Tag Archives: management

December 30, 2019

Preparing Your Recall Strategies

By Radojka Barycki

A product recall is the removal of a defective product from the market because it can cause harm to the consumer or place the manufacturer at risk of legal action.

Although a recall is not something that companies want to be related to, preparing for it is very critical and it is an important part of crisis management.Product recalls can cost companies million dollars in profit loss and civil damages. The company senior management and employees can also face criminal action, if the investigation shows negligent acts. The company will also face loss of reputation and the trust of its customers.

Although a recall is not something that companies want to be related to, preparing for it is very critical and it is an important part of crisis management.

There are several phases when preparing a recall strategy:

Planning Phase

During the planning phase, a recall plan is developed. A recall plan is the procedure that will be followed by an appointed company’s team during an actual recall. A good recall plan will have the following components:

Definitions of the type of products recalls. According to federal regulations, there are three types of recalls. The company should know what type of recall they are performing to understand the risk the consumer is facing.

A Recall Team. The recall team is the key stakeholders that are responsible for different processes within the company. A good recall team will be multidisciplinary. A multidisciplinary team is a group of people that have different responsibilities within the manufacturing site (i.e. Receiving Manager, QA Manager, etc.) and/or outside (i.e. Legal Counsel, Public Relations, etc.)

A description of the recall team member’s responsibilities must be outlined. A recall coordinator and a backup should be assigned to ensure that there is one person organizing all activities during the recall.

A Communication Plan. It is important that only the appointed person that has the responsibility of external communications (i.e. media, regulators, customers, key stakeholders, etc.). In addition, there should be only one person appointed to handle all the communication within the team (internal communications.)

Documents to be used during the recall are:
- Communication documents: Letters to customers, regulators and media must be drafted and kept on hand for use during the crisis.
- Forms that will be used to keep track of product inventory on hand (still in the site), product being returned and product being destroyed.

A Traceability Procedure should be in place to ensure that materials used in the manufacturing of the finished good can be traced from the time of the delivery to the facility and throughout the product manufacturing process. In addition, traceability must also be provided for finished goods from the manufacturing site to its first point of distribution. This is known as traceability one step back (materials used) and one step forward (first point of distribution.)
A plant tagged with a barcode and date for tracking

A description of (or reference to) product quarantine (product hold) procedures that must be followed to ensure that the product that is still at the site do not leave the facility.

Product Destruction The company must outline (or reference) how product will be destroyed during a recall process.

Implementation Phase

There are three processes that need to be followed when implementing the recall plan:

Training: The recall team must be trained on their roles and responsibilities. Employees working at the site will be receiving directives from the appointed recall team members. It is also important that they are aware about the recall plan and understand the importance of urgency during the situation.
Exercise: It is important that the company doesn’t wait until the incident occurs to ensure that everyone in the team understands their roles and responsibilities during the recall. Therefore, annual testing of the procedure is imperative. This implies creating a “mock recall” situation and providing the information to the team to evaluate if they fully understand their role and responsibilities. This also allows the testing of the traceability protocols and systems that have been put in place by the site. Ensure that the team understands that this is an exercise and not an actual recall. You don’t want the team members going through the emotions that an actual recall gives. However, stress the importance of their participation during this exercise. You do not communicate to customers, media or regulators during a recall exercise.
Execution: This is the actual recall and full implementation of the plan. During the actual recall, you communicate to the regulators, customers and media. The company must also conduct daily recall effectiveness checks by using the forms developed for tracking product inventory, recovery and destruction.
Identify root cause and implement corrective actions. Root cause(s) will be identified during the recall process by analyzing the information resulting from the investigation of the incident. Regulatory agencies will actively participate in the discussion for identifying in the implementation of corrective actions.

Improvement Phase

The recall team should always meet after the recall exercise or the actual recall incident. The team must evaluate what positive or negative outcomes resulted from the process. If there are gaps identified, these need to be closed, so the process is improved.

December 18, 2019

Strengthen Supply Chain Management with an Integrated ERP & CMS

By Daniel Erickson

1 Comment

Success in the cannabis industry is driven by a company’s ability to adapt to an ever-changing market and meet the demands of the evolving consumer. Selecting the right business management solution to handle the complexities of the growing cycle as well as daily operations and compliance requirements necessitates diligent research. Ensuring that the selected technology solution has a centralized database in a secure platform designed to reinforce quality throughout company operations is essential in today’s competitive industry. An ERP solution with integrated CMS capabilities helps businesses strengthen supply chain management by seamlessly incorporating cannabis cultivation with day-to-day company operations to efficiently deliver seed to sale capabilities and meet marketplace demands.

What are ERP & CMS?

Enterprise resource planning (ERP) is a business system in which all data is centralized – including finances, human resources, quality, manufacturing, inventory, sales and reporting. A cultivation management system (CMS) is an extension of an ERP solution to manage cannabis greenhouse operations, including growing, inventory and labor needs. A CMS maintains a detailed level of tracking to account for continuous cannabis growth periods that require extensive monitoring and incur a multitude of expenses. In an integrated solution, both the ERP and CMS data are managed under the same secure database to provide a forward and backward audit trail of all business processes. This visibility encompasses the entire supply chain from the management of supplier relationships to distribution – including growing, cultivating, extracting, manufacturing and shipping.

How do ERP & CMS strengthen supply chain processes?

