medicinal cannabis security challenges - pharmout · medicinal cannabis security challenges. zohar...
TRANSCRIPT
Medicinal Cannabis Security Challenges
Zohar Dromi
1
2
3
• Cannabis remains the dominant illicit drug in Australia
• widespread domestic cultivation
• The number of national cannabis arrests increased from 75,105 in 2014–15 to
a record 79,643 in 2015–16
4
Cannabis - arrests
• Alcohol and cannabis are the most common substances detainees self-
reported using in the 48 hours prior to detention.
• Seventy five percent of multiple drug users tested positive to both cannabis
and methamphetamine.
5
They’re young, careless and armed
6
7
Expanding the supply
8
Australian code of good wholesaling practice for medicines in schedules 2, 3, 4
& 8:
• Section 9 Security arrangements and procedures- other than for CD and GHIV
• Section 10 Additional measures for management of controlled drugs (cd) and
other goods with high illicit value (GHIV)
9
Regulation
• A security risk assessment
• Wholesalers should review the Security Risk Management Plan, at least
annually.
10
Section 9 Requirements
• Suitable surveillance and detection systems should be installed.
• Connected to a control room.
• Access to storage facilities and other security-sensitive areas should be
limited to those personnel who are required to have it.
11
Section 9 Requirements
• A senior manager should be appointed to have overall responsibility for the
security
• Standard operating procedures for security, handling methods and reporting
of theft or misuse of medicines should be developed and enforced
12
Section 9 Requirements
• The services of a consultant who has registration or licensing in security in at
least one State/Territory and appropriate industry knowledge should be
engaged to assist in the preparation of the Security Risk Management Plan in
compliance with AS/NZS ISO 31000:2009, and review of the plan when the
plan is updated to reflect operational changes that result in a significant
increase in risk.
National Coordinating Committee on Therapeutic Goods Effective date 1 April 2011.
13
Section 10 Requirements
“This guideline is designed to allow flexibility on the part of a licence applicant,
focusing on the outcomes to be achieved rather than dictating specific
measures that need to be implemented.”
ODC, October 2016
14
Flexibility
•Deter – discourage from attempting to breach security measures.
•Delay – making the breach of security measures more difficult or slower.
•Deny – access control.•Detect – Audits.•Defend – actions taken to respond to a security breach
• Serves as a managerial tool.
• Guideline for the investment of resources.
• Flag gaps in operations and planning.
16
Risk assessment
17
Understanding Risk Management
Eliminate
Reduce
Manage/ Respond
The wider the coverage – the greater the chance you will identify most of your
weakness.
The cycle of risk
18
19
Shield Risk Assessment TemplateTHREAT/RISK LIKELIHOOD VULNERABILITY
/ SEVERITYRISK
LEVELForceful entry to the site through Main Reception Areas.
4 5 HIGH
Undercover/Discreet entry to the site through main reception areas.
5 5 HIGH
Unauthorized access to restricted products by an employee.
2 4 MED
Unauthorized access to restricted products by an external employee person (visitor/subcontractor)
3 5 HIGH
Forceful entry through building service door, windows and vehicle gates During Operating Hours.
3 4 MED
Forceful entry through building service door, windows and vehicle gates After Operating Hours.
4 5 HIGH
Breaking and entering on site through the facility roof.
2 4 MED
20
The Threat
Minor offences • Theft • Drugs• Bullying • Sexual abuse • Vandalism
Major offences
• Cold /hot weapon • Short/long range • Hostage situation
Unsafe Environment
The Basics of Security
21
Procedures
Staff Capabilities - HR
Infrastructure
Infrastructure
22
Infrastructure
23
Infrastructure
24
• Mandatory requirement: The licence holder must maintain an intruder
resistant cannabis site
• A room containing cannabis should not share a wall with the exterior of the
building unless that exterior wall has additional controls.
Security of Medicinal Cannabis, ODC
25
Risk assessment
Open Plantation Farming ?
26
Equipment - How To Maximize Value
27
+ +
+ +
• Staff Awareness
• Revision Protocols (Procedures & Audits)
• Personnel – dedicated staff
• Infrastructure
• Technology
28
Procedures
• Set expectations, but keep it simple
• Creating unity in work (flexibility needed).
• Consistent level of operations.
• Security plan - break the routine.
• Emergency plan - when pressure strikes.
29
Procedures and Structure
30
Staff CapabilitiesIs my security staff effective?
31
Effective Security – Operational Testing
• The Goal : Establish a Centralized Security mechanism.
• The focus of a Comprehensive Master Plan is to
enhance the security of assets that include people,
information, property and facilities against security
threats
32
Security Master Plan (SMP)
PreventionAwareness
Deterrent
Response Recovery
Security is an Ongoing Challenge
33
Employees arrivingDetected
EventIntegrated Security
Vehicle Of InterestAlert
Person Of InterestAlert
Graffiti / Fence BreachedAccess
Authentication
• Identify and map the risks • Find the most cost effective solutions• Set procedures• Document the plan • Choose personal • Allocate responsibilities • Train the staff
• Test the plan and make changes
34
How To Design A Defensive Operational Plan?
• Buildings and grounds are well maintained.
• Employees feel safe reporting crime, security and safety problems.
• Problems are addressed quickly and appropriately.
• Access is controlled and visitors are monitored.
• All areas are safe by design or by staff Supervision.
35
A Secure Site
36
Cyber Security – Who’s Responsibility?
CommunicationsSecurity
Physical Infrastructure
Radio/PhoneSecurity
Computer Security
Document Security
Staff Reliability INFORMATION
SECURITY
• Packaging
• Formatting
• Compounding
• Certificates
• Access to manufacturing processes /
Recipes
• Access to QC results
• Access to clients’ information
• Access to suppliers’ information
• Schedule of products
receipt/despatch
• Access to security control systems
37
Possible risks associated with information assets, would be falsification or access to:
38
Any Questions?