National Security Inspectorate Sentinel House, 5 Reform Road, Maidenhead, SL6 8BY E: nsi@nsi.org.uk | W: nsi.org.uk Page 1 of 32 © NSI 2016 Dated: 23rd November 2016 To: 1. All NSI Guarding Gold and Silver Companies who are approved for the provision of Lone Worker Services and/or the Provision of Lone Worker Response Services 2. All NSI ARC Gold companies who are approved for the monitoring of Lone Worker Devices /Applications 3 . Applicant Companies who wish to gain approval for the above scope s of approval TECHNICAL BULLETIN No: 0035 Guidance on the implementation of BS 8484:2016, the British Standard Code of Practice for the provision of Lone Worker Services (LWS) (Supersedes BS 8484:2011) BS 8484:2016 shows a publication date of the 31st August 2016 and is available through licensed outlets including NSI who can supply copies at a discounted rate. The new standard supersedes BS 8484:2011, which will be withdrawn on 28 February 2017. BS 8484 identifies recommendations for the provision of Lone Worker Services. Organisations that demonstrate compliance with BS 8484:2016, and also satisfy the relevant NSI criteria for approval, will be approved for the following scopes, depending on the service provided: “ Provision of Lone Worker Services ” and/or “ Monitoring of Lone Worker Devices/Applications ” and/or Provision of Lone Worker Response Services” . The 2016 edition will now be applied to all NSI approval schemes where the criteria for approval require compliance with BS 8484 as a condition of NSI approval. The Code of Practice will be applied with immediate effect, subject to the additional clarifications and guidance contained within this Technical Bulletin. Implementation timescale for Applicant Companies Applicant Companies will be audited against the 2016 edition with immediate effect and any Improvement Needs recorded against clauses of the Code of Practice will have to be satisfactorily addressed before approval can be granted. NSI Technical Bulletin No. 0035 Page 2 of 32 © NSI 2016 Implementation timescale for existing Approved Companies Companies holding NSI approval to BS 8484:2011 will be expected to comply with BS 8484:2016 from 1 March 2017. Note regarding the status of BS 8484:2016 Although issued as a code of practice by the British Standards Institution, it is important to note that compliance with the recommendations given in BS 8484:2016 is regarded as mandatory for all companies wishing to maintain an NSI approval; subject to any additional clarifications and guidance included within this Technical Bulletin or issued subsequently. The recommendations given in BS 8484:2016 must therefore be regarded as requirements in relation to NSI approval for the Provision of Lone Worker Services and/or the Monitoring of Lone Worker Devices and/or the Provision of Lone Worker Response Services. Details of the changes Highlighted under the clauses of the new Standard Comments under each clause of BS 8484:2016 detail the changes when compared with the corresponding clause within BS 8484:2011. Where the actual wording of the standard is quoted it is reproduced in bold text. Where it is considered relevant to further clarify the specified requirement, additional guidance is included in italics. We will consider alternative methods of achieving compliance with specified requirements where these can be demonstrated to be equivalent. Preface The 2016 revision of BS 8484 introduces some fundamental changes to how the safety of lone workers should be approached. The emphasis moves from the provision of the lone worker device to the provision of an end to end service for the provision of a lone worker service based on the risks identified by the employing organization and the required response. The new document is targeted at all parties involved in the contracting of lone worker services and aims to ensure the customer is fully engaged with the development of the overall service to be provided and encourages them to take an active part in the management of the service, including false alarm management, once delivered. This is emphasised in the Scope of the document. The new code of practice also recognises that LWS solutions are increasingly being delivered by software applications hosted on either mobile platforms provided by the supplier or on those NSI Technical Bulletin No. 0035 Page 3 of 32 © NSI 2016 provided by the contracting company or their employees and additional requirements are introduced to address how these solutions are to be managed. Title The title of the standard has changed from the ‘Provision of lone worker device (LWD) services – Code o f practice’ to the ‘Provision of lone worker services – Code of practice’ . This change reflects the intent of the committee to ensure the code of practice covers all the requirements for the end to end service provision of lone worker services and does not focus solely on the provision of the lone worker device. Contents The contents page of BS 8484 shows that an additional section 6, Training and support has been added, which consolidates the training requirements into one section. The heading for Clause 4 has changed from Supplier framework to Supplier recommendations . The heading for Clause 5, Lone worker device (LWD) or lone worker application (LWA) reflects the changes in technology that have seen the increasing use of applications hosted on mobile devices used to provide a lone worker service. A new annex has been added. This annex, Annex A (informative) Typical lone worker activation process , has been included to describe a typical lone worker activation process from incident to response. The contents of the annex include descriptions of the activities that are likely to happen as the process progresses and provides comments on the expected cause and effect as an incident develops. Foreword BS 8484:2016 was prepared by BSI Technical Committee GW/3, Private Security Management & Services. Relationship with other publications Since the publication of BS 8484:2011, BS 5979:2007 has been withdrawn and has been superseded by BS EN 50518 and BS 8591. As BSI drafting rules do not permit withdrawn standards to be referenced within new standards and codes of practice all references to BS 5979 have been removed. However the Foreword makes it clear in the following statement, ‘ As a result of the publication of the BS EN 50518 series, BS 5979:2007 was withdrawn, but suppliers may wish to continue using ARCs which conform to BS 5979:2007.’ , that it is still permitted to provide a lone worker services from an ARC conforming to BS 5979. This is reiterated in Clause 7 Alarm receiving centre (ARC). Information about this document NSI Technical Bulletin No. 0035 Page 4 of 32 © NSI 2016 The Foreword states that the 2016 edition is a full revision of BS 8484 and introduces the following principal changes: a) revised definitions; b) revised structure including: 1) customer considerations for the supplier; and 2) information on management and training; c) an improved self-certification process for lone worker devices and lone worker applications which puts the responsibility for effective self-certification onto the supplier; and d) allowance for the emergence of safety applications for mobile communication devices. and states that ‘This British Standard applies to lone worker devices, lone worker applications, and all of the supporting monitoring and customer support services. This British Standard also acknowledges that these are pa rt of an overall lone worker protection strategy’. 