DGD15-010

Security Standard Operating Procedure (SOP)

Purpose

ACT Health is committed to minimising security risks in the public health care system, through the
provision of a safe and secure environment for staff, patients, visitors and contractors.

This SOP cascades down from the overarching ACT Health Security Policy in conjunction with the ACT
Government Protective Security Policy & Guidelines and provides direction and structure in the
management of security measures for all managers, staff and contractors in the implementation local
security arrangements to minimise risks to person, property and equipment.

This SOP outlines the actions and responsibilities of ACT Health staff, contractors, students and
volunteers in the case of security incidents. This SOP also outlines a range of security related
incidents or business practices that need to be managed from a security perspective and these SOP
will assist staff and contractors to either manage these issues or provide advice to staff and
contractors on their response or actions to these situations when they occur.

The SOP outlined will assist all staff and contractors of ACT Health to manage:
 The personal safety of staff, patients, visitors and contractors.
 Protection of property and other assets against fraud, theft and damage.
 The provision of a safe environment minimising the risk of an interruption to service delivery
as a result of a Security incident.

Note: With the implementation of the ACT Government Protective Security Policy Framework (PSPF)
during the period 2014 to 2016 these current SOPs will be replaced with new procedures compliant
with the requirements of the PSPF as they are developed.

Scope

This Security SOP applies to all employees of ACT Health and requires an integrated management
approach between ACT Health Security Services and each business unit to develop local site-specific
security SOPs where applicable. This SOP applies at any premises which are controlled in full or in
part and occupied by ACT Health whether the facility is owned, managed or leased by ACT Health.

ACT Health managers and staff are required to adhere to these SOPs. In specific instances some
SOPs may need to be tailored in regard to specific requirements; however, this should only be done
in consultation with the Senior Manager Protective Security.

These SOPs are complementary to, and should be read and implemented in conjunction with the
ACT Health Emergency Management Plans.

Procedure

Security Operating Procedures (SOPs)

ACT Health SOPs cover a range of the most identifiable and at risk security incidents and business

Doc Number Version Issued Review Date Area Responsible Page

DGD15/010 1.0 Feb 2015 Feb 2016 B&1 CSSE 1 of 11
Do not refer to a paper based copy of this policy document. The most current version can be found on the ACT Health Policy Register
DGD15-010

practices within ACT Health including:

1. Physical Assault (Code Black).
2. Armed hold-up (Code Black).
3. Security of Communication systems.
4. Duress /Alarm systems.
5. Key control.
6. Theft of property.
7. Pharmacy security
8. Security in ACT Health car-parks.
9. Patients in custody.
10. Emergency Department security.
11. Mail security.
12. Paediatric, neonatal and maternity security.

In the event of a security incident as defined in these SOPs or any other security incident, the
reporting of such incidents should be made in the first instance to ACT Health Security Services who
can provide the appropriate advice or initiate the appropriate response to the incident. In cases of an
extreme emergency the Police should be contacted on ‘000’. The contact details for Security Services
are:

Business hours Monday to Friday:

 ACT Health Senior Manager Protective Security: 624 44070
 ACT Health Security Operations Manager: 624 47793
 ACT Health Security Services Office: 624 42141

After hour’s contacts:

 Canberra Hospital Switchboard: 24/7 624 42222
 Canberra Hospital on-site Security (SNP): 0418 726 253

Note: For urgent or serious matters after-hours, ACT Health Client Services Security & Emergency
have rostered on-call managers. These can be contacted via the SNP Security Team Leader, the
switchboard operator or the Canberra Hospital After Hours Shift Manager.

