Rhode Island, Maryland, and Missouri Legalize Adult-Use Cannabis in 2022

By: Colene King

2022 has been another banner year for the ongoing fight to end marijuana prohibition in the United States. The list of legal states just keeps growing, with three states joining in on the movement this year. Rhode Island started off the year with signing the legislation to legalize the personal use and sale of marijuana to adults 21 and over. Then, last month’s primary election welcomed the two newest states to legalize the adult-use of marijuana for 21 and over. On November 8th voters in Arkansas, Maryland, Missouri, North Dakota, and South Dakota took to the polls to decide on their state’s future of legal cannabis for adults. Of the 5 states, 2 of them passed the initiative! We would like to congratulate the residents of Rhode Island, Maryland, and Missouri on becoming the 19th , 20th , and 21st states to legalize adult-use marijuana in the US. 2022 has shown great progress for our country’s future of legal marijuana for all Americans.  

Rhode Island kicked off the year with signing the legalization legislation in May, seeing their first adult-use cannabis sales on December 1st. Nearly 85% of the municipalities in the small state opted in for legal sales, one of the highest in the country. ‘The Ocean State’ is projected to see $80 million in sales within the first year and $300 million by their fourth year. (Casacchia, 2022)

Maryland passed the referendum with 66% of voters in support of legalization. Voters were asked a simple question on their November 8th ballot “Do you favor the legalization of the use of cannabis by an individual who is at least 21 years of age on or after July 1st, 2023, in the state of Maryland?” (Jaeger, 2022) Beginning July 1st of 2023, Marylanders who are 21 and over will legally be able to consume, possess, and grow marijuana. The state is projected to generate as much as $600 million in its first year as a legal market and possibly reaching $1 billion by its fourth year. (Roberts, 2022)

In Missouri, the bill passed with a much closer margin, 53% to 47% in favor of legalization. This makes the ‘Show-Me State’ the 21st state to legalize cannabis. Some projections suggest sales could reach as high as $550 million in the first year, and potentially as high as $800 million – $900 million by the fourth year. (MJBizDaily Staff, 2022) Beginning December 8th, existing cannabis companies can start applying to switch their business to adult-use. The applications must be reviewed and responded to within sixty days of submission in accordance with legislation. In short,  Missouri could log their first adult-use marijuana sales as early as February of 2023.

Before any state can start selling the product to the public, they have to build a regulated market. Sometimes, creating these regulations can take years for states to agree upon; sometimes, it will only take a few months. The deciding factor is dependent upon how motivated the state is to begin receiving tax revenue from legal sales.

One of the highest priority items for any cannabis operator to consider is ‘how to secure an establishment. Every state requires the creation, adaptation, installation, and maintenance of a security plan: protecting staff & customers as well as securing product & cash are of the utmost importance.

A security plan should:

  • Detect, delay, and deter burglaries
  • Protect employees, customers, product, equipment, and cash
  • Protect against natural disasters
  • Deter against theft of cash and product
  • Prevent internal diversion
  • Be scalable – able to expand with the business

We offer many solutions to help safeguard an operation from potential loss of assets: Bullet rated glass, modular vaults and doors, DEA compliant safes and cages, cash management systems, just to name a few. 

The legalization of marijuana is widely gaining momentum across the country. The majority of Americans are in agreement. According to a study done by Pew Research Center in October, 88% of Americans believe that marijuana should be legal for medical and recreational use by adults (59%) or that it should be legal for medical use only (30%). (GREEN, 2022) This means that only 1 in 10 Americans believe marijuana should remain illegal.

Source: Pew Research Center survey of U.S. adults conducted Oct. 10-16, 2022

Now is the opportune time to assemble your security plan. Let our experts help you. KL Security focuses on facility security – vaults, cages, cash management safes, high security safes, etc.


Sources:

https://mjbizdaily.com/rhode-island-set-to-launch-recreational-cannabis-market-thursday-dec-1/

https://www.pewresearch.org/fact-tank/2022/11/22/americans-overwhelmingly-say-marijuana-should-be-legal-for-medical-or-recreational-use/

https://www.marijuanamoment.net/maryland-voters-approve-marijuana-legalization-referendum-on-ballot/

https://mjbizdaily.com/missouri-could-begin-recreational-marijuana-sales-by-early-february/

https://mjbizdaily.com/us-marijuana-election-wins-maryland-missouri-but-losses-

SCIF vs. SAPF

By: Colene King

 

SCIF and SAPF high security facilities appear identical and are used for the same function: to store, utilize, and discuss sensitive information. Their delineation occurs in their intended user.

 

 

When it comes to the construction of new SCIFs and SAPFs, there are strict guidelines that must be followed. These guidelines are laid out in the ICD 705 Technical Specifications (Tech Spec, for short). The Office of the Director of National Intelligence (ODNI) establishes the guidelines & standards set forth in the ICD 705. ODNI is responsible for the management, processing, and safeguarding of information for the United States.

