Guidance

[Withdrawn] Coronavirus (COVID-19) vaccination site security

Published 3 June 2021

This guidance was withdrawn on

This page has been withdrawn because it’s no longer current. Read more about living safely with coronavirus (COVID-19).

Foreword

The phenomenal success of the COVID-19 vaccination programme across the UK is testament to the commitment of so many people across the UK to mobilise and continue to increase the speed at which the vaccine can be administered. It has required unprecedented levels of collaboration across sectors and organisations, bringing together staff from the NHS, local and central government, military, police and many others.

It has also required an equally diverse range of locations to be deployed as vaccine centres, many of which could never have expected to become such critical centres of health services. Conference halls, community centres, racecourses, showgrounds and shopping centres are just some of the many different venues hosting healthcare staff and patients every single day.

It is essential that vaccines continue to be delivered at pace to save more lives. Any possible risks of disruption must be appropriately mitigated. As part of this we must continuously consider and appropriately mitigate security risks at vaccination sites across the UK. In doing so we will maintain the pace of delivery, ensure the well-being of all those working at and visiting the sites and ensure the security of vaccine products and associated materials.

The wide variety of vaccination sites across the UK are playing a critical role in making sure that all communities can access vaccines locally. This breadth of sites means that each site will have unique factors to consider when planning their security arrangements and discussing these with their local policing colleagues.

It is essential, as the programme continues over the coming months, that we continue to keep staff, volunteers and visitors safe and secure. Everybody has a key role to play in ensuring security. This security guidance brings together the expertise, skills and perspectives of several organisations, consisting of National Technical Authorities and policing and security partners, all of whom are committed to ensuring the safety and security of the programme. It is intended to provide additional guidance to vaccination site providers and their staff as the vaccination programme continues to develop further.

It is not intended to duplicate the excellent work that police colleagues continue to do in working with you to assess and plan security mitigations locally. This guide sets out a range of issues which we know, from our range of assessments and experience, vaccine sites should take into consideration. It also aims to provide some practical ideas in how to enhance further the security of vaccine sites, staff and visitors.

Richard Alcock CBE
Senior Responsible Officer, UK COVID-19 Vaccine Security
Department for Health and Social Care

Top considerations

This document provides guidance across a range of protective and personnel security areas and provides a number of links for further guidance from a range of subject matter experts.

We have summarised below the primary considerations which vaccination sites should consider when developing and reviewing their security.

Security roles and responsibilities

Each vaccination site should have:

  • a nominated accountable officer for site security, who is accountable for the site security plan and ensuring that there are adequate operational arrangements in place to achieve its objectives

  • a nominated Site Manager, who holds day-to-day responsibility for the security of the site and who will make sure that security related standard operating procedures (SOPs) are in place and being followed

  • governance arrangements that are adequate to assure the site security plan, including regular review of arrangements and review following any security incidents

Site security plan and SOPs

Each vaccination site should have a site security plan, informed by risk assessments and any site-specific advice provided by local police, which documents the overarching approach to security of the site and how this will be operationalised. For vaccination centres, a police assessment is required as part of the operational assurance process, and the site security plan should reflect the associated recommendations.

The site security plan will need to reflect the unique circumstances of each individual vaccination site and should apply the JASPAR principles of:

  • justified

  • appropriate

  • sustainable

  • proportionate

  • affordable

  • reasonable

The site security plan should be supported by a range of SOPs.

There should be clarity on which party is responsible for which security related SOPs, recognising that, in many settings responsibilities may be split between the provider, contracted security and third-party landlord or facilities management.

Security awareness

Vaccination sites should make sure that they develop an active security culture, which should include:

  • site inductions – making sure that all personnel involved in the site are made aware of the security arrangements and responsibilities

  • awareness – making time available for site staff and volunteers to undertake relevant security training, including Action Counter Terrorism (ACT) e-learning

  • briefings – involving all site staff and volunteers in regular briefings about the operation of the site and the associated security arrangements

  • reporting – creating a culture where site staff and volunteers can easily report any security concerns which they might have and making sure that learning and feedback is shared from these

Layered security

Sites should optimise their security arrangements by adopting a layered approach to physical security. Site security plans should adopt an approach which considers all aspects of the vaccination process.

