Tag Archives: remote

Growing the Seed of Sale: Integrating Security with Business Opportunity

By Ryan Schonfeld
No Comments

Anyone in the cannabis industry is well aware that theft of crops can economically devastate a grower. Security is critical, and thankfully, growers and dispensaries have many tools available to protect their investment. There is simply no excuse for not having a solid security posture to keep your business in compliance, from public-private partnerships to advanced security tools – in fact, it’s required in most jurisdictions.

In 2020, nationwide cannabis sales increased 67%, and support for legal marijuana reached an all-time high of 68%. New Frontier Data found that U.S. legal cannabis market is projected to double to $41.5 billion by 2025.

The industry’s advancement impacts numerous areas such as job and tax revenue creation and providing a wide variety of valuable opportunities. For cannabis facilities to keep up with the market expansion and experience success, they must face two significant challenges: achieving adequate security and efficient business operations. Though both can be seen as separate concerns, growers and producers must merge processes and solutions to tackle the issue as a whole.

Dispensaries are prime targets for burglary. Defending your storefront requires a comprehensive security plan

Along with rapid growth, dispensaries face traditional security risks, such as workplace violence and retail theft, while cybersecurity risks have also become more prevalent. These potential issues make it clear that the stakes are high, and as the potential impact on a business rises, the need for real-time, predictive response increases. Insider threats are another issue plaguing the industry when you look at the rate of theft, diversion and burglary that is attributable to employees.

The cannabis market is complex: it’s expanding rapidly, has to meet essential regulatory requirements and faces high-security risks. Therefore, security needs to be looked at holistically since it can be challenging to determine where a potential threat may originate.

With security top of mind, it is critical to move away from responsive behaviors and seek ways to manage security in a manner that gets ahead of threats, prevent them before they happen and respond to them in real-time. But does a grower or retailer have the time and expertise to manage all this while keeping an eye on how security affects the business?

Remote Security Operations

The ability to comply with government regulations and protect a valuable cannabis crop at all stages of its journey from seed to sale makes security systems a mission-critical asset for cannabis growers. Security operations centers create a safer and more productive environment and provide state-of-the-art tools to protect employees, retail locations and grow facilities. But some businesses in the cannabis market may not have the resources or space to have their centralized security operations, leading them to piece-meal security together or do the best with what they can afford at the time. Running these facilities can also be prohibitively expensive.

Security operations centers create a safer and more productive environment and provide state-of-the-art tools to protect employees, retail locations and grow facilities.

But new options take the process of security off the table. The business can focus on the growth of its core functions. Remote security operations services allow companies to take advantage of advanced security services typically only possible in larger enterprise environments. These services are offered on a subscription basis, delivered through the cloud, and are entirely customizable to detect risks unique to your business operations while saving each company significant expense.

Centralized security operations centers leverage intelligent tools, standard operating procedures and proven analytic methods to provide cannabis facilities with the information and guidance necessary to mitigate issues like retail or grow theft before they can have a significant impact.

The integrated, holistic response center staffed by experienced operators and security experts delivers a comprehensive security and regulatory compliance method. This approach is designed to provide complete data about what is happening across a cannabis business, from seed to sale, and how individual events can impact the company as a whole. As a result, stakeholders get the security intelligence they need, without the high overhead, personnel investments and complex daily management.

For those businesses in the cannabis market looking to supplement their security operations with other workforce but may not have the budget or infrastructure to do so, remote security operations services are something you should consider. With the experts handling all the heavy lifting, leaders can focus on growth. And, right now, in the cannabis industry, the sky is the limit in terms of opportunity.

How Private-Sector-Led Information Sharing Can Transform Cybersecurity in the Cannabis Industry.