 

Some of the construction items covered in the ICD 705 include:

  • Physical Security and Hardening
  • Acoustic Controls
  • Visual Controls
  • Alarms and Access Control
  • Electronic and TEMPEST Security

Prior to the roll out of the ICD 705 (2010), SCIFs and SAPFs were built with different standards and processes. When the Tech Spec came out, it created a set of mutually accepted standards to ensure the safeguarding of national security.

 

In 2004, the Department of Defense began using their own set of standards and processes for SAPFs to protect national security. The DoD followed the guidelines of a document titled JAFAN 6/9.

 

The intelligence community, on the other hand, had a different set of standards prior to the ICD 705 being released. Beyond that, each agency within the intelligence community followed their own set of standards when it came to classified information. This made it nearly impossible to repurpose a SCIF to be used by another agency. The facility would need to undergo a significant renovation to become usable by the new agency.

 

When the ICD 705 was created in 2010, each agency in the intelligence community adopted these standards. The adoption of uniform standards within the ICD 705 allowed SCIFs to be easily repurposed between agencies.

 

However, the DoD was a later adopter; it took six years for this organization to implement the Tech Specs. In 2016, the Department of Defense integrated ICD 705 into their own 5205.7 manual. This created more reciprocity between the Department of Defense and the Intelligence Community.

 

SCIFs and SAPFs are now both built to the same standards, however, some procedural standards for facility accreditation don’t align. Each facility appoints an Accrediting Official; this delegate is responsible for accrediting the space and entering the facility’s information into the national repository.

 

Although SCIFs and SAPFs aren’t identical, they are more reciprocal now than they’ve ever been. Whether you are looking for a SCIF or a SAPF, KL Security is here to help you along the way. You can trust us to stay current will any and all construction standards required to safeguard sensitive information.

 

For more information or to request a quote

Call 866-867-0306 or email [email protected]

Cannabis Facility Security Requirements for Vermont

By: Colene King


It looks like 2022 is the year Vermont may finally see the first legal sale of adult use marijuana. In 2018, the state legalized the use of marijuana for adults, but it wasn’t until 2020 that they decided to legalize the sale of it.

 

The windows to apply for operator licenses are opening up over the next several months: starting with small cultivation licenses on April 1st and ending with retail licenses opening September 1st. Existing medical marijuana dispensaries will be allowed to commence adult-use sales beginning May 1, while other retailers must wait until October. (Staff, 2022)

 

See chart for application opening dates for each type of operator:

 

All license types may apply for pre-qualification beginning on March 16th. This pre-qualification is not required for full licensure. The Cannabis Control Board is offering pre-qualification in an effort to streamline the process and to foreshadow market structure.

 

Contrary to other states, Vermont is placing a larger priority on small cannabis growers. Their hopes are to pull the underground operators out of the woodwork and integrate these illegal growers into the legal cannabis market. There are concerns that these smaller operations may not be able produce enough product to meet demands at the launch of legal sales, but the Cannabis Control Board is optimistic.

 

The Cannabis Control Board, which consists of three members, was appointed in March of 2021 with the purpose of developing regulations for Vermont’s cannabis market. The regulations regarding security measures required for each type of cannabis operation are outlined below.

 

Security Regulations for Outdoor and Mixed Cultivators:

  1. Fencing
    • Sufficient to prevent unauthorized entry
  2. Alarm system
  3. Video and photographic surveillance
    • Footage must be retained for a minimum of 30 days
    • Accurate date and time stamps on images, without obstructing images
    • Able to produce usable images in the existing lighting conditions
    • Allows for clear and certain identification of all persons or activities
    • Resolution of 1080p or great
    • Exportable and transferable to standard computing equipment
  4. Motion activated flood light
  5. Security services
    • Must be operating for no less than the three-week period preceding harvest

 

Security Regulations for Indoor and Mixed Cultivators, Manufacturers, and Wholesalers:

  1. All perimeter doors and windows must be locked
    • Only individuals with Cannabis Establishment ID card may have keys or a key equivalent
    • All perimeter doors and windows must have operational security alarms
  2. Video surveillance with continue monitoring of any space containing cannabis
    • Footage must be retained for a minimum of 30 days
    • Accurate date and time stamps on images, without obstructing images
    • Able to produce usable images in the existing lighting conditions
    • Allows for clear and certain identification of all persons or activities
    • Resolution of 1080p or great
    • Exportable and transferable to standard computing equipment

 

Security Regulations for Retailers

Retailers must meet all requirements listed above for indoor and mixed cultivators, manufacturers, and wholesalers, along with the following additional requirements:

 

  1. Alarm system
    • Standard commercial-grade alarm system
    • Installed by an expert alarm system company
  2. Video surveillance
    • Must include point-of-sales areas, entrances, exits, and any area containing cannabis
    • Video footage must be retained for at least 90 days
  3. Strict access controls to areas where Cannabis and Cannabis Product is stored or handled
  4. Employees must wear identification badges while on duty
  5. Information related to the facility security must be maintained onsite and readily accessible and make them available for inspection by the Board, if requested.

