Supply Chain

 

 

https://sm.asisonline.org/Pages/The-Dirty-Secret-of-Drug-Diversion.aspxThe Dirty Secret of Drug DiversionGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-08-01T04:00:00Zhttps://adminsm.asisonline.org/pages/lilly-chapa.aspx, Lilly Chapa<p>​Controlled substances were going missing at Hennepin County Medical Center (HCMC), and the hospital’s security investigator, William Leon, was determined to get to the bottom of it. So, at 11 p.m. on a Friday, Leon settled in for a night of observation at the Level I trauma center in Minneapolis, Minnesota. He kept a trained eye on one registered nurse who was suspected of stealing hydromorphone, an opioid pain medication, for her personal use.</p><p>HCMC has cameras set up in the medication room to monitor controlled substances, and Leon watched as the nurse began gathering prescribed medication for a patient in the emergency department. The process, called wasting, requires the healthcare worker to take a fresh vial or syringe full of medication and then dispose of the excess, leaving only the correct dosage—all with a witness present. Leon observed the nurse dispense a syringe of hydromorphone from the medicine cabinet, and, while a fellow nurse was signing off on the withdrawal, she placed the syringe in her pocket and pulled out an identical syringe, which Leon later learned contained saline. The nurse held up the saline syringe and wasted the required amount, tricking her fellow nurse, and left the room.</p><p>At this point, Leon knew exactly what was going on, and watched with increasing alarm as the nurse headed to a patient’s room in the orthopedic area of the hospital. “In that area, I knew immediately, this patient could have a broken bone—they were in intense pain and requiring this medication,” Leon says. “I see a lot of doctors standing around and I’m thinking ‘uh oh, this patient is going to get saline.’”</p><p>Leon raced to the room and saw that the doctors had given the patient the saline the nurse had brought up. “The patient was still screaming in pain and the doctor was frantically asking the nurse, ‘Are you sure you got the right dosage? Are you sure it was hydromorphone?’ and she was insisting she had,” Leon says. He called the doctor and the nurse into the hall and explained that the patient had just gotten saline and still needed the proper pain medication because the nurse had diverted the hydromorphone in the medication room. The doctor went to properly treat the patient and Leon called the nurse manager and the local sheriff’s detective in to begin an official investigation into the nurse’s actions.</p><p>Drug diversion in the United States is a nebulous problem that is widespread but rarely discussed, experts say. Whether in manufacturing plants, retail pharmacies, hospitals, or long-term care facilities, healthcare workers are stealing drugs—typically for their own personal use—and putting themselves, patients, and coworkers at risk. </p><p>“I hate to tell you, but if you have controlled substances and dispense narcotics, you’ve got diversion going on,” says Cherie Mitchell, president of drug diversion software company HelioMetrics. “It’s just a question of whether you know it or not.”</p><p>The scope and frequency of drug diversion is almost impossible to grasp, due in large part to how diversion cases are addressed. A facility that identifies a diversion problem might bring in any combination of players, from private investigators and local law enforcement to state accreditation boards or the U.S. Drug Enforcement Agency (DEA). There is no overarching agency or organization that records every instance of drug diversion in the United States.</p><p>Controlled substance management is dictated by a number of laws, including the U.S. Controlled Substances Act of 1971, which classifies substances based on how they are used and the potential for abuse. It also dictates how the substances are dispensed, and a facility may be fined if it does not comply. </p><p>The closest estimates of drug diversion rates come from people or organizations who dig up the numbers themselves. The Associated Press used government-obtained data in its investigations on drug diversion at U.S. Department of Veterans Affairs (VA) medical centers. Reported incidents of diversion at about 1,200 VA facilities jumped from 272 in 2009 to 2,926 in 2015, the data revealed, and the VA inspector general has opened more than 100 criminal investigations since last October. John Burke, president of the International Health Facility Diversion Association, extrapolated data he obtained from facilities in Ohio to estimate the presence of 37,000 diverters in healthcare facilities across the country each year. </p><p>Mitchell points out that any statistic derived from officially collected data still wouldn’t accurately reflect the extent of drug diversion in the United States. “There’s a lot of people investigators really suspected were diverters but had to be chalked up to sloppy practice due to a lack of concrete evidence, so any statistic is talking about known diverters who are fired for diversion,” she tells <i>Security Management</i>. “Even if you did have a statistic, it would be off because how do you incorporate those so-called sloppy practicers, or diverters who thought they were about to get caught so they quit on you and left? No matter what number you come to, it’s probably bigger in reality.”​</p><h4>Addiction and Diversion</h4><p>Although more people are paying attention to drug diversion due to recent high-profile cases and the current opioid epidemic in the United States, experts say they have been dealing with the same problems their entire careers. </p><p>“I can personally tell you that I dealt with the same issues 15 or 20 years ago that the healthcare arena is facing today, specifically in the drug abuse and diversion by their own hospital healthcare employees,” says Charlie Cichon, executive director of the National Association of Drug Diversion Investigators (NADDI) and a member of the ASIS International Pharmaceutical Security Council. “There are different drugs today, of course, than there were 20 years ago.”</p><p>Susan Hayes has been a private detective for healthcare facilities for more than a decade and says the opioid epidemic has magnified the drug diversion problem in recent years. “The opioid addiction in America has lit my practice on fire,” she says.</p><p>It’s no secret that opioid addiction has reached epidemic levels in the United States. In 2010, hydrocodone prescriptions were filled 131.2 million times at retail pharmacies alone, making it the most commonly prescribed medication, according to the Mayo Clinic. However, those are just the numbers that were legally prescribed—about 75 percent of people who take opioids recreationally get them from a friend or family member. According to the U.S. Centers for Disease Control and Prevention (CDC), approximately 52 people in the United States die every day from overdosing on prescription painkillers.</p><p>Healthcare workers are not immune to the draw of opioids. In fact, up to 15 percent of healthcare workers are addicted to drugs or alcohol, compared to 8 percent of the general population, according to the Mayo Clinic. </p><p>“Healthcare providers are in very stressful jobs,” Hayes says. “They all have problems. Nurses have emotional attachments to patients that they see die. Even orderlies have very stressful physical jobs, they’re lifting patients. Pharmacists can make mistakes that mean life or death. You have people that are already in very stressful situations, and now you give them access to drugs…. I think the combination is almost deadly.”</p><p>While a bottle of 30mg oxycodone tablets can sell on the street for up to 12 times its price in the pharmacy, most drug diverters are addicts using the drugs themselves. Because of this, diversion shouldn’t be considered just a security concern but a patient safety concern, Cichon says. He references several high-profile diversion cases in which the diverters used the same syringe full of medicine on both themselves and their patients, spreading bacterial infections and hepatitis. In one especially egregious case, a traveling medical technician with hepatitis C would inject himself with his patients’ fentanyl and refill the same syringe with saline, ultimately spreading the virus to at least 30 people in two states.