1. PHYSICAL ASSAULT – (Code Black)

If a physical assault or attempted physical assault occurs, the following must occur:
• Seek assistance wherever possible.
• At Canberra Hospital (CH) - Activate a duress alarm, if available (Code Black) or Dial ‘8’ –
advise ‘Code Black and details of incident’. Dependent upon the location, this will initiate a
response from ACT Health Security or Wards men (or combination) and/or the AFP
dependent upon the severity of the incident.
• At non-acute sites, activate a duress alarm, if available (Code Black) or Dial ‘0-000’ if the
attendance of the police is required and provide details of the incident.
• Contact your immediate supervisor / manager and report the incident verbally and record
the details in the Riskman Incident Reporting System.
• Injured employee / supervisor / manager or any witness to the assault must call the
Australian Federal Police and report the matter.
• Witnesses and the injured party are encouraged to make a statement to the police
and if required to attend Court.

All acts of physical assault are to be reported to the relevant supervisor and the Manager, Security
Operations, using the reporting of security incidents FORM /RISKMAN.
Doc Number Version Issued Review Date Area Responsible Page
DGD15/010 1.0 Feb 2015 Feb 2016 B&1 CSSE 2 of 11
Do not refer to a paper based copy of this policy document. The most current version can be found on the ACT Health Policy Register
DGD15-010
In conjunction with this SOP and the referenced documents, the direct response and action to be
taken resulting from a physical assault on ACT Health staff, patients or visitors, is to be determined
by each service unit in a site-specific SOP. The site-specific SOP must point out the requirements of
witnesses and the injured party to make statements to the police and if required to attend Court.

2. ARMED HOLD-UP – (Code Black)

In the event of an armed hold up:

• It is important to remain calm.
• Cooperate with the offender.
• Activate any ‘armed hold up alarms’ if installed, and if safe to do so.
• Do not take any action to excite the offender.
• ONLY when it is safe to do so, raise the alarm, through the use of a duress alarm, if
available, Dial ‘8’ at the Canberra Hospital – advise “Code Black Armed Hold Up’ and call
the Australian Federal Police on (0)000.
• If you witness the armed hold up, and it is safe to do so, and call the Australian Federal
Police on (0)000 and provide as much information as possible.
• Witnesses and the victim/s of the armed hold up are required to make a statement to
the police and if required to attend Court.
• Notify the Security Office on 6244 2141 to report the incident.

3. SECURITY OF COMMUNICATION SYSTEMS

Shared Services- Information Computer Technology (SS-ICT) manages and administers access to
ACT Health’s communications systems, networks and applications. SS-ICT ensures all common
infrastructure equipment is housed in a physically secure environment to maintain the security and
integrity of the ACT Health communication infrastructure.

SS-ICT provides ACT Health with security protection in the form of firewall services to ensure
protection of the infrastructure:
 Access to the ACT Health communications cabinets is restricted to authorised SS-ICT personnel
only.
 Access to the Early Warning Intercommunication System (EWIS) is to be restricted, to
authorised emergency response personnel identified by ACT Health only, to ensure the integrity
and security of the system.

All emergency and communication cabinets are securely locked at all times, and access is restricted
to authorised persons from SS-ICT or ACT Health emergency responders only.

4. DURESS / ALARM SYSTEMS

ACT Health will ensure that monitored alarm systems are installed in all ACT Health buildings, and
duress alarms are installed in high-risk areas.

All duress and alarms systems will be installed by an approved security systems technician as
authorised by the Manager Security Operations.

The direct response to the activation of the duress / alarm is to be determined by each division,
branch, stream and unit in a site-specific SOP, which is to include, at a minimum, a twice yearly
testing regime. Some areas such as mental health facilities may have separate protocols such as
weekly and daily testing as part of their SOPs.

Doc Number Version Issued Review Date Area Responsible Page

DGD15/010 1.0 Feb 2015 Feb 2016 B&1 CSSE 3 of 11
Do not refer to a paper based copy of this policy document. The most current version can be found on the ACT Health Policy Register
Duress Alarms
Duress Alarms are devices used to assist in ensuring the safety of ACT Health
staff, patients and visitors.

