Comprehensive security plan 800-1000 word portion only)
Comprehensive Security Plan
SEC/480
April 25, 2016
Comprehensive Security Plan
As a global player on the stage of the production and sale of natural and organic products, SunOpta has a duty to its customers and employees to adequately secure their Modesto, CA facility. Through a risk and threat assessment the company can identify internal assets and exactly what measures are in place for protection. The identified vulnerabilities in the system will allow the company to plan for the future and build a relevant security network meant to protect its viability. With a sound assessment in hand the company can “bring well-being to life”
Organizational Overview
As a producer of dairy milk alternative beverages, SunOpta explored communities on the west coast of America from which to house an expansion of aseptic capabilities. The plant chosen after consideration of many options is housed in a big industrial park near the city's municipal airport. The facility itself comprises “an existing building on the Tri-Valley Growers' Plant 1 site at 555 Mariposa Road, which used to be a fruit canning plant before it closed in 2006. In August 2008, SunOpta invested $25m to outfit the new 180,000ft² plant and signed a long-term lease for the building. (New Modesto Facility, 2009) The company has expanded within that footprint since coming online and no conducts twenty-four-hour operations with personnel at the facility on a round the clock basis. The survey completed on March 30, 2016, considered all current equipment, personnel, capabilities and security measures in use. The survey was completed in its entirety by Matthew Wayne Reynolds, (253) 310-3104, 555 Mariposa Rd Modesto, CA 95354, [email protected].
SunOpta Inc. is a leading global company focused on organic, non-genetically modified ("non-GMO") and specialty foods. SunOpta specializes in the sourcing, processing and packaging of organic and non-GMO food products, integrated from seed through packaged products; with a focus on strategic vertically integrated business models With about 1,700 global employees, SunOpta's organic and non-GMO food operations revolve around value-added grain, seed, fruit and vegetable based product offerings, supported by a global sourcing and supply infrastructure (SunOpta, 2015).
Organizational Mission
SunOpta has a responsibility to its consumers, but also has a duty to uphold a safe and security work environment for its employees as well. The mission statement of SunOpta sums it up by saying, “At SunOpta, we empower our employees to enrich lives by developing healthy and organic food products, driving sustainable well-being" (SunOpta, 2015, About Us, para. 3). The mission statement is the fallback position for everything the company does. Empowering its employees to enrich the lives of the consumer. The security of the facility and its employee’s falls under that mission statement as well. The security team must take every step to ensure the people of SunOpta are kept safe and secure; without the security staff, the ability for the empowered employees to do what they do on a daily basis would cease to happen.
The mission of SunOpta carries over to everything that the security team does, and it should be the driving factor for security management when making decisions that not only pertain to the security staff, but to the entire facility and its employees. The direct connection to the SunOpta mission statement falls heavily on the security team. If the security of the facility and its people is not maintained, the company will cease to produce product for the consumer; thus ending SunOpta. An example of this would be an attack by a lone wolf attacker. If this attacker gains entry to the production facility, opens fire, wounding and killing the staff, production stops and SunOpta must go into mitigation and recovery phase. This one attack could have lasting effect on the company as a whole. The role of the security staff and the security upgrades that are proposed will help to act as a deterrent and preventer of these types of threats. If the security team, like the rest of SunOpta, continues to use the mission statement as a guiding light for the direction of the company, the path forward will be bright.
Vision
The vision that is shared across every department of the company should also be a driving factor for the direction SunOpta wants to go in achieving future growth. The company’s mission statement is:
To be a sustainable organization that is a global leader in natural and organic food products are driven by a spirit of continuous improvement, innovation and category expertise that enables the well-being of our employees, customers, consumers and other stakeholders. (SunOpta, 2015, About Us, para. 4)
This vision statement is an idea that will continue to guide the company in the innovation and growth that they expect, as well as the commitment they have made to their stakeholders and customers.
Like the mission statement, the vision message will help guide the security team as well. The use of this risk assessment and future policy guidelines will ensure the well-being of employees, customers, and the end users of SunOpta’s products. The security assessment is one way the team can identify and address the areas of growth for the company. Identifying the needs up front, will help to prevent potential loss in the future. The need for a proactive approach to security will help SunOpta reach its stated vision; fulfilling the commitments to their staff and customers.
City/Region
The city of Modesto, California is in the center of the San Joaquin Valley and is the county seat of Stanislaus County. As a major hub for the agriculture-rich region, the city is home to a population of 210,000 people based on estimates from the city's website. The plant itself is housed along the southeastern side of the town in an industrial area near the city's municipal airport. Emergency services are tended to by City entities to include police, firefighting, and other emergency services. Utilities are maintained by the City, for water, and Pacific Gas and Electric Company for electricity and natural gas.
The immediate vicinity surrounding the facility is home to lower income housing and another medium to large scale production operations. Labor demands within the facility range from highly skilled technical operators to more menial tasks focused on cleaning and stacking boxes. The company sources these employees through nonunion means with direct hiring through Human Resources and temporary labor through a local provider. As a greater than the minimum wage paying facility the company enjoys a better than average retention rate among hourly employees and is, therefore, able to remain selective in its hiring process.
With local crime, which includes gang activity synonymous with the region, being high, the onus falls on companies in the area to protect their facilities. Recent instances of crime in the area that have affected the company itself include equipment theft, including pallets and motors, and vandalism to the exterior fencing and walls around the shipping area of the building. As a city-wide issue, car theft has also been a problem to the facility over the past 12 months with four employee cars being stolen from the front parking lot during daylight hours.
Facility
The facility itself is a large stand-alone building with entrances and exits on each side of the building. Along the eastern, front, or Mariposa road facing side of the building are two tractor trailer receiving doors, three self-locking man doors with controlled fob style access a long fence and a vehicle gate for access to the shipping and boiler areas. The northern edge of the building comprises three separate man doors using traditional locks, boiler equipment and office area, five tractor trailer load-out shipping doors and small garage area with a roll up door used for storage of unused of defunct parts and materials. This northern edge of the facility is connected to the eastern vehicle gate and is enclosed by a six-foot tall fence.
The western facing edge of the building includes the back side of the garage area with a traditional lock man door and six man doors along the side of the exterior wall. This area of the plant includes a product storage tank area, chemical loading points, three large cooling system fans, a dairy and milk receiving bay and a roll up door for forklift and vehicle access. Most of this area includes a six foot tall fence between company property and that of other businesses directly to the west of the plant. A common pathway through this area is maintained to facilitate the delivery and shipping of liquid soy base and dairy. The northern edge of the building is largely unused with a fence along the exterior and a man door that leads to the fence and a narrow pathway between it and the building.
The interior of the building is maintained to sound industrial production standards by a two person team dedicated to facilities engineering and maintenance. These two mechanics are charged with maintaining a structurally sound and safe working environment for all employees in the facility. They maintain relationships with local regulatory agencies to ensure compliance with electrical, chemical, pest and fire control services. The company uses an overlapping fire alarm and sprinkler system designed to douse flames and prevent loss of life and property. The fire extinguisher program includes properly spaced extinguishers and yearly familiarization training with all company employees. Emergency drills for fire and gas are scheduled yearly but have not been documented as completed since early 2014.
