Login

NA59-Security and Access Control Policy

{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

Security and Access Control Policy

1. Purpose

The purpose of this policy is to provide clear, comprehensive, and effective guidance on security and access control arrangements applicable to all staff working for {{org_field_name}}. As a temporary staffing agency supplying registered nurses, healthcare assistants, and other healthcare workers to care homes and other social care environments, {{org_field_name}} has a legal and ethical responsibility to safeguard service users, staff, client property, confidential information, and organisational assets. This policy outlines how security will be maintained by both the agency and its staff while on duty in client premises and during agency operations. It is essential that all staff employed or supplied by {{org_field_name}} understand their responsibilities for maintaining security, controlling access to sensitive areas and information, and contributing to a culture of vigilance. This policy complies with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, the Data Protection Act 2018 and UK GDPR, the Care Quality Commission (CQC) Fundamental Standards, and relevant health and safety legislation.

2. Scope

This policy applies to: All registered nurses, healthcare assistants, and temporary workers supplied by {{org_field_name}}. All directors, consultants, and administrative staff involved in the management and operation of the agency. All agency activities and work environments, including agency offices, client premises (e.g., care homes, nursing homes), and digital systems holding confidential information. All physical assets, electronic records, confidential information, and property belonging to {{org_field_name}}, clients, or service users.

3. Related Policies

4. Policy Statement

{{org_field_name}} is committed to maintaining high standards of security and access control to: Protect the safety and wellbeing of service users, staff, and visitors. Protect confidential information in line with data protection legislation. Safeguard client and agency property. Prevent unauthorised access to confidential, restricted, or sensitive areas. Detect and respond to security breaches promptly and effectively. Ensure compliance with legal and regulatory obligations.

5. Responsibilities

Directors The directors of {{org_field_name}} are responsible for: Ensuring the development, implementation, and review of this policy. Leading by example and promoting a culture of security awareness. Ensuring that all staff receive security and access control training as part of induction and refresher programmes. Monitoring compliance and investigating any breaches of this policy. Liaising with clients to ensure that agency workers are familiar with client-specific security and access control procedures. Maintaining security of agency-held data, systems, and assets.

Temporary Workers and Agency Staff All agency staff are responsible for: Following all agency and client security procedures. Protecting service users, colleagues, and client assets through responsible conduct. Reporting security breaches or concerns promptly. Adhering to data protection and confidentiality obligations. Respecting placement-specific access control systems and procedures.

6. General Security Principles

All staff must: Wear their {{org_field_name}} identification badge and client-provided identification when on duty. Only access areas to which they have been authorised by the client or agency. Challenge unknown individuals entering secure or restricted areas, in line with client procedures. Report lost, stolen, or damaged ID badges, keys, access cards, or devices immediately. Refrain from sharing access codes, keys, or passwords with unauthorised individuals. Follow safe lone working procedures where applicable. Protect personal belongings and avoid bringing valuables into placements.

7. Access Control in Client Premises

All temporary workers must: Comply fully with the placement’s security and access control arrangements, including key handling, alarm systems, staff-only areas, and visitor procedures. Sign in and out of the premises as required. Report security concerns, damaged locks, broken equipment, or missing items to the placement manager. Only access confidential records, medication, or equipment when authorised and competent to do so. Safeguard access codes, keys, and swipe cards issued by clients and return them at the end of the shift or placement.

8. Confidential Information and Records Security

All staff are required to: Comply with the {{org_field_name}} Confidentiality and Data Protection Policy. Store confidential information securely, whether in paper or electronic format. Only access information necessary for their role and duties. Avoid discussing confidential information in public or communal areas. Ensure that devices holding confidential information (e.g., laptops, mobile phones) are password protected and stored securely. Report any suspected data breaches or unauthorised access to the director immediately.

9. Lone Working Security

Lone workers are at increased risk of security incidents. Staff must: Follow the {{org_field_name}} Lone Working Policy. Ensure that they have access to means of communication, such as a fully charged mobile phone, during lone working shifts. Be familiar with the client’s lone worker security procedures and alarm systems. Report any safety concerns or threatening behaviour promptly. Avoid working alone in unfamiliar or unsafe environments without prior risk assessment.

10. Security Incidents

Examples of security incidents include but are not limited to: Lost or stolen ID badges, keys, or access cards. Breaches of confidentiality or data protection. Unauthorised access to restricted areas. Theft, damage, or loss of client or agency property. Aggressive or threatening behaviour towards staff. All security incidents must be: Reported immediately to the placement manager and to {{org_field_name}}. Recorded using the placement’s and {{org_field_name}}’s incident reporting procedures. Investigated by the directors to identify learning and corrective action.

11. Training

All staff will receive training on: Security and access control principles. Client-specific security procedures as part of placement induction. Incident reporting and escalation procedures. Data protection and confidentiality obligations. Lone working and personal safety. Refresher training will be provided regularly and when significant changes to policy or procedures occur.

12. Staff Conduct and Professionalism

All staff must: Conduct themselves professionally and in a manner that upholds the security of the placement and the safety of service users. Avoid behaviours that may compromise security (e.g., propping open locked doors, sharing passwords). Challenge and report suspicious behaviour appropriately. Support the maintenance of a secure environment as part of their duty of care.

13. Cybersecurity

All staff must: Follow secure IT practices when handling electronic records, emails, or online systems. Never share login credentials or passwords. Report suspected cyber incidents, including phishing attempts or unauthorised system access, to {{org_field_name}} without delay. Use agency or client systems in accordance with relevant information governance and cybersecurity protocols.

14. Monitoring and Supervision

The directors of {{org_field_name}} will: Monitor compliance with security and access control procedures through audits, feedback, and incident reports. Address non-compliance promptly, including providing additional training or disciplinary action where required. Support staff in resolving security concerns. Regularly review the effectiveness of security arrangements and make improvements as needed.

15. Equality and Inclusion

{{org_field_name}} is committed to ensuring that security measures are applied fairly and without discrimination. Adjustments will be made where appropriate to meet the needs of staff or service users with disabilities, sensory impairments, or other needs, without compromising security.

16. Collaboration with Clients

{{org_field_name}} will work closely with clients to: Understand and comply with site-specific security protocols. Support agency staff in adhering to client procedures. Respond to client feedback or concerns about security incidents or breaches involving agency staff. Share learning from incidents where appropriate.

17. Continuous Improvement

The directors will: Review security incidents to identify trends and areas for improvement. Update this policy annually or sooner if required due to legislative changes or incident analysis. Seek feedback from staff and clients to strengthen security practices.

18. Policy Review

This policy will be reviewed annually or earlier if: Changes in legislation or guidance occur. Feedback from clients or staff suggests a need for revision. Incident trends indicate areas for improvement.

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *