skip to Main Content
Security Master Planning in the Cannabis Industry – Part 4: The Security Operations Plan

This article is the fourth in a series of four (4).

PART 1 explained that to legally operate a cannabis business, whether medical or recreational, a license or permit to operate must be obtained.  Every state has its own regulations and application process in place.  These regulations all require security measures to provide for the safety and security of the operation, its associates, and the neighborhood within which it operates. Most states refer to this as a “Security Plan” and require it be submitted with the application to operate, but what exactly is a “Security Plan?”

I have worked with many in the industry who think that a Security Plan is nothing more than a floorplan drawing with security devices added (cameras, electronic access control, alarm, door intercoms, etc.) As a result of this misconception, they often have their security integrator provide this as a design-build, selling and installing the equipment as well. PART 2 discussed this in more detail. In PART 3, I discussed how the Security Management Plan outlines at a high level what will be done to ensure the security of all assets including staff and patrons. The Security Operations Plan details how the overarching Security Management Plan will be implemented and details the performance of the tasks that will be performed.  This is where the policy and procedures, SOPs, and Post Orders can be found.

This is the part of the overall Security Plan that is the most complex and therefore most difficult to compose. Applications for the Illinois Adult Use Cannabis Dispensary permits were accepted from 9:30 a.m. December 10, 2019 through 12 noon January 2, 2020.  I provided security content for 12 of these dispensary permit applications.  On the afternoon of Saturday, December 28th, I received a phone call from a woman who was frantic. She had seen my presentation at a cannabis seminar and exhibition in Rosemont, IL and had spoken with me afterward. She told me that she had decided to use someone else to supply the security content for her application and that she just received the security plan from them.  She explained that the plan was five  pages, mostly drawings. This is a tell-tale sign of the shortsightedness and naiveté a typical systems integrator demonstrates in providing a “Security Plan.”  The security plan section of the application was limited to 50 pages and all the plans I had written were a full 50 pages. So, I can understand her being distraught over receiving a five-page security plan. I asked her if those who provided her with the security plan were the same ones who were going to supply and install the security equipment in her dispensary if she were to be awarded a permit. She replied, “Yes.”

Unfortunately, on such short notice, I was not certain that I could dedicate the significant amount of time to properly develop a customized security plan for her and her organization. Sure, I could have “cut and pasted” from one or more of the plans I had already written but that would not only be unethical, it would make me no better than the security integrator who had provided her with a Security Technology Plan  and sold it as a Security Plan.

No two Security Plans I have developed are exactly the same. Each organization is unique in how it goes to business. Time must be taken to understand the culture of the organization so the Security Operations Plan can be developed in the least intrusive manner for the specific organization.  Two things that can be said about security: security is always an inconvenience; and security is always too expensive until you need it. It is important to devise the operations in a manner that is not only compliant with the rules and regulations (that is what the Security Management Plan does) but is acceptable to the organization and has buy-in from leadership. The Security Operations Plan is not easily written by someone without experience in security operations in the same industry.

I recently worked with clients in Missouri applying for permits. The application to operate a cultivation center under Missouri’s medical cannabis program has 10 questions as well as a requirement for a drawing with the security systems overlaid on a floor plan.  The first question is: Describe your security plan, including staffing, at the facility. You may submit up to 500 words. Without operational security experience within a cultivation center, it is difficult to describe what exactly will be done to prevent the theft or diversion of cannabis as well as protect the safety and security of all employees, visitors, and contractors.  A drawing representing the intent of the security systems’ design and device locations does not answer this or any of the other 9 questions in the security section of the application.  Though it may have a very short-term deterrent effect, putting a camera in a room does not in and of itself prevent the theft or diversion of cannabis. Cameras are tools. Together with SOPs, creating procedures for determining who has access to the room and when they have that access, procedures for the performance of the specific activities performed within the room, procedures for monitoring the activities within the room, and training to react to exceptions to any of these, work together to prevent the theft or diversion of cannabis. There are not many integrators who can develop and articulate this beyond how to operate the security systems as they are not skilled or experienced with using the security systems as part of security operations.