Starting from the southern wall of the building moving northward the plant follows a streamlined process flow designed and implemented to promote ease of movement and maximum efficiency of production. The far southern side of the building houses a warehouse for the receipt of production materials and ingredients and is accessible from the receiving and dairy load out roll up doors. A large soy extraction room, three mixing rooms and an internal access room to the product storage tanks make up the rest of this western portion. Enclosed in two small ventilated rooms are chemical rooms that house caustic and acid meant for cleaning of production machinery throughout the plant. The heart of the aseptic operation is housed in the next two large rooms which share an internal structure inside the overall warehouse. These rooms contain; three Tetra Pak processing machines, three storage silos ranging from 10,000 to 15,000 gallons and eight Tetra Pak filling machines all designed to keep air and bacteria out of product cartons to ensure extended shelf life capability. Moving into the original structure sees casing, palletizing and warehousing operations across all eight lines. The far eastern and northern areas of the facility are dedicated warehouses meant for the temporary storage of finished goods before they are shipped on to a distributor. Inside the original structure is two, two-story buildings meant for offices and storage. The operations office contains a six cubicle workstation, male and female bathrooms, an employee break room and parts storage on the ground floor. The top floor is a dedicated parts and supplies room with two stairwells, one on each side.
The front office structure's ground floor houses offices for the plant, production, and human resource manager's office and a small reception area staffed by an administrative assistant. The upstairs portion includes two conference rooms, female and male restrooms and locker rooms and access to the roof and electrical equipment. Access to the roof is strictly controlled and is available by only one key.
Assessment
Strengths
It is important to maintain strong working relationships neighboring businesses to ensure a collective approach to general security and wellbeing. As each company in an area will see a similar vulnerability risk, it is increasingly important to develop and foster relationships with those that share a similar environment. This communication can help each entity build an interlocking set of protocols meant to protect the viability of the business community through good times and bad. Even within the grasps of high crime area, the vulnerability of an entire industrial neighborhood may be affected positively or negatively based on the overall community-based relationships in place.
Within the designated industrial zone lies a preexisting network of businesses with ability to work together to prevent or mitigate the risk of crime. As new tenants move into existing buildings, it is an important show of unity for established members to reach out and determine what security elements are available to make the overall continuity plan of the neighborhood stronger. The plant representative meets with other safety and security personnel at a bi-annual meeting hosted by the City and Police Department.
With attendance in the bi-annual business community meetings the company and its representatives can build a report with local law enforcement entities. These relationships are vital to the long-term health and viability of the company as a member of the overall community. Businesses that can develop and implement security measures with the rest of the community in mind help to build an interlocking network that promotes safety and security throughout. With this cooperation and report developed, the companies can better deal with large-scale incidents as a team rather than multiple singular entities.
Human capital within an organization is sometimes an undervalued segment and one that must be protected. Allowing for a safe and secure workspace that fosters productivity should result from any management process in a successful organization. "Calculating the value of our employees is difficult because they are not like any other asset; they are simultaneously the greatest potential asset and the most significant potential liability that an organization has at any given time. They are the only intangible asset that can be influenced but never controlled." ("Your Company's Most Valuable Asset: Your Employees", n.d.) Losing an employee, especially from a preventable incident, is one that is both devastating and priceless at the same time. While employees will leave overtime, it should be a stated goal of the company to maintain a safe working environment.
A significant portion of the security system in place and functioning revolves around the company's ability to make sound hiring decisions. All new and existing employees are subject to random drug screens besides initial and annual background checks. Each of these measures ensures regulatory compliance and is therefore also triggered by an event and reasonable suspicion based actions. Any derogatory information found in an employee or applicant's history must receive a conditional waiver through corporate command channels before hiring, or retention can continue. All employees receive initial and annual instruction on all company policies and procedures in place ensuring that everyone is on the same page and can act as a safety officer.
Weaknesses
The plant security plan as it is constituted is lacking has had little by way of planning or security measures enacted. With the recent incidents of vandalism and car theft on company property, a newfound focus to improve security in an economical way has become a focus. The large unsecured parking lot has become an area of concern for employees coming to work each day as each now knows a coworker whose car was stolen while working within the facility. Current security measures in place comprise controlled access doors on the front facing doors of the facility with issuance and tracking of key fobs controlled by the administrative assistant that works from 0800 to 1600 on a Monday through Friday basis. The six-foot fence that acts as a perimeter barrier between company controlled areas and other businesses which cover about seventy-five percent of the property.
Human-made threats to an organization or its assets, whether they are malicious or unintentional, have a great impact on the need for and implementation of security plans. These human-based threats often encompass most the attention and resources of the security team as they must protect against internal and external threats simultaneously. "Human-caused incidents, which result from the intentional actions of an adversary, such as a threatened or actual chemical attack, biological attack, or cyber incident…" (Threat and Hazard Identification and Risk Assessment Guide, 2013) These human-made threats include many potential threats from theft and sale of proprietary information to computer based cyber-attacks to direct ballistic or terroristic actions. Each threat can have an immediate impact on safety, security and overall profitability of the organization if left unaddressed.
Vulnerabilities
The core concept of physical security is to protect the plant from intrusion by unauthorized entities. Physical security is defined as "That part of security concerned with physical measures designed to safeguard personnel; to prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, and theft."(Physical Security, n.d.) To adequately protect those assets requires a foundation of principals and planning to control access within the constructs of a cost-conscious system. "A physical protection system, or PPS, integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent human attacks. The design of an effective PPS requires a methodical approach in which the designer weighs the objectives of the PPS against resources and then evaluates the proposed design to determine how well it meets the objectives."(Garcia, 2008, p.1) Through the use of a PPS system, the focus of the security framework will be on the organizational ability to detect delay and respond to threats. The three areas lay the foundation of the security network that will protect the organization. "The primary functions of a PPS are the detection of an adversary, delay of that adversary, and response by security personnel (guard force)." (Garcia, 2008, p.57)
Layered Security
The perimeter security in place as a simple border fence creates a barrier around roughly seventy-five percent of the exterior of the property. During night time operations few lights illuminate the perimeter as most in place are for convenience of using the parking lot. External security depends largely on controlling access to the building to the three eastern or front facing man doors that used the key fob access system. As not security measures are in place, the company largely depends on non-security company employees to determine if something is out of place and needs further attention. Once inside the building, there are once again little security measures in place by this survey. All doors inside are self-locking and require an assigned key for entry while front office areas to include human resources are part of the same key fob restricted access system in use on the front facing doors. The administrative assistant can remotely unlock the northern most "visitor/main door" to allow access during day time hours.
Natural Hazards
Natural vulnerabilities to an organization come largely from geographically specific threats that may affect one location within a business but have no bearing on another location. It is due to this nuance that makes it even more important to develop a site-specific assessment to identify better the vulnerable elements that may affect the company. The Central Valley of California is a relatively low-lying area dotted with streams and rivers making their way from the foothills of the Sierra and Cascade ranges to the Pacific Ocean. Little geographic variation combined the relatively inexpensive industrial land in flood-prone areas leaves many organizations highly susceptible to the effects of flooding. Conversely, just 60 miles to the west the greatest concern comes from large-scale geologic events such as earthquakes with little concern had for potential flooding. This two area would be close to most but endure highly different threats and overall vulnerability based on the geographic makeup of the surrounding area.
Human Made Threats
Human-made threats and their resultant vulnerabilities contribute a bulk of the reasoning for having a risk assessment program in place. Where natural and even technological risks are large the result of acts of nature, it is the human made threat to safety and security that can cause the greatest effect. The vulnerability of any organization is susceptible to two major types of human-made threats; internal and external. External threats come from the larger scale events like terrorist attacks and general criminality that can have an immediate impact on the profitability functionality of the company. Internal threats are a constant threat in any industry and have the potential to erase profits effectively. "In times of economic difficulties, anything that affects the bottom line (profits) is not tolerated. Where fraud exists, most business fraud surveys calculate losses at about 6 percent of annual revenue. Some surveys we have seen reported have concluded that losses attributable to employee theft (internal theft) equal or exceeded profits!" (Broder & Tucker, 2012, p. 45) This internal threat highlights the vulnerability of a company to the actions and inactions of its personnel. Employee engagement and development of work ethics is a vital part of the operation that relies heavily on the human resource management process. "Human Resource Management includes conducting job analyzes, planning personnel needs, recruiting the right people for the job, orienting and training, managing wages and salaries, providing benefits and incentives, evaluating performance, resolving disputes, and communicating with all employees at all levels. Examples of core qualities of HR management are extensive knowledge of the industry, leadership, and effective negotiation skills."(Businessdictionary.com, 2015) These systems develop and manage company personnel.