Sites should take a holistic approach to their security plans and not forget that security arrangements should extend all the way through to the secure collection (and subsequent disposal) of COVID-19 vaccine-related products.

Sites should make sure that they make use of all available security provisions, which might include those owned or managed by building landlords or third-party facilities management companies – for example, CCTV and intruder alarms.

Continual review

Security should not be considered a one-time event. Each vaccination site should take steps to make sure that there are regular reviews of their security arrangements, involving all stakeholders in the operation of the site, including local police partners.

Regional staff should support the development of an active security culture by sharing learning and best practice across vaccination sites.

Threat context

The UK COVID-19 vaccine deployment programme is one of the UK’s top priorities.

There are a number of individuals and groups who could seek to disrupt this programme for many reasons, ranging from people seeking publicity for a protest, to those who want to make a major political statement (terrorist activity). Disruption may also happen as a result of criminal activity that does not specifically seek to disrupt the vaccine programme, but nevertheless does cause disruption.

One of the best ways to help stop that disruption is to have staff and volunteers working in a vaccination centre aware of the context of the threat. This is particularly important for those responsible for security. If you have an idea of what to expect, it is much easier to spot something.

It is important for centre managers to keep in regular contact with the police so that they are aware of specific threats that may affect their individual area, and be able to mitigate against them. Also, this regular contact ensures there is a robust mechanism to report any suspicions or potential threats identified by centre staff and volunteers.

The following gives an overview of some specific types of threat, the likelihood of any threat occurring at the time of writing, and how they may be relevant to vaccination centres.

Theft

There is a real risk that individuals will seek to steal items from vaccination sites. The items could be standard IT equipment, needles or other physical items and normal security measures are needed to secure premises against theft. It is possible that individuals may seek to steal vials of vaccine or empty vials and staff should be aware of the need to take special care of such items.

Sabotage

While it is considered highly unlikely that people will set out to specifically sabotage sites, there is the potential for criminals or vandals to cause inadvertent sabotage. For example, one site suffered the attempted theft of a generator. Had this succeeded the vaccine refrigeration would have been disrupted and several doses lost. Staff should ensure that access to site infrastructure is as secure as possible.

Unauthorised access to sites

Individuals will try to gain access to sites when not authorised to do so for many reasons, such as trying to ‘jump the queue’ or because they do not understand this is wrong. In particular, where there are many volunteers coming together who do not know each other, it is easier for an individual who should not be there to hide.

Anti-social behaviour

Since the vaccine roll-out started, there have been reports of site staff being verbally abused by members of the public. It is likely that this behaviour will go on as the programme continues. All centres should have a robust plan for reacting to such incidents, including those with the potential to escalate to violence.

Protest

The significant majority of the public support the vaccine programme, but there will be some who see an opportunity for publicity if they use a vaccine centre as a place of protest. Staff should also be aware of the potential for anti-vaccine protests as the programme continues, which have the potential to be larger and to seek to disrupt. A robust plan should be in place with the police to deal with planned and unplanned protests, including how to mitigate against the potential for disruption.

Terrorism

Everyone must be alive to the possibility of a terrorist attack on a COVID-19 vaccine centre. The current UK national threat level is ‘substantial’ – an attack is likely. Any attack targeting the UK vaccination programme would be likely to have a high impact. However, the terrorist threat to individual vaccination centres will differ given the variety of premises involved. Factors that could motivate attacks on specific vaccination centres include their accessibility, visibility, hosting of significant crowds, association with particular faith or other communities, and the presence of supporting identifiable police or military personnel. For this reason, smaller community vaccination centres and those that are based within current healthcare structures are less likely to be subject to a terror attack. It is important that vaccination sites understand their own circumstances and work with local partners to be aware of any risks that apply to them.

