AS 4485.1:2021 pdf free.Security for healthcare facilities Part 1: General requirements.
2.1 General
The aim of a healthcare facility’s security function is to ensure that a vigorous security policy and plan is implemented throughout the facility. Where appropriate, security policies and procedures should be developed to address the specific needs of individual areas within the facility.
2.2 Security framework
2.2.1 Development
Each healthcare facility shall develop a security framework, including policy, procedures and protocols, to effectively address security risks. Each facility shall establish governance strategies and systems that identify the responsibilities and accountabilities of all personnel concerned within the security framework.
The individual roles and responsibilities of those involved in the maintenance of safe conditions should be documented in position descript ions.
2.2.2 Management
Facilities shall designate appropriate personnel to be responsible for the day.today management of the security function. Ideally, such a person should have expertise and qualifications in, and understanding of, the application of security principles. This is particularly important for large healthcare facilities, such as major hospitals, where a coordinated approach to security throughout the facility is highly desirable.
2.2.3 Employees
Facilities shall assign specific responsibilities to personnel for the application of security arrangements within their areas of operation and/or authority in accordance with the facility’s security policy and procedures. This will include a specific duty of care for themselves, other workers and other persons, such as patients, for whom they are responsible.
2.3 Security instructions
Instructions on security policy, procedures and practices shall be provided to all relevant personnel upon commencement and when a change in policy and/or procedures occurs.
Security and safety related information for patients and visitors using the healthcare facilities should be provided as appropriate. This information may be distributed in a written form (e.g. brochures or signage) or communicated verbally by workers responsible for providing such instructions, e.g. fire, safety and/or security officer/s.
Documented security instructions shall be complemented by regular security education sessions (see Clause 11.1) for workers and others as appropriate.
3.1 General
To implement an effective security program, a facility shall make an assessment of the potential threats. vulnerabilities and risks it will need to manage, including the appropriateness and effectiveness of current controls.
The security risks to each healthcare facility will vary depending on its operations, location, perceived or known value of information and assets, and the image portrayed by the facility from a security perspective (e.g. it may he seen as an easy target because it has little or no security). It would be impossible for any organization to operate in a zero-risk environment.
The risk management process involving identification, analysis, assessment, control and continuous risk monitoring shall be undertaken in accordance with AS/NZS ISO 45001 and AS ISO 31000.
A healthcare facility shall be able to produce evidence that the findings of the security risk assessment have been implemented.
3.2 Asset identification
Before being able to manage its risks, a facility shall identify critical infrastructure, other important assets and information to be assessed.
NOTE Refer to AS 4485.2 for more information on asset identification.
3.3 Assessment of threats
The next step is to assess the risks that may be directed against persons, information or property which belong to, or which are located at, a facility/workplace, resulting in a negative impact. The assessment of these threats can only be usefully coordinated by a person in each facility who has a good understanding of the operations of the facility and who can obtain, analyse and assess potential threat information from a variety of sources.
NOTE Refer to AS 4485.2 for further information on threat assessment.
3.4 Frequency of risk assessments
Every healthcare facility shall take a systematic and coordinated approach, including an initial security risk assessment, to reduce potential security risk.
After an initial security risk assessment each healthcare facility shall conduct regular assessments in response to any significant change in the facility’s —
(a) internal and/or external risk context;
(b) role, responsibilities and functions;
(c) property and buildings; and
(d) volume or severity of security incidents.
NOTE Frequency and intervals between risk assessments may be subject to additional regulatory and/or jurisdictional requirements.
A healthcare facility shall be able to produce evidence that it has conducted a comprehensive security risk assessment within the past three years.AS 4485.1 pdf download.