Bigger organizations need to be aware of the vastly different regulations from one state to the next
The number of multi-state operators continues to grow as additional states legalize. But if you run an MSO or plan to expand your business into multiple states, there are security regulations you will need to address.
Regulatory requirements for physical security vary greatly from state to state, and the differences can be substantial. For example, in some states, six months of video retention is mandated, while the average for most is 90 days. Some require restricted access with full audit tracking of the plant until it’s sold to the consumer.
Checking all of the security compliance boxes in each state that you’d like to license in is a given, but a larger consideration should be how to securely manage and maintain your enterprise as it grows.
Many first-time operators elect to “value engineer” their initial investment, meaning they purchase the least expensive security hardware platform that meets the minimal requirements for video and access control regulations. But within the first three years, many operators want to expand. This is when they discover that their current security hardware is maxed out in terms of the number of cameras, access-controlled doors or video storage.
It’s not uncommon to see tens of thousands of dollars of proprietary hardware needing to be replaced as part of a business expansion.
Think scalable open architecture
As an MSO you’ll want to invest in scalable, open architecture systems that won’t restrict your ability to expand individual locations as needed. These systems will allow additional cameras and access doors to be added along with increasing the corresponding video storage requirements.
As the size of your multi-state operation grows, the need for an enterprise-class security platform becomes obvious for many reasons. Continuity in the deployment, use and maintenance of your system makes business sense from an operational standpoint as well as a regulatory necessity. Enterprise class platforms also enable the MSO to implement standard operating procedures, eliminating guesswork and mistakes that can lead to fines or possible licensing suspension.
Reducing the ‘friction’
Operationally, you’ll want to reduce the “friction” of security whenever possible. Access control is a great example. Some operators have purchased and installed systems in a new location, only to discover the card readers won’t work with their existing badge credentials. This results in employees carrying multiple cards to access different locations.
Lost or forgotten cards are also common. It’s easier and faster to take a lost card out of a system one time, rather than accessing each system individually to remove its privileges. If the employee simply forgot to bring the card to work, how simple is it to generate temporary or replacement credentials? What if you could remotely allow access, through your computer or phone, once you’ve verified via video that the employee is indeed allowed into a restricted area?
Tying access control to both the intrusion system and video recording platform allows for efficiencies. From visual verification to audit reporting and investigation, having these required components working together in a single interface is the easiest method to manage and secure multiple sites. It reduces the maintenance requirements of the system from an IT standpoint and allows for system health notifications if there’s a component failure.
Security Operations Center
From a security perspective, working with the same platform reduces the learning curve of those tasked with monitoring the facilities, incident investigation and fulfilling audit report requirements. Some multi-state operators have found an additional return on their investments by implementing their own security operations center (SOC) with their enterprise security platform that could eliminate monthly payments for monitoring by a third-party central station.
An SOC can also serve as an emergency response center in the event of a crisis, providing immediate notification and visualization of events like robbery, fire or medical emergencies. An SOC enhances response time and makes sure senior management is notified and apprised of situations that can impact business continuity.
An SOC can also be utilized to optimize workflow and increase efficiency throughout the organization. From cultivation through the sale process, observation can identify areas and methods to increase productivity. Does one dispensary process customers faster than its sister locations with identical floorplans? Perhaps it’s due to a procedure that can be replicated or a management team worthy of promotion.
Finding the right partners
In the cannabis business today, there are multiple national and regional integrators to choose from. The choice may be to select a single partner for all of your facilities or different providers for each geographic region. The cost will ultimately be a factor, but it shouldn’t be the only criteria.
First, if you’ve done your homework, specify upfront what open architecture manufacturers you’ll consider. Next, you’ll want to determine what their company offers in the way of training, phone support, remote troubleshooting and service response. Finally, after you’re confident that they can handle your requirements, it’s time to talk price.
Many operators will get bids from several providers. Again, make sure these quotes are apples-to-apples in terms of what you’ve specified. If the hardware or software is different than your specification, make sure you understand what those differences are. Paying to replace them in a few years is never the best option.
Scott Thomas is Genetec’s national director of sales for signature brands in the United States. He and his team are responsible for sales to the retail, financial, hospitality, gaming and cannabis vertical markets via Genetec’s network of system integration partners.