There are two types of Duress Alarms used within ACT Health:
 Personal Duress Alarms - portable battery charged alarms and pendants,
which are carried around by an individual in the course of their work in a
particular work area.
 Fixed Duress Alarms - located in areas of the agency which may be
susceptible to incidents which place staff, patients and visitors at
danger.

Duress Alarm Monitoring

 Canberra Hospital - alarms are linked to the code paging system and will initiate a security
guard response from ACT Health Security Services.
 Other sites - alarms are linked to the building management alarm system/s and are
monitored by the contract security monitoring company.

Duress Alarm activation

• Canberra Hospital All code pagers to respond. Code pagers are held by
Security and Ward Services personnel.
• Other Sites Review your sites protocols to obtain more information. The
security monitoring company will contact the individual site to ascertain if the alarm
was deliberately or falsely activated. No response from the site will result in an AFP
response being initiated.
• For all duress alarm activations, a Riskman report must be completed - Link to Riskman

What do I do if I accidently activate an alarm?

• Canberra Hospital - Notify the switchboard immediately on 6244 2222.
• Health Centres - Contact your Health Centre Manager.
• Other sites - Review site protocols.

Alarm Testing
Community Health Sites
• For community based health sites the testing of duress alarms will be coordinated by ACT
Health Security Services on a bi-annual basis. The ACT Health Security Services office will
maintain reports of the tests.
Canberra Hospital
• Duress alarm testing at the Canberra Hospital will be conducted bi-annually through an
off-line testing regime carried out by an authorised vendor and reports will be provided
to the ACT Health Security Services office.

Alarm Reporting
• For all duress alarm activations, a security incident report must be completed. See the
Reporting of Security Incidents for further guidelines.

Contacts
 (02) 6244 2141 Security Office
 (02) 6244 7793 Security Operations Manager
 0418 726 253 TCH Contract Security Senior Guard
5. KEY CONTROL

To ensure a standardised key control system for all ACT Health facilities and ensure a system is in
place to minimise the risk of a security breach to high secure areas and buildings.

For small community facilities (not listed below), a key register must be maintained. The delegated
authority for the key register will be determined, in writing, by each division, branch, stream and
unit. An audit or spot check, of the key register and master keys is to occur at intervals not exceeding
three months, and is to be undertaken by the delegated authority. The Manager Security Operations
is to be provided with a report of the audit or spot check by the delegated authority.

To maintain key control, the following must be ensured:

• When a key is removed from the key register, it is in the possession of the authorised
employee.
• Keys are not to be marked or labelled in any manner to verify their origin.
• At all times, the keys are to be either with the responsible employee or locked in the key
register.
• Duplicate keys must be fully accounted for.
• Any loss of keys must be reported immediately to the Agency Security Officer (ASO) and
a RISKMAN report generated.
• All keys must be signed in and out of the key register logbook.
• The ASO must hold the record of each delegation authority.

Canberra Hospital & Large Community Health Centres

The following instructions relate to the Canberra Hospital (TCH), Belconnen, Phillip, Civic,
Tuggeranong and Gungahlin Community Health Centres.

All keys are managed by ACT Health Security Services. Keys are currently stored and distributed at
the Security Services Office CH Requests for keys by any ACT Health employee must be undertaken
through the key request form available on the intranet and authorised by the appropriate section
manager. This form once completed is then sent to the Security Services office to be authorised by
the ACT Health Security Operations Manager and to be processed. The issuance of all keys will be
documented and records maintained by Security Services.

Contractors Keys

The determination of key access for contractors and / or maintenance staff must be governed by the
ASO and the Facilities Management Maintenance Coordinator.

When issuing a key to a contractor, that contractor must sign the key register log book, including
their name, company name, the time of key issue and when the key is returned at the end of each
day, a signature is required.

In conjunction with this SOP, ACT Health service units must develop and implement a site-specific key
control SOP, which is to include a key authorisation protocol.