Security awareness

Providers should take proactive steps to develop and maintain a strong security culture within their vaccine sites. This will play an essential role in promoting the desired security behaviours. To achieve this, providers should take steps to make sure that staff and volunteers have a consistent approach to site security:

  • there should be a clear and regularly revised understanding of the main risks

  • staff and volunteers should have a clear understanding of what is required of them

Roles and responsibilities

Providers should make sure that there are clear roles and responsibilities for security at each vaccine site, supported by a clearly nominated accountable officer and supporting governance structures:

  • an accountable lead for security at each site should make sure that roles and responsibilities are defined and documented in the site security plan

  • site managers or team leaders should play a key role in making sure that all personnel (this includes all permanent, volunteer or third-party personnel) on the site are aware of their security responsibilities and that these are being fulfilled

  • volunteers should be aware of how their role supports the security of the site but should not be asked to undertake any formal security duties

  • contracted or third-party staff (such as security or facilities management) should understand their respective roles and the security procedures which they should be following

  • all personnel should be clearly identifiable as holding authorisation to be on site (for example through visible personal identification) and should maintain a culture of shared responsibility to actively challenge anyone who is not displaying personal identification within the vaccine site

Induction of new personnel

It is important that when new personnel begin working at the site, the opportunity is taken to establish a clear security mindset and working practices. It is likely that many staff and volunteers will have limited experience with security practices, and it is important that the vaccine programme’s core mission is discussed, explained and summarised. This will play a key role in making sure that site personnel understand why security matters.

Example summary for new personnel

The COVID-19 vaccination programme is of critical importance to the UK’s national efforts to ensure the safe and secure delivery of the vaccination programme and combat the virus. Due to the strong public interest, there is a risk that individuals or groups may seek to use vaccination sites as an opportunity to highlight their own agenda or to damage public confidence.

Sites should also make sure that induction processes address specific security issues that might arise through the role being carried out by the staff member, volunteer or contractor. For example, for outward-facing roles such as site marshals, you may need to explain that someone asking seemingly innocent questions may actually be seeking to obtain sensitive information. This is sometimes referred to as social engineering.

A checklist at the end of this section provides a summary of the minimum security areas that should be covered as part of any site induction.

Security expectations

Providers should make sure that security awareness extends beyond the induction process, and that personnel continue to understand and develop awareness of their security responsibilities. As a minimum, the accountable officer for site security should make sure that their site has documented and auditable processes to ensure that:

  • all personnel are familiar with their security responsibilities and obligations to security when working at vaccination centres, based on their role and the assets, information or sites they will have access to

  • all new personnel are provided with suitable security awareness briefings as part of their induction

  • existing personnel are reminded of and provided refreshers of their responsibilities and obligations at regular intervals

  • all personnel are made aware of their responsibility to report any behaviours or security concern relating to colleagues or visitors

  • all personnel are made aware of their responsibility to report any security concerns about working processes, the working environment or the physical building or site

  • there are clear mechanisms in place for personnel to report, in a timely manner, any security concerns and an associated process is in place to action reports

Training

The site security plan should set out how personnel will be trained in key aspects of security. As a minimum, providers should consider ensuring that staff and volunteers working on the site have:

  • completed ACT e-learning, developed by Counter Terrorism Policing

  • been made aware of the emergency procedures for the site and, ideally, been involved in regular testing of these

  • where third-party security is contracted, providers should make sure that contracted staff are Security Industry Authority (SIA) registered, and that there is clear evidence of regular professional development

Briefings

Vaccination sites should make sure that there are regular security briefings involving all personnel. This will be particularly important where there have been changes to security guidance or arrangements. This can be achieved in several ways:

  • factor in time ahead of shift start times to include security updates as part of regular daily briefings

  • include any reports of suspicious behaviour from the previous day or shift in the daily or shift security briefing. This can play an important role in explaining the outcome of incidents

  • seek feedback on the previous day or shift to create a culture of two-way security communication. This also provides another route to identify anything of concern if staff or volunteers have not reported it

  • seeking observations of anything of concern that staff or volunteers have observed on the way to or from the vaccination site

  • display security minded communication campaign material at strategic points around the site (for example, comfort break rooms, entry and exit points, secure storage facilities), helping to remind staff and volunteers of the local practices and their security responsibilities.

