PSI 50/2010 Unclassifiedissue Date 12/10/10

UNCLASSIFIEDPage 1

National Security Framework Ref: NSF 3.4
COVERT TESTING
This instruction applies to :- / Reference :-
Prisons / PSI 50/2010
Issue Date / Effective Date
Implementation Date / Expiry Date
12 October 2010 / 12 October 2010 / 12 October 2014
Issued on the authority of / NOMS Agency Board
For action by / All staff responsible for the development and publication of policy and instructions.
Governors/Directors of Contracted Prisons. In this document, the term Governor also applies to Directors of Contracted Prisons.
For information / All staff in prison establishments.
Contact / Emma Prince, Security Policy Unit

0300 047 6202
Associated documents / PSI 48/2010, Searching of the Person
PSI 49/2010, Cell, Area and Vehicle Searching
PSI 51/2010, Dealing with Evidence
Audit/monitoring :
Compliance with this instruction will be monitored by Audit and Corporate Assurance and through internal self-audit.
Introduces amendments to the following documents : -
none

PSI 50/2010 UNCLASSIFIEDIssue date 12/10/10

UNCLASSIFIEDPage 1

CONTENTS

Hold down “Ctrl” and click on section titles below to follow link.

Section / Title / Page / Applicable to
1 / Executive summary / 2 / All staff
2 / Operational Instructions:
Introduction
Management of Covert Tests
Procedures
Test Planning
Action Plans
Follow-Up
Action to Take on Identifying Weakness in Staff Performance
Covert Test Arrangements / 3
3
4
5
7
7
7
7 / All staff
Annex A – Covert Test Report
Annex B – Covert Testing Assessment Guide
Annex C – Covert Test Items / 9
13
14 / All staff

Executive summary

Background

1.1This instruction is one of a number of Prison Service Instructions (PSIs) which forms part of the searching function of the National Security Framework. All searching instructions can be accessed via the National Security Framework website.

Desired Outcomes

1.2That there are lawful and effective procedures in place for covert testing.

Application

1.3This PSI is applicable to all prison establishments.

Mandatory Action

1.4All instructions included in the National Security Framework (NSF) are mandatory.

1.5As part of the NOMS Change Programme, Service Specifications are being developed which set out what services should be commissioned and delivered by providers under contracts of service level agreements. The Cell and Area Searching Specification mandated that High Security Estate prisons must have in place a risk-assessed programme of covert testing of cell and area searches. Prisons outside of the High Security Estate are not required to do so. However, they may agree with their DOM that a risk-assessed programme of covert testing should be in place as an additional means of security assurance. Where covert tests are implemented, they must be conducted in accordance with the procedures and guidance in this instruction.

1.6Governors and Directors of contracted prisons who undertake covert tests must ensure they have local policies in place which are in accordance with the instructions set out in this PSI.

Resource Impact

1.7There will be some resource implications for establishments in updating local security strategies to ensure that they are in line with the requirements set out in this PSI.

2.OPERATIONAL INSTRUCTIONS

Introduction

2.1Covert testing is the planned, managed, realistic but unannounced test of security processes, procedures and equipment.

2.2The main purpose of the covert testing policy is to:

test delivery of processes and procedures designed to maintain security and prevent escape;

test technical aids designed to maintain security and prevent escape;

prevent the entry of unauthorised items;

identify vulnerable areas / inadequate equipment;

identify management and system inadequacies that need reinforcing;

reward and recognise good practice;

respond and test identified intelligence and/or risk assessment concerns;

identify training needs;

identify failings and ensure they are addressed appropriately;

offer assurance on our ability to deliver core security responsibilities.

2.3Covert Testing is a tool to give assurance to Governors that staff are vigilant and that security procedures are conducted in accordance with national procedures. Used appropriately, covert testing is a dynamic and realistic test of security arrangements.

2.4Covert Testing should be used to underpin and support local monthly security objectives.