Tracks individual plants and growth stages – By tracking plant inventories at the individual plant level in real-time with a unique plant identifier, greenhouse operations are optimized – monitoring the entire lifecycle of the plant throughout the germination, seedling, vegetative and flowering stages. Audit trails maintain regulatory compliance, including information such as terpene profiles and THC and CBD potency. Monitoring genealogy, mother and cloning, crossbreeding, plant genetics and clone propagation are key to success in this industry. Strain tracking is equally important, including identifying which strains are performing best, producing the most yield and how they are received by the marketplace. Tracking of the entire supply chain includes the recording of plant health, harvesting techniques, production, growth, costs, lab testing and batch yields – without any gaps in information.

PlantTag — A plant tagged with a barcode and date for tracking

Optimizes growing conditions to increase yields – By automatically documenting and analyzing data, insights into plant and greenhouse activities create streamlined processes for an optimal cannabis cultivation environment. This includes the monitoring of all growing activities such as space, climate, light cycles, moisture content, nutrient applications, fertilizer and other resources, which all have an effect on plant growth and yields. Most importantly, labor costs are monitored, as it is the highest expense incurred by growers. In an industry for which many companies have limited budgets, enabling efficient greenhouse planning, automation and workflows reduces overhead costs.

Integrates with regulatory compliance systems – Compliance is a mandatory part of the cannabis business, and many companies haven’t expended the effort to ensure their processes are meeting regulations. This has placed their licensing and business at risk. An integration that automates the transfer of required reporting information from the ERP to state government approved software such as METRC, Biotrack THC and Leaf Data Systems to ensure regulatory compliance is imperative. This streamlined process assures that reporting is accurate, timely and meets changing requirements in this complex industry.

Facilitates safety and quality control – With an ERP solution tracking all aspects of growing, manufacturing, packaging, distribution and sales, safety and quality are effectively secured throughout the supply chain. Despite the lack of federal legality and regulatory guidelines, proactive cannabis producers can utilize an ERP’s automated processes and best practices to ensure safe and consistent products. By standardizing and documenting food safety procedures, manufacturers mitigate the risk of cannabis-specific concerns (such as aflatoxins, plant pesticide residue, pest contamination and inconsistent levels of THC/CBD potency) as well as dangers common to traditional food manufacturers (such as improper employee procedures and training) for those in the edibles marketplace. Food safety initiatives and quality control measures documented within the ERP strengthen the entire supply chain.

Maintains recipes and formulations – In manufacturing, to achieve product consistency in regards to taste, texture, appearance, potency and expected results, complex recipe and formula management is a necessity – including monitoring of THC and CBD percentages. The calculation of specific nutritional values to provide accurate labeling and product packaging provides necessary information for consumers. Cannabis businesses have to evolve with the consumer buying habits and marketplace saturation by getting creative with their product offerings. With integrated R&D functionality, the expansion of new and innovative edibles, beverages and forms of delivery, as well as new extractions, tinctures, concentrates and other derivatives, helps to meet consumer demands.

Handles inventory efficiently – Established inventory control measures such as tracking stock levels, expiration dates and product loss are effectively managed in an ERP solution across multiple warehouses and locations. Cannabis manufacturers are able to maintain raw material and product levels, reduce waste, facilitate rotation methods and avoid overproduction to control costs. With the use of plant tag IDs and serial and lot numbers with forward and backward traceability, barcode scanning automatically links product information to batch tickets, shipping documents and labels – providing the ability to locate goods quickly in the supply chain if necessary in the event of contamination or recall. The real-time and integrated information available helps mitigate the risk of unsafe products entering the marketplace.

Food processing and sanitation — By standardizing and documenting food safety procedures, manufacturers mitigate the risk of cannabis-specific concerns

Utilizes user-based software permissions – Access to data and ability to execute transactions throughout the growing stages, production and distribution are restricted to designated employees with proper authorization – ensuring security and accountability throughout the inventory chain.

Manages supplier approvals – Assurance of safety is enhanced with the maintenance of detailed supplier information lists with test results to meet in-house quality and product standards. Quality control testing ensures that critical control points are monitored and only approved materials and finished products are released – keeping undeclared substances, harmful chemicals and impure ingredients from infiltrating the supply chain. When standards are not met, the system alerts stakeholders and alternate vendors can be sought.

Delivers recall preparedness – As part of an edible company’s food safety plan, recall plans that include the practice of performing mock recalls ensures that cannabis businesses are implementing food safety procedures within their facilities. With seed to sale traceability in an ERP solution, mitigating the risk of inconsistent, unsafe or contaminated products is readily maintained. Integrated data from the CMS solution provides greater insight into contamination issues in the growth stages.

An ERP solution developed for the cannabis industry with supporting CMS functionality embodies the inventory and quality-driven system that growers, processors, manufacturers and distributors seek to strengthen supply chain management. Offering a centralized, secure database, seed to sale traceability, integration to compliance systems, in-application quality and inventory control, formula and recipe management functionality and the ability to conduct mock recalls, these robust business management solutions meet the needs of a demanding industry. With a variety of additional features designed to enhance processes in all aspects of your cannabis operation the solution provides a framework to deliver truly supportive supply chain management capabilities.

October 28, 2019

Aphria, Inc. Implements Quality Management Systems

By Cannabis Industry Journal Staff

1 Comment

According to a press release published today, Aphria Inc. has implemented Rootstock Software’s cloud Enterprise Resource Planning (ERP) solutions and ComplianceQuest’s Enterprise Quality Management System (EQMS). Aphria, one of the largest cannabis companies in the world, trades on both the Toronto Stock Exchange and the New York Stock Exchange.

