In the wake of both world and domestic developments recently,
one concept has crept toward the top of the management
agenda.
No, not stock options.
I'm talking about security, or "biosecurity," as it's
commonly called in the food industry.
Just yesterday, Tom Ridge, secretary of Homeland Security,
called a news conference in Washington, D.C., to warn
Americans of an "increased risk of terrorist attacks this
summer." Ridge said that DHS has "credible evidence" that
Al Qaeda plans to carry out a "large-scale attack to disrupt
our democratic institutions."
Early speculation centered on the upcoming Republican
and Democratic national conventions in New York City and
Boston, respectively - two cities chillingly connected
to the Sept. 11 attacks on the World Trade Center.
Against such a frightening scenario, Ridge reassured the
nation that new "permanent protections" against terrorism
are now in place and boasted about "unprecedented communication
abilities" that recently have come online.
Since DHS, the U.S. Department of Agriculture and the
Food and Drug Administration have all issued new biosecurity
guidelines aimed at addressing weaknesses in our food
production system, it's only fair to ask: How well are
meat, poultry and food processors armed with strengthened
security and communications capabilities to prevent sabotage
or foil any terrorist-type activities?
The answer, experts say, is not that great.
"When I go into plants to conduct training, I find that
too many managers think, 'It can't happen here,'" says
Mike Fagel, Ph.D., a long-time meat industry veteran who
has pursued a parallel career in disaster planning and
serves as a security expert in manufacturing and an expert
consultant with DHS. "It's true that the bad guys aren't
likely to walk into the plant wearing a backpack marked
'POISON,' but that doesn't mean that even the most remote
location couldn't be the target of anything from a disgruntled
ex-employee to a true, highly trained terrorist."
The antidote to such thinking is development and implementation
of a security program that focuses on the real traction
points for food processors: Lockdown protocols, information
sharing and crisis preparation, a sequence progressing
from the practical to the probable to the possible - if
unthinkable.
Here is a review of checkpoints within each of these areas:
Lockdown Protocols
Most processors would argue, "We already have these kind
of security procedures in place," and in fact, the meatpacking
and poultry processing industries have one major advantage
over other manufacturing sectors: They have long been
targeted by animal rights and vegetarian extremists willing
(and able) to attempt all sorts of violence and vandalism.
Thus the basics of securing facilities and controlling
personnel movement are already in place.
Moreover, the demands of even a nominal HACCP program
require that many of the critical control points where
product sabotage is likely to take place have already
been analyzed and vetted for process control, if not hardened
security.
But that shouldn't be cause for complacency. A majority
of processors fail to make use of such tools as video
surveillance, electronic ID badges and security audits
to target vulnerabilities, and even those who do cannot
always confirm that the less glamorous tactics are equally
well-monitored.
"I have to ask managers, 'How often have you changed the
locks? How frequently - and thoroughly - are you checking
raw materials? Or packaging?'" Fagel says. "But focusing
on the basics can be boring, and you need a top management
mindset that communicates to everyone at the plant that
security is a top priority."
Even when the proper emphasis is placed on constant security
monitoring, it's useful to bring in experts to assess
a facility's vulnerabilities as an investment in both
operational and product integrity.
"Preemption is really the name of the game," says James
E. Lukaszewki, principal of his own firm and a security
consultant to the Fortune 500. "Companies have to get
ahead of the problems by identifying vulnerabilities and
training against scenarios in which someone tries to exploit
those areas."
Lukaszewski stresses that a security audit, though hardly
an event any CEO relishes, can provide invaluable guidance
for even the more mundane problems, such as a fire or
an ammonia leak or other limited disaster event.
But the planning cannot be limited to an internal process,
which brings up the next area of attention.
Information
Sharing
When
it involves those outside the plant, this aspect of security
planning is often neglected, the experts point out. An
optimal plan requires that both plant-level and senior
management reach out to local and state law enforcement
and emergency services personnel.
Such advice is commonsensical - and generally ignored
by food industry managers busy trying to keep the wheels
turning and the margins somewhere in sight. Too often,
the focus of both corporate and small-business crisis
planning is strictly internal. A committee is formed,
key managers are identified and a manual is prepared and
promptly filed away.
That's a start - but only a start.
Having names and numbers written down is great - if an
event occurs during regular working hours, the personnel
haven't changed since someone last updated the manual
and everyone's in town and on duty that day. Such good
fortune, of course, rarely happens, which is why we call
it a disaster.
The experts now recommend that crisis communication information
be stored and disseminated via handheld wireless PDAs,
rather than having paper manuals and memos to distribute.
That also allows another benefit in the event of an actual
crisis or terrorist attack.
"The last thing you want in the initial stages of an event
is a dozen people talking to each other on their cell
phones or using the intercom function," explains Regis
Becker, the global director of security and compliance
at PPG Industries, who addressed a recent security planning
conference. "PDAs cut down on phone traffic and keep the
communications going in one direction. For all but the
key people in a company, the goal is to stay off the phones
and wait to be updated."
Who should be involved in an initiative to connect with
emergency personnel before disaster strikes? "It should
go right to the top," Fagel says. "You need the boss,
the CEO, on board, because that sends the message to everyone
else that properly preparing for an emergency ahead of
time is truly a company-wide priority."
However, plant and operations managers need to interact
with emergency officials to discuss the following:
- Contact information for
members of the crisis response team
- The plant layout and location
of utilities
- Exits and evacuation routes
- The plant's internal
security procedures
One
caution, Fagel suggests: In-house assessments of potential
vulnerabilities remain internal. "If you discover certain
weak spots, those are your responsibility," he says. "Law
enforcement or other emergency personnel can't be expected
to understand how a food processing plant works, so controlling
product and operational integrity is something management
must address."
Which leads to the final area of concern.
Crisis
Preparation
Two
elements stand out no matter what level a company decides
to take its crisis and disaster planning to, the experts
say. The first is the vital importance of what is called
"victim management," or attending to those who may be hurt
or killed in an attack or other violent incident.
"Dealing with the victims of a disaster is one of the most
important functions a company must fulfill," Lukaszewski
says. "For one thing, without victims, there really is no
crisis. More importantly, no emergency can ever reach closure
until the impact of the event on any victims is satisfactorily
addressed."
Lukaszewski says all communications that deal with the victims
of an incident need to stress concern, but also focus on
immediate restitution and future prevention.
"People, and media, need to know that the victims will be
taken care of and that the company is actively putting strategies
in place to make sure no one else ever undergoes their pain
and suffering," he says. "Without that assurance, most of
the efforts to resolve the fallout of a disaster or an act
of sabotage are useless."
The second aspect of importance involves actually doing
disaster drills.
"What keeps the CEO up at night worrying about the consequences?
That should be the focus of any type of crisis planning
and actual disaster drilling," Lukaszewski says. "Few managers
actually like spending time 'practicing' mock crises, but
if they can relate to the impact of a potential event, that
increases the chance that the drill will be taken seriously."
Lukaszewski raises an interesting sidelight to top management's
involvement in crisis planning, and that is the shifting
of roles when necessary.
"No matter what the scenario, executives have to be prepped
for their role in an actual event," he explains. "They're
typically used to being in charge, but in a crisis involving
terrorists or a sabotage of company products, the CEO is
not going to be giving the orders. The incident commander
is generally going to be a law enforcement official, and
standing by while someone else directs operations is a role
many top managers aren't well-prepared to play."
Which might be a fair summary of the impact of the whole
security planning process in this new and on occasion terrifying
age in which we live. But it's a role those in positions
of industry leadership need to learn and embrace. |