Management of Covert Tests

2.5Management is a crucial element to any covert testing programme. The aim is to improve security procedures, operator skills, awareness, and confidence and to ensure continuous learning.

2.6The following elements are essential in the management of covert tests:

Planning including risk assessment

Confidentiality

Selection of participants

Type of test

Clear instructions to staff involved in covert testing

Appropriate management oversight

Meaningful debrief

Follow-up action plan

2.7If covert testing is to be adopted thenan appropriate person must be nominated at each establishment to manage the Covert Testing Programme. The Covert Testing Manager should be a designated operational manager. A senior operational manager must have overall operational responsibility for the delivery of the Covert Testing Programme.Covert Testing management responsibilities must be recorded in job descriptions and included in SPDRs.

Procedures

2.8The Covert Testing Manager is responsible for planning and delivering the annual covert testing programme.

2.9A number of types of covert tests may be developed, examples of which are listed at paragraphs 2.10 and 2.11. Types and levels of risk and areas of priority will vary across the prison estate. Establishments should chose areas to test on completion of an assessment of local needs.

2.10The following tests (sometimes called high risk tests), which may have a direct and significant link to escape and/or abscond, may be conducted:

Staff exit procedures

Visitor exit procedures

Vehicle exit procedures

Roof-top compromise

Perimeter compromise (inner fence)

Perimeter compromise (outer wall)

Escort and court procedures

Hospital escort

Bedwatch procedures

Vehicle escort

Prisoner discharge

2.11The following tests (sometimes called medium risk tests) may be conducted which test core security procedures and processes that act as defences against escape but, when considered alone, are not likely to result in a real threat of escape:

Staff entry

Visitor entry
Vehicle entry

Roll check compromise

Court escort procedures (High Security Estate)

Contractors entry/escort

Prisoner reception

Cell and area searching

Accounting for tools

2.12In addition, covert tests of management checks may also be conducted in order to test the effectiveness of established management checks, give assurance to security procedures and operational arrangements and to help guide the development of management responsibilities if shortfalls are identified. Examples of management check tests which may be conducted include those undertaken in the following areas:

Non-residential fabric checks
Residential accommodation fabric checks (AFCs)
X-ray RID store (High Security Estate)
X-ray gate
X-ray reception

Test Planning

2.13Each covert test must be correctly planned and managed. The Covert Test Report (Annex A) must be completed. It is designed to help standardise practice and assist in the planning and assessment of covert tests

2.14All tests must be given a unique number, allocated locally, that identifies the number of the test and year the test was carried out (e.g. 01/2009, 02/2009, 03/2009).

2.15A planning meeting involving the Covert Test Manager and at least one other person must take place prior to the commencement of the test. Those involved must have a good level of understanding of the system or process being tested. Covert testing must be included in SPDRs for relevant staff.

2.16A Covert Testing Manager must be identified to be responsible for the planning, execution and assessment of each test. This manager must be responsible for identifying and recording:

specific objectives for each test;

concerns/areas of weakness (this should include operational impact on the prison, possible staff support and welfare issues in addition to the areas of security procedure and practice that are likely to be tested);

any direct link to potential escape that will be tested;

any possible links to existing prison security objectives;

the planned date for the test.

2.17On completion of the above, the test plan must be considered and authorised by the Governor i/c or Deputy Governor.

2.18Prior to the date of the test, the Covert Testing Manager must identify:

the staff to be involved in the tests;

the monitoring procedures that will be used to assess the success of the test;

letters of authority to protect those involved in test, allow covert access to items required for the test, and to adjust daily operational procedures to facilitate the test;

systems required (including briefings) that reinforce the need for confidentiality to all but those authorised to be involved in the tests;

required debrief arrangements (room, facilitator and other resources as required).

2.19On the date of every planned exercise, the Covert Testing Manager must seek authority for running the test from the Governor i/c of the prison. This must include showing him/her the signed authority for the test and explaining the operation plans for executing and reviewing these plans. If there are over-riding concerns about the operational viability of the test or more critical live operational issues (e.g. an ongoing incident), the Governor i/c has the authority to postpone the test to another date.