Rootstock’s cloud ERP software includes things like order processing, production management, supply chain management, lot and serial number trackability and traceability, compliance reporting, costing and financial management. ComplianceQuest’s EQMS software provides support for GMP compliance and can help improve efficiencies in operations. The EQMS focuses on quality and risk management across Aphria’s business platforms, from sourcing to manufacturing to supply chain management.

Aphria is using the entire EQMS platform, which includes software to handle documents, training, changes, inspections, nonconformance, corrective actions (CAPA) and customer complaints which integrates to Rootstock’s ERP. According to the press release, the company is currently working to roll-out audit, equipment, incident and supplier management functions and will be fully live with the entire quality system in the next few months.

According to Tim Purdie, chief information officer & chief information security officer of Aphria Inc., both platforms delivered on their implementation. “Grounded in the scalability of the force.com platform, CQ transformed our quality management operating capabilities overnight and we are delighted at the fully integrated partnership result,” says Purdie. “We now have fully digital real-time informatics and ability to implement change in a highly transparent manner to meet the demands of our high growth business.”

Adding that Rootstock ERP will help facilitate their company’s production, inventory and supply chain management, Purdie says both platforms will enable Aphria to be increasingly responsive to market needs. “Aphria is setting the standard as a worldwide leader in the cannabis industry through a diversified approach to innovation, corporate citizenship, strategic partnerships and global expansion,” Purdie says. “With these system implementations, we’re now technologically equipped to take our competitive advantage to new levels of market leadership.”

October 21, 2019

Soapbox

Cannabis Growers and Distributors: Your Cyber Risk is Growing Like Weeds

By Emily Selck

No Comments

Cannabis growers and distributors are “green” when it comes to cyber security. Unaware of the real risks, cannabis businesses consistently fall short of instituting some of the most basic cybersecurity protections, leaving them increasingly vulnerable to a cyber-attack.

Cannabis businesses are especially attractive to hackers because of the vast amount of personally identifiable and protected health information they’re required to collect as well as the crop trade secrets they store. With businesses growing by leaps and bounds, and more and more Americans and Canadians purchasing cannabis, cybercriminals are likely to increase their attacks on the North American market in the coming year. Arm your cannabis business with the following best practices for growers and distributors.

Distributor Risk = A Customer’s PII

Cyber risk is the greatest for cannabis distributors, required to collect personal identifiable information (PII), including driver’s licenses, credit cards, medical history and insurance information from patients. State regulatory oversight further compounds the distributor’s risk of cyber-attack. If you’re a cannabis distributor, you’ll want to make sure to:

Know where you retain buyer information, and understand how it can potentially be breached. Are you scanning driver’s licenses into a database, or retaining paper files? Are you keeping them in a secure area off site, or on a protected network? Make sure a member of your management team is maintaining compliance with HIPAA and state statutes and requirements for cannabis distribution.
Institute strong employee oversight rules. Every employee does not have to have access to every sale, or your entire database of proprietary customer information. Delegate jobs behind the sales desk. Give each employee the access they need to do their job – and that’s it.
Distributors have to protect grower’s R&D information too. Most cannabis distributors have access to their grower’s proprietary R&D information so they can help customers understand which products are best for different medical symptoms/needs. Make sure your employees don’t reveal too much to put your suppliers in potential risk of cyberattack.

Grower Risk = Crop Trade Secrets

For cannabis growers, the risk is specific to crop trade secrets, research and development (R&D). If you’re a cannabis grower, you’ll want to:

Secure your R&D process. If you’ve created a cannabis formula that reduces anxiety or pain or boosts energy, these “recipes” are your competitive advantage – your intellectual property. Consider the way you store information behind the R&D of your cannabis crops. Do you store it on electronic file, or a computer desktop? What type of credentials do people need to access it? Other industries will use a third party cloud service to store their R&D information, but with cannabis businesses that’s typically not the case. Instead, many growers maintain their own servers because they feel this risk is so great, and because their business is growing so fast, there are not yet on the cloud.
Limit the number of people with access to your “secret sauce.” When workers are harvesting crop, or you’re renting land from farmers and planting on it, make sure to keep proprietary information in the hands of just the few who need it – and no one else. This is especially important when sharing details with third party vendors.

Cyber coverage is now ripe for picking

Although cannabis businesses are hard to insure – for just about every type of risk – cyber insurance options for cannabis companies have recently expanded, and come down in price. If you’ve looked for cyber coverage in the past and were previously unable to secure it, now is the time to revisit the market.

Know that cyber policy underwriters will do additional due diligence, going beyond the typical policy application, and ask about the types of proprietary information you collect from customers, as well as how you store and access it at a later date. Have this knowledge at your fingertips, and be ready to talk to underwriters about it when you’re bidding for a new policy – and at renewal time.

July 10, 2019

When You Don’t Know What You Don’t Know: Debunking Cannabis Insurance Myths

By , T.J. Frost

1 Comment

For all of today’s growing acceptance and legitimacy with cannabis, the reality is that today’s operators – whether growers/producers or dispensary operators – still face risks in running their businesses. If, in the old days, a customer got deathly ill from cannabis contaminated with something from somewhere during the distribution chain, oh, well. But now that there’s a legal system of checks and balances; there’s recourse when issues arise.

