I have just had an argument with the site director at work about this.

I am proposing that we install access control on a few doors to secure our building. We do not have anyone on reception and the office is open to anyone walking in at anytime.

I suggested that as well as securing the building and its contents, we as a business also have a responsibility for the safety of our employees whilst at work.

He thought I was mad and the fact that nothing had happened to any employees in the thirty years that he has been working was justification for doing nothing.

Any HR/Legal types that could confirm or deny that the company has this responsibility or is my argument flawed?

I believe it is you that are correct.

As a company you will also be liable for the safety of anyone that wanders in to the building without your knowledge.

IIRC They do have that responsibility ” as far as reasonably practical” I very much doubt that would extend to securing doors unless its a secure type environment or a high risk environment

the office is open to anyone walking in at anytime.

What are you worried about?

Petty theft? Or something else?

Have you done a HAZID and a risk assessment?

Until you know what the hazard actually is, then how do you protect against it?

I guess if your office is in downtown Johannesburg, then you a couple of big blokes with shotguns and some window bars etc. would be a sensible response.

In leafy Surrey, probably not so much.

HSE website is usually good for this sort of stuff http://www.hse.gov.uk/index.htm

SO the main reason for proposing it is to secure the building against petty theft. Which came about because £1k was stolen last week from petty cash.
As a secondary “it will also achieve this” reason, it will stop disgruntled ex employees or psycho ex boyfriends etc from entering the building.

I would imagine that if something like this happened then the employee could potentially sue the company for not ensuring their safety, right? I accept the chances of it happening are slim, but I have seen a similar incident in a previous job where a dumped boyfriend entered the premises and physically attacked.

I very much doubt the employee has a responsibility that extends that far.

the key phrases is “as far as reasonably practical” they do not have an absolute responsibility

SO the main reason for proposing it is to secure the building against petty theft. Which came about because £1k was stolen last week from petty cash.

Well it seems like a no-brainer to me.

Even a few of those key code pads would prevent the majority of that sort of stuff, for very little cost.

As THJ says, the duty of care only extends so far.

Some useful info here https://fitforwork.org/employer/preventing-absence/health-and-wellbeing-at-work/identifying-workplace-hazards/

How to prevent workplace hazards

The best way to protect yourself and your employees from workplace hazards is to identify and manage them and take reasonable steps to prevent their potential to harm.

In order to control workplace hazards and eliminate or reduce the risk, you should take the following steps:

identify the hazard by carrying out a workplace risk assessment;
determine how employees might be at risk;
evaluate the risks;
record and review hazards at least annually, or earlier if something changes.

We are a small sales office with a warehouse full of pumps. All our doors are locked and we have a doorbell for anyone that wants to gain entry.
The warehouse door is only open if their is someone within eyeshot.

Sometimes things slacken off in the summer and door will be left open, you can bet your bottom dollar there will be someone sniffing around within 20 minutes.

(In sleepy tropical Hampshire)

We do not have anyone on reception

how will people get in if they’ve forgotten their access card or don’t know the door combination?

Would a decent bit of CCTV (Useful anyway) and some door chimes not do the job..
Your boss can check you are doing some work and not on STW all day then too!
I am talking from experience as we have some great footage of a 20 something year old traveler assaulting my 72 yr old dad.

Knock on the door? Ring a doorbell?

If it’s only a small office/site, then a wireless door bell will work for those who’ve forgotten their card etc. Failing that an intercom/phone.

Problem with access control is people are lazy, so unless you REALLY enforce it then the doors will end up wedged or held open and it will be pointless. A key code pad(s) will rapidly become a pain in the bum and people just won’t use it.

how will people get in if they’ve forgotten their access card or don’t know the door combination?

exactly!

IIRC They do have that responsibility ” as far as reasonably practical” I very much doubt that would extend to securing doors unless its a secure type environment or a high risk environment

The word is practicable not practical. Like most other things relating to health and safety it comes down to risk assessment. Has there been a history of people wandering in? Does the work you do have potential for conflict with the public? Is the employer aware of a vulnerable employee? etc etc. Once you have determined the risk then you have a duty to put in control measures to make that risk “as low as reasonably practicable”. This may or may not include security doors.

For me the control measures for the petty cash are: 1) small amounts only kept on premises 2) properly secure cash box. all doors to be locked at all times is overkill for petty cash theft IMO.

some workplaces will have higher risk of irate folk entering and causing trouble – ie council offices or have large amounts of valuable stock easily available to be stolen – then locking all doors all the time might be reasonable.

If all doors were access controlled who is going to let visitors to the site in?

At the end of the day its pretty much a matter of opinion – if you really want to go down this road then you will have to produce a risk assessment that shows the door security is needed and that the risks cannot be controlled in an easier way

ta KM – that was a typo 😉

TJ +1

yes they have a duty of care, but only so far and it’s a balance of risk/consequences/cost (or something like that). Ie an employer cannot be expected to pay say £250k to prevent a low risk/low injury potential but could be in order to prevent certain death….or along those lines.

I was working in a “secure” residential building today and someone inside stole my personal safety tracker whilst it was charging up plugged in outside the flat I was working in. The security company can confirm it’s still in the building. Oh the irony.

mrsmidlife had her purse stolen at work last week, furthest office from the supposedly secure door which someone had propped open to move some boxes. Not a big deal really, but we knew a solicitor who was shot dead in his office in 2012 so the risks can be real.

can the cost of the security be offset against a reduction in your insurance premium?

