This is the second in a series of interim reports on the FOI responses received to date

To review the first report Click Here

The focus of this report is the responses received to question 2  – Training Needs Analysis (TNA).


On 26th July 2021 AEGIS Protective Services sent security related Freedom of Information (FOI) requests to 194 NHS Trusts in England.

The Freedom of Information Requests asked:

  1. Does the NHS Trust contract a private security company to provide Security Officers to work onsite, or employ an ‘in house’ team of Security Officers, or both?
  2. Please provide a copy of the most recent ‘training needs analysis’ conducted at the Trust for a Security Officer role or, explain why there isn’t one.
  3. Do Security Officers have autonomy to remove people from the Trust’s premises i.e. without seeking advice from clinical staff as to whether or not the person to be removed requires medical advice, treatment or care?
  4. Are Security Officer training deficiencies that are known to exist listed on the NHS Trust’s Risk Register?

Training Needs Analysis (TNA) for Security Role

Question 2 of our FOI Request invited NHS Trusts to provide a copy of the most recent ‘Training Needs Analysis (TNA) conducted at the Trust for a Security Officer role or, explain why there isn’t one.

The Health and Safety at Work Act 1974 (S.2.2c) requires employers to provide whatever information, instruction, training and supervision as is necessary to ensure, so far as is reasonably practicable, the health and safety at work of their employees.

What training is ‘necessary’ is to be determined by a full and sufficient Health and Safety Risk Assessment of the employees’ roles, followed by a Training Needs Analysis (TNA).

A TNA is a structured approach to identifying the training needed to enable legal requirements to be met (or exceeded). The TNA should identify the core capabilities required for the role and describe the knowledge and skills Security Officers need to possess in order to perform every aspect of their work role safely and effectively.

The outputs of a TNA should be a series of Learning Outcomes (LOs) describing what the trainee will know and be able to do after the training.

A Training Needs Analysis would be the basis for producing a Job Specification and training requirement for any contracted in Security Officers.

Not one TNA was submitted!

Although one NHS Trust provided a (long) list of Learning Outcomes for the training provided, not one NHS Trust was able to provide a TNA for a Healthcare Security Officer role!

One NHS Trust provided a document titled ‘Training Needs Analysis’, but it was actually a Risk Assessment for Violence and Aggression towards Security Officers.

Click on the image below to view/download the document (.pdf)

Note: The Risk Rating was marked as ‘Extreme’ and comments on it include: ‘most of the training provided was ineffective when dealing with very violent people’ and ‘Training out of date for over a year’.


Many NHS Trusts provided a list of training course headings – but not a TNA.

Here is an example:

“Security Officers are trained in the following – Conflict Resolution Training, Breakaway/restraint, Fire Training, Information Governance, Prevent Training, Dementia Awareness, Bomb Threat Procedure, CCTV, Diversity, Hand Hygiene, Infection Control, Delirium Training, lockdown, Counter terrorism, Mental Capacity Training.”

The NHS Core Skills Training Framework (CSTF)

Several NHS Trusts responded saying their security staff received training in line with the provisions of the NHS Core Skills Training Framework (CSTF).

Since 2013, the NHS Core Skills Training Framework (CSTF) has become widely recognised as a national minimum standard for statutory/mandatory training in the health sector and the majority of NHS Trusts have registered alignment with it.

Benefits of alignment with the NHS CSTF include:

  • Provides a national ‘benchmark’ for the content of statutory/mandatory training.
  • Sets out minimum learning outcomes, frequency of refresher training and links to relevant legislation or expert guidance.
  • Can be used by any healthcare employer in the UK including NHS, independent healthcare providers and educational organisations.
  • Standardises the interpretation and delivery of statutory/mandatory training.
  • Applicable across all four UK countries.
  • Linkages between the Framework, eLearning and compliance reporting puts all the right information in the hands of employers in a new and powerful way.

Note: Health Education England (HEE) is the project commissioner for the CSTF, while Skills for Health is responsible for maintaining the CSTF and developing future CSTF content, tools and processes.

Statutory/Mandatory subjects in the CSTF:

  • Conflict resolution (CRT)
  • Equality, diversity and human rights
  • Fire safety
  • Health, safety and welfare
  • Infection prevention and control
  • Information governance and data security
  • Moving and handling
  • Preventing Radicalisation
  • Resuscitation
  • Safeguarding adults
  • Safeguarding children.

