NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 1 of 11 Dated: March 2012 To: All NSI Approved Companies and Applicants where the scope of approval includes the provision of lone worker device (LWD) services and/or the monitoring of lone worker devices TECHNICAL BULLETIN No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice (Supersedes BS 8484:2009) This Technical Bulletin gives clarification and guidance on the changes between BS 8484: 2011 (the new BS) and BS 8484:2009 (the old BS). Please refer to NSI Technical Bulletin 0017 for information about the old BS. The new BS shows an effective date of 30 September 2011 and is available through licensed outlets, including NSI who can supply copies at a discounted rate. The new BS will now be applied to all organisations that wish to obtain or maintain NSI approval for the provision of lone worker (LWD) device services and/or for the monitoring of lone worker devices. NSI offers two approvals in relation to the new BS as follows: NSI Guarding Gold (or Silver) approval for the provision of lone worker device services . In this case, all clauses of BS 8484 apply as well as BS 7858 and, in the case of Gold approval, BS EN ISO 9001:2008. Note: It is important to note that to qualify for NSI Guarding Gold (or Silver) approval the company must supply lone worker devices that comply with BS 8484. NSI ARC Gold approval for the monitoring of lone worker devices. In this case, Clause 6 of BS 8484 applies as well as BS 7858, BS EN ISO 9001:2008, NSI Quality Schedule SSQS 102 and BS 5979. With immediate effect applicant companies will be assessed against the new BS and any Improvement Needs will have to be satisfactorily addressed before approval can be granted. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 2 of 11 Existing NSI approved companies will be given until 30 September 2012 to fully comply with the revised requirements. Up and until 30 September 2012 Improvement Observations will be issued for any of the revised requirements within the new BS that are not fully satisfied. Failure to address any such Improvement Observation by 30 September 2012 may result in their elevation to an Improvement Need, which, if not addressed within the stated Improvement Period, may result in a recommendation for withdrawal of NSI Approval. NSI Certificates of Approval that reference the old BS will be re-issued to reference the new BS as and when satisfactory evidence of compliance is demonstrated. NOTE REGARDING THE STATUS OF BS 8484:2011 Although the new BS is a Code of Practice, compliance with the new BS is regarded as mandatory for all organisations wishing to maintain NSI approval for the provision of lone worker device (LWD) services and/or for the monitoring of lone worker devices, subject to any clarifications and guidance included within this Technical Bulletin or subsequently issued. Note: The NSI Guarding Gold and Silver schemes and the NSI ARC Gold scheme are UKAS Accredited Product Certification schemes hence the need for mandatory requirements. DETAILS ABOUT THE CHANGES Actual text from the new BS is reproduced in bold text . Further guidance or comment about the text in the new BS is given in italics . Details about the changes are given below according the relevant clause of the new BS. Foreword The Foreword explains that the ne w BS introduces the following principal changes: a) a reflection of the trend by lone worker suppliers towards subcontracting components [elements] of their services, and the need to declare the fact to customers where it applies; b) an expansion of the recommendations for data security; c) a reflection of the need to have an effective self-certification process for [lone worker] devices. There is now a ‘ presentational conventions ’ section that makes it clear that the recommendations within the Standard are expressed in sentences in which the principal auxiliary verb is “should”. Furthermore, c ommentary, explanation and general informative material in the BS is presented in smaller italic type, and does not constitute a normative element of the BS . For NSI approval, the note regarding the status of BS 8484:2011 on page 2 of this Technical Bulletin makes it clear that the requirements of new BS are mandatory. Therefore, all references to “should” within the new BS must be rea d as “shall” as they are not optional. Some clauses within the new BS use the word “may”. Unless stated otherwise under the relevant clause, it is accepted that such references act as an alternative to the primary requirement. “Can” is used to express possibility, for example, a consequence of an action or event. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 3 of 11 The Foreword of the new BS draws attention to three pieces of legislation (as did the old BS) as follows: Data Protection Act 1998 Rehabilitation of Offenders Act 1974 Telecommunications Act 2003 1. Scope There are no changes to the Scope. 