The problem is that the business is so new that most people don’t know what they don’t know about mitigating those risks. And that, unfortunately, extends to many in the insurance business who need to be doing a better job helping put the right protections in place.

One grower bemoaned to me at a cannabis trade show, “I sure wish I could insure my crops.” What? “You can,” I told him. His old-school ag broker didn’t know any better and didn’t do him any favors with his ignorance. But it brought home the point: We have to start treating cannabis like the real business it is.

Reviewing the existing insurance policies of today’s cannabis businesses uncovers some serious gaps in coverage that could be financially crippling if not downright dangerous should a claim be triggered. Retail dispensaries, for example, are high-cash businesses, making banking and trusted employees a must-have.Today’s cannabis businesses need to understand there will be risks but they are a lot more manageable than in the old days.

And a close eye must be cast to lease agreements for hidden exposures, too. We know a Washington state grower that had no property insurance on its large, leased indoor growing facility. The company’s lease made its owners, not their landlord, responsible for any required building improvements. It was one of a variety of serious exposures that had to be fixed.

Today’s cannabis businesses need to understand there will be risks but they are a lot more manageable than in the old days. Rather than find themselves under-insured, they can start by learning what they probably have wrong about insurance. Dispelling three of the most common myths is a good place to start.

Myth #1: Nobody will insure a cannabis business.

Not remotely true. You can and should get coverage. Think property and casualty, product liability, EPLI and directors and officers, employee benefits and workers comp. Additionally, you should be educated on what crop coverage does and doesn’t cover. Depending on your business’ role in production and distribution, you might also consider cargo, stock throughput, auto, as noted, crime and cyber coverage. It pays to protect yourself.

Myth #2: If my business isn’t doing edibles, I don’t have to worry about product liability insurance.

The reality is that product liability may be the biggest risk the cannabis industry faces, at every level on the supply chain. There’s a liability “trickle down” effect that starts with production and distribution and sales and goes down to labeling and even how the product is branded. Especially when a product is an edible, inhalable or ingestible with many people behind it, the contractual risk transfer of product liability is an important consideration. That means the liability is pushed to all those who play any role in the supply chain, whether as a producer or a retailer or an extractor. And all your vendors must show their certificates of insurance and adequate coverage amounts. Don’t make the mistake of being so excited about this new product that you don’t check out the vendors you partner with for this protection.

Myth #3: Any loss at my operation will be covered by my landlord’s policy.

As the example I cited early illustrated, that’s unlikely. Moreover, your loss might even cause your landlord’s insurance to be nullified for having rented to a cannabis business. It’s another reason to examine your lease agreement very carefully. You want to comply with your landlord’s requirements. But you also need to be aware of any potential liabilities that may or may not be covered. Incidentally, even if your landlord’s policy offers you some protection, your interests are going to be best served through a separate, stand-alone policy for overall coverage.

These are interesting times for the burgeoning legal cannabis business. Getting smart – fast – about the risks and how to manage them will be important as the industry grows into its potential.

July 9, 2019

Cannabusiness Sustainability

Environmental Sustainability in Cultivation: Part 2

By Carl Silverberg

1 Comment

The first article of this series discussed resource management for cannabis growers. In this second piece of the series on how indoor farming has a reduced impact on the environment, we’re going to look at land use & conservation. There are really two aspects and we have to be up front and acknowledge that while our focus is on legal cannabis farming, there’s a significant illegal industry which exists and is not subject to any environmental regulation.

“Streams in Mendocino run dry during the marijuana growing season impacting Coho salmon and steelhead trout who lay their eggs in the region’s waterways.” One biologist reported seeing “dead steelhead and Coho on a regular basis in late August and September, usually due to water reduction or elimination from extensive marijuana farming.” The quotes are from an extensive article on cannabis land use by Jessica Owley in the U.C. Davis Law Review.The concept that land will stay in its natural state is a mixture of idealism and reality.

This is going to continue until it’s more profitable to go legit. For this article, we’re going to focus on the legitimate cannabis grower. On the land use side, we usually hear four main reasons for indoor growing: remaining land can stay in its natural state, fewer space usually translates to fewer waste, you conserve land and natural resources when you don’t use fossil fuels, greenhouses can be placed anywhere.

The concept that land will stay in its natural state is a mixture of idealism and reality. Just because someone only has to farm five acres of land instead of one hundred acres doesn’t necessarily mean they’re going to leave the rest in its pristine natural state. Granted the footprint for automated greenhouses is significantly less but the key is what happens to that extra space. Assuming that it will all be preserved in its natural state isn’t realistic. What is realistic is the fact that a developer may not want to build tract houses abutting a commercial greenhouse operation. If they do, likely there’s going to be more land set aside for green space than if a farm was sold outright and a series of new homes were plunked down as if it were a Monopoly board.

Combined with workforce development program funding, urban indoor farming is getting more attractive every day.That’s not the same kind of issue in urban areas where the situation is different. Despite the economic boom of the past ten years, not every neighborhood benefitted. The smart ones took creative approaches. Gotham Greens started in Greenpoint, Brooklyn and has expanded to Chicago as well. “In early 2014, Gotham Greens opened its second greenhouse, located on the rooftop of Whole Foods Market’s flagship Brooklyn store, which was the first ever commercial scale greenhouse integrated into a supermarket.”

Green City Growers in Cleveland’s Central neighborhood is another example. “Situated on a 10-acre inner-city site that was once urban blight, the greenhouse—with 3.25 acres under glass–now serves as a vibrant anchor for the surrounding neighborhood.”