Technological Threats
The company holds as secure assets on its larger network the particular ingredient and formulation sheets of products. This proprietary information covers both internal and external formulas to include in-house competitors. In production and logistical operations, the company uses logistical software operating system that combines many facets of production into one particular and user-friendly interface. The overall vulnerabilities in the current construct of the network come via an aging software infrastructure and the threat of data leakage or corporate espionage that could cause the loss of proprietary information.
On the servers of the current system, specifically at that plant, a user with proper access could have access all information on available on the system. From a human resources perspective, this includes all company progressive discipline and payroll files hidden with a folder and protected by a simple password. Company and customer specific ingredient lists for both raw and finished products found with little difficulty and available to all granted access to the system. Accounting and budgetary files are relegated to user specific access certifications besides a regularly changed password changed, and all access is digitally tracked and or logged.
This facility requires both hard-wired and Wi-Fi for all users of the system in any department. A common practice within the facility is to move freely throughout the plant with a laptop in hand to facilitate management-level multi-tasking. Customers to the factory can use a password protected non-secure Wi-Fi network that allows access to email and will also support a 3rd party Virtual Private Network (VPN). "A VPN, as its name suggests, is just a virtual version of a secure, physical network—a web of computers linked together to share files and other resources. But VPNs connect to the outside world over the Internet, and they can secure general Internet traffic besides corporate assets. The lion's shares of modern VPNs are encrypted, so computers, devices, and other networks that connect to them do so via encrypted tunnels." (How, and Why To Set Up A VPN Today, 2013). With the relatively small workforce covering plants and producers across the globe employees outside use provided network access to remotely log in with a VPN of their own. As it states each user or facility must be specially wired into the grid for any access to be granted.
The overall digital network that the information system now sits on is aging from both software and hardware perspective. The plant received an upgrade in those systems when the plant was refurbished and repurposed for its current use and started operations in March of 2009. Coming up on seven full years of nonstop operations has left the plant susceptible to potentially catastrophic attacks. Adding a diverse product mix that includes many customers that themselves are rivals brings forth another layer of vulnerability. The company must protect its information from outside sources and from those granted physical access to the plant. A large threat to all parties involved comes by way of data leakage or employee theft from those unengaged participants under the security policy.
Crime and Criminology
The focus on crime when conducting a risk assessment is one that might make or break an organization from the onset. In a community like Modesto, specifically in the area this operation is taking place the influence of crime cannot be underestimated. The plan is to eventually maintain an ability to retain skilled workers the plant must enact measures meant to promote a safe and secure working environment. As a trusted supplier of natural and organic products to consumers the company should maintain an image as an active participant in bettering the community. Focusing on ways to reduce or mitigate the damage seen from crime is solid step in that direction.
National and Global Issues
Within a global society comes a system that is dependent on outside entities to deliver their logistical needs. Even with a vertically integrated company that delivers on all logistical needs in-house, there comes reliance on the outside. That would be in the general upkeep and usability of transportation mediums, road, rail, air and or sea, to deliver goods and services to the end consumer. The general vulnerability of each medium to outside influence directly affects the company that would otherwise rely on them to provide goods and services in an efficient manner to maintain the overall bottom line. The company, is highly reliant on the ability of others outside their control to maintain and ensure their usability. Therefore, the potential to be vulnerable to outside influences is high.
As with natural threats, each organization is widely susceptible to, or a product of the environment they call home. Regarding socio-economic and criminal activity, consider the physical location of company facilities and how the neighboring business and the general community interact. Many companies will enter contractual agreements for land and facility use based on the availability of workforce and direct cost to the bottom line. With Modesto, CA this largely industrial area comes with relatively cheap rent, flood susceptibility, and high crime. The neighboring communities, bordering the industrial developments and municipal airport, are the poorest in town and are known for higher than average gang and criminal activity. The vulnerability is derived from an initial cost cutting decision and must be considered in all aspects of safety and security going forward.
Through this assessment of current risks, threats and vulnerabilities, SunOpta can move forward in the security planning process. With a focus on what is working now and what needs to be changed, the company can better focus on “brining well-being to life.” As a member of the business and local community the company is a team player interested in a safe working environment for all employees. With a focus on safety and security, the company can deliver on its status as a leading producer of natural and organic products.
SunOpta Security Strategy
Following the risk and threat assessment of SunOpta, the company must put in place necessary measures critical in providing security and safety its customers and employees and in the process protect its viability in attaining the well-being to life. By initiating such a security planning process, the company stands on the right path where it focuses on what is working now and what needs to be changed and in the process focus on "bringing well-being to life” given it is a member of the business and local community. The security strategy will play a pivotal role in having SunOpta seen as a team player interested in a safe working environment for all employees.
The one thing coming out from the risk and threat assessment about SunOpta is that some the vulnerabilities that the company is exposed to can be through implementing the surveillance system as that will be critical in addressing major areas of concern in the in internal controls and inspection programs of the company. That will go a long way in intensifying the company’s internal security and improving the security around the premises. An improved surveillance system will be essential in helping SunOpta in maintaining its lead in the production and sale of natural and organic products now that the employees and he company will be assured of safety and security.
Security Plan
Vision and Goals
The goals of SunOpta fall in line with the mission and vision of the company. They want to product a high quality product, innovate, and grow while providing a safe and secure work environment for their employees and customers. Those goals are as follows:
· Ensure a safe work environment for employees.
· Ensure a safe product for consumers.
· Continue growth and innovation for our shareholders.
· Continue good stewardship for the environment.
With the nature of the products being produced at SunOpta, the end consumer can pay a heavy price for a lack of standardization and security. If security protocol is not in place, contaminates could be put into the product, causing widespread illness. The assessments conducted by management will cut down on these types of issues. With an assessment, the company must have a mitigation process in place as well. The continuity of business is just as important as identifying issues proactively. If there is a plan in place, in case something happens, the faster recovery and business as usual can become the norm.
Philosophy
The security officer acts as an agent, a representative of management to employees, visitors, and others. This is where the officer is concerned with representing the philosophies of management. In order to do this effectively, they must thoroughly understand the mission statement of the organization, as stated above. They need to know what the policies are and the underlying philosophy behind them. The major emphasis in the management representative role is on positive relations with the various publics with which security department’s deal; such as employees, customers, visitors, vendors, and local law enforcement officers. A solid background in public and customer relations is a necessity. So, too, is diplomacy when dealing with other departments, external agencies, and so on. Another aspect of this role is educational. Security officers may be very active in educating employees, visitors, students, guests, and so on about safe practices. As the officers grow professionally, they may become increasingly involved in educational efforts. As the security industry becomes more complex, requiring the protection of more intangible assets, this educational role will become more common (Palacios & Hertig, 2010). The philosophy of the security officer is just that, keeping in line with the company’s mission and vision. The security team must make decisions based on what the company direction is. If the team is consistent with this philosophy, then the security team and the company will be in sync.
Code of Ethics
The security team must follow a code of ethics that are in line with not only SunOpta, but also in line with the standard of professional security officers. The security team will have access to company and personnel information that most employee will not. That is why a code of ethics is so important. The following list of core professional security ethics will be a starting point for establishing a precedent for ethical officers, they are:
· Respond to employer’s professional needs
· Exhibit exemplary conduct
· Protect confidential information
· Maintain a safe & secure workplace
· Dress to create professionalism
· Enforce all lawful rules & regulations
· Encourage liaison with public officers
· Develop good rapport within the profession
· Strive to attain professional competence
· Encourage high standards of officer ethics
SunOpta, their customers, and their shareholders expect a great deal from the security team. In the past there has been far too little attention paid to the ethical aspects of the profession. There have to be solid guidelines that each officer knows and understands (Broder & Tucker, 2012). More importantly, it is essential that each manager and supervisor performs his or her duties in a manner that will reflect honesty, integrity, and professionalism.
