Societal and citizen security - Guidance for the security of hazardous materials (CBRNE) in healthcare facilities

This Technical Specification provides guidance for managing security of (high risk) chemical, biological, radioactive, nuclear or Explosive materials, such as those covered by the EU CBRN action plan, that are used within healthcare facilities (HCF); it covers the lifecycle of such materials within a HCF’s span of control. In this Technical Specification these materials are referred to as ‘CBRNE materials’.
It covers the protection of (high risk) CBRNE materials used in healthcare facilities against security threats relating to their deliberate misuse. It covers the protection of people, assets and information related to CBRNE materials.
This Technical Specification also applies to circumstances where healthcare is provided at locations remote from the normal location of the HCF.
This Technical Specification also provides guidance to all stakeholders that are responsible for each step in a lifecycle of CBRNE materials within the HCF such as such as administrator staff, facility management staff, logistics and transport staff, medical staff, waste management staff, domestic staff and security staff as well as visitors and contractors working on the HCF premises.
This Technical Specification can be applied as part of generic management systems such as EN ISO 9001 [2], EN ISO 22301 [3], ISO 22320 [4] and possibly ISO 28001 [5].
It does not apply to occupational health and safety issues deriving from the proper and improper use of such materials.

Schutz und Sicherheit der Bürger - Leitfaden für die Sicherheit von Gefahrstoffen (CBRNE) entlang ihres Lebenszyklus in Gesundheitseinrichtungen

Diese Technische Spezifikation bietet einen Leitfaden zum Management der Sicherheit von (risikoreichen) chemischen, biologischen, radioaktiven, nuklearen Stoffen oder Explosivstoffen, wie die im CBRN Aktionsplan der EU behandelten, die in Gesundheitseinrichtungen (HCF) verwendet werden; sie behandelt den Lebenszyklus derartiger Stoffe über die Zeitspanne, in der sie sich unter Kontrolle der Gesundheits¬einrichtung befinden. Im Rahmen dieser Technischen Spezifikation werden diese Materialien als „CBRNE-Stoffe“ bezeichnet.
Sie behandelt den Schutz von in Gesundheitseinrichtungen verwendeten (Hochrisiko )CBRNE-Stoffen vor Sicherheitsbedrohungen, die im Zusammenhang mit ihrem vorsätzlichen Missbrauch stehen. Sie behandelt den Schutz von Personen, Vermögenswerten und Informationen bezüglich CBRNE Stoffen.
Diese Technische Spezifikation gilt ebenfalls für Umstände, in denen Gesundheitsfürsorge an vom üblichen Standort der Gesundheitseinrichtung entfernt liegenden Orten geleistet wird.
Diese Technische Spezifikation bietet allen Anspruchsgruppen einen Leitfaden, die für jeden Abschnitt in einem Lebenszyklus von CBRNE Stoffen innerhalb einer Gesundheitseinrichtung verantwortlich sind, wie Verwaltungspersonal, Facility Management-Personal, Logistik  und Transport-Personal, medizinisches Personal, Abfall-Management Personal, Hausangestellte und Sicherheitspersonal, sowie Besucher und Auftragnehmer, die in den Räumlichkeiten der Gesundheitseinrichtung arbeiten.
Diese Technische Spezifikation kann als Teil von allgemeinen Managementsystemen wie EN ISO 9001 [2], EN ISO 22301 [3], EN ISO 22320 [4] und möglicherweise EN ISO 28001 [5] angewendet werden.
Sie gilt nicht für Themen des Arbeits  und Gesundheitsschutzes, die vom sachgemäßen und unsachgemäßen Gebrauch derartiger Stoffe herrühren.