The beauty of greenhouse systems even those without greenhouse software, is they can be built anywhere because the environmental concerns of potentially contaminated soil don’t exist. The federal government as well as state and local governments offer a myriad of financial assistance programs to encourage growers to develop operations in their areas. Combined with workforce development program funding, urban indoor farming is getting more attractive every day.

As for the argument that greenhouses save energy and fossil fuels, I think we can agree that it’s pretty difficult to operate a thousand-acre farm using solar power. To their credit, last year John Deere unveiled a tractor that will allow farmers to run it as a fully autonomous vehicle to groom their fields while laying out and retracting the 1 kilometer long onboard extension cord along the way. It’s a start although I’ll admit to my own problems operating an electric mower without cutting the power cord.

In a 2017 article, Kurt Benke and Bruce Tomkins stated, “Transportation costs can be eliminated due to proximity to the consumer, all-year-round production can be programmed on a demand basis, and plant-growing conditions can be optimized to maximize yield by fine-tuning temperature, humidity, and lighting conditions. Indoor farming in a controlled environment also requires much less water than outdoor farming because there is recycling of gray water and less evaporation.”

The overall trend on fossil fuel reduction was verified this week when the Department of Energy announced that renewables passed coal for the first time in U.S. history. And on the water issue, Ms. Owley had a salient point for cannabis growers. “The federal government will not allow federal irrigation water to be used to grow marijuana anywhere, even in states where cultivation is legal.” That’s not a minor detail and it’s why outdoor farming of cannabis is going to be limited in areas where water resources and water rights are hotly debated.

June 24, 2019

Cannabusiness Sustainability

Environmental Sustainability in Cultivation: Part 1

By Carl Silverberg

4 Comments

Core values often get wrapped into buzzwords such as sustainability, locally sourced and organic. In the first part of a series of four articles exploring greenhouses and the environment, we’re going to take a look at indoor vs. outdoor farming in terms of resource management.

Full disclosure; I love the fact that I can eat fresh blueberries in February when my bushes outside are just sticks. Is there a better way to do it than trucking the berries from the farm to a distribution plant to the airport, where they’re flown from the airport to a distribution center, to the grocery store and finally to my kitchen table? That’s a lot of trucking and a lot of energy being wasted for my $3.99 pint of blueberries.The largest generation in the history of the country is demanding more locally grown, sustainable and organic food.

If those same blueberries were grown at a local greenhouse then trucked from the greenhouse directly to the grocery store, that would save diesel fuel and a lot of carbon emissions. People who can only afford to live near a highway, a port or an airport don’t need to ask a pulmonary specialist why their family has a higher rate of COPD than a family who lives on a cul-de-sac in the suburbs.

Fact: 55% of vegetables in the U.S. are grown under cover. The same energy saving principles apply to indoor cannabis and the reasons are consumer driven and producer driven. The largest generation in the history of the country is demanding more locally grown, sustainable and organic food. They want it for themselves and they want it for their kids.

The rapid proliferation of greenhouses over the past ten years is no coincidence. Millennials are forcing changes: organic fruit and vegetables now account for almost 15% of the produce market. A CNN poll last month revealed that 8 of 10 of registered Democrats listed climate change as a “very important” priority for presidential candidates. The issue is not party I.D.; the issue is that a large chunk of Americans are saying they’re worried about the direct and indirect impacts of climate change, such as increased flooding and wildfires.

So how does the consumer side tie into the cannabis industry? Consumers like doing business with companies who share their values. The hard part is balancing consumer values with investor values, which is why many indoor growers are turning to cultivation management platforms to help them satisfy both constituencies. They get the efficiency and they get to show their customers that they are good stewards of their environment. The goal is to catch things before it’s too late to save the plants. If you do that, you save the labor it costs to fix the problem, the labor and the expense of throwing away plants and you reduce pesticide and chemical usage. When that happens, your greenhouse makes more money and shows your customers you care about their values.

The indoor change is happening rapidly because people realize that technology is driving increased revenue while core consumer values are demanding less water waste, fewer pesticides, herbicides and fertilizers.Let’s add some more facts to the indoor-outdoor argument. According to an NCBI study of lettuce growing, “hydroponic lettuce production had an estimated water demand of 20 liters/kg, while conventional lettuce production had an estimated water demand of 250 liters/kg.” Even if the ratio is only 10:1, that’s a huge impact on a precious resource.

Looking at the pesticide issue, people often forget about the direct impact on people who farm. “Rates in the agricultural industry are the highest of any industrial sector and pesticide-related skin conditions represent between 15 and 25% of pesticide illness reports,” a 2016 article in The Journal of Cogent Medicine states. Given the recent reports about the chemicals in Roundup, do we even need to continue the conversation and talk about the effects of fertilizer?

I’ll finish up with a quote from a former grower. “The estimates I saw were in the range of between 25%-40% of produce being lost with outdoor farming while most greenhouse growers operate with a 10% loss ratio.”

The indoor change is happening rapidly because people realize that technology is driving increased revenue while core consumer values are demanding less water waste, fewer pesticides, herbicides and fertilizers. Lastly, most Americans simply have a moral aversion to seeing farms throw away food when so many other people are lined up at food banks.