By Andy Jabbour, Ben Taylor
No Comments

The cannabis industry’s advancement towards legalization continues to dominate national headlines, from the stance of incoming Attorney General Merrick Garland to deprioritize enforcement of low-level cannabis crimes, Senate Majority Leader Chuck Schumer’s continued advocacy, to the recent passing of legislation in New York, New Mexico and Virginia (the first in the South) to authorize adult-use cannabis. While these updates are likely to intrigue customers and investors alike, they are also sure to draw the attention of cyber criminals who could look at the relative youth of the industry, as well as its rapid growth, as a prime target of opportunity for nefarious acts.

In order to understand risk mitigation best practices across a wide spectrum of private sector industries, this article will first identify the current security environment in order to understand the threats, briefly highlight specific case studies and assess the risks and identify methods that individual organizations, as well as the cannabis industry as a whole, can take action to enhance security and preparedness and to develop resiliency against future attacks.

Understanding the Threats

For an industry that has operated in a largely cash-based system for much of its existence, the idea of security is not foreign. Typically, these concerns focused on physical security implementation. The topic has received plenty of coverage, including a recent article in this journal articulating Important Security Considerations When Designing Cannabis Facilities. While an audit of physical security measures is a valuable part to any all-hazards threat assessment, securing a growing online network – from email to online finances to connected devices within cannabis facilities – can pose more unfamiliar challenges. When consulted for this article, Patten Wood, a former VP of marketing for a prominent west-coast cannabis retail brand noted: “While the topic of cybersecurity is critically important to customers, businesses, and the industry at large, it isn’t top of mind for many of the cannabis companies that I’ve experienced.” Understanding what risks are present is the first step to mitigating them, so we must first discuss several common cyber threats for the cannabis industry.

  • Phishing: Phishing happens when cybercriminals impersonate a trusted individual or entity, typically through email. The goal in this instance is to get the target to share confidential information or download software that can allow unauthorized access into an organization’s network. Phishing is one of the most common types of cyberattacks as it is relatively easy to conduct and surprisingly effective.
  • Ransomware Attacks: Ransomware attacks are used to gain access to a computer network and then lock and encrypt either the entire system or certain sets of high-value files, which can compromise important business information, and impact client and vendor privacy. A ransom is then demanded for restoring access, but paying the ransom comes with its own risk as it doesn’t guarantee the files will be restored. 
  • Cyber Extortion: Similar to ransomware attacks in their design, cyber extortion typically deals with a threat of leaking personal information and will generally demand payment in cryptocurrency in order to maintain their anonymity. 
  • Lumu: 2020 Ransomware Flashcard

    Remote Access Threats: As 2020 has forced organizations to rethink how they conduct business and shift to more remote operations than they had in the past, it can open up several new threats. According to a survey by IT social network SpiceWorks.com, six out of every ten organizations allow their employees to connect their company-issued devices to public Wi-Fi networks. Utilizing unsecured Wi-Fi networks opens the user up to man-in-the-middle attacks, allowing hackers to intercept company data. Unsecure Wi-Fi also brings the threat of malware distribution. An additional consideration with remote workers is the uptick in cyber attacks against remote access software referred to as remote desktop protocol (RDP) attacks. According to Atlas VPN, RDP attacks skyrocketed 241% in 2020 and we’ve seen numerous RDP attacks against critical infrastructure throughout the pandemic and across all industries.

  • Internet of Things (IoT) Leaks: With IoT devices running everything from security systems to automated growing operations, the convenience has been a huge boost for the industry. Unfortunately, many IoT devices don’t have sophisticated built-in security. Another common problem is the tendency of users to keep default passwords upon installation, which can make devices easy for cyber criminals to access. Once they are inside the system, malware can easily be installed, and the actors can move laterally throughout the network.
  • Personal and Medical Record Security: Many cyberattacks expose some level of personal data, whether that be customer, employee or vendor information. An extra consideration for retail operations that either treat medical patients, or medical and adult-use customers, is the additional information they must store about their clients. Medical facilities will maintain protected health information (PHI), which are much more valuable on the dark web than personally identifiable information (PII). But even adult use facilities may keep government-issued ID or other additional information above that of a typical retailer, which makes the potential value of their information much more intriguing for a cybercriminal.

