What are the particular security issues in the food and drink sector? Ron Alalouff spoke to Guy Mathias, Director of Risk & Operations at drinks producer Suntory and chair of the Food and Drink Security Association. Guy was also selected as number #10 in the Security Thought Leadership category in the IFSEC Global Influencers Security and Fire 2019 and spoke at IFSEC International in 2019.
Guy Mathias, Director of Risk & Operations at drinks producer Suntory and chair of the Food and Drink Security Association
In food and drink, a breach in security could have fatal outcomes, such as with the tampering or contamination of a product. We also have to place security in the wider context of food defence, the requirement to ensure we are controlling the risks that raw materials, semi-finished and finished products could be subject to, either maliciously or inadvertently. As well as contamination of product, anti-counterfeiting is also a distinct aspect of food and drink risk management. Like other security operations, of course, we have our layered physical security measures such as perimeter protection, CCTV, alarms and access control.
The challenge is to protect consumers and maintain the reputation of our brands by implementing enhanced protection throughout the production, storage and distribution processes. For us it is having to do what is necessary to make products achieve quality standards and to consider what could happen during manufacturing, transportation or storage. We also have a wider responsibility to ensure that spirits are consumed responsibly, and that our soft drinks are enjoyed as part of a healthy, balanced lifestyle.
Reputation management plays a big part in our security considerations. We may get half a dozen claims a year that consumers have been taken ill as a result of consuming one of our products. We have to establish whether the product has been produced by us, has a genuine barcode and ascertain its journey from the plant to the retailer. It’s only by having robust security and a rigorous audit trail that we can confidently ascertain where the breach happened and whether it was down to us or not. A product recall is expensive in terms of the costs of investigation and logistics, and can have a heavy reputational cost, but is vital to undertake if we ever thought we were providing product that was not safe. Of course, even if the breach was not our responsibility, or it was established that the consumer was taken ill due to another unrelated reason, such claims could still potentially have a detrimental effect on our reputation.
As a food and beverage manufacturer, we employ a system of Hazard Analysis Critical Control Points to manage our product security and safety, and to identify threats within a facility. We have external CCTV in place, and are currently strengthening our internal CCTV coverage, which is beneficial for quality control purposes as well as security. We also conduct regular penetration tests of our external security. These security measures apply as much to our bottling franchisees, co-packers and manufacturing sub-contractors – who each sign up to our Food Defence Standard – as they do to our own manufacturing plants.
Yes. We are plugged into several industry bodies such as the Food and Drink Security Association and law enforcement agencies such as the National Business Crime Unit, National Cyber Security Unit and Scotland Yard, and work closely with the Department for Environment, Food and Rural Affairs.
We require specific security measures from our logistics suppliers, including staff training and awareness of potential geographical hot spots, as well as how to deal with hostile reconnaissance. We employ a number of technical measures which remain cloaked for obvious reasons, but which enhance the security and protection of our logistics
We find the use of RFID a significant help in the packaging and transportation of high value items, but the challenge is to produce a return on investment on such systems and reduce our insurance costs. As a company, we are selective in intelligence-led application of our systems for consignments, on a global basis
“In food and drink, a breach in security could have fatal outcomes, such as with the tampering or contamination of a product. We also have to place security in the wider context of food defence, the requirement to ensure we are controlling the risks that raw materials, semi-finished and finished products could be subject to, either maliciously or inadvertently.”
Cyber crime is a key consideration of modern security planning, given that it reflects the rapidly evolving and sophisticated threats that we face in the 21st century. We have evolved a two-tier system of physical security and cyber security, whereby as well as looking after physical security, we have stakeholders from the business in the cyber security team. The main threats involve ransomware, infection by malware and phishing emails. We have many robust barriers and carry out penetration testing with ethical hackers. We also liaise with the National Cyber Security Centre and harness their advice and good practice documents.
We start the day with a review of overnight events, especially from our sites in different time zones, and we then have the inevitable team huddle to kick around outstanding issues. The teams will check on the maintenance of our physical security hardware and assess incident reports. We work hard with our colleagues to ensure the importance of everyone in the company taking responsibility for security as stakeholders, which is something we have developed throughout the business. Our teams will also be busy reviewing CCTV to assess incidents and any potential suspicious behaviours.
From my perspective, I generally will be in dialogue with the many business functions in a variety of development projects and governance meetings. I also have daily touch points and dialogue wearing my other hats for the Food and Drink Security Association, Cross Sector Safety and Security Communications (CSSC) and the Security Commonwealth.
If I had a nervous disposition, the great uncertainty of our times – for example, the challenges terrorism can pose by the very random aspects of when and where it occurs, and thus potential impacts that could affect our staff purely as members of the public. We therefore ensure that we provide staff with the Actions Counter Terrorism briefings so that they can have a better understanding of how to help themselves cope with a situation if they are caught up in one. We take every possible precaution to ensure our staff feel safe and protected. All security professionals should have, as a cornerstone of their ethos, the protection of colleagues and assets, but I have a real belief in our systems, processes and people, so I really do sleep like a log!
I want to make sure that everything my team and I do will protect our people in this world-class business. It’s also an incredibly varied role and one that I enjoy immensely. It is a real privilege to work with such a fantastic group of people of all nationalities and who are real professionals.
In addition, chairing the Food and Drink Security Association means I have the opportunity to interact with some great professionals in a sector that is developing continuously, but promotes many forward-thinking security and risk initiatives. As a sector-representative body we have terrific working links with police and government bodies.
In my wider roles, it is a great honour to lead the Security Commonwealth during 2020 as I enter into my second year as Chair. Our mantra is “Stronger Together” and we represent over 40 key stakeholders in UK Security & Risk plc, acting as an interface between the public and private sectors responsible for security and law enforcement. It is also gratifying to see that the UK security industry enjoys such a great reputation around the world.
Working closely with the Commonwealth is the Cross Sector Safety and Security Communications (CSSC) initiative, which operates across all 11 UK regions. The body is responsible for cascading timely, accurate and authoritative security and safety information from a central hub to businesses and organisations across the UK, with a reach to over 10 million people. These messages cover subjects such as counter-terrorism, civil demonstrations, cybercrime, public order events, fraud and flooding alerts. I lead the Eastern Region CSSC area and sit on the national consultative board.
Finally, there is a great capacity in the industry to share knowledge and professional best practice: colleagues are always happy to make time for me and for others. Despite the fact that there are always some challenges involved, there are many good colleagues in the business who are prepared to ensure that our security and risk mitigation measures remain effective.
Download this report, produced in conjunction with Texecom, to discover how increasing processing power, accelerating broadband speeds, cloud-managed solutions and the internet of things and transforming the intruder alarm market, and whether firms are adopting these innovative new technologies.
[…] READ: IFSEC Global’s exclusive interview with Guy Mathias […]