2.20Following the test, the Covert Testing Manager must ensure that an immediate debrief takes place. This will provide for an opportunity to:

describe performance against set objectives;

describe performance against predicted areas of concern/weakness;

identify learning from the exercise;

agree follow up action plans as required (see below for more guidance);

complete the Covert Test Report;

agree feedback to critical personnel.

2.21In addition to the above, the Covert Testing Manager must consider and action any staff support, briefing or immediate training need following the completion of the covert test.

Action Plans

2.22Action plans mustbe clearly recorded.

2.23Any imminent threat to security that could result in escape must be brought to the attention of the Governor within an hour of the debrief (or sooner if the results suggest this is required).The section for urgent actions on the Covert Test Report at Annex A must be completed.

2.24The Covert Testing Managermust ensure that action plans, the test assessment, feedback plans and agreed date for considering by the Security Committee are presented to the Head of Security to review and sign off (or forwarded to the Deputy Governor or Governor i/c in his/her absence).

Follow-Up

2.25Once the test is completed, the Head of Security must ensure that:

follow up action is carried out;

the Security Committee consider the findings and the Covert Testing Assessment Guide at Annex B is completed;

Covert Tests Reports are completed and passed to the Governor/Deputy Governor at the end of each month ;

The Covert Test Report is submitted to the directorate security manager (in the case of High Security prisons)..

2.26If required, copies of covert test reports should be provided in visit packs for Regional Managers to be discussed and considered during scheduled visits.

Action to Take on Identifying Weakness in Staff Performance

2.27The primary purpose of covert testing is to test and identify weaknesses in security procedures so that lessons can be learnt and improvements introduced. Whilst Governors reserve the right in all cases to bring disciplinary action for the shortfalls in performance of staff, in practice formal disciplinary action would not usually follow from deficiencies revealed during covert testing unless these deficiencies amounted to blatant dereliction of duty.

2.28In normal circumstances, identified weaknesses should be used as learning points for staff and managers and for managers to then follow up this with increased supervision and other checks. Repeated failings may lead to further action being taken including, in appropriate cases, disciplinary action.

Covert Test Arrangements

2.29The way in which tests are carried out and the materials/test equipment to be used is not centrally prescribed. However, all tests must be subject to normal risk-assessment processes to ensure that safety, security and control issues are properly considered.

2.30Governors must ensure that the following groups and personnel are aware of management procedures that will apply to covert testing in their establishment:

POA and Whitley

2.31In addition, a summary on the policy for covert testing should be published for all staff as a part of the Local Security Strategy procedures.

2.32Staff who are tasked to carry out tests must be clearly briefed and, if carrying unauthorised materials/test items, must be provided with letters of authority for being involved in these tests.Any test items or procedures that could result in external compromise/disclosure must also be agreed through protocols developed between the prison and the local police force.

2.33A list of materials that might be used in testing is provided at Annex C. This is not an exhaustive list and materials can be varied in accordance with local need.

2.34All test material that could be considered as a tool must be clearly recorded and securely stored in accordance with Local Security Strategy procedures.

2.35Materials or tools that could present a real threat to security, control or order must not be used in an area that prisoners could gain access to. In such areas, ‘token’ or ‘representative materials’ must be used. For example, if testing staff vigilance in carrying out cell fabric tests, a large red wooden disk could be placed against a cell wall as it is easily identifiable and could symbolise a hole in a wall that staff would be expected to find during an accommodation fabric check.