 

Though these regulations don’t specifically require anything for the storage of marijuana, we strongly encourage you to invest in a vault to protect your product as well as your cash. With sales being mostly cash based and a product that is of high value, cannabis operators become a huge target for robberies.

 

ArmorStor™ Modular Vaults & Doors

For new construction & retrofit of existing buildings. Our modular vaults offer the highest UL Security rating available at a fraction of the cost of poured concrete vaults

 

Another option to consider would be a cash management system. Whether you are concerned about cash shrinkage, inefficient cash handling or upgrading your cash-management plans, a commercial or retail cash management solution is best for you. Our smart safes offer bill validating, cash currency counting, cash management and cash recycling.

 

Smart Cash Management

Enabling retailers to gain efficiencies, reduce loss, and optimize in-store labor. All with the ability to integrate existing POS systems and video surveillance for end-to-end security.

 

Vermont’s Cannabis Control Board estimates that spending on recreational marijuana in Vermont could reach $225 million annually by 2025, which would translate to nearly $46 million in new state taxes. (Goldstein, 2021) If the Green Mountain State produces marijuana half as good as their maple syrup, Vermonters are in for a real treat.

 

Now is the opportune time to get your security plan together. Let us help you. KL Security focuses on facility security – vaults, cages, camera systems, cash management safes, high security safes, etc. 

 

Sources:

https://mjbizdaily.com/small-marijuana-cultivators-could-cause-supply-issues-in-vermont-adult-use-market/#:~:text=Vermont%20estimates%20the%20state’s%20new,in%20annual%20sales%20by%202024.&text=Recreational%20sales%20are%20expected%20to,online%20on%20or%20before%20October.

https://mjbizdaily.com/more-than-two-dozen-vermont-towns-to-allow-adult-use-marijuana-stores/

https://ccb.vermont.gov/sites/ccb/files/2021-11/Proposed%20Rule%202%20-%20Regulation%20of%20Cannabis%20Establishments.pdf

https://www.sevendaysvt.com/OffMessage/archives/2021/10/19/vermont-gears-up-for-a-225-million-marijuana-market

KL Security Partnering With Adamo For All Your SCIF Needs

By: Colene King


 

It’s always refreshing to find a company that shares the same values as your own: a company that has a customer-focused culture and pays attention to exactly what the customer has in mind. KL Security is excited to announce that we have recently partnered with Adamo, a customer-focused company that is one of the world’s leading experts in advancing the security and the construction of SCIFs.

 

Adamo began in 1962 as a design and build general contractor. By 1982, they began designing and constructing classified spaces. By the 1990s, Adamo was focusing on the high-end security market. Adamo has designed and built more than 600 projects within their 60+ years of operation. Within each project, Adamo consistently strives for excellence and meets accreditation requirements.

 

The term “SCIF” stands for:

Sensitive

Compartmented

Information

Facilities

 

SCIFs are used as a site for sensitive and confidential information to be discussed or shared. They are utilized by government and private entities to protect information. A SCIF could be a secure room or data center that shields against electronic surveillance and prevents data leakage of sensitive information.

 

There are several security concerns that need to be addressed when building a SCIF:

 

– Physical Security and Hardening

– Acoustic Controls

– Visual Controls

– Alarms and Access Controls

– Electronic and TEMPEST Security

 

Each SCIF has to be built to very specific standards. These standards are all laid out in the ICD (Intelligence Community Directive) 705 Tech Spec manual. This manual is managed and maintained by ODNI (Office of the Director of National Intelligence). ODNI is in charge of managing, processing, and safeguarding information for the entire country. The purpose of the 705 policy is to create a set of mutually accepted standards that will safeguard national security information.

 

For a great explanation of the ICD 705 and ODNI, watch Adamo’s video linked below:

 


KL Security is excited to be offering Adamo’s line of Rapid SCIFs. This is a line of predesigned 20-foot ISO shipping containers that are ready to be built to the ICD 705 standards. These Rapid SCIFs allow the customer to skip over the lengthy design process and go straight to the design approval. Rapid SCIFs are the fastest and most cost-efficient option to build a secure space ensured to meet security requirements.


Check out Adamo’s quick video below on why a Rapid SCIF could be your best option:



Below are the 5 Rapid SCIF options KL Security will be offering:

Workstations
Accommodates 1-4 workstations and include a work surface plus two (2) shielded Cat 6 network connections per workstation.
Workstations – Accommodates 1-4 workstations and includes a work surface plus two (2) shielded Cat 6 network connections per workstation.

 

 

High-Density Workstations – Accommodates 5-8 workstations and includes a work surface plus two (2) shielded Cat 6 network connections per workstation.

 

 

Server Room – Built to hold up to four server racks (24”x36”), plus one (1) IT workstation with receptacle and 1 shielded Cat 6 network connection.
Conference Room – Serves as a meeting or briefing room to hold up to 8 people (no workstations). One dry-erase display wall included. Furnishings can be included for additional fee.
Storage Containers – Serves as a secure storage room. Includes 6 electrical receptacles.