Assessing the Risks

Depending on where your organization lies in the seed to sale chain, you will have different levels of risk for various types of attacks. We briefly discussed ransomware attacks earlier. Ransoms can range widely depending on the size of the organization that is attacked, but the ransom alone isn’t the only risk consideration. Businesses must also factor in the cost of downtime (an average of 18 days in 2020) caused by the ransomware when evaluating the impact to business operations, as well as reputation. While small – medium businesses are absolutely at risk, especially given their relative lack of cybersecurity resources and sophistication, a recent trend involves “Big Game Hunting” where cybercriminals are targeting larger organizations with the potential for bigger paydays. Criminals understand that big business can rarely afford major delays, and may be more able and willing to pay, and pay big, for a return to normal operations.

Group-IB: Ransomware Uncovered

Below are several examples of attacks which have either directly impacted the cannabis industry, or have valuable lessons the industry can learn from.

GrowDiaries: In October 2020 researcher Bob Diachenko discovered that 3.4 million records including passwords, posts, emails and IP addresses were exposed after two open-source application Kibana apps were left exposed online. As a platform for cannabis growers around the world (who are not all growing legally), this type of exposure puts the community at great risk, and can lower user confidence in the product, as well as putting them at personal risk of harm or legal ramifications. The applications being left open is a prime example of either a lack of good cybersecurity policies, or not following through on those policies.

Aurora Cannabis: On December 25th, 2020 Canadian company Aurora Cannabis suffered a data breach when SharePoint and OneDrive were illegally accessed. Included in the data that was compromised was credit card information, government identification, home addresses and banking details. The access point coming through Microsoft cloud software is a prime example of some of the challenges facing businesses who have an increasingly remote workforce yet still need that workforce to access critical (and usually highly sensitive) information.

THSuite: A database owned by seed to sale Point-Of-Sale (POS) software provider THSuite was discovered by researchers in December 2019. The database contained PHI/PII for 30,000 people, with over 85,000 files being exposed. The information that was left accessible included scanned government IDs, personal contact information and medical ID numbers. Clearly this gets into HIPAA territory, which can result in fines of up to $50,000 for every exposed record.

Door Dash: As cannabis delivery apps become more prevalent, it’s good to reference how similar businesses in other industries have been targeted. In May of 2019 nearly 5 million user records were accessed by an unauthorized third party, exposing PII and partial payment card information.  

Taking Action 

On an organizational level, employee training, password hygiene and malware protection are some of the basic and most important steps that should be taken by all organizations. But, if “knowledge is power,” the best defense for any organization against cyber threats is a well-informed organization- including leadership down to the front-line employees. Excellent tools to assist in this are Information Sharing & Analysis Centers/Organizations (ISACs/ISAOs). ISACs were established under a presidential directive in 1998 to enable critical infrastructure owners and operators to share cyber threat information and best practices. The National Council of ISACs currently has over 20 member ISACs including Real Estate, Water, Automotive and Energy. ISAOs were created by a 2015 executive order to encourage cyber threat information sharing within private industry sectors that fall outside of those listed as “critical infrastructure”. Christy Coffey, vice president of operations at the Maritime and Port Security ISAO (MPS-ISAO) says information sharing enabled by the executive order is critical. “We need to accelerate private sector information sharing, and I believe that the ISAO is the vehicle.”

According to Michael Echols, CEO of the International Association of Certified ISAO’s (IACI) at the Kennedy Space Center, security experts have long understood that threat information sharing can allow for better situational awareness and help organizations better identify common threats and ways to address them. “On the other side, hackers in a very documented way are already teaming up and sharing information on new approaches and opportunities to bring more value (to their efforts).” The ongoing crisis surrounding the Microsoft Exchange Server Vulnerability demonstrates that different cybercriminal groups will work simultaneously to abuse system flaws. As of March 5th it was reported that at least 30,000 organizations in the U.S. – and hundreds of thousands worldwide – have backdoors installed which makes them vulnerable to future attacks, including ransomware.