May 7, 2019

Implementing a HACCP Plan to Address Audit Concerns in the Infused Market

By Daniel Erickson

1 Comment

The increasing appeal and public acceptance of medical and recreational cannabis has increased the focus on the possible food safety hazards of cannabis-infused products. Foodborne illnesses from edible consumption have become more commonplace, causing auditors to focus on the various stages of the supply chain to ensure that companies are identifying and mitigating risks throughout their operations. Hazard Analysis and Critical Control Points (HACCP) plans developed and monitored within a cannabis ERP software solution play an essential role in reducing common hazards in a market currently lacking federal regulation.

What are cannabis-infused products?

Cannabis infusions come in a variety of forms including edibles (food and beverages), tinctures (drops applied in the mouth), sprays (applied under the tongue), powders (dissolved into liquids) and inhalers. Manufacturing of these products resembles farm-to-fork manufacturing processes common in the food and beverage industry, in which best practices for compliance with food safety regulations have been established. Anticipated regulations in the seed-to-sale marketplace and consumer expectations are driving cannabis infused product manufacturers to adopt safety initiatives to address audit concerns.

What are auditors targeting in the cannabis space?

The cannabis auditing landscape encompasses several areas of focus to ensure companies have standard operating procedures (SOP’s) in place. These areas include:

Regulatory compliance – meeting state and local jurisdictional requirements
Storage and product release – identifying, storing and securing products properly
Seed-to-sale traceability – lot numbers and plant identifiers
Product development – including risk analysis and release
Accurate labeling – allergen statements and potency
Product sampling – pathogenic indicator and heavy metal testing
Water and air quality – accounting for residual solvents, yeasts and mold
Pest control – pesticides and contamination

In addition, auditors commonly access the reliability of suppliers, quality of ingredients, sanitary handling of materials, cleanliness of facilities, product testing and cross-contamination concerns in the food and beverage industry, making these also important in cannabis manufacturers’ safety plans.

How a HACCP plan can help

Whether you are cultivating, harvesting, extracting or infusing cannabis into edible products, it is important to engage in proactive measures in hazard management, which include a HACCP plan developed by a company’s safety team. A HACCP plan provides effective procedures that protect consumers from hazards inherent in the production and distribution of cannabis-infused products – including biological, chemical and physical dangers. With the lack of federal regulation in the marketplace, it is recommended that companies adopt these best practices to reduce the severity and likelihood of compromised food safety.

Automating processes and documenting critical control points within an ERP solution prevents hazards before food safety is compromised. Parameters determined within the ERP system are utilized for identification of potential hazards before further contamination can occur. Applying best practices historically used by food and beverage manufacturers provides an enhanced level of food safety protocols to ensure quality, consistency and safety of consumables.

Hazards of cannabis products by life-cycle and production stage

Since the identification of hazards is the first step in HACCP plan development, it is important to identify potential issues at each stage. For cannabis-infused products, these include cultivation, harvesting, extraction and edibles production. Auditors expect detailed documentation of HACCP steps taken to mitigate hazards through the entire seed-to-sale process, taking into account transactions of cannabis co-products and finished goods at any stage.

Cultivation– In this stage, pesticides, pest contamination and heavy metals are of concern and should be adequately addressed. Listeria, E. coli, Salmonella and other bacteria can also be introduced during the grow cycle requiring that pathogenic indicator testing be conducted to ensure a bacteria-free environment.

Harvesting– Yeast and mold (aflatoxins) are possible during the drying and curing processes. Due to the fact that a minimal amount of moisture is optimal for prevention, testing for water activity is essential during harvesting.

Extraction – Residual solvents such as butane and ethanol are hazards to be addressed during extraction, as they are byproducts of the process and can be harmful. Each state has different allowable limits and effective testing is a necessity to prevent consumer exposure to dangerous chemical residues.

Edibles– Hazards in cannabis-infused manufacturing are similar to other food and beverage products and should be treated as such. A risk assessment should be completed for every ingredient (i.e. flour, eggs, etc.), with inherent hazards or allergens identified and a plan for addressing approved supplier lists, obtaining quality ingredients, sanitary handling of materials and cross-contamination.

Following and documenting the HACCP plan through all of the stages is essential, including a sampling testing plan that represents the beginning, middle and end of each cannabis infused product. As the last and most important step before products are introduced to the market, finished goods testing is conducted to ensure goods are safe for consumption. All information is recorded efficiently within a streamlined ERP solution that provides real-time data to stakeholders across the organization.

Besides hazards that are specific to each stage in the manufacturing of cannabis-infused products, there are recurring common procedures throughout the seed-to-sale process that can be addressed using current Good Manufacturing Practices (cGMP’s). cGMPs provide preventative measures for clean work environments, training, establishing SOPs, detecting product deviations and maintaining reliable testing. Ensuring that employees are knowledgeable of potential hazards throughout the stages is essential.Lacking, inadequate or undocumented training in these areas are red flags for auditors who subscribe to the philosophy of “if it isn’t documented, it didn’t happen.” Training, re-training (if necessary) and documented information contained within cannabis ERP ensures that companies are audit-ready.

Labeling

The importance of proper labeling in the cannabis space cannot be understated as it is a key issue related to product inconsistency in the marketplace. Similar to the food and beverage industry, accurate package labeling, including ingredient and allergen statements, should reflect the product’s contents. Adequate labeling to identify cannabis products and detailed dosing information is essential as unintentional ingestion is a reportable foodborne illness. Integrating an ERP solution with quality control checks and following best practices ensures product labeling remains compliant and transparent in the marketplace.