Each of these 20-foot ISO shipping containers is built to ICD 705 standards.

 

Included in each Rapid SCIF:

– Intrusion Detection System

– Access Control System

– Video Surveillance (CCTV)

– Cooling System

– Unlimited Accreditation Consulting Support



To request full details for each Rapid SCIF, click the button below.



When beginning the design process for a SCIF, there are several requirements, regulations, and government directives that must be met. Upon recognizing the need for a SCIF, knowing where to begin and how to begin can seem daunting. Adamo’s construction experience and KL Security’s client service together pair to successfully guide the project every step of the way.


Our partners are the core of our mutual success. Our foundation is built on strong relationships with our partners, leading by example, listening to the needs of clients, and getting the job done right every time.


ICD 705 Tech Specs:

https://www.dni.gov/files/Governance/IC-Tech-Specs-for-Const-and-Mgmt-of-SCIFs-v15.pdf


Cannabis Facility Security Requirements for New Jersey


By: Colene King


On February 22, 2021, New Jersey became the 14th state in the nation to legalize the recreational use of marijuana. After almost a full year, they have started accepting applications for cultivators, manufacturers, and testing labs. Within the first 4 hours of the website opening, nearly 500 individuals had applied. Applications for dispensaries won’t open up until March 15th. (Davis, 2021) Though there is still a little way to go before the first legal adult use sale, New Jersey is headed in the right direction.  Cultivators, manufacturers, and testing labs will start them off with building a supply for the retailers to sell.


When trying to obtain approval for licensure, a quality physical security plan will include specific details about all things required in the state of New Jersey. Some of these requirements will include: modular cannabis vaults, high security safes with TL15 or TL30 ratings, DEA approved cages for processing facilities, security camera systems, and cash management safes (trust us, you don’t want to hand count all of that cash).



 

Full suite of solutions from cameras to turnkey packages that can protect people, assets and speed loss prevention.

  • Protect product in-transit
  • IP Cameras Recorders
  • Remote Viewing on Smartphones
  • Access Control & License Plate Recognition

Four wall DEA secure drug cage for Schedule III, IV & V storage areas. Designed & built to DEA physical security requirements, these cages can be configured for your facility and customized to a variety of sizes and heights. Locking doors, self-closers, and access control locks tailored to your existing security systems are all possible.


The New Jersey Cannabis Regulatory Commission establishes and enforces the rules and regulations governing the licensing, cultivation, testing, selling, and purchasing of cannabis in the state.


Here is a summary of the security requirements for an adult use cannabis operation:

Each cannabis business shall provide effective controls and procedures to guard against unauthorized access to the premises or the business’s electronic systems, theft, and diversion of cannabis. Such controls may include, but are not limited to, systems to protect against electronic records tampering


Security Alarm System

  • Install and maintain in good working order to provide suitable protection against theft and diversion.
    • Immediate automatic or electronic notification system
      • Notifies cannabis business personnel or police of an unauthorized breach or failure of alarm system
    • Backup system that activates immediately when there is a loss of power.
      • Notifies personnel and authorities of power loss
    • Implement security measures that deter and prevent unauthorized access to areas containing cannabis.
    • Implement security measures that protect premises, consumers, and personnel
    • Establish a protocol for testing and maintenance of the security alarm system.
      • Conduct inspections and tests of the system at minimum every 30 days
      • Promptly implement all necessary repairs to ensure proper operation
    • In the event of a system failure due to power loss expected to last longer than 8 hours:
      • Notify the Commission
      • Provide alternate security measures or close operation until fully restored
    • Outside access to premises kept at a minimum and it is well controlled
    • Limit entry into areas where cannabis is held to authorized personnel
    • Equip interior and exterior premises with panic buttons

Video Surveillance System

  • Equip interior and exterior premises with electronic monitoring, and video cameras
    • A video surveillance system shall be installed and operated to clearly monitor all critical control activities of the cannabis business and shall be in working order and operating at all times.
      • The Commission must be provided access to remote viewing at all times
      • The system must be approved by the Commission prior to license issuance
    • Original tapes and digital pictures must be retained for at least 30 days
    • Outside area of the premises must be well-lit
      • Exterior lighting must be sufficient enough to deter criminal activity
      • Exterior lighting must be sufficient enough to facilitate surveillance
      • Reasonable effort made to not disturb surrounding businesses or neighbors
    • All entrances and exits well-lit to allow proper video surveillance
      • Include motion control sensors to protect cultivation light-dark cycles as needed
  • Provide law enforcement and neighbors within 100 feet of the cannabis business with the name and phone number of a staff member to notify during and after operating hours to whom they can report problems with the establishment.
  • The security alarm system and video surveillance system shall be continuously monitored, 24 hours a day, seven days a week.
    • May be monitored off-site

Storage

  • All cannabis items shall be stored in an enclosed indoor, locked area. Access to such area is limited to an owner, principal, employee, or volunteer of a license holder or staff members of a license holder’s management services contractor that possesses a Cannabis Business Identification Card when acting in their official capacity.