The Core Skills Training Framework (CSTF) Statutory/Mandatory Subject Guide, sets out an organising structure for each Subject with:

  • a context statement
  • current policy and legal references with hyperlinks
  • relevant target audience
  • key learning outcomes
  • required frequency of refresher training or assessment
  • standards for training delivery
  • identification of any available National Occupational Standards.

Some of the CSTF Subjects are aimed at all the ‘workforce’ within an organisation, while other Subjects and expected levels of knowledge and skill will be more role dependent and only apply for those in more direct patient/service roles.

It should be noted that ‘workforce’ relates to all members of the workforce that the organisation has responsibility for in the conduct of its business and delivery of activities i.e. including Healthcare Security Officers.

So, NHS Trusts that have registered as aligning with the NHS CSTF (i.e. most of them) should be providing Security Officers with training in all of the Statutory/Mandatory subjects in the CSTF, i.e. in addition to any SIA or other security related training.

Security Training determined by Violence Risk Matrix

One NHS Trust responded saying:

“Any ‘Training Needs Analysis’ is conducted by the Department Manager who will risk assess individual staff as per our Prevention and Management of Violence and Aggression at Work policy and, based on their score, they will use the risk matrix to establish how often the staff member should have Conflict Resolution Training and at what level.”

Note: Level 1 is basic CRT, Level 2 is Assault Avoidance and Breakaway skills; and Level 3 is physical intervention and restraint skills.

Comment: This NHS Trust’s policy wrongly assumes that all the ‘requisite knowledge needed’ to perform the role of a Healthcare Security Officer is incorporated in the Trust’s Conflict Resolution Training (CRT) programme when it clearly isn’t!

For example, The Trust’s CRT training programme is unlikely to provide training for Healthcare Security Officers in the ‘harm minimisation approach’ that needs to be taken to patients who are inclined to Self-Harm. Without suitable training, security officers may be likely to act instinctively to prevent a patient harming themselves but, in the process, simultaneously also breach the patient’s human rights, rendering the Trust liable to pay damages and compensation. There has been noticeable increase across the UK of ED admissions of this nature post lock-down, so the risk of adverse outcomes occurring has gone up.

Other FOI responses

Below are examples of other FOI responses we received.

  • The NHS Trust operates under a Private Finance Initiative (PFI) contract and security is managed by our PFI Service Provider.
  • The Trust employs security companies that have the relevant training and experience to carry out the duties that they are required to do, we don’t hold the Training Needs Analysis, as this would be held by the relevant security companies.
  • Security provision is sub-contracted and, therefore, it is not the responsibility of the Trust to hold such a document.
  • This is inapplicable because security services are outsourced.
  • Security is externally procured. So, a training needs analysis is not required.
  • No Training Need Analysis as contractors are fully SIA trained.
  • All training needs analysis are undertaken by the contractor as required as per their Security Industry Authority licence.
  • Subject to the requirements of NHS contract and any Law the Service Provider is entirely responsible for the employment and conditions of service of staff, the provider shall ensure that such conditions of employment are consistent with its obligations under the contract. This will include though not be limited to statutory, essential training and qualifications relevant to grade & post but also in accordance with the officers specification & all appropriate licences and registrations with any relevant bodies for the complete term.

Well, firstly, SIA training is insufficient to meet Health & Safety legal requirements

Despite it being pretty much common knowledge across the whole security sector, many NHS Trust Boards and Health and Safety Compliance Leads still seem unaware that the training needed to qualify for an SIA Security Guard (or Door Supervisor) Licence is simply insufficient to meet Health and Safety legal expectations for a Healthcare Security Officer role.

SIA conceded this as long ago as 2007

Andy Drane, acting Chief Executive SIA said:

“On reflection, maybe some messages from us – or indeed our qualifications partners – have not been as clear and unequivocal as they might. Comments I hear range from concerns that the training needed to obtain a licence isn’t sufficient to satisfy the requirements of the job at hand, with employers having to supplement it…. We have always made it clear that the training required to obtain a licence is not necessarily all that’s needed to carry out every security operative’s role. To suggest otherwise would represent a huge challenge for operatives, with so many different security roles, sites, assignments and circumstances…..Had we taken a different approach and insisted on training and qualifications that reflect every possible aspect of the duties of those employed in the industry, we would have run the risk of people receiving too much training irrelevant to their role or assignment, or having to develop a wide range of separate qualifications for the equally wide range of different security roles……It has always been – and remains – the responsibility of the employer to ensure that every individual has the right skills for each assignment they are given.