Due to the inherent hazards of cannabis-infused products, it’s necessary for savvy cannabis companies to employ the proper tools to keep their products and consumers safe. Utilizing an ERP solution that effectively manages HACCP plans meets auditing requirements and helps to keep cannabis operations one step ahead of the competition.

March 26, 2019

Top 5 Cybersecurity Threats To The Cannabis Industry

By Lalé Bonner

No Comments

Is your cannabis business an attractive target for cyber criminals? With the influx of investment to this market and new businesses opening frequently throughout the United States, the legal cannabis industry is a prime target for cyber criminals.

Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.Cannabis industry hackers pick their targets by vulnerability, exploiting consumer or patient data to darknet black markets and forums. The impact can be devastating to both the business and their consumers. With new laws on protecting consumer and patient data on the horizon, businesses that do not adequately protect that data, could face stiff fines, in addition to losing the trust of their customers.

So, how do these attacks present themselves? Recent studies implicate employees as the “weakest link” in the cybersecurity chain due to a lack of cybersecurity best practices and training. Implementing safeguards and providing employee training is imperative to the cybersecurity health of your business.

Now, let’s identify the top 5 cybersecurity threats to the cannabis industry and some valuable tips for protecting against these criminal hacks:

Phishing: Phishing is a form of cyber-attack, typically disguised as an official email from a trustworthy entity, attempting to dupe the recipient into revealing confidential information or downloading malware. Don’t take the bait! 91 percent of cyber-attacks start as phishing scams, with most of these lures being cast through fraudulent emails.

Tips: Do not download attachments from unknown senders!
Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.

Password Management: Password complexity is key to protecting against cyber breaches. When it comes to data hacking, 81 percent of breaches are caused by stolen or weak passwords. With a password often being the only barrier between you and a data breach, creating a complex password will dramatically decrease those password-sniffers from obtaining your sensitive information.

Tips: Create passwords that are at least 12 characters in length – include letters, numbers and symbols (*$%^!), and never use a default password. This will fend off brute-force attacks.
Change passwords every six months to a year, keeping them complicated and protected. For IT Managers, make using a password manager mandatory for all employees. (Pro-tip: LastPass is free).Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.

Public Wi-Fi: Being able to connect in public spaces, while a modern marvel of convenience, leaves us wide open to cyber-attacks. Whether you are in an airport or café, always err on the side of caution.

Tips: Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.
Browse in a “private” or “incognito” window to avoid saving information. If you have a VPN, use it. If not, then do not handle any sensitive data.

BYOD: Beware of Bad Apps: Using personal devices for work has become the norm. In fact, approximately 74 percent of businesses have bring-your-own-device (BYOD) policies or plans to adopt in the future.

With these platforms providing greater access to mobile apps, comes greater responsibility on the part of the end user.

Tips: Password protect devices that will be used for work (and, any device in general).
Only download applications from a trusted, authorized app store. Do not use untrusted play apps.
Mobile device protection is recommended for any device being used on a business network.

Whether it is an app from an unauthorized website or a lost/stolen device that was not password protected, cyber criminals do not need much to compromise critical data.Avoid logging into a SaaS application on a public computer or public Wi-Fi network.

SaaS Selectively: Keep Sensitive Data Safe: SaaS (Software As A Service) are cloud-based software solutions and chances are you are using one of these SaaS solutions for work purposes. IT is typically responsible for implementing security controls for SaaS applications, but ultimate responsibility falls on IT and the end user jointly. Here is what you can do to help keep these solutions safe:

Tips: Avoid logging into a SaaS application on a public computer or public Wi-Fi network.
Never share your SaaS login credentials with unauthorized persons over digital format or in person. Lastly, if you need to step away, always lock your screen during an active session.

While these tips will help keep your consumer/patient data from falling into the wrong hands, always have a plan B- backup plan! Your plan B must incorporate saving important data to a backup drive daily. Most likely, there is already a backup protocol in place for your mission-critical work data; however, for sanity’s sake, back up your BYOD devices as well.

February 20, 2019

The New ISO/IEC 17025:2017: The Updated Standard

By Ravi Kanipayor, Christian Bax, Dr. George Anastasopoulos

No Comments

As state cannabis regulatory frameworks across the country continue to evolve, accreditation is becoming increasingly important. Because it provides consistent, turnkey standards and third-party verification, accreditation is quickly emerging as an important tool for regulators. For cannabis testing laboratories, this trend has been especially pronounced with the increasing number of states that require accreditation to ISO/IEC 17025.

As of 2017 there were nearly 68,000 laboratories accredited to ISO/IEC 17025, making it the single most important benchmark for testing laboratories around the world. ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests including sampling. It covers testing performed using standard methods, non-standard methods and laboratory-developed methods. It is applicable to all organizations performing tests including cannabis labs. The standard is applicable to all labs regardless of the number of personnel or the extent of the scope of testing activities. Developed to promote confidence in the operation of laboratories, the standard is now being used as a key prerequisite to operate as a cannabis lab in many states.

There are currently 26 states in the United States (also Canada) that require medical or adult-use cannabis to be tested as of February 2019. Of those states, 18 require cannabis testing laboratories to be accredited – with the vast majority requiring ISO/IEC 17025 accreditation. States that require testing laboratories to attain ISO/IEC 17025 accreditation represent some of the largest and most sophisticated cannabis regulatory structures in the country, including California, Colorado, Maryland, Massachusetts, Michigan, Nevada and Ohio. As a consequence, many cannabis testing laboratories are taking note of recent changes to ISO/IEC 17025 standards.