Secure Transport

  • A cannabis business shall ensure each delivery vehicle is equipped with:
    • A secure lockbox or secure cargo area, used for the sanitary and secure transport of cannabis
    • A GPS device for identifying the geographic location of the delivery vehicle
    • Functioning heating and air conditioning systems appropriate for maintain correct temperatures for storage of cannabis and cannabis products
    • Insure all vehicles in the amount of at least $1,000,000 per occurrence or accident
    • Vehicle has no markings indicating that the vehicle is used to transport cannabis
    • Vehicle’s make, model, color, vehicle identification number, license plate number, and vehicle registration available to the Commission upon request
    • Staff each delivery vehicle with at least one cannabis business staff member
      • Shall not leave cannabis items in an unattended delivery vehicle unless the vehicle is locked and equipped with an active vehicle alarm system.
      • Staff member has access to a secure form of communication with the cannabis business
      • Staff member possess their Cannabis Business Identification Card at all times
      • Before transport, staff member shall create a physical or electronic copy of the transport request
      • Only Cannabis Business Identification Card holders shall be allowed in a delivery vehicle
    • All transport of cannabis must be conducted by a person. No drones
    • Transports must be completed in a timely and efficient manor
    • Maintain a written or electronic record of each transport of cannabis. Must include:
      • Date and time of transport beginning and ending
      • Name, cannabis business ID card number, and signature of staff transporting
      • Weight of cannabis and cannabis items being transported
      • The batch number of the usable cannabis or the lot number of the cannabis product, the name of the strain/cultivar, and the form of the cannabis product
      • Signature of receiving staff member attesting to receipt of the goods
    • Report any vehicle accidents, diversions, losses, or other reportable events that occur during transport to the Commission

For the full list of rules and regulations; please follow this link: https://www.nj.gov/cannabis/documents/rules/NJAC%201730%20Personal%20Use%20Cannabis.pdf


Though New Jersey’s regulations don’t specify that a vault is required for storage. We believe it is something that any cannabis operation should strongly consider. Because there is such a huge risk storing a high valued product as well as large sums of cash on the premises, these operations can often become targets for smash-and-grabs.  Businesses are able to successfully protect product and cash due to the installation of vaults & vault doors.



Class 5-V vault doors protect contents against unauthorized entry, covert entry, and forced entry.



The adult use marijuana market in New Jersey is projected to reach $1.6 billion by 2025, the second largest market on the east coast, following New York. (Dehnam, 2022) Originally the state had set a deadline of February 22nd to begin sales, but it doesn’t look like this will happen. They may be a little behind schedule, but things are definitely moving in the right direction.


Now is the opportune time to get your security plan together. Let us help you. KL Security focuses on facility security – vaults, cages, camera systems, cash management safes, high security safes, etc. 



Sources:

https://www.nj.gov/cannabis/documents/rules/NJAC%201730%20Personal%20Use%20Cannabis.pdf

https://www.nj.gov/cannabis/businesses/personal-use/

https://mgretailer.com/business/finance-acquisitions/cannabis-revenue-forecast-for-2025-jumps-by-20-billion/

Cannabis Facility Security Requirements for New York

By: Colene King


After several years of back and forth, it has finally become a reality for New York: on March 31, 2021, the Empire State became the 15th state in the nation to legalize the adult use of marijuana. The state will now begin the process of building the cannabis market.


New York has had a slow start with the roll out of the new market, but they are hopeful the new governor will get the process back on track. The Cannabis Control Board finally has its members in place and will now begin issuing the regulations that will control the licensing process. Recently, the head of New York’s cannabis control board said she does not anticipate any licenses being issued until the spring of 2023 at the earliest. (Branfalt, 2021)

 

Though the security requirements are yet to be determined, we have a good idea of what to expect. Medical use of marijuana became legal for New York in 2014. Currently, New York’s security requirements for medical manufacturing and dispensing facilities are similar to what you would find elsewhere. 


When seeking approval for licensure, any quality physical security plan will include specific details about each individual component the State of New York will ultimately require.  Examples include, modular cannabis vaults, high security safes with TL15 or TL30 ratings, DEA approved cages for processing facilities, security camera systems and cash management safes (trust us, you don’t want to hand count all of that cash).

 


ArmorStor™ Modular Vaults & Doors
ArmorStor™ secure and reinforced rooms can be installed in existing facilities or scaled to full size in new construction. The modular panels are built up to the equivalent of 24” thick poured concrete vaults with 4 layers of rebar at a fraction of the weight and installation costs.

 

Summit Series SM1 Bill Validating Safes
With immediate view of cash activities across single or multiple locations, the ability to maximize cash flow and reduce cash shrinkage is greatly enhanced. The compact size allows the SM1 to be placed in locations where space is at a premium and still provide enough capacity to minimize the frequency of cash pickups.

