Striking a balance between security technologies that are prudent, effective and affordable has emerged as an unexpectedly large challenge in plant operations in the last two years. Almost overnight, securing the facility and the product itself against deliberate contamination has achieved the status of HACCP. Customers are demanding risk assessments and implementation of reasonable safeguards, and processors must determine where to draw the line between safeguarding against likely and theoretical threats.
“It is far fetched to assume an attack by terrorists,” believes Ray Pettit, a Seattle-based security consultant who is working with several major food companies. “The real threat is internal. A different set of measures are needed to protect you against people on the inside than from those on the outside.”
Nonetheless, securing the perimeter is the focus of plant security programs at this point, and the cost is giving many companies pause. “If they’re thinking $500,000, it turns out to be $2.5 million,” says Pettit. Spend they must, however, or risk the wrath of clients and compliance officers from various government agencies. “Guns, guards and gates are the prerequisite to a secure perimeter,” insists Chuck Sizer, executive director of the National Center for Food Safety and Technology (NCFST), in Alsip, Ill., and plant managers must build from there.
Access control is critical in avoiding internal security breaches. September 11 occurred while the Pepsi Bottling Ventures plant in Raleigh, N.C., was still on the drawing board. “We completely revamped our approach to security,” recalls Scott Jamison, vice president of engineering. Shipping and receiving are separate and segregated areas. QC personnel unload raw materials, not forklift drivers, and they sample contents before moving materials into the rest of the plant. Even sugar is received indoors. Card readers control access to various parts of the building, ensuring that only authorized personnel can enter.
The Raleigh plant’s managers applied a classic approach to security: risk assessment, perimeter security, access restriction and internal segregation of people by job function. Designing security from the ground up definitely benefited the process. For other processors, security is a retrofit, with no hard-and-fast standards. Each facility must be analyzed independently.
For example, Pepsi-Cola’s corporate office considered making fences on all four sides a universal protocol for its 140 facilities. As a practical matter, that proved impossible, according to Michael Burness of the bottler quality office. One bottler was in an industrial park that prohibits fences. Another was located on riverfront property in New York City. “Being New York, they wanted to put mines on the fourth side,” Burness jokes, but the geographic reality underscores the obstacles to plant security standards.
Burness likens plant security to a pest control program, working from the outside in to keep out interlopers. For most facilities, that means fencing. How much is added to a simple fence is where the dollars start to add up. Closed-circuit cameras heighten security, and they require personnel to monitor them and perimeter lighting to be effective. “Unfortunately, some companies get sold a bill of goods by a vendor who installs more than is needed and then walks away,” cautions Forrest Gist, department manager of life safety and security systems at Portland, Ore.’s IDC. He cites a firm that had 24 monitors for 24 cameras, even though a single, multiplexed monitor could have received feeds from all of them and automatically switch to any view where there was motion.
“The key to security equipment is that it be suitable for the environment it works in and that the installation be rock solid to avoid false alarms,” Gist adds. Sensors linked by coaxial or fiber-optic cable “are proven technology that a lot of people are looking at,” he says. Exterior lighting ceases to be an issue. The cost ranges from $10-$16 a foot, “expensive but within the realm of reason,” says Gist.
A leader in this technology is Southwest Microwave Inc. in Tempe, Ariz. Prisons, airports and nuclear plants have been mainstays of Southwest’s clientele, but more recently the firm has begun working with meat plants and other food processors. Its Micropoint cable pinpoints fence disturbances to within 10 feet by using digital signal processing algorithms. It is calibrated to ignore movement caused by wind, rain or heavy vehicles.
Batten the hatches
At a basic level, keyed door locks provide adequate access control to a facility if there are few doors and people. As the numbers increase, flexibility becomes an issue. PIN pads offer a little more flexibility “for not a lot of money,” says Gist. “If you can integrate them all in one database, along with e-mail addresses and other personal identifiers, that’s pretty sweet.”Card readers add greater flexibility, at a higher price. Magnetic stripe cards have given way to proximity cards that can be read from a distance of a few inches and are more durable. For the typical factory door with attendant hardware and reader, a rule-of-thumb cost is $5,000, estimates Dan Keller, a security consultant with Aegis Security Design in Louisville, Ky. “Some clients are spending millions and millions on doors and other security measures,” he says. “Others are choosing to take a risk.”