</p><p>Unfortunately, experts acknowledge that most diverters don’t get caught until they have been diverting for so long they start to get sloppy. “The people who are your real problem are the people who are hiding in the weeds, not doing enough to get caught, and those are the ones you want to find,” Mitchell says. “The people they are finding now are the people that have the needle in their arm or somebody has reported them. You want to try to find them before that.”​</p><h4>Out of the Loop</h4><p>Hayes details the path of drugs through a hospital: a pharmacy technician orders the medication from a wholesaler, who will deliver them to the hospital pharmacy. The drugs are sorted and stocked in the pharmacy, where they will remain until they are brought up to the patient floors and stored in various types of locking medicine cabinets. When a patient needs medication, a nurse goes to the medicine cabinet and dispenses the drug for the patient. </p><p>Another ASIS International Pharmaceutical Council member—Matthew Murphy, president of Pharma Compliance Group and former DEA special agent—describes this as the closed loop of distribution. “Once a drug is outside of the closed loop, when it gets dispensed from a pharmacy or administered by a doctor, it’s no longer in the purview of DEA rules and regulations,” he explains. Drugs are most likely to be diverted during those times when they are in transit or exchanging hands, outside of the closed loop.</p><p><strong>Wholesalers.</strong> When fulfilling a pharmacy’s request for medication, wholesalers have just as much of a responsibility to notice if something is amiss as the pharmacy does. Whether it’s a retail pharmacy or a hospital pharmacy, wholesalers are responsible for cutting them off if they start to request unusually high amounts of opioids. </p><p>In 2013, retail pharmacy chain Walgreens was charged $80 million—the largest fine in the history of the U.S. Controlled Substances Act—after committing record-keeping and dispensing violations that allowed millions of doses of controlled substances to enter the black market. Cardinal Health, Walgreens’ supplier, was charged $34 million for failing to report suspicious sales of painkillers. One pharmacy in Florida went from ordering 95,800 pills in 2009 to 2.2 million pills in 2011, according to the DEA. </p><p>Hayes says the fine against the wholesaler was a wake-up call, and now suppliers use algorithms to identify unusual spikes in orders of opiates. Wholesalers can even stop the flow of medication to pharmacies if they believe diversion is occurring—which can be disastrous to a trauma center, Hayes notes.</p><p><strong>Pharmacies.</strong> To restock the shelves, pharmacy technicians compile lists of what medications they are low on to send to the wholesalers at the end of each day. Hayes notes that many pharmacies do not conduct a retroactive analysis on what is being purchased—which is why wholesalers must pay attention to any unusual changes in orders. She stresses the importance of constantly mixing up the personnel who order and stock medications. </p><p>“If you’re both ordering and putting away drugs, that’s a bad thing because you can order six bottles when you only need five and keep one for yourself,” Hayes notes. </p><p>Similarly, it is important to rotate who delivers the drugs to the patient floors. “John the technician has been taking the drugs up to the floors for the last 20 years,” Hayes says. “Well gee, did you ever notice that John drives a Mercedes and has two boats and a house on Long Island? He makes $40,000 a year, did you ever do any investigation into why?”</p><p><strong>On the floor. </strong>Experts agree that the most egregious diversion occurs during the wasting and dispensing process in scenarios similar to the incident Leon witnessed at HCMC. Mitchell explains that all hospitals have different wasting procedures—some require nurses to waste the medication immediately, before they even leave the medication rooms, while others may have a 20-minute window. Other hospitals may prohibit nurses from carrying medication in their pockets to prevent theft or switching. ​</p><h4>Investigations</h4><p>Any company involved with controlled substances, whether manufacturing, distributing, or dispensing, must be registered with the DEA and must adhere to certain rules and regulations—which aren’t always easy to follow.</p><p>Murphy, who worked for the DEA for 25 years, now helps companies follow mandates he calls “vague and difficult to interpret.” For example, DEA requires anyone carrying controlled substances to report “the theft or significant loss of any controlled substance within one business day of discovery.”</p><p>“This hospital had 13 vials of morphine that ‘went missing’ and someone called me in to find out why,” Hayes says. “They asked me, ‘Are 13 vials substantial or not? Do I really need to fill out the form?’ I counsel them on what’s substantial because the language is very loose.”</p><p>Depending on the frequency or significance of these or similar forms, the DEA may open an investigation, Murphy explains. “DEA will look at these recordkeeping forms and determine if in fact everything has been filled out correctly, that they have been keeping good records,” he says. “If DEA determines that they are lax or have not been adhering to requirements, there could be anything from a fine to a letter of admonition requiring corrective actions.” In more serious cases, DEA could revoke the registration because the activity or behavior was so egregious that it was determined that the facility is not responsible enough, Murphy explains. If a facility loses its DEA registration, it cannot dispense controlled substances.</p><p>However, DEA does not get involved in every suspected case of diversion. “There are only so many DEA diversion investigators, so they have to prioritize what they get involved with,” Murphy says. “It has to be pretty egregious for them to get involved to seek a revocation or fine.”</p><p>That’s where people like Hayes come in. “They want me to come in instead of DEA or law enforcement,” she explains. “I’m a private citizen, I understand law enforcement procedures, and I can help them get at the root of the problem before they call in law enforcement.” </p><p>After an investigation into a diverter is opened, it is unclear what happens to the offender. Hayes says that she typically gathers evidence and gets a confession from diverters, at which point her client calls in law enforcement to arrest them. Leon, who was in charge of diversion in­vest­igations at HCMC for 20 years before becoming a consultant for HelioMetrics, was able to investigate but not interview suspected diverters. He tells <em>Security Management</em> that he would call in a sheriff’s detective to interview the suspect.</p><p>Although most diverters are fired when their actions are discovered, they are not always arrested—it’s often at the discretion of their employer. Depending on the diverter’s role, state accreditation boards—such as those that license nurses and pharmacists—would be notified and could potentially conduct their own investigations. </p><p>Cichon cautions that some hospitals hoping to avoid bad press and DEA scrutiny may look for loopholes. “We found out through the course of investigations that if someone resigns and was not sanctioned it may not be a reportable action,” he says. “If we allow this person to resign rather than take action against him, then we don’t have to report it.”</p><p>Murphy notes that DEA typically has no role in individual cases of diversion. “If the diverter has a license from one of those state agencies, usually it’s required that they be reported, and then it’s up to the board how they proceed with the personal license of the individual,” he says. The DEA doesn’t regulate the personnel—that’s up to the state and the facility. </p><p>Cichon notes that the lack of standards when addressing diversion makes it more likely that offenders could slip through the cracks and move on to continue diverting drugs at another facility. “Unfortunately, there are different laws and statutes in every state that set up some sort of reporting requirements,” he says. “There are medical boards, nursing boards, pharmacy boards, and not every worker even falls under some sort of licensing board for that state.” ​</p><h4>Staying Ahead</h4><p>Due to the stigma of discovering diverters on staff, many hospitals just aren’t preparing themselves to address the problem proactively, Cichon explains.