 

 

Below is an outline of the known security requirements for the State of New York Medical Use Regulations :

 

 

  1. Alarms and motion detectors
    • Perimeter alarm
    • Duress Alarm – silent security alarm system signal
    • Panic Alarm – audible security alarm system signal requiring law enforcement response
    • Hold up alarm – a silent security alarm system signaling a robbery in progress
    • Motion detectors
    • Back up alarm system to detect entry when no employees are present at facility
    • Failure notification system notifying of any failures within 5 minutes
    • Automatic voice dialer or digital dialer that, when activated, sends a prerecorded message to law enforcement, public safety, or emergency services, requesting dispatch
  2. Video Surveillance
    • All areas containing marijuana, all entry and exit points, all safes and vaults, and all areas where marijuana sales take place
    • Cameras are able to capture clear and certain identification of any person entering or exiting the facility
    • 24 hour recording for all video cameras and must be retained for at least 90 days
    • Recordings available for immediate viewing at any time
    • The ability to produce a clear still photo at a minimum of 9600 dpi from any camera
    • Accurate date and time stamp on all recordings
    • Ability to remain operational through a power outage
    • Video recordings are able to be exported to an industry standard image format
    • Surveillance rooms must not be used for any other purpose
    • Keep a current list of authorized employees who have access to surveillance room
  3. Exterior of premises must be kept illuminated
    • Securely locked at all times, protected from unauthorized entry
  4. Visitor log kept of all persons that access any secured areas
    • Must include name, date, time, and purpose of the visit
    • Log must be available to the department at all times upon request
  5. Security system and equipment must be kept in a secure location.
    • System must be tested twice a year, retaining results for a minimum of 5 years
  6. Storage
    • Safes, vaults, or other approved equipment must be securely locked at all times
    • Keys, combination numbers, passwords, etc. only accessible to authorized individuals
    • Marijuana stored in a secure area at all times, accessible only to authorized employees.
  7. Transportation
    • Before transporting, a shipping manifest must be completed and transmitted to receiving destination 2 days prior to transport
      • Copy of manifest kept in vehicle during transport
      • Manifests must be retained for 5 years
    • Marijuana and products transported in a locked storage compartment not visible from outside the vehicle
    • No unnecessary stops taken along the way
    • Delivery times are randomized
    • Minimum of two employees staffing the transport vehicle, with one of them remaining in vehicle at all times while the vehicle contains marijuana.

 


There are high hopes for the marijuana market in New York. Not only is it believed to have a potential to create $350 million in annual tax revenue, but also bring along 30,000-60,000 new jobs for New Yorkers. (Bort, 2021) There is still much work to be done before the New York market is operational, but once it does, it is sure to be profitable for all cannabis licensees and other stakeholders.


The security experts here at KL Security are excited to begin the new year at CannaCon in New York City January 7th-8th at the Javits Center in downtown Manhattan.  If you’re interested in opening a cannabis facility in New York and becoming part of what is projected to be a very lucrative market, now is the perfect time to start doing research and formulating a physical security plan.  Allow us to be the experts you rely on for your security needs, so you can focus on your overall business plan.  Please take a moment to stop by booth 445 at CannaCon and start a conversation with us about your cannabis facility plans.



Sources:


https://regs.health.ny.gov/content/section-100413-security-requirements-manufacturing-and-dispensing-facilities

https://www.rollingstone.com/culture/culture-news/new-york-weed-marijuana-legalization-1148949/

https://www.ganjapreneur.com/new-york-will-not-issue-adult-use-licenses-until-2023/

Cannabis Operation Security Plan

By Colene King


It’s unmistakable; the cannabis industry is on the rise and shows no signs of slowing down. Recreational use of marijuana is now legal in 18 states, plus the District of Columbia. With states across the nation continually joining in on the legalization of recreational use for adults, business is booming and now is the time to become a part of it.


At the federal level, marijuana is classified as a Schedule 1 drug in accordance with the Controlled Substance Act. On a state level, however, regulation varies. This can make it all a bit confusing. Due to the current federal rules on cannabis, responsibility falls to the states to build the regulatory framework. Each state must develop their own rules, regulations, and guidelines associated with the production, sale, and legal use. No one knows how it will pan out if (and when) marijuana becomes legal at a federal level, but without a doubt there will still be strict regulations to follow for each state.


One of the primary concerns for those operating in the cannabis space is the high volume of cash. The banking system is regulated by federal law, causing a large number of banks to steer clear of the industry.  Additionally, some credit card companies will not allow their customers to use their cards as a form of payment at cannabis pharmacies/dispensaries. This causes the operator to accumulate large sums of cash that is often stored on the premises for a certain period of time. The high value of product paired with large sums of cash make cannabis operators a prime target for diversion and theft. Robbery disrupts business, places customers & employees in danger, and costs operators exponentially. This is merely one reason, of many, as to why having a security plan in place is incredibly crucial.