2. Normative references The following normative references have been added: BS 7858, Security screening of individuals employed in a security environment – Code of practice BS 7984, Keyholding and response services – Code of practice BS ISO/IEC 27001 (BS 7799-2), Information technology – Security techniques – Information security management systems – Requirements 3. Terms and definitions There are no significant changes to the definitions. The following information is provided in relation to the term “supplier”: A “supplier” is defined in 3.21 of the new BS as “provider of an LWD service to a customer”. In turn, “LWD service” is defined in 3.14 of the new BS as “combination of an LWD and an ARC, provided by a supplier to a customer, enabling response to a lone worker’s request for assistance”. A company operating as a “supplier” is eligible to apply for NSI Guarding Gold (or Silver) approval for the provision of lone worker device services. NSI assesses “suppliers” against the appli cable approval criteria, all clauses of BS 8484, BS 7858 and other relevant standards (for example BS EN ISO 9001 in the case of Gold approval). A “supplier” must provide Lone Worker Devices (LWDs) that comply with the provisions set out in Clause 5 of the new BS, in particular sub-clause 5.2.1 of the new BS. This does not exclude “ suppliers ” from supplying devices that do not comply with the new BS. However, “ suppliers ” must be clear about which devices comply with the new BS, and which ones do not, as this is essential to ensuring that the provisions of the ACPO policy on police response to security systems are met. A company (“supplier”) that is NSI approved for the provision of lone worker device services can operate their own ARC or they can sub-contract the monitoring of lone worker devices to another company that operates an ARC. This is provided that in both cases the ARC holds NSI ARC Gold approval for the monitoring of lone worker devices (or the ARC is approved by an independent third-party approvals organisation acceptable to NSI and complying with BS EN ISO 9001, BS 5979 and Clause 6 of BS 8484). NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 4 of 11 4. Supplier framework The NOTE drawing attention to the Data Protection Act 1998 , and also the need for suppliers to register with the Information Com missioner’s Office if they hold data about individuals (i.e. lone workers) who are required to give their consent to be located, has been moved out of sub – clause 4.1. This has led to a re – numbering of the sub – clauses in Clause 4. 4.1 Structure The following has been added: The supplier should possess a clearly documented business operating manual including supporting procedures and work instructions for the provision of LWD services. The supplier’s business operating manual (or Quality Management System in the case of a NSI Guarding Gold approved company) must include the supporting procedures and work instructions for the provision of lone worker device services in respect of all relevant sub-clauses of the new BS. Clause 6 of the new BS relates mainly to the operation of the ARC. However, some aspects of Clause 6 are relevant to suppliers as detailed in sub-clauses 6.1, 6.6.1.1, 6.6.1.4 and 6.6.1.5. 4.2 Finances A NOTE has been added in relation to the need for t he supplier to prepare annual accou nts in accordance with applicable accounting standards. The NOTE reads as follows: NOTE 2 Attention is drawn to legal requirements in respect of filing of accounts. An example would be in relation to limited companies needing to submit copies of accounts to Companies House. 4.3 Insurance There are no changes to insurance requirements. 4.4 Premises There are no changes to premises requirements. 4.5 Subcontracting A new sub-clause about subcontracting has been added, which reads as follows: Where any element of LWD service delivery to the customer is provided by subcontract with third parties, then these arrangements should be disclosed in writing to the customer and a copy of such disclosure should be retained by the supplier. The supplier should ensure that the subcontracted service meets the recommendations of the relevant clause of this British Standard. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 5 of 11 Examples of subcontracting to third parties include: i) The manufacture of the lone worker devices (LWDs); ii) The monitoring of lone worker devices by an ARC; iii) The provision of a response service by a private security company. 