See security awareness campaigns by the Centre for the Protection of National Infrastructure (CPNI).

Incident reporting

Each vaccination site should have procedures in place for detecting, reporting, responding to and handling security incidents.

A security incident is any circumstance that has arisen contrary to vaccination site’s policy and protocols and that has the potential to compromise the COVID-19 vaccination programme, including its assets (for example people, property and information). The circumstance may include actions that were actual or suspected, accidental, deliberate or attempted.

A security breach is the confirmed compromise of the vaccination programme’s assets without permission or authority.

Examples of security incidents may include:

  • the loss or theft of personal items at vaccination centres

  • the loss or theft of property belonging to the vaccination programme (for example vaccine supplies, medical instruments, personal protective equipment (PPE), IT, information)

  • insecure storage of information, equipment, vaccine supplies, other property belonging to the vaccine programme

  • tampering with property at site (for example, storage cabinets, locks, IT, medical and vaccine supplies)

  • the loss of any physical assets entrusted to workers at vaccination sites, such as passes, branded uniforms, and operational and sensitive information

Vaccination sites should identify a nominated incident manager – this does not need to be a stand-alone role and the responsibilities can be added to another role if needed.

The incident manager role should assess:

  • the type of incident

  • if the incident is a security breach

  • if the breach involves a loss, compromise or unauthorised disclosure of the site’s assets

  • the level of impact of the breach

  • identify lessons learned and conduct trend analysis

The incident manager should also take responsibility for acting as a single point of contact between the various organisations involved in investigating and responding to the incident. The incident manager should make sure that they follow all relevant incident reporting procedures defined by the vaccine programme and their provider.

Security induction checklist

Personnel new to the site should be made aware of the following security behaviours and practices, as a minimum.

Entering and leaving secure sites

  • entry and exit procedures

  • singing in or out

  • gaining entry if you have lost your pass

  • reporting suspicious behaviours around site

In and around the site

  • pass wearing

  • secure storage of vaccine, laptops or other valuable items and sensitive assets on site

  • protecting patient information

  • use of authorised IT (password protection, not leaving devices unattended, reporting suspicious email)

  • reporting of suspicious behaviours

Managing visitors to site (for example, public, partners, suppliers, couriers)

  • signing-in procedures

  • escorting of visitors

  • visitors, access to various parts of the site

Handling queries from members of the public and couriers attending site

  • awareness of social engineering tactics

  • check for sensitivity before sharing information

  • verify, identify before sharing information

  • mail screening

Standard operating procedures (SOPs)

It is important that all vaccination sites have SOPs for their operational security, alongside SOPs for their clinical activities.

Vaccination sites should make sure that their site security plan documents the range of security SOPs required and considers the following areas:

  • responsibility – who is responsible for developing the SOPs? This is particularly important at sites where security responsibilities may involve both the vaccination site provider, third-party landlord or facilities management, and contracted security

  • governance – how are security-related SOPs approved and their effectiveness kept under review? This is particularly important following any security incidents (see briefings above)

  • partners – which operational partners need to be involved in the development of SOPs?

  • awareness – how are site personnel made and kept aware of security-related SOPs? In addition to site induction (see induction of new personnel above), sites should make sure that there are regular briefings on security-related SOPs to maintain awareness

  • testing – sites should consider which SOPs should be tested and rehearsed with staff and relevant operational partners

  • review – how frequently should SOPs be reviewed and are there significant programme milestones or external factors which should trigger a review of certain SOPs?

SOP content

Each vaccination site should consider the nature of the site and work with their local police and, if appropriate, local resilience forum (LRF) partners to inform the security-focused SOPs required to ensure the safe operation of the site. Vaccination centres are required to undertake a police site assessment as part of the operational assurance process, and providers should make sure that the recommendations from these are implemented and, where necessary, are supported by SOPs.

