AS 4485.1 pdf download – Security for healthcare facilities Part 1: General requirements
The aim of a healthcare facility’s security function is to ensure that a vigorous security policy and planis implemented throughout the facility. Where appropriate, security policies and procedures should bedeveloped to address the specific needs of individual areas within the facility.
Each healthcare facility shall develop a security framework，including policy，procedures andprotocols, to effectively address security risks. Each facility shall establish governance strategies andsystems that identify the responsibilities and accountabilities of all personnel concerned within thesecurity framework.
The individual roles and responsibilities of those involved in the maintenance of safe conditions shouldbe documented in position descriptions.
Facilities shall designate appropriate personnel to be responsible for the day-to-day management of thesecurity function.Ideally, such a person should have expertise and qualifications in, and understandingof, the application of security principles. This is particularly important for large healthcare facilities,such as major hospitals,where a coordinated approach to security throughout the facility ishighly desirable.
Facilities shall assign specific responsibilities to personnel for the application of security arrangementswithin their areas of operation and/or authority in accordance with the facility’s security policy andprocedures. This will include a specific duty of care for themselves, other workers and other persons,such as patients, for whom they are responsible.
Instructions on security policy, procedures and practices shall be provided to all relevant personnelupon commencement and when a change in policy and/or procedures occurs.
Security and safety related information for patients and visitors using the healthcare facilities shouldbe provided as appropriate. This information may be distributed in a written form (e.g. brochures orsignage) or communicated verbally by workers responsible for providing such instructions, e.g. fire,safety and/or security officer/s.
Documented security instructions shall be complemented by regular security education sessions (seeClause 11.1) for workers and others as appropriate.
To implement an effective security program, a facility shall make an assessment of the potential threats,vulnerabilities and risks it will need to manage, including the appropriateness and effectiveness ofcurrent controls.
The security risks to each healthcare facility will vary depending on its operations, location, perceivedor known value of information and assets,and the image portrayed by the facility from a securityperspective (e.g. it may be seen as an easy target because it has little or no security). It would beimpossible for any organization to operate in a zero-risk environment.
The risk management process involving identification, analysis, assessment, control and continuousrisk monitoring shall be undertaken in accordance with AS/NzS ISo 45001 and AS IS0 31000.
A healthcare facility shall be able to produce evidence that the findings of the security risk assessmenthave been implemented.
Before being able to manage its risks, a facility shall identify critical infrastructure, other importantassets and information to be assessed.
NOTE Refer to AS 4485.2 for more information on asset identification.3.3Assessment of threats
The next step is to assess the risks that may be directed against persons, information or propertywhich belong to, or which are located at, a facility/workplace,resulting in a negative impact. Theassessment of these threats can only be usefully coordinated by a person in each facility who has a goodunderstanding of the operations of the facility and who can obtain, analyse and assess potential threatinformation from a variety of sources.
NOTE Refer to AS 4485.2 for further information on threat assessment.3.4Frequency of risk assessments
Every healthcare facility shall take a systematic and coordinated approach, including an initial securityrisk assessment, to reduce potential security risk.
After an initial security risk assessment each healthcare facility shall conduct regular assessments inresponse to any significant change in the facility’s —
internal and/or external risk context;
role, responsibilities and functions;
property and buildings; and
volume or severity of security incidents.
NOTE Frequency and intervals between risk assessments may be subject to additional regulatory and/orjurisdictional requirements.
A healthcare facility shall be able to produce evidence that it has conducted a comprehensive securityrisk assessment within the past three years.