A Guide To Site Security In The Food Industry
By N.E.M Business Solutions
guidance document is designed as an aid to operators of food establishments (firms that
produce, process, store, repack, re-label, distribute, or transport food or food
ingredients). Food security for a developed economy like the UK is multi-faceted
and complex and various definitions exist. The common themes are: availability
of food; access of consumers to affordable, nutritional and safe food;
resilience of the food system to significant disruptions, and public confidence
in that system.
In these times of potential terrorist threats, we all need to consider the risk that our sites are subject to. No matter how unlikely it seems that your site could become the next "9 - 11” an assessment of the risks will at the very least show you customs that you are taking a professional and responsible attitude towards site security. In reality most food production sites are open to as many forms of potential risk as there are people that enter the site.
threats range from mischievous children to a full-blown bio-terrorism attack.
Considerable improvements can be made with relatively little effort or cost.
notes are intended to act as an aid to improving security and is by no means a
fully inclusive guide to security.
process called Operational Risk Management (ORM) may help prioritise the
preventive measures that are most likely to have the greatest impact on reducing
the risk of tampering or other malicious, criminal, or terrorist actions against
Benefits of ORM
1. Reduction of operational loss.
2. Lower compliance / auditing costs.
3. Early detection of unlawful activities.
4. Reduced exposure to future risks.
is recommends that food establishment operators consider the following points:
you are in any doubt contact a reliable contractor for help.
are a number of points that may help the process:
in food security procedures.
is vital that staff on a site are all aware of the potential risks, this makes
training of paramount importance. The training should include food security
awareness, including information on how to prevent, detect, and respond to
tampering or other malicious, criminal, or terrorist actions or threats.
staff should be trained including seasonal, temporary, contract, and volunteer
periodic reminders of the importance of security procedures (for example,
scheduling meetings, providing brochures).
staff support (for example, involving staff in food security planning and the
food security awareness program, demonstrating the importance of security
procedures to the staff).
for “unusual behaviour”.
may indicate any number of problems and should not be ignored or disregarded.
Watch for unusual or suspicious behaviour by staff. For example, staff who,
without an identifiable purpose, stay unusually late after the end of their
shift or arrive unusually early. Staff gaining access files and information that
are not related to their work. Staff
that gain access to areas of the facility outside of the areas of their
responsibility. Take note of staff removing documents from the facility; asking
questions on sensitive subjects; bringing cameras to work.
must know who has been on to the site.
a minimum you should know the following:
bio-terrorism security regulations require food manufacturers,
distributors, and logistics companies to establish and maintain records. These
records should allow authorities to conduct a trace investigation to protect the
food and animal feed supply.
most cases, greater security leads to greater inconvenience for food
situation will often lead to employees ignoring or circumventing security
measures. Consequently security needs to be a high management priority at all
times. The total management team on a site needs to be aware that security does
slow things down, especially if the procedures have not been thought through and
sensibly integrated into the sites operation. Involve all staff and ensure they
know why security is important, security is just an extension of “food
safety” and we are all familiar with that.
walls and fences provide a physical barrier and an excellent first line of
defence, helping to deter casual intruders. Children are naturally curious and
consequently difficult to stop. The installation of physical barriers will often
reduce insurance policy costs.
protecting perimeter access with fencing or other deterrents, it is important
not to forget the necessary openings; doors (including freight loading doors,
when not in use and not being monitored, and emergency exits), windows, roof
openings / hatches, vent openings, ventilation systems, utility rooms, loft
areas, trailer bodies, tanker trucks, railcars, and bulk storage tanks for
liquids, solids, and compressed gases.
measures may include for example, using locks, "jimmy plates," seals,
alarms, intrusion detection sensors, guards, video surveillance. Remember to
consult any relevant local fire or occupational safety codes before making any
changes. Minimise the number of entrances to restricted areas. Securing bulk
unloading equipment (for example, augers, pipes, conveyor belts, and hoses) when
not in use is as important as inspecting the equipment before use. Accounting
for all keys to establishments (for example, assigning responsibility for
issuing, tracking, and retrieving keys) is vital.
guards, offer a considerable boost to any system. However the security staff
need to patrol the site and to review CC TV monitors on a regular basis.
Circuit TV systems.
TV systems offer a good means of monitoring "out of the way" places.
CCTV is rapidly becoming the standard in security installations. Not just as a
crime prevention and deterrent, but also to provide good enough digital images to
enable prosecution. Lack
of daylight is no barrier as infrared cameras and infrared floodlights are now
of sufficiently high quality to produce acceptable and useful images. These
“night vision” systems are particularly useful when linked to "motion
detection" and tracking systems.
visibility and obvious nature of large CCTV cameras can act as a deterrent to
intruders, however it may be necessary to resort to “Spy Cameras” to detect
“nefarious goings on” by apparently legitimate employees.
of your Mail
protect your site you need to know the potential threats.
of food establishments are encouraged to review their current procedures and
controls in light of the potential for tampering or other malicious, criminal,
or terrorist actions and make appropriate improvements.
staff or ex-staff
need to be aware of the potential means of carrying out the threat:
So consider the means that your product could be contaminated:
addition to the product.
In Place systems.
added as an ingredient.
supplies and distribution systems are particularly vulnerable,
(Mains, borehole, rivers and stream, recovered or reused water, wells, hydrants).
storage and handling facilities, including repair and Legionella cleaning
access to computer and electronic systems needs to be considered just as
carefully as physical access to the site. Remote computer access can be even
more difficult to spot than someone climbing over your fence. Specialist help is
likely to be needed in order to detect computer intrusion; it is simpler and
wiser to invest in protection prior to any problems.
connections come in a variety of “flavours”:
These can be reasonably well protected using secure multi-factor authentication and secure (un-hackable) encrypted connections can be established.
These can be more difficult to “police” as the trend for laptop and portable computing grows ever more popular. These trends offer two distinctly different risks; firstly there is the problem of theft and the loss of confidential information and secondly the possibility of the employee unwittingly allowing the laptop to be infected with malicious and nefarious software.
employees connect mobile computers of any variety to the main network needs to
be strictly controlled.
Employees should not normally be allowed to bring recording media onto the site without specific permission. This should cover all forms of transferring computer data, for example USB memory sticks, memory cards, floppy disks, portable hard drives. Remember that cameras, MP3 players, PDA,s and mobile phones can all be used to record and transfer data.
Process control systems.
Computer systems are not limited to office systems, it is common for modern food
sites to have a number of control systems that are computerised. These systems
are often open to remote access by the manufacturer. These systems are often in
direct control of the manufacturing process and the software is often
proprietary and complex to interpret. Consequently malicious alterations are
unlikely to be spotted by anyone other than an expert.
systems need to be just as secure as any firms accounting system.
A good source of information can be found at http://www.grc.com/securitynow.html
It is wise to maintain a full and up to date set of "back-up" files for all computer systems. Should disaster strike then "clean copies " of the sites software will be essential in the recovery process. The back-up files should be held on and off site with multiple copies reaching back several weeks would be wise. Computer system offer the opportunity to tamper with a software system and not activate that change until some time later, this means that all software should be validated on a regular basis. This process can be difficult and time consuming, in order to minimise the problem this validation process should be included in the original design brief for any new software.
N.E.M Business Solutions Tel / Fax : 01823 680119 Mobile 07768 981196