Below are several links to recent products that have been shared by various ISACs/ISAOs, which are provided as an example of the type of information that is commonly shared via these organizations.

If organizations are interested in learning more about enhancing their cybersecurity resiliency through private-sector led information sharing, please reach out to the newly formed Cannabis ISAO at ben@cannabisisao.org 

Cannabis & COVID: Changes, Advances & Opportunities

By Laura Bianchi
No Comments

The onset of the COVID-19 pandemic sent shockwaves around the world, and they’re still rippling today. Businesses had to quickly pivot from in-person transactions and services to virtual operations, or close down until stay at home orders and other restrictions eased or lifted. While it varies from state to state, due to statutory and rule based operating requirements, requiring facilities to be open a certain amount of hours per week, many were deemed essential. These circumstances create a huge set of complex challenges for anyone in business to navigate, from workers and their families to management and owners, let alone vendors and ancillary businesses.

The bright side is being in an industry where plot twists are not uncommon. Cannabis is legal and highly regulated state by state, illegal on a federal level, so it’s always full of strategic problems to solve. With so many people, businesses, ever-shifting regulations, and financial interests at stake, the need for strategic legal services are the constant. From a purely business and regulatory standpoint, the pandemic has provided some in the cannabis industry with quantum leaps forward in operations and service, and many of them may likely become the new norm.

For people with anxiety (#everydemographic2020) and other debilitating medical conditions, perception is shifting towards the importance and benefits of cannabis as a medicine and alternative therapeutic treatment option, on pace with a larger global trend towards personal and shared wellness. There’s more freedom for consumers to participate recreationally in states with adult use programs too. Extended families and friends in other states may not have the same access to cannabis. We live in a socially driven world, and the awareness of the medicinal properties of cannabis has rapidly grown nationwide across broad demographics. The gateway drug stereotype and stigma is slowly but surely fading away.

Momentum and shift in consumer behavior, need and the shifting perspective of healthcare providers is affecting more state regulators. They’ve worked with the cannabis industry to modify and adjust operational rules as needed to ensure medicinal access during the ever-changing COVID climate. Although current rules and regulations haven’t been lifted in any way, this is a step in the right direction. However, recreational states are less likely to consider that portion of the cannabis market essential and look for ways to prioritize medical dispensaries over recreational.

Medical Cannabis Businesses Deemed Essential

The most immediate problems to solve in many states were social distancing and waiting areas – where to keep patients/customers? There are state guidelines and regulations for operations during COVID, plus CDC general safety and sanitation considerations for workers and consumers alike. Lawyers and regulators are working to make sure that these stores are open and operating safely, have established safety protocols, number of customers allowed inside the store, minimum hours of operation, and to allow for special elderly hours and accommodating patients with compromised immune systems.

One of the biggest operational changes has been an increase in the facilitation of online ordering and curbside pickup to help keep patients safe. Employees are wearing gloves and PPE as an added precaution. This puts the health of the patients and employees first, while still allowing businesses to operate.

More and more patients are not all that enthusiastic about making in-person appointments that may put them at risk. In every state, people waver between venturing out for necessities so they’re buying larger quantities and stocking up when they can, and cannabis is no different. Cash-paying customers must still pay in-person. As federal regulations continue to hinder additional payment options and protections, demand for change grows on both sides.

Staffing in a Pandemic

Like all employers, it’s easier for larger cannabis companies to accommodate employees who are sick or may have been exposed. It’s often more difficult for smaller operations. For many employees, the decision to go into work sick means rent and food, because the employer can’t offer additional sick pay.