Biometrics add an even higher level of security for an extra $1,200 in total door cost (not including software), and some processors are taking the plunge. Graeter’s Ice Cream, an Auburn, Ohio, manufacturer that also has 12 retail locations and 330 total employees, is a recent convert to a biometric hand scanner.
Makers of hand scanners resist the biometric tag, insisting, “It’s not, Oh, wow, technology anymore.” Jennifer Toscano of Recognition Systems Inc. points out hand readers have been around since 1989. The units create a three-dimensional template of a hand, based on 90 measurements. Users determine the system’s tolerance: unless the facility requires very high security, loose matching allows access to the employee with a band-aid or swollen finger to get where he needs to go. And, unlike cards, no one leaves their hand at home.
Sun-Maid Growers of California installed hand scanners six years ago and now has 20 at its sprawling, 130-acre facility. More than 500 employees are on site each day, with the number climbing to 800 during peak periods. Richard Hampton, director of information systems, describes the scanners as “bulletproof” in terms of reliability. “We go weeks between problems.”
The scanners are tied to a scheduling & timekeeping program. Scanners control the turnstiles that employees pass through at the beginning of a shift. Additional readers are in specific work areas. Workers painlessly punch in and out between breaks and shift changes. Every 10 minutes, the clocks are polled and punches recorded.
Card readers were considered and rejected because the hardware was deemed cumbersome and the cards themselves represented a foreign object that could end up in the product, Hampton says. Capitalization was higher, “but the fiber optic wiring was tied to a longer term infrastructure improvement project,” he says.
The enemy within
While the food supply’s vulnerability to terrorism fomented current concern about food security, deliberate acts of contamination are far more likely to be perpetrated by current or former staff members, security experts agree. Consultant Pettit regards terrorism as a distraction that siphons limited capital from effective security measures.“The internal threat has always been there, and effective countermeasures protect both the food and the people who work there,” he says. “Everyone knows what GMPs are; what we haven’t done yet is define GSPs: good security practices.” They include recognizing potential aggressors and intervening appropriately. Implementing procedures and training to minimize the threat from people who already have access to a food product will take time and a cultural shift. Unfortunately, “some security measures being discussed will make matters worse, not better,” he frets.
“You can bring in 24-hour security, but the people who work in the plant are your eyes and ears,” adds Shukee Einstein, IDC’s security specialist. Training them to identify aberrant behavior and security breeches is much more effective than creating an oppressive work environment. “We don’t want a bunker society,” says Einstein, who has worked extensively in the Israeli food industry.
Israeli defense officials recently met with select authorities from the U.S. food industry to discuss various responses to potential enemies both within and outside the plant, including those who threaten product security when finished goods and raw materials are beyond the plant’s direct control. “Top management has to agree that this is something the company has to work toward,” says NCFST’s Sizer. “For small companies, it is so overwhelming.”
Supplier audits will prod companies to invest in technology to safeguard products that have left the facility, he believes. Processors will wear both hats, auditing their raw material suppliers and being audited by customers and regulators. “In order to do an audit, you have to have a standard, so a preliminary step is developing standards that are sustainable for your product,” points out Sizer. Hardware as well as policies and procedures will have to be in place, with GPS devices and radio frequency identification (RFID) tags
“We have been monitoring food shipments for temperature for some time,” Sizer notes. “Adding GPS and other monitoring technology only adds a few hundred dollars per truck.”
RFID is being touted as a supply-chain management tool, but it also verifies the authenticity of a product. Wal-Mart has given suppliers a Jan. 1, 2005, deadline to incorporate RFID in case and pallet shipments, and Gillette Co.’s recent order for up to 500 million tags from Alien Technology Corp. should help drive down costs.
Is bioterrorism or LSD in reconstituted orange juice a realistic threat? Probably not, but that’s a call the individual processor must make. In the end, security technology must justify itself with the same ROI scrutiny that every other technology in the plant undergoes.
For more information:
Dan Keller, Aegis Security Design,
502-235-6500,
dkeller@aegissecurity design.com
Tom Pounds, Alien Technology Corp., 408-782-3900
Mark Thomas, Fiber Sensys Inc., 503-641-8150
Forrest Gist, IDC Inc., 503-224-6040
Ray Pettit, Ray Pettit Enterprises,
253-863-0557,
raypettit@juno.com
Jennifer Toscano, Recognition Systems Inc., 408-341-4100
Tom Wallace, Southwest Microwave Inc., 480-783-0201