Pharmaceutical Industry Lessons for Cannabis

CBE/June 5, 2017/Rebecca Cicarelli and Matt Gifford

When it comes to developing and implementing an appropriately comprehensive security plan, the pharmaceutical industry knows what it is doing.  You might say that this is not their first rodeo.

That is not, however, the case with many cannabis businesses newly charged with mapping out security for the purposes of licensing and daily operations.

The pharmaceutical industry and a comprehensive approach to security

Pharmaceutical companies must be compliant with Drug Enforcement Administration (DEA) regulations in order to remain operational.  But their accountability does not end there. Ultimately, companies that deal with controlled substances and other drugs are held responsible for the welfare of the American public. As such, both large and small scale pharmaceutical entities manage their security plans as a long-term proposition.

Whether they are laboratories, manufacturers or distributors, those that operate within the pharma space evaluate the here and now, but also project future facility and product needs when mapping out security. They go to great lengths to ensure full compliance with all federal, state and industry regulations; often exceeding them.  And while their “toolbox” certainly includes security equipment, it is also comprised of three other critical elements: policy, procedure and people.

It all begins with culture

The cannabis business would be wise to mimic pharma efforts to establish a clear and consistent company culture. Culture does, in fact, define the character and personality of the organization. Want employees to be honest and trustworthy? It helps to begin by saying so, and emphasizing your zero tolerance culture. Ultimately, clear cultural communication helps the cannabis business owner find and keep the kind of people it seeks to employ.  Of course, it is critical to back that up with…

Policy and procedures

Policy and procedures is another area where cannabis can follow the pharma lead. Upon hire, employees should be apprised of all company policy via written agreements and handbooks. And reinforcement will be critical to ensure compliance – via internal signage, written reminders and in-person communication as needed. Of course, change should be anticipated. Policy must be reassessed regularly to gauge and prevent new threats, and communicated as such.

All good policy is supported by detailed procedure. This begins with hiring and training. Employment must be contingent on background/reference checks, credit checks and drug screening in an effort to hinder diversion risk. Once hired, all employees should be required to participate in diversion training programs to prepare them for detection and appropriate response. And those with access to security equipment must be properly trained in operation, trouble-shooting and response. Failure to do so can be catastrophic.

Standard operating procedures should identify and then address any area that might expose a company to internal or external threats. This must, at the very least, include public access protocol, visitor procedures, internal monitoring, alarm testing and response and perimeter controls.

Equipment mandates

The last piece of the security puzzle for pharmaceutical companies and cannabis is equipment. The Code of Federal Regulations, 21 CFR 1301.72 specifically dictates storage in a precisely defined vault/safe for controlled substances or DEA Schedule I-II. Subsequently, the vault or safe is indeed the cornerstone of physical security for many pharmaceutical companies and all cannabis operations.

This is complemented by other physical security elements including safes, mantraps, safe entry portals and bullet resistance. And, prompted by regulatory requirements, electronic security components include video surveillance, access control and alarm.  All equipment ultimately works together to support optimal compliance and business success.