As a minimum, sites should consider security-specific SOPs for the following areas:

  • site security roles and responsibilities, including engagement with local police partners

  • site access and external controls. Depending on the nature of the site, this might include issues such as traffic and queue management

  • vaccine storage, movement and access to vaccine stores

  • emergency responses to a range of possible scenarios, including procedures for site evacuation and to instigate a lockdown of the site

  • waste management arrangements (for COVID-19 vaccine products)

  • information security

  • out-of-hours security arrangements (especially where vaccine products will be stored on-site overnight)

Physical security

Physical security at sites will be highly variable. Some sites will have the benefit of existing security infrastructure, while others will have minimal measures in place. Effective physical security is best achieved by multi-layering different measures to ensure areas of weaknesses cannot be exploited. When planning the introduction of any physical security measures, it is imperative that both safety and emergency responses are considered.

Principal areas and guidance:

  • site boundary – where premises have a defined perimeter boundary, any gates or barriers in place should be closed, especially when premises are not open to the public. External lighting should be in full working order. It is important that main entrances, delivery areas and car parks are well lit to deter criminal activity

  • building security – make use of existing security – close and lock windows, secure doors when not in use to control access routes into and throughout buildings, activate alarm system

  • queue management – ensure arrivals are aware that appointments will be required, give guidance before attendance on how early attendees should seek to arrive and what they should do upon arrival

  • queue location – where possible, avoid queuing next to moving vehicles

  • internal movement – should be strictly monitored to ensure smooth vaccination delivery and detection of suspicious activity

  • early arrivals – should wait away from the building and queue, remaining in their vehicles if possible and safe

  • neighbouring activities – liaise with local police

  • alarms and CCTV principles – check CCTV – where installed, ensure that it is working and covers the relevant areas

  • monitor CCTV – where possible have CCTV visible to staff to monitor the patient queue, potential problems and suspicious activity in and around the premises

  • IT security – ensure laptops, tablets and other high-value equipment is kept out of sight from windows and kept in a lockable room. Consider downloading tracking apps on devices to assist in recovery if they are stolen. If working from a temporary site, make sure high-value equipment is secure or removed from the site when unoccupied

  • site access – including, identity verification – restrict access of unauthorised people and vehicles to the site. Check identification of all seeking entry, including those apparently there for vaccine delivery and collection. Contractors should be escorted when in premises during vaccination activity

  • security staff – check that all security staff are SIA accredited. Monitor, respond, manage security alarms, and incidents with dedicated security staff. Where deemed necessary, SIA-licensed security officers should have a visible presence on the premises in strategic areas

Police and local resilience forum engagement

There are several initial actions that should be considered by managers of vaccination sites for discussion with their local police and, if appropriate, LRF partners.

They should liaise with the existing site operators and security staff to ensure that they have an agreed understanding of the following – please note that this is not an exhaustive list:

  • Is there an identified security lead for the site?

  • Is the security at the location directly employed by the site or a third-party contractor?

  • Do the security staff have detailed assignment instructions?

  • Is there an existing site security plan and where can it be accessed?

  • Is there an access control policy?

  • Is there a procedure for instigating a dynamic lockdown?

  • Is there an agreed response to deal with attempts to disrupt the site by protest or telephone threat or suspect item, and so on?

  • Is there an evacuation policy?

Sites should consider early engagement with the local policing unit (LPU) to establish the following:

  • Is there a dedicated point of contact for the LPU? (telephone number)

  • Is there a police patrol plan or response plan for the site?

  • Is there an agreed method for reporting incidents or suspicious activity to the police?

  • Has any protective security advice already been provided to the site by the police? If so, what was the advice and has this advice been adopted?

Vaccination sites should make sure that they maintain regular contact with their local police and LRF partners.

Vaccine storage

Given the profile of the vaccination programme, sites should assume that there could be a theft risk to their vaccine stocks and take proportionate steps to minimise these risks. This is general guidance and sites may wish to seek advice in addition to the information contained here. Vaccination centres should have in place a local police site security assessment, which should include consideration of vaccine storage arrangements.

