This is part two of a three-part series on how to plan, build, and assemble security solutions for cannabis businesses. In part one of this series, we looked at some of the key considerations that should inform your selection of a video management system. In the final article in this series, we will explore cybersecurity solutions — an increasingly important part of the puzzle in a world full of internet-connected devices.

Access control solutions are a fundamental element of your security solution, working together with video management and intrusion detection to ensure only authorized people have access to sensitive areas. Here are three common pitfalls for cannabis companies when selecting an access control system, along with some practical recommendations on how to choose a robust system that will work for you as your business grows.

Pitfall #1: Thinking too small

When you’re just starting out, it’s tempting to go with the least expensive solution, but it’s important to think about how your needs will change in the next five to 10 years. You may only have one facility today, for example, but if your business goal is to open more locations, you’ll need to choose a solution that can grow with you.

If future expansion is in your plan, you’ll want to make sure you don’t need different access cards or credentials for different sites. Depending on how big you want to grow, you’ll want to look for an enterprise-level system that can support global architecture, which allows your security team entry to every location and to monitor all facilities from a central location. You’ll want the flexibility for your access control head to be located at your HQ or in the Cloud.

Pitfall #2: Setting up siloed systems

Your access control system is just one part of your security solution. The most powerful and effective security solutions are unified not siloed. Look for a unified solution that allows you to monitor and manage access control within the same client interface as your video monitoring, intrusion detection, and other security systems.

Look for solutions that allow you to automate certain processes and make it easier to manage user credentials as well. For example, some unified software solutions can link access control with your human resources database and assign access rights based on employee roles. When an employee transfers to a new location, leaves the company or is given new responsibilities, their access privileges will change automatically based on the responsibilities of their position.

With a roles-based system, managers can also easily assign guest credentials or temporary privileges that will expire automatically at a pre-determined time. This allows managers to easily allow contractors or vendors to access the parts of your facility that they need to access, while also knowing exactly where and when they badged in and out. It also removes the access privilege if the visitor forgets to turn in their key card when they leave the premises.

A unified system allows your access control solution to do more than just lock and unlock doors. One example is using access control to validate that guard tours are taking place as required. Verifying that security staff is patrolling all areas of the facility at regular intervals is as easy as pulling an access control report.

Your access control system can also be linked to your intrusion detection system in a unified solution. In this case, your system can be set up so that when certain employees key in their personal identification number (PIN) the intrusion system is disarmed. PINs can also be enabled or disabled on a timer, preventing employees from entering secure areas after hours. They can also be changed or updated from the system interface as new employees leave or join your company.

When video monitoring systems are unified with access control, you can access video from the precise location and time when there was an event of interest. For example, if you suspect two people may have entered a secure area on one card, you can check the video footage for a particular entry point at the time each person badged in that day.

Pitfall #3: Getting stuck with a proprietary system

One of the best things you can do is to select open-architecture access control software so that you have the widest possible selection of hardware to choose from. This gives you the freedom to shop around for the best solutions for your needs. You can easily add or upgrade hardware as you grow, and you’ll also be able to take advantage of the latest technologies on the market. You don’t want to be locked into a system that may not scale as your business grows.

An open-architecture system also gives you the flexibility to change the software that isn’t meeting your needs, without having to replace all your hardware. Hardware is the most expensive component of your access control system, especially when you factor in not only the cost of the devices themselves but also the costs to install and configure them. Open-architecture access control panels and readers can work with any open-architecture software and vice versa, so you can easily adapt the system as your needs change.

There’s a lot of innovation in security solutions these days, and you want to leave the door open to add the new technologies that make sense for your business. For example, maybe a proximity card reader is the best solution for you today, but as your business grows, you may find the cost or security risk of lost cards becomes an issue. At that point, you may want to add two-factor authentication or move to a contactless solution altogether. With an open-architecture system, you can easily upgrade to readers that use cell phones, eyes, faces, fingerprints, or any combination of these technologies. Some unified solutions also provide remote entry via the security client or mobile app that can grant access to employees who have forgotten key cards.

Further reading: new ASTM Standards on access control

Access control solutions are an important focus of new ASTM Standards developed for the cannabis industry. The internationally respected standards development organization released these guidelines in February 2020; they are available to download from the ASTM’s new cannabis microsite for an affordable fee. These standards provide information on topics such as: how to secure a facility location, risk considerations that should be addressed, general security measures and practices, and common terminology surrounding cannabis industry security-related issues.

ASTM standards recommend installing access control systems at strategic locations within cannabis facilities, such as exterior entrances, loading docks, growing and processing rooms, offices, and transaction areas. The organization also recommends using multiple-factor authentication for doors, vaults, and safes, as well as growing, processing, manufacturing, transaction, product, and currency rooms. Authentication options include biometrics, wireless devices, and personal identification numbers.

In addition to access control, the standards recommend installing invasion detection systems such as motion sensors, contact alarms for doors or windows, and glass break alarms, which should automatically alert a 24-hour security monitoring service. The organization has also produced standards for video monitoring systems.

These new standards are a welcome resource for cannabis companies, providing a trustworthy and neutral summary of current best practices.

In Case You Missed It

Security solutions for cannabis businesses: 5 questions to ask before choosing a video management system: Part 1 of 3