Freelance journalist

Author Bio ▼

Ron Alalouff is a journalist specialising in the fire and security markets, and a former editor of websites and magazines in the same fields.
February 18, 2022

Sign up to free email newsletters


Whitepaper: Reshaping the future of retail with security technology

Guide on food and drink industry security highlights the threat from within

Ron Alalouff outlines some of the key aspects of new draft guidance on security in the food and drink industry, published by the ASIS Food Defense and Agriculture Community.

In its introduction, the guide ­– Physical security guidance for the food and beverage industry to enhance food defense outcomes – states that internal threat sources pose the greatest potential risk to food and drink manufacturers, so the guidance starts from the most sensitive internal areas and works outwards towards the perimeter of a site.

Laboratories are identified as potentially vulnerable areas which need to be secured. For example, labs may contain reagents and other materials that can be used as contaminants. These need to be protected through access control combined with effective inventory control and staff training. Physical security measures needed will vary according to the characteristics of each site, but could include electronic access control to manage entry, lock and key control, cameras, door alarms, door logs, additional supervision, container security (e.g., locked and potentially alarmed chemical storage), colour-coded uniforms to designate work areas, and limiting personal items in the lab.

Mixing and weighing areas – where a substance could be introduced to contaminate food products – are potentially vulnerable. Physical security and access control measures should be implemented and based on site-specific risk assessments. This may vary by site and depends on the production process point, but may include segregated weighing and mixing areas with electronic access control to manage entry and other measures outlined above for laboratories.



Effective management of visitors is also recommended. Ideally, approval for visitors to access a facility should be obtained at least 24 hours in advance, or at a minimum be approved by a host. Visitors should have to provide some form of official photo ID to validate their identity. Ideally, they should enter via a separate entrance so that their degree of access to the site is controlled until they are met by a host or escort. Visitors should always be escorted and only allowed access to areas where official business is conducted.

Visitors should wear some form of identification which denotes their visitor status, and should not generally be allowed into any area where manufacturing takes place, or where products or ingredients are stored. A visitor log should be maintained for at least 60 days, which contains information on the name of the visitor, the associated firm, the name of the escort(s), areas visited and the time of their arrival and departure.

Management and storage of partial ingredients

Ingredients are usually received in tamper evident packaging so that tampering and contamination can be more easily detected. Sometimes, however, partial ingredient packaging may be present which is a potentially vulnerable point for contamination.  Measures to reduce the risk of contamination include:

  • Storage of partial ingredients in tamper evident containers (e.g. using bins with numbered seals)
  • Securing partial ingredients in locked storage
  • Weighing partial ingredients returned to inventory and reweighing them when next brought to mixing, weighing or staging steps in the production process.


All trucks and trailers with supplies, raw materials or finished goods must be sealed until use. If the seal needs to be removed for inspection, a new seal should be applied and documented. Unloading of vehicles carrying raw materials, finished products, ingredients or other materials must be closely supervised. All supervisors must be trained in food defence procedures related to shipping and receiving.

Other than smaller and courier shipments, shipment, loading and unloading activities should be scheduled and monitored. Only scheduled shipments should be accepted, with unscheduled shipments held until authorisation is obtained.

Perimeter security

If a facility chooses to use perimeter fencing, chain-link fencing should be at least 6 feet high using at least 9-gauge wire. Fencing should be galvanised with mesh openings not larger than 2 inches per side and have twisted selvages at the top and bottom. The wire should be taut and securely fastened to rigid metal or reinforced concrete posts set in concrete. The top and bottom of the fence should contain a tension wire that runs horizontally along the entire fence line, to help retain the integrity of the fence. The fencing must reach within two inches of hard ground or pavement. On soft ground, consideration should be given to extending below the surface to compensate for shifting soil or sand.

Fencing would typically include a “top-guard” which is constructed of at least three strands of barbed wire placed at a 45-degree overhang that faces away from the property. The top guard should be continuous and not be omitted from vehicle or pedestrian gates. Walls should be at least 7 feet in height

Access control

Axis-FrictionlessAccessControl-20Access control should be implemented to monitor and control access of authorised personal into and out of specific locations, while denying access to unauthorised people. It is important that access control systems are properly managed by people with the appropriate level of authority. The objectives of an access control system are to:

  • Permit only authorised people to enter the facility/specific areas inside
  • Provide information to site management for the assessment and response to unauthorised attempts at entry
  • Detect and prevent the entry of contraband (e.g., weapons, contaminants, violations of good manufacturing practices)
  • Provide an accurate record of who has accessed the facility/area.

Video surveillance

The guidance suggests using fixed cameras over PTZ cameras, which should where possible provide the ability to monitor movement and identity – for example, a fixed camera with a wide-angle view may be used to cover more than one turnstile or lane of traffic. Images need to be at least 40 pixels per foot in the target area of the scene in order to obtain facial recognition from a video image. Other points raised by the guide include:

  • Frame rate should be at least 15 frames per second for recording purposes
  • Recorder video should be retained for between 30 and 60 days, bearing in mind the time it might take to discover an incident
  • Use should be made of day/night camera technology.

Cameras should only be installed after a risk assessment and consistent with where video can have a meaningful impact on risk reduction. The guidance suggests considering employing an independent expert to help identify these needs.

Intrusion detection

The main objectives of intrusion detection systems are to:

  • Detect an actual or attempted intrusion into a protected space
  • Provide in-depth protection and response to selected facilities, buildings, assets and operations
  • Be capable of integration with other physical security systems
  • Facilitate a response by security personnel, pinpointing where an intrusion has occurred.

Personnel matters

The draft guide states the importance of robust screening of potential employees in order to reduce the risk of sabotage from within. It cites the UK’s PAS 96: 2017 Guide to protecting and defending food and drink from deliberate attack which defines personnel security as “procedures used to confirm an individual’s identity, qualifications, experience and right to work, and to monitor conduct as an employee or contractor”. It goes on to say that these principles are used to assure the trustworthiness of employees, but may also be applied to staff of suppliers as part of the process of vendor accreditation.

Other topics covered by the guidance include:

  • Lock and key management
  • Entry and egress openings
  • Emergency exits
  • Security awareness and food defence training
  • Security challenge testing (physical penetration test)
  • Security systems maintenance, inspection and testing

Comments on the draft guidance closed on 15 February 2022. Physical security guidance for the food and beverage industry to enhance food defense outcomes is available here.

Related Topics

Notify of
Inline Feedbacks
View all comments