Contact:

For further information please contact:

Emma Prince, Security Policy Unit

0300 047 6202

(signed)

Trevor Williams

Director of Operations & Director of Offender Management

ANNEX A

COVERT TEST REPORT
Prison:
Test Reference Number:
Purpose of Test:
Planning meeting date:
Covert Testing Manager:
Specific Test Objectives:
Potential Concerns/Area of Weakness ( - see risk assessment on page two of this report for details):
Link to Escape Risks:
Link to Existing Security Objectives:
Date of Test:
Covert Testing – Safety Assessment
Health and Safety Considerations – to be assessed prior to authorisation
Dynamic risk factors – the covert test should be amended or reconsidered if rating of 3 – 5 is given to any dynamic factor
1 / Potential for injury (*) / 1 / 2 / 3 / 4 / 5
(Risk management options: consider risk to staff because of intervention by staff (e.g. escape attempt possibly resulting in restraints being applied, batons drawn and/or deployment of dog handler). In all such cases where physical or potential mental well-being could be affected then clear control factors should be put in place including appropriate supervision. * A full health and safety assessment with control factors must be presented to the manager authorising the tests to consider where potential mental or physical well being could be affected)
Comments:
2 / Location / 1 / 2 / 3 / 4 / 5
(Risk management: is location sensitive on security grounds, visible to the public/visitors, busy/crowded and consider compensatory measures – increase staff, consider venue options).
Comments:
3 / Time of day for test / 1 / 2 / 3 / 4 / 5
(Risk management: consider daylight, impact on the operation of the prison, available resources etc. Consider changing time.)
Comments:
4 / Equipment Malfunction / 1 / 2 / 3 / 4 / 5
(Risk management: consider risk of equipment failure, and potential for interfering with the required equipment usage for safety and security of the prison – is equipment essential to safety/security?)
Comments:
5 / Weather conditions / 1 / 2 / 3 / 4 / 5
(Risk management options: consider postponement or change of venue)
Comments:
……………………………………….. (Signature)……………………….. (Name)
………………………………………... (Date)

Test Results (Immediate Debrief)

Description of performance against set objectives:
Performance against anticipated concerns/areas of weakness:
New learning:
Overall Assessment: Successful Partially Successful Not Successful
Required Immediate Action(Imminent threat to security and/or escape – Use continuation sheet if necessary)
NB: ANY IMMEDIATE ACTIONS MUST BE DRAWN TO THE ATTENTION OF THE GOVERNOR I/C TO CONFIRM THEY ARE SATISFIED WITH ACTION REQUIRED, TIMESCALE FOR COMPLIANCE AND METHOD FOR REACHING COMPLIANCE
Immediate Action Required / Lead Manager and date of review / Method of Review to Confirm compliance
Other Action - Use continuation sheet if necessary
Action Required / Lead Manager and date of review / Method of Review to Confirm compliance
I CONFIRM ANY IMMEDIATE ACTIONS HAVE BEEN DRAWN TO THE ATTENTION OF THE GOVERNOR I/C TO CONFIRM THEY ARE SATISFIED WITH ACTION REQUIRED, TIMESCALE FOR COMPLIANCE AND METHOD FOR REACHING COMPLIANCE
………………………………………………. (Signature and name of Head of Security)
……………………………………………….. (Date)

FEEDBACK (Key points and how recorded)

To test participants:

To those tested by the exercise:

To line managers (specify who):

To Security Department:

Learning to be shared on the next Security Committee (Date: …………………………)
I CONFIRM THE ABOVE HAS BEEN ACTIONED
………………………………………………. (Signature and name of Head of Security)
………………………………………………. (Date)

ANNEX B

COVERT TESTING ASSESSMENT GUIDE

Measure of Success

This will be based on whether the exercise is successful/partially successful or not successful using the following definitions:

Successful

Test was completed; security procedures and arrangements fully met expectations and would have prevented the breach of security/escape attempt. Objectives were met and no evidence of the test being compromised to unauthorised third parties prior to the exercise-taking place.

Partially Successful

Evidence that security procedures although not fully compliant would:

Not have resulted in an escape or critical security breach;

Have given clear potential for contingency plans or follow up action to be activated in time to have prevented the security breach/attempted escape.

Not Successful

Core security standard, procedure and/or management arrangements failed and would have resulted in a clear security breach/escape. Objectives were not met and/or evidence that the test was compromised to unauthorised third parties prior to the exercise-taking place.