In most states, employees have to have some type of state card to work in a store. It’s hard to find replacements and pay for sick leave. There’s no call for a temp agency solution due to clearance needed by cannabis employees. If the business has to shut down, it might not be able to bounce back. So in some states, cannabis businesses have suffered setbacks, but not to the extent as other industries such as hospitality, food and beverage, and tourism.

Crunching the Numbers

The cannabis industry is also excluded from PPP loans and other federal aid. True plant-touching cannabis companies can’t access those funds, adding extra financial stress to operations. The irony is for the majority of cannabis operations nationwide, the biggest change was not the increased regulatory requirements for social distancing, sanitation and safety, it was handling the incredible increase in product demand under circumstances that include financial and staffing stress.

One Arizona-based dispensary was averaging around $300K a month before COVID-19. Today, business has more than tripled to nearly $1 million a month. In mature legal state Colorado, a record $155 million in recreational product sales for June reflects a six percent increase over the previous month’s sales. The Colorado Department of Revenue collected $33.6 million from the industry in June. Colorado’s medical dispensary sales record was set in May, just shy of $43 million, dropping down to about $40.8 million in June. Both are still setting records for business volume. For 2020, revenue already exceeds $203.3 million, in contrast to roughly $302.5 million in cannabis-related revenue in 2019.

Heightened Supply, Demand & Opportunities

Heightened demand and the search for new market ventures means investors are taking notice. People sheltering or working from home are spending more time online, too. Many are searching for healthcare; others for promising investment opportunities. Legalization has been a long journey, state by state. Everyone inside the cannabis and hemp industries has learned to roll with the punches – expect ongoing legal needs, and to do strategic short- and long-term planning. How to anticipate change and pivot on a dime. It’s a must.

With the healthcare system struggling or strained in many areas of the country, non-essential primary care has shifted to telemedicine. Federally, the DEA granted permission to do so that extends for the duration of the COVID-19 public health emergency. The problem? State-level regulations may prohibit the prescription of Schedule III drugs via telemedicine, or limit the amount and refills. For essential healthcare, limited appointments or emergency-only availability remains a concern. Innovative new cannabis products help fill that gap.

There will be more challenges as elections approach and beyond. For those in cannabis, we’re used to being ready for anything. Stay tuned.

Priorities During the Pandemic: How to Run a Lab Under COVID-19

By Dr. Peter Krause, Udo Lampe
No Comments

During the COVID-19 pandemic, most testing laboratories have been classified as relevant for the system or as carrying out essential activities for national governments. Therefore, it is crucial to maintain activities and optimally assess the changes that are occurring, framed within the spread of the SARS-CoV-2 virus. Analytica Alimentaria GmbH, a testing laboratory with its headquarters in Berlin, Germany and a branch office in Almeria, Spain, decided to focus its management on the analysis of events and the options available, at the legal and employment level, to ensure continuity of activities and reducing, as much as possible, the damage for the parties involved: employees and company. Accredited by the International Accreditation Service (IAS) to ISO/IEC 17025:2017, Analytica Alimentaria GmbH is required to implement risk-based thinking to identify, assess and treat risks and opportunities for the laboratory. Since March 12, 2020 a crisis committee was established, formed by the six members of the company’s management, covering general management, human resources, direction of production, finance and IT. The committee meets every day and it intends to:

  • Minimize the risks of contagion
  • Be able to continue providing the service required by our clients
  • ensure that the company as a whole will survive the economic impact of the crisis
  • Take measures that are within the legality of both countries where the laboratory operates (Spain and Germany),
  • Manage internal and external communication related to the crisis

To achieve correct decision making, daily meetings of the committee were established, to review the situations that were presented day after day and the actions that should be carried out. Each decision was analysed in a prioritized, objective, collaborative and global way.

The basis of the lab’s action plan was a well-developed risk assessment. In addition to the risk of getting a droplet or smear/contact infection with the coronavirus SARS-CoV-2 (risk I) by contact with other people, psychological stress caused by changing working conditions (home office), contact options and information channels were also identified (risk II).