</p><p>“This is something that is probably happening but we’re not finding it,” he says. “The statistics I’ve seen at hospitals that are being proactive and looking at this are finding at least one person a month who is diverting drugs in their facility. If a 300-bed hospital is finding one person a month, and Hospital B has the same amount of staff and beds and is finding nothing…”</p><p>NADDI has been providing training for hospitals to develop antidiversion policies. Cichon notes that many hospitals throughout the country have no plan in place to actively look for diverters. “As big as the issue is, many of them are still just not being that proactive in looking at the possibility that this is happening in their facility.”</p><p>Cichon encourages a team approach to diversion that acknowledges diversion as a real threat. “Not just security personnel should be involved with the diversion aspect,” he says. “Human resources, pharmacy personnel, security, everyone is being brought into this investigation, because the bigger picture is patient safety. The diverting healthcare worker typically isn’t one who’s going to be selling or diverting his or her drugs on the street, but they are abusing the drugs while they are working.”</p><p>Leon worked hard on diversion prevention at HCMC after discovering a surprising pattern: almost all of the diverters he investigated wanted to be caught. “What got me on this path of prevention was observing the nurses as they would admit to what they did,” he explains. “More often than not the nurses would say, ‘I wanted somebody to stop me. I needed help, didn’t know how to ask for it, and I was hoping somebody would stop me.’ That’s pretty powerful when you’re sitting there listening to this on a consistent basis.”</p><p>Leon implemented mandatory annual training for everyone in the hospital—from food service workers to surgeons—to recognize the warning signs of drug diversion. “If a nurse or anesthesiologist or physician is speaking with you and telling you they are having these issues, then you should say something,” Leon explains. “It’s not doing the wrong thing—you’re helping them, and that’s the message we sent out. Look, these individuals are not bad individuals. Something happened in their lives that led them down this path.”</p><p>Leon also had cameras installed throughout the hospital that allowed him to observe diversion but also kept his investigations accurate. “We had a nurse who was highly suspected of diverting,” he says. “With the cameras I was able to show that she wasn’t diverting, just being sloppy. The employees appreciated the cameras because it showed they weren’t diverting medication, they just made a mistake.”</p><p>Over time, HCMC personnel became more comfortable coming forward with concerns about their coworkers. Before the facility started the annual training, Leon caught at least one diverter a month. Before he retired, he says, that number had dropped to one or two a year.</p><p>“The success of our program at HCMC was the fact that we paid more attention to educating rather than investigating,” Leon says. “You have to keep those investigative skills up, but you have to spend equal amount of time on prevention and awareness.”</p><p>Mitchell points to algorithmic software that can identify a potential diverter long before their peers could. Taking data such as medicine cabinet access, shift hours, time to waste, and departmental access allows software to identify anomalies, such as a nurse whose time to waste is often high, or a doctor who accesses patients’ files after they have been discharged. </p><p>“Most people are using the logs from the medicine cabinets trying to do statistical analysis,” Mitchell explains. “You find out 60 days or six months later, or you don’t see that pattern emerge by just using one or two data sets. That doesn’t help. The goal is to identify these people as quickly as possible so they are no longer a risk to themselves or the patients or anyone they work with.”</p><p>Murphy encourages facilities to be in full DEA compliance to mitigate diversion. “If somebody wants to steal or becomes addicted, they are going to find a way to do it, and sooner or later they are going to get caught, but then there’s a problem because the hospital has to work backwards to determine how much was stolen and reconcile all that,” he says. He also notes the importance of following up internally on each diversion case and figuring out what went wrong, and adjusting procedures to address any lapses. </p><p>“Every entity that has a DEA program should have diversion protocols in place because if they don’t they are playing Russian roulette with theft and loss and their DEA registration,” Murphy says.  ​</p>

Supply Chain

 

 

https://sm.asisonline.org/Pages/The-Dirty-Secret-of-Drug-Diversion.aspx2017-08-01T04:00:00ZThe Dirty Secret of Drug Diversion
https://sm.asisonline.org/Pages/The-Most-Resilient-Countries-in-the-World.aspx2017-05-11T04:00:00ZThe Most Resilient Countries in the World
https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspx2017-02-01T05:00:00ZSupply Chain Strategies
https://sm.asisonline.org/Pages/The-Usual-Suspects.aspx2016-08-01T04:00:00ZThe Usual Suspects
https://sm.asisonline.org/Pages/Book-Review---Diamond-Mine-Security.aspx2016-07-29T04:00:00ZBook Review: Diamond Mine Security
https://sm.asisonline.org/Pages/In-the-Public-Interest.aspx2016-05-01T04:00:00ZIn the Public Interest
https://sm.asisonline.org/Pages/Slavery-in-the-Supply-Chain.aspx2015-12-17T05:00:00ZSlavery in the Supply Chain
https://sm.asisonline.org/Pages/Port-Protection.aspx2015-02-01T05:00:00ZPort Protection
https://sm.asisonline.org/Pages/Strategic-Shrink-Reduction.aspx2015-02-01T05:00:00ZStrategic Shrink Reduction
https://sm.asisonline.org/Pages/Linking-Crime-and-Terrorism.aspx2015-01-01T05:00:00ZLinking Crime and Terrorism
https://sm.asisonline.org/Pages/Supply-Chain-Security.aspx2014-10-01T04:00:00ZSupply Chain Security: A Comprehensive Approach
https://sm.asisonline.org/Pages/Protecting-Food-Imports.aspx2014-07-01T04:00:00ZProtecting Food Imports
https://sm.asisonline.org/Pages/Supply-Chain-Resources.aspx2014-06-01T04:00:00ZSupply Chain Resources
https://sm.asisonline.org/Pages/security-and-loss-prevention-introduction-sixth-edition-0013394.aspx2014-05-01T04:00:00ZSecurity and Loss Prevention: An Introduction, Sixth Edition
https://sm.asisonline.org/Pages/asset-tracking-trends-0013104.aspx2014-02-01T05:00:00ZAsset Tracking Trends
https://sm.asisonline.org/Pages/Getting-the-Goods.aspx2013-09-01T04:00:00ZGetting the Goods
https://sm.asisonline.org/Pages/loss-prevention-0012628.aspx2013-08-01T04:00:00ZGlobal Retail Crime and Loss Prevention Trends
https://sm.asisonline.org/Pages/digital-edition-cover-story-uncovering-art_E2_80_99s-dark-past-0012457.aspx2013-02-01T05:00:00ZDigital Edition Cover Story: Uncovering Art’s Dark Past
https://sm.asisonline.org/Pages/The-Fight-Against-Food-Fraud.aspx2012-12-01T05:00:00ZThe Fight Against Food Fraud
https://sm.asisonline.org/Pages/report-billions-dollars-worth-smartphones-lost-annually-009733.aspx2012-03-23T04:00:00ZReport: Billions of Dollars Worth of Smartphones Lost Annually