There are big holes in the “fitforwork” link.
You employer has absolute duties under the HASaW, etc Act and the Management of the HASaW Act regs.
You’d be far better off getting proper legal advice or you’re in for a whole world of hurt getting it wrong where an Act of Parliament is concerned.

If you keep any personal info/bank details etc etc of customers then you need a secure building/office for data protection

Nobody here works in something called a “shop” then?

you need to keep the data secure not the whole building

My old office was unlocked when we were in there. I would regularly have children wander in.

It wasn’t unheard of for armed men to wander in for a cuppa as well.

What do you expect of an outdoor center in the Highlands at stalking season?

Risk Vs as reasonably practicable as stated. Do the assessment and process before you demand any action. Remember securing doors may have downsides in a risk measure – eg slower fire exit, overheating/lack of air circulation etc.

Someone obviously not clear what the word petty means in petty cash! However, access control will be relatively expensive (for more than a couple of pads, probably more than just got nicked) and doesn’t guarantee nobody can gain unauthorised access. Add to that the risk that theft comes from someone with a card (staff, cleaner, ex-employee you forgot to cancel, lost/stolen card, staff member threatened with a weapon) and you have achieved little.

we are all middle management, IT or engineers

Go to any building and when in walk round where you like wearing just a hi viz bib and carry a clip board or tablet,using a tape measure or laser measure ensures youre never bothered.

oh and as for getting in try the post room or stores door, always open etc, flash a made up id and youre in if challenged.

Nobody here works in something called a “shop” then?

I’ve seen plenty of shops where the counter and till is behind security glass, even seen a few hotels like that too. Never been to a petrol station at night?

Building access control is seen as a risk mitigation against data protection fines in our place along with clear desk policies.

Given impending fine levels from GDPR that is more of a financial justification that personal attack.

I’ve seen plenty of shops where the counter and till is behind security glass, even seen a few hotels like that too. Never been to a petrol station at night?
[/quote]Walk down your local high street and tell me what percentage of shops have access control on the doors when the place is staffed. The OP is worried about disgruntled ex-employees gaining access.

(FWIW my local filling station is also 24-hour shop 🙂 )

Walk down your local high street and tell me what percentage of shops have access control on the doors when the place is staffed.

Close enough to zero, but most will have some form of monitoring who is coming and going, be it by camera or someone standing watching.

Walk down your local high street and tell me what percentage of shops have access control on the doors when the place is staffed

anyone remember the offy near the level in Brighton? ring a bell to get in, then have to ask for stuff from within a bullet proof cube.

was a very strange experience.

LOL….. Ever been to Jackson Sports in Belfast?

https://www.jackson-sports.com/

They still have a buzzer on the door (and have had one for the past 30 years) and wont allow you in if you look remotely dodgie….. and when I say dodgie I mean…. if you look like a Boulderer and not a trad climber or are wearing baggies and not Ron Hills.

Weird place!!

how will people get in if they’ve forgotten their access card or don’t know the door combination?

You have a phone connected to someone who can let the person in if they have a legit reason to be in the building, or get someone to go and deal with them, same with a doorbell.

project – Member
Go to any building and when in walk round where you like wearing just a hi viz bib and carry a clip board or tablet,using a tape measure or laser measure ensures youre never bothered.

oh and as for getting in try the post room or stores door, always open etc, flash a made up id and youre in if challenged.
Yeah, right. I’d like to see you try that in the last place I worked. Everyone carried blank RFID cards, keyed to specific areas and rooms within the building, and every employee had the right to challenge any unknown person found wandering around and escort them back to reception, and everyone had colour-coded lanyards denoting wether staff, visitor, contractor.

tjagain – Member
you need to keep the data secure not the whole building

Since when did you become an expert in such subjects?
The whole building has to be secure, because it’s always possible that valuable data could be in use at any location within the building. I’ve worked in a high security environment for over a decade, some areas I had access to were as secure as any bank, cameras everywhere, absolutely no personal electronic devices, outdoor clothing or bags of any sort allowed in, all had to be locked away outside any secure area. Which meant on the stairs landing which still could only be accessed through a secure door, either by card or by human invitation.

Go to any building and when in walk round where you like wearing just a hi viz bib and carry a clip board or tablet,using a tape measure or laser measure ensures youre never bothered

I did that quite a few times when urbexing 😀

count zero – I work with highly personal computerised data in a completely unsecure building perfectly legally. You have to have adequate control measures in place to keep the data secure – you don’t have to have the whole building under high security.

I can for example access the private medical data and social services files of everyone in Scotland. Thats the sort of personal data that has to be kept very secure. Our control measures are al IT based not physical

I have been trained in data security and clearly understand the data protection act better than you if you think secure buildings are needed to comply with the data protection act

STW hold personal data protected under the data protection act. Are they a secure building?

Anyone who holds any personal information on computer is bound by the data protection act. Its used as an excuse to do odd things by people who do not understand it like elf and safety is

The whole building has to be secure, because it’s always possible that valuable data could be in use at any location within the building.

that seems an odd approach to data security. In my experience it is more normal to “zone” the areas and put controls in that restrict access to the most sensitive areas. People who then have secure data outside the relevant zone are subject to disciplinary matters. It’s almost like the security managers sit down and work out what the objectives are and design an appropriate system rather than assume that every organisation is the same.

Shops have access to lots of personal data on their customers.

Just sayin’