0 Introduction 0.1 General This section introduces the concept of two broad categories of risks that affect lone workers; environmental risk, i.e., risks to the lone worker from hazards in their work environment and people risk, i.e., the risks to the lone worker from actions of others. 0.2 Overview of lone worker protection Additionally within the Introduction the section, Overview of lone worker protection , provides details of matters to be considered by customers when determining the measures to be implemented to provide a safe working environment for the lone worker. Figure 1 Overview of lone worker protection including a lone worker service describes the various elements of the risk assessment processes and policies that may be addressed by the employing organization when determining the risk to any lone worker employees. The shaded areas within Figure 1 relate to the functions within this code of practice the LWS supplier must provide. They are Supplier structure (see clause 4), Device/App/Communications (see clause 5), Management Information/Training (see clause 6), Monitoring (see clause 7) and Response (see clause 8). 1 Scope The Scope of the document is largely unchanged although the overall focus of the code of practice is the need for customer organizations to risk assess the threats faced by their lone worker NSI Technical Bulletin No. 0035 Page 5 of 32 © NSI 2016 employees and identify and provide appropriate lone worker strategies. The revised Scope includes the following: This British Standard gives recommendations for providing for the safety and security of lone working employees where the customer’s risk profile identifies the need for an LWS. This British Standard gives recommendations on the provision of LWSs to help control and manage identified LW risks. Such services consist of an LWD and/or an LWA, monitoring, training, management information and response options. This British Standard also gives recommendations for the response service including: a) minimizing their receipt of false alarms; and b) ensuring that low level genuine incidents that do not require an immediate manned response are treated accordingly. This British Standard provides a customer with recommendations and a benchmark when seeking a solution to reduce and/or eliminate the risk to staff operating away from the ability of colleagues to provide direct assistance. In such circumstances, an LWS solution provides a proportional response from the emergency services . The scope also makes it clear that the document is applicable to both suppliers and procurers of Lone Worker Services (LWS). This British Standard is applicable to both suppliers and customers procuring LWSs. 2 Normative references References to BS 5979:2007 (withdrawn) have been removed and are replaced by BS EN 50518 (all parts) and BS 8591 . References to BS 7984, Keyholding and response services – Code of practice, have been removed. These are replaced with BS 7984-2 Keyholding and response services – Part 2: Lone worker response services – Code of practice. 3 Terms, definitions and abbreviated terms In line with other BS standards and codes of practice ‘abbreviated terms’ (abbreviations) are now included (see clause 3.3). Terms and definitions are now listed in two clauses. C lause 3.1 contains general ‘Terms and condi tions’ and clause 3.2, which contains ‘Alarm sequence terms and conditions’ which are listed in the sequential order the terms would be generated during the initiation and response to an incident. NSI Technical Bulletin No. 0035 Page 6 of 32 © NSI 2016 Significant changes to the meaning of any existing terms and definitions the term and all new and deleted terms and definitions are listed below. AMEND 3.1 accurate position location, typically to within 10 m of the LWD, in the horizontal and vertical plane TO 3.1.1 accurate location area of space typically to within 10 m of the LWD/LWA, in the horizontal and vertical plane NOTE For example, this might be a satellite location and/or pre-activation message providing location information in a multi-storey building. AMEND 3.3 activation message information transmitted by an LWD to an ARC requesting assistance TO 3.2.3 activation message information transmitted (including identity and accurate location) by an LWD/LWA to an ARC and which generates alarm information, location, personal details and escalation instructions to assist the operator in alarm verification There may be circumstances where it may not be possible to send details of the accurate location as part of the activation message, for example due to the lack of GPS coverage. In these circumstances it is acceptable for the LWD/LWA to send the last known accurate location. AMEND 3.4 alarm call information communicated from an ARC to a relevant response service relating to a verified alarm TO 3.2.8 alarm call information communicated from an ARC to a relevant response service relating to a verified alarm and requesting a response NSI Technical Bulletin No. 0035 Page 7 of 32 © NSI 2016 DELETE 3.6 communications AMEND 3.7 controller individual in an ARC who manages activation messages and communicates with response services TO 3.1.13 operator individual in an ARC who verifies and takes action on receipt of activation messages/calls AMEND 3.8 customer organization that contracts with a supplier to provide lone workers under its employment with access to the LWD service TO 3.1.4 customer organization, employer and/or individual who contracts for the provision of LWSs AMEND 3.9 false alarm alarm call that is not a genuine request for assistance TO 3.2.9 false alarm alarm call subsequently shown not to have been a genuine request for assistance AMEND 3.14 lone worker device (LWS) service combination of an LWD and an ARC, provided by a supplier to a customer, enabling a response to a lone worker’s request for assistance TO 3.1.12 lone worker service NSI Technical Bulletin No. 0035 Page 8 of 32 © NSI 2016 combination of an LWD/LWA, monitoring, training and management information provided by a supplier to a customer, enabling a response to an LW’s activation message/call DELETE 3.15 mapping DELETE 3.16 pre-activation AMEND 3.17 pre-activation message information sent from an LWD to an ARC providing the controller with details about an incident that might occur TO 3.1.16 pre-activation message/call information sent from an LWD/LWA to an ARC providing the operator with details about planned LW location, identity, nature of the task and any potential risk applicable at that point in time DELETE 3.18 position information AMEND 3.19 response agreement set of instructions within the contract agreed between a supplier and a customer regarding the actions to be taken by an ARC when an activation message or a pre-activation message is received TO 3.1.7 escalation instructions documented instructions from the customer or individual which are available to the operator on receipt of an activation message/call and give details concerning use of response services NEW 3.1.5 dynamic risk assessment NSI Technical Bulletin No. 0035 Page 9 of 32 © NSI 2016 continuous process of identifying hazards, assessing risk, taking action to eliminate or reduce risk NEW 3.1.6 environmental risk risks to the LW from hazards in their work environment which could have an adverse effect on their safety NOTE This includes natural disasters, working with hazardous materials, working at heights, working with electricity, etc. NEW 3.1.8 incident data information containing the date/time of the incident occurring, the reason, associated accurate location, incident log, audio (or other evidential information) and any resolution to the incident NEW 