Unleashing the Power of the Cannabis Security Team
Prior to joining Canopy Growth, I thought that security was security—regardless of the sector. I quickly learned that security for cannabis professionals is an expanded version of security. As a consumer-focused industry, practitioners have the pleasure of experiencing both the challenges from the consumer-packaged goods industry and those unique to cannabis.
Through this transition, I learned that a CSO and the security department have a tremendous opportunity and responsibility within their cannabis company to instill several industry-leading best practices, that can be derived from experience secured from other industries and applied to the new burgeoning world of cannabis.
Joining the cannabis industry was like boarding a plane mid-flight and finishing assembling it while soaring through the air. It has been exhilarating, especially for a security professional. For us, this has been a time of massive global expansion. Security measures are table stakes for facilities, offices, and stores. But in the cannabis industry we are also bound by compliance regulations at all levels of government, often from multiple government departments. The real challenge was the fluidity of these compliance regulations. When the business wanted to gain a competitive advantage by building facilities in a jurisdiction that was on the cusp of legalization or newly legalized, the compliance regulations were either not yet officially published or, if published, the practical application of these regulations had not yet been tested. Even in Canada, with federal legalization already formalized, it was not until the facilities were inspected and approved by Health Canada did we really know that we had made the correct assumptions for compliance.
As countries increasingly look towards the benefits of cannabis legalization, the regulations determining how each market will be shaped vary by jurisdiction. But all include a rigid set of licensing requirements that must be followed. Canadian production facilities are heavily regulated for video surveillance with a one-year storage requirement for video footage, well beyond most industries’ security standard.
Heavily reflected throughout our industry is strict adherence to compliance, as seen in the pharmaceutical industry, which provides us with the structure required to operate our facilities at scale while meeting the standards set up by federal, state/provincial, and even county/city regulatory bodies. The concept of forming-storming-norming-performing applies to our whole industry, not just new teams. There is no playbook for cannabis security, but we can use principles and models taken from other, more mature industries, and apply those learnings to cannabis security.
Adjusting our stance to view risk as representing both a threat and an opportunity takes work, however much can be learned from these new challenges and incorporated into our organizations. Trialing a new vendor at a small facility entails risk and could be wasted money if you must replace that system with your standard system. But, it could also lead to a whole new world of capabilities and cost savings as the regulatory world matures its requirements.
While cannabis security professionals must deal with standard security risks, like theft, product slippage, threat of active shooters, and the like, we must also be able to identify and mitigate new risks quickly as they emerge. Models exist that we may have deployed in prior careers to address standard risks quite well, but we must also contend with cannabis-centric risks that come with standing up a newly legal industry that is dependent on public support for its very existence (or its creation in some jurisdictions). Failure to mitigate cannabis-centric risks can have disproportionate effects on the business: camera outages can mandate the stoppage of production and improper lost product investigations can easily translate into serious punitive measures by regulatory bodies.
The CSO of a diversified cannabis company is more than just the senior security advisor. He or she must have a comprehensive view of the company’s business interests, as well as his or her corporate security posture. We must possess the business acumen to understand and positively influence the business decisions of the company. We must proactively contribute to the company’s business discussions and apply best practices from security to activities like mergers and acquisitions. This truly cross-functional approach to business decisions will help mitigate many risks in this unique and very fluid cannabis industry.
A cannabis CSO must be agile, collaborative, and creative, with a penchant for diversity of thought and experience.
Over and above having extensive security experience, a cannabis CSO must be agile, collaborative, and creative, with a penchant for diversity of thought and experience. Although not required, a graduate level business course or project management certification would be an added asset to help soften the transition into the corporate world.
While each organization will have its own unique fabric into which we will weave security best-practices, one of the keys to success for any diversified cannabis company is the early integration of the CSO into the business team because it is much more feasible to stand-up new internal policies or actions than it is to retroactively implement or undo previous policies or decisions. This demands that the cannabis CSO proactively apply his or her experience well outside the traditional security lane.
James Strickland joined Canopy Growth Corporation in June of 2019 with the task to create a centralized Corporate Security Team. Strickland’s security department is now responsible for all security (facilities, employees, retail, executive protection, investigations, and security technical endpoints), with cybersecurity being held in the IT Department. Strickland is also the head of crisis operations for Canopy Growth and a member of the ASIS International CSO Center.
© James Strickland