Tag Archives: security

3 Ways IP Security Cameras Can Help Cannabusinesses Comply with COVID-19 Health Requirements

By Jeremy White
1 Comment

The cannabis industry, like many others, felt the effects of the stay-at-home orders issued in March in response to the COVID-19 healthcare crisis. While medical cannabis companies were considered “essential” in most states, many recreational dispensaries had to close their doors, or pivot to a curbside pickup operations model. According to the State of the Cannabis Industry 2020 report, following a two-week spike in mid-March, as consumers stockpiled product ahead of stay-at-home mandates, sales took a temporary downturn.

The industry rebounded in a big way, however. The report notes that, since April 20, cannabis sales have steadily increased, and are, in fact, up approximately 40% from 2019. But while medical and recreational dispensaries are now open to the public and thriving, it’s far from business as usual.

Like any other retail store, cannabusinesses must follow local- and state-issued health and safety mandates designed to prevent the spread of COVID-19. Complying with these new requirements can be difficult for business owners and management teams on a normal business day – never mind in today’s climate, where demand for cannabis products continues to soar.

Turning to Technology

With more health regulations to follow than ever before and stores experiencing a consistent increase in daily foot traffic, it’s no longer realistic to expect managers to manually monitor every employee and customer to make sure guidelines are met. For example, it’s difficult to manage social distancing within the store – but there are commonly lines outside of cannabusinesses, where social distancing and mask-wearing precautions also need to be followed. Wouldn’t you rather have managers spend their time on customer service and initiatives that will deliver business value, rather than spending time making sure people are following safety protocols?

Technology can help mitigate these new health compliance challenges – and you may even already have the solution deployed: Internet Protocol (IP) security cameras. Often implemented by businesses as a security tool, IP cameras are now also an effective way to ensure employees and customers are following health and safety protocols.

Most IP cameras are equipped with artificial intelligence (AI) that can analyze information in real-time and make split-second response decisions. In the context of health compliance, they can be trained over time to recognize when requirements are not being followed and immediately alert the appropriate managers. This means managers only need to address violations, rather than observing everyone all the time, and they can resolve compliance gaps as they’re happening. In other words, AI takes on the compliance burden for you. And, as an added bonus, many AI-enabled surveillance systems give managers the ability to pull up live video feeds from their smartphone, so they can conduct compliance checks remotely, at any time. This is especially helpful to managers covering multiple stores (suddenly, they can be in more than one place at a time!).

Here are three specific ways IP security cameras can help dispensaries and other cannabusinesses ensure compliance with COVID-19-prompted health guidelines:

  1. Social distance monitoring

Six-feet social distancing rules are now the norm across the U.S., and IP security cameras are able to measure the space around employees and customers to detect when the six-foot rule is violated. For example, some systems place a ring around each person, and the ring’s color changes when people come within six feet of each other. This capability can be helpful when trying to do things such as supervise the line to get into your store, manage your checkout queue, or monitor the distance between customers browsing in store aisles.You can use IP security cameras to create a healthier and safer work environment

  1. Occupancy management

In many states, organizations must follow orders that restrict occupancy to 50% capacity. Rather than having an employee at your front door tallying the number of people going into and out of your store, IP security cameras can do the counting for you. With this capability, you can control foot traffic and keep the number of shoppers within defined occupancy requirements – without having to allocate personnel to do the task manually.

  1. Face mask detection

AI-enabled IP security cameras can also help businesses comply with mandatory face mask orders. The technology can be trained to detect employees and customers who aren’t wearing face masks or other required personal protective equipment, and then alert appropriate management personnel.

A Dual Purpose – Security and Compliance

IP security cameras now have a dual purpose. Beyond simply helping organizations protect their premises from crime, they now also empower them to ensure compliance with health and safety requirements. You can leverage the technology to remediate compliance issues in real-time and demonstrate to public officials that your business remains in compliance with all health mandates. Most importantly, you can use IP security cameras to create a healthier and safer work environment – and, in these uncertain times, this is a certainty you can count on.

Cannabis Industry Journal

Cannabis Property Coverage: Understanding Risk Management & Communication

By Bradley Rutt
No Comments
Cannabis Industry Journal

For cannabis companies, property coverage can cost as much as seven to 10 times what traditional manufacturing and retail outlets pay. That is, of course, because of the inherent hazards involved in manufacturing and selling cannabis, in a difficult insurance market.

For landlords and building owners, taking in a cannabis tenant can be tricky as well. Because of the higher theft and manufacturing risks, many underwriters are unwilling to offer coverage. And, failure by a landlord to disclose a cannabis tenant is likely to result in a denied claim. Keeping property coverage in check by implementing risk management best practices and working to expand coverage and reduce premium costs can propel a cannabis business even further.  

Moreover, some landlords and building owners will require businesses to maintain occurrence-based liability coverage, which is harder to secure when running a cannabis operation. An occurrence-based liability policy is one that covers the renter for an accident occurring during the policy period, regardless of when a claim is made.

Instead, some insurance companies will only cover cannabis business’ high risks with a claims-made policy, or one in which claims must be made during the policy period only. Landlords will often stipulate their requirement for an occurrence-based policy in their lease. That means that cannabis businesses with a claims-made policy could unknowingly be in violation of their lease.

These issues and others have allowed landlords to command premium rent from cannabis business owners who find obtaining the right property coverage difficult.

To calm the rising tide of rent and property coverage costs, cannabis business owners and operators can engage in the following risk management considerations.

 Risk Management Considerations for Facilities with a Cannabis Operation 

Carriers are more likely to provide a policy to cannabis businesses that are doing what they can to minimize their risk. Here are six ways cannabis businesses can reduce their costs, minimize exclusions and obtain broader property coverage.

  1. If you are a retailer, have a plan to prevent or respond in the event of a robbery.
  2. Install and know how to use vaults and safes properly.
  3. Install central station alarms, cameras and other safeguards. Have them tied to your phone for easy access.
  4. Depending on the nature of the operations, install and regularly test fire sprinklers on site to make sure they are in working order.
  5. Consider hiring a third party, properly-insured, armed guard to safeguard your storefront on a regular basis.
  6. Institute industry-known best practices for high-risk manufacturing processes, like oil extraction.

Insurance Considerations for Facilities with a Cannabis Operation 

Risk management is critical to controlling risk, and insurance considerations can help your cannabis business obtain broader coverage and reduce premium costs.