Vaccine stocks should be held as securely as possible. Sites should consider a range of factors, including the wider environment and location, the scale of the vaccine site, premises, and staff numbers.

It is suggested, where possible, that standards for physical security measures are in line with the security guidance for all existing or prospective Home Office-controlled drug licensees, precursor chemical licensees or registrants.

Location

Vaccination sites should consider the following factors in determining the location of vaccine stores:

  • accessibility – the storage area should not be readily identifiable to the public. Where possible, sites should use layered security by increasing the number of barriers to reach the vaccine store. Vaccines should not be left or stored in publicly accessible areas of the site

  • external access – the storage of stocks should be in locations with external doors and windows which are fitted with secure locks, and perimeter fencing which is lockable and monitored with CCTV. External doors (including fire escape doors) should be manufactured to Loss Prevention Standards (LPS). Alarm systems should be monitored by an off-site company with an immediate response capability

Storage

Vaccine sites should consider the following factors in determining how vaccine is stored:

  • storage standards – vaccines should be stored in a securable container that cannot be easily removed, for example a lockable freezer or fridge. Any padlocks utilised should meet British and European Standards (BS EN 12320). Vaccine stores should be locked when not in use

  • temperature control – if vaccine storage devices are internet connected, consider a separate monitoring device to alert if the temperature changes. Consider alternative power supplies or back-up generators – where arrangements can be made for temperature-sensitive stocks, sites should consider having stocks stored locked in a prefabricated strong room, cabinets or safes, ideally confirming to BS standards. More information on this can be found at the British Research Establishment (BRE) website.

  • volume – sites holding stocks that are too large to be accommodated in a safe or secure cabinet should be held in a prefabricated strong room which is formed from panels that are bolted or welded together. These can be constructed to any size variant and should be equipped to hold stock on shelving above the floor. Safes or cabinets should be certified to BS standards, ideally those referenced in the Home Office guidance above or in guidance on the BRE website

  • SOPs – vaccine storage SOPs should include procedures for the completion of daily stock checks

Access control

Sites should make sure that they have SOPs in place to control and manage access to vaccine stores. Sites should consider:

  • access rights – access to vaccine stores should be restricted to essential staff only. Unauthorised personnel who need access to the vaccine storage area, for example, cleaning staff, should be escorted and supervised while in the area

  • key management – keys to vaccine stores should be held in a key safe, secured to a solid surface (wall or floor) in an obscure location. Where possible, the key safe should be stored behind a further lock (for example, fixed within a lockable room). Any spare keys should be stored in a similar manner, in a separate part of the building

  • staff awareness – staff working at the site should be informed of the security arrangements for vaccine stock and should be actively operating a method of recording access to the stock

  • incident procedures – sites should have SOPs in place that make sure that vaccine stocks are secured in the event of a site evacuation

Out-of-hours storage

Where sites need to store vaccine overnight, consideration should be given to:

  • security plan – making sure that the site security plan specifically assesses and responds to the risks that may arise from overnight storage

  • site lockdown procedure – establishing clear SOPs for the closure of the site, which include ensuring that vaccine stocks are secured

  • site access – where third-party sites are being used, providers should check who else may have access to the site while it is closed, and make sure that vaccine storage arrangements are sufficient to mitigate any associated risks

  • monitoring – where available, ensure that vaccine stores are included within a patrol strategy and monitored by CCTV

Deliveries

Sites should be particularly vigilant when receiving deliveries of the vaccine and should:

  • understand the delivery schedule – once times and frequency are known and a pattern of security can be established, deliveries should be met by staff

  • only share this information about this on a need-to-know basis. Do not discuss the arrangements with anyone you do not know and trust

  • limit access, where possible, by making use of secure loading bays (or similar)

  • monitor movement – have staff meet the vaccine supplies upon delivery and support transport through the site to avoid opportunistic theft, tampering or deception

Waste management

Fraudsters, criminals and organised crime groups are likely to seek to profit from the current pandemic. There are several potential risks of fraud and crime in relation to inviting people to be vaccinated, and the impact of such criminality could be significant. This means there are additional considerations and conditions in place for COVID-19 vaccines compared to other vaccination programmes.