3.1.10 lone worker application (LWA) dedicated application (software) running on a non-dedicated device(s) able to transmit an activation message/call and to provide communications NOTE For example, a non-dedicated device can be a mobile device or satellite phone. NEW 3.1.14 people risk risk to the LW from unwanted actions of others NOTE The following events can generate incidents which might fall into one or more of the following categories: verbal abuse, assault, medical emergency, incapacitation alarm (this is sometimes referred to as man-down or fall-down), alone and unsafe, user false alert, alcohol or drug related, and/or use of weapons. NEW 3.1.15 points of contact persons to be contacted both for gaining further information and communicating alarm details NOTE For example, a manager, colleague or family member. NSI Technical Bulletin No. 0035 Page 10 of 32 © NSI 2016 AMEND 3.2 activation operation of an LWD resulting in the generation of an activation message TO 3.2.2 alarm activation operation of an LWD/LWA in response to an incident resulting in the generation of an activation message and/or call NEW 3.2.4 activation call audio call from LWD/LWA to ARC which is used by the operator to assist alarm verification by identifying the nature of the incident NEW 3.2.5 verification process of determining whether an activation message/call is a false alert or a verified alarm AMEND 3.22 verified alarm activation message that has been confirmed as a genuine request for assistance by a controller who has interpreted audio information transmitted from an LWD in conjunction with risk information about the individual TO 3.2.7 verified alarm activation message/call that has been confirmed as a genuine request for assistance by an operator who has interpreted information transmitted from an LWD/LWA in conjunction with any pre-activation message/call, personal details and escalation instructions 4 Supplier recommendations was Supplier framework 4.1 Structure This clause is now broken down into four further clauses, 4.1.1 Management structure, 4.1.2 Business operating manual, 4.1.3 Compliance and 4.1.4 Integrity which include all the original requirements of BS 8484:2011 Clause 4.1 plus additional requirements. NSI Technical Bulletin No. 0035 Page 11 of 32 © NSI 2016 BS 8484:2011 clause 4.8 Training has been moved to clause 6 Training and support. 4.1.1 Management structure The following requirements are in line with those of BS 8484:2011 Clause 4.1 but contain more detail on the level of information required. The full contents of the new clause is listed below. The supplier should have a clearly defined management structure showing control and accountability at each level of the operation, which should: a) define and document ownership and a place of registration of the supplier; b) identify and document top management; c) define and document that the supplier is registered as a legal entity or part of a legal entity, and, where appropriate, the relationship between the supplier and other parts of that same legal entity; d) define and document any subordinate bodies, regional offices, joint venture partners and their places of incorporation and relationship to the overall management structure; and e) define and document any operational bases, logistics or storage facilities used in support of the operations of the organization and the jurisdiction that applies. 4.1.2 Business operating manual The need to have a business operating manual is now in a separate clause, which contains the previous requirements of BS 8484:2011 clause 4.1 paragraphs 2 and 3 plus additional requirements for business continuity planning, which are listed below: The supplier should have a clearly documented business operating manual which includes: a) supporting procedures and work instructions; b) a complaint management system; c) a business continuity plan; NOTE 1 Attention is drawn to: 1) for suppliers wanting to set up a business continuity management system, requirements are given in BS EN ISO 22301; 2) requirements and guidance for information and communication continuity management are given in BS ISO/IEC 27031. d) management information for the customer (see Clause 6); NSI Technical Bulletin No. 0035 Page 12 of 32 © NSI 2016 e) delivery of the LWS, including: 1) the risks associated with the delivery/operation of the products and services; and 2) effectiveness and customer feedback; NOTE 2 Delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal. f) policies; and NOTE 3 Example of policies include: data protection (see 4.4.1), security (see 4.4.3), human resources, lone working, health and safety, false alarm/alert management and quality management, management of subcontractors (see 4.5), etc. NOTE 4 Attention is drawn to BS ISO 9001 for quality management systems. g) management of any subcontractors. 4.1.3 Compliance This is a new clause which requires suppliers to record which LWS solutions are compliant to BS 8484 and which are not and to provide this information to customers. The contents of the new clause are reproduced below. The supplier should record and denote which solutions deployed are compliant with BS 8484 and which are not. The supplier should inform customers of this information. 4.1.4 Integrity This clause lists the requirements, previously in BS 8484:2011 Clause 4.1 Structure, for principals to disclose any bankruptcies or criminal convictions. 4.2 Financial stability of the supplier was 4.2 Finances. There are additional requirements in the new document regarding the provision of evidence that the organization has sufficient working capital for its requirements. The organization now has to demonstrate how their financial processes work and provide evidence of their financial stability by presenting management accounts and bankers references. Additionally annual accounts must now be presented in accordance with Financial Reporting Council standards. The full contents of the new clause are listed below. COMMENTARY ON 4.2 NSI Technical Bulletin No. 0035 Page 13 of 32 © NSI 2016 Where the supplier is solely providing a service for its own LWs (and not contracting out such services), 4.2 does not apply. The supplier should be able to demonstrate their financial processes, administrative procedures, or other history that might impact on operations, interested parties and stakeholders. The supplier should be able to demonstrate their financial stability by way of: a) current financial accounts supplemented with management accounts; b) banker’s references or similar n ational equivalents as required; and c) sufficient working capital for its requirements; the capital reserves of the supplier should be sufficient for current and planned needs. The supplier should be able to present two years’ audited trading accounts, except if they are starting as a subsidiary of an established business, and adequate financial backing should be evident. In the case of a new start-up business, management accounts should be made available to show that the supplier can demonstrate they have the funding available to achieve their plan for the business. The supplier should prepare annual accounts in accordance with the Financial Reporting Council (FRC) 3) accounting standards. NOTE Attention is drawn to the Accounting Standards Board. Accounts should be available for examination on request. 