  1. Communicate with your insurance broker.If you’re a landlord and you want to rent to a cannabis tenant, have a conversation with your insurance carrier at least 30 days before the lease begins. Even if you do, there’s a good chance that your carrier will issue a notice of cancellation (NOC) because they don’t want to engage with cannabis risk. On the other hand, if you don’t disclose the new tenant risk, should a claim be filed, it will could be denied, and the non-disclosure could cost you your policy.
  2. Engage a broker/carrier that specializes in cannabis.In such a volatile market, it is important to work with a broker and carrier that specialize in cannabis. This will enable hidden exclusions to be removed and help you procure the best policy and pricing possible for your organization.
  3. Tell your insurance “story.”Let the carrier understand your business and its risks by telling them your “story.” Tell them what your business does well, including current risk management practices and how you’ve been able to reduce claims. This will go a long way toward potentially minimizing premium costs and exclusions and obtaining broader coverage.
  4. Get another set of eyes. Most carriers will require a lengthy application from cannabis businesses in which the carrier may require the business to comply with certain requirements like having an approved safe or vault room. Your business will be held to the requirements stipulated in the application should you sign and submit it. Ask your broker or a reliable attorney to review the contract for anything you may have missed. Some carriers will incorporate the submitted application into the policy. Any changes between policy inception and a claim could cause coverage issues.

The fast-growing nature of the cannabis industry has ushered in a new set of challenges for business owners and operators. Keeping property coverage in check by implementing risk management best practices and working to expand coverage and reduce premium costs can propel a cannabis business even further.

The Dawn of Delivery: How This Oregon Company Launched During a Pandemic

By Aaron G. Biros
No Comments

Back in late 2016, the Oregon Liquor Control Commission (OLCC) legalized delivery for cannabis products. Since then, dispensaries could offer a delivery option for their customers to purchase cannabis products without leaving the comfort of their home. Up until quite recently, that market was dominated by a handful of dispensaries who also conduct business at their physical location, offering delivery as an option while conducting most sales in-person.

Enter Pot Mates. Founded in 2018 by Hammond Potter, the company embarked on the long regulatory road towards licensing and beginning operations. On April 20, 2020, Pot Mates opened for business, starting their engines to take on the fledgling cannabis delivery market in Portland.

Pot Mates is a tech startup through and through. The founders are former Apple employees. Hakon Khajavei, the chief marketing officer at Pot Mates, founded Blackline Collective, a business and marketing consultancy, which is where he joined the Pot Mates team. The other co-founder of Pot Mates and chief technology officer, Jason Hinson, joined after serving in the US Navy as an electronics technician maintaining satellite communications networks.

With the sheer amount of regulations for cannabis businesses, coupled with the new delivery-based business model, Pot Mates had to focus on technology and automation from the get-go.

Not Just an Online Dispensary

For the cannabis companies already offering delivery in the Portland metro area, their websites seem to mimic the in-person dispensary experience. They offer dozens of products for each category, like concentrates, edibles and flower, making a customer pour through options, all at different price points, which can get confusing for the average consumer.

The Pot Mates logo

Pot Mates does things a little differently. “Our start up process was thinking through how do we make this the best experience possible, how do we get rid of the unnecessary junk and how do we do things that only an online dispensary can do,” says Khajavei. They have flat pricing across the board. In each category, almost every product is priced the same, moving away from the common tiered-pricing model. This, Khajavei says, removes the decision barriers customers often face. Instead of choosing the right price point, they can choose the delivery mechanism and effect they desire uninhibited by a difference in cost.

It all comes back to focusing on the simplest way for someone to buy cannabis. “Shopping online is just very different,” says Khajavei. “Our process focuses on the customer journey and limits the number of products we offer. We have a mood system, where we tag our products from reviews to typify moods that you experience with different products.” All of that requires a lot of back-end technology built into their website.

The Long Regulatory Road

Technology has been a strong suit for Pot Mates since they opened their doors, and well before that too. Making the decision to be an online-only delivery cannabis company pushed them to pursue a very unique business model, but regulations dictate a lot of the same requirements that one might see in dispensaries.

Hakon Khajavei, Chief Marketing Officer

The same rules apply to them when Pot Mates submitted their license application. You need to have a signed lease, extreme security measures, detailed business plans, integrated seed-to-sale traceability software (Metrc in Oregon) and much more. “During the months leading up to getting our license, we were able to iron out a lot of the regulatory details ahead of time,” says Khajavei. A lot of that was about security and tracking their products, which is why technology plays such a huge role in their ongoing regulatory compliance efforts. “We built in a lot of automation in our system for regulatory compliance,” says Khajavei. “Because of our technology, we are a lot faster.”

In the end, their licensing process through the state of Oregon as well as the city of Portland took about nine months. Once they had the license, they could finally get down to business and begin the process of building their website, their POS system, their inventory and reaching out to partners, producers, distributors and growers.

For any cannabis company, there are a number of regulations unique to their business. “We need to report every product movement in house through Metrc,” says Khajavei. “Every time something is repackaged it needs to be reported. We focus so much on our technology and automation because these regulations force us to do so.” But delivery companies are required to report even more. Pot Mates needs to report every single movement a product makes until it reaches the customer. Before the delivery can leave the shop, it is reported to Metrc with an intended route, using turn-by-turn directions. It complicates things when you make two or more deliveries in one trip. Reporting a daisy chain of deliveries a vehicle makes with turn-by-turn directions to regulatory authorities can get very tedious.

As far as regulations go for delivery parameters, they can legally deliver anywhere inside Portland city limits. “It is our job to figure that out, not the customer’s job; so we don’t have any distance limits, as long as it is residential,” Khajavei says. “We programmed customized technology that allows us to handle really small orders.” Without a minimum order policy or a distance limit, Pot Mates can reach a much bigger group of consumers.

Launching in the Midst of a Global Pandemic

Chief Technology Officer, Jason Hinson

Luckily, the Pot Mates team received their license just in time. About two weeks after they submitted their application, Oregon put a moratorium on any new dispensaries.

They went forward with their launch on April 20 this year, despite the coronavirus pandemic impacting just about every business in the world, including their marketing efforts tremendously. With cannabis deemed essential by the state, they could operate business as usual, just with some extra precautions. What’s good for PotMates is that they don’t need to worry about keeping social distancing policies for customers or curbside pickup, given the lack of storefront.

They still need to keep their team safe though. The Pot Mates team began 3D printing washable and reusable face masks, getting more gloves for delivery drivers, cleaning their warehouse thoroughly, cleaning vehicles and making sure employees maintained distancing. Pot Mates is even 3D printing enough masks and donating them to local organizations that need access to masks. “As a cannabis company, we always have to handle things with gloves here and take necessary safety precautions anyway, so our response is more about how we can help than what we need to change.”

Advertising Cannabis in a Pandemic is No Easy Task

“The marketing aspect is where covid-19 really hurt us,” says Khajavei. “There are so many regulations for cannabis companies advertising already. Unlike other products, we can’t just put up advertisements anywhere. We have to follow very specific rules.” So, in addition to the normal marketing woes in the cannabis industry, the team then had to deal with a pandemic.