When applying for licensure, the development of a well calculated security plan is required. Since the legislation varies state and state, and sometimes even by municipality, it’s important to thoroughly research the applicable rules and regulations. Regardless of the state in which the operation resides, there will be rules regarding security.





All cannabis operations must utilize seed-to-sale tracking; this applies to all forms of businesses: craft growers, commercial growers, medicinal producers, processors, secure transporters, cannabis pharmacies, marijuana dispensaries, etc. While this process is required, it is also an excellent business practice to protect profits, ensure product quality, and grow business.


A good security plan should:


  • Deter theft of product and cash
  • Prevent internal diversion
  • Be scalable – able to grow with the business
  • Protect employees/customers, product, equipment, and cash
  • Detect, delay, and deter burglaries
  • Protect against fire and flood

KL Security is here to help along the way – from the first napkin sketch all the way to implementation. We’ve worked with cannabis operators nationwide and helped grow these businesses (both big and small).


Our Total Harvest CoverageTM offers a holistic approach to integrate security and compliance through the use of Smart Safe POS systems, and video & data analytics. This approach unlocks business growth opportunities to create competitive advantages, and maintaining compliance encourages continuous growth. 


Each aspect of a security portfolio should assist in loss prevention, improvement of operations, increasing safety, and support business goals. Kl Security along with ArmorStor™ believe that compliance and business success are one in the same.





This process can be overwhelming, but have no fear, our cannabis security experts are available to help and guide you along the way.


Annual retails sales of marijuana are projected to reach $43 billion by the year 2025 (NORML, 2021), and having an advanced security system in place is crucial to protect your business and license status.


Stay tuned for regular updates on regulations and news pertaining to cannabis.


Sources:

State-By-State Policies
Analysis: Legal Cannabis Sales Projected to Reach $43 Billion By 2025

https://public.findlaw.com/cannabis-law/starting-a-cannabis-business/marijuana-business-licenses-permits-and-planning.html

Securing Your Home Office


By Colene King

In the wake of the ongoing COVID-19 pandemic, remote operations have become common practice. Organizations embraced remote operations as a way to maintain status quo while simultaneously ‘flattening the curve’. In fact, many companies have realized that getting their employees out of the brick-and-mortar office proves to be just as productive, if not more.


In 2018, only 3.6% of the US workforce was working from home. Recent telecommuting data projects that 25-30% of the workforce will be working from home at least several days a week by the end of 2021 (GlobalWorkplaceAnalytics.com, n.d.).


Many employers have gone so far as to make remote employment a permanent option. This allows employers to expand their candidate pools and acquire talent from other locations with different backgrounds. Candidates now see the opportunity to work from home as an added bonus.


Prior to the global pandemic, companies had several misconceptions surrounding telecommuters. Organizations were worried they would see a decrease in productivity, as well as a concern for being able to keep security a priority. These misconceptions were proven to be inconsequential as our workforce adapted.


Previously held beliefs of remote workers being less productive than on-site employees have been disproven. The National Bureau of Economic Research (nber.org) discovered that employees working from home are 13% more productive than those working from an office. Additionally, employees working from home miss less days, accomplish more, and feel more productive than in a traditional work environment.


Though working from home is convenient (and more productive), it does present new security challenges. It is imperative to maintain security and confidentiality. While it’s easy to slip into a comfortable routine while working from home, it is important to follow best practices for keeping your home office secure.


Even though we live in a digital age, there will always be a need to store hard copies. It is important that physical documents are stored and disposed of
properly. Whether it be an ArmorStor™ high security rated file cabinet or a Dahle paper shredder, KL security has the best options for you.

ArmorStor™ High Security Filing Cabinets When compliance requirements dictate security, the ArmorStor™ file cabinet is the choice of healthcare, business and enterprises offices worldwide.


Dahle has just released a new line of home and small office shredders that can be purchased now through KL Security. The personal shredders are the perfect size for any home office, with a few different affordable options to best suit your needs.


The Dahle PaperSAFE® PS 100 Deskside Shredder is oil-free, hassle-free, and easy to maintain. It’s ideal for destroying financial statements, tax information, or any other confidential documents that should not be seen by others.

In regards to digital records, any great home office contains an external hard drive. KL Security also offers hard drives that are fireproof as well as water proof. Properly safeguarding your home office will also offer additional peace of mind to you and your employers.



The Solo G3, 3TB Fireproof / Waterproof External Hard Drive is not only fireproof and water proof, but can also come with a data recovery service. 1, 3, and 5 year plans available. For any loss, no matter the reason.


Many benefits accompany telecommuting: improved employee mental health, a better work life balance, lower turnover, and an overall increase in productivity. With all these benefits, it’s no wonder several companies are giving their employees the option to work in the comfort of their own home.


Let KL Security help get your home office set up today!