4.3 Insurance There are additional requirements in the new standard for organizations to ensure that subcontractors have insurance appropriate to cover the services provided and for supplier organizations to be able to provide documentary evidence of the insurances held. The suppliers should demonstrate that it has sufficient insurance to cover risks and associated liabilities arising from its operations and activities, consistent with contractual requirements. When outsourcing or subcontracting services, activities or functions, or operations, the supplier should ensure the subcontracted or outsourced entity has appropriate insurance cover for those activities. The supplier should provide documentary evidence that they hold current insurance as appropriate and relevant to the contract in the proposed areas of operations. 4.4 Security This is a new clause heading and contains requirements previously listed in BS 8484:2011 clauses 4.6 Data security and retention and 4.7 Security screening plus additional requirements for organizations to have a documented security policy. NSI Technical Bulletin No. 0035 Page 14 of 32 © NSI 2016 4.4.1 Policy This is a new clause and contains requirements for organizational security policies. There should be a documented security policy which includes the following: a) measures to ensure all data relating to customers and their employees and confidential company information is held and maintained securely (see 4.4.3); b) logical controls for the way in which data is held, (e.g. computer passwords, firewalls, data encryption, network intrusion detection systems or security software) and regular updates and reviews of these controls; and c) where cloud and other relevant services provided by third party suppliers and vendors are used, they should conform to BS ISO/IEC 27001. NOTE 1 Attention is drawn to the Data Protection Act 1998 [5] regarding security policy, data retention and data handling policy. NOTE 2 BS 16000 provides guidance on security policy. Whilst not a direct replacement for the requirements of BS 8484:2011 clause 4.4 Premises, which is deleted, it would be expected that as part of the supplier organization’s security policy they would maintain secure premises for the administrative and operational control of the organization and storage of associated documents and records. 4.4.2 Data retention This clause contains the original requirements in BS 8484:2011 Clause 4.6 Data security and retention with additional requirements about the data format and the retention periods. Data security requirements from BS 8484:2011 Clause 4.6 have been moved to clause 4.4.1 Policy. The reference to BS 5979:2007 has been removed due to constraints within BSI drafting rules which prevents withdrawn standards from being referenced. The full contents of the new clause are listed below: Verified alarm data and voice communications at the time of an incident should be retained for a minimum period of 12 months, or as agreed with the customer, and recorded in the contract. Items for retention should include the following: a) incident data; b) personal details of LWs at the time of the incident; and c) customer details at the time of the incident. Retention time has to be a minimum period of 12 months unless otherwise agreed with the customer. The customer can choose a shorter time or a longer time. NSI Technical Bulletin No. 0035 Page 15 of 32 © NSI 2016 Policies for the type of ARC used in the delivery of BS 8484 LWS are listed in the NATIONAL POLICE CHIEFS’ COUNCIL (NPCC) of England, Wales and Northern Ireland. NPCC policy on police requirements and response to security systems. There is no expectation that policies permitting the use of BS 5979 ARCs to provide BS 8484 LWS will change without stakeholder involvement. 4.4.3 Data handling policy BS 8484:2011 4.7 Security screening has been renamed as 4.4.3 Data handling policy 4.5 End to end service This is a new clause, which recognises that the provision of a LWS may be a complex undertaking where major elements may be subcontracted and/or acquired from providers not under the supplier ’ s direct control. The requirements of this clause provide a framework for documenting the service elements, detailing; who provides the service, the service level agreements in place, how key elements are measured and risk assessments of the various elements. This clause effectively contains all the requirements of BS 8484:2011 clause 4.5 Subcontracting, which it replaces. There are additional requirements to ensure service messages are communicated to customers and that these should be logged for review and that service failures are registered in the complaints management system. The full contents of this clause are listed below: COMMENTARY ON 4.5 This British Standard accepts that an LWS is an end-to-end service, aggregated from several elements through the application of internal processes as established in the business operating manual (see 4.1.2). These elements may be developed internally or acquired from third parties. Key elements may include communications, subscriber identity module (SIM) cards, servers, LWD/LWA development, ARCs and web portals. All of these might affect the provision of the service by the supplier to the customer unless properly understood and controlled. The different elements and their source should be disclosed to the customer by the supplier in advance of the customer signing the contract and a copy of such disclosure should be retained by the supplier. Any third party services should be controlled by contract and service level agreements (SLAs) where appropriate. The supplier should disclose how the service is managed from end-to-end. The supplier should define and measure key elements and should make this data available for NSI Technical Bulletin No. 0035 Page 16 of 32 © NSI 2016 inspection. The disclosure should be commensurate with the overall service complexity and integrity. Disclosure should demonstrate the supplier’s duty of care to the customer by including an assessment of the risk from each element to the effective provision of the service. Such risks should be identified in writing and should include the supplier’s method of mitigating each risk or assessing the impact when no mitigation is practicable. The supplier should provide a mechanism by which service messages are communicated to customers and a log of events should be maintained for review. Any service failures should be registered with the complaints management system. 5 Lone worker devices (LWD) or lone worker application (LWA) The revised document recognises there is an increased use of supplier, customer or user provided mobile devices to act as the communications medium on a LWS solution using an application running on the mobile device and potentially an attached device, which is used to instigate an activation or provide audio connectivity. When setting out the requirements it was also recognised that some risk types required the LWS solution to have different capabilities to deal with the likely threats. To address this the capabilities are broken out into three clauses covering the following functional areas; essential, people, and environment. A further clause containing additional functionality is included, which identifies capabilities that may be used if risks in these areas are identified. When identifying a solution it would be expected that the essential plus one other functional area would be identified as being required and that this would form the basis of the solution. Where other threats were identified further capabilities could be added. 