Medicinal Cannabis Security Challenges

Zohar Dromi

1

2

3

• Cannabis remains the dominant illicit drug in Australia

• widespread domestic cultivation

• The number of national cannabis arrests increased from 75,105 in 2014–15 to

a record 79,643 in 2015–16

4

Cannabis - arrests

• Alcohol and cannabis are the most common substances detainees self-

reported using in the 48 hours prior to detention.

• Seventy five percent of multiple drug users tested positive to both cannabis

and methamphetamine.

5

They’re young, careless and armed

6

7

Expanding the supply

8

Australian code of good wholesaling practice for medicines in schedules 2, 3, 4

& 8:

• Section 9 Security arrangements and procedures- other than for CD and GHIV

• Section 10 Additional measures for management of controlled drugs (cd) and

other goods with high illicit value (GHIV)

9

Regulation

• A security risk assessment

• Wholesalers should review the Security Risk Management Plan, at least

annually.

10

Section 9 Requirements

• Suitable surveillance and detection systems should be installed.

• Connected to a control room.

• Access to storage facilities and other security-sensitive areas should be

limited to those personnel who are required to have it.

11

Section 9 Requirements

• A senior manager should be appointed to have overall responsibility for the

security

• Standard operating procedures for security, handling methods and reporting

of theft or misuse of medicines should be developed and enforced

12

Section 9 Requirements

• The services of a consultant who has registration or licensing in security in at

least one State/Territory and appropriate industry knowledge should be

engaged to assist in the preparation of the Security Risk Management Plan in

compliance with AS/NZS ISO 31000:2009, and review of the plan when the

plan is updated to reflect operational changes that result in a significant

increase in risk.

National Coordinating Committee on Therapeutic Goods Effective date 1 April 2011.

13

Section 10 Requirements

“This guideline is designed to allow flexibility on the part of a licence applicant,

focusing on the outcomes to be achieved rather than dictating specific

measures that need to be implemented.”

ODC, October 2016

14

Flexibility

•Deter – discourage from attempting to breach security measures.

•Delay – making the breach of security measures more difficult or slower.

•Deny – access control.•Detect – Audits.•Defend – actions taken to respond to a security breach

• Serves as a managerial tool.

• Guideline for the investment of resources.

• Flag gaps in operations and planning.

16

Risk assessment

17

Understanding Risk Management

Eliminate

Reduce

Manage/ Respond

The wider the coverage – the greater the chance you will identify most of your

weakness.

The cycle of risk

18

19

Shield Risk Assessment TemplateTHREAT/RISK LIKELIHOOD VULNERABILITY

/ SEVERITYRISK

LEVELForceful entry to the site through Main Reception Areas.

4 5 HIGH

Undercover/Discreet entry to the site through main reception areas.

5 5 HIGH

Unauthorized access to restricted products by an employee.

2 4 MED

Unauthorized access to restricted products by an external employee person (visitor/subcontractor)

3 5 HIGH

Forceful entry through building service door, windows and vehicle gates During Operating Hours.

3 4 MED

Forceful entry through building service door, windows and vehicle gates After Operating Hours.

4 5 HIGH

Breaking and entering on site through the facility roof.

2 4 MED

20

The Threat

Minor offences • Theft • Drugs• Bullying • Sexual abuse • Vandalism

Major offences

• Cold /hot weapon • Short/long range • Hostage situation

Unsafe Environment

The Basics of Security

21

Procedures

Staff Capabilities - HR

Infrastructure

Infrastructure

22

Infrastructure

23

Infrastructure

24

• Mandatory requirement: The licence holder must maintain an intruder

resistant cannabis site

• A room containing cannabis should not share a wall with the exterior of the

building unless that exterior wall has additional controls.

Security of Medicinal Cannabis, ODC

25

Risk assessment

Open Plantation Farming ?

26

Equipment - How To Maximize Value

27

+ +

+ +

• Staff Awareness

• Revision Protocols (Procedures & Audits)

• Personnel – dedicated staff

• Infrastructure

• Technology

28

Procedures

• Set expectations, but keep it simple

• Creating unity in work (flexibility needed).

• Consistent level of operations.

• Security plan - break the routine.

• Emergency plan - when pressure strikes.

29

Procedures and Structure

30

Staff CapabilitiesIs my security staff effective?

31

Effective Security – Operational Testing

• The Goal : Establish a Centralized Security mechanism.

• The focus of a Comprehensive Master Plan is to

enhance the security of assets that include people,

information, property and facilities against security

threats

32

Security Master Plan (SMP)

PreventionAwareness

Deterrent

Response Recovery

Security is an Ongoing Challenge

33

Employees arrivingDetected

EventIntegrated Security

Vehicle Of InterestAlert

Person Of InterestAlert

Graffiti / Fence BreachedAccess

Authentication

• Identify and map the risks • Find the most cost effective solutions• Set procedures• Document the plan • Choose personal • Allocate responsibilities • Train the staff

• Test the plan and make changes

34

How To Design A Defensive Operational Plan?

• Buildings and grounds are well maintained.

• Employees feel safe reporting crime, security and safety problems.

• Problems are addressed quickly and appropriately.

• Access is controlled and visitors are monitored.

• All areas are safe by design or by staff Supervision.

35

A Secure Site

36

Cyber Security – Who’s Responsibility?

CommunicationsSecurity

Physical Infrastructure

Radio/PhoneSecurity

Computer Security

Document Security

Staff Reliability INFORMATION

SECURITY

• Packaging

• Formatting

• Compounding

• Certificates

• Access to manufacturing processes /

Recipes

• Access to QC results

• Access to clients’ information

• Access to suppliers’ information

• Schedule of products

receipt/despatch

• Access to security control systems

37

Possible risks associated with information assets, would be falsification or access to:

38

Any Questions?