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Strategic-Shrink-Reduction.aspxStrategic Shrink Reduction<p>​<span style="line-height:1.5em;">Security’s long battle against retail theft continues, and it is far from won, but some retailers are making gains. Loss prevention strategies are becoming increasingly more sophisticated, with some retailers leveraging cutting-edge technology, analytics, and an even more engaged workforce to fight thieves and stay one step ahead of always-evolving shoplifting methods.</span></p><p> Global shrink has declined by 4.8 percent in the last year, due in part to an increased focus on loss prevention measures, according to a recent study of retail theft across the world. The report, The Global Retail Theft Barometer 2013-2014, examined the cost of merchandise theft in the global retail industry in 24 countries spread throughout Asia, Europe, North America, and South America.</p><p>What’s driving the progress? One major factor is increased investment in loss prevention programs. The study found clear correlations between how much a country’s retail industry spent on loss prevention and the retail loss rate in that country. Countries with the best shrink reduction rates had spent the most on preventive countermeasures, while those with the highest losses spent the least on prevention.</p><p>This is a lesson that some retailers in the United States could benefit from, says Ernie Deyle, former vice president of loss prevention for CVS/Caremark who now leads the shrink reduction and margin recovery practice for SD Retail Consulting. Deyle says that when he does “triage” work in the field, some stores consider loss prevention an expense area, a place where they minimize spending in hopes of minimizing costs. So the idea that loss prevention is actually a competitive asset area is “usually overlooked,” often to the detriment of the store’s financial bottom line. “When you control loss, you improve your profit,” says Deyle, who helped conduct the study in conjunction with The Smart Cube, a research and analytics firm. </p><p>However, simply spending more money on prevention is not the sole answer to the problem, Deyle adds. The report found that the most effective loss prevention programs are multifaceted: they often combine the strategic use of technology and physical security measures with data analytics.</p><p>For example, a multifaceted program might employ electronic article surveillance (EAS). EAS devices have been shown to be among the most effective of retail security technologies, the report found. But relying on one tactic or device, even one as effective as EAS, is “like putting up a gate with no fence,” Deyle says. </p><p>Instead, multifaceted loss prevention programs may couple an EAS system with a merchandising plan that covers product placement strategies to avoid theft. The merchandising plan might use analytics on loss data to determine things like what shelves are most vulnerable to theft, which items are most likely to be stolen, and when peak theft occurs. Product placement strategies might include the best arrangements and facings for items to minimize theft, Deyle explains. For example, arranging products in a way that takes longer to lift them off the shelf can deter some shoplifters. “They want quick in, quick out, without being noticed,” Deyle says. </p><p>Moreover, loss prevention plans should be constantly evolving. Shoplifters who are foiled will change their practices accordingly, so retailers need to continually change their tactics as well. “It’s about being strategically positioned,” Deyle says. “You need to stay ahead of the curve.” </p><p>While the 4.8 percent global shrink decline is encouraging, retail shrink still costs an estimated $128 billion worldwide, evidence that theft is still a serious problem for the industry, according to the report. The loss is the equivalent of 1.29 percent of sales in each of the 24 countries examined in the study. The annual cost of shrink to households, as passed on from retailers, ranges from $74 to $541, depending on the country. </p><p>Roughly two-thirds of shrinkage worldwide (slightly more than 65 percent) is due to shoplifting, followed by employee theft. In most countries (16 of 24), shoplifting is the biggest cause of shrinkage, but this can vary. For example, in the United States, employee theft ranked first at 43 percent, with shoplifting next at 37 percent. In Norway, a low shrinkage country, administrative losses are the major source of shrinkage.</p><p>Comparatively, shrinkage rates across the 24 countries in the report range from 0.83 percent to 1.7 percent. Mexico recorded the highest rate—1.7 percent—followed by China with 1.53 percent. The lowest shrinkage rates were in Japan, Norway, the United Kingdom, and Turkey. </p><p>In the United States alone, retail theft costs $42 billion annually, equal to an average of $403 per household. Shoplifters and dishonest employees most commonly target products that are easy to conceal and then resell.  Some of the most frequently pilfered items include mobile phones, spirits, fashion accessories and jewelry, makeup products, and computer tablets.  </p><p>Almost all types of U.S. retail stores were hit by employee theft and shoplifting, but the most affected were U.S. discounters, with losses equaling 2.78 percent of sales; pharmacies/drugstores, 2.16 percent; and supermarkets/grocery retailers, 1.38 percent. These three types of stores witnessed the highest shrink rates because of the widespread prevalence of organized retail crime combined with relatively lower loss prevention spending, according to the report. </p><p>While retailers are making progress with sophisticated loss prevention programs, another recent report points the way toward an alternate means of reducing retail shrinkage—by improving the engagement level of the workforce. </p><p>This report, Making the Link: the Role of Employee Engagement in Controlling Retail Losses, surveyed more than 200,000 staff members in 1,570 stores under three European retail chains. Employee engagement was measured across 18 factors, such as “staff believe their ideas and suggestions are taken seriously” and “staff feel appreciated and valued.” Four indicators of retail loss were examined: shrinkage, waste, cash loss, and lost sales driven by out-of-stock merchandise. The report was conducted by ECR Europe’s Shrinkage and On-Shelf Availability Group, with support from the University of Leicester. </p><p>The study found that 15 of the 18 employee engagement factors influenced store loss. It also found that the stores that had the highest loss rate could significantly reduce that rate with a more engaged workforce. The report “graphically highlights the difference that engaged and valued staff can make to retail profitability—not just by providing excellent customer service, but also through a reduction in the many and varied losses retailers experience,” write the authors of the report. (For more on employee engagement best practices, see “The Disengagement Dilemma” on page 52).  </p><p>Like the previous report, Making the Link also found that managers played a pivotal role in keeping employees engaged. To heighten engagement levels and reduce loss, the authors recommended that managers provide more opportunities for staff development, keep staff informed about the organization, solicit staff ideas, and make sure that staff have satisfying, manageable roles. </p><p>“For all the advances in technology and analytics, the importance of employees must not be minimized,” the authors write. “Retailing is fundamentally about people—principally the customer but also the employees tasked to service their needs.”</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/The-Golden-Rule.aspxThe Golden Rule<p>​</p><p>HIGH IN THE ANDES mountains of northern Peru, 375 miles north of the capital city of Lima, is the Yanacocha mine—Latin America’s largest gold mine. The site, which is majority-owned by Colorado-based Newmont Mining Corporation, consists of six open pit mines, four leach pads, and three gold recovery plants. More than 100 small, rural communities fall within its influence area. While communities situated near Yanacocha have been concerned in the past about the mine’s impact on local water supplies and a lack of communication from the company, Lee Langston, Newmont’s regional director of security for South America, says that most concerns are related to employment.</p><p>Tensions over those concerns resulted in a series of protests in August 2006. Farmers blocked the road to Yanacocha for one week, and production at the mine came to a standstill for two days. According to media reports, protestors’ original demand for jobs turned to anger over environmental concerns, and in one violent clash, protestors blocking the road threw stones at police. In the response, one farmer was shot and killed.