Jon Nakapalau, CHSO, CPO
Biopharmaceutical Access Levels
Biopharmaceutical companies differ from other physical security environments (PSEs) due to the nature of the threats specific to the industry.
Security personnel must be able to proactively identify these threats in order to protect both people and property. Due to the nature of the threats this can only be done by establishing clear SOP's that have been collaboratively established.
The first step in development of a security operation should be to conduct a thorough SVA using a
phased approach.
Security Vulnerability Assessment
(SVA)
Phase #1: divide the company into
common/restricted areas
Common Areas: Cafeteria Mail room Meeting rooms Lobby Break areas Supply closets Library/reading room Picnic area Restrooms
Restricted Areas: Labs Note book room S&R Legal HR Engineering department (tools/supplies) IT Hazardous waste collection points Offices
Access levels are based on
need…not convenience!
Access levels should always be “echeloned up” with each higher
level requiring more and more strident review.
Does the person who has access to the
area understand the potential dangers of
the area?
Examples:
Common Access Levels (CAL’s) are given to anyone who works at the company.
LEVEL 1 Common Access (L1CA)Common Access to a single building
LEVEL 2 Common Access (L2CA)Common access to several buildings
LEVEL 3 Common Access (L3CA)Common Access to all buildings
This is also known as “branch” access (the branch of a tree)
Examples:
Restricted Access Levels: (RAC’s)
RAC’s are areas that require additional levels of access due to the nature of what is being done there. It is very
important to make sure that each RAC has a point of contact (POC) that can sign in order to maintain control over
the area.
CHEMESTRY LAB: (CLRAC)
RAC’s are leaves on a branch; just because you have access to the branch
(hallway) does not mean you have access to all leaves (rooms).
CAL computer entry: Name of employee is followed
by CAL in parenthesis.
This allows security personnel the ability to cross-reference the CAL in real time.
Example: We can see that John Doe has
been given L1CA access.
If John Doe uses his access card on any other building security personnel will be able to “track” the situation.
Doe, John (L1CA)
RAC computer entry: RAC access level includes the
CAL access level (branch) that leads to the area (leaf).
RAC access should be given only after sign-off by lab administration.
Example: We can see that Jane Doe has
been given CHEMESTRY LAB (CLRAC) access.
This includes L1CA access due to the fact that the chemistry lab is in L1CA.
Doe, Jane (CLRAC)
Bye!
Top Related