In this article, originally published in foodsafetymagazine.com, we are given insights into what goes into a bioterrorism/food defence PRP. Security insights by a national security expert.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will succumb in every battle.”
—Sun Tzu, The Art of War
Thou shalt:
1. Know your suppliers. Harmonize their security plans with yours to ensure ingredients arrive unadulterated and are maintained as such throughout the processes that end in a safe and secure food product. Know where ingredients come from and keep careful records, so trace back, if ever necessary, will be quick and efficient.
2. Know your transportation elements. Ingredients and products also must be protected as they leave corporate control. If you carefully note the process, you will see that your product spends the most time out of your direct control, under the control of transporters. This creates both vulnerabilities and liabilities. Of all of the vulnerabilities faced by food corporations, this is probably the greatest and therefore has to be prioritized.
3. Know your process. Start by doing a very detailed self-assessment of the system/processes, identifying points of vulnerability. Then have third-party audit look at the very same things. This is critical, since your familiarity with the system can be a problem. Something that is invisible to you might be readily apparent to fresh eyes.
4. Know your people. Your employees really are your best defense when they are motivated, engaged and rewarded to do so. Allow them to look for and report any safety/security deficiencies they observe, and give them a way to rapidly report any potential hazard they observe.
5. Know your perimeter. Know how people and stuff enter your system, monitoring the input and output as well as everything in between. Obviously, keep people out who do not belong. This involves the usual gates and fences, but also entails layering of perimeter controls throughout your operation and limiting employee access to areas where they don’t belong. A well-designed perimeter inside company facilities (e.g. access to the ammonia refrigeration plant) can be as important as, or perhaps even more important than, a barrier enclosing building facilities.
6. Know your water supply. Do not depend on the supplier of your water to assure its quality and safety. Regularly monitor and assay. As President Reagan used to say, “Trust, but verify.” In other words, this is your corporate responsibility, if for no other reason than you will be the target of litigation should unsafe water make it into your food process. Government entities that screw up usually are not punished—there are no consequences. If bad water makes it into (and more importantly out of) your system, your corporation will not be so lucky.
7. Know your OPSEC. What is OPSEC? OPSEC is an acronym meaning Operational Security. Operational Security is the stuff of information, of schedules, proprietary information and personnel information, not in the sense of identity theft, but in the sense of information about your corporation, its employees and its operations. This is the kind of information that if acquired by the adversary can and will be used against you. This layer of security is often overlooked, but in these perilous times must be addressed both quickly and robustly. OPSEC is a big vulnerability for many.
8. Know your customers. Your customers could, given the right circumstances, become a problem for you, particularly if they are not thinking about food defense in the same way as your corporation is thinking (or perhaps is not thinking) about food defense. Think in terms of liability. Who has the deepest pockets if a food defense breach occurs, and your product is somehow involved? Even if the incident is not directly your “fault,” it could become your liability. Therefore, you as a food corporation have to ensure all of your customers are adequately protecting your products. Remember that unless you sell directly to the public, your most frequent customers are wholesalers/distributors and food retailers (grocery stores, restaurants, etc.).
9. Know your brand. Think about how various types of security events could hurt your corporate image—your corporate brand. Your brand is, after all, the most important thing you own. Corporate facilities, if lost or damaged, can be replaced. You must practice for disaster, promoting first and foremost the ability to remain agile in crisis. A corporation that lacks agility in the face of a successful adversarial attack is a corporation that is going to be damaged, with the degree depending on the type and severity of the attack. In a worst-case scenario, brand quality, once lost, may spell immediate doom. At best, consumer confidence is not going to be easily recovered.
10. Know thyself. Corporate managers, as well as non-managerial employees, all have strengths and weaknesses. Know your employees and what they are capable of doing. Some managers are very good when all systems are “go,” but might not be so good if bad things happen. It is a rare individual who can stay calm and focused in the midst of chaos and disaster—but they do exist, and one might be located just down the hall. Find those individuals in your organization at every level, cultivate their skills and then hold onto them for dear life. Your corporation will need them one day.
Think not in terms of whether a food defense problem will occur, but rather when. Those calm and level headed employees alone can make the difference between a disaster resolved and one that takes full effect inside your organization and on top of your brand. Think about the sinking of the Titanic. Many people died because lifeboats were released from the ship without being filled to capacity. Why? The crew did not load the passengers properly. Command and management also failed at every level before and after the Titanic struck the iceberg. In the midst of the sinking, precious time was wasted and wrong decisions were made repeatedly.
Hubris and wrong decision killed the Titanic. The iceberg strike was just the precipitating event. The accident became a disaster when the people who should have protected the passengers failed in their duty. It didn’t have to be that way. Don’t let your food corporation become the next Titanic disaster.
About the author:
Robert A. Norton, Ph.D., is a professor at Auburn University and a member of the Auburn University Food System Institute’s core faculty. A long-time consultant to federal and state law enforcement agencies, the Department of Defense and industry, he specializes in intelligence analysis, weapons of mass destruction defense and national security.
This article was reproduced with permission from Food Safety Magazine Source: Food Safety Magazine
http://www.foodsafetymagazine.com/enewsletter/the-ten-commandments-of-food-defense/