6. THEFT OF PROPERTY

To minimise the opportunity for ACT Health assets or the personal property of staff, patients, visitors
and contractors to be stolen.
ACT Health Assets

All ACT Health assets, over $5,000, are to be registered on the Oracle asset register. ACT Health’s
insurance policy covers any theft over the value of $10,000. Any loss or theft of an asset under that
amount is the liability of the cost centre where the asset was assigned. Any incident of theft of an
ACT Health asset must be reported on Riskman and to the Manager, Security Operations, and where
appropriate report the incident to the Australian Federal Police.

ACT Health Employees Personal Property

ACT Health employees must recognise that any personal property brought to the work place is the
responsibility of the owner.
All incidents of theft must be reported on Riskman and to the Manager, Security Operations, and
where appropriate report the incident to the Australian Federal Police.

Patients Personal Property

Patients, visitors and contractors must recognise that any personal property brought to ACT Health
facilities is the responsibility of the owner, and no responsibility will be accepted for any items left on
ACT Health premises.

To reduce the risk of a patient’s personal property being stolen, each applicable service unit must
develop and implement site-specific procedures to manage the responsibility of patient’s personal
property.

7. PHARMACEUTICAL SECURITY

Establish and maintain security procedures across ACT Health to ensure pharmacy and drug security
to minimise the risk of theft, diversion and inappropriate use of dangerous drugs, prescribed,
requisitioned or dispensed drugs. The aim of pharmacy security is to ensure the integrity and safety
of the pharmacy. This SOP applies to all applicable ACT Health service units where drugs are stored.

Drug Storage Security

All drugs located in ACT Health facilities are to be stored in lockable medication trolley / medication
room/medication cupboards as defined by the ACT Medicines, Poisons and Therapeutic Goods Act
2008. The drugs storage area must be secured at all times, when not in use. Drug storage areas are
usually secured by way of integration with the hospital/facility’s access control system (swipe cards),
combination keypad locks or a restricted medication lock.

In locations where a combination keypad lock is utilised, the combination to this lock MUST be
changed at least twice a year to maintain effective security. It is recommended that these
combinations are changed during the first week of January and July each year. These combinations
can be changed by making a request to ACT Health Security Operations who will facilitate the code
changes. In relation to keys for medication storage areas, the key to the drug storage area must not
leave the ward.

In accordance with the ACT Medicines, Poisons and Therapeutic Goods Act 2008, Drugs of
Dependence (DOD) must be stored in a locked vault or ward safe that is affixed to a solid wall. DOD’s
must not be removed from the safe or vault until they are to be administered.
Drugs will be distributed throughout the hospital by courier. DOD must be able to be tracked and
must be received by Registered professionals.

Pharmacy security

All ACT Health pharmacies must be manned by a registered pharmacist when open. All ACT Health
pharmacy doors, internal and external, are to be closed at all times and access is to be controlled by
proximity card. ACT Health pharmacies have reception areas with buzzers at the door. Entry to the
pharmacy will only be gained after stating your name and the nature of your business to the
receptionist. A registered pharmacist must activate the internal security system (Intruder alarm
system) at the end of business hours.

Canberra Hospital Pharmacy

In the event of a security alarm activation after hours, security staff must NOT enter the pharmacy.
Security staff must immediately notify the Hospital After-hours Manager who will in turn contact the
on-call Pharmacist. Security staff will then proceed to the pharmacy and conduct an external
perimeter check. Once the on-call pharmacist arrives, security staff can then accompany him/her into
the pharmacy and conduct a security check. Any identified security issues will be immediately
reported to the Security Operations Manager/ On-call CSSE Manager and the AFP, if applicable.

All suspicious dispensing of DOD or any discrepancy in drug counts must be reported to the
Pharmacy Director, The Chief Pharmacist and the Senior Manager Protective Security. Serious
incidents should be reported to the Australian Federal Police. All security incidents must be
reported, using the Reporting of Security Incident SOP or RISKMAN.