ISO/IEC 17025 was first issued in 1999 by the International Organization for Standardization. The standard was updated in 2005, and again in 2017. The most recent update keeps many of the legacy standards from 2005, but adds several components – specifically requirements for impartiality, risk assessment and assessing measurement uncertainty. The remainder of this article takes a deeper dive into these three areas of ISO/IEC 17025, and what that means for cannabis testing laboratories.Objectivity is the absence or resolution of conflicts of interest to prevent adverse influence on laboratory activities.

Impartiality

ISO/IEC 17025:2005 touched on an impartiality requirement, but only briefly. The previous standard required laboratories that belonged to organizations performing activities other than testing and/or calibration to identify potential conflicts of interest for personnel involved with testing or calibration. It further required that laboratories had policies and procedures to avoid impartiality, though that requirement was quite vague.

ISO/IEC17025:2017 emphasizes the importance of impartiality and establishes strict requirements. Under the new standard, labs are responsible for conducting laboratory activities impartially and must structure and manage all laboratory activities to prevent commercial, financial or other operational pressures from undermining impartiality. The definitions section of the standard defines impartiality as the “presence of objectivity.” Objectivity is the absence or resolution of conflicts of interest to prevent adverse influence on laboratory activities. For further elaboration, the standard provides similar terms that also convey the meaning of impartiality: lack of prejudice, neutrality, balance, fairness, open-mindedness, even-handedness, detachment, freedom from conflicts of interest and freedom from bias.

To comply with the new standard, all personnel that could influence laboratory activities must act impartially. ISO/IEC 17025:2017 also requires that laboratory management demonstrate a commitment to impartiality. However, the standard is silent on how labs must demonstrate such commitment. As a starting point, some cannabis laboratories have incorporated statements emphasizing impartiality into their employee handbooks and requiring management and employee training on identifying and avoiding conflicts of interest.

Risk Assessment

Both the 2005 and 2017 versions contain management system requirements. A major update to this is the requirement in ISO/IEC 17025:2017 that laboratory management systems incorporate actions to address risks and opportunities. The new risk-based thinking in the 2017 version reduces prescriptive requirements and incorporates performance-based requirements.

Under ISO/IEC 17025:2017, laboratories must consider risks and opportunities associated with conducting laboratory activities. This analysis includes measures that ensure that:

The lab’s management system is successful;
The lab has policies to increase opportunities to achieve its goals and purpose;
The lab has taken steps to prevent or reduce undesired consequences and potential failures; and
The lab is achieving overall improvement.

Labs must be able to demonstrate how they prevent or mitigate any risks to impartiality that they identify.To comply with ISO/IEC 17025:2017, labs must plan and implement actions to address identified risks and opportunities into management systems. They must also measure the effectiveness of such actions. Importantly, the standard requires that the extent of risk assessments must be proportional to the impact a given risk may have on the validity of the laboratory’s test results.

ISO/IEC 17025:2017 does not require that labs document a formal risk management process, though labs have discretion to develop more extensive methods and processes if desired. To meet the requirements of the standard, actions to address risks can include sharing the risk, retaining the risk by informed decision, eliminating the risk source, pinpointing and avoiding threats, taking risks in order to pursue an opportunity, and changing the likelihood or consequence of the risk.

ISO/IEC 17025:2017 references “risks” generally throughout most of the standard. However, it specifically addresses risks to a laboratory’s impartiality in section 4.1. Note, the new standard requires that labs must not only conduct activities impartially, but also actively identify risks to their impartiality. This requirement is on-going, not annually or bi-annually. Risks to impartiality include risks arising from laboratory activities, from laboratory relationships, or from relationships of laboratory personnel. Relationships based on ownership, governance, shared resources, contracts, finances, marketing, management, personnel and payment of a sales commission or other inducements to perform under pressure can threaten a laboratory’s impartiality. Labs must be able to demonstrate how they prevent or mitigate any risks to impartiality that they identify.

Assessing Measurement Uncertainty With Decision Rules

ISO/IEC 17025:2005 required (only where necessary and relevant) test result reports to include a statement of compliance/non-compliance with specifications and to identify which clauses of the specification were met or not met. Such statements were required to take into account measurement uncertainty and if measurement results and uncertainties were omitted from the statement, the lab was required to record and maintain the results for future reference.

ISO/IEC 17025:2017 requires similar statements of conformity with an added “decision rule” element. When statements of conformity to a specification or standard are provided, labs must record the decision rule it uses and consider the level of risk the decision rule will have on recording false positive or negative test results. Like the 2005 version, labs must include statements of conformity in test result reports (only if necessary and relevant- see 5.10.3.1 (b)). Now, test result reports on statements of conformity must include the decision rule that was employed.

Moving Forward

Because many states require ISO/IEC 17025 accreditation for licensing, cannabis testing labs across the country would be well advised to closely monitor the implications of changes in ISO/IEC 17025:2017 related to impartiality, risk assessment and measurement uncertainty. If you run a cannabis testing lab, the best way to ensure compliance is education, and the best place to learn more about the new requirements is from a globally recognized accreditation body, especially if it is a signatory to the International Laboratory Accreditation Cooperation (ILAC) for testing laboratories, calibration laboratories and inspection agencies.

References

Facts & Figures

ISO/IEC 17025:2005: General requirements for the competence of testing and calibration laboratories

ISO/IEC 17025:2017: General requirements for the competence of testing and calibration laboratories