One area of significant interest to criminals at all vaccination sites across the UK is COVID-19 vaccination programme waste, including empty vials. COVID-19 vaccine packaging and other COVID-19 documentation may also be targeted by criminals.

Principles

Tackling and stopping fraud and crime is essential to maintain public trust and confidence. Stringent application of disposal of COVID-19 vaccine SOPs are required to mitigate against this threat:

  • suitably trained members of staff are to be responsible for the disposal of all vaccine waste

  • all vaccine waste must be handled in such a way as to prevent theft and misuse whether on site, while being stored for removal, and after removal from the site

  • sites should make sure that relevant staff are aware of the specific requirements for vaccine waste. Specialist Pharmacy Services (SPS) publish detailed vaccine disposal SOPs for each vaccine

  • as soon as possible after they are used, COVID-19 vaccine cartons and packaging must have their labels defaced using permanent black marker pens, and then be destroyed by cutting into pieces or by shredding. In each case, the confidential waste bag should be used and disposed of in accordance with local waste management policy and procedures. The carton is the container from the manufacturer which directly holds the vials

  • empty vials must be disposed of in a sharps box, or other suitable secure container in accordance with local waste management policy and procedures. However, all sharps boxes – even if not full – should be securely stored when the site is not in use, particularly overnight. Some sites have recommended numbering sharps boxes so that it is easier to check whether one is missing, others have moved not-yet-full sharps boxes to a more secure area overnight

  • some criminals will target any vaccine equipment and documentation (including syringes, general patient information guides and vaccination cards) and therefore it is recommended that these are locked away in a secure environment when the site is closed, such as overnight

  • all vaccine waste and confidential packaging waste must be securely stored while waiting for collection and disposal. Vaccine waste, including sharps boxes and packaging, must not be left unsecured when the site is closed. Vaccine waste left outside, even in a locked container, may be targeted if there is public access available. An example would be vaccine waste stored in a public carpark

  • if any vaccine related waste is stolen, whether on site or waiting for collection, this should be reported in line with normal incident reporting procedures

Annex – additional information

For additional information, vaccination site staff with responsibility for security are recommended to refer to some of the additional advice available at the links below.

Security culture and awareness

CPNI: protective security risk management

CPNI: passport to good security

ACT e-learning. This is counter terrorism-focused and also provides awareness of hostile behaviour and potential lifesaving actions for other risks.

CPNI: optimising people in security

CPNI: ongoing personnel security, including inductions to new staff, exit procedures

CPNI: employment screening, including screening to BS7858:2019 – confirming identity, right to work in UK, criminal record check

CPNI behaviour campaigns

CPNI: developing a security strategy

CPNI: leadership and governance

CPNI: security considerations assessment

Terrorism mitigation

CPNI: recognising terrorist threats guide

CPNI: crisis management for terrorist-related events

Crowded places guidance

Crowded places guidance: personal security

Suzy Lamplugh Trust

Standard operating procedures (SOPs)

The SIA is regulated under the Private Security Industry Act 2000, to give guidance about how those authorised under the Act exercise power of entry. Where there is a requirement for a security contractor or security operative to be employed, it is essential that they are accredited by the SIA. The SIA manage the voluntary Approved Contractors Scheme (ACS) and license all accredited individuals undertaking designating activities in the United Kingdom

Security Industry Authority (SIA)

CPNI: search and screening

Police.uk: business crime prevention

Vaccine waste management

Specialist Pharmacy Service: COVID-19 vaccines

Physical security

CPNI: building and area search

CPNI: mail screening

CPNI: professionalising security

Crowded places guidance: personal security

CPNI: hostile reconnaissance guidance

CPNI: physical security

CPNI: catalogue of security equipment