all times with access restricted to authorised staff only (see section 6).
Patient Report Forms (PRFs)
114. Where a CD is administered to a patient by a paramedic or other healthcare
professional working on behalf of the trust, the dosage given and the amount disposed
of (where applicable) should be recorded on the PRF. Information recorded on PRFs
can be useful in cross-checking against what has been recorded in the CD Record
Book with regard to administration and wastage amounts.
115. PRFs must be retained in accordance with the NHS Code of Practice on
Confidentiality and Records Management and should remain accessible to relevant
staff at the trust for use in audits.
Stock checks and audits
116. At the time each entry is made in the CD Record Book, the healthcare professional
making the entry should count the stock in the CD safe before filling in the new stock
balance.
117. A stock check of all CDs stored at a station/hub and/or on vehicles associated with that
station/hub should be carried out by the responsible manager at a sufficient frequency
determined by a local risk assessment. If CD stocks are issued and stored in a vehicle-
based system, stock should be counted and verified each time the vehicle is handed to
an oncoming crew or solo responder.
118. A stock check consists of ensuring that the addition and subtraction of amounts in the
CD Record Book have been done correctly, and that the running total recorded
matches the actual stock stored in a particular safe or vehicle. It is not necessary to
open packs with intact tamper-evident seals during a stock check. Barring exceptional
circumstances, stock checks should always be witnessed by another member of staff.
119. Approximately every six months (or as determined by a local risk assessment) a more
in-depth audit should also be conducted. This should take account of all CDs in the
possession of paramedics and healthcare professionals (if applicable) and all those
stored in CD safes, reconciling these against the CD Register, CD Order Book, CD
Record Book, PRFs and disposal/destruction records. The CDAO should have
oversight of these audits.
120. In addition, it is advisable that unannounced snapshot audits or spot checks be carried
out to reconcile different sets of records or to ensure compliance with policy,
procedures and record-keeping requirements relating to the use, management and
security of CDs. These should be undertaken based on information/intelligence
received and risk assessment, as determined by the CDAO.
121. All checks/audits should be recorded, either in the CD Record Book or in a separate
record book. The information recorded should include at a minimum:
Date and time
Stock total
Any discrepancies identified and to whom they were escalated

25
Name (legible) and signature of person conducting the stock check
Name (legible) and signature of witness.
122. If a separate record book is used, it should also record which stock is referred to (e.g.
the locality and type of CD) and which records were used to compare with stock
counts.
Identifying patterns
123. In addition to verifying stock numbers and reconciling different sets of records, the
audit process should have the aim of monitoring and identifying unusual patterns of
CD issuing and/or administration. This may require additional periodic audits or may
be done as part of another process. Analysis of patterns may be carried out by the
clinical audit department or other appropriate department in accordance with the local
SOP.
124. If a paramedic or healthcare professional has signed out or administered a significantly
higher amount of one or more CDs than his or her colleagues, it is not necessarily a
sign of improper or unlawful activity. However, if this is consistently the case, the trust
should ensure that a procedure is in place to raise a flag for examination by the
responsible manager.
Independent audits
125. It is recommended that trusts undertake independent audits in addition to the stock
checks and audits performed by the operational staff in charge of a station or vehicle.
Independent audits may be undertaken either by external auditors or by a
manager/team not responsible for the particular locality being examined. This would
benefit the openness and transparency of the CD management system and thereby
minimise opportunity for collusion.
Storage of records
126. The Misuse of Drugs Regulations 2001 require that all records relating to CDs must be
kept for a minimum of two years after the date of the last entry; however a longer
period of storage may be required in order to comply with other statutory requirements.
CD records should be stored in such a way that they are available for inspection at all
times to those persons authorised to undertake audits. As a matter of best practice,
records relating to CD destruction should be retained for a minimum of 7 years.
127. Storage, retention and disposal of CD-related records must also comply with the NHS
Codes of Practice on Records Management and Information Security Management.
128. See section 6 for more detail on storage of used CD forms, books and other CD
controlled stationery items.
Record of concerns
129. The CDAO must ensure that all concerns about incidents that involved or may have
involved improper management or use of CDs by a healthcare professional (or other
staff, responsible individual or medical practitioner working on behalf of the trust) are
properly recorded. This task may be delegated to an appropriate member of staff by
the CDAO.