Sécurité sociétale - Document d'orientation pour les établissements de soins de santé relatif à la sécurité des substances NRBCE tout au long de leur cycle de vie

Družbena varnost in varnost državljanov - Napotki za upravljanje varnosti v zvezi z nevarnimi snovmi (CBRNE) v zdravstvenih ustanovah

Ta tehnična specifikacija podaja smernice za upravljanje varnosti v zvezi z (izjemno nevarnimi) kemičnimi, biološkimi, radioaktivnimi, jedrskimi ali eksplozivnimi materiali (npr. materiali, ki so opredeljeni v delovnem načrtu EU CBRN), ki se uporabljajo v zdravstvenih ustanovah (HCF). Zajema življenjski cikel teh materialov v okviru nadzora s strani zdravstvene ustanove. V tej tehnični specifikaciji so ti materiali poimenovani materiali CBRNE.
Specifikacija obravnava zaščito pred varnostnimi grožnjami, ki so povezane z namerno nepravilno uporabo (izjemno nevarnih) materialov CBRNE, ki se uporabljajo v zdravstvenih ustanovah. Zajema zaščito oseb, premoženja in podatkov, povezanih z materiali CBRNE.
To tehnično poročilo se uporablja tudi za primere, ko se zdravstvena nega nudi na lokacijah, ki so oddaljene od zdravstvene ustanove.
Ta tehnična specifikacija podaja tudi smernice vsem deležnikom, ki so odgovorni za vsak korak v življenjskem ciklu materialov CBRNE znotraj zdravstvene ustanove, kot so administrativno osebje, upravno osebje ustanove, osebje za logistiko in transport, osebje za upravljanje z odpadnimi snovmi, čistilno osebje in varnostno osebje ter obiskovalci in pogodbeni izvajalci, ki delajo na območju zdravstvene ustanove.
Ta tehnična specifikacija se lahko uporablja kot del splošnih sistemov za upravljanje, kot so opredeljeni v standardih EN ISO 9001 [2], EN ISO 22301 [3], ISO 22320 [4] in pogojno ISO 28001 [5].
Ne uporablja se za težave glede upravljanja zdravja in varnosti pri delu, ki izhajajo iz pravilne in nepravilne uporabe teh materialov.

General Information

Status
Published
Publication Date
22-Apr-2018
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
12-Apr-2018
Due Date
17-Jun-2018
Completion Date
23-Apr-2018

Buy Standard

Technical specification
SIST-TS CEN/TS 17159:2018
English language
37 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 17159:2018
01-junij-2018

Družbena varnost in varnost državljanov - Napotki za upravljanje varnosti v zvezi z

nevarnimi snovmi (CBRNE) v zdravstvenih ustanovah

Societal and citizen security - Guidance for the security of hazardous materials (CBRNE)

in healthcare facilities

Schutz und Sicherheit der Bürger - Leitfaden für die Sicherheit von Gefahrstoffen

(CBRNE) entlang ihres Lebenszyklus in Gesundheitseinrichtungen

Sécurité sociétale - Document d'orientation pour les établissements de soins de santé

relatif à la sécurité des substances NRBCE tout au long de leur cycle de vie
Ta slovenski standard je istoveten z: CEN/TS 17159:2018
ICS:
11.020.99 Drugi standardi v zvezi z Other standards related to
zdravstvom na splošno health care in general
13.300 Varstvo pred nevarnimi Protection against dangerous
izdelki goods
13.310 Varstvo pred kriminalom Protection against crime
SIST-TS CEN/TS 17159:2018 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN/TS 17159:2018
---------------------- Page: 2 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
April 2018
TECHNISCHE SPEZIFIKATION
ICS 13.300; 13.310; 11.020.99
English Version
Societal and citizen security - Guidance for the security of
hazardous materials (CBRNE) in healthcare facilities

Sécurité sociétale - Document d'orientation pour les Schutz und Sicherheit der Bürger - Leitfaden für die

établissements de soins de santé relatif à la sécurité Sicherheit von Gefahrstoffen (CBRNE) entlang ihres

des substances NRBCE tout au long de leur cycle de vie Lebenszyklus in Gesundheitseinrichtungen

This Technical Specification (CEN/TS) was approved by CEN on 10 December 2017 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to

submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS

available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in

parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 17159:2018 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
Contents Page

European foreword ....................................................................................................................................................... 4

Introduction ..................................................................................................................................................................... 5

1 Scope .................................................................................................................................................................. 6

2 Normative references .................................................................................................................................. 6

3 Terms and definitions ................................................................................................................................. 6

4 General guidance........................................................................................................................................... 9

4.1 Context of CBRNE risks in HCF and other facilities within HCF responsibility ....................... 9

4.1.1 General .............................................................................................................................................................. 9