Pot Mates had to scrap their entire marketing strategy for 2020 and redo it. “We wanted to begin with a lot of face-to-face marketing at events, but that didn’t quite work out so well.” Without any concerts, industry events or large gatherings of any kind, Pot Mates had to pivot to digital marketing entirely. They started building their SEO, growing their following on social media, producing content in the form of blogs and education around cannabis and the local laws.

On an Upward Trajectory

Obviously, the short-term problem for a new cannabis company is reaching people, especially during the COVID-19 crisis. “We have a good trajectory though, we know we are growing our business, but we still have a ways to go,” says Khajavei. It doesn’t help that social media companies have nonsensical policies regarding cannabis. Their Facebook page was recently removed too.

Founder & CEO of Pot Mates, Hammond Potter

But the bigger issue here is kind of surprising when you first hear it: “It’s not even a matter of customer preference, a lot of people just have no idea that delivery is even legal.”

It’s pretty evident that cannabis delivery has not really gone mainstream yet. “We’ve told people about our business in the past and a common answer we get is, ‘Oh my gosh, I didn’t even know we could get cannabis delivered.’” It’s never crossed their mind that they can get cannabis delivered to their home. It’s an awareness problem. It’s a marketing problem. But it’s a good problem to have and the solution lies in outreach. Through educational content they post on social media and in their blog, Khajavei wants to spread the word: “Hey, this is a real thing, you can get cannabis delivered.”

As the market develops and as consumers begin to key in on cannabis delivery, there’s nowhere to go but up. Especially in the age of Amazon and COVID-19 where consumers can get literally anything they can dream of delivered to their front door.

Moving forward, Pot Mates has plans to expand as soon as they can. Right now, they’re limited to Portland city limits, but there’s a massive population just outside of Portland in towns like Beaverton, Tigard and Tualatin. “We are so close to these population centers but can’t deliver to them now because of the rules. We want to work with OLCC about this and hopefully change the rules to allow us to deliver outside of the city limits,” says Khajavei. In the long term, they plan to expand out of state, with Washington on their north border being first on the docket.

To the average person, one would think launching a delivery cannabis business in the midst of a global pandemic would be a walk in the park, but Pot Mates proved it’s no easy task. As the market develops and the health crisis continues, it seems the Oregon market will react positively to the nascent delivery market, but first they need to know it is even an option.

Moving Towards Greater Competency in Cannabis Testing

By Ravi Kanipayor
No Comments

While legalization of recreational cannabis remains in a fluid state in the United States, the medical application of cannabis is gaining popularity. As such, the  diversification of  pharmaceutical and edible cannabis products will inevitably lead to increased third party testing, in accordance with Food and Drug Administration (FDA) mandates. Laboratories entering into cannabis testing, in addition to knowing the respective state mandates for testing procedures, should be aligned with Federal regulations in the food and pharmaceutical industries.

In 2010, the American Herbal Products Association (AHPA)1 established a cannabis committee with the primary objective of addressing issues related to the practices and safe use of legally-marketed cannabis and cannabis-related products. The committee issued a set of recommendations, outlining best practices for the cultivation, processing, testing and distribution of cannabis and cannabis products. The recommendations for laboratory operations sets some basic principles for those performing analysis of cannabis products. These principles, complementary to existing good laboratory practices and international standards, focus on the personnel, security, sample handling/disposal, data management and test reporting unique to laboratories analyzing cannabis samples.

As local and federal regulations continue to dictate medical and recreational cannabis use, many will venture into the business of laboratory testing to meet the demands of this industry. Thus, it is not surprising that cannabis producers, distributors and dispensaries will need competent testing facilities to provide reliable and accurate results. In addition, our understanding of cannabis from an analytical science perspective will derive from test reports received from these laboratories. Incorrect or falsified results can be costly to their business and can even lead to lawsuits when dealing with consumer products. Examples of fines and/or suspensions related to incorrect/false reporting of results have already gained coverage in news media. This sets up the need for the cannabis industry to establish standardized protocols for laboratory competency.

The international standard, ISO 17025 – ‘General requirements for the competence of testing and calibration laboratories’ – plays an important role in providing standard protocols to distinguish labs with proven quality, reliability and competency. The industry needs to rely not only on the initial accreditation received, but also on the ongoing assessment of the labs to ensure continuous competency.

Receiving accreditation involves an assessment by an International Laboratory Accreditation Cooperation (ILAC) recognized accrediting body, which ensures that laboratories have the competency, resources, personnel and have successfully implemented a sound quality management system that complies with the international standard ISO/IEC 17025:2017. This ISO standard is voluntary, but recognized and adopted globally by many industries for lab services. Cannabis companies can ensure that the test services they receive from accredited laboratories will meet the requirements of the industry, as well as the state and federal regulatory agencies. The International Organization for Standardization (ISO) is an independent, non-governmental organization with over 160 memberships of national standards bodies, and all with a unified focus on developing world-class standards for services, systems, products, testing to ensure quality, safety, efficiency and economic benefits.

ILAC is a non-profit organization made up of accreditation bodies (ABs) from various global economies. The member bodies that are signatories to the ILAC Mutual Recognition Arrangement (ILAC MRA) have been peer evaluated to demonstrate their competence. The ILAC MRA signatories, in turn, assess testing labs against the international standard, ISO/IEC 17025 and award accreditation. Accreditation is the independent evaluation of conformity assessment in accordance with the standard and related government regulations to ensure the lab carry out specific activities (called the ‘Scope’) impartially and competently. Through this process, cannabis industry stakeholders and end users can have confidence in the test results they receive from the labs.

Understanding the principles of accreditation and conformity to ISO standards is the beginning of the ISO 17025 accreditation process. Similar to other areas of testing, accreditation gives cannabis testing labs global recognition such that their practices meet the highest standards in providing continuous consistency, reliability and accuracy.

Many government agencies (state and federal) in the US and around the world are mandating cannabis testing laboratories to seek accreditation to ISO/IEC 17025:2017, in an effort to standardize their practice and provide the industry with needed assurance. Conformance with the standard enables labs to demonstrate their competency in generating reliable results, thereby providing assurance to those who hire their services.

Testing of cannabis can be very demanding and challenging given that state and federal regulations require that the performance and quality of the testing activities must provide consistent, reliable and accurate results. Hence, labs deciding to set up cannabis testing will have to take extra care in setting up a laboratory facility, acquiring all necessary and appropriate testing equipment, hiring qualified and experience staff and developing and implementing test methods to ensure the process, sample throughput, data integrity and generated output are continuously reliable, accurate and meet the need of the clients and requirements of the regulatory bodies. This demands the lab to establish and implement very sound quality assurance program, good laboratory practices and a quality management system (QMS).

