Security audit for a large multi-site healthcare organization

This project included providing an overview and analysis of the existing security systems, technology and physical security program in place across eight (8) University Health Network (UHN) sites, including Toronto General Hospital, Princess Margaret Cancer Centre, Toronto Western Hospital, Toronto Rehab (University Centre, Lyndhurst Centre, Bickle Centre, Rumsey Centre) and Michener Institute. The Assessment Report then identified areas of concern, opportunities for improvement and discussed whether the existing systems, technology and physical security programs are adequate with regards to addressing present and future risks / threats and as compared to industry best practices at similar healthcare facilities. The report also assessed service delivery, staffing levels, training, incident reporting and emergency management. Recommendations to address the identified areas of concern, risks and vulnerabilities were then provided for consideration to assist UHN identify key action items and plan future improvements to the security systems and physical security program.

Lobo’s assessment consisted of:

• Review of existing documentation: security plan, policies, procedures, incident report data, as-builts, etc.
• Conducting interviews with various stakeholders from each site, gathering site specific incident historical data from personnel for incorporation into the reports to better understand stakeholder concerns
• Carrying out comprehensive site investigations utilizing industry best practices of each facility to assess current conditions, security systems, devices, technology and staffing models
• Identify risks and vulnerabilities with associated scoring as the basis to calculate threat levels
• Facilitating meetings with various User Groups
• Preparation of a comprehensive Security Audit Report, detailing all findings from site investigations, assessments material review and providing recommendations for overcoming identified security issues and concerns, including security program, services delivery, security staffing, technology and systems