The Patient and Client Council

Security Policy

April 2012

1.Purpose

This policy seeks to ensure that Patient and Client Council (PCC) equipment, data and staff are adequately protected against any action that could adversely affect the PCC. These events will include accidents as well as behaviour deliberately designed to cause difficulties. Adherence to this policy and related policies and procedures will ensure that that risk of such occurrences is minimised.

This policy is designed to emphasise the importance that the PCC places upon the security of its staff and its property, including confidential information and electronic systems, including any computer and any accessory or peripheral device connected to or networked with any such computer.

The PCC wishes at all times to make sure its staff are safe in their working. This includes working outside PCC offices.

The PCC property, including premises, should be used for the business interests of the PCCand must not be used in any way contrary to those interests. The PCC will take active steps to protect its property, including taking disciplinary and/or legal action if required.

This policy is also designed to protect the PCC’s electronic security systems and therefore to ensure the security of its computer equipment and software and physical property. It covers all aspects of the PCC’s electronic equipment including but not limited to entry codes, electronic codes in security fobs, electronic keys and alarm systems as well as the PCC’s computer equipment and networks.

The PCC will afford access to its confidential information to enable employees to carry out their duties, but such confidential information is valuable and loss or misuse of it could cause substantial damage to the reputation of the PCC.

The PCC reserves the right to change the terms of this policy from time to time and to introduce a replacement procedure if required.

2.Definition and scope

This policy applies to all employees, agency workers, independent contractors or any other worker afforded access to the PCC’s property, referred to in this policy as “employees”.

This policy should be read in conjunction with the PCC’s disciplinary, data protection, equalityof opportunity, clear desk and ICT security policies.

3.Principles

Ultimate responsibility for thesecurity policy lies with the Accountable Officer of the PCC, the Chief Executive.

Each employee of the PCC has a general duty to take reasonable care for the safety of themselves and others who may be affected by their acts or

omissions at work.

All PCC employees (including contractors) have a collective responsibility to ensure that PCC assets (information, personnel and physical) are protected in a proportionate manner against illegal or malicious activity.

  1. Staff security

The PCC has a duty of care to all staff to provide reasonable protection from known or perceived dangers inherent in the nature of their work. Staff security risks, along with all other health and safety risks, are managed through a risk assessment process. All staff receive HASAW and risk management training as part of their induction.

If a member of staff feels that he or she is being asked to work in situations where the degree of risk is unreasonable, the issue should be raised with their line manager or the Head of Development and Corporate Services. The duty to avoid unnecessary risk is the responsibility of both employee and employer.

Lone working

Lone working may be defined as lone working may be defined as any situation or location in which someone works without a colleague nearby; or when someone is working out of sight or earshot of another colleague.

Those who work by themselves and/or work in the community and/or with only

limited support arrangements, which therefore exposes them to risk by being

isolated from the usual back up supportare responsible for their own health and safety and that of others who may be affected by their actions.

Lone workers should seek advice from their line manager to avoid putting themselves or their colleagues at risk and should conduct proper planning

prior to a visit and utilise continual risk assessment during a visit. Staff should never put themselves or their colleagues at risk and if they feel at risk they should withdraw immediately and seek further advice or assistance

Homeworking

The PCC recognises that there may, on occasion, be circumstances when it would be more beneficial or flexible for staff to work at home during normal office hours.

Prior permission is required before an employee can work at home. Staff are required to take strict care of any PCC resources including lap tops, encrypted sticks, cameras, audio recordings etc. as well as any paper files/documents containing sensitive personal data, to keep them secure and to use them in accordance with PCC policies and procedures including, ITpolicy - security operating procedures, email and internet etc.

It is the PCC’s responsibility to enquire whether the home-worker is able toretain security and confidentiality of information within the home. The homeworkermust take no action which might prejudice the security of such

information.

1