5.1 Essential functionality was 5.2.1 Essential functionality . The requirements in this clause have changed: AMEND a) communications to transmit position information and LWD identity; TO a) ability to transmit the current or last known accurate location, including the time and date of when the location was captured, as well as the LWD/LWA identity; AMEND c) signal strength indicator; TO c) communication network signal strength and battery indicator; NSI Technical Bulletin No. 0035 Page 17 of 32 © NSI 2016 AMEND i) battery life as stipulated in the contract between supplier and customer to meet the customer’s requirements, and as a minimum to allow for one activation of 15 min and a minimum of seven pre- activations of 2 min, working in an ambient temperature of −5 °C to +40 °C; TO d) battery life as stipulated in the contract between the supplier and the customer to meet the customer’s anticipated usage; AMEND j) low battery warning; TO e) low battery warning both from the LWD/LWA and any associated apparatus to be available to both the LW and the ARC; AMEND f) capability to initiate an audio connection to the ARC, or to retry until connected; TO h) capability to initiate an audio connection to the ARC and the capability to retry an agreed (within the customer contract) number of times; AMEND h) capability to be remotely accessed by a controller TO i) capability to be remotely accessed by the ARC operator to establish/request a location in the event of an incident or an authorized request from the customer. Any remote access messages/calls should be in accordance with an authenticated procedure, e.g. receiving messages/calls from a pre-registered number. Where this functionality is included, the LWD/LWA should include a security feature to prevent unauthorized requests; NOTE 5 This capability can be exempt for an LWA if contractually agreed between supplier and customer following advice from the supplier. NEW j) capability for the ARC operator to initiate a message/call and listen discreetly in the event that a message/call from the LWD/LWA is prematurely terminated or there is an authorized request from the customer. Any remote access messages/calls should be in accordance with an authenticated procedure, e.g. receiving messages/calls NSI Technical Bulletin No. 0035 Page 18 of 32 © NSI 2016 from a pre-registered number. Where this functionality is included, the LWD/LWA should include a security feature to prevent unauthorized requests; NOTE 6 This capability can be exempt for an LWA if contractually agreed between supplier and customer following advice from the supplier. NOTE 7 The functions in 5.1i) and 5.1j) are intended for situations where an operator might need to confirm situation status, e.g. in the event of an LW being reported missing or premature termination of an audio message/call. MOVE g) ability to receive a discreet signal from the controller to indicate to the lone worker that the audio connection has been acknowledged; TO Clause 5.3 c) (People risk) 5.2 Environmental risk This is a new clause in situations where environmental risks have been identified and lists the additional features of a LWD/LWA that must be offered as part of the solution to be agreed with the customer: a) ability to raise an activation message/call on the LWs behalf if the device senses the LW has become incapacitated; NOTE Sensing of incapacitation can include: 1) orientation change; and/or 2) a defined period of non-movement and/or rapid acceleration/deceleration. b) ability to carry out an audible/visual/vibration pre-alert to the LW for a defined period of time before an activation message/call sent to enable the LW to cancel the activation; and c) capability to initiate an indication (e.g. vibration) to the LW to confirm that the activation message/call has been connected to the ARC. 5.3 People risk This is a new clause and addresses the capabilities a LWD/LWA must have where risks from the unwanted actions of other have been identified: a) an LWD/LWA that is appropriate to the LW and the tasks they carry out, i.e. form function and usability; b) an ability to discreetly raise an activation message/call; and c) NOTE For example, no obvious audible or visual evidence to anyone other than the LW that an activation message/call has been raised. NSI Technical Bulletin No. 0035 Page 19 of 32 © NSI 2016 d) a capability to initiate a discreet indication (e.g. vibration) to the LW to confirm that the activation message/call has been connected to the ARC. 5.4 Additional functionality The requirements in Clause 5.4 are new and are those that must be implemented if the risk profile requires. a) Where two-way voice communication is included, it should have the capability for the LW to hear operator comments, enabling the operator to provide reassurance and updates on response progress and orally request information from the LW where appropriate. b) Where a timer is included, for example, on occasions where restrictions on position or the communications network are expected, or times when the LW is unable to activate the LWD, unless the timer is cancelled, an activation message/call should be presented to the operator. c) Where the customer has identified geographical risk and they are using geo-fenced areas, an automatic notification indicating entry or exit should be sent to a customer nominated point, e.g. to the LW, manager or the ARC. d) Where the customer has identified a need to monitor battery capacity and mobile network signal strength, the device should be able to transmit this information to the ARC. NOTE A device may have: 1) an ability to transmit an automatic activation message/call based on a high-low or event threshold being surpassed and/or for a defined period of time, e.g. due to high or low ambient temperature, humidity or gases; 2) an ingress protection (IP) rating suitable to the working environment of the LW; 3) electrical approvals (e.g. ATEX rating) suitable if the working environment contains fire or explosive risks; and/or 4) additional features or configuration options to allow the device to be operated by visually or aurally impaired LWs. 5.5 Communications network was BS 8484:2011 Clause 5.1 Communications network This clause has been amended to include more detailed requirements guiding the selection of the communications network considered by the supplier. Additionally suppliers are required to advise customers of the increased risks of the LWS failing where the customer provides SIMS and use pay as you go contracts NSI Technical Bulletin No. 0035 Page 20 of 32 © NSI 2016 5.6 LWA considerations This is a new clause with requirements on the advice to be provided by suppliers to customers on the compatibility of LWA after operating system updates on mobile platforms. The supplier should inform the customer that if an LWA is employed, subsequent changes in phone operating systems and conflicts with other software should be assessed as they might cause the LWA not to operate as intended. NOTE Customers might want to use an MDM (mobile device management) to prevent unauthorized changes. 