26
130. The register of concerns must be subject to appropriate measures to maintain
confidentiality and to limit access to the CDAO (and his/her staff) and others who need
access for the purposes of ensuring the safe management and use of CDs.
131. Prior to the 2013 regulations, there was a requirement for the register of concerns to
include the following at a minimum, and this is still considered good practice:
Date the concern was reported to the CDAO
Date(s) on which the relevant incident(s) took place
Details regarding the nature of the concern
Details of individual(s) related to the concern
Name and details of the person or body who raised the concern
Details of any action taken by the designated body
Whether the information has been/should be shared with the CDLIN and/or
disclosed to another responsible body, and associated details.
Information sharing
132. There is a statutory requirement for CDAOs at NHS England to establish CDLINs to
cover the whole of England. The Controlled Drugs (Supervision of Management and
Use) Regulations 2013 require trusts to participate in the CDLIN which covers their
area of operation. In the case of ambulance trusts, there may be more than one CDLIN
in the trust area. The purpose of the CDLIN is to enable all designated and responsible
bodies to share information and intelligence, including concerns about certain
practices or individual(s), with regard to the safe management and use of CDs.
133. Trusts have a statutory duty to co-operate with other responsible bodies in connection
with incidents or concerns about CD management or use in which action may need to
be taken. This may include disclosure of information about such cases, subject to
appropriate measures to remove confidential patient information where practicable. .
134. Trust CDAOs may be required to submit an occurrence report on a quarterly basis (or
more frequently if appropriate) to the CDAO at NHS England leading the CDLIN. The
occurrence report should contain details of any concerns that the ambulance trust has
regarding its management or use of CDs; or confirmation that it has no concerns to
report regarding its management and use of CDs.
135. The CDAO should attend the CDLIN meetings or nominate an appropriate named
member of staff, such as the pharmacist or LSMS, to attend on his/her behalf, in order
to share information on CD-related activity and incidents with other organisations who
may be affected or have additional information.
Reporting of CD irregularities and security incidents
136. All staff have a duty to report any suspicion that the security of CDs within the trust has
been or may be compromised as soon as it arises. This would include reporting of any
perceived loss, discrepancy in stock checks, failure to complete the CD Record Book,
unusual issuing or administration pattern, or other irregularity.
137. There must be a reporting system in place (this could be confidential) which allows for
the matter to be escalated appropriately; this should be linked to the trust’s risk
management and incident reporting systems. In addition, all security-related CD
incidents, such as theft or robbery (real or attempted) should be recorded on the NHS
Protect’s Security Incident Reporting System.