The security plan aims at enhancing the security measures within SunOpta’s as a way of boosting the company’s profit maximization chances it attaining the international risk management status. Also, the security strategy aims at providing the essential security procedures, the budget for the same, the requirements, expected results of the plan, deliverables and the required appraisals for the success of the project.
Another goal of the security plan is to validate and substantiate the feasibility of organizational security by meeting the specific organizational needs comprehensively covering the company’s surveillance related risks.
Physical Security
Perimeter protection
Perimeter protection is the baseline layer of security of every security application. The intention and purpose of a perimeter security measure are to set the boundary of the facility visually and define what is considered the line between public and private access. This limit is meant as an initial means of access delay that will give other layers of security and its assets time to prepare effectively.
An effective physical protection system (PPS) requires that any malevolent act committed by an inside or outside adversary must be detected so that the response force, including onsite guards, local police, and others, can interrupt the adversary's attack before the goal is achieved. Because it is usually not feasible to maintain a sufficient guard force to place guards at all asset locations, some adversary delay is needed. After an adversary has been detected, delay elements will prevent completion of the malevolent act; provide delay until an adequate response force can arrive, or until additional remotely activated delay and response systems can be activated. (Garcia, 2008, p.219)
For the SunOpta Modesto facility, the perimeter boundary in place is identified as seventy-five percent in place, leaving twenty-five percent unprotected. This insufficient fencing has led to a pattern of personal and company-owned property over the past twelve months. The first step in establishing security program is to enclose this perimeter fully with fencing. These fences are not designed to be the last layer of defense, but set limits and impede initial access to the property. Concertina wire, a coiled strand of razor wire, on the top of a fence, adds basic level deterrent that can make the fencing set up more effective. With technological advancements in controlled access, a system that requires pre-authorized or granted access before entry, a security team can consistently control traffic. This access control feature expands the current system from the external man doors to gates surrounding the facility. This allows preauthorized access through man or vehicle sized access points along the perimeter to control who can enter the facility.
External Building Security
The second layer of the physical security setup is found in what is described as the external building security area. Effectively the space between the perimeter security and the building's internal security, finds a layer meant to provide time for detection and reaction. The access control features available in this area come from a mix of traditional and technological solutions that can be used in unison to achieve the desired effect of further deterrence beyond the perimeter fencing. Using security lighting to fully illuminate the exterior space is an ideal way of prohibiting unwanted access. These areas are further protected through Closed Circuit Television (CCTV) systems used for the continuous monitoring and recording of all activity within view. The exterior security space also gives the security team reaction time to respond to potential, perceived or actual threats to physical assets where available.
The external area of the SunOpta facility has minimal features in use to aid in external security. To fully develop this area into an asset for the company a few additions must be made. The employee parking area, once it is properly fenced in should receive security lighting and CCTV to keep employee vehicles better protected from the theft that that is prevalent. The employee parking measures should additionally be expanded to envelope the entire exterior of the building to improve the safety and security of all outside areas of the plant.
Internal Building Security
When developing and implementing an internal security system, the overall objective of the program should be one that keeps unauthorized users out of controlled access areas. To increase the efficiency and ability of employees to enter the facility and arrive at their workstations promptly, an employee only access door will be arranged in a way that expedites this process. . The ideal set up is to separate their entrance from one that may be used by the general public visiting the facility. This seemingly simplistic approach of those with distinctly different levels of plant access expectations is just the beginning of a program meant to keep people in the building where they are supposed to be.
The sooner that a visitor or unauthorized individual is identified, the sooner it is determined the purpose for their presence at the facility. This protocol enables the security team to address and process their visit, as visitors enter the facility they are immediately greeted by a company representative that can determine the reason for their visit. After the visitor understands and will comply with company security and liability protocols, the receptionist will have the visitor to be escorted through the facility as needed to accomplish the purpose of their visit. This layer ensures that guests to the facility are granted the access they need but present no undue risk or its fixed assets.
A necessary element of this security element is the further use of electronically controlled access points or controlled access systems; that ensure a key fob or key card holder has adequate permission to enter the facility from the door that their key is swiped. "A fob, or more commonly called a key fob, is a small security hardware device with built-in authentication used to control and secure access to network services and data. The key fob displays a randomly generated access code, which changes periodically, usually every 30 to 60 seconds. A user first authenticates them on the key fob with a personal identification number (PIN), followed by the current code displayed on the device." (Beal, 2016) The use of this system directs non-key holders to the general access front door during business hours or prevents access during off hours. This layout ensures that they are be greeted by company personnel and escorted through the facility. This use expands on controlled access key fobs found outside the facility. Expansion of this program should include all external doors and internal doors containing proprietary information. Fully incorporating those areas will allow for a record of access to each area and limiting entrance to those that a preauthorized
The expanded use of CCTV systems as a means of surveillance within the walls extends the proposed external system and supplements physical security assets. CCTV systems are designed in a way to allow real and post time access to activities within the facility. Using CCTV cameras has an added effect of enabling the monitoring and review of activities within company areas otherwise neglected or unable to monitor consistently. With implementing cameras throughout the plant, the company can record all activities within the facility to identify unauthorized use or practices that may have otherwise gone unidentified.
Cost Considerations
The overall ability of an organization to continue smooth operations while protecting their assets and employees is one that must find a happy medium of an applicable and cost-effective security program. As a base layer of defense, this cost starts with the one-time installation and subsequent general upkeep of a six foot tall, razor wire capped fencing system to envelop the grounds of the facility entirely. As a part of the greater access control protocols put in place, integrated smart card access systems will prohibit unauthorized access to the facility. The second layer, or external security area, will make use of floodlighting and continuous CCTV monitoring actually to control the dead space between the fence and the actual buildings. Interior security measures start with the controlled access functions for both the doors to the facility and specific areas within. Expanded CCTV coverage inside the facility allows fit the same monitoring but adds the ability to use in the enhancement of efficiency of operations by the management staff.
Much of the costs come from the initial installation and implementation of the security items discussed. Recurrent costs come by way of the general upkeep and maintenance of both the hardware and software throughout the system. The direct and indirect labor cost of physical and IT personnel to maintain the system should also be a consideration in the larger cost benefits analysis portion of the risk assessment and security survey process. An essential part of using technologically based access control systems throughout comes through the realization of force multiplication. The system performs the functions that once would have required a physical security asset on site.
Personal Security
The very nature of a security plan is to protect an organization's assets. With SunOpta, its most valuable asset is not the product it produces, but the people who work within the facility. That is why the need for a solid and comprehensive personnel security plan is so important. Without the employees of SunOpta, things such as shipping and receiving, production, and maintenance would cease to happen daily basis. With this assessment and preliminary budget, the executives of the company can address the needs of the employees; ultimately providing a higher level of personal security that will ensure a future of productivity and profitability for SunOpta.
Hiring Process
With the question, “how do we protect the company’s number one asset” in mind, every security should be made based on how it will safeguard those who matter most. The first step in increasing the overall personnel security platform, beyond the physical security of the exterior of the facility, is the use of a stronger hiring and vetting process. This process would be part of the pre-hire system used to receive, screen, and vet potential candidates for positions within the company. The end goal being the right people would be put in the right places, making the company stronger and more secure from the inside out.
