Security Planning for the Pharmaceutical Industry

Far-flung enterprises and stringent regulations create a challenge for security executives

Over the past few decades, no other business segment has faced as many different types of external security threats as the Pharmaceutical industry — threats emanating from corporate espionage, product tampering, animal rights activism, organized crime and most recently, international terrorism.

Information gained through research and manufacturing techniques is the lifeblood of this industry. Espionage or theft of that information continues to be a real threat as competition is becoming more and more aggressive. Animal rights activists continue to fight for their cause using many different methods to create havoc, including the use of explosive devices. Terrorists may revert to sabotage by releasing toxic, flammable or explosive chemicals or by contamination of products.

These are chemicals or materials that if stolen have the potential to be used as or converted to weapons. Each one of these events could have the potential to create significant adverse consequences for human life and, in addition to loss of revenues, may also cause the pharmaceutical corporation's image to be damaged irreparably.

A Challenging Security Environment

The security practitioner in the pharmaceutical environment must plan for a wide range of potential security situations and scenarios, and develop and implement a suite of performance-based security measures commensurate with the identified risks for each critical facility.

Pharmaceutical corporations may have a presence in every corner of the world. They are typically comprised of many facilities — each planned and designed to provide a specific function. Corporate headquarters may be located on one continent with regional office buildings, manufacturing facilities, warehouses, distribution centers and research facilities strewn throughout the rest. Since each facility will present a unique set of threats, the security practitioner responsible for protecting the corporation's assets must be proactive with the ability to adopt non-conventional strategies that will neutralize those threats.

Controlling this environment from a security perspective requires knowledge of current and future physical and logical access needs, coupled with an understanding of the many regulations emanating from the FDA to the Department of Homeland Security (DHS) and possibly some international regulations as well. The DHS Chemical Facility Anti-Terrorism Standards (CFATS), which may also apply to pharmaceuticals, is a federal effort to increase security at high-risk facilities to minimize the potential for terrorists to gain access to dangerous chemicals.

Vulnerability assessments should be conducted annually at each facility to identify security requirements, and to develop and implement site-security plans with guidelines that address the physical security needs for each type of facility. Creating layers of security and placing the most critical assets within the most inner layer should be an important aspect of physical security planning for these type of facilities.

Access Control

The application of access control becomes a key instrument for developing layers of security for protecting the assets of a pharmaceutical corporation within each of its facilities. It is important to identify critical assets, such as: intellectual properties and products; high-profile targets which may include the corporate executives, managers and researchers; the data center with its associated infrastructure; and research labs and vivariums — and ensure they are located within those inner layers of protection.

The corporate headquarters office building can be provided with strict physical security measures starting at the outer security layer. Depending on the facility’s geographic location, the outer layer may be the sidewalk of a large metropolitan city or the parking lot of a suburban office complex.

Perimeter Security

This content continues onto the next page...