Security: A Four-Step Approach

Jan. 13, 2005
There is no "silver bullet" for protecting the pharmaceutical supply chain. In this article, Susanne Hasselman, director of Axess Technologies, outlines a four-step strategy to improve brand protection.
By Susanne Hasselmann, Director, Axess Technologies Ltd.Technology can play an important part in a brand protection program, but technology introduced for its own sake is unlikely to be effective, and there are no “silver bullets” that are guaranteed to stop every criminal effort. An effective and comprehensive security strategy uses technology to support and enhance other elements of the strategy such as legal protection, enforcement policies and operational processes and procedures. The actual components of the strategy and the importance accorded to each one will depend on the organisation’s operations, culture, resources, organizational structure and product profile.There are many instances where security technology can play a vital role as part of an overall security strategy:
  • In a crisis, authentication features can assist the public to identify whether a product is genuine (or at least suspect) and tracking systems can facilitate recalls from the market. In addition, the ability to pinpoint where the problem originates is invaluable.

  • Both anti-tamper devices and anti-theft systems prevent unauthorized removal of product from packaging or retail stores.

  • Authentication and tracking technologies can support enforcement efforts and make them more efficient and effective by enabling quick authentication in the field, by tracking 3rd party compliance or by providing evidence in court.

  • Security technology provides an effective deterrence to would-be criminals. Security features increase the barrier to entry (cost and time) and often divert the fraudster to another and easier target that is less well protected. In addition they increase the criminal’s risk of detection – which is probably the most powerful deterrence!
Technology SelectionThere is a substantial array of security technology suppliers in the market and it is therefore not difficult to find what looks like a suitable security device. However, it is much more difficult to select an appropriate technology to address an incident-specific or company-specific set of problems that is also cost-effective. To do this requires time, research and resources.The chosen technology has to be fit for purpose. It must address the threats to the individual pharmaceutical products; in addition, it must comply with regulatory requirements, it must be suitable for existing manufacturing processes and should withstand the environmental conditions experienced during storage and distribution.It is therefore essential to have a rigorous selection process in place that delivers the optimum solution for a particular company’s needs. At the same time, it should allow a company to set up a system of continuous monitoring and review once the security technology solution has been implemented. This will involve reviewing the effectiveness of the implemented solution and upgrading it if required.The ATL 4 Step Selection ProcessAxess Technologies has developed a process (The ATL 4 Step Process) that ensures all relevant needs are taken into account when designing a technology program. It is a mature step-by-step elimination process that has been successfully implemented in the past and should therefore form the basis of any selection process.Establishing the NeedThe “needs analysis” is the first and most important step in the process. It clearly defines and documents the company’s requirements for a security technology solution. It provides the basis for technology selection and makes the long term review and monitoring of a solution much easier.The “needs analysis” will address a number of factors. These include the following:
  • How does the product move through the supply chain? Where are the risk points?

  • What data/historical evidence is available in respect of criminal or unauthorized activities?

  • How does technology need to support existing company activities?

  • How and where is the product currently authenticated?

  • How and where will the product be authenticated in the future?

  • What are the product/packaging components and how are these manufactured?
These and other needs are established through a series of interviews, supply chain mapping, data gathering and analysis.Product security reaches across a company’s functional boundaries and it is therefore important to build an organizational consensus. The “needs analysis” permits this to happen as it takes into account all views of stakeholders within the organization. It also allows for thinking ‘outside the box’: what appeared to be a technology solution in the first instance might be better served by a tightening of procedures or agreements.Feature SelectionThe findings from the “needs analysis” above are translated into technical requirements that are then matched with appropriate packaging or product components. This is how a list of features is derived. These are reviewed in terms of advantages and disadvantages and thus a final shortlist of features is selected.Product SelectionOnce the features have been selected, detailed technical specifications are compiled and a list of possible suppliers is produced. A final short list is drawn up by screening suppliers according to company supplier criteria, as well as technical requirements. A final short list will allow the company to select their preferred supplier.It is not always necessary to source security technologies from third parties. It may be possible to adapt existing manufacturing processes and packaging specifications to incorporate a number of security features. These could include microtext, intentional mistakes, embossing and cutting, as well as altering packaging shapes and designs.Here it is important to remember that anything that a criminal may overlook when creating a copy, or that makes it more difficult for the criminal to produce the product or the packaging, will eliminate a certain proportion of fraudsters who will simply move on to an easier target. In some cases, it may even be possible to develop more sophisticated security features internally, just using the company’s own resources and expertise.ImplementationThe short-listed suppliers have to be fully vetted in terms of an organization’s standard procurement procedures, and also in terms of their technical capabilities, capacity, and security and auditing processes. Once this process has taken place, final negotiations can start.The product and the supplier are evaluated during a pilot scale production run. Here it is important to understand the technical limitations and capabilities of the security device and how these can be tested. For example, foil quality is affected by the surface to which it is applied (a rough surface can result in poor reflectivity) and also adding, say, a hologram foiling machine to the production line may have an unacceptable effect on throughput. Pilot production also provides samples with properties that are very close to the final specification and these samples should be evaluated for resistance to counterfeiting or tamper evidence.Training schemes and manuals have to be developed and produced to inform relevant internal staff and outside agencies of the new features. It is particularly important to develop and implement a communications plan when overt security features such as holograms and optically variable inks are used. The authentication process has to be communicated to the target audience who will be required to verify the product.During rollout of the technology solution, further fine-tuning takes place and future improvements are introduced.Monitor and reviewA system should be implemented that allows for constant monitoring of market activities. A crisis plan should be formulated to ensure that procedures are followed, recalls can be carried out effectively and upgrade features are available in case of a major counterfeit incidence taking place.A review should take place every 6 to 12 months. As part of this process the “needs analysis” should be re-evaluated and any changes should be documented and discussed during the meeting. If the needs have changed, the features have to be re-assessed. If the needs stay the same and unless a feature upgrade is required, no action is needed.Multi-layer securityOvert, covert and forensic authentication features, tracking systems, anti-tamper and anti-theft technologies are all used to meet different needs and their application entirely depends on the degree of supply chain visibility and security required, as well as the available budget. It is a fact that counterfeiters will attempt to reproduce security devices, especially if they are overt (visible). It is therefore important to choose the most secure type available in the market and to train those who carry out the authentication process adequately in order to allow them to distinguish genuine items from a copy. Criminals often (not always) ignore covert features and invariably they remain unaware of forensic level features. Layering of security technology is therefore important to provide comprehensive protection and is by far the most effective way of deterring and defeating the most capable criminals.ConclusionSecurity technology is not a panacea but it is an essential addition to most security programs. It can provide vital support to a company’s enforcement efforts, as well as providing a powerful deterrence to would-be counterfeiters. It is a useful prevention mechanism and can play a vital part in a crisis.Developing a relevant technology solution begins and ends with the “needs analysis.” Unless the organization’s needs are known and fully understood, the final solution will not be the most efficient and cost effective. In addition, a thorough review of the company’s requirements will save effort and time in the long run as reviews can be carried out quickly and effectively.There are a large number of security technologies that have been developed and these possess varying attributes and levels of complexity as well as costs.  It is important that any technology that is selected meets the specific needs of the brand owner and that security technology is never considered in isolation. Susanne Hasselmann may be reached via e-mail at [email protected]