The initial step in the hiring process is expanding the vetting program when looking into potential candidates. When a resume comes in, the human resources team must look at which candidates are qualified they are applying for. This process seems simple, but a set standard of policies should be put in place, to ensure a fair and impartial process. After a resume has been identified, the interview process should begin. Again, this process should have a set policy in how and when interviews will be conducted (Fey, 2006). This phase will be where the applicant pool will be whittled down even more. After the interview process is complete, the vetting process is where the backgrounding and candidate selection can truly begin. The vetting process comprises a thorough check of all references and previous employers. This will have an increased cost associated with it (as explained in the preliminary budget) due to the labor hours involved with doing the legwork to find out the information. There will also be a nominal fee for the backgrounding process; the need to obtain criminal, financial and another important background information is imperative when finally deciding on the right person for the job.
Another aspect of the human resource (HR) process is the continual maintenance of employee records and safeguarding the people hired; this is done in a few different ways. The first way is the use of annual backgrounding and follow up to ensure employees have maintained the level of personal and professional conduct that SunOpta has grown to expect from its staff. The duty of the HR department will be to safeguard the records and informational assets of the company. These highly confidential records are kept under electronic key fob locked rooms, within limited access areas. These areas of the facility are controlled by the administrative assistant, will access being granted to only those who the company has needed access to the information stored inside. To mitigate the loss to the company when someone is terminated, exit interviews will be always conducted possible. As part of the exit process, any company property must be turned in. Turning in of equipment will ensure the company and the employees incur no undue loss; this reduces overhead and prevents uniforms and equipment from falling into the wrong hands.
Employee Training
The training of all staff is not only something that benefits the employee, but it also benefits the company. The ways training can be accomplished within an organization comes in many forms. With the increased use of technology, web seminars, and remote training has gained in popularity. This is often the most cost-effective training program available. There is also the practice of sending employees to off-site training events; however, this can become costly based on the training and distance at which the employee must travel for this learning opportunity. Last the use of a trainer or organization to come into the facility to conduct onsite training (Hertig & Christman, 2010). This training will allow for the best overall involvement of staff as the leadership can schedule and mandate attendance with little extra cost. The best and most comprehensive approach to the training of the SunOpta staff would be a utilization of all of training methods. This would allow for specialty training and asset management, ultimately reducing costs across the board.
Some of the yearly training that must take place should focus on company safety protocols and Occupational Safety and Health Administration (OSHA) regulations that pertain to daily operations of the facility. Often, these protocols and regulations do not change, but the very fundamentals of safety should be at the forefront of every employee's mind, each day they clock in to work. Additional training for things such as CPR and first aid, leadership, and management, or plant operations can be conducted case by case. Striving to educate every employee, regularly, will help drive the company to a higher and more maintainable standard.
Additional Safeguards
Adding protocols and procedures for reacting to accidents, workplace violence, and theft is a must for SunOpta going forward. As part of the preparedness and mitigation plan, the establishment of a response force is a must. This response force would come in the shape of a uniformed security team that would be the first line of response for any of the above-mentioned concerns. Using a uniformed security officer goes much further than having a physical deterrent to anyone thinking about doing harm to staff or the facility. With the employee's stolen vehicles, a uniformed security officer on patrol will help to prevent this loss. The uniformed staff can act as entry control, key and access management, and highly trained first responders for any medical or emergency event. This security staff can monitor the proposed CCTV system budgeted for update and installation, adding a layer to the IT security plan. The simple addition of the See Something, Says Something program will help to drive employees towards being aware and utilizing the security team (DHS, 2015). As a uniformed, patrolling presence, the security team can augment the physical security protocols outlined in the physical security plan. An additional long-term cost is associated with hiring a full-time, around the clock staff; but it is believed this cost will be considerably lower than having to mitigate or respond to something that could have been detected or prevented by adding this team.
Information Security
Requirements
For there to be a complete overhaul of the SunOpta’s safety and security situation, there are some critical requirements that the company's security plan must meet and in the process ensure that all the set of objectives is satisfied. The requirements are as follows as shown in the table below:
|
Requirement |
Requirement Description |
|
A camera surveillance plan |
-Establish the critical areas of concern that require safety and security attention within and around the company’s premises |
|
Local Area Network (LAN) |
Facilitate inter-networking cameras and other peripherals in the company through the Ethernet cable connection to the electrical appliances |
|
CCTV Cameras |
Adequate Cameras to be fixed in strategic locations within the SunOpta’s premise |
|
Digital Data Storage Systems (DDSS) |
Ideal for the storage of the streaming lives data from the installed cameras |
|
Network Topology |
Centrally located with the help of a remote server to enhance viewership of the cameras |
|
Wide Area Network (WAN) connectivity |
Ensure connectivity of the to the proposed Security system |
|
Tailored/customized over the counter program. |
Facilitate Artificial Intelligence(AI) functions such as capture of information from the cameras, and storage of data in a database
|
|
Establishing internet connectivity components |
Data cables used for interconnection to cameras must be used with a remote computer |
|
Back-up storage |
A countermeasure for preventing the loss of data on virtual memory based on the internet |
|
System developer and database designers |
These are skilled individuals with capability to facilitate information and technology needs |
|
Technical staff |
In charge of system management |
|
Adequate working space |
Facilitate implementation of the and installation of security apparatus |
|
EPMO system |
To facilitate connectivity in the system management |
Expected Results
The successful implantation of the security strategy and plan mentioned here will help the company:
(I) minimizing potential loss of property plus and other security and safety vulnerabilities within the premises of SunOpta due to heightened security measures following the implementation of the security plan
(II) Monitoring the employee activities within the company to ensure their productivity is up to required levels the company can optimize productivity rate by each employee to increase its production capacity.
(III) Increase security mechanism and awareness through the interconnectivity of the organization’s security system facilitating access to security assistance during a security alarm.
(IV). Reducing the cost for key areas such as CCTV monitoring, flood lights and needs assessment of the developed security strategy.
(v) Reduction of losses due to inadequate surveillance causing pilferage, criminality and loss of property following the development of the security strategy in the long-run profits.
(VI) Reduction of long-term liability if unforeseen safety occurs and security because of various reasons such as negligence.
Major Deliverables
|
Development Timeframe |
Development of a surveillance system within the set timeframe to prevent high costs from delays |
|
Design Review |
The information security analysts conducting a walkthrough to assess the design of the security plan |
|
User Acceptance Testing |
The employees to undertake lessons in on the workings of the system |
|
Deployment Plan |
I To help in identifying the stakeholders and project team tasks |
|
Database development |
Developing a database to coordinate the operations of the company and the security within |
|
Organizational connectivity |
Organizational activities and security to be well connected to minimize cases of property and information loss |
|
Organizational coordination |
the coordination of the organizational activities and security will lessen the vulnerabilities that SunOpta is exposed to through assurance of the employee security |
Resources needed
|
Activity |
Generic resources |
Human resources |
Materials |
|
Feasibility study |
|
· external system investigator/monitor · SunOpta employees |
· questionnaires · records on the organizational safety and security status |
|
Acquisition of legal documents and licenses |
|
· The company purchases or legal officer |
|
|
Development of surveillance plan |
Broadband internet connection |
· External ICT expert |
|
|
Purchase of equipment and materials |
|
· Company procurement officer |
|
|
Development of physical cabled network |
|
· Consultants |
· data cables · pipes · RJ45 connectors |
|
Development of application software and database system |
- broadband internet |
System developer |
· Remote computer |
|
Physical installation of cameras and other accessories |
|
ICT consultant |
· Surveillance cameras · remote computer · Wall camera holders |
|
Pilot run |
- broadband internet |
- system developer - company ICT staff |
· the new system in the boardroom |
|
|
|
|
· |
|
Full implementation |
- broadband internet |
- System developer - Company ICT staff |
· the system in the whole company |
|
Performance measurement |
- Broadband internet |
ICT consultant System Analyst |
· the system in the entire company |
Measuring success criteria for the security plan
i. SunOpta to ascertain the implementation of the security strategy and its regular update during the implementation phase.
ii. Stakeholders to conduct a system appraisal fortnightly to ensure adoption of the implemented safety and security strategy.
iii. Introducing organizational employee training to enhance their understanding of implementing the strategy and how it would work.
