Cannabis Business Executive - Cannabis and Marijuana industry news

Recreational, Medical, Marijuana, Cannabis, And Hemp News for Cannabis Businesses

  • Follow on Facebook
  • Follow on Twitter
  • Follow on Google+
  • Follow on LinkedIn
  • Subscribe to our RSS feed
Newsletter 2
You are here: Home / Best Practices / Security Master Planning in the Cannabis Industry – Part 3: The Security Management Plan

Security Master Planning in the Cannabis Industry – Part 3: The Security Management Plan

by Leave a Comment

THE SECURITY MANAGEMENT PLAN

PART 1in this series explained that to legally operate a cannabis business, whether medical or recreational, a license or permit to operate must be obtained.  Every state has its own regulations and application process in place.  They all require security measures to provide for the safety and security of the operation, its associates, and the neighborhood within which it operates. Most states call this a “Security Plan” and require its details be submitted with the application to operate, but what exactly is a “Security Plan?”

I have worked with many in the industry who think that a Security Plan is a floorplan drawing with security devices added (cameras, electronic access control, alarm, door intercoms, etc.) They have their security integrator provide this as a design-build, selling and installing the equipment as well. PART 2 discussed this in more detail.

Unfortunately, this is only a part of a Security Plan and leaves the organization short.  A Security Plan includes a Security Management Plan, Security Operations Plan, and a Security Technology Plan.  All three must be included in a complete Security Plan.  This article will dive deeper into the Security Management Plan.

The Security Management Plan describes what will be done to ensure the security of all assets.  This plan can be very detailed but does not include specific details how any security functions or tasks will be performed as that will be documented in the Security Operations Plan and its SOPs.  It will generally document items for compliance and is more of a broad-based outline of what security measures will be used.  Policies and procedures are not found in the Security Management Plan.  For instance, it may look like:

  1. Access to the facility will be controlled.
    • The facility will deploy an engineered electronic access control system.
    • Limited and Restricted Access areas will be defined within the facility.
    • Access authorization will be determined by role….
  2. Video surveillance will be deployed.
    • All interior areas containing cannabis will be monitored by video
    • The exterior perimeter of the building will be monitored by video
    • All entrances/exits will be monitored by video.
    • All recorded video will be stored for 60 days……
  3. An intrusion detection system will be deployed.
    • All perimeter doors, windows, rooms with an exterior wall, security equipment or monitoring rooms, cannabis storage, and cannabis waste storage areas will be protected by the system.
    • The system will be monitored continuously by a licensed UL-Listed central monitoring station.
    • Panic, hold up, and duress alarms will be utilized.
    • The local law enforcement agency will be notified automatically of any security breech.

Oftentimes the specific systems that will be used are named but they do not have to be.  When an organization standardizes on security technology or levels, those standards should be included as part of this plan.  The details of the system, the actual listing of limited and restricted access areas of the facility, and the various roles that would be authorized for access to those areas, may also be listed in the Security Management Plan especially if they are to be standards for the organization to follow.  Although there is some leeway with details that may be included, procedures (SOPs) should never be included.  Procedures for the actual administration and use of the systems belong in the Security Operations Plan. Similarly, how and when the intrusion detection system is armed; how the panic, hold up, and duress alarms are used and tested; and protocols for alarm response are all to be found in the Security Operations Plan.

What is actually covered, controlled, or monitored utilizing the tools in the technology plan is defined in the Security Management Plan and may be nothing more than simple compliance with the requirements of the security section of the application.  Utilizing a strong security management program’s operational SOPs with state of the art security systems will help an organization to be a beneficial addition to the community and its immediate neighbors.

It is best to utilize an experienced security consultant in the development of all parts of the Security Master Plan to ensure regulatory compliance, compliance with industry best practices and standards, and to help get it right the first time.  At the very least, a qualified security consultant with experience in the industry and knowledge of its operations and workflows should review any Security Technology Plan or Security Management Plan created by an integrator or security manager.

We will discuss the Security Operations Plan and its SOPs in the final article in this series.

Stay tuned and stay safe, and always remember that it is everyone’s responsibility to become an active participant in the safety and security of themselves, and others.

This article is the third in a series of four (4).

About The Author:

Tim Sutton

Tim Sutton is a Senior Security Consultant at Guidepost Solutions. He has more than 30 years of security experience. His expertise includes operational security management, program development, loss prevention, physical security, risk assessments, and technical security systems design and implementation. He has worked with clients in diverse sectors including medicinal and adult-use cannabis, healthcare, retail, government, manufacturing, and multi-use properties.

Sutton has worked as director of security for Greenhouse Group and its Grassroots and Herbology banners, responsible for enterprise security risk management in all markets. Sutton has authored Master Security, Emergency Action and Fleet Safety Plans along with security training and operations manuals. He also conducted new hire background investigations and security advances at dispensaries.

Prior to Greenhouse, he worked as the director of security for Revolution Enterprises with similar security responsibilities.

Sutton has spoken at a number of cannabis industry events covering security subject matter, including the 2018 Global Security Exchange where he addressed “Securing the Medical Cannabis Industry from Seed to Sale.” He first entered the cannabis industry as a security consultant with Sorensen, Wilder & Associates when he authored security content for the extremely competitive Illinois permit application process winning two cultivation permits and three dispensary permits. After winning five IL permits, Mr. Sutton provided security consulting services and authored security content for applications and operations in multiple states.

In addition to operational security director roles within the cannabis industry, Mr. Sutton has worked as a hospital security director, manufacturing facility security coordinator, and retail director of loss prevention and security. He held several positions within Midwest Integrated Solutions including account executive, senior systems engineer, and licensee in charge.