27
138. All discrepancies in stock balances that cannot be immediately resolved or accounted
for should be reported to the CDAO or other designated manager who will escalate the
matter to the CDAO if/when necessary.
139. With regard to CD security incidents, it is left to the discretion of the CDAO when to
inform the police and the CDLIN lead CDAO. The CDAO may also consider informing
the Home Office (Drugs Licensing). However it is recommended that in the event of
loss of a CD, the police should be informed where the item cannot be accounted for
within 24 hours. The trust should consider developing a local SOP for the decision
making process to contact the police.
140. The trust must have a procedure in place in the event that a staff member suspects
criminality or impropriety involving the CDAO, whereby the matter is escalated up to
the Chief Executive.
Missing CD keys
141. If the CD keys cannot be found then the station/area manager, or officer on-call out of
hours, and the control room should be notified immediately. A procedure should be in
place to ensure that the security of CD stocks is preserved and as soon as practicable
the contents of the CD safe are checked against the CD record book to identify any
discrepancies or anomalies.
142. Once efforts to retrieve the missing key are exhausted and the keys still cannot be
found, then the CDAO should be informed as soon as practicable and, depending on
circumstances, the police should be contacted.
143. Any actions or decisions taken should be proportionate and risk assessed against the
circumstances of the potential loss. This should be recorded on the trust’s incident
reporting system. In high-risk situations, CDs should be removed from the safe
pending changing of the locks or the safe itself.
Investigation and response
144. As a matter of good practice, when a discrepancy is discovered through a stock check,
the particular station CD safe should not have any more stock added or removed from
it until the matter is fully investigated and resolved. In circumstances where this is not
possible, the movement of stock into and out of the CD safe in question should be
supervised by the locality manager or other appropriate manager.
145. Where there is a concern about the use or management of CDs by a relevant
individual, the CDAO must ensure there are appropriate arrangements in place to
determine whether the incidents or concerns require investigation, and if necessary
facilitate an investigation. The investigation may be carried out by the CDAO
him/herself or by a nominated officer of the trust such as the LSMS. Alternatively, the
CDAO may make a written request for a joint investigation to be undertaken by one or
more ‘responsible bodies’, including the police, NHS Protect and regulatory bodies.
Although the Care Quality Commission would not be actively involved in the
investigation, they would need to be notified of the details of the investigation and the
outcome.
146. Where it is determined that an incident, complaint or concern requires investigation or
other action, the CDAO of the trust must notify the lead CDAO of the CDLIN covering
the relevant area and any other responsible body he/she considers appropriate.

28
147. In the event that an amount of CD stock is suspected stolen, or the CD Record Book is
suspected stolen, the LSMS should undertake an investigation according to NHS
Protect security management processes. In some cases (e.g. self-prescribing of CDs
by a health professional) there may also be an element of fraud against the NHS;
LSMSs should liaise with the Local Counter Fraud Specialist to ensure that these
issues are addressed.
Lessons learned
148. The trust should have a procedure for compiling lessons learned based on the findings
of CD audits and investigations of discrepancies, irregularities, loss or theft of CDs.
These should feed into improved security controls by way of a periodic review of
relevant policies and SOPs, as well as ad hoc reviews following CD security incidents.
149. The trust should also have a procedure in place for reviewing policies and procedures
in light of legislative changes.

29
8 Destruction and disposal
150. This section provides good practice guidance for the secure destruction and disposal
of unused amounts of CDs, broken or damaged ampoules, or out-of-date stock. The
aim is to ensure that destruction and disposal are carried out in accordance with
relevant legislation, and that a robust audit trail relating to all CD stock is maintained.
▪ CDAO
The CDAO is required to establish and operate, or ensure that the trust establishes
and operates, appropriate arrangements for securing the safe destruction and
disposal of CDs which comply with relevant statutory requirements. The CDAO
must ensure that adequate and up-to-date SOPs are in place for the destruction
and disposal processes. The SOPs should specify the details of who is authorised
to undertake CD destruction and how this should be carried out within the
organisation. The CDAO is also responsible for authorising individuals to witness
CD destruction; however the CDAO him/herself is not authorised to take part or act
as a witness to the process.
▪ Nominated person(s) for CD destruction
A person(s) nominated and authorised by the CDAO is responsible for carrying out
destruction of out-of-date stocks of CDs. This person is accountable for ensuring
the security of the process and for making a record in the CD Record Book.
▪ Police CDLO
The role of the police CDLO involves giving advice and support to professionals to
help prevent the diversion of CDs into the illegal drugs market. The CDLO may
undertake targeted inspections by invitation from the CDAO, as well as other
intelligence, prevention and enforcement activities in partnership with health
professionals.
▪ Authorised witnesses
Those persons authorised by the CDAO to act as witnesses for CD destruction
(described in the Misuse of Drugs Regulations 2001 as ‘authorised persons’) should
be directly accountable to a director of the trust and should not be involved in the
routine supply or administration of CDs. They should have appropriate training and
governance arrangements and should be subject to a professional code of ethics
and/or Criminal Records Bureau checks. The CDLO amongst others can be an
authorised witness for the destruction of CDs, although this is not normally part of
the CDLO’s routine role.
locality.