SIA-Andy-Drane-SMT-07 07 2007.pdf

NHS England are well aware of the training deficit

In June 2018, the National Association for Healthcare Security (NAHS), wrote a letter to NHS England back in June 2018 saying:

“It is the considered view of the Board of NAHS that current Door Supervisor and/or Security Guard licence categories and related training do not give contracted Security Officers the knowledge or skills for healthcare environments, particular in the fields of DOLS, mental health and understanding patients and healthcare environments. We therefore recommend the creation of a new category and specific training outcomes to achieve this qualification for both contracted and in-house security.”

Click on the image below to view a full size .pdf

NAHS letter to NHSE

CQC Inspectors are aware of the training deficiencies

CQC Inspectors will be looking to assess compliance with the Essential Standards of Quality and Safety (See page 92, Outcome 7: Safeguarding people who use services from abuse.)

Exactly what CQC Inspectors are looking for during an inspection will vary according to the type of inspection it is and will be informed by the relevant CQC ‘Brief guide’.

Note: Brief guides provide information, references, links to professional guidance, legal requirements or recognised best practice guidance about particular topics in order to assist inspection teams.

For example:

See a full list of CQC Brief guides here.

HSE know about it too

Employers are expected to have carried out a full and sufficient Health & Safety Risk Assessment and taken appropriate steps to minimise known risks. These steps will include ensuring safe systems of work are in place including, policies, incident reporting systems, manning levels, emergency procedures and suitable training.

Risk assessments are expected to identify ‘at risk’ employee groups.

Where certain job types or tasks (e.g. security) are known to attract particular risks, specific job or task-based assessments should be made. Similarly, where aggravating factors exist locally, local risk assessments should supplement generic assessments.

HSE Inspectors will be checking that ‘at risk’ groups of employees (and contractors) have received appropriate training and information in line with risk and role responsibilities.

Security expert witnesses are acutely aware of it!

The training provided to security officers is something frequently called into question in cases where expert witness opinion is requested following adverse occurrences (accompanied by complaints and compensation claims).

Every security expert I know is acutely conscious that the standard of training required for SIA Security Guard and Door Supervisor licencing purposes is less than is required by the Health & Safety legislation (i.e. the legal standard) and training deficiencies often decide the cases.

Frequently, the legal costs of defending claims dwarfs the expense that investing in the ‘necessary’ training would have cost.

Secondly, there is the question of liability

As Andy Drane, SIA said back in 2007:

“It has always been – and remains – the responsibility of the employer to ensure that every individual has the right skills for each assignment they are given.”

BIG ‘heads-up’ to NHS Trusts that contract-in security services

Many NHS Trusts that contract-in security services would maintain that, by virtue of clear, explicit contractual terms, the security provider company would be legally responsible for providing security officers with ‘appropriate training’.

However, that is not the case.

Here’s the rub!

NHS Trusts that contract security will be 100% ‘vicariously’ liable for the actions of the security Officers.

Won’t the security provider company be liable to some degree too?


Why so?

The reasoning is the decision of the Court of Appeal in the case of Hawley v Luminar Leisure Ltd [2006] IRLR 817, CA

The thing is that, because of the level of control that NHS Trusts necessarily have over contracted-in security officers (i.e. in deciding their numbers, patrols, duties, uniform, etc.), courts will deem them ‘temporary employees’ of the NHS Trust, meaning the NHS Trust will be 100% vicariously liable for the actions of the Security Officers.

Knowing this, NHS Trusts are advised to, without delay, source and finance suitable training for contracted-in security officers, as not to do so will inevitably run a higher risk of adverse outcomes occurring as well as increase the likelihood of expensive compensation pay-outs and damage to the organisation’s reputation.

Suitable Training for Healthcare Security Officers is available now

The AEGIS Healthcare Security Officer Training programme is a comprehensive learning package that provides NHS security managers with a verifiable record of training provision (and candidate testing) across a broad spectrum of topics identified as necessary by a Training Needs Analysis, following a Health and Safety risk assessment and evaluation of the role.