Note: The Director of ACT Health Pharmacies has authorised that in the case of an emergency i.e.:
fire, staff safety issue etc, Security staff may enter a pharmacy after-hours unescorted, for the
purpose of making safe.

8. CAR PARK SECURITY

To ensure a system of security in ACT Health car parks to manage the potential security incidents of
vehicle theft and physical assault to ACT Health employees, patients and visitors. This SOP relates
directly to ACT Health-owned car parks.

In several ACT Health community centres, secure car parks are provisioned with access control
systems administered by ACT Health Security Services to ensure that only authorised
personnel/vehicles gain access.

At Canberra Hospital, help points/duress alarms and appropriate lighting are installed in car parks
located on the hospital campus. The multi-story car park on the Canberra Hospital campus has good
external lighting, duress alarms and emergency intercom system installed. Any activation of the
duress system will be responded to by hospital security staff in accordance with protocols outlined in
this SOP (Duress alarms).

9. PATIENTS IN CUSTODY

This procedure outlines the protocols for ACT Health in regard to all inpatients and outpatients in
custody. This applies to all ACT Health service units.

When a patient in custody is escorted to an ACT Health facility, the ACT Health Security Operations
Manager is to be informed, preferably prior to the arrival of the patient, by the appropriate custodial
organisation. All Custodial patients will be treated with respect and confidentiality of their episode of
care maintained at all times.

Australian Federal Police (AFP) officers escorting patients in custody into an ACT Health facility must
be in full uniform, and are to retain possession of their firearm. The only exception to AFP officers
retaining possession of their firearm is in the AMHU. The Memorandum of Understanding between
Australian Federal Police and Mental Health ACT regulates this protocol.

ACT Corrections officers escorting a patient in custody into an ACT Health facility are to be in full
uniform, and will be carrying appointments as deemed necessary by ACT Corrections.

When presenting at the Emergency Department (ED) a segregated room has been identified in ED
whereby, wherever possible, clinical staff will direct the escorting officers to hold their custody
detainee in that room for clinical treatment.

If the custodial patient is to be admitted as an inpatient, a single room should be allocated by Bed
Services wherever possible. AFP Police, ACT Corrections or ACT Juvenile Justice, will maintain the
appropriate level of security escorts (minimum of two officers) determined by the risk assessment of
the custodial patient.

Bed Services will advise the ACT Health Security Operations Manager of the custodial inpatient.

10. EMERGENCY DEPARTMENT SECURITY

This procedure establishes security protocols for emergency departments that meet Australian
Standards. This SOP relates directly to the emergency departments (ED) in ACT Health facilities.

All ACT Health emergency departments (ED) must have the following security precautions:
• Restricted access to the treatment area of the ED
• Duress alarms
• A dedicated on-site security officer (ACT Health Security Services) between the hours of
21:00 hours to 06:00 hours seven days per week
• A response to an activation of a duress alarm
• Protocols for the number of people accompanying a patient

All security incidents must be reported using the Riskman reporting tool.

11. MAIL SECURITY

To ensure the security of ACT Health mail and a safe working environment for the mailroom staff.
This applies to all ACT Health service units.

ACT Records Centre and Australia Post x-ray and screen comprehensively all ACT Health mail
distributed through the Australia Post system, prior to distribution.

 Canberra Hospital mailroom staff must undertake mandatory training on mail handling
precautions.
 Mailroom staff must report all suspicious items by Dialling ‘8’ – advise ‘Code Purple
Suspicious Parcel/Letter’.
12. PAEDIATRIC, NEONATAL, AND MATERNITY SECURITY

To ensure the security of newborn, paediatric and maternity patients in ACT Health facilities and to
eliminate or minimise as far as possible the risk of abductions of a newborn or paediatric patient
from an ACT Health facility. This SOP relates directly to the paediatrics wards, neonatal nurseries as
well as the maternity wards in ACT Health facilities and indirectly to all ACT Health service units.