30
▪ Registered paramedic and other registered healthcare professionals
All registered healthcare professionals are accountable for the disposal of unused
amounts of CDs following administration to a patient and of broken or damaged
ampoules in their possession.
Methods of destruction
151. The main principle for destruction of CDs is that they should be rendered irretrievable
prior to being placed in suitable waste containers and sent for incineration. This is
most commonly done using a DOOP container or other denaturing kit. The local SOP
should specify the methods of destruction appropriate for each type of CD.
152. If out-of-date CDs need to be delivered to a station, hub or central store for
destruction, staff should refer to section 2 for security considerations during transfer of
CDs by vehicle.
153. Destruction of out-of-date Schedule 2 CDs must be witnessed by an authorised
witness.
Recording destruction of CDs
154. When a stock CD requiring record keeping is destroyed, details must be recorded in
the organisational register, including particulars of the date of destruction and the
quantity destroyed. This must also be signed by the authorised witness.
155. The destruction of station, vehicle and personal issue CDs requiring record keeping
should be recorded in the relevant CD Record Book with the following details:
Date of entry
Quantity destroyed
Name (legible) and signature of the nominated person who carried out the
destruction
Name (legible) and signature of the authorised witness
Current stock balance.
156. As a matter of best practice records relating to CD destruction should be retained for a
minimum of seven years.
Unused amounts
157. Following administration of a CD to a patient, the healthcare professional should
dispose of any unused amounts remaining in the syringe in an appropriate manner – in
most cases, by emptying it along with the ampoule into a sharps bin containing an
appropriate absorbent pad. When the bin is sent for destruction, it should be labelled
clearly, e.g. ‘mixed pharmaceutical waste and sharps (for incineration)’.
158. A more secure method would be to dispose of the unused amount directly into a
DOOP container or other denaturing kit provided by the trust (see more detail under
‘Methods of destruction’ above).
159. Under no circumstances should a partially used syringe of morphine or other CD be
handed to another crew or other practitioner taking over care of the patient, because
the originally attending healthcare professional will not be able to account for any

31
further amount administered or disposed of. This will also prevent any opportunities for
diversion, whereby, for example, a practitioner pockets the syringe containing a CD
and passes off another containing another substance as morphine.
160. The amount disposed of in the sharps bin should be recorded in the appropriate place
on the PRF, as well as in the CD Record Book, which should include:
Name of patient
Quantity administered
Quantity disposed of
PRF reference
Name (legible), signature and HPC PIN of paramedic
Name (legible) and signature of witness, where possible
Current stock balance.
Out-of-date stock
161. Out-of-date CD stock should be stored separately from other CD stocks in an
appropriate CD cupboard and clearly marked (e.g. ‘EXPIRED NOT FOR USE’) to
minimise the risk of accidental administration. They should never be used for training
purposes.
162. CD packs or ampoules that will soon go out of date (i.e. within a month) should be
immediately reported to an appropriate manager from the Clinical Care team,
Medicines Management team or other relevant department, who should arrange for
their removal.
163. The procedures concerning transfer of out-of-date CDs from a vehicle (in a vehicle-
based issue system) or paramedic (in a personal issue system) should be specified in
the local SOP, and the process should be recorded to ensure an audit trail.
164. At the time of removal of out-of-date CDs from a vehicle or station safe, a stock check
should be conducted and the new balance recorded in the relevant CD Record Book.
165. Standards of physical security and control of out-of-date CDs should be the same as
the ones applying to in-date stock, as laid out in section 4. This includes the use of a
CD Record Book to record the stock balance and movement of out-of-date CDs. When
out-of-date CDs are removed for destruction, this should be recorded in the same way
that all CD stocks are signed out of a safe (e.g. for issue to a paramedic or vehicle).
166. To avoid excessive quantities of out-of-date stock being stored, destruction should be
undertaken with sufficient frequency, to be determined following a local risk
assessment.
Broken or damaged ampoules
167. If an ampoule of morphine or other CD becomes broken or damaged, this fact should
be recorded in the relevant CD Record Book by the paramedic or healthcare
professional in possession of the CD and, where possible, witnessed by another
member of staff. The stock should be checked immediately after the broken or
damaged ampoules have been disposed of (or as soon as the healthcare professional
returns to the station/hub, in the case of a personal issue system) and the balance
adjusted accordingly.

