This article is the fourth in a series of four (4).
PART 1 explained that to legally operate a cannabis business, whether medical or recreational, a license or permit to operate must be obtained. Every state has its own regulations and application process in place. These regulations all require security measures to provide for the safety and security of the operation, its associates, and the neighborhood within which it operates. Most states refer to this as a “Security Plan” and require it be submitted with the application to operate, but what exactly is a “Security Plan?”
I have worked with many in the industry who think that a Security Plan is nothing more than a floorplan drawing with security devices added (cameras, electronic access control, alarm, door intercoms, etc.) As a result of this misconception, they often have their security integrator provide this as a design-build, selling and installing the equipment as well. PART 2 discussed this in more detail. In PART 3, I discussed how the Security Management Plan outlines at a high level what will be done to ensure the security of all assets including staff and patrons. The Security Operations Plan details how the overarching Security Management Plan will be implemented and details the performance of the tasks that will be performed. This is where the policy and procedures, SOPs, and Post Orders can be found.
This is the part of the overall Security Plan that is the most complex and therefore most difficult to compose. Applications for the Illinois Adult Use Cannabis Dispensary permits were accepted from 9:30 a.m. December 10, 2019 through 12 noon January 2, 2020. I provided security content for 12 of these dispensary permit applications. On the afternoon of Saturday, December 28th, I received a phone call from a woman who was frantic. She had seen my presentation at a cannabis seminar and exhibition in Rosemont, IL and had spoken with me afterward. She told me that she had decided to use someone else to supply the security content for her application and that she just received the security plan from them. She explained that the plan was five pages, mostly drawings. This is a tell-tale sign of the shortsightedness and naiveté a typical systems integrator demonstrates in providing a “Security Plan.” The security plan section of the application was limited to 50 pages and all the plans I had written were a full 50 pages. So, I can understand her being distraught over receiving a five-page security plan. I asked her if those who provided her with the security plan were the same ones who were going to supply and install the security equipment in her dispensary if she were to be awarded a permit. She replied, “Yes.”
Unfortunately, on such short notice, I was not certain that I could dedicate the significant amount of time to properly develop a customized security plan for her and her organization. Sure, I could have “cut and pasted” from one or more of the plans I had already written but that would not only be unethical, it would make me no better than the security integrator who had provided her with a Security Technology Plan and sold it as a Security Plan.
No two Security Plans I have developed are exactly the same. Each organization is unique in how it goes to business. Time must be taken to understand the culture of the organization so the Security Operations Plan can be developed in the least intrusive manner for the specific organization. Two things that can be said about security: security is always an inconvenience; and security is always too expensive until you need it. It is important to devise the operations in a manner that is not only compliant with the rules and regulations (that is what the Security Management Plan does) but is acceptable to the organization and has buy-in from leadership. The Security Operations Plan is not easily written by someone without experience in security operations in the same industry.
I recently worked with clients in Missouri applying for permits. The application to operate a cultivation center under Missouri’s medical cannabis program has 10 questions as well as a requirement for a drawing with the security systems overlaid on a floor plan. The first question is: Describe your security plan, including staffing, at the facility. You may submit up to 500 words. Without operational security experience within a cultivation center, it is difficult to describe what exactly will be done to prevent the theft or diversion of cannabis as well as protect the safety and security of all employees, visitors, and contractors. A drawing representing the intent of the security systems’ design and device locations does not answer this or any of the other 9 questions in the security section of the application. Though it may have a very short-term deterrent effect, putting a camera in a room does not in and of itself prevent the theft or diversion of cannabis. Cameras are tools. Together with SOPs, creating procedures for determining who has access to the room and when they have that access, procedures for the performance of the specific activities performed within the room, procedures for monitoring the activities within the room, and training to react to exceptions to any of these, work together to prevent the theft or diversion of cannabis. There are not many integrators who can develop and articulate this beyond how to operate the security systems as they are not skilled or experienced with using the security systems as part of security operations.
As the caller mentioned on that December 28th call learned, security integrators (those who sell and install security equipment) are not generally the best people to provide a security plan. The temptation to allow them to provide a security plan at no cost, with the contingency that if you win the permit you will award them the equipment and installation contract, is real. The likelihood of scoring well in the security portion of the permit application is greatly reduced, no matter how many “security plans” they have provided and may just be the reason for not scoring high enough to win the permit. In the end, it is the buyer’s responsibility to become educated and properly vet potential security partners, especially during the critical application stage.
My advice as to where to start…
Stay tuned and stay safe, and always remember that it is everyone’s responsibility to become an active participant in the safety and security of themselves and others.
In Case You Missed It
Security Master Planning in the Cannabis Industry – Part 3: The Security Management Plan
Security Master Planning in the Cannabis Industry – Part 2: The Security Technology Plan
Security Master Planning in the Cannabis Industry
Tim Sutton is considered the most qualified cannabis security expert in consulting. With nearly 35 years of security management experience across several industries including boots-on-the-ground experience within the cannabis industry as security director for two Illinois-based MSOs and triple security board certification, he has been the cannabis industry’s go to security consultant since 2013. His expertise includes operational security management, program development, loss prevention, physical security, risk assessments, and technical security systems design and implementation. Tim is a Director on the ASIS International Professional Standards Board, and a member of the ASTM International D37 Committee on Cannabis Standards.
Sutton has spoken at a number of cannabis industry events covering security subject matter. He first entered the cannabis industry as a security consultant when he authored security content for the extremely competitive Illinois permit application process winning two cultivation permits and three dispensary permits. After winning five IL permits, Mr. Sutton has provided security consulting services and authored consistently winning security plans and content for applications and operations in multiple states.
In addition to operational security director roles within the cannabis industry, Mr. Sutton has worked as a hospital security director, manufacturing facility security coordinator, and retail director of loss prevention and security. He also has held several positions within a security integrator operation including account executive, senior systems engineer, and licensee in charge and today provides security technology plans for multiple industries.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
Notify me of follow-up comments by email.
Notify me of new posts by email.
It has been one year since Long Beach, California-based Glass House Brands (NEO:GLAS.A.U) (NEO:GLAS.WT.U) (OTCQX:GLASF) (OTCQX:GHBWF) announced the start of cultivation at the 5.5 million square-foot facility located in the…
By Jack Scrantom & Jonathan Bench, Attorneys at Harris Bricken We’ve written regularly about the plight of cannabis businesses not being able to secure traditional lending (and other financial services)…
More than four years after Detroiters overwhelmingly voted to approve recreational marijuana sales, the city’s first “legacy Detroit” Black-owned recreational marijuana dispensary opened Saturday as part of the city’s social equity…
Illinois had a three-year head start on legalizing recreational marijuana, but in many ways, Missouri has surpassed it after just one month. The two states came to legalization very differently,…