Failure to Annually Update and Review Security Vulnerability Assessment
Summary
The facility failed to comply with NFPA 99 (2021 Edition) security management requirements by not maintaining an annually updated and reviewed Security Vulnerability Assessment (SVA). During record review between 9:15 AM and 1:30 PM with the Maintenance Director and the Administrator, surveyors requested documentation showing that the SVA had been updated and reviewed each year, as required by Section 13.3 of NFPA 99. The facility was unable to provide such documentation, and both the Maintenance Director and the Administrator acknowledged that the Security Vulnerability Assessment had not been updated and reviewed annually. This deficiency was cited as a Class III violation and was noted as having the potential to affect all occupants in the facility in case of a fire or other emergency. No specific residents, medical histories, or clinical conditions were mentioned in the report, and the deficiency pertained to facility-wide security and emergency preparedness documentation rather than to individual patient care events.
Plan Of Correction
Security vulnerability assessment was reviewed and a signature page was placed in the binder. The facility has determined that all residents have the potential to be affected. An in-service education program will be conducted by the administrator. The administrator will conduct a three month check to verify completion of documentation.
Penalty
Trusted data from CMS and state health departments
Every citation, penalty and Plan of Correction is sourced from public CMS records (latest release June 24, 2026) and official state health department websites — never guesswork.
Trusted by long-term care providers and associations.