4.1.2 High-risk chemical materials/agents ................................................................................................. 10

4.1.3 High-risk biological material ................................................................................................................. 10

4.1.4 High-risk radioactive sources and nuclear materials .................................................................. 10

4.1.5 Explosives ..................................................................................................................................................... 10

4.1.6 The relationship between security and safety ................................................................................ 11

4.2 CBRNE security management approach ............................................................................................ 11

4.3 CBRNE security threat and risk assessment ..................................................................................... 12

4.3.1 General ........................................................................................................................................................... 12

4.3.2 CBRNE security threat and security risk assessment ................................................................... 12

4.3.3 Graded Approach ....................................................................................................................................... 13

4.3.4 CBRNE security risk assessment........................................................................................................... 14

4.3.5 Business impact analysis ......................................................................................................................... 14

4.4 CBRNE security management policy ................................................................................................... 14

4.5 CBRNE security design ............................................................................................................................. 17

4.5.1 General ........................................................................................................................................................... 17

4.5.2 Design and construction .......................................................................................................................... 18

4.6 CBRNE security management plan ...................................................................................................... 19

4.7 CBRNE information security management ....................................................................................... 19

5 General procedures ................................................................................................................................... 20

5.1 Management, roles, and responsibilities .......................................................................................... 20

5.2 Competencies .............................................................................................................................................. 21

5.3 Training ......................................................................................................................................................... 21

5.4 Documentation ........................................................................................................................................... 22

6 Operational guidance ............................................................................................................................... 22

6.1 Inventory analysis and classification ................................................................................................. 22

---------------------- Page: 4 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)

6.2 Securing the supply chain ....................................................................................................................... 23

6.2.1 General ........................................................................................................................................................... 23

6.2.2 Transportation ............................................................................................................................................ 24

6.2.3 Suppliers ....................................................................................................................................................... 24

6.3 Securing controlled areas ....................................................................................................................... 24

6.3.1 Designation of security controlled areas .......................................................................................... 24

6.3.2 Access control .............................................................................................................................................. 25

6.4 People ............................................................................................................................................................. 25

6.4.1 General ........................................................................................................................................................... 25

6.4.2 Staff ................................................................................................................................................................. 26

6.4.3 Visitors ........................................................................................................................................................... 29

6.4.4 Patients .......................................................................................................................................................... 29

6.5 Communication and awareness ............................................................................................................ 30

6.6 CBRNE security incident response ....................................................................................................... 31

6.6.1 CBRNE security incident response plan ............................................................................................. 31

6.6.2 Notification of the authorities ............................................................................................................... 32

6.6.3 Incident reporting ..................................................................................................................................... 32

7 Evaluation of the CBRNE security management system .............................................................. 33

Annex A (informative) Guidance for the implementation and operation phase of

generic management systems in HCF .................................................................................................................. 34

Bibliography ................................................................................................................................................................. 36

---------------------- Page: 5 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
European foreword

This document (CEN/TS 17159:2018) has been prepared by Technical Committee CEN/TC 391

“Societal and citizen security”, the secretariat of which is held by NEN.

Attention is drawn to the possibility that some of the elements of this document may be the

subject of patent rights. CEN shall not be held responsible for identifying any or all such patent

rights.

According to the CEN/CENELEC Internal Regulations, the national standards organisations of

the following countries are bound to announce this Technical Specification: Austria, Belgium,

Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic

of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia,

Spain, Sweden, Switzerland, Turkey and the United Kingdom.
---------------------- Page: 6 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
Introduction

Protecting citizens, institutions, infrastructures and assets is one of the four key pillars of the

EU’s Counter-Terrorism Strategy. One of its aims is to detect and mitigate risks related to the

acquirement and misuse of hazardous chemical, biological, radioactive or nuclear (CBRN)

materials, such as those referred to in the EU CBRN action plan [1]. There are indications that

terrorists would be interested in using some of these CBRN materials for executing attacks.

Securing them and preventing unauthorized access to them is therefore key to preventing their

misuse. In the action plan, EU member states have planned to enhance the security of CBRN

materials.