Preliminary Budgets
Budget Estimate for SunOpta Physical Security Plan
|
|
||
|
|
|
|
|
NO. |
ITEM |
BUDGET ($) |
|
1 |
Perimeter design |
2,000 |
|
2 |
Legal requirements (zoning) |
3,000 |
|
3 |
Camera surveillance development plan @625*5 (incl. as part of IT security plan) |
0* |
|
4 |
25% fencing and razor wire expansion |
5,000 |
|
5 |
Electronically controlled gates 2,500*3 |
7,500 |
|
6 |
Perimeter controlled access system 5,000 *3 |
15,000 |
|
7 |
Man door controlled access expansion 500* 13 |
6,500 |
|
8 |
Installation (incl. wiring/parts/labor) |
10,000 |
|
9 |
Security lighting |
7,500 |
|
10 |
Installation |
2,000 |
|
11 |
Expected Yearly Upkeep 500 per mo. *12 |
6,000 |
|
|
|
|
|
|
Total |
64,500 |
|
Budget Estimate For SunOpta Personnel Security Plan |
||
|
|
||
|
|
|
|
|
NO. |
ITEM |
BUDGET ($) |
|
1 |
Expanded Background/Hiring Process
|
$10,000/yr. |
|
|
· More in-depth initial background
|
|
|
|
· Yearly recheck of background
|
|
|
|
· Expanded hiring process
|
|
|
2 |
Yearly Personnel Training
|
$20,000/yr. |
|
|
· Safety/awareness training
|
|
|
|
· OSHA compliance training
|
|
|
|
· “See Something, Say Something”
|
|
|
3 |
Uniformed Security Staff (24/7, two officers per shift, $11/hr.) |
$96,360/yr. (wages) |
|
4 |
CCTV (See IT Security Plan)
|
$0 |
|
5 |
Increased Entrance Control (See Physical Security Plan) |
$0 |
|
|
|
|
|
|
Total Estimated Cost: |
$126,360 |
|
Budget Estimate For SunOpta Information System Security Plan |
||
|
|
||
|
|
|
|
|
NO. |
ITEM |
BUDGET ($) |
|
1 |
Feasibility study @ $700*3 |
$2,100 |
|
2 |
Acquiring legal documents @$630*4 |
$2,520 |
|
3 |
Camera surveillance development plan @625*5 |
$3,125 |
|
4 |
Equipment purchase @600*6 |
$3,600 |
|
5 |
Network connectivity @615*6 |
$3,690 |
|
6 |
Support application software |
$4,700 |
|
7 |
Installation |
$3,000 |
|
8 |
System database development |
$2,000 |
|
9 |
Pilot run in the company boardroom |
$1,000 |
|
10 |
Complete implementation |
$550 |
|
11 |
Training employees |
$7,200 |
|
12 |
Performance test |
$167 |
|
|
Total |
$31,717 |
The initial plan of a security proposal covers the first few layers of security needed to implement a sustainable and long-lasting plan. The needs of the SunOpta facility concerning physical, personal, and information systems security is being addressed. The plan comprises identifying the immediate needs of the company. In the arena of physical security, the need to strengthen the perimeter security and entry control is paramount. For personal security and the safety of the staff and visitors, using a stronger vetting and background system and uniformed security will help take the company to the next level of safety. As for information system security, implementation of a camera system and the training needed to implement it is the top priority. All of these individual aspects of the proposal will help take the entire company one step closer to providing the safest and secure environment possible.
The design and implementation of a security plan tailored to the particular organization. Each pillar of the strategy should be in line with the company's basic mission, vision, goals and overarching philosophy. That process begins with understanding the organization behavior of SunOpta itself and how each employee in the process should be a part of the greater security policy. With values based plan in place, the security team can build a plan that reflects the values and intent of the company.
The organization's base rests on management's philosophy, values, vision, and goals. This base, in turn, drives the organizational culture which is composed of the formal organization, informal organization, and the social environment. The culture determines the type of leadership, communication, and group dynamics within the organization. The workers perceive this as the quality of work life which directs their degree of motivation. The final outcomes are performance, individual satisfaction, and personal growth and development. (Leadership and Organizational Behavior, 2015, Para. 3)
In both the security and non-security related fields it is the human element of the job that will make the company a towering success, or a monumental failure. While not situated within a security related industry, the SunOpta aseptic processing facility in Modesto, CA found itself with noticeably low employee morale and in turn poor productivity. The causal variable at the time was believed to be rooted in numerous security-related issues at the plant. A review of the risk assessment and security survey finds that within a span of one year, four employee vehicles were stolen from the front parking lot and at least a dozen unauthorized intrusions documented. Those events led to the theft of company materials and an overall distrust in current security systems.
While leaving the plant vulnerable to theft and the potential for other adverse and unsafe actions, it made seemingly made employees wary of coming into work. During its expansion from a small plant with one processing line and a staff of 25 employees to a 24/7 operation with five continuously running lines, the organization had put all of its emphasis on production capability. The criminal events left the general security of the workforce unprotected and noticeably so.
With the growing number of high-profile incidents, including the stolen vehicles and drop of in production performance, a workforce evaluation was commissioned to determine the cause of the decline in employee morale accurately. The findings primarily came from an employee engagement survey and a thorough review of data including production and turnover performance by shift. The hope was to identify the obvious reason for the low output and general morale.
Organizational Behavior (OB) for the current day security manager's application is used to interpret and furthermore develop a high moral culture within the organization.
By understanding organizational behavior concepts, managers can better understand and appreciate the behavior of those around them. For example, most managers in an organization are directly responsible for the work-related behaviors of a set of other people—their immediate subordinates. Typical managerial activities in this area include motivating employees to work harder, ensuring that their jobs are properly designed, resolving conflicts, evaluating their performance, and helping them set goals to achieve rewards. The field of organizational behavior abounds with theory and research regarding each of these functions (George, Jones p.13, 2006)
Through this culture, the security manager builds an organization that can address issues and conflicts within the organization or department. This focus on molding the culture of the workforce to assimilate to the defined organizational goals of the company allows the security manager to lead their staff with proper direction.
Organizational Mission
SunOpta has a responsibility to its consumers but also has a duty to uphold a safe and secure work environment for its employees as well. The mission statement of SunOpta sums it up by saying, "At SunOpta, we empower our employees to enrich lives by developing healthy and organic food products, driving sustainable well-being" (SunOpta, 2015, About Us, para. 3). The mission statement is the fallback position for everything the company does. Empowering its employees to enrich the lives of the consumer is the overarching goal. The security of the facility and its employees falls under that mission statement as well. The security team must take every step to ensure the people of SunOpta are kept safe and secure; without the security staff, the ability for the empowered employees to do what they do on a daily basis would cease to happen.
The mission of SunOpta carries over to everything that the security team does, and it should be the driving factor for security management when making decisions that not only pertain to the security staff, but to the entire facility and its employees. The direct connection to the SunOpta mission statement falls heavily on the security team. If the security of the facility and its people is not maintained, the company will cease to produce the product for the consumer; thus ending SunOpta. An example of this would be an attack by a lone wolf attacker. If this attacker gains entry to the production facility and opens fire, wounding and killing the staff, production stops, and SunOpta must go into mitigation and recovery phase. This one attack could have a lasting effect on the company as a whole. The role of the security staff and the security upgrades that are proposed will help to act as a deterrent and preventer of these types of threats. If the security team, like the rest of SunOpta, continues to use the mission statement as a guiding light for the direction of the company, the path forward will be bright.