As a result of the risk assessment, the conclusion was that a mix of various measures is the best form of prevention:

  • Keep distance
  • Avoid “super spreader” events
  • Personal hygiene
  • Regular communication between managers and personnel about the current situation and possible scenarios

The risk assessment took both areas into account. The following assessment was developed together with an external specialist and focused on risk I:

Risk I Assessment Protective measures / hygiene plan
Organisation
Working hours and break arrangements High Limit the gathering of people and ensure a minimum distance:

  • Relocated work, break and mealtimes
  • Create fixed groups of shift-working staff
  • Time gap of 20 min. between the shifts
  • Enable home office wherever it is possible
Third party access Moderate Few but “well-known” visitors:

  • Reduce the number of visits and keep internal contacts to a minimum
  • Ensure the contact chain
  • Inform visitors about the internal rules and obtain written consent
Dealing with

suspected cases

High Isolation and immediate leave of the company:

  • Contactless fever measurement (in case of typical symptoms)
  • Leave the company or stay at home
  • If the infection is confirmed, find contact persons (including customers or visitors) and inform them about a possible risk of infection
Contact with other persons
Traffic route from home to work Moderate Avoid public transportation:

  • Take a car, bicycle or go by foot
  • Enable mobile work and teleworking
At work High Always keep a sufficient distance of 2.0 m from people:

  • If minimum distances cannot be maintained, wear protective masks or install physical barriers (acrylic glass)
  • Organize traffic routes so that minimum distances can be maintained (one-way routes, floor markings indicating a distance of 2 m)
  • Use digital meetings instead of physical ones
Sanitary facilities Moderate Remove virus-loaded droplet as often as possible:

  • Provide skin-friendly liquid soaps and towel dispensers
  • Shorten or intensify cleaning intervals
  • Hang out instructions for washing hands at the sink
  • Include instructions for proper hand-disinfection
Canteens, tea kitchens and break rooms High One person per 10 m² = minimum:

  • Reduce the number of chairs per table
  • Informative signs in every room, indicating the maximum number of permitted persons
Ventilation High Diluting or removing bioaerosols (1 µm virus-droplets):

  • Leave as many doors open as possible
  • Regular and documented shock ventilation every 30 minutes or more frequently, depending on the size of window
  • Operate ventilation and air-conditioning systems, since the transmission risk is classified as low here
Use of work equipment Moderate Use tools and work equipment for personal use:

  • Regular cleaning with changing use (PC, hand tools, coffee machine, …)
  • If possible, use gloves when using equipment for a larger number of users
Protective masks Moderate
  • Use of protective masks as an additional measure, indicating that this does not replace keeping distance
  • Recommend wearing masks in commonly used areas and explain that they do not protect yourself, but help to protect others
  • Give clear instructions (written and oral) on how to use a mask correctly and explain the use and purpose of different mask-types
  • Distribute masks freely

A number of guidelines and concrete measures addressing the risks related to health issues are already in place. Those health issues in risk group II are more closely related to the psychological effects of the crisis, however, are also more complex to mitigate. The key strategy is communication and, in particular, actively listening to all employees of the company.

Analytica’s robust company culture, based on values established in coordination with the whole staff, has been of significant help during the crisis. The some 150 staff members are organized by over 22 team coordinators. During the crisis, active communication has been intensified significantly. The crisis management team set up regular alignment meetings with all the coordinators and with individual persons with particular situations. This way, not only was it possible to explain the development of the crisis and the subsequent measures, the conversations with coordinators were also the most important source of information enabling the appropriate decisions. The coordinators, closely aligned and in sync with management, were then able to communicate with their team members with a high degree of confidence. One outcome of the communication was a measure that proved very effective in fortifying trust within the company: all measures and evaluations, as well as a chronological review, are published in a dynamic internal report and are made available, with full transparency, to all staff members. Besides the many individual and group alignment meetings (usually held by video conference), this has been a key measure to establish confidence and security within the company.