Some expected challenges are:

  1. Standardization of test methods and protocols
    1. Since there is no federal guidance in standardization of test methods and protocols for cannabis testing in US, it is challenging for laboratories to research and validate other similar, established methods and gain approval from the local and state authorities.
  2. Facility
    1. Cannabis testing activities must be physically isolated from other testing activities for those labs conducting business in other areas of testing such as environment, food, mining, etc.
    2. Microbiological testing requires additional physical isolation within the testing facility, maintaining sterility of the environment, test area and test equipment.
  3. Equipment
    1. The test equipment such as Chromatographs (GC/LC), Spectrometers (ICP-MS, ICP-OES, UV-Vis), and other essential analytical instruments must meet the specifications required to detect and quantify and statistically justify the test parameters at the stipulated concentration levels. That means the limit of detection and limit of quantitation of each parameter must be well below the regulatory limits and the results are statistically sound.
    2. Calibration, maintenance and operation of analytical equipment must be appropriate to produce results traceable to international standards such as International System of Units and National Institute of Standards and Technology (SI and NIST).
  4. Staff
    1. The qualification and experience of the staff should ensure standard test methods are implemented and verified to meet the specifications.
    2. They should have a sound understanding of the QA/QC protocols and effective implementation of a quality management system which conforms to ISO/IEC 17025:2017 standard.
    3. Staff should be properly trained in all standard operating procedures (SOPs) and receiving schedule re-training as needed. Training should be accurately documented.
  5. QMS
    1. The QMS should not only meet the requirements of ISO 17025, but also be appropriate to the scope of the laboratory activities. Such a system must be planned, implemented, verified and continuously improved to ensure effectiveness.

Finally, stakeholders should seek expert advice in establishing a cannabis testing lab prior to initiating the accreditation. This can be achieved through a cyclic PLAN-DO-CHECK-ACT process. Labs that are properly established can attain the accreditation process in as little as 3-5 months. An initial ‘Gap Analysis’ can be extremely helpful in this matter.

IAS, an ILAC MRA signatory and international accrediting body based in California is one such organization that provides training programs for those interested in attaining accreditation to ISO/IEC 17025:2017. It is a nonprofit, public-benefit corporation that has been providing accreditation services since 1975. IAS accredits a wide range of companies and organizations including governmental entities, commercial businesses, and professional associations worldwide. IAS accreditation programs are based on recognized national and international standards that ensure domestic and/or global acceptance of its accreditations.2


References

  1. American Herbal Products Association , 8630 Fenton Street, Suite 918 , Silver Spring, MD 20910 , ahpa.org.
  2. International Accreditation Services, iasonline.org.

Processes, Protocols and Layers of Protection: Essential Security Measures for the Medical Cannabis and Hemp Industries

By Joshua Wall
No Comments

As legalization of cannabis products from hemp to medical cannabis takes root across the U.S., there’s a growing need to understand and build good security practices. While many think of security as safeguarding assets like facilities and product, effective security does much more. It protects a business’ workers, providing them secure workplaces and incomes. Ideally, it reaches from supply chain to customers by ensuring consistently safe products.

To truly understand the value of this for a brand or for the industry as a whole, consider the opposite: the destructive effect – on a brand and on the industry at large – of unsafe or tampered product reaching customers, or of crimes occurring, just as the industry seeks to demonstrate its validity and benefits. Security is vital not only to individual farmers, processors or customers but to all who value what the industry brings to those who rely on CBD or medical cannabis products for their wellbeing.

Know the Threats.

Part of the learning process involves understanding the value of the product.Security is all about anticipating and reducing risks. These can include physical threats from natural sources – think flood, fire, tornado or crop fail – or from human threats. Human threats can arise from organized criminals, hackers, amateur thieves, vandals – or insiders.

As regulated industries, hemp and cannabis businesses also face risk of losses, which can be significant, from penalties ranging from fines to being shut down for non-compliance. While rules vary from state to state and continue to change, a disciplined approach to security is foundational to reducing risk at many levels. Rigorous operational processes must incorporate security that addresses risks at multiple points of access, transport and sale of products.

Learn the Rules.

In a rapidly evolving industry, one of the most important things producers can do is to learn. Security requirements vary by region and providers need to be aware of what is available. Get to know your state, local and federal resources for your operating area. California law, for example, specifies use of high-resolution video surveillance in dispensaries, while others do not.

Joshua Wall, Chief Operating Officer at Harvest Connect LLC

Part of the learning process involves understanding the value of the product. With medicinal cannabis, it’s helpful to grasp both its commodity value and the street value that could make it attractive to thieves. In “Why Marijuana Plant Value is So Important for Adjusters,” Canadian Underwriter Magazine gave examples that indicate the size of losses that may occur in growing and processing operations:

“In the medical marijuana space, ClaimsPro has already seen losses primarily between $150,000 and $750,000. These losses, mostly on Vancouver Island, were for fire and water damage, as well as boiler machinery issues, physical damage to buildings and specialized greenhouse equipment, as well as extra expense and business interruption.”

The same article notes a claim over $20 million at another single flower greenhouse. Security needs to reflect what’s present on our premises.

Educating the community can reduce risk as well. Producers of industrial hemp may need to inform would-be thieves that what they are looking at is not street-valued product. To protect the crops, which are generally grown outdoors and do not require a full security detail, a best practice is simply posting signs on the property that say explicitly “No THC.” 

Begin with a Risk Assessment.

Security begins with a professional evaluation of site vulnerabilities, examining key weaknesses that could be exploited by attackers. These include:

  • Monitoring access to the site is a foundational principle of security.
  • Design limited access points into the facility as well as prepare for possible facility breaches with perimeter access control, technological redundancies and ballistic glass for defensive architecture measures.
  • Look at route vulnerabilities as well.
  • Hedge site risk by not limiting your operation to a single site where one incident could wipe out an entire year’s crop.

The nature of threats is always changing. A 2018 Newsweek article described the struggles of legal cannabis farmers against illegal and potentially cartel-backed and violent operations in California. While a 2020 Business Insider report described indications that legalization was prompting some cartels to leave cannabis alone and move on to fentanyl and meth. “While Mexican drug cartels made their money predominantly from marijuana in past decades, the market has somewhat dissipated with the state-level legalization of cannabis in dozens of states across the US.”

Define Levels of Risk and Access.

The best security matches spending to risk in a commonsense way. Are you more at risk from the occasional smash and grab incident or is there reason to anticipate an organized assault? As in many industries, the greatest risk often comes from employee fraud or theft. Hiring carefully, paying fairly and training staff well are important to long term security.