Vision
The vision that is shared across every department of the company should also be a driving factor for the direction SunOpta wants to go in achieving future growth. The company's mission statement is:
To be a sustainable organization that is a global leader in natural and organic food products are driven by a spirit of continuous improvement, innovation and category expertise that enables the well-being of our employees, customers, consumers and other stakeholders. (SunOpta, 2015, About Us, para. 4)
This vision statement is an idea that will continue to guide the company in the innovation and growth that they expect, as well as the commitment they have made to their stakeholders and customers. Like the mission statement, the vision message will help guide the security team as well. The use of this risk assessment and future policy guidelines will ensure the well-being of employees, customers, and the end users of SunOpta's products. The security assessment is one way the team can identify and address the areas of growth for the company. Determining the needs up front will help to prevent potential loss in the future. The need for a proactive approach to security will help SunOpta reach its stated vision; fulfilling the commitments to their staff and customers.
Goals
The goals of SunOpta fall in line with the mission and vision of the company. They want to produce a high-quality product, innovate, and grow while providing a safe and secure work environment for their employees and customers. Those goals are as follows:
• Ensure a safe work environment for employees.
• Ensure a safe product for consumers.
• Continue growth and innovation for our shareholders.
• Continue good stewardship for the environment.
With the nature of the goods being produced at SunOpta, the end consumer can pay a hefty price for a lack of standardization and security. If security protocol is not in place, contaminates could be put into the product, causing widespread illness. The assessments conducted by management will cut down on these types of issues. With an evaluation, the company must have a mitigation process in place as well. The continuity of business is just as important as identifying issues proactively. If there is a plan in place, in case something happens, the faster recovery and business, as usual, can become the norm.
Philosophy
The security officer acts as an agent, a representative of management to employees, visitors, and others. This is where the officer is concerned with representing the philosophies of management. To do this effectively, they must thoroughly understand the mission statement of the organization as stated above. They need to know what the policies are and the underlying philosophy behind them. The major emphasis in the representative management role is to maintain positive relations with the various publics with which security department's deal; such as employees, customers, visitors, vendors, and local law enforcement officers. A solid background in public and customer relations is a necessity. So, too, is diplomacy when dealing with other departments, external agencies, and so on. Another aspect of this role is educational.
Security officers may be very active in educating employees, visitors, students, guests, and so on about safe practices. “As the officers grow professionally, they may become increasingly involved in educational efforts. As the security industry becomes more complicated, requiring the protection of more intangible assets, this educational role will be made more common.” (Palacios & Hertig, 2010).
The philosophy of the security officer is just that, keeping in line with the company's mission and vision. The security team must make decisions based on what the company direction is. If the team is consistent with this philosophy, then the security team and the company will be in sync.
Code of Ethics
The security team must follow a code of ethics that are in line with not only SunOpta but also in line with the standard of professional security officers. The security team will have access to company and personal information that most employee will not. That is why a code of ethics is so important. The following list of core professional security ethics will be a starting point for establishing a precedent for ethical officers, they are:
• Respond to employer's professional needs
• Exhibit exemplary conduct
• Protect confidential information
• Maintain a safe & secure workplace
• Dress to create professionalism
• Enforce all lawful rules & regulations
• Encourage liaison with public officers
• Develop good rapport within the profession
• Strive to attain professional competence
• Encourage high standards of officer ethics
SunOpta, their customers, and their shareholders expect a great deal from the security team. "In the past, there has been far too little attention paid to the ethical aspects of the profession. There have to be solid guidelines that each officer knows and understands." (Broder & Tucker, 2012). More importantly, it is essential that each manager and supervisor performs his or her duties in a manner that will reflect honesty, integrity, and professionalism.
Organizational Structure
The organizational design of the SunOpta Modesto facility will serve several functions that are incorporated in the strategy to enable the organization to achieve economic sustainability as a member of the community. The organization will be in a position to deal with any safety and security related issues with a defined organizational structure in place to handle anything that may come up. The plant structure in place starts at the top with corporate guidance coming from the United States office in Edina, MN and the world headquarters in Brampton, ON. This level of guidance is meant to guide the company on a macro scale to ensure that all satellite facilities work within the construct of the overarching mission and values of the company.
Plant level organization begins with the Plant Manager, who is entrusted with maintaining a safe and efficient operation. This administrative entity is responsible for all successes and failures in every facet of the operations. Reporting directly to the plant manager are the department heads of each department within the facility. The production, quality, maintenance, warehouse and continuous improvement managers each answer directly to the plant manager while also having subordinates report to them. Additional support positions include the sales team, scheduler, accountant, and receptionist. The layered command structure facilitates ease of communication and delegation of responsibilities based on ingrained expectations.
Staffing Needs
With receipt of the risk assessment and security survey, the recommendation has been made to add additional staffing in addition to physical security measures. The security manager or supervisor will report directly to the plant manager with subordinate security guards reporting to them. Secondary reporting will be made to the highest ranking salaried person present at the facility to ensure consistent communication and coordination with staff. Company notification trees or contact lists will be updated to reflect the oncoming positions.
All the staff that works in the plant will need to be brought into the fold of the new security policy. This orientation process will require a host of elements that will make it easier for full implementation with an understanding of how the system works and benefits them on an individual level. These include additional training and experience to help increase the capabilities and confidence of the members in use and trust of newly installed security measures.
Building the safety and security culture of the plant in light of recent negative instances will be a major focus of the implementation. This employee awareness and familiarity process will show each employee how they precisely fit into the greater security construct and what exactly they can do to help. Follow-on training for all staff on an initial and annual basis is vital to building an ingrained security mindset within the organization.
Culture is the conventional behavior of a society that encompasses beliefs, customs, knowledge, and practices. It influences human behavior, even though it seldom enters into their conscious thought. People depend on culture as it gives them stability, security, understanding, and the ability to respond to a particular situation. This is why people fear change. They fear the system will become unstable, their security will be lost, they will not understand the new process, and they will not know how to respond to the new situations. (Leadership and Organizational Behavior, 2015, Para. 8)
Roles and Responsibilities
For the facility to adequately function within the newfound security policy, it will be necessary that all the personnel involved in the exercise have clearly delimitated roles and responsibilities so that each of them concentrates on meeting his or her part. It should mention that all the personnel making have a role in the security process in addition to their daily duties.
Plant Manager
The Plant Manager reports to corporate level management. At the Modesto aseptic operation, all area supervisors report to the plant manager who acts as a local level executive authority for the plant. All plant level decisions and recommendations to higher command go through the plant manager. That position is in place to take ownership of the operation in all facets of the operation. Much of the security direction, allocation and authorization will be channeled through this position with an emphasis on building the security culture with "buy-in" from the top down.
Security
Security Supervisor
The security supervisor reports directly to the plant manager and receives guidance from corporate level safety and security entities. The supervisor will help develop, request authorization for and implement the security plan for the facility. The plan will follow recommendations derived from the completed risk assessment. Duties on a daily basis include maintaining the payroll, health, and safety of assigned security guards and coordination of further training and assessments.
Security Guards
Security Guards report directly to the Security Supervisor with an additional reporting required to the senior salaried manager on site. Each employee is directly responsible for the physical safety and security of the location at all times. Responsibilities include identification of potential issues and use of the decision-making and reporting processes to maintain a safe, secure working environment that promotes productivity and efficiency.
Production
Production Manager
The production manager reports directly to the plant manager. This employee is responsible for all production aspects of the operation to include profitability and efficiency. Employee engagement, safety, and productivity are the main areas of concern in the building and molding of the desired production culture. The production manager promotes security by facilitating time and resources that allow all employees to attain maximum engagement in the security process.