One of the industries that uses these hazardous materials in their regular processes is the Health

Care Industry. Possible risk scenarios for this industry could include the theft of CBRN material

from hospitals to perform (complicated) malevolent attacks such as the contamination of major

water supply systems, but also the production (and detonation) of an improvised explosive

device (IED) containing chemical and/or radiological material in public areas that would cause

panic and fear across Europe. Securing these materials in healthcare facilities (HCF) is therefore

important.

This document provides guidance for the design and implementation of a security management

approach and system to deal with security threats involving hazardous CBRNE materials.

Security management of hazardous materials also has a strong relationship with occupational

health and safety (OH&S) management. This standard does not aim to provide guidance for

safety management (i.e. occupational health and safety issues deriving from the improper use of

CBRNE material) as these are already managed via different standards and guidelines. This

relationship is discussed in 4.1.6.

NOTE It is important to emphasize that across the European Union there are several regulatory and

legislative limitations for use of security techniques and technologies, so it is important to take these

limitations into account. Use of the guidelines can vary based on the health care system in each country of

the European Union.
---------------------- Page: 7 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
1 Scope

This Technical Specification provides guidance for managing security of (high risk) chemical,

biological, radioactive, nuclear or Explosive materials, such as those covered by the EU CBRN

action plan, that are used within healthcare facilities (HCF); it covers the lifecycle of such

materials within a HCF’s span of control. In this Technical Specification these materials are

referred to as ‘CBRNE materials’.

It covers the protection of (high risk) CBRNE materials used in healthcare facilities against

security threats relating to their deliberate misuse. It covers the protection of people, assets and

information related to CBRNE materials.

This Technical Specification also applies to circumstances where healthcare is provided at

locations remote from the normal location of the HCF.

This Technical Specification also provides guidance to all stakeholders that are responsible for

each step in a lifecycle of CBRNE materials within the HCF such as such as administrator staff,

facility management staff, logistics and transport staff, medical staff, waste management staff,

domestic staff and security staff as well as visitors and contractors working on the HCF

premises.

This Technical Specification can be applied as part of generic management systems such as

EN ISO 9001 [2], EN ISO 22301 [3], ISO 22320 [4] and possibly ISO 28001 [14].

It does not apply to occupational health and safety issues deriving from the proper and improper

use of such materials.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
CBRNE material

chemical, biological, radioactive, nuclear or explosive material that could harm society or

individuals through their deliberate release, dissemination, or misuse and for which high levels

of security are warranted
[SOURCE: EU CBRN Action Plan [1], adapted]
3.2
CBRNE security management

set of interrelated or interacting elements (system) for managing the security of CBRNE

materials in organisations in order to prevent their deliberate misuse
3.3
design basis threat
DBT

description of the attributes and characteristics of potential insider and/or external adversaries

who might attempt unauthorized removal of CBRNE materials or sabotage against which

a physical protection system is designed and evaluated
[SOURCE: IAEA Development and Use of the Design Basis Threat [15], amended]
---------------------- Page: 8 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
3.4
explosive

reactive compound that contains energy, which when released quickly from the compound, can

produce an explosion that is usually accompanied by the production of light, heat, sound, and

pressure
3.5
explosive precursor

chemical substance which can be made into an explosive with relative ease e.g. by mixing or

blending with other materials, or by simple chemical processing

[SOURCE: Guidance on the EU Marketing and Use of Explosives Precursors Regulations, [8] ]

3.6
healthcare facility
HCF

facility and its organisation, personnel, management and processes which provides health care

such as hospitals, psychiatric clinics and nursing homes including pharmacies, storage and

laboratories within the healthcare facility’s control

Note 1 to entry: HCF refers to singular and plural. HCF’s refers to the possessive subject.

3.7
improvised nuclear device
IND

improvised device that is designed to cause nuclear material contained within it to produce

a nuclear explosion
3.8
life cycle

set of consecutive and interlinked stages of a product system, from raw material acquisition or

generation from natural resources, to use and final disposal
[SOURCE: EN ISO 14040:2006, 3.2 [9]]
3.9
life cycle inventory analysis

phase of life cycle assessment involving the compilation and quantification of inputs and outputs

for a product throughout its life cycle
[SOURCE: EN ISO 14040:2006, 3.3 [9]]
3.10
nuclear material
Uranium 235, Uranium 233 and Plutonium 239

Note 1 to entry: Detailed information can be found in IAEA NSS 13, Section 4, Table 1 [10].