4.6 Data security and retention A new sub-clause about data security and retention has been added, which reads as follows: The supplier should ensure that the data is held and maintained securely in accordance with the contract and to the satisfaction and confirmation of the customer, either in a Category II ARC as defined in BS 5979:2007, or in a data centre environment meeting the requirements specified in BS ISO/IEC 27001. The data to be retained should, where appropriate, include at least the following information: a) incident data; b) personal details of lone workers; c) customer details. NOTE Attention is drawn to the Data Protection Act 1998 [1]. Comment on the first paragraph: Our understanding is that the term “data” (in the first line of the first paragraph of sub- clause 4.6) applies to Lone Worker personal data. Lone Worker personal data includes the data that is described in sub-clauses 6.6.1.3 and 6.6.1.4 of the new BS. Such data can be held and maintained: i) At a Category II ARC as defined in BS 5979:2007; or ii) In a data centre environment meeting the requirements specified in BS ISO/IEC 27001. Normally t he supplier’s premises will not satisfy either a) or b) above and therefore the su pplier’s premises will not usually be suitable for holding and maintaining Lone Worker personal data. However, the supplier can have remote access (for example at a terminal) to the Lone Worker personal data at the supplier’s premises provided the supplier does not depart from the principles contained in BS ISO/IEC 27001. Remote access to data held in an ARC is governed by the guidance given in Annex B of BS 5979:2007 on remote access to remote centre data systems. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 6 of 11 In relation to b), we look for evidence that Lone Worker personal data is held in a data centre environment (such as a Tier 1, Tier 2, Tier 3 or Tier 4 data centre) and that the data centre meets the requirements specified in BS ISO/IEC 27001. An example of suitable evidence of meeting the requirements specified in BS ISO/IEC 27001 would be a data centre holding UKAS accredited certification to BS ISO/IEC 27001. Comment on the second paragraph: The second paragraph calls for the following data to be retained: a) incident data; b) personal details of lone workers; c) customer details. Incidents are handled at the ARC and therefore the incident data, including all data relating to the incident, will be held at the ARC in accordance with BS 5979:2007. This does not preclude the incident data also being held in a data centre environment meeting the requirements specified in BS ISO/IEC 27001. The period of retention should be agreed with the customer bearing in mind the potential for future claims from Lone Workers who may have been injured during an incident. The ARC will need to adhere to the retention times given in Clause 7 of BS 5979:2007 unless all relevant parties, including the police and the insurers, agree otherwise. 4.7 Security screening A new sub-clause about security screening has been added, which reads as follows: The supplier should have a documented data handling policy, which should be provided to customers and adhered to. This policy should include, as a minimum: a) details of data collection and handling; b) access to data; c) processing of data; d) retention and deletion of data; e) security screening of personnel handling data, in accordance with BS 7858. The policy should apply to all directly employed personnel or subcontractor employed personnel who have access to lone workers’ personal data that uniquely identifies individuals. NOTE Attention is drawn to the Data Protection Act 1998 [1]. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 7 of 11 Nothing in the new sub-clause about security screening is intended to detract from the provisions of BS 7858. Therefore all individuals in “relevant employment” (which is a term defined in BS 7858) must be security screened. A new requirement under BS 8484 is to have a documented data handling policy including, as a minimum, the items listed in sub-clause 4.7 a) to e). 4.8 Training A new sub-clause about training has been added, which reads as follows: The supplier should have a clearly defined and documented training policy for its staff. The supplier should provide induction training in matters related to conditions of employment and organizational procedures for all their personnel engaged in providing lone worker services. All training provided should be recorded on a form specific for the purpose, be signed by the trainee, countersigned by the trainer and retained. Where a certificate of competence is provided by a recognized and relative sector competent training organization, a copy of the certificate should be retained. Training should be updated, and records of training retained, when there is a change in methods, procedures or legislation. We will look for evidence that the above recommendations have been met. 5. Lone worker device (LWD) The term “lone worker device” (abbreviated LWD) relates to devices that co mply with Clause 5 of the new BS. This is to help distinguish LWDs from other devices that do not comply with BS 8484. For each type or make of LWD, a supplier is expected to hold a declaration of conformity (or statement of compliance) from the manufacturer of the LWD supported by a technical file (or report) giving justification or explanation as to how the LWD complies with each of the functions listed in sub-clause 5.2.1 of the new BS (essential LWD functionality). NSI is not awarding approvals to LWDs. Therefore manufacturers / suppliers of LWDs may wish to consider gaining approval / certification of their LWDs from an accredited third-party product testing laboratory. For information, a “lone worker device (LWD)” is defined in 3. 