• Ensure ACT Health staff within the paediatrics and neonatal nurseries as well as the
maternity wards are wearing their clearly visible, colour-coded ACT Health photographic
identification badge.
• Access to the CHW&C nursery and wards must be secured according to local protocols and
monitored at all times.
• Duress alarms must be installed and tested in accordance with duress alarm test protocols.
• In the event of a security incident involving patients, parents or visitors a duress button
should be immediately activated for a security response.

All security incidents involving a newborn or paediatric patient must be reported immediately to the
relevant manager and the Manager, Security Operations, including entered onto Riskman and to the
AFP.

Evaluation

ACT Health Security services will maintain complete and comprehensive records of all security
incidents/breaches pertaining to all sites with a view to achieving the following outcome measures:

Outcome Measures Method

 Appropriate management and documentation of  Review security reports from security
all security incidents throughout ACT Health incident database.
facilities.  Review security breaches reported to
AFP.
 Review and analyse data/comments
from security database & RISKMAN
 Feedback from AFP on the
management of security related
incidents.

 Compliance with security SOPs and guidelines.  Review security reports from security
incident database.
 Review and analyse data/comments
from the Security database & RISKMAN.

 The ACT Health Agency Security Advisor will be responsible for the evaluation of relevant
data to ensure compliance with this SOP.

 The evaluation and reviews of security data and compliance will be reported to the
ACT Health Security committee.

 Compliance with all security SOPs will be documented in the annual security compliance
report to the ACT Health Director General as stipulated in the ACT GOV PSPF.
 Related Legislation, Policies and Standards

Legislation
• Crimes Act 1900
• Public Health Act 1997
• Medicines, Poisons and Therapeutic Goods Act 2008
• Drugs of Dependence Act 1989

Policies
 ACT Protective Security Policy and Guidelines.
 Acceptable Access and use of Information Technology (IT) Policy.
 Shared Services ICT Security Policy V2.3 2014.
Standards
• AS 4485.1-1997 – Security for Health Care Facilities – General Requirements.
• AS 4485.2-1997 – Security for Health Care Facilities – Security Guide.
• AS 4083-1997 – Planning for Emergencies – Health Care Facilities.
• Australian Standard HB328-2009 Mail Room Security.
• Australian Standard AS/NZS 4360, Risk Management.
• Australian Standard AS 3745, Emergency Control organisation s for buildings, structures and
workplaces.
• Australian Standard HB 167, Security risk management.
• SA0021-Security issues-suspect mail (chemical, biological, radiological contaminants).

MOUs
 Memorandum of Understanding between the Australian Federal Police and Mental Health
ACT.
 Service Level Agreement between ACT Health - The Canberra Hospital and Department of
Justice and Community Safety – ACT Corrections.

Definition of Terms

ASA ACT Health Agency Security Advisor. Designated senior security position to oversee
security operations and compliance with the PSPF. This position is the Senior Manager
Protective Security. PSPF ACT Government Protective Security policy Framework.
Security for the purpose of this policy, security is defined as minimising or managing
risks by implementing measures to protect staff, patients, visitors and contractors and prevent
the loss of or damage to person, property and equipment.
Security Committee Committee established with key personnel from ACT Health
business units who review and advise on key security issues that impact on ACT Health.
Additionally it is a mandatory requirement of the ACT Government PSPF.
Staff All employees of the ACT Health Directorate.
SS-ICT Shared Services – Information Computer Technology.
DOD Drugs of Dependence.

Attachments

This SOP should be read in conjunction with the ACT Health Security Policy.

Disclaimer: This document has been developed by ACT Health, CSSE, Business & Infrastructure specifically for
the use by ACT Health. Use of this document and any reliance on the information contained therein by any
third party is at his or her own risk and ACT Health assumes no responsibility whatsoever.

Doc Number Issued Review Date Area Responsible Page

Dec 2014 Dec 2015 B& I. CSSE 10 of 10