Iron Protection Group in a training session
Image credit: Tampa Bay Times

How will the product be moved around within the facility and beyond it – and what staff are responsible for each part of the journey? Who can enter the cultivation areas and what protocols must they follow? On site staff should be trained on what to look for if they observe a security breach. Consider biometrics such as retinal scans, fingerprint scans or similar.

In cases where valuable product or cash is present, guards can play an important role. Harvest Connect uses only high-level former military or police officers in these roles, an approach recognized by many. Hunter Garth of Iron Protection Group notes they have “the ability to de-escalate a potentially harmful situation and the fortitude to see a mission through to completion, no matter what external circumstances may arise.”

Inventory and Transaction Controls

Inside threats from sloppy processes can be just as insidious as attacks. Poor tracking of inventory by Oregon’s legal cannabis producers made headlines in 2018 as The Oregonian reported, “U.S. Attorney Billy Williams told a large gathering that included Gov. Kate Brown, law enforcement officials and representatives of the cannabis industry that Oregon has an ‘identifiable and formidable overproduction and diversion problem.’’ Discipline, applied by state pressure but carried out by producers themselves, has begun to reduce the diversion of untracked product into the black market a year later.

Cannabis businesses need a professional approach to monitoring all product and money that moves through its systems. These operational processes can include time, date and attendance stamps on all inventory. Similarly, accounting systems and software must follow the highest professional standards. Lastly, when breaches occur, it is essential that fraud and theft are caught, eliminated and prosecuted as appropriate.

Nurturing an Emerging Industry

Security resources are an integral part of maintaining the integrity of a business’ supply chain. As the product moves from the fields to processing centers to consumers, purity assurance becomes an operational objective. Ultimately, protecting the product through secure and professional practices is the optimal way to serve customers, build a brand, and sustain the industry.

Best Practices for Workforce Reduction

By Conor Dale
No Comments

Due to anticipated contractions in the industry and concerns over a potential nationwide recession, cannabis industry employers may be planning on implementing large scale reduction in force (RIF) layoffs or employee furloughs to reduce payroll. While RIFs can provide business-saving cost reductions, they can subject an employer to substantial potential legal liability, including but not limited to class action lawsuits and enforcement actions from state and federal agencies. Understanding and addressing potential legal pitfalls before implementing an RIF can help in materially limiting an employer’s potential legal exposure.

Employers should first consider potential cost saving alternatives to implementing mass employee layoffs. Such steps can include reducing the salaries and/or work hours for current employees, temporarily freezing company operations for limited periods, or placing non-critical positions in a limited paid leave of absence at reduced wages. While each of these steps bear their own risks, they may assist in avoiding mass employee layoffs.

Next, federal law and the laws of certain states require employers to provide written notice to employees and local governments at least 60 days before implementing mass layoffs. For example, under the federal Work Adjustment and Retraining Notification (WARN) Act, an employer must generally provide a written notice to employees regarding an impending reduction in force when it: (1) permanently or temporarily shuts down a worksite which results in an employment loss of 50 or more employees; (2) lays off between 50 to 499 workers at a single worksite when such layoffs constitute at least 33% of the employer’s workforce; (3) lays off at least 500 employees within a 30 day period; (4) implements a wide scale temporary layoff of more than 6 months; or (5) reduces the work hours of 50 or more employees by at least 50% during each month of any six month period. Please note that the WARN Act aggregates layoffs over 90 days; thus, an employer conducting a series of smaller layoffs may still need to provide employees with a WARN notice. An employer who fails to provide a required notice could owe each impacted employee up to 60 days’ back pay, which includes but is not limited to the cost of potential employment benefits.

An employer should also take steps to limit potential discrimination claims based on an RIF. It is illegal for an employer to select an employee for layoff because of their protected characteristics, including but not limited to race, religion, gender or age. The primary defense to such a discrimination lawsuit is to prove the legitimate, nondiscriminatory reason for the layoff decision. As a result, employers are strongly encouraged to create a formal RIF plan which documents the legitimate reasons for layoff decisions. The RIF plan should expressly articulate the cost-saving grounds for the RIF and the goals to be achieved by its implementation; these grounds and goals should be the sole reason for any subsequent layoff decision.

Employers are strongly encouraged to consult with legal counsel before implementing an RIFFor example, an employer should identify all necessary positions and employee skills needed for a company’s current and future business operations in order to identify non-essential positions that may be subject to position eliminations or layoffs. Similarly, employers should create standards to select employees for a RIF when multiple employees hold the same or similar jobs. These standards commonly include considering employees’ education, skills, unique knowledge, previous job performance and seniority. Most importantly, an employer should make actual layoff decisions that are consistent with its articulated RIF plans; under both state and federal law, a termination decision that is inconsistent with or contradictory to the articulated reasons for a layoff decision may provide an employee with considerable evidence that that his or her termination was at least partly motivated by their protected characteristics.

Even when making and implementing a reduction in force plan based solely on legitimate business reasons, employers must be aware of the adverse impact those decisions have on certain groups of employees. It is illegal for an employer to implement policies and practices that are facially neutral but have an unintentional discriminatory effect on protected groups of employees if those policies and practices are not job related or required by business necessity. Before implementing an RIF, employers are strongly encouraged to perform a statistical analysis of the protected characteristics of individuals selected for layoffs to determine whether they are being selected for layoffs at a significantly higher rate than other employees. If an employer does discover that certain groups are being selected for layoffs at a disproportionate rate, an employer should review its layoff decisions to confirm that these decisions are in fact required by business necessity.

Finally, employers will commonly provide severance packages to laid off employees to assist in their transition to other employment. A key factor in these packages is an employee providing an employer with a full release of potential legal claims in exchange for a severance payment. Employers are strongly encouraged to ensure that they obtain full and complete legal releases in any severance agreements they provide. For example, under California law, an employee can only provide a full and complete release of legal claims when a separation agreement specifically cites and waives a specific provision of California’s civil code. Additionally, an employer cannot obtain a legal release of federal age discrimination claims when it offers a separation package to multiple employees over 40 during an RIF program unless it provides specific information regarding the job positions and ages of employees who were and were not selected for layoffs.

While a reduction in force layoff program may help ensure a business’ survival, employers are strongly encouraged to consult with legal counsel before implementing an RIF to detect and avoid potential future legal claims.

Soapbox

Cannabis Growers and Distributors: Your Cyber Risk is Growing Like Weeds

By Emily Selck
No Comments

Cannabis growers and distributors are “green” when it comes to cyber security. Unaware of the real risks, cannabis businesses consistently fall short of instituting some of the most basic cybersecurity protections, leaving them increasingly vulnerable to a cyber-attack.