1 3 of the new BS as “ electronic devic e able to transmit LWD identity and position information , and to provide communications”. “Position information” is defined in 3.1 8 of the new BS as “ information sent from the LWD that assists a controller to establish its accurate p os ition ”. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 8 of 11 “ Communications ” is defined in 3. 6 of the new BS as “ transmission of voice and data between an LWD and an ARC ”. 5.1 Communications network There are no changes to communications network requirements. The supplier still needs to recommend the most suitable communications network to meet the needs of the customer. 5.2 Operational functions 5.2.1 Essential LWD functionality The standard lists eleven ESSENTIAL functions that all LWDs supplied to customers need to have in order to comply with BS 8484. Please refer to sub-clause 5.2.1 of the new BS for full details of these functions. The essential LWD functionality described in 5.2.1 f) has been re-worded as follows: f) capability to initiate an audio connection to the ARC, or to retry until connected; The old BS contained a similar requirement described as “ capability to initiate an audio connection to the ARC, and retry until acknowledged by the controller”, which implied that it was always necessary for the ARC contr oller to be involved in ackn owledging the connection. The re-worded requirement in the new BS clarifies that the audio connection can be established between the LWD and the ARC receiving equipment automatically without necessarily involving any action from the ARC controller. 5.2.2 LWD conformity This is a new sub-clause, which h as led to the re – numbering of subsequent sub – clauses. The new sub – clause states the following: The supplier should have available a certificate of conformity supported by a technical file and both should be signed by a person with relevant authority, showing how the LWD meets the recommendations of BS 8484:2011, 5.2.1. We will review the content of the certificates of conformity and the supporting technical files to check for ambiguities or omissions. 5.2.3 LWD selection The new BS lists four factors to be taken into account when selecting an LWD. The old BS listed four functions to be considered when selecting an LWD. Therefore the new BS is strengthening the position by making it clear that these functions need to be taken into account and not ignored. The type of LWD supplied must meet all of the factors that are relevant to a particular customer (whether it is one of the factors or all four of the factors). NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 9 of 11 These factors are OPTIONAL for a particular LWD, but should be included in the range of LWDs that are supplied in order to be able to meet the needs of customers. The four factors are the same as the functions listed in the old BS except that the factor described in 5.2.3 c) has been re-worded as follows: c) initiation of an activation message when a “man – down”, “environmental” or other sensor is fitted; NOTE 1 A “man – down” sensor cau ses an activation message to be transmitted if the LWD is subjected to sufficient force, e.g. if the lone worker is assaulted and collapses or is involved in a car crash. An “environmental” sensor causes an activation message to be transmitted if the LWD is subjected to extreme (and defined) environmental characteristics for a given (and defined) period, e.g. high or low temperature conditions. Examples of other sensors include personal health sensors (e.g. heart rate monitors). The inclusion of “environmental sensor” or ” other sensor” reflects the possibility that some LWDs may include additional sensors (over and above “man-down”), which may be important to certain customers. 5.2.4 LWDs with two-way voice communication There is no change to this sub-clause apart from the numbering. 5.3 LWD training There is no change to the wording of this sub-clause. 