On the other hand, the company made a great effort to balance the effect of the general closure of kindergartens and schools in Spain and Germany. Each case where staff members were required to care for children at home was studied individually and agreements were established, adapting shifts and making use of time accounts, to allow childcare at home without significant loss of income.

The success of the measures is shown by the continuous work of both laboratories during the crisis. Besides the personal tragedy of a possible infection, the identified risk to the company has the consequence of a (partial) quarantine due to an infected person in contact with the staff and the consequent loss of work-power which might lead, in extreme cases, to a closure of the laboratory. According to the governmental regulation in Germany, if an infection occurs (confirmed by the health department), contact persons cat. 1 (more than 15 min. contact face to face) are identified and sent to quarantine. Other contact persons, e.g. contact persons cat. 2 (same room without face to face) must be identified quickly with the collaboration of the infected person and notified and, if necessary, sent in quarantine. In this case, there is a confirmed emergency plan that maintains the laboratory’s ability to work, defining replacements and alternative work-flow strategies.

It has been part of our strategy to validate all our measures with the relevant guidance documents made available by the official competent institutions. The German Federal Office for Public Safety and Civil Protection (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe) has published a guide, “Crisis Management in Companies, 9-point Checklist” especially for critical infrastructure companies in the CoVid-19 crisis.

Having been classified as a core business enterprise (Spain) and “relevant to the system” (Germany), we consider it important to use them as a reference to confirm our level of alignment with your proposal for crisis management.

An important effect, relevant to any leader in times of crisis, is that the confirmation of all points of such a checklist provides certain peace of mind regarding the question: Have we done everything we could?

PJLA

Perry Johnson Laboratory Accreditation (PJLA) Pivots to Virtual Assessments

By Cannabis Industry Journal Staff
No Comments
PJLA

In a letter sent out to clients last week, Perry Johnson Laboratory Accreditation (PJLA) notified their partner labs that they will be conducting virtual assessments.

PJLA typically conducts assessments on-site. . However, given the current situation, with CDC recommendations for social distancing and mandatory stay-at-home orders in some states, the laboratory accreditation company is pivoting to virtual assessments to help their clients maintain accreditation.

Tracy Szerszen
Tracy Szerszen, president/operations manager, PJLA

Virtual assessments are not the norm, but they are allowed to offer them during crises where on-site assessments are not possible. PJLA is sending their clients virtual assessment surveys to check the viability of a remote assessment. That includes making sure there’s a video camera in the lab, capability to use remote meeting software, and capability for remote screen sharing during a quality review. Take a look at the letter PJLA sent their clients last week:

Dear PJLA Clients,

Considering the COVID-19 pandemic, business and the conduct of audits has changed dramatically.  We at PJLA are doing all we can to maintain accreditation while keeping the health and safety of our auditors, our clients, and their families a priority.

To keep your accreditation valid, we have been able to implement Virtual auditing technology to do entire audits – or at least parts of audits – remotely, using virtual audit techniques.  These types of audit are offered for crisis situations where we cannot perform routine on-site assessments (natural disasters, emergencies, travel restrictions).

Clients will be receiving a virtual assessment survey

  • Allowing for virtual (i.e. cameras in the lab)
  • Capability to use virtual systems
  • Having equipment with cameras/remote screen sharing for quality review and laboratory operations

Upon review of the survey, organizations and assessors will be provided with the decision that the assessment can be conducted fully or partially remote. Following approval, assessors and clients will have a discussion to determine the planning of the virtual assessment.

We have a team dedicated to providing support, but we still ask for your patience during this time.  It may take some time for everyone to become comfortable with the software. We will be reaching out to each client to hear about their experience to continually improve this process.

We thank you for participating in this new and exciting assessment option.

