Plans - Security Management Risk Assessment

What are the requirements for developing a security security management plan?

Any examples are for illustrative purposes only. 

The Joint Commission standard EC.01.01.01 EP 5 requires the organization to develop a security management plan based on the organizations facility’s circumstances.  This security management plan is developed from the risk assessment as described in EC.02.01.01. This risk assessment would include but not limited to:
  • applicable staff
  • type of training
  • level of training
  • required credentials
The security management plan should take into consideration how the organization manages workplace violence and manages security during an emergency or disaster.

The security management plan may be a stand-alone document or may be combined with other Environment of Care plans (one overarching plan or combined with another, such as the safety management plan, for instance).  Components of the plan are outlined in EC.02.01.01 EPs, which include but not limited to:
  • how will security risks be assessed and mitigated
  • staff rolls in security management
  • how the facility is secured
  • how the organization contact external security forces if needed
  • how the organization will control access to areas identified as security sensitive
  • how physical or verbal threats, acts of violence, inappropriate behavior will be managed
  • If the organization has an MRI, there is to be an assessment for safety and security risk that addresses patient comfort and safety, equipment safety and security, and staff safety
For example, a forensic behavioral health environment would likely have different criteria than a geriatric health environment. Based upon their duties, staff may be assessed to require physical restraint training, self-defense training, situation de-escalation training, etc. Once the required skillset and type/level of training is established, the organization is to create applicable policies, implement the security program, assess for effectiveness, and adjust the strategy if needed. 

Any requirements from the local authority having jurisdiction (AHJ) are expected to be followed. 

EC.01.01.01 EP 5
Last updated on July 21, 2020
Manual: Behavioral Health
Chapter: Environment of Care EC

If no, please comment on how we could improve this response.

If you have additional standards-related questions regarding this topic, please use the Standards Online Submission Form