---------------------- Page: 9 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
3.11
occupational Health & Safety
OH&S

conditions and factors that affect, or could affect, the health and safety of employees or other

workers (including temporary workers and contractor personnel), visitors, or any other person

in the workplace
[SOURCE: OHSAS 18001:2007 [11] ]
3.12
radioactive material

material designated in national law, regulation or by a regulatory body as being subject to

regulatory control because of its radioactivity, or, in the absence of such a designation by a State,

any material for which protection is required by the current version of the International Basic

Safety Standards

[SOURCE: IAEA NSS Risk Informed Approach for Nuclear Security Measures, No 24-G, [12],

modified]
3.13
radioactivity

phenomenon whereby atoms undergo spontaneous random disintegration, usually accompanied

by the emission of radiation
[SOURCE: IAEA Safety Glossary [13]]
3.14
radiological dispersal device
RDD

device designed to disperse, usually with explosives, radioactive material in an uncontrolled

way, without the need of nuclear explosion
3.15
risk

expression of the combination of the consequences of an event (including changes in

circumstances) and the associated likelihood of occurrence
[SOURCE: ISO 31000 [21], modified]
3.16
security

resistance to intentional acts designed to cause harm or damage to or by the supply chain

Note 1 to entry: Harm includes psychological and societal harm.
[SOURCE: ISO 28001:2007, 3.20, [14]]
3.17
security risk

expression of the combination of the consequences of a threat once enacted and the associated

vulnerability to that threat at a specific location
---------------------- Page: 10 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
3.18
security threat

situation where an adversary has the capability and the intent to violate security of CBRNE

materials
3.19
security threat scenario
means by which a potential security incident might occur
[SOURCE: ISO 28001:2007, 3.26 [14]]
3.20
security controlled area
area which has specific controls to restrict access to authorized persons only
[SOURCE: CEN/TS 16850:2015, 2.1 [8]]
3.21
security management

systematic and coordinated activities and practices through which an organization optimally

manages its security risks, and the associated potential threats and impacts therefrom

[SOURCE: ISO 28000:2007, 3.3 [5]]
3.22
security management policy

overall intentions and direction of an organization, related to the security of and the framework

for the control of security-related processes and activities that are derived from and are

consistent with the organization’s policy and regulatory requirements
[SOURCE: ISO 28000:2007, 3.5 [5]]
3.23
vulnerability

weakness within the security arrangements which could, at some point, be exploited by a threat

3.24
visitor

person authorized to visit restricted areas who is not a visitor for patients during visiting hours

or person authorized to visit restricted areas who is not part of the HCF´s organization

4 General guidance
4.1 Context of CBRNE risks in HCF and other facilities within HCF responsibility
4.1.1 General

To understand the context of security risks in healthcare facilities, associated with CBRNE

materials, a brief overview is presented below. Recommendations regarding approaches to

security are then presented in subsequent paragraphs.

The major threat from CBRNE materials is that they could be deliberately used for executing

criminal and/or terrorist acts. These materials can, for instance, be placed in locations where

people would be directly harmed by them or they could be deliberately distributed into the

environment through dispersal devices or other means.
---------------------- Page: 11 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
4.1.2 High-risk chemical materials/agents

These are chemicals with the potential to be used to cause death, temporary incapacitation or

permanent harm to humans or animals. This includes all such chemicals, regardless of their

origin or of their method of production, and regardless of whether they are produced in

facilities, in munitions or elsewhere [16].

The wide range of chemicals and materials used in healthcare treatment and associated research

implies that HCF are potential sources of high risk chemical materials / agents or their pre-

cursors.

HCF should consult their national authority to define what is high/medium/low risk material.

4.1.3 High-risk biological material

When speaking of security of biological material the focus lies on pathogens, or parts of them,

and toxin-producing organisms [17]. These can be plant, animal, microorganism and human

derived.

