The best time to began a site specific vulnerability assessment is under the cover of darkness.  Have you ever wondered what goes on at your facility during the night-time hours?  Our on site midnight penetration tests takes a close evaluation of the following areas: 

​

• Conducted in conjunction with the Facility Vulnerability and Risk Assessment. 

  • What address shows up on GPS when physically standing on the company lot/property? Is it the actual building address or a different address? This could be a critical factor with regards to an emergency response! 

  • Night time/Darkness surveillance of the facility. What threats exists during the night season? 

  • How easy is it to access the parking lots or inside the facility after normal business hours?

  • Are our employee’s safe in the evening hours when arriving or leaving the facility?

  • How is the lighting around the facility? Is the lighting adequate for proper security of our property and employee’s? 

  • Are “no trespassing signs” posted in areas where they can be seen at night? 

  • Is the building address clear and readable under the cover of darkness? 

  • Are our perimeter doors numbered whereby emergency responders can see the door number in times of darkness?  

  • Will employee’s or the cleaning crew of the plant allow entrance into the facility after hours if someone “looks okay?” 

We utilize the FDA's Food Defense Plan Builder when conducting onsite assessments.  In addition, we provide mitigation strategies at the same time, during the visit. No need to reschedule a follow up visit. Vulnerability Assessments are an important first tool for any facility or operation, as it provides a critical analysis of what possibilities may lurk within or outside of the operation in which someone with ill intent could do harm to people, products and assets. Thus, a critical factor in developing your facility or operational security contingency plans is to conduct a site-specific threat/vulnerability assessment. Here are some areas that are covered during the assessment 

​

• Are all FDA recommended, Key Activity Type (KAT) areas reasonably secure to mitigate risk and intentional contamination to the products or ingredients? 

• Are appropriate perimeter protection measures in place? This includes an examination of the exterior perimeter (fencing and gates) as well as the physical building protection measures. 

• Is the outdoor lighting adequate especially under the cover of darkness?  Is the lighting adequate for use with an outdoor surveillance camera? 

• Is the access approaching, and entry onto company grounds controlled? 

• Are there restricted access points?

• Are sensitive areas identified and properly secured for authorized access to plant grounds?  

• Are physical barriers in place that limits access to the buildings and critical areas in and around the facility including outside storage tanks and silos? 

• Are current security measures effective for proper facilitation of transportation vehicles, including shipping and receiving of products and ingredients. 

• A review of existing Camera (CCTV) location placements. 

• A review of existing building access devices and their effectiveness. 

• Are product seal control procedures being utilized according to policy? Are existing seal control and usage policies adequate for effective protection of cargo, including compliance with regulatory laws. 

• Are current security protocols adequate for identifying transportation and truck drivers, and are the drivers following existing procedures for pickup and delivery of products and ingredients? 

• Are current security measures adequate to enable plant management to quickly identify and respond to possible breaches of security policy and procedures and to immediately react to hazards and other acts of suspicious behavior? 

• Are perimeter doors, gates, window and docks secured and in good working condition? 

• Identify deficiencies in facility security or protocols, and any events or threats that could potentially pose a threat to the business continuity brand image, and/or reputation of the company, or to products and people at the facility site, or to the wider public (collectively, “External Threats”). Further, by identifying these external threats, recommendations can be made to develop response measures, incident recovery and business restoration. 

• Identification of internal exposures and self-induced threats, which could be potentially hazardous to the operations of the business (collectively, “Internal Threats and, together with External Threats, “Threats”). Examples of Internal Threats would be vulnerabilities in those protections in place to guard or mitigate events such as workplace violence, theft, or internet/intranet system compromise and breach. 

• The site security analysis enhances the overall culture of security at the facility by allowing employees and management to develop the essential skills and build expertise in the area in which they work that focuses on security events that may affect the operations or personnel of the business.

The United States Food and Drug Administration (FDA) has enacted legislation that requires food processing facilities to develop a food defense plan that focuses on the safety and security of the products, people, assets and brand. To this end, the Global Food Defense Institute can assist with the development and writing of food defense plans for companies large and small. Utilizing a combination of various industry guidance materials including the FDA Food Defense Plan Builder Software, GFDI will write and develop your food defense plan and specifically address the following areas in the plan: 

 

• Food Defense Team Members and Responsibilities

• Mitigation Strategies

• Outside Security

• Property Perimeter

• Building Perimeter

• Parking and Vehicle Security

• General Inside Security

• Building Schematics and Evacuation Plans 

• Facility/Plant Security

• Development of REDZONE’s (Critical Access Areas-Key Activity Types)

• Utilities

• Laboratory

• Process Computer Systems

• Shipping/Receiving

• Supplier and Vendor Security Requirements

• Logistics/Storage Security

• Warehouse Security

• Personnel Security

• Emergency Contacts (Local, State & Federal)

• Company Emergency Contacts

• Plans/Corrective Actions to comply with FSMA

• Note: We will use the FDA’s Food Defense Plan Builder as the template to create your facility plan.