Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 1 of 2

FREEDOM OF INFORMATION ACT 2000 THE ROYAL CORNWALL HOSPITALS NHS TRUST RESPONSE TO INFORMATION REQUEST Date Request Received: 22nd May 2019 FOI Ref: 6523 Requested Information

I am writing to you under the Freedom of Information Act 2000 to request the following information from the manager responsible for Security Management within your NHS Trust:

Job titles and responsibilities within the Organisation (for Benchmarking) SIA licencing status Professional reflection of NHS Protect ASMS/LSMS training What Security Management Standards are applied within your NHS Trust Whether your Trust utilise contracted or in-house staff Whether your Trust utilises Criminal Justice and Immigration Act legislation (sections

119 and 120) What qualifications and competencies your Security Management staff hold

(anonymised) Utilisation of the legacy NHS Protect Self Review Tool (SRT) Responsibilities held by the LSMS/Security Manager of your Trust Professional opinion of the required learning content of a Healthcare Security

Management qualification. Please provide the information in the form of completing the relevant surveys.

Not all surveys are required to be completed. Survey 2 is requested to be completed as part of this FOI, however only one of the options is required to be completed by any one individual (dependant on who the Trust employs):

1)

a) Accredited ASMS/LSMS b) Non-Accredited Healthcare Security Managers c) Nominated Security Management Directors (SMD)s

2) Learning Content

The request is that the following are completed: Accredited ASMS/LSMS(s): 1a and 2 Non-accredited Healthcare Security Managers: 1b and 2 Nominated SMD: 1c and 2.

Response

Please refer to Appendix 1A, 1C and Appendix 2 for Information relating to the Royal Cornwall Hospitals Trust Healthcare Security Management.

Attachment(s) Appendix 1A - Accredited ASMS/LSMS

Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 2 of 2

Appendix 1C - Nominated Security Management Directors (SMD)s Appendix 2 - Learning Content Date Response Sent: June 2019

Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 1 of 3

FREEDOM OF INFORMATION ACT 2000 THE ROYAL CORNWALL HOSPITALS NHS TRUST RESPONSE TO INFORMATION REQUEST Date Request Received: 22nd May 2019 FOI Ref: 6523 Requested Information

Appendix 1A – Accredited ASMS/LSMS

1) Do you hold an Accredited Local Security Management Specialist (ASMS/LSMS)

qualification? Yes No

2) Do you hold an SIA Licence?

Yes: Frontline Yes: Non- frontline No: Expired (used to be licenced) No: I've never been licenced

3) Do you believe that the NHS Protect LSMS/ASMS training was comprehensive enough to

produce competent Healthcare Security Managers?

Yes - it was comprehensive enough to meet the required needs Yes - it was an effective foundation course Neutral - covered some useful aspects, but could have been better No - it did not give me all of the competencies I required No - it was wholly inadequate

4) What standards do you as a healthcare security manager work/refer to?

Legacy NHS Protect standards PD CEN/TS 16850:2015. Guidance for managing security in healthcare facilities. ISO/BS Other

5) Do you, or any of your staff operate under the 'in-house' exemption of SIA licencing?

Yes No

6) Does your organisation utilise the CJIA (sections 119 and 120) legislation to remove

nuisance persons from site? Yes No

7) In your organisations security department, how many staff are in-house, and how many are contracted in?

In-house (directly employed by Trust/organisation) (Number)

Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 2 of 3

Contracted (not employed by the Trust/organisation) (number)

8) Do you, as an LSMS/Security Manager, hold duties in addition to security

management? (e.g FM/EPRR/H&S etc.) Yes No

If yes, please specify

9) What relevant Security Qualifications do you hold, or are you studying for? (these may be

as a practitioner (CCTV qualification) or as a manager (e.g. Foundation Degree in Security Management), please include relevant periphary qualifications such as NEBOSH, Business Continuity, MSc Healthcare Leadership & Management etc.)

10) Do you believe that the NHS Protect Self Review Tool (SRT) was adequate as a tool to complete a self-assessed continuous improvement framework and benchmark?

Yes, it was useful and should still be used Yes it was useful, but is not longer required, it should not be revisited Yes, it was useful, but could do with modernising. No, it was not productive or informative. No, it had its day and is irrelevant now N/A: I am not aware of this tool or its appropriateness.

