1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Societal and citizen security - Guidance for the security of hazardous materials (CBRNE) in healthcare facilitiesPD CEN/TS 17159:2018TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 17159 A
2、pril 2018 ICS 13.300; 13.310; 11.020.99 English Version Societal and citizen security - Guidance for the security of hazardous materials (CBRNE) in healthcare facilities Scurit socitale - Document dorientation pour les tablissements de soins de sant relatif la scurit des substances NRBCE tout au lon
3、g de leur cycle de vieSchutz und Sicherheit der Brger - Leitfaden fr die Sicherheit von Gefahrstoffen (CBRNE) entlang ihres Lebenszyklus in Gesundheitseinrichtungen This Technical Specification (CEN/TS) was approved by CEN on 10 December 2017 for provisional application. The period of validity of th
4、is CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way a
5、s for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are th
6、e national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romani
7、a, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in any f
8、orm and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 17159:2018 ENational forewordThis Published Document is the UK implementation of CEN/TS 17159:2018.The UK participation in its preparation was entrusted to Technical Committee SSM/1, Societal security management.A list
9、 of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2018 Published by BSI Standards Li
10、mited 2018ISBN 978 0 580 98709 0ICS 11.020.99; 13.300; 13.310Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 April 2018.Amendments/corrigenda issued since
11、publicationDate Text affectedPUBLISHED DOCUMENTPD CEN/TS 17159:2018TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 17159 April 2018 ICS 13.300; 13.310; 11.020.99 English Version Societal and citizen security - Guidance for the security of hazardous materials (CBRNE) in
12、 healthcare facilities Scurit socitale - Document dorientation pour les tablissements de soins de sant relatif la scurit des substances NRBCE tout au long de leur cycle de vieSchutz und Sicherheit der Brger - Leitfaden fr die Sicherheit von Gefahrstoffen (CBRNE) entlang ihres Lebenszyklus in Gesundh
13、eitseinrichtungen This Technical Specification (CEN/TS) was approved by CEN on 10 December 2017 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the q
14、uestion whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national stan
15、dards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of
16、Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMA
17、LISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 17159:2018 EPD CEN/TS 17159:2018CEN/TS 17159:2018 (E) 2 Contents
18、Page European foreword . 4 Introduction . 5 1 Scope 6 2 Normative references 6 3 Terms and definitions . 6 4 General guidance. 9 4.1 Context of CBRNE risks in HCF and other facilities within HCF responsibility . 9 4.1.1 General 9 4.1.2 High-risk chemical materials/agents . 10 4.1.3 High-risk biologi
19、cal material . 10 4.1.4 High-risk radioactive sources and nuclear materials 10 4.1.5 Explosives . 10 4.1.6 The relationship between security and safety 11 4.2 CBRNE security management approach 11 4.3 CBRNE security threat and risk assessment . 12 4.3.1 General . 12 4.3.2 CBRNE security threat and s
20、ecurity risk assessment . 12 4.3.3 Graded Approach . 13 4.3.4 CBRNE security risk assessment. 14 4.3.5 Business impact analysis . 14 4.4 CBRNE security management policy . 14 4.5 CBRNE security design . 17 4.5.1 General . 17 4.5.2 Design and construction 18 4.6 CBRNE security management plan 19 4.7
21、CBRNE information security management . 19 5 General procedures . 20 5.1 Management, roles, and responsibilities 20 5.2 Competencies 21 5.3 Training . 21 5.4 Documentation . 22 6 Operational guidance . 22 6.1 Inventory analysis and classification . 22 PD CEN/TS 17159:2018CEN/TS 17159:2018 (E) 3 6.2
22、Securing the supply chain . 23 6.2.1 General . 23 6.2.2 Transportation 24 6.2.3 Suppliers . 24 6.3 Securing controlled areas . 24 6.3.1 Designation of security controlled areas 24 6.3.2 Access control 25 6.4 People . 25 6.4.1 General . 25 6.4.2 Staff . 26 6.4.3 Visitors . 29 6.4.4 Patients 29 6.5 Co
23、mmunication and awareness 30 6.6 CBRNE security incident response . 31 6.6.1 CBRNE security incident response plan . 31 6.6.2 Notification of the authorities . 32 6.6.3 Incident reporting . 32 7 Evaluation of the CBRNE security management system 33 Annex A (informative) Guidance for the implementati
24、on and operation phase of generic management systems in HCF 34 Bibliography . 36 PD CEN/TS 17159:2018CEN/TS 17159:2018 (E) 4 European foreword This document (CEN/TS 17159:2018) has been prepared by Technical Committee CEN/TC 391 “Societal and citizen security”, the secretariat of which is held by NE
25、N. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. According to the CEN/CENELEC Internal Regulations, the national standards organisations of the fol
26、lowing countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherl
27、ands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 17159:2018CEN/TS 17159:2018 (E) 5 Introduction Protecting citizens, institutions, infrastructures and assets is one of the four key pillars of the EUs Counter-Ter
28、rorism Strategy. One of its aims is to detect and mitigate risks related to the acquirement and misuse of hazardous chemical, biological, radioactive or nuclear (CBRN) materials, such as those referred to in the EU CBRN action plan 1. There are indications that terrorists would be interested in usin
29、g some of these CBRN materials for executing attacks. Securing them and preventing unauthorized access to them is therefore key to preventing their misuse. In the action plan, EU member states have planned to enhance the security of CBRN materials. One of the industries that uses these hazardous mat
30、erials in their regular processes is the Health Care Industry. Possible risk scenarios for this industry could include the theft of CBRN material from hospitals to perform (complicated) malevolent attacks such as the contamination of major water supply systems, but also the production (and detonatio
31、n) of an improvised explosive device (IED) containing chemical and/or radiological material in public areas that would cause panic and fear across Europe. Securing these materials in healthcare facilities (HCF) is therefore important. This document provides guidance for the design and implementation
32、 of a security management approach and system to deal with security threats involving hazardous CBRNE materials. Security management of hazardous materials also has a strong relationship with occupational health and safety (OH it covers the lifecycle of such materials within a HCFs span of control.