5.7 LWD/LWA conformity Conformity documentation for all LWD/LWA, marketed as BS 8484 compliant, should meet the requirements of Clause 5.7. Existing LWD/LWA can retain their old conformity documentation and be used on existing, renewed and extended contracts but should not be marketed as being BS 8484 compliant after the 28 February 2017. This clause has been amended to provide a more detailed list of the requirements for the conformity file produced for the LWD/LWA. The supplier should have documentation available which demonstrates that an LWD or LWA meets the recommendations in 5.1, 5.2, 5.3 and 5.4. This document should: a) include detail of how it meets each recommendation of 5.1, 5.2, 5.3 and 5.4; b) where the document applies to an LWA, identify the make, model and operating system version of the phones used by the customer; c) include the test programme and summary of test results, including any independent testing where applicable; and d) be signed by an accountable person, usually the supplier’s managing director (MD) or chief executive officer (CEO). This documentation should be revised and updated if changes occur that affect conformity. NOTE For the purposes of this British Standard the supplier assumes the responsibilities of the manufacturer of the LWD/LWA. NSI Technical Bulletin No. 0035 Page 21 of 32 © NSI 2016 6 Training and support Training and support is a new clause, which has been structured to bring all training, including ARC operator training, into one clause. The support element includes amended requirements for incident response times (Table 1) and all aspects of customer management. The clause also introduces the requirement for suppliers to have contacts nominated to act as the interface between the LWS provider and customer to encourage the customer to effectively manage their use of the service. 6.1 Supplier training policy 6.1.1 General The training policy requires the LWS provider to have a documented training policy for the suppliers own staff, including temporary staff and subcontractors, supplier’s nominated customer contact, customer LWD/LWA training and operator training. 6.1.2 Own staff including temporary or subcontracted staff All training for new employees is to reflect the requirements of BS 8484:2016. Gap analysis is to be undertaken to identify what refresher training may be required for existing employees. Contains the requirements previously found in BS 8484:2011 Clause 4.8 Training, plus additional requirements. All the requirements are now listed to make them clearer. The full list is reproduced below with the new requirements in bold: The training policy must include: a) induction training in matters related to conditions of employment, policies and organizational procedures for all their personnel engaged in providing LWS; b) training on all elements of the service they are providing to customers; c) training must be updated and records of training retained when there is a change in methods, procedures or legislation; d) all training provided must be recorded in a form specific for the purpose, be signed by each trainee, countersigned by the trainer and retained; e) where a certificate of competence is provided by a recognized and relative sector competent training organization, the retention of a copy of the certificate; and f) a programme of regular refresher training. 6.1.3 Supplier nominated customer LWS contact The intention of this clause is to identify an individual within the supplier organisation, such as an account, contract or customer relations manager, who is trained to act as the single point of contact NSI Technical Bulletin No. 0035 Page 22 of 32 © NSI 2016 responsible for ensuring the client has the resources to make the best use of the LWS; they are not intended to be the initial point of contact for any service issues. In clause 6.2 Customer management there is a new requirement for suppliers to provide nominated customer contacts to act as the interface between the LWS supplier and customer. Clause 6.1.3 Supplier nominated customer LWS contact requires this nominated customer contact to be suitably trained in all aspects of the LWS to be provided to the customer to enable them to use the service as effectively as possible. 6.1.4 Customer LWD/LWA training All customer training, including training on existing BS 8484:2011 LWD/LWA must be updated to the requirements of this clause. Contains requirements that were previously in BS 8484:2011 clause 5.3 LWD training. Whilst the requirements are broadly the same, additional requirements for the supplier to provide training to the customer on all aspects of the LWS provided, not just the LWD/LWA, and to offer an ongoing training and development package. The supplier should provide the customer with an LW user guide and training on the service which should include: a) an understanding of how the LWS operates, why it is useful and any limitations; b) how to operate the LWD/LWA to transmit pre-activation messages/calls and activation messages/calls; c) discreet methods of conveying information to the operator when faced with an incident requiring caution and/or secrecy; and d) how to minimize erroneous activations and pre-activation calls/messages resulting in false alerts and false alarms. There should be provision for: 1) training new LWs; 2) refresher training for all LWs as agreed; 3) additional training for LW who generate false alerts; and 4) trainer courses where relevant. 6.1.5 Operator training All training for new employees is to reflect the requirements of BS 8484:2016. Gap analysis is to be undertaken to identify what additional training may be required for existing employees. Clause 6.1.5 rationalises the requirements from the following clauses, BS 8484:2011 6.6.1.1 Controller training and 6.6.1.2 Verification into one list. Additional requirements include training on the NSI Technical Bulletin No. 0035 Page 23 of 32 © NSI 2016 response to LWD/LWA activations covered by The National Police Chiefs ’ Council (NPCC), Police Requirements and Response to Security Systems, Appendix V, Annexe A and the appropriate management of the URN system. The supplier should ensure that operator training plans are included in the LWS. The ARC manager should have in place an LW training programme for operators that include the following subjects as a minimum: a) management of LW alarms such as that included in the NPCC [2]; b) when and when not to use the police unique reference number (URN); c) verification; d) dealing with false alerts; e) managing a verified alarm; f) action to be taken when an activation message is received without an audio call; g) action to be taken when no accurate location is received; and h) refresher training as required. No operator should be authorized to manage a response to an activation message/call until: 1) initial training has been completed and verified; 2) they have completed supervised shifts; and 3) their manager has confirmed in writing that they are competent to work unsupervised. All training should be recorded and documented. 6.2 Customer management This is a new set of requirements, which are aimed at improving communications between the LWS supplier and customer to improve the effective operation and usage of the LWS provided. Clause 6.2.1 General provides an overview of the requirements with clause 6.2.2 Support activities and 6.2.3 Management tools providing more details. As these are new requirements the clauses are listed below in full. 6.2.1 General The supplier should make available support activities and management tools to assist the customer in the effective management of their LWs and to achieve a high level of adoption and usage across all LWs. 6.2.2 Support activities NSI Technical Bulletin No. 0035 Page 24 of 32 © NSI 2016 Support activities should include: a) telephone/email support and provision of a nominated customer service contact (e.g. account manager) if applicable; b) any change requests (e.g. required changes to the LW or escalation details) to be accepted and implemented by the end of the next working day or as agreed with the customer; c) initial report of a verified alarm within one hour of closure of alert; d) submission of comprehensive incident report within 24 h of all verified alarms or as agreed with the customer; e) where false alerts and/or alarms have been reported by the ARC (see 7.6.5), these should be analysed and reported back to the customer; and NOTE Further training for LWs might be required. f) an ongoing programme of activity and LW engagement to encourage usage. 