Response

1) Please be advised the Royal Cornwall Hospitals Trust holds an accredited Local Security Management Specialist

2) Please be advised the Accredited Local Security Management Specialist at the Royal Cornwall Hospitals Trust has never held a SIA Licence

3) Please be advised the Freedom of information act 2000 covers recorded information that is held by a public authority. The Royal Cornwall Hospitals Trust will not disclose Staff members opinions under the Freedom of Information Act

4) Please be advised the Royal Cornwall Hospitals Trust Healthcare Security Manager works and refers to Legacy NHS Protect Standards

5) Please be advised Healthcare Security staff at the Royal Cornwall Hospitals Trust operate under the in house exemption of SIA Licencing

6) Please be advised the Royal Cornwall Hospitals Trust does not utilise the CJIA Sections 119 and 120 legislation to remove nuisance persons from the Trust Sites

7) Please be advised within the Security Department at the Royal Cornwall Hospitals Trust 11 members of staff are contracted by the Trust and 1 member is directly employed by the Trust

Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 3 of 3

8) Please be advised the Security Manager at the Royal Cornwall Hospitals Trust

does not hold any additional duties to security management

9) Please be advised I can confirm that in response to Question 9), what relevant security qualifications do you hold or are you studying for? we have decided to withhold that information under Section 40 (2) ‘Personal Information’ of the Freedom of Information Act 2000 (FOIA

10) Please be advised the Freedom of information act 2000 covers recorded information that is held by a public authority. The Royal Cornwall Hospitals Trust will not disclose Staff members opinions under the Freedom of Information Act

Attachment(s) None Date Response Sent: June 2019

40. (1) Any information to which a request for information relates is exempt information if it constitutes personal data of which the applicant is the data subject.

(2) Any information to which a request for information relates is also exempt information if— (a) It constitutes personal data which do not fall within subsection (1), and (b) Either the first or the second condition below is satisfied.

(3) The first condition is— (a) In a case where the information falls within any of paragraphs (a) to (d) of the definition of “data” in section 1(1) of the Data Protection Act 1998, that the disclosure of the information to a member of the public otherwise than under this Act would contravene— (i) Any of the data protection principles, or (ii) Section 10 of that Act (right to prevent processing likely to cause damage or distress).

Jemma Dunstan, Information Governance Team

V1

Review Date: 2029 Page 1 of 3

FREEDOM OF INFORMATION ACT 2000

THE ROYAL CORNWALL HOSPITALS NHS TRUST RESPONSE TO INFORMATION REQUEST

Date Request Received: 22nd

May 2019 FOI Ref: 6523

Requested Information

Appendix 1C - Nominated Security Management Directors (SMD)s

1) What standards does your organisation work/refer to?

Legacy NHS Protect standards PD CEN/TS 16850:2015. Guidance for managing security in healthcare facilities. ISO/BS Other

2) Does your organisation utilise the CJIA (sections 119 and 120) legislation to remove nuisance persons from site?

Yes No

3) In your organisations security department, how many staff are in-house, and how many are contracted in?

In-house (directly employed by Trust/organisation) (Number) Contracted (not employed by the Trust/organisation) (number)

4) Do you as the SMD, employ an accredited LSMS?

Yes No

If no, please expand

5) Do you believe that the NHS Protect Self Review Tool (SRT) was adequate as a tool to

complete a self-assessed continuous improvement framework and benchmark?

Yes, it was useful and should still be used Yes it was useful, but is not longer required, it should not be revisited Yes, it was useful, but could do with modernising. No, it was not productive or informative. No, it had its day and is irrelevant now N/A: I am not aware of this tool or its appropriateness.

6) Do you hold an Accredited Local Security Management Specialist (ASMS/LSMS) qualification?

Yes No

Jemma Dunstan, Information Governance Team

V1

Review Date: 2029 Page 2 of 3

7) What relevant Security Management training or experience do you have?

8) Which of the following responsibilities do you delegate to your operational Healthcare Security Manager/LSMS?

Line management of security staff Physical security of facilities/premises Maintenance of security assets Management of Lone Working Security Risk Management EPRR for the organisation Counter Fraud for the organisation Other Organisational Resilience related responsibilities (EPRR, Risk

Management, etc.) Other non-pure security responsibilities (such as FM, Car Parking, H&S, Fire

Safety etc.) Other (please specify)

9) What essential qualities would you list if you were recruiting a new Healthcare Security manager/LSMS?

10) Finally do you have any other relevant comments which the researcher may find useful to

their research, particularly regarding the competence of a Healthcare Security manager?