Toxins are also classified as biological agents. These are naturally occurring poisonous chemicals

produced by biological organisms, including plants, animals and microorganisms (although

some may be artificially synthesized).

Some of these materials are extremely important for research and development in the domains

of medicine, biology and agriculture, but on the other hand can be used as biological weapons.

This means that many of them can therefore be used for two purposes. The term used by the

international community for these types of materials is ‘dual use’ [18].

Clearly, HCF and their processes are potential sources of high risk biological materials / agents.

HCF should consult their national authority to define what is high/medium/low risk material.

4.1.4 High-risk radioactive sources and nuclear materials

Radioactive materials give rise to two types of radiological hazard. Firstly, the hazard of external

exposure to the radiation they emit and secondly, internal exposure if radioactive material

enters the body.

Nuclear materials are a special class of radioactive materials which have the potential to be used

to construct devices that also generate large amounts of energy as well as highly penetrating

radiation, through the process of nuclear fission. HCF are extremely unlikely to be sources of

nuclear materials but they may be the source of other radioactive materials that could be used to

aid the construction of an IND or used in a RDD.

HCF should consult their national authority to define what is high/medium/low risk material.

4.1.5 Explosives

Explosives are not routinely used in HCF, but in the context of this Technical Specification the

term Explosives should also be taken to refer to explosive pre-cursor chemicals such as those

listed in Annex I or Annex II of [19] (as amended from time to time) on the marketing and use of

explosives precursors, in a concentration higher than the corresponding limit value set out

therein.

Therefore, such materials are included in the term of high-risk materials/agents for the rest of

this document.
---------------------- Page: 12 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
4.1.6 The relationship between security and safety

It is important to note that safety management and security management serve some common

objectives – the protection of workers, the public and the environment – and that they typically

reflect a common philosophy [6]. To put it simply, in the context of CBRNE materials, the main

difference is that safety is about protecting people from hazardous materials and security is

about protecting hazardous materials from people. Safety incidents are always unintentional

(errors). Safety incidents are errors caused by humans, natural disasters or by failing of

structure (inferior material). Safety incidents are reported widely and shared with peers, to

learn and to avoid new incident. Security incidents are always committed deliberately and

unlawfully or wilfully.

Security management of hazardous materials therefore has a strong relationship with

occupational health and safety (OH&S) management of these materials. Many features of

equipment design or operation serve to enhance both safety and security simultaneously; they

also act to prevent deliberate misuse by intruders.

EXAMPLE Secure storage of hazardous (CBRNE) materials to prevent accidents may also help to

restrict unauthorised access.

In addition, actions undertaken to advance or modify one purpose could adversely affect the

other. This means that decisions regarding OH&S or security require an integrated management

approach and that safety and security issues should be evaluated on mutually supporting and

reinforcing terms.
4.2 CBRNE security management approach

A CBRNE security management approach should be part of an organisations’ overall security

management approach with primary focus on the protection of CBRNE materials and security of

information relating to them. Therefore, a CBRNE security management approach for HCF

should (also see CEN/TS 16850:2015, 3.1 [20]):

— be consistent with the organization’s overall risk and business continuity management

approach;

— be consistent with other security and safety management systems, policies and approaches;

— provide a framework which enables the specification of CBRNE security management

objectives and targets (see Figure 2);
— train staff accordingly on security and security awareness (see 6.5);

— provide operational guidance (standard operating procedures) for the execution of CBRNE

security management tasks/targets;
— be visibly endorsed by top management;
— be documented, implemented, monitored and maintained;

— be communicated to all staff, patients, visitors and other stakeholders present in controlled

areas;
— respect the rights of stakeholders;
— align with the OH&S management approach for hazardous material; and

— be coordinated with OH&S activities to ensure that they do not compromise each other’s

goals.
---------------------- Page: 13 ----------------------
SIST-TS CEN/TS 17159:2018
CEN/TS 17159:2018 (E)
4.3 CBRNE security threat and risk assessment
4.3.1 General

For establishing the range and type of security issues that will be addressed in their CBRNE

security management system, HCF should undertake security threat assessments as set out in

4.3.2. The threats that are identified by the threat assessment should each be graded according

to the potential consequences that could arise
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.