</p><p>The incident highlights the often strained relationships between local communities and international extractive companies operating abroad. As a result of this and other security conflicts between Newmont and the communities surrounding the mine in recent years, the company is in the process of implementing a new approach to security that recognizes the importance of human rights and community outreach.</p><p>Human Rights<br>The mining industry has an increased awareness of the connection between community relations and security today compared to a decade ago. “I think increasingly there really is a recognition on the part of the mining companies we work with that there is a degree of indivisibility between what you are doing in terms of your community relations or your community investment and security,” says Aidan Davy, a program director for socio-economic contribution for the London-based International Council on Mining & Metals (ICMM), an industry group which counts Newmont among its members.</p><p>Davy attributes the change to the influence of the Voluntary Principles on Security and Human Rights, an initiative of private companies, governments, and nongovernmental organizations (NGOs), that is intended to provide guidance to extractive companies on how they can maintain the safety and security of operations while ensuring respect for human rights.</p><p>The Voluntary Principles, as they are commonly called, were established in 2000 and primarily address three issues: risk assessment, engaging with public security forces, and interacting with private security forces. For each of these issues, the Voluntary Principles provide several guidelines. Signatory organizations commit to abiding by the principles and submit annual reports on activities.</p><p>Extractive companies have historically taken a silo approach to security and community relations, Davy says, but the Voluntary Principles have led to a more synergistic approach. “Instead of taking the view of conventional security that our role is to protect our people and our assets in that order and [that] people outside the fence line or communities may represent a threat to either people or assets, the Voluntary Principles take the view that in legitimately providing security for people and assets, there is a genuine risk that you might compromise the safety, security, and wellbeing of people outside the fence line,” he explains.</p><p>That shift in perspective, he says, has helped companies realize the importance of aligning what they are doing in the security space to what they are doing in the community relations space. “That has had a profound influence, I would say, in terms of sensitizing people to the idea that these matters are closely related,” he says. </p><p>Slow Going<br>Davy admits that there is some public dissatisfaction about the lack of progress in implementation of the Voluntary Principles. “That absolutely is not the fault of companies exclusively,” he says. “I think it’s because, at its heart, the Voluntary Principles rely on a tripartite model of government, civil society, and company collective engagement and collaboration, and at times, I think they’ve failed to move this thing forward in a way that’s been collaborative.”</p><p>Indeed, one of the biggest challenges, according to Langston, is enforcing human rights in a foreign country and in remote areas. “The real challenge is that [we are] a private company, a foreign private company, [so] sometimes if it’s not approached delicately, government institutions can feel that you’re treading into their area of governing,” Langston says.</p><p>Davy says implementation guidance of the Voluntary Principles has also been lacking. “What’s been missing is practical guidance that will help people really move forward with implementation,” he says. An implementation guidance tool is currently being created by a coalition that includes the Voluntary Principles Secretariat, ICMM, the International Finance Corporation, the International Committee for the Red Cross, and the International Petroleum Industry Environmental Conservation Association (IPIECA). The guide should be available within a year, Davy says.</p><p>Newmont, which is an ICMM member, was one of the first companies to sign on to the Voluntary Principles in 2001. But Oxfam America, an NGO participant in the Voluntary Principles, lodged a complaint against the mining company in 2007 with the initiative’s Secretariat. That complaint was in response not only to the protests in 2006 and the death of farmer Isidro Llanos Chavarria but also to allegations later that year of illegal wiretapping, surveillance, and death threats by a private security company employed by Newmont against a prominent human rights activist and outspoken critic of the company.</p><p>Newmont and Oxfam America subsequently agreed to a third-party comprehensive review of Yanacocha’s security management and practices. The review consisted of interviews with company executives, Peruvian National Police authorities, representatives from two of the three hired security companies employed by Yanacocha, NGO personnel, and community leaders.</p><p>A summary of the review of Yanacocha’s security and human rights procedures was released publicly last summer. “The total review identified areas of strong performance as well as the processes that they felt Yanacocha could improve upon,” says Langston. Newmont and Yanacocha analyzed the review and then developed a plan of action to implement the report’s recommendations for a new approach to security and human rights.</p><p>New Action Plan<br>The plan of action that came out of the review included short-term objectives that would be implemented by the end of 2009, medium-term objectives that would be implemented by the end of 2010, and long-term objectives that would be done in 2011. In terms of implementing recommendations for the Yanacocha site, Langston, as regional security director, is responsible for ensuring that they are completed in the timeframe set by the committee.</p><p>One example of a short-term objective is the creation of a Risk Assessment and Conflict Resolution Office. Langston says the company had a similar office before but it was not as effective as it could have been. One problem was that it only addressed complaints filed directly with the office. For instance, if an allegation appeared in the media, it was not considered a legitimate complaint.</p><p>“Well, you have to be reasonable,” Langston says. “If it’s floating around in the media, you better address it as a complaint.” Now the office considers all allegations no matter how they get word of them. “One of our employees can say he heard something in a store, and that would be investigated,” Langston adds.</p><p>Investigations. Yanacocha now investigates all use-of-force incidents. “Anytime any of our security people have an incident, whether it’s with an employee or a contractor or a community member, that is reported and treated just as if it is an allegation so we can determine whether the force used was reasonable or not,” Langston says.</p><p>All such reports undergo a new process of evaluation as well. If the risk level is classified as low, the incident is evaluated by a human rights and security investigation committee, which includes the site security manager as well as representatives from legal and operations. Representatives from other relevant departments are also on the committee.</p><p>For instance, if an incident involves the community, someone from the social responsibility department is there; if an allegation concerns an employee or contractor, a human resources or contracts manager serves on the committee. They assess the allegation and determine whether it has merit.</p><p>If the allegation is deemed legitimate, the committee orders an investigation and picks an investigation team to report back with results and recommendations. The onsite committee must also keep the South American regional board, which mirrors the committee at the site level, informed.</p><p>If the risk level of a complaint is considered medium, the regional-level committee handles it, and if it is a high-risk complaint, corporate, which also has a similar body, investigates.