32
168. In the event that an ampoule is broken it should be reported to a line manager at a
minimum. The trust may wish to take further action based on assessment of local
risks, for example if there is a high frequency of breakages.
169. Any residual amount of the CD from the broken ampoule should be disposed of in the
same way as unused amounts following administration (see above).

33
9 Upkeep of personnel records
170. This section provides good practice guidance for the upkeep of personnel records of
those staff authorised to possess and access (for use, audit, and stock-taking
purposes) CDs.
▪ CDAO
The CDAO is responsible for ensuring that appropriate arrangements are in place
and operated at the trust for the upkeep of personnel records, in order to comply
with misuse of drugs legislation on who may access CDs.
Managers are responsible for following trust procedures around starters and leavers
information – in particular, ensuring the return of trust-issued items that allow
access to CDs, such as keys, smartcards, ID cards, uniforms etc. Managers are
also required to act promptly in response to untoward incidents where staff are
suspended or a security breach has occurred.
▪ HR
The HR department is responsible for vetting new members of staff and acting on
Criminal Records Bureau checks that may highlight previous behaviour in regard to
CDs. The HR department is also responsible for ensuring that all the relevant
policies and procedures are kept up to date, that relevant staff have been informed,
and that all staff records are up to date.
171. The trust ID card and uniform is of particular relevance if it is part of the process that
allows for CD ordering or collection, where the trust allows paramedics to obtain a
supply of CDs from any station within the trust, not just their normal place of work. It is
the responsibility of the individual staff member to ensure that their ID card is properly
used and secured.
HR records
172. The records of those staff members with legitimate access to CDs should be regularly
reviewed to reconcile them with information on starters and leavers. This should be
closely coordinated between managers and the HR department. Ideally, the CD key
holding authorisation lists should be updated every three months based on this
information.
Exit policy
173. The exit policy should also ensure that trust ID cards and uniforms are returned when
staff leave the trust or are suspended. NHS Protect produced guidance on security
measures to be included in an ambulance trust uniform policy (See NHS Security
Management Manual section SB19 Uniform Guidance – Ambulance Sector).
174. In the event of a staff member with key holding responsibility being investigated or
leaving the organisation abruptly due to suspension or other disciplinary action,
authorisation lists should be updated immediately and the keys obtained from the
individual involved. As part of the trust’s exit policy, line managers should ensure they
document the return of any CD keys, staff IDs, uniforms and swipe access cards/fobs

34
issued to staff. Arrangements should be made in the event of a staff member’s failure
to return keys at exit stage.
175. There should be a process in place to allow for the ‘quick time’ cancellation and
withdrawal of CD access at any time if a member of staff is suspended for an issue
related to CDs. This may include not only withdrawal of CD keys or smartcards, but
also changing numerical codes for station, CD room and safe access as well as
revising the authorised signatories list.