As the caller mentioned on that December 28th call learned, security integrators (those who sell and install security equipment) are not generally the best people to provide a security plan. The temptation to allow them to provide a security plan at no cost, with the contingency that if you win the permit you will award them the equipment and installation contract, is real. The likelihood of scoring well in the security portion of the permit application is greatly reduced, no matter how many “security plans” they have provided and may just be the reason for not scoring high enough to win the permit. In the end, it is the buyer’s responsibility to become educated and properly vet potential security partners, especially during the critical application stage.

My advice as to where to start…

  • Contract with a board-certified security consultant for your security plans.
  • Check your consultants’ certifications, experience, and references.
  • Ask not how many security plans the consultant has authored or in how many states, but how many permits were awarded for the applications for which security content was provided.

Stay tuned and stay safe, and always remember that it is everyone’s responsibility to become an active participant in the safety and security of themselves and others.

In Case You Missed It

Security Master Planning in the Cannabis Industry – Part 3: The Security Management Plan

Security Master Planning in the Cannabis Industry – Part 2: The Security Technology Plan

Security Master Planning in the Cannabis Industry


Tim Sutton CPP, PSP, CHPA

Tim Sutton CPP, PSP, CHPA

Tim Sutton is a Senior Security Consultant and Cannabis Security Practice Leader at Guidepost Solutions. He has more than 30 years of security experience. His expertise includes operational security management, program development, loss prevention, physical security, risk assessments, and technical security systems design and implementation. He has worked with clients in diverse sectors including medicinal and adult-use cannabis, healthcare, retail, government, manufacturing, and multi-use properties. Tim is a Director on the ASIS International Professional Standards Board, and a member of the ASTM International  D37 Committee on Cannabis Standards.

Sutton has worked as director of security for Greenhouse Group and its Grassroots and Herbology banners, responsible for enterprise security risk management in all markets. Sutton has authored Master Security, Emergency Action and Fleet Safety Plans along with security training and operations manuals. He also conducted new hire background investigations and security advances at dispensaries.

Prior to Greenhouse, he worked as the director of security for Revolution Enterprises with similar security responsibilities.

Sutton has spoken at a number of cannabis industry events covering security subject matter. He first entered the cannabis industry as a security consultant when he authored security content for the extremely competitive Illinois permit application process winning two cultivation permits and three dispensary permits. After winning five IL permits, Mr. Sutton has provided security consulting services and authored consistently winning security plans and content for applications and operations in multiple states.

In addition to operational security director roles within the cannabis industry, Mr. Sutton has worked as a hospital security director, manufacturing facility security coordinator, and retail director of loss prevention and security. He also has held several positions within a security integrator operation including account executive, senior systems engineer, and licensee in charge and today provides security technology plans for multiple industries.

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Stories

New Jersey Judiciary Expunges More Than 360,000 Marijuana Offenses

The New Jersey Judiciary has expunged more than 362,000 marijuana and hashish cases from court records since the Marijuana Decriminalization Law became effective July 1. Eligible cases are expunged automatically by the Judiciary. Once a case is expunged, it is removed from the court’s public record and does not have to be reported on applications…

‘We’re in for the patients:’ Marijuana caregivers rally against bills that would curb access in Michigan

Amber Dunn placed her tie-dye mask in her lap as she sat in her wheelchair alongside the concrete steps leading to the state Capitol, where she believes lawmakers may try to make it harder for her to get her medicine: marijuana. She traveled to Lansing from Pinconning because she fears losing affordable access to a…

Ohio to allow medical marijuana growers to expand to meet demand, prepare for more dispensaries

Ohio’s medical marijuana cultivators can now request permission to expand their grow space. Expansion requests will be granted to businesses that have complied with rules and regulations, are already using the maximum amount of space allowed by the state and demonstrate a need to expand to keep up with demand, the Ohio Department of Commerce announced…

Industrial Hemp Products, Including CBD, are Finally Legit in California

By Hilary Bricken, Principle at Harris Bricken Many people ignore or just don’t want to believe the fact that, until recently, California was a bit of a villain when it comes to the manufacture, distribution, and sale of industrial hemp derived products, namely hemp CBD in food, beverages, dietary supplements, animal products, and cosmetics. However,…

More Categories

Back To Top
×Close search