With the recent passage of the Food Safety Modernization Act, a lot of attention has been focused on the purity of our foods from the perspective of accidental contamination. For the first time in the history of food legislation, the concept of food defense has been introduced. Food defense is defined as measures to protect food from deliberate tampering from criminal or terrorist sources.
With this heightened appreciation of food safety and keeping in mind the approaching 10-year anniversary of Sept. 11, 2001, it's a good time for every company and every plant in the food & beverage industry to give itself a serious checkup on physical security.
Existing food guidelines from the FDA and the USDA are intended to keep our food safe and edible. But what are we doing to keep production facilities secure? Those who would do America harm will strategically target whatever they can to spread terror in the fastest and most horrific ways possible.
America's food production companies could be a target.
Consider these benchmarks
Food industry executives should be prepared to respond to increased government involvement with food defense as a result of the new regulation – the final rules and implementation of which still have to be figured out. Scientific and performance standards will be developed to connect the industry with national security processes, yet there also will be a need for conventional physical security.
For security experts, it will make our jobs even more valuable, especially for those who have food & beverage experience. The bad news is that many food industry executives have a lot on their plates and aren't familiar with the issues surrounding true food defense.
Every organization must take this opportunity to create a food defense plan with comprehensive security requirements covering every aspect of its facilities including: processing, materials handling, personnel, storage, shipping/receiving, site security, utilities connections and the use of cybersecurity.
Processors of all types of food now will be required to evaluate the hazards in their operations, implement and monitor effective measures to prevent contamination and have a plan in place to take any corrective actions that are necessary.
It makes sense for plant managers to consider some benchmarks. First and foremost, have you documented the most likely criminal or terrorist contamination scenarios that could impact your facility? Have you implemented measures to control these identified risks? If not, this can be accomplished by:
- Conducting a security risk assessment to identify security hazards.
- Using the industry concept of goal-based security.
- Adopting security industry best-practice guidance. The FDA has available Guidance for Industry – Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance.
Some other benchmarks:
- Appoint a person or committee to be responsible for the oversight of your security program.
- Implement an incident reporting procedure and investigate all actual or potential security breaches.
- Implement a background check procedure that applies to employees, contractors and temporary employees working at your facility.
- Develop a comprehensive security awareness and training program for management, personnel with security duties and all other employees and contractors.
- Implement an effective perimeter access control system to prevent unauthorized access and to channel authorized persons to appropriate checkpoints for screening.
- Establish effective internal access control measures that prevent visitors from entering the plant, as well as persons with general access from entering security sensitive areas such as laboratories, mixing rooms and computer rooms.
- Implement operational controls such as management of incoming materials, storage for raw materials, water and utilities and access to computer systems; protect finished products from tampering; manage threats by mail.
- Establish a security recordkeeping system.
- Develop a crisis management plan to cover common emergencies (e.g., contamination, threat of contamination, breach of security, recalls).
- Implement compliance and quality assurance programs to validate security effectiveness.
With these benchmarks in mind, it is also important to be aware of the various potential pitfalls to avoid when improving physical security at your plant.
First, when any new regulation is passed, "consultants" claiming to be experts in the area come pouring out of the woodwork. It is no different in the security industry.
To avoid hiring an inexperienced or unqualified expert, you can find qualified and independent security expertise from such organizations as the International Association of Professional Security Consultants in the U.S. (www.IAPSC.org), and the Association of Security Consultants in the U.K. (www.securityconsultants.org.uk).
Expert consultants from these organizations do not sell security equipment and, therefore, do not have a conflict of interest when recommending security measures and technology for your plant. Representative consultants from security vendors may be naturally biased toward the products they offer. Keep in mind, an independent security consultant can bring more comprehensive expertise to the table – skills that focus on more than just security technology.
Organizations should expect from any consultant at least five years of experience dealing with food manufacturing security programs, conducting risk assessments, implementing security programs and executing security system engineering and design. Managers should also consider requiring professional security certifications such as Certified Protection Professional (CPP), Physical Security Professional (PSP) or the Certified Security Consultant (CSC).
When the time comes to evaluate and purchase security systems, failing to properly design access control, intrusion detection and closed-circuit television (CCTV) surveillance can result in wasted funds, ineffective security and even potential liability.
Installing a security system should be approached no less systematically than building a new facility and should include drawings and properly structured specifications. Buyers of security products are frequently left hungering for critical components such as record drawings, training and systems that operate in a way that meet the specific needs of the plants in which they are installed.
In fact, it is not uncommon for organizations to "turn off" systems for many different reasons since they can be disruptive to business and often result in unnecessary police response after hours.
Food plant managers who purchase physical security systems can avoid failures by following these steps:
- Risk analysis: Conduct a proper risk analysis to ensure the design basis of any physical security improvement considered for your plant. Start with the potential problems you are trying to fix. Often vendors want to begin by talking about how security systems should be employed, which is a tactical (and not strategic) approach. It's putting the cart before the horse.
- Specify requirements: Identify requirements for security improvements and insist your consultant carefully selects products that meet those specific requirements. There are new products being launched on a weekly basis that makes it a full-time job to keep up. For example, if you are installing a security camera and require facial recognition from the video, you will need technology that is capable of achieving a high image resolution. Using a standard resolution camera, the field of view of the camera can be no wider than 16 ft. to achieve facial recognition with standard video. By simply picking camera locations without any consideration as to how much real estate the camera is going to view is inviting less than satisfactory results once cameras are installed.
- Internal review: Ensure specifications and drawings are reviewed and approved, at minimum, on two separate occasions as the project matures to ensure that the implementation of physical security measures will not unduly interfere with operations. Management involved in this review process should include: maintenance, quality, safety, human resources and information technology.
- Rely on your consultant: If competitive bidding will be used, the consultant-designer should assist the plant in identifying qualified representatives of the security products being considered.
- Comparison shopping: A technical and commercial comparison of vendors' bid submissions should be conducted to identify the best solution for the plant. Purchasing on low bid alone is never recommended.
- Ongoing support: While the system is being installed, the designer should be providing support such as reviewing vendor submittals, responding to requests for information and conducting periodic reviews of the system throughout installation to ensure compliance with specifications and drawings.
- Benchmarking: The final step before a system is accepted and the warranty begins is a complete end-to-end test to ensure: all devices work properly, programming has been finalized to meet plant requirements, training has been properly conducted and drawings have been submitted.
These simple vetting techniques and procedures can ensure that food & beverage manufacturing facilities meet emerging regulatory requirements, as well as protect the corporate brand and provide a reasonable level of security against criminal and terrorist attacks.
Preparing for unknowns is a priority in all phases of business, and food defense is certainly no exception. Don't wait until crime happens. Changes to our lifestyles over the past decade should illuminate the importance of proactive food defense in your organization.