Building a culture of health, safety and security

Our clients provide us with a huge amount of personal information, to establish their identity and to determine their entitlement to assistance. They trust us to handle it securely and sensitively and to share it only as necessary and in accordance with established information security principles.

Embedding the way health, safety and security operates

In 2016/2017 we implemented an operating model which will support us to embed and mature our approach to health, safety and security (HSS). We have developed core frameworks and carried out a comprehensive critical risk assessment process. We have also set up a detailed work programme to prioritise where we place our focus in line with our Health, Safety and Security Strategic Plan.

We have clarified health, safety and security accountabilities for all our roles, with a focus on increasing our staff’s and the public’s level of trust and confidence in their safety on our sites, increasing the capability of staff to prevent incidents, and responding effectively when an incident does occur. We have improved our collection and use of health, safety and security data and intelligence to inform processes for delivery of services and environmental design. This has been supported by a robust training and awareness programme.

In addition, we have commenced consultation with staff on the development of a Wellbeing Strategy, and have aligned the delivery of our services to meet the unique requirements of both MSD and the Ministry for Vulnerable Children, Oranga Tamariki as separate entities. All of these initiatives will help us to continue shaping our health, safety and security culture over time.

Security Response Programme

In early 2017 we completed delivery of the Security Response Programme (SRP) [59] that we had initiated in response to the Phase 2 report of the Independent Review of the Security Environment for the Ministry of Social Development that followed the tragic incident in Ashburton in September 2014.

Ernst & Young (EY) completed a review of the SRP to assess whether it had met the intent of the recommendations of the Phase 2 report. The findings of the EY review confirmed that the SRP has met, and in some cases exceeded, the intent of the Independent Review recommendations, and that the progress we have made in improving our health, safety and security is evident.

EY described the work of the SRP as "transformational". It has changed the way we look at health, safety and security risk as an organisation, and it has changed attitudes to health, safety and security amongst staff at all levels.

Impacts of the WorkSafe prosecution

Following the tragic incident in Ashburton in September 2014, WorkSafe brought a charge against MSD. While the judgement deemed that we could not have prevented a determined lone gunman, it did indicate some practical steps that we could have taken to ensure the safety of our employees and clients.

The judgement validated the work and progress we have made in raising our security maturity levels since the Ashburton incident, and will continue to influence our thinking in the future as we prepare for introducing and refining physical security elements in our frontline sites.

Developing our capability to share information to support better outcomes

We use the information we collect from our clients in a number of operational areas to help provide clients with the right services so that we can support them into housing and employment. It is important that the personal information we have about our clients is shared and reused ethically, safely and legally, and that we handle it securely, sensitively and in accordance with established privacy principles.

In the past year we continued to build a centralised information-sharing capability, designing new mechanisms and tools to support better decision-making on when and how we can share information. We are modernising and consolidating existing approaches to improve the use of information we already hold.

We collaborated with Inland Revenue to design and consult on a Benefits and Subsidies Approved Information Sharing Agreement, which is due to come into force in late 2017. This agreement will allow both agencies to reuse information more effectively to support client entitlements and obligations.

We have led or supported many other initiatives, where shared information has been pivotal to designing new services or policies, identifying risks, and improving the delivery of client-centric services. This includes partnering with Oranga Tamariki to ensure that our information continues to be available to support its work with vulnerable children.

Information Management Strategic Framework

We developed an Information Management Strategic Framework (IMSF) in 2016 to support decisions about how we maximise the value from, and demonstrate that we are responsible custodians of, client information. A key focus in the implementation of the IMSF in 2016/2017 has been on raising awareness of and educating our staff in the areas of information security and privacy.

Footnotes

[59] The SRP was put in place to implement the recommendations of the Independent Review of the Ministry’s security following the tragic events in Ashburton on 1 September 2014.