Response

1) Please be advised the Royal Cornwall Hospitals Trust works and refers to Legacy NHS Protect Standards

2) Please be advised the Royal Cornwall Hospitals Trust does not utilise the CJIA Sections

119 and 120 legislation to remove nuisance persons from the Trust Sites

3) Please be advised within the Security Department at the Royal Cornwall Hospitals Trust 11 members of staff are contracted by the Trust and 1 member is directly employed by the Trust

4) Please be advised the Royal Cornwall Hospitals Trust employs an accredited Local Security Management Specialist

5) Please be advised the Freedom of information act 2000 covers recorded information that is held by a public authority. The Royal Cornwall Hospitals Trust will not disclose Staff members opinions under the Freedom of Information Act

6) Please be advised the Security Management Director at the Royal Cornwall Hospitals Trust does not hold a security Management Specialist Qualification

7) Please be advised I can confirm that in response to Question ), what relevant security Management training or experience do you hold? we have decided to withhold that information under Section 40 (2) ‘Personal Information’ of the Freedom of Information Act 2000 (FOIA)

8) Please see the list of responsibilities delegated to the Royal Cornwall Hospitals

Jemma Dunstan, Information Governance Team

V1

Review Date: 2029 Page 3 of 3

Trust Operational Healthcare Security Manager

Physical security of facilities/premises

Maintenance of security assets

Management of Lone Working

Security Risk Management

9) Please be advised if the Royal Cornwall Hospitals Trust were recruiting for a Healthcare Security Specialist Manager, the essential qualities required would include experience and qualifications

10) Please be advised the Freedom of information act 2000 covers recorded information that is

held by a public authority. The Royal Cornwall Hospitals Trust will not disclose opinions under the Freedom of Information Act

Attachment(s)

None

Date Response Sent:

June 2019

40. (1) Any information to which a request for information relates is exempt information if it

constitutes personal data of which the applicant is the data subject.

(2) Any information to which a request for information relates is also exempt information if—

(a) It constitutes personal data which do not fall within subsection (1), and

(b) Either the first or the second condition below is satisfied.

(3) The first condition is—

(a) In a case where the information falls within any of paragraphs (a) to (d) of the

definition of “data” in section 1(1) of the Data Protection Act 1998, that the

disclosure of the information to a member of the public otherwise than under

this Act would contravene—

(i) Any of the data protection principles, or

(ii) Section 10 of that Act (right to prevent processing likely to cause damage or

distress).

Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 1 of 2

FREEDOM OF INFORMATION ACT 2000 THE ROYAL CORNWALL HOSPITALS NHS TRUST RESPONSE TO INFORMATION REQUEST Date Request Received: 22nd May 2019 FOI Ref: 6523 Requested Information

For a number of years NHS Protect and the NHS SMS delivered LSMS training. This was subsequently adopted by the Security Management Professional Accreditation Board. Using the Model of KATE to assess competence (Knowledge, Aptitude, Training and Experience), and so it is suggested that learning is an essential foundation to an individual to assume responsibilities of security management within an NHS Trust in England. This survey looks at the broad areas, or Learning Outcomes (LOs), required to allow Healthcare Security Managers to start with a base knowledge to allow a firm foundation prior to adopting the role of Security Manager within the NHS in England in the broadest term and assuming the individual may come from outside of the health industry, or from a non-security background. This survey captures no personal data and as such does not breach any Data Protection legislation (DPA 2018/GDPR). This survey has been assessed and deemed appropriate in terms of ethical impact. Please score the following questions based on the following system: 3 = Essential 2 = Desirable 1 = Not required 0 = Irreverent

1) Law and Legislation

2) Threat assessment and Risk Management

3) Corporate Security Management

4) Healthcare Leadership and Management

5) Information Security (Cyber) Management

6) Security Governance and Compliance

7) Emergency Planning, Resilience and Response (EPRR)

8) Business Management (SFIs, Business Plans etc.)

9) What other areas do you believe are essential to see on a training course, or program, to give the foundations to a new practitioner entering Healthcare Security Management, whether that be from within the healthcare environment, from outside of healthcare, from a peripheral sector (FM, Risk, H&S etc.), or coming from the frontline ranks of security?

Jemma Dunstan, Information Governance Team V1 Review Date: 2029

Page 2 of 2

10) Finally, to quantify your response, what relevant security qualifications do you hold (if any),

or are you studying for? (these may be as a practitioner (CCTV qualification) or as a manager (e.g. Foundation Degree in Security Management), please include relevant periphery qualifications such as NEBOSH, Business Continuity, MSc Healthcare Leadership & Management etc.)

Response

Please be advised the Freedom of information Act 2000 covers recorded information that is held by a public authority. The Royal Cornwall Hospitals Trust will not disclose opinions under the Freedom of Information Act 2000

Attachment(s) None Date Response Sent: June 2019