</p><p>Working with police. Because the response time is so long from Cajamarca, a contingent of police officers is stationed at the mine and rotated on a monthly basis. The company pays the police officers a daily stipend and provides lodging and meals and makes a contribution to the police institution for their services as stipulated in a formal memorandum of understanding (MOU).</p><p>In addition, the MOU has provisions for additional response to the mine area if an incident should occur. However, one of Yanacocha’s medium-term objectives is to work with the police to make this MOU more transparent. The police acknowledge on their Web site that they have an agreement with the mine, Langston says, but they do not publish the contents of the MOU, which is important information for the local community to have. </p><p>One of the long-term objectives is to expand the police training to the regional and national levels, but it will take time. “Obviously it’s the state’s responsibility to do this kind of stuff,” Langston says. But, “[i]f we can help them with a reasonable cost to the company, we’re going to do that.”</p><p>The comprehensive review also recommended equipping police forces with nonlethal weapons, Langston says. “We’re not so sure [as a] company that we want to get involved in providing that type of material, because it’s nonlethal, but it’s offensive in nature,” Langston says. Currently the company provides protective gear for police who are stationed at the mine site or who are responding to an incident. These items include helmets, shields, padding, and other riot response equipment.</p><p>Equipping police raises concerns beyond just the cost to the company, Langston says. There are also legal concerns. “We need to be very cognizant of the Foreign Corrupt Practices Act when we talk about equipping people,” he says. “We have to have some means of monitoring the use of that equipment.” </p><p>Another objective the company hopes to meet by the end of this year is the establishment of regular, formal meetings with public security partners, which include the national police as well as the military. Newmont’s security officials currently engage in formal, high-level meetings with these partners at least once a year, but the company is negotiating with Peru’s interior and defense ministries to set up a formal schedule that would include meeting twice a year at the ministry level and quarterly with generals at the regional level.</p><p>The purpose of the meetings is to assess collaboration and discuss ways to improve performance within the framework of the Voluntary Principles. Yanacocha’s security manager, Jose Antonio Rios Pita Diez, CPP, currently meets with local police on a weekly basis.</p><p>Human rights training. In 2008, in an effort to improve the company’s implementation of the Voluntary Principles even before the review was completed, Yanacocha launched two training programs designed to raise awareness among employees and contractors about the importance of respecting human rights. One program is basic training in human rights and provides an overview of relevant initiatives Newmont is involved with, such as the Voluntary Principles and the United Nations Global Compact. Each participant also receives a primer on human rights.</p><p>In the first year, 3,000 participants benefited from the program, including all of the security contractor personnel working for Yanacocha. The program continues on an annual basis.</p><p>The second training program launched the same year is training in the Voluntary Principles. This program targets the mine’s security staff, contractor personnel, and police assigned to the site. Training focuses on ways to ensure the safety of Yanacocha’s employees and operations while respecting human rights. </p><p>In the first year, the training was provided only to security and contractor supervisors and to public security officers assigned to provide support to the operation. In 2009, all security personnel received the training, which includes use-of-force instruction and a code of conduct for law enforcement officers. The training is being extended in 2010 to Newmont’s Conga project, which is also in Peru, and its Merian project in Suriname. </p><p>Community relations. Yanacocha’s security department has also launched a security-community integration program to improve relationships and trust between security personnel and local communities. As a part of the program, security personnel work with security contract personnel, the police, the military, and local businesses and organizations to plan one-day festivals in isolated communities in the mine’s area of influence. Some activities include music provided by the army or police bands, Andean folk dances, lunch prepared and served by security personnel, and social services, such as presentations on family planning, spousal abuse, and hygiene conducted by the police health unit.</p><p>The security department spearheads approximately one event per month, going to a different local village each time. Security personnel and their families attend. Not only do the events build trust between company and contract employees and the communities, but they also improve relations between the state law enforcement personnel and the local Indian communities, Langston says. </p><p>Yanacocha’s Diez says that it is important to venture into the community relations realm, even though others may consider it the work of an external affairs or social responsibility department.</p><p>“We are doing our work in a preventive way because if we have some problems in the road, the problem also will be for the security department and also for our company,” he says. “We are working in a preventive way in order to avoid these kinds of situations.”</p><p>On a regional level, Newmont is working with the Interior Ministry to assist and provide resources to the rondas campesinas, or rural peasant patrols, which have developed over centuries to provide security for their own rural communities. Each local community has its own ronda. Newmont provides them with minor equipment and gear that makes the ronda campesina stand out in the community, such as vests that say “Ronda” and identify the community; flashlights, boots, and some rain gear.</p><p>Results<br>The goal of these community outreach efforts at its simplest was—and is—to “put a face” on security. The hope was that if local residents got to know security personnel as people before there was an incident, then when they showed up on the scene to respond to trouble, the locals might be disgruntled, but they would be “less likely to pick up a rock or a stick and start to assault the guard. And that’s exactly what we’re seeing,” says Langston.</p><p>He says that security personnel are met more cordially on the road and that they now have conversations with members of the communities. Both Langston and Diez say the efforts at Yanacocha are also showing some tangible results. For example, the company experienced 25 roadblocks in 2007 and only one last year. The company also tracks conflicts that involve physical force, and those incidents have dropped from 64 in 2007 to six in 2009.</p><p>Langston has noticed a growing awareness that community relations affect security and vice versa. “Used to be security was checking the lunchbox at the gate, and it’s much more than that now,” he says. “You have to go beyond the fence, and that takes a whole different mind-set and set of skills.”</p><p>Stephanie Berrong is an assistant editor at Security Management.