Cannabis businesses are especially attractive to hackers because of the vast amount of personally identifiable and protected health information they’re required to collect as well as the crop trade secrets they store. With businesses growing by leaps and bounds, and more and more Americans and Canadians purchasing cannabis, cybercriminals are likely to increase their attacks on the North American market in the coming year. Arm your cannabis business with the following best practices for growers and distributors.

Distributor Risk = A Customer’s PII

Cyber risk is the greatest for cannabis distributors, required to collect personal identifiable information (PII), including driver’s licenses, credit cards, medical history and insurance information from patients. State regulatory oversight further compounds the distributor’s risk of cyber-attack. If you’re a cannabis distributor, you’ll want to make sure to:

  • Know where you retain buyer information, and understand how it can potentially be breached. Are you scanning driver’s licenses into a database, or retaining paper files? Are you keeping them in a secure area off site, or on a protected network? Make sure a member of your management team is maintaining compliance with HIPAA and state statutes and requirements for cannabis distribution.
  • Institute strong employee oversight rules. Every employee does not have to have access to every sale, or your entire database of proprietary customer information. Delegate jobs behind the sales desk. Give each employee the access they need to do their job – and that’s it.
  • Distributors have to protect grower’s R&D information too. Most cannabis distributors have access to their grower’s proprietary R&D information so they can help customers understand which products are best for different medical symptoms/needs. Make sure your employees don’t reveal too much to put your suppliers in potential risk of cyberattack.

Grower Risk = Crop Trade Secrets

For cannabis growers, the risk is specific to crop trade secrets, research and development (R&D). If you’re a cannabis grower, you’ll want to:

  • Secure your R&D process. If you’ve created a cannabis formula that reduces anxiety or pain or boosts energy, these “recipes” are your competitive advantage – your intellectual property. Consider the way you store information behind the R&D of your cannabis crops. Do you store it on electronic file, or a computer desktop? What type of credentials do people need to access it? Other industries will use a third party cloud service to store their R&D information, but with cannabis businesses that’s typically not the case. Instead, many growers maintain their own servers because they feel this risk is so great, and because their business is growing so fast, there are not yet on the cloud.
  • Limit the number of people with access to your “secret sauce.” When workers are harvesting crop, or you’re renting land from farmers and planting on it, make sure to keep proprietary information in the hands of just the few who need it – and no one else. This is especially important when sharing details with third party vendors.

Cyber coverage is now ripe for picking

Although cannabis businesses are hard to insure – for just about every type of risk – cyber insurance options for cannabis companies have recently expanded, and come down in price. If you’ve looked for cyber coverage in the past and were previously unable to secure it, now is the time to revisit the market.

Know that cyber policy underwriters will do additional due diligence, going beyond the typical policy application, and ask about the types of proprietary information you collect from customers, as well as how you store and access it at a later date. Have this knowledge at your fingertips, and be ready to talk to underwriters about it when you’re bidding for a new policy – and at renewal time.

Fungal Monitoring: An Upstream Approach to Testing Requirements

By Bernie Lorenz, PhD
1 Comment

Mold is ubiquitous in nature and can be found everywhere.1 Cannabis growers know this all too well – the cannabis plant, by nature, is an extremely mold-susceptible crop, and growers battle it constantly.

Of course, managing mold doesn’t mean eradicating mold entirely – that’s impossible. Instead, cultivation professionals must work to minimize the amount of mold to the point where plants can thrive, and finished products are safe for consumption.

Let’s begin with that end in mind – a healthy plant, grown, cured and packaged for sale. In a growing number of states, there’s a hurdle to clear before the product can be sold to consumers – state-mandated testing.

So how do you ensure that the product clears the testing process within guidelines for mold? And what tools can be employed in biological warfare?

Mold: At Home in Cannabis Plants

It helps to first understand how the cannabis plant becomes an optimal environment.

The cannabis flower was designed to capture pollen floating in the air or brought by a pollinating insect.

Photo credit: Steep Hill- a petri dish of mold growth from tested cannabis

Once a mold spore has landed in a flower, the spore will begin to grow. The flower will continue to grow as well, and eventually, encapsulate the mold. Once the mold is growing in the middle of the flower, there is no way to get rid of it without damaging the flower.

A Name with Many Varieties

The types of spores found in or around a plant can make or break whether mold will end with bad product.

Aspergillus for example, is a mold that can produce mycotoxins, which are toxic to humans2. For this reason, California has mandatory testing3for certain aspergillus molds.

Another example, Basidiospores, are found outside, in the air. These are spores released from mushrooms and have no adverse effects on cannabis or a cannabis cultivation facility.

Fungi like powdery mildew and botrytis (PM and Bud Rot) typically release spores in the air before they are physically noticed on plants. Mold spores like these can survive from one harvest to the next – they can be suspended in the air for hours and be viable for years.

How Mold Travels

Different types of spores – the reproductive parts of mold – get released from different types of mold. Similar to plants and animals, mold reproduces when resources are deemed sufficient.

The opposite is also true that if the mold is under enough stress, such as a depleting nutrient source, it can be forced into reproduction to save itself.4

In the end, mold spores are released naturally into the air for many reasons, including physical manipulation of a plant, which, of course, is an unavoidable task in a cultivation facility.5

Trimming Areas: A Grow’s Highest Risk for Mold

Because of the almost-constant physical manipulation of plants that happen inside its walls, a grow’s trimming areas typically have the highest spore counts. Even the cleanest of plants will release spores during trimming.

Best practices include quality control protocols while trimming

These rooms also have the highest risk for cross contamination, since frequently, growers dry flower in the same room as they trim. Plus, because trimming can be labor intensive, with a large number of people entering and leaving the space regularly, spores are brought in and pushed out and into another space.

The Battle Against Mold

The prevalence and ubiquitous nature of mold in a cannabis facility means that the fight against it must be smart, and it must be thorough.

By incorporating an upstream approach to facility biosecurity, cultivators can protect themselves against testing failures and profit losses.

Biosecurity must be all encompassing, including everything from standard operating procedures and proper environmental controls, to fresh air exchange and surface sanitation/disinfection.

One of the most effective tactics in an upstream biosecurity effort is fungal monitoring.

Ways to Monitor Mold

Determining the load or amount of mold that is in a facility is and always will be common practice. This occurs in a few ways.

Post-harvest testing is in place to ensure the safety of consumers, but during the growing process, is typically done using “scouting reports.” A scouting report is a human report: when personnel physically inspect all or a portion of the crop. A human report, unfortunately, can lead to human error, and this often doesn’t give a robust view of the facility mold picture.

Another tool is agar plates. These petri dishes can be opened and set in areas suspected to have mold. Air moves past the plate and the mold spores that are viable land on the dishes. However, this process is time intensive, and still doesn’t give a complete picture.

Alternatively, growers can use spore traps to monitor for mold.