6.2.3 Management tools Management tools should include: a) monthly usage reports which may: 1) be customer definable for date, activity and grouping; 2) show usage levels by LW and customer definable group segregation; 3) show LWs who are not using the service or are using it incorrectly; and/or 4) show all activation messages/calls including false alerts, false alarms and verified alarms; b) access to frequently asked questions and their answers; c) access to training for new LWs and refresher training; d) regular review of mobile network availability and any proposals for transfer of an LWS to a different network if necessary and agreed with the customer; and e) alarm statistics (see 7.9). NOTE 1 The inclusion of a web based portal available 24/7 which includes the ability for customers to access is recommended. NOTE 2 Table 1 gives further information on timings. Table 1 provides target ARC response times from receipt of activation message/call similar, but is not identical, to Table 1 in BS 8484:2011 (see 7.8 below). NSI Technical Bulletin No. 0035 Page 25 of 32 © NSI 2016 7 Alarm receiving centre (ARC) Although ARC operator training has been relocated to clause 6, in general the requirements for the operation of the ARC remain largely unaltered. However there are new requirements for the ARC to report statistics to the supplier, which are detailed in new Tables 2 and 3 and clause 7.9 Management of activation messages/calls and alarm calls. Changes are detailed below. 7.1 General The supplier should supply the customer with an ARC conforming with Clause 7 and a relevant standard on ARC monitoring. NOTE 1 Relevant standards on ARC monitoring are BS 8591, the BS EN 50518 series or BS 5979:2007 (see Foreword). NOTE 2 Attention is drawn to the NPCC [2] policies for provision for level 1 police response to alarms. 7.2 Service Previously BS 8484:2011 6.2 Service. In the revision clause e) is an additional requirement to ensure the ARC requests the most appropriate response. e) ensure the operator requests the appropriate response. Guidance on the responses required for various scenarios should be outlined in the agreed escalation instructions. 7.3 Operational functions Clause d) has removed the specific requirement that dedicated operators be used for LWS provision during their duty period, the new requirement is for operators employed in LWS provision be trained. Management of operator workload therefore becomes the responsibility of the ARC manager, as required by paragraph 2 of clause 7.9 Management of activation messages/calls and alarm calls and any contractual agreements. d) only use operators trained in accordance with 6.1.5 to handle activation message/calls. 7.4 Working environment Previously BS 8484:2011 6.4 Working environment. The requirements of this clause are unchanged apart from extending them to include LWAs. 7.5 Oral communication Previously BS 8484:2011 6.5 Oral communication. The requirements of this clause are unchanged. NSI Technical Bulletin No. 0035 Page 26 of 32 © NSI 2016 However, a note has been added to clarify circumstances in which immediate two way communication may be appropriate NOTE Immediate two-way audio is acceptable if the LWD/LWA has identified a probable incapacitation of an LW. 7.6 ARC operations Previously BS 8484:2011 6.6 ARC operations. The requirements for ARC operations are largely unchanged although they have been rationalised into more appropriate clauses and new requirements for lone worker information have been included. 7.6.1 Operator training Previously BS 8484:2011 6.6.1.1 Controller training. Training requirements have been moved to clause 6.1.5 Operator training. 7.6.2 Lone worker information Previously BS 8484:2011 6.6.1.3 Lone worker information. This clause originally contained requirements that did not specifically refer to the detail of the lone worker information that should be made available to the ARC operator. This clause has been amended to address this and subsequently new requirements have been added, including the information previously included in NOTE 1. The clause is reproduced in full below: Relevant LW information should be pre-recorded and made available to an operator when an activation message/call is received at the ARC to help verify the incident. Information should include: a) escalation instructions (see 3.1.7); b) points of contact (see 3.1.15); and c) personal details which might include the following: 1) employment information such as their job title; 2) risk factors linked to their work and/or location; 3) personal details such as their sex, age, ethnicity, physical description and photograph which might aid police in identifying the LW; and 4) medical information such as details of medical conditions, allergies and treatment. NOTE Medical information can, if supplied, help the operator to analyse the situation (which might be a medical emergency) and can assist paramedics in making a correct diagnosis, carrying out effective treatment and avoiding inappropriate treatment. 7.6.3 Establishing the nature of the incident NSI Technical Bulletin No. 0035 Page 27 of 32 © NSI 2016 Previously BS 8484:2011 6.6.1.4 Establishing the nature of the incident. This clause has been amended to include a number of requirements that were previously in BS 8484:2011 6.6.1.2 Verification. During the review it was felt that the process; verification before establishing the nature of the incident, was not the logical sequence of actions and it was found that some of the requirements were duplicated. Therefore together with some additional requirements, the requirements of clause 6.6.1.2 are now been included in 7.6.3 Establishing the nature of the incident. This clause now covers the process to confirm whether the message/call is a false alert or a verified alarm and the decision on what the most appropriate response should be. The amended clause is detailed in full below: The operator should establish the nature of the incident and the appropriate response required. Establishing the nature of an incident confirms whether it is a false alert, a verified alarm that requires no alarm call, or verified alarm that requires an alarm call. The following information should be available to the operator: a) accurate location; b) audio information, including oral information from the LW, if speech is possible; c) pre-activation message/call where applicable; d) duress code (if used); e) personal details; and f) points of contact, who might be needed to provide further information if the situation or location are unclear. 7.6.4 Verification Previously BS 8484:2011 6.6.1.2 Verification. The majority of requirements from this clause have been transferred to 7.6.3 . The clause now contains a single requirement for the actions to be taken when a call has been verified, i.e., the operator should escalate the incident to the appropriate response services in accordance with the escalation instructions. 7.6.5 False alerts Previously BS 8484:2011 6.6.1.5 False alerts. This clause contains two minor amendments: 1. The action to be taken when terminating a false alert should be included as part of an agreed escalation process. ‘The operator should attempt to inform the LW at the time of termination and should then follow the agreed escalation process.’ This replaces the requirement to inform a nominated contact. NSI Technical Bulletin No. 0035 Page 28 of 32 © NSI 2016 2. The ARC is now required to instruct the supplier of any false alerts. ‘False alerts should be recorded by the operator. The ARC should inform the supplier about any false alerts. This replaces the requirement for the supplier to inform the customer of any false alerts and offer training. This requirement has been transferred to 6.2.2 e) not 6.2.1 e) as published. 7.6.6 Procedures and documentation Previously BS 8484:2011 6.6.2 Procedures and documentation. There are minor amendments to this section, which are listed below. 7.6.6.1 Audit trails and records Any changes to retention times of records and incident logs should now be agreed by contract. ‘ All records and incident logs at the ARC should be maintained for a minimum of 12 months, except where the customer states alternative requirements in an agreed contract, An additional requirement is for audio recordings associated with the incident to be included in the incident records. e) audio recordings associated with the incident. 7.6.6.2 Operating procedures In clause a) sub-clause 4) there is a new requirement for guidance to be provided to operators on the appropriate use of emergency service response numbers when making alarm calls. 4) appropriate use of URN, 999 or 101 in making an alarm call; Guidance on use of URN, 999 or 101 is given in Appendix V, Annexe A of the NPCC Policy. 7.6.7 Escalation instructions Previously BS 8484:2011 6.6.3 Response agreement. Although the terms have changed to reflect the language used within the industry there are no material changes to the requirements of this clause. 7.7 Access to information Previously BS 8484:2011 6.7 Access to information. 7.7.1 Confidentiality and LWD/LWA user protection Previously BS 8484:2011 6.7.1 Confidentiality and LWD user protection. The requirements for the control of the surveillance of lone workers have been moved from BS 8484:2011 6.7.2 Position information request, to this clause. Additionally the ARC should now have operational procedures NSI Technical Bulletin No. 0035 Page 29 of 32 © NSI 2016 for the prevention of unauthorized access agreed with the supplier. The full clause is reproduced below: Documented operating procedures in the ARC should be in place, as agreed with the supplier, to detect and prevent the use of LWDs/LWAs for unauthorized surveillance. Where there is a request for LW surveillance, there should be documented procedures in place to ensure that this is an authorized request. 7.7.2 Remote access Previously BS 8484:2011 6.7.2 Position information request. The requirements in clauses 5.1i) and 5.1j) are to be followed where remote access to the LWD/LWA is needed to obtain position information or establish the nature of an incident. 7.8 Performance criteria Previously BS 8484:2011 6.8 Performance criteria. The content of this clause has not been materially altered. However, Table 1 , which is referenced in 7.8 and details ARC response times has been amended. The title of Table 1 has been amended to ‘ Target ARC response times from receipt of activation message/call ’ from ‘ Maximum ARC response times from receipt of activation message ’. The following amendments have been made to the target (performance) figures in the table: 1. Metrics in ‘A ctivation message /call received at ARC and operator starts verification’ have been changed from 5 secs and 80% of calls/messages and 30 secs and 98.5 of calls/messages to 10 secs and 40 secs respectively. 2. An additional metric to ‘Complete verification’ has been added and now 98.5% of all calls should be completed within 600 secs. 3. Superscript note A , which refers to the operational period over which metrics should be assessed has been a mended from ‘Within a 12 month rolling period’ to ‘ Performance statistics should be produced on a monthly basis. Achievement of these performance figures should be maintained over a rolling quarter. ’ This will require ARCs to review how they calculate and present their performance statistics. 7.9 Management of activation messages/calls and alarm calls Previously BS 8484:2011 6.9 Management of activation messages and alarm calls Significant additions have been made to this clause, with four requirements and two tables added. The intention of these additional requirements are to ensure resources within the ARC are monitored to ensure that response times can be met and to provide feedback to customers by way of reporting monthly statistics on numbers of devices/applications monitored, totals of activations, false alarms and verified alarms and means of notifying the police, i.e., URN, 999 or 101. NSI Technical Bulletin No. 0035 Page 30 of 32 © NSI 2016 The four additional requirements are detailed below in full: The ARC should monitor and review its capacity levels to ensure the appropriate level of trained staff are in place. On closing an activation, the operator should be able to categorize by activation type and geography. The ARC should make statistics available to the supplier for the purpose of reporting back to the customer [see 6.2.2e)]. The ARC should make statistics available to the supplier for the purpose of reporting back to the customer [see 6.2.2e)] as in Table 2 and Table 3. The contents of Tables 2 and 3 are generally self-explanatory. Where suppliers require greater detail this would have to be agreed between the supplier and the ARC. 8 Response services The requirements of this clause remain the same. The only amendment is to the reference to BS 7984, which changes to BS 7984-2. NSI Technical Bulletin No. 0035 Page 31 of 32 © NSI 2016 Annex A (informative) Typical lone worker activation process Annex A is an informative annex with a diagram and text, which describes the expected sequence of events that occur during the activation of a LWD/LWA. The diagram contains three headings; Timings, Activity and Comments. There are three time lines listed under Timings, with associated Activity and Comments information describing the process: Time A covers the period of the initiation of the LWD/LWA on response to an incident to the time which the activation message and/or call is received by the ARC. Note 1 states this is for guidance only and timescales will depend on the network used by the LWS. Time B covers the period of time between the message and/or call being received by the ARC and the ARC operator responding. Time B is referred to in Table 1 as ‘ Activation message/call received at ARC and operator starts verification B) ’. Time C covers the period of time between the ARC operator responding to and verifying the message and/or call. Time C is referred to in Table 1 as ‘ Complete verification ’. The timeline extends beyond the completion of verification at Time C to describe the escalation of the incident to a conclusion. NSI Technical Bulletin No. 0035 Page 32 of 32 © NSI 2016 Bibliography The following documents are additions to the Bibliography: Standards publications BS 5979:2007 (withdrawn), Remote centres receiving signals from fire and security systems – Code of practice BS 16000 , Security management – Strategic and operational guidelines BS EN ISO 22301, Societal security – Business continuity management systems – Requirements BS ISO 9001, Quality management systems – Requirements BS ISO/IEC 27031, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity Other publications [1] GREAT BRITAIN. The Corporate Manslaughter and Corporate Homicide Act 2007. London: The Stationery Office. [2] The National Police Chiefs Council (NPCC), Appendix V, Annex A. [6] GREAT BRITAIN. The Health and Safety at Work etc Act 1974. London: The Stationery Office.