<br></p>GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspxSupply Chain Strategies<p>​Take almost any product you have purchased in a store or used at home or work in the last week. Chances are, that object moved thousands of miles from where it was originally manufactured to the place where it was ultimately purchased or delivered to you. Organizations have intricate supply chain networks that are constantly moving every day around the world, and having an efficient supply chain security program ensures that movement of goods is not interrupted or compromised. </p><p>Security professionals must take a detailed look at the vendors who supply their assets and understand how those goods will be handled and ultimately implemented into their company’s operations or services. Following is a look at how a children’s hospital in Alabama applied supply chain security best practices to weather an unexpected storm, as well as provide for day-to-day operations. In addition, supply chain experts discuss lessons learned from their own experience of conducting risk assessments, following standards, and vetting suppliers and transporters to better protect company property. ​</p><h4>Alabama Children’s </h4><p>When a snowstorm hit Birmingham, Alabama, on January 28, 2014, the city was caught unawares. The snowfall, which quickly turned to ice, left thousands stranded on highways or in their offices. Children were stuck at school, their parents unable to pick them up. The event became known as “Snowpocalypse,” and news service AL.com called it “the winter storm that brought Birmingham to its knees.” </p><p>Hospitals were affected by the storm as well, including Children’s of Alabama. The pediatric center encountered vulnerabilities in its supply chain during that event it hadn’t previously considered, says Dennis Blass, CPP, PSP, director of safety and security at the hospital. </p><p><strong>Lessons learned. </strong>Every year the hospital conducts a hazards vulnerability assessment for its supply chain to find out where it can improve safety and security. “Once you identify your hazards and your vulnerabilities–the things that are dangerous to you or the things that you’re weak in–then you start peeling those back,” he says. “If we identify hazards that we need to correct, then we probably are going to create a management plan to correct those issues.” </p><p>Many displaced people in the community turned to the hospital for shelter when they had nowhere else to go. “We have a very prominent position in the Birmingham skyline, so if things look bad, the hospital looks like a place to go and get help–as it is,” Blass says. There were also clinic patients who had come to the hospital that morning for a routine checkup, planning to leave; many of them were stuck because of the snowstorm, which began around 10:30 a.m. local time.</p><p>Instead of being filled to the normal capacity of 300 people—the number of beds in the hospital—there were roughly  about 600 people who spent about 48 hours at the facility to ride out the storm.</p><p>The number of people at the hospital exposed one unforeseen vulnerability—obtaining clean linens from its supplier, which is separated from the hospital by a chain of mountains. “The supplier can wash the linens, but they can’t deliver them to us…we ended up making it, but that was a close call,” says Blass.</p><p>“We could handle supplies for patients, but we had a lot of people who just came to the hospital because it was a warm place to be,” according to Blass. “That had impacts on the amount of food that got consumed, and it had impacts on the amount of linens we went through. Just things that people need, supplies like toilet paper, things you don’t think a lot of.” </p><p>For those who weren’t patients, the hospital served smaller meals than normal; “sandwiches and soup, as opposed to meat and potatoes,” Blass says, to stretch resources. </p><p>The main drug supplier for the hospital is located in the same region, so obtaining critical medicine was not a concern during the storm. The hospital also has plenty of diesel fuel tanks, and can go for days without restocking. Only the insufficient linens, which must be sent off to a facility for proper sanitation before being returned to the hospital, turned out to be an issue.</p><p>“We did an after-action report on that experience, so we…put it in our emergency management plans for the future,” he notes.</p><p>The hospital’s emergency plans help ease any supply chain shortages. The institution follows the hospital incident command system (HICS) which assigns temporary duties to leadership during an emergency. For example, during the snowstorm, the chief operating officer of the hospital assumes the role of incident commander; an information officer is assigned to keep the community informed of hospital activities; and the plan also incorporates a medical officer, logistics chief, and planning chief. </p><p>During the incident, this system helped ensure proper patient care and as few gaps in the supply chain as possible. “Food was getting tight,” Blass says, and the food warehouses are not located near the hospital. “Because of the command structure, leadership can say, ‘okay you have a company credit card, we’ll contact the bank and raise your limit from $500 to $5,000 or whatever you need.’”</p><p>The U.S. Joint Commission, which certifies and accredits healthcare bodies, requires that hospitals have a group with representatives from various divisions that evaluates the standard of care they are providing to patients. Alabama Children’s has an environment of care committee that meets once a month to complete this requirement. “Our environment of care committee looks at things like safety, security, and resource management,” says Blass. “We have to meet the Joint Commission’s standard, and it surveys us every three years.” </p><p>Representatives on the team at Alabama Children’s include staff from the pharmacy, medical team, facilities, human resources, dining services, and more. This team ensures that there aren’t any gaps in the supply chain that would interrupt the hospital’s daily operations. As a rule, Blass says that having enough supplies for 96 hours will allow the facility to continue operating smoothly and efficiently. This includes a variety of items that the environment of care team must carefully think through and document. “You’re talking about water, fuel, basic sanitary supplies, and then you start talking about medicine and those things necessary for a hospital to run,” he says. </p><p>And there can be more than one type of each supply, a detail that, if overlooked, could mean life or death. “We have pumps that pump air, we have pumps that pump blood, we have pumps that pump saline, we have pumps that do many different things. You have to have all the things needed to make those supplies work for 96 hours,” he notes. </p><p>Keeping track of inventory is critical to determine whether the hospital has a sufficient supply of each item. Blass says that the hospital is moving toward a perpetual inventory system, where a new item is ordered as soon as one is pulled off the shelf. </p><p>There is a downside to stocking too many items, which is why it’s a delicate balance between having 96 hours’ worth of supplies and more than enough. “Space is expensive. And if you want to have enough water for four days, how much water is that? Where do you put it? How do you keep it fresh?” He adds that the hospital must be thoughtful in its policies and procedures on maintaining its inventory to avoid any issues.  </p><p>Thankfully, Blass notes, t​he 2014 snowstorm only lasted 48 hours. “The size of the surge exceeded our plan, but the length of the surge was shorter than our plans, so it all worked out,” he says. </p><p>And not every element of securing the supply chain is tangible; the information and communication pieces are also critical. “Every day we’re getting blood supplies in, and other kinds of materials that must be treated very carefully,” he says. Special instructions need to be followed in many cases. For example, there may be medicine that must be stored at a precise temperature until 30 minutes before it’s dispensed. That information must be communicated from the pharmacist to the supplier, and sometimes to security, who can give special access to the supplier when it delivers the drugs. </p><p>Blass is a member of the ASIS International Supply Chain and Transportation Security Council. He helped develop an American National Standards Institute (ANSI)/ASIS standard for supply chain security, Supply Chain Risk Management: A Compilation of Best Practices Standard (SCRM), which was released in July 2014. The standard provides supply chain security guidelines for companies, and has illustrations of what exemplary supply chain models look like.</p><p><strong>Best practices.