Spore traps draw a known volume of air through a cassette.The inside of the cassette is designed to force the air toward a sticky surface, which is capable of capturing spores and other materials. The cassette is sent to a laboratory for analysis, where they will physically count and identify what was captured using a microscope.

Spore trap results can show the entire picture of a facility’s mold concerns. This tool is also fast, able to be read on your own or sent to a third party for quick and unbiased review. The information yielded is a useful indicator for mold load and which types are prevalent in the facility.

Spore Trap Results: A Story Told

What’s going on inside of a facility has a direct correlation to what’s happening outside, since facility air comes infromthe outside. Thus, spore traps are most effective when you compare a trap inside with one set outside.

When comparing the two, you can see what the plants are doing, view propagating mold, and understand which of the spore types are only found inside.

Similar to its use in homes and businesses for human health purposes, monitoring can indicate the location of mold growth in a particular area within a facility.

These counts can be used to determine the efficacy of cleaning and disinfecting a space, or to find water leaks or areas that are consistently wet (mold will grow quickly and produce spores in these areas).

Using Spore Traps to See Seasonality Changes, Learn CCPs

Utilizing spore traps for regular, facility-wide mold monitoring is advantageous for many reasons.

One example: Traps can help determine critical control points (CCP) for mold.

What does this look like? If the spore count is two times higher than usual, mitigating action needs to take place. Integrated Pest Management (IPM) strategies like cleaning and disinfecting the space, or spraying a fungicide, are needed to bring the spore count down to its baseline.

For example, most facilities will see a spike in spore counts during the times of initial flower production/formation (weeks two to three of the flower cycle).

Seasonal trends can be determined, as well, since summer heat and rain will increase the mold load while winter cold may minimize it.

Using Fungal Monitoring in an IPM Strategy

Fungal monitoring – especially using a spore trap – is a critical upstream step in a successful IPM strategy. But it’s not the only step. In fact, there are five:

  • Identify/Monitor… Using a spore trap.
  • Evaluate…Spore trap results will indicate if an action is needed. Elevated spore counts will be the action threshold, but it can also depend on the type of spores found.
  • Prevention…Avoiding mold on plants using quality disinfection protocols as often as possible.
  • Action…What will be done to remedy the presence of mold? Examples include adding disinfection protocols, applying a fungicide, increasing air exchanges, and adding a HEPA filter.
  • Monitor…Constant monitoring is key. More eyes monitoring is better, and will help find Critical Control Points.

Each step must be followed to succeed in the battle against mold.

Of course, in the battle, there may be losses. If you experience a failed mandatory product testing result, use the data from the failure to fix your facility and improve for the future.

The data can be used to determine efficacy of standard operating procedures, action thresholds, and other appropriate actions. Plus, you can add a spore trap analysis for pre- and post- disinfection protocols, showing whether the space was really cleaned and disinfected after application. This will also tell you whether your products are working.

Leveraging all of the tools available will ensure a safe, clean cannabis product for consumers.


References

  1. ASTM D8219-2019: Standard Guide for Cleaning and Disinfection at a Cannabis Cultivation Center (B. Lorenz): http://www.astm.org/cgi-bin/resolver.cgi?D8219-19
  2. Mycotoxin, Aspergillus: https://www.who.int/news-room/fact-sheets/detail/mycotoxins
  3. State of California Cannabis Regulations: https://cannabis.ca.gov/cannabis-regulations/
  4. Asexual Sporulation in Aspergillus nidulans (Thomas H. Adams,* Jenny K. Wieser, and Jae-Hyuk Yu):  https://pdfs.semanticscholar.org/7eb1/05e73d77ef251f44a2ae91d0595e85c3445e.pdf?_ga=2.38699363.1960083875.1568395121-721294556.1562683339
  5. ASTM standard “Assessment of fungal growth in buildings” Miller, J. D., et al., “Air Sampling Results in Relation to Extent of Fungal Colonization of Building Materials in Some Water Damaged Buildings,” Indoor Air, Vol 10, 2000, pp. 146–151.
  6. Zefon Air O Cell Cassettes: https://www.zefon.com/iaq-sampling-cassettes

Top 5 Cybersecurity Threats To The Cannabis Industry

By Lalé Bonner
No Comments

Is your cannabis business an attractive target for cyber criminals? With the influx of investment to this market and new businesses opening frequently throughout the United States, the legal cannabis industry is a prime target for cyber criminals.

Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.Cannabis industry hackers pick their targets by vulnerability, exploiting consumer or patient data to darknet black markets and forums. The impact can be devastating to both the business and their consumers. With new laws on protecting consumer and patient data on the horizon, businesses that do not adequately protect that data, could face stiff fines, in addition to losing the trust of their customers.

So, how do these attacks present themselves? Recent studies implicate employees as the “weakest link” in the cybersecurity chain due to a lack of cybersecurity best practices and training. Implementing safeguards and providing employee training is imperative to the cybersecurity health of your business.

Now, let’s identify the top 5 cybersecurity threats to the cannabis industry and some valuable tips for protecting against these criminal hacks:

PhishingPhishing is a form of cyber-attack, typically disguised as an official email from a trustworthy entity, attempting to dupe the recipient into revealing confidential information or downloading malware. Don’t take the bait! 91 percent of cyber-attacks start as phishing scams, with most of these lures being cast through fraudulent emails.

  • Tips: Do not download attachments from unknown senders!
  • Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.

Password ManagementPassword complexity is key to protecting against cyber breaches. When it comes to data hacking, 81 percent of breaches are caused by stolen or weak passwords. With a password often being the only barrier between you and a data breach, creating a complex password will dramatically decrease those password-sniffers from obtaining your sensitive information.

  • Tips: Create passwords that are at least 12 characters in length – include letters, numbers and symbols (*$%^!), and never use a default password. This will fend off brute-force attacks.
  • Change passwords every six months to a year, keeping them complicated and protected. For IT Managers, make using a password manager mandatory for all employees. (Pro-tip: LastPass is free).Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.

Public Wi-FiBeing able to connect in public spaces, while a modern marvel of convenience, leaves us wide open to cyber-attacks. Whether you are in an airport or café, always err on the side of caution.

  • Tips: Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.
  • Browse in a “private” or “incognito” window to avoid saving information. If you have a VPN, use it. If not, then do not handle any sensitive data.

BYOD: Beware of Bad Apps: Using personal devices for work has become the norm. In fact, approximately 74 percent of businesses have bring-your-own-device (BYOD) policies or plans to adopt in the future.

With these platforms providing greater access to mobile apps, comes greater responsibility on the part of the end user.

  • Tips: Password protect devices that will be used for work (and, any device in general).
  • Only download applications from a trusted, authorized app store. Do not use untrusted play apps.
  • Mobile device protection is recommended for any device being used on a business network.