Respectfully,

Tracy Szerszen

President/Operations Manager

Perry Johnson Laboratory Accreditation, Inc.

755 West Big Beaver Road Suite 1325

Troy, MI 48084

Phone: (248) 519-2603

www. pjlabs.com

Soapbox

Home Office HACCP During COVID-19

By Nathan Libbey
1 Comment

With much of the world shutting down and many of us forced to take refuge behind our own doors, we have some time to reflect on what actions led to this. There has been, in my opinion, a clear disconnect between our actions and health outcomes. We need to bridge this gap; We now have a moment to build that bridge. We can start by reassessing our endpoint measurement of health and disease and focusing on what leading measures will impact our lagging results. Think of it as HACCP-lite or home office HACCP. Small changes in the way we think and behave can lead to significant change.

Lagging measures – Lagging measures make great headlines and typically measure an outcome. These are easily quantifiable and therefore receive a good deal of the focus.

Leading measures – Leading measures are inputs that happen during the process and in advance of an outcome.  Leading measures are often difficult to quantify.

This week, Nathan started a “Germ Jar” activity with his kids to track washing.

We are currently focused on the lagging measures for a communicable disease, COVID-19. Illness and death numbers stemming from the pandemic continue to rise, as is expected with more available testing. It is easy for us to dwell on these numbers as they climb and dominate the news. A study in Australia last decade indicated that just over 1% of those experiencing flu like symptoms sought treatment and eventually got tested. I’m not going to use the tip of the iceberg cliché, but there it is. Focusing on the rapidly rising rates of COVID may be easy to do, but it won’t help our future selves.

What we should be doing during this time, however, is looking at our own leading behaviors and how changing them can help prevent this situation from reoccurring.

Here are some inputs we can rethink:

  • Hand washing – The average American uses the restroom 6-7 times per day. This week I started a “Germ Jar” activity with my kids (spring break week!) to track washing. If we wash our hands every time we use the restroom and every time we eat, that’s roughly 10X per day. Our leading indicator of household health, then, is 10 hand washes per day. This principle can, and should be applied to workplaces, including schools, airports and hospitals. What if we had mandatory handwashing prior to airport security and boarding? My estimation is that data would indicate a sharp decline in illness and transmission rates.
  • Disinfecting/Sanitizing – Similar to hand washing, cleaning surfaces serves as a vital indicator of future health. Examples, such as this District in Freeport, Il, indicate that increasing frequency of disinfecting can lead to a dramatic decrease in numbers sick. In my new office setting, we have set a goal via the Germ Jar of 3 times per day wiping down high touch surfaces. As we reenter close-proximity society, we need to have a better understanding of what high touch surfaces are, both for those who are tasked to clean them, as well as those that are doing the touching. Reduction of touches coupled with above washing behaviors post-touch can help prevent disease transmission.

    Nathan’s daughter adding to the Germ Jar
  • Monitoring – Lastly, we need to do a better job at monitoring ourselves and our environments. In my new office, we have enacted a temperature check every morning and night. If we practiced symptom reporting (coughing, sneezing, chills) and monitored temperature in other settings, such as offices and schools, could we start to see pockets of infection and trends? Taking it a step farther, while we invest a tremendous amount of time and money into protecting our food supply from foodborne illness, we rarely discuss preventive monitoring for other diseases, such as influenza and now COVID-19. Technologies are rapidly coming available that will allow us to perform quick diagnostics of both individuals and environments. If we were to monitor the air and surfaces of a school nurse’s office, would we find data that could prevent transmission of disease? Can we transfer HACCP-lite to additional (all) settings?

Over the next weeks and months, we are going to be inundated by the spike in COVID illnesses and deaths. During this time, it is on each of us to realize how our past behaviors led to the state we are in. When we return, viruses will not be absent from the world, our hospitals, schools, offices or our bodies. We can, starting now, begin to measure and change our leading behaviors and begin to shape a healthier future.