33、In this Technical Specification these materials are referred to as CBRNE materials. It covers the protection of (high risk) CBRNE materials used in healthcare facilities against security threats relating to their deliberate misuse. It covers the protection of people, assets and information related t
34、o CBRNE materials. This Technical Specification also applies to circumstances where healthcare is provided at locations remote from the normal location of the HCF. This Technical Specification also provides guidance to all stakeholders that are responsible for each step in a lifecycle of CBRNE mater
35、ials within the HCF such as such as administrator staff, facility management staff, logistics and transport staff, medical staff, waste management staff, domestic staff and security staff as well as visitors and contractors working on the HCF premises. This Technical Specification can be applied as
36、part of generic management systems such as EN ISO 9001 2, EN ISO 22301 3, ISO 22320 4 and possibly ISO 28001 14. It does not apply to occupational health and safety issues deriving from the proper and improper use of such materials. 2 Normative references There are no normative references in this do
37、cument. 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 CBRNE material chemical, biological, radioactive, nuclear or explosive material that could harm society or individuals through their deliberate release, dissemination, or misuse and for
38、which high levels of security are warranted SOURCE: EU CBRN Action Plan 1, adapted 3.2 CBRNE security management set of interrelated or interacting elements (system) for managing the security of CBRNE materials in organisations in order to prevent their deliberate misuse 3.3 design basis threat DBT
39、description of the attributes and characteristics of potential insider and/or external adversaries who might attempt unauthorized removal of CBRNE materials or sabotage against which a physical protection system is designed and evaluated SOURCE: IAEA Development and Use of the Design Basis Threat 15
40、, amended PD CEN/TS 17159:2018CEN/TS 17159:2018 (E) 7 3.4 explosive reactive compound that contains energy, which when released quickly from the compound, can produce an explosion that is usually accompanied by the production of light, heat, sound, and pressure 3.5 explosive precursor chemical subst
41、ance which can be made into an explosive with relative ease e.g. by mixing or blending with other materials, or by simple chemical processing SOURCE: Guidance on the EU Marketing and Use of Explosives Precursors Regulations, 8 3.6 healthcare facility HCF facility and its organisation, personnel, man
42、agement and processes which provides health care such as hospitals, psychiatric clinics and nursing homes including pharmacies, storage and laboratories within the healthcare facilitys control Note 1 to entry: HCF refers to singular and plural. HCFs refers to the possessive subject. 3.7 improvised n
43、uclear device IND improvised device that is designed to cause nuclear material contained within it to produce a nuclear explosion 3.8 life cycle set of consecutive and interlinked stages of a product system, from raw material acquisition or generation from natural resources, to use and final disposa
44、l SOURCE: EN ISO 14040:2006, 3.2 9 3.9 life cycle inventory analysis phase of life cycle assessment involving the compilation and quantification of inputs and outputs for a product throughout its life cycle SOURCE: EN ISO 14040:2006, 3.3 9 3.10 nuclear material Uranium 235, Uranium 233 and Plutonium
45、 239 Note 1 to entry: Detailed information can be found in IAEA NSS 13, Section 4, Table 1 10. PD CEN/TS 17159:2018CEN/TS 17159:2018 (E) 8 3.11 occupational Health they also act to prevent deliberate misuse by intruders. EXAMPLE Secure storage of hazardous (CBRNE) materials to prevent accidents may
46、also help to restrict unauthorised access. In addition, actions undertaken to advance or modify one purpose could adversely affect the other. This means that decisions regarding OH be consistent with other security and safety management systems, policies and approaches; provide a framework which ena
47、bles the specification of CBRNE security management objectives and targets (see Figure 2); train staff accordingly on security and security awareness (see 6.5); provide operational guidance (standard operating procedures) for the execution of CBRNE security management tasks/targets; be visibly endor
48、sed by top management; be documented, implemented, monitored and maintained; be communicated to all staff, patients, visitors and other stakeholders present in controlled areas; respect the rights of stakeholders; align with the OH and be coordinated with OH delivery / receipt / logistics of CBRNE m
49、aterials; storage of CBRNE materials (warehousing); transport (in house / external) of CBRNE materials; use of CBRNE materials (in production processes); waste management of CBRNE materials; unintentional loss of CBRNE materials and subsequent misuse. Next to this attention shall be paid to the management of the entire supply chain (6.2), and the management of information on CBRNE materials (4.7). HCF should make and maintain a list of the threats identified by the LCTA. HCF shou