Whether it is an app from an unauthorized website or a lost/stolen device that was not password protected, cyber criminals do not need much to compromise critical data.Avoid logging into a SaaS application on a public computer or public Wi-Fi network.

SaaS Selectively: Keep Sensitive Data Safe: SaaS (Software As A Service) are cloud-based software solutions and chances are you are using one of these SaaS solutions for work purposes. IT is typically responsible for implementing security controls for SaaS applications, but ultimate responsibility falls on IT and the end user jointly. Here is what you can do to help keep these solutions safe:

  • Tips: Avoid logging into a SaaS application on a public computer or public Wi-Fi network.
  • Never share your SaaS login credentials with unauthorized persons over digital format or in person. Lastly, if you need to step away, always lock your screen during an active session.

While these tips will help keep your consumer/patient data from falling into the wrong hands, always have a plan B- backup plan! Your plan B must incorporate saving important data to a backup drive daily. Most likely, there is already a backup protocol in place for your mission-critical work data; however, for sanity’s sake, back up your BYOD devices as well.

Soapbox

ERP’s Role in Ensuring Traceability & Compliance in the Cannabis Market

By Daniel Erickson
No Comments

Recent trends in the cannabis space and media headlines reveal the challenges and complexities of the evolving cannabis industry with regard to traceability and compliance. Keeping abreast of the evolving state of legislative requirements is complex and requires effective procedures to ensure your business will flourish. At the forefront is the need to provide complete seed-to-sale traceability from the cannabis plant to the consumer, increasing the demand for effective tracking and reporting technologies to assure cultivators, manufacturers, processors and dispensaries are able to meet regulatory compliance requirements. An enterprise resource planning (ERP) solution offers a business management solution designed to integrate all aspects from the greenhouse and growing to inventory, recipe/formulation, production, quality and sales, providing complete traceability to meet compliance regulations.

The main force driving cannabusinesses’ adoption of strict traceability and secure systems to monitor the growth, production and distribution of cannabis is the Cole Memorandum of 2013 issued by former US Deputy Attorney General James Cole. The document was designed to prevent the distribution of cannabis to minors, as well as prevent marijuana revenue from being used for criminal enterprises. Due to the non-legal status of cannabis on the federal level, the memo provides guidance for states whose voters have passed legislation permitting recreational or medical cannabis use. If states institute procedures for transparent inventory control and tracking documentation, the memo indicates that the federal government will refrain from interference and/or prosecution. Despite the Trump administration rescinding the memo in early 2018, companies have largely continued to follow its guidelines in an attempt to avoid targeted enforcement of federal law. Local government reporting is a primary reason for strict inventory control, necessitating reliable traceability documentation of the chain-of-custody. 

Process metrics within an ERP solution are essential in providing the accountability necessary to meet required cannabis compliance initiatives. With a centralized, streamlined and secure system, each process becomes documented and repeatable – enabling best practices to provide an audit trail for accountability in all cannabis activities. Whether cultivating, extracting, manufacturing or dispensing cannabis, an ERP’s functionality assists with compliance demands to manage and support traceability and other state-level requirements.

An ERP solution solves the traceability and compliance issues faced by the industry by providing inventory control management and best practices that automates track and trace record keeping from seed to consumer. Growers are also implementing cultivation management solutions within their ERP and highly secure plant identification methods to mobilize greenhouse and inventory to support real-time tracking. Monitoring the loss of inventory due to damage, shrinkage, accidentally or purposeful destruction is efficiently documented to assure that inventory is accounted for. Similar to other process manufacturing industries, it is possible to produce tainted or unsafe products, therefore an ERP solution that supports product recall capabilities is fundamental. With a centralized framework for forward and backward lot, serial and plant ID tracking, the solution streamlines supply chain and inventory transactions to further ensure compliance-driven track and trace record keeping is met.

Local government reporting is a primary reason for strict inventory control, necessitating reliable traceability documentation of the chain-of-custody. Data regarding inventory audit and inspection details, complete with any discrepancies, must be reported to a states’ seed-to-sale tracking system to conform with legal requirements. An ERP utilizes cGMP best practices and reporting as safeguards to keep your company from violating compliance regulations. Failure to complete audits and meet reporting guidelines can be detrimental to your bottom line and lead to criminal penalties or a loss of license from a variety of entities including state regulators, auditors and law enforcement agencies. A comprehensive ERP solution integrates with the state-administered traceability systems more easily and reliably as compared to manual or stand-alone systems – saving time, money and detriment resulting from non-compliance.

Similar to other food and beverage manufacturers, the growing market for cannabis edibles can benefit from employing an ERP system to handle compliance with food safety initiatives – encompassing current and future requirements. Producers of cannabis-infused products for recreational and medicinal use are pursuing Global Food Safety Initiative (GFSI) certification, employing food safety professionals and implementing comprehensive food safety practices–taking advantage of ERP functionality and processes currently in place in similarly FDA regulated industries.

As legalization continues and reporting regulations standardize, dynamic cannabis ERP solutions for growers, processors and dispensaries will evolve to meet the demands and allow for operations to grow profitably.In addition to lot, serial and plant ID tracking, tracing a product back to the strain is equally important. An ERP can efficiently trace a cannabis strain from seedling through the final product, monitoring its genealogy, ongoing clone potency, CBD and THC content ratios and other attributes. The health, weight and required growing conditions of each individual plant or group of plants in the growing stages may be recorded throughout the plant’s lifecycle. In addition, unique plant identification regarding the performance of a particular strain or variety, how it was received by the market and other critical elements are tracked within ERP system. This tracking of particular strains assists with compliance-focused labeling and determining the specific market for selling and distribution of cannabis products.

Collecting, maintaining and accessing traceability and compliance data in a centralized ERP system is significant, but ensuring that information is safe from theft or corruption is imperative as well. An ERP solution with a secure platform that employs automated backups and redundancy plans is essential as it uses best practices to ensure proper procedures are followed within the company. User-based role permissions provide secure accessibility restricted to those with proper authorization. This level of security allows for monitoring and recording of processes and transactions throughout the growing stages, production and distribution; ensuring accountability and proper procedures are being followed. Investing in an ERP solution that implements this level of security aids companies in their data assurance measures and provides proper audit trails to meet regulations.

In this ever-changing industry, regulatory compliance is being met by cannabusinesses through the implementation of an ERP solution designed for the cannabis industry. Industry-specific ERP provides functionality to manage critical business metrics, inventory control, local and state reporting and record keeping, and data security ensuring complete seed-to-sale traceability while offering an integrated business management solution that supports growth and competitive advantage in the marketplace. As legalization continues and reporting regulations standardize, dynamic cannabis ERP solutions for growers, processors and dispensaries will evolve to meet the demands and allow for operations to grow profitably.