35
References
Legislation
Health Act 2006
Misuse of Drugs Act 1971
The Controlled Drugs (Supervision of Management and Use) Regulations 2013 (SI 2013 No.
373)
The Misuse of Drugs (Amendment No. 2) (England, Wales and Scotland) Regulations 2012
(SI 2012 No. 973)
The Misuse of Drugs (Safe Custody) Regulations 1973 (SI 1973 No. 798)
The Misuse of Drugs and Misuse of Drugs (Safe Custody) (Amendment) Regulations 2007
The Misuse of Drugs Regulations 2001 (SI 2001 No. 3998)
The Misuse of Drugs Regulations 2001: Group Authority for National Health Service (NHS)
Ambulance Paramedics and Employing NHS Ambulance Trusts, July 2008
NHS Codes of Practice
Confidentiality, NHS Code of Practice, Department of Health, November 2003
Records Management, NHS Code of Practice (Part 1), Department of Health, May 2006
Records Management, NHS Code of Practice (Part 2), Department of Health, January 2009
Guidance
CCTV code of practice: Revised edition, Information Commissioner’s Office, 2008
Guidance on the destruction of controlled drugs: New role for Accountable Officers –
Authorising people to witness the destruction of controlled drugs, Department of Health,
December 2007
Guidance to Local Security Management Specialists on Controlled Drugs, Accountable
Officers and Local Intelligence Networks, NHS Protect, July 2010
Guidance for Security Management Directors and Non-executive Directors, NHS Protect,
June 2010
Handbook for controlled drugs Accountable Officers in England, National Prescribing Centre,
March 2011
Lighting against crime: A guide for crime reduction professionals, ACPO Secured by Design,
January 2011
Medicines and Controlled Drugs, Security Management Manual Chapter SB11, NHS Protect
Security of NHS stationery and destruction of confidential waste, Security Management
Manual Chapter SB7, NHS Protect

36
Safer Management of Controlled Drugs: Guidance on Standard Operating Procedures for
Controlled Drugs, February 2007
Safer Management of Controlled Drugs: a guide to good practice in secondary care
(England), Department of Health, October 2007
Uniform Guidance – Ambulance Sector, Security Management Manual Chapter SB19, NHS
Protect
Standards
BSI British Standards (available from www.bsigroup.com)
Loss Prevention Standards, Loss Prevention Certification Board, Red Book 2012 (available
from www.redbooklive.com)
SOLD SECURE standard SS 319 – Specification for Security Cabinets for Vehicles,
November 2008
SOLD SECURE standard SS 304 – Specification for Domestic Safes, November 2008
SOLD SECURE standard SS 314 – Specification for Security Cabinets, January 2009
Reports
Safe Management and Use of Controlled Drugs in the Ambulance and Paramedic services
in England, National Prescribing Centre, February 2012
Safe and secure handling of medicines: a team approach. A revision of the Duthie Report
(1988) led by the Hospital Pharmacists’ Group of the Royal Pharmaceutical Society, Royal
Pharmaceutical Society of Great Britain, March 2005

37
Appendix A: List of contributors
The following individuals contributed to the development and content of the document:
Gillian Arr Jones Chief Pharmacist, Care Quality Commission
Richard Dancy Controlled Drug Liaison Officer, Metropolitan Police Service
Sarah Dennison Controlled Drugs National Manager, Care Quality Commission
Ed England Chair, Ambulance Pharmacists Network
Denis Moran D/Sgt, Merseyside Police
Des Niimoi Drug Legislation Team, Home Office
Mick Reynolds Development Officer, ACPO Crime Prevention Initiatives Limited
Authors
Nicole Casey Senior Policy Officer, NHS Protect
Lorraine Harris Policy Lead, NHS Protect
Matthew Overton Policy Lead, NHS Protect
NHS Protect would like to thank all the ambulance trusts for their participation in the
information gathering phase of this work. We would also like to extend our gratitude
to those trusts that provided further access to their staff and premises.

Security_standards_for_the_management_and_control_of_CDs_in_ambulance_v2_

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Security_standards_for_the_management_and_control_of_CDs_in_ambulance_v2_

Similar to Security_standards_for_the_management_and_control_of_CDs_in_ambulance_v2_ (20)

Security_standards_for_the_management_and_control_of_CDs_in_ambulance_v2_