</strong> Marc Siegel, former chair of the ASIS Global Standards Initiative, also participated in the creation of the ANSI/ASIS standard, which provides explanations of how to look at managing risk in the supply chain. “It’s based on the experiences of companies that have very sophisticated supply chain operations,” he tells Security Management. “The companies that put it together were really looking at having a document that they could give to their suppliers, to help them look at themselves and think of things that they should be doing and preparing for.” </p><p>Siegel is now director of security and resilience projects for the homeland security graduate program at San Diego State University. He promotes supply chain mapping, which takes a risk management–based approach to supply chain security. “Traditionally, a lot of security people have looked at supply chain as logistics security,” he says, “whereas companies with major supply chain considerations have been moving more into an enterprise risk management perspective.” These organizations take an across-the-board look at risks that could create a disruption in the supply chain, asking themselves what the specific things are that could interrupt or prevent them from manufacturing or delivering their product. </p><p>Siegel says there is a disproportionate focus on bad actors and intentional acts as threats to the supply chain, when more often it’s a natural disaster or accident that causes the most significant disruptions. “The broader risk management perspective is also looking at, ‘Is there a potential for a storm, is there a potential for political disorder, or instability in a region, that can cause a delay in processing?’” Only then, he says, are companies efficiently mapping out all the factors that could introduce uncertainty.</p><p>Maintaining a broader perspective will keep organizations from fixating on two of the most common hangups in supply chain security. “You have people who fixate on ‘everything is a threat,’ and you have people who fixate on ‘everything is a vulnerability,’ and if you only fixate on those two things you’re going to miss a lot of stuff,” Siegel says.</p><p>Blass agrees. “When we start that annual hazards vulnerability assessment, I’m going to look through the standard and notes I’ve written myself to make sure I’ve got everything covered,” he notes. “You can never rest and say, ‘well, we’re safe and secure and we don’t have to do anything else,’ because the threats keep changing.”   ​</p><p>--</p><h4>Sidebar: assess risk<br></h4><p> </p><div>​For the co​rporation that produces the F-35 fighter jet and other advanced technologies for the U.S. government, supply chain security is of utmost importance. “The threats that we face are universal in nature due to the size and the complexity of our supply chain,” says Vicki Nichols, supply chain security lead for Lockheed Martin’s Aeronautics business. </div><div><br> </div><div>Lockheed Martin Aeronautics assesses the supply chain in a number of categories, but Nichols works most closely with cargo security. “The threats there are cargo disruption, unmanifested cargo, and anti-Western terrorism,” she notes. </div><div><br> </div><div>The division conducts a risk assessment of its international suppliers. “We look at what type of products they provide us and how vulnerable that product is to manipulation or intellectual property theft, and we look at country risk,” she says.  </div><div><br> </div><div>The company sends a questionnaire to its suppliers, and comes up with an overall score for each of them based on 10 criteria, including country risk and transportation mode. In many cases, it also sends field personnel to evaluate the supplier’s facility. “If we know we have eyes and ears going in and out of the facility, and those people are trained to recognize red flags, then we know we have a lower threat because of our presence,” she says. </div><div><br> </div><div>After one such site check at a facility in Italy, Lockheed Martin Aeronautics determined that the use of technology was warranted to further enhance security. “The concern was that the area was known for introduction of unmanifested cargo—weapons, cargo disruption,” she notes. “We began to look at tamper-evident technologies, and track-and-trace devices that would allow us to know if someone had opened or tampered with the freight.”  </div><div><br> </div><div>Lockheed Martin has a corporate supply chain security council that meets at least once a month to provide updates and discuss any issues that arise. Representatives from the company include human resources, personnel security, physical security, and counterintelligence. Stakeholders from major partner organizations are also invited to participate.</div><div><br> </div><div>Lockheed Martin Aeronautics also works closely with law enforcement and federal intelligence sources who disseminate relevant information to the company. “We subscribe to some intelligence data that is cargo-specific, so we issue a spotlight report about three times a week just to keep people engaged and aware of the threats in the supply chain,” she notes. </div><div><br> </div><div>Supplier engagement is also critical, Nichols says, so the company stays in touch with about 120 suppliers internationally. </div><div><br> </div><div>Sometime in 2017, Lockheed Martin Aeronautics plans to purchase a software management tool that will release supplier questionnaires in the native language for countries it does business with. It will tap existing resources such as “Supplier Wire” to offer training to the supply base. “This will be another evolution on how we can engage, rather than just sending them to a website,” Nichols says. “I think it’s important for our supply base to see how seriously we take security, so they will take it seriously as well.”​</div><div><br> </div><h4>sidebar: consult standards<br></h4><p> </p><p>​Laura Hains, CPP, operations manager, supply chain security and consulting at Pinkerton, member of the ASIS International Supply Chain and​ Transportation Security Council, says that companies should research whether their partners and suppliers are following major supply chain security protocols, like those put out by ASIS, and others such as the Transported Asset Protection Association (TAPA) standards for trucking companies. “TAPA is one of the big authorities on trucking, so if a company says they are TAPA certified, that to me says that they follow protocol,” she says. </p><p>Other standards include the National Strategy for Global Supply Chain Security which U.S. President Barack Obama signed in 2012 and was designed to enhance public-private partnerships. Arthur Arway, CPP, author of Supply Chain Security: A Comprehensive Approach, says the framework seeks to combine input from government and industry on protecting the transport of goods to and from the United States. “I think the government is far more willing to seek out subject matter experts and all the different modes and companies that may transport goods into the United States for their help,” he says. Arway adds the document is relatively recent, and that it could take a while before it is widely adopted. </p><p>Though terrorism is an uncommon threat to the supply chain, it must always be a consideration. Hains gives the example of vehicular attacks. In Nice, France, on July 14, 2016, Tunisia native Mohamed Lahouaiej Bouhlel drove a 19-ton cargo truck into a crowd of Bastille Day festival-goers. That attack killed 86 people and injured more than 400. New York police also warned of possible vehicular terrorism against the 2016 Macy’s Thanksgiving Day Parade. “A small company truck—that could be a target,” notes Hains. “So everybody has to think about terrorism because it’s out there.”</p><p>Another standard at the national level seeking to combat terrorism within the supply chain is the U.S. Customs Trade Partnership Against Terrorism (C-TPAT). The program is voluntary for private industry, but Arway says the national standards as a whole are seeing global adoption.​</p><p>“Standards have come a long way in how they’ve been able to incorporate security into the movement of goods,” he notes. “Many countries have accepted these programs into their own supply chain security programs.”​</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465