6. Alarm receiving centre (ARC) There are no significant changes to Clause 6. We expect an ARC to hold, or to have access to, documented evidence (for example copies of the certificates of conformity and the supporting technical files relating to LWDs) to show which of the LWDs that are monitor ed c o mplies with Clause 5 of BS 8484 . This is to ensure that the ACPO policy on police respo nse to security systems is adhered to at all times and that police control rooms will only be called in relation to activation me ssages from LWDs that g enuinely comply with BS 8484 . ARCs are not precluded from monitoring devices that do not comply with BS 8484. However, ARCs must not use their Unique Reference Number (URN) facility to contact police control rooms in relation to activations from devices that do not comply with BS 8484 as this would be a breach of the ACPO policy. 6.8 Performance criteria The following comments are in relation to Table 1 of sub-clause 6.8 of the new BS (performance criteria), which gives the maximum ARC response times from receipt of activation message. These response times are exactly the same as those given in Table 1 of the old BS. NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 10 of 11 According to Table 1, verification needs to be completed within 120 seconds for 80 % of cases and within 180 seconds in a further 10 % of cases. Then as per the standard, the 10% of cases where verification cannot be completed for an activation message within 180 seconds allows for the occurrence of unforeseen circumstances, for example, insufficient audio to allow for verification or pre-alert time-out [see 5.2.2 d)] without confirmation that the user is safe. In these circumstances, the controller should escalate the alarm as stated in the response agreement. As a minimum, we expect ARCs to keep monthly statistics to demonstrate that the ARC controllers are meeting the responses times given in Table 1. Verification is the process of determining whether an activation message is a false alarm, false alert or a verified alarm. Verifying false alarms and false alerts: Normally it is expected that the ARC controller will be able to verify a false alarm or a false alert within the times for verification stated above. Assuming so, the time at which the ARC controller closes down the incident may be used to record the verification time. Verifying genuine alarms: When an ARC controller is handling a genuine verified alarm, it may not be practical or advisable for the ARC controller to take action to record the time at which verification took place because the ARC controller will not want to be distracted from the task of dealing with the incident. Such incidents may take longer to deal with than the verification times given in Table 1. Therefore it may appear that the ARC is missing its verification targets if the time at which the ARC controller closes down the incident is used to record the verification time. Separating the monthly statistics: It is suggested, therefore, that the ARC should separate the monthly statistics for closing down false alarms and false alerts from the monthly statistics for closing down verified alarms so that the performance the ARC can be more easily evaluated against the verification times in Table 1. 7. Response services Clause 7 contains the following additional text: The supplier should ensure that the stated response requirements are consistent with the policies and capabilities of the response services, which could be: a) emergency services (police, ambulance, etc.); b) in-house response (supervisor, other lone worker); c) contracted response: NSI Technical Bulletin No. 0020 Guidance on the implementation of BS 8484:2011 Provision of lone worker device (LWD) services – Code of practice 11 of 11 1) where the supplier is contracted to provide the response service then this response service should conform to BS 7984 (guarding company, etc.); 2) where the customer directly contracts the response service, they should be advised to ensure that the response service conforms to BS 7984. Service certification. Where response services are contracted, users of this British Standard are advised to consider the desirability of third-party certification of conformity to BS 7984. Users seeking assistance in identifying appropriate conformity assessment bodies or schemes may ask BSI to forward their enquiries to the relevant association. BS 7984:2008 does not specifically address the competency of individuals employed by a private security company to provide contracted response to requests for assistance from lone workers who might be badly injured, under attack from an armed person, and/or taken hostage. British Standards Institution (BSI) has been asked to develop provisions for response services to lone workers provided by private security companies and work is in hand at BSI to develop an Annex to BS 7984. In the meantime, in the absence of such provisions, if the supplier (or the ARC) enters into a contract to use a private security company to provide contracted response to lone workers NSI will seek to establish that the response officers are competent to carry out their duties in relation to the lone worker situations that they may encounter and will consider each case on its merits. ******