Production Supervisors
Production supervisors report directly to the production manager. Each of the four supervisors is responsible for the safety, productivity and pay for all assigned personnel on their shift. Each shift averages twenty production employees supplemented by five to seven temporary employees brought on board to assist in non-skilled labor tasks. This position requires a proactive approach to security with a close relationship maintained with security personnel. Overnight shift supervisors largely act as senior salaried managers and must receive and disseminate security reports through the proper chain of command.
Production Employees
Production employees report directly to their assigned production supervisor. Each employee is considered a skilled position employee and has received extensive training in their tasks by the company. The safety, security and morale of these employees are vital to maintaining productivity and profitability. All are asked to remain intimately involved in the security process. This includes training to solidify their role in their particular position and a culture that encourages reporting of potential problems as soon as possible.
Temporary Laborers
Temporary laborers report directly to their contract agencies representative and follow the direction of the on-site supervisor. The laborers are staffed between five and seven per shift dependent on production needs. Each is expected to comply with plant safety and security policies at all times.
Support
Warehouse Manager
The warehouse manager reports directly to the plant manager. This position is responsible for all logistical maneuvering and support needed to maintain and effective and profitable business. The manager is expected to track on incoming raw materials and outgoing finished products while ensuring that all warehouse specific employees are taken care of from safety, productivity and pay perspective. Similar to the production manager the warehouse manager must be, and make their employees available, for participation in the security process to include assessment and training.
Warehouse Employees
Warehouse employees report directly to the warehouse manager. Each of the four per shift is full-time forklift operators that move materials and supplies throughout the facility. In that role, each employee is responsible for the operation and security of all external roll up doors throughout the plant. Each traverse through these doors must be followed by securing them. This task is specific to the warehouse and makes a vital member of the overall security plan.
Quality Manager/Supervisor
The quality manager reports directly to the plant manager. The primary focus of this position is the production and delivery of a safe quality product to the end user. In the execution of that task, the management team is must ensure that each quality employee is available as needed for safety orientation and training.
Quality Employees
Quality employees report directly to their quality manager/supervisor. Each employee is considered a skilled position employee and has received extensive training in their tasks by the company. The safety, security and morale of these employees are vital to maintaining productivity and profitability. All are asked to remain closely involved in the security process. This includes training to solidify their role in their specific position and a culture that encourages reporting of potential problems as soon as possible.
Continuous Improvement Manager
The continuous improvement manager reports directly to the plant manager. This position is designed to identify areas of improvement throughout the process. In that role, the security team can request an objective review of in place operations to ensure that efficiency and cost consideration based decisions are sound and within the framework of the company's mission.
Additional Positions
Additional or auxiliary plant positions all work directly for the plant manager. As an on-site member of the team, each is expected to play an active role in the implementation and to sustain of the in place security policy. Those job functions include accountant, scheduler, buyer/sales and general receptionist. As with all other plant positions, all will receive an initial, follow-on and specific security training as needed to maximize overall engagement and strength of the plan.
Preliminary Budget
|
NO. |
ITEM |
BUDGET ($) |
|
1 |
Security Personnel Training - Annual |
5,000 |
|
2 |
Management Level Security Training –Initial(x6) |
6,000 |
|
3 |
Supervisor Level Security Training – Initial (x6) |
6,000 |
|
4 |
All Employee Security Training – Initial (x140) $17.50 * 8 = $140 averaged |
19600 |
|
5 |
Development/Distribution of security SOP |
5,000 |
|
6 |
New Hire Security Orientation budget $17.50 * 8 = $140 averaged based on 25% industry averaged turnover |
4900 |
|
7 |
All employee annual refresher training $17.50 * 2 = $35 |
4,900 |
|
|
Total |
51400 |
The expected cost of implementing the security plan at the plant level will be a total first-year cost of $51,400. These costs include both initial and follow-on training for all employees in the plant. Through temporary employees work in the plant it will be the responsibly of the contracting agency to ensure that they follow all safety and security protocols on site. Four different levels of training will take place to build a proper support structure from the top down.
Security personnel will receive annual training meant to validate their readiness and to maintain all licenses needed for the execution of their duties. Management and supervisor level training will focus on the need for communication in the command and control process. Employee level initial training will build a baseline of knowledge in regards to the security process and where they specifically stand. Included in the proposed budget are figures meant to denote expected training on an annual basis. With an industry standard, twenty five percent annualized turnover or thirty-five employees, and all employee two-hour refresher training each valued at $4,900 per year.
Conclusion
The risk and threat assessment and Security Strategy for SunOpta clearly defined threats and methodologies to mitigate any possible event. The priority for SunOpta should first and foremost be providing security and safety its customers and employees, this, in turn, drives profitability. The necessity to fund security is minuscule in comparison to the loss of life; furthermore the fallout after that to the company and leadership for failing to emplace preventative measures to clearly identified risks. The current organizational hierarchy has a vast undertaking to bring the security of their customers and employees to standard. However, the benefits of doing so would only be superseded by the costs of doing nothing. Organization behavior is indicative of the security each feels in their employment, environment, and co-workers; unfortunately, there can be no one size fits all. Every organization is unique; SunOpta has proven this in their fashion, striving to "bringing well-being to life", being a pillar of the community, providing a secure, friendly environment for both customer and employee would only reinforce attitudes in regards to well-being. Organizational Behavior will be a pivotal influence of SunOpta's leadership; placing the needs of the employee and customer first allows for a safe environment and ultimately the baseline for a well-established profitable organization.
References
About Modesto, Retrieved from http://www.modestogov.com/about/
Beal, V. (2016) Key Fob. Retrieved from: http://www.webopedia.com/TERM/K/key_fob.html
Broder, J. F., & Tucker, E. (2012). Risk Analysis and the Security Survey (4th ed.). Waltham, MA: Elsevier Inc.
DHS (2015). See Something, Say Something: Program Guide. As retrieved from http://www.dhs.gov/see-something-say-something .
Garcia, M. (2008). The Design and Evaluation of Physical Protection Systems (2nd ed.). Burlington, MA: Butterworth-Heinemann.,p1,p.4,p.57.
George, J. & Jones, G (2006). Understanding and Managing Organizational Behavior (1st Ed.) p.13.
How (and why) to set up a VPN today. (2013). Retrieved from http://www.pcworld.com/article/2030763/how-and-why-to-set-up-a-vpn-today.html
Hertig, C. & Christman, J. (2010). Professional Protection Officer: Practical Security Strategies and Emerging Trends. Published by Elsevier Inc.
International Conference on Global Security, Safety, and Sustainability, Magalhães, S. T., Jahankhani, H., & Hessami, A. G. (2010). Global Security, Safety, and Sustainability: 6th International Conference, ICGS3 2010, Braga, Portugal, September 1-3, 2010, proceedings. Berlin: Springer-Verlag.
Physical Security. (n.d.). Retrieved from http://www.thefreedictionary.com/physical+security
SunOpta (2015). About Us (para. 3 and 4). As retrieved from http://www.sunopta.com/about-us/ .
SunOpta New Facility, Retrieved from http://www.packaging-gateway.com/projects/sunopta-soymilk/
Your Company’s Most Valuable Asset: Your Employees. (n.d.). Retrieved from http://www.oasisadvantage.com/blog/your-companys-most-valuable-asset-your-employees
Broder, J. & Tucker, E (2012). Risk Analysis and the Security Survey (4th ed.). Published by Butterworth-Heinemann, Elsevier Inc.
J. George & G. Jones Understanding and Managing Organizational Behavior, 2006, 1st Edition p.13.
Palacios, K. & Hertig, C. (2010). The Professional Protection Officer: Practical Security and Emerging Trends. Published by Elsevier Inc.
Leadership and Organizational Behavior, (2015), Retrieved from http://www.nwlink.com/~donclark/leader/leadob.html