Call 866-867-0306 or email [email protected]


Sources

  1. https://globalworkplaceanalytics.com/telecommuting-statistics

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

SCIF Container Series | Part 9: Acoustic Protection Detail

The acoustic protection guidelines listed below are designed to protect classified conversations from being overheard outside a SCIF and not intended to protect against purposeful technical interception of audio communications. A SCIF structure and its ability to retain sound within the perimeter is rated using the Sound Transmission Class (STC).


Sound group ratings are divided into two groups: Sound Group 3 and Sound Group 4. All SCIF perimeters are designed and constructed with meeting the standards of Sound Group 3 or better in mind. Acoustic protection and perimeter construction specifications for Wall A, B, and C can be found in previous articles. 


Sound Group 3 has a STC 45 or better. In this sound group, loud speech from within the SCIF can be faintly heard but not understood outside the SCIF. To the unaided ear, normal speech is unintelligible. Sound Group 4 has a STC 50 or better. In this group, loud sounds within the SCIF can be heard with the human ear faintly or not at all outside the SCIF.

Acoustic Testing


Audio tests must be conducted to verify all acoustic protection standards are met. With approval by the AO, these tests may be instrumental or non-instrumental and the test method used must be noted in detail in the CSP. All non-instrumental tests must be approved by the AO. Only qualified personnel with training on audio testing techniques will be allowed to conduct instrumental acoustic tests.


With all doors closed, all SCIF perimeter walls and openings (air returns, doors, windows, etc.) must be tested along several points to ensure that either Sound Group 3 or 4 is met. All audio test sources must have a variable sound level output with the output frequency range including normal speech. Test speakers must be placed six feet from the test wall and four feet off the floor. As noted by Sound Group 3 and 4 respectively, audio gain of the test source must produce “loud or very loud speech”.


Instrumental testing can be performed to Noise Isolation Class (NIC) standards. These results must comply with NIC 40 for Sound Group 3 and NIC 45 for Sound Group 4.

Sound Transmission Mitigations

In most cases, SCIF perimeter construction and acoustic protection should provide the necessary protection for Sound Group 3. However, when Sound Group 3 or 4 can’t be met within the normal SCIF construction standards, there are supplemental mitigations used to protect classified discussions from being overheard.


These mitigations can include (but aren’t limited to):

  1. Structure enhancements can be used to increase the resistance of the perimeter to vibration at audio frequencies.
  2. SCIF design can include a perimeter location or stand-off distance. This prevents non-SCI-indoctrinated person(s) from traversing beyond the point where SCI discussions can be intercepted.
  3. In conjunction with an amplifier and speakers or transducers, sound masking devices can be used to generate and distribute vibrations/noise.
  4. Speakers and transducers must produce sound at a higher level than the voice conversations within the SCIF.
  5. Speakers and transducers must be placed close to or mounted on any paths that allow audio to leave the area including doors, windows, walls, vents, etc.
  6. Wires and transducers must be, to the greatest extent possible, located within the perimeter of the SCIF.
  7. During TSCM evaluations, the sound masking system will be subject to inspection.
  8. A speaker may be installed outside the SCIF if the AO determines the risk to be low and meets the following conditions:
    1. Cable exiting the SCIF must be encased within rigid conduit.
    2. Sound masking system must be subject to review during TSCM evaluations.
  9. For common walls, speakers/transducers must be placed in a location so the sound optimizes the acoustical protection.
  10. For all doors and windows, speakers/transducers must be placed close to the aperture of the window/door. The sound must be projected in a direction facing away from conversations.
  11. Once the speakers/transducers are in an optimal location, the system volume must be set and fixed. Volume level is determined and adjusted by listening to conversations outside the area to be protected. The speaker volume will then be adjusted until conversations are unintelligible from outside the SCIF.
  12. Sound-source generators must be located within the SCIF.
    1. AM/FM receiver cannot be present on sound-source generators.
    2. If the sound-source generator has the capability to record sound, that function must be disabled.
    3. The following are examples of government-owned/sponsored sound-source generators:
      1. Audio amplifier w/ standalone computer (no network connection)
      2. Audio amplifier w/ a cassette tape player, CD player, or digital audio player, or w/ digital audio tape (DAT) playback unit
      3. Integrated amplifier and playback unit incorporating any of the above music sources
      4. A noise generator or shift noise source generator using either white or pink noise

Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.


Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C
SCIF Container Series | Part 6: Vents and Ducts
SCIF Container Series | Part 7: Modular SCIFs
SCIF Container Series | Part 8.1: Intrusion Detection Systems
SCIF Container Series | Part 8.2: Intrusion Detection Systems

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

SCIF Container Series | Part 8.2: Intrusion Detection Systems

Integrated IDS and Remote Terminal Access


The United States government local area network (LAN) or wide area network (WAN) requires the AO’s CIO to be consulted before connecting an IDS. The IDS hosting system must be issued an Authority to Operate (ATO) by the agency’s CIO, following the FISMA Risk Management Framework that is outlined in NIST SP 800-53.


For IDS that have been already integrated into a networked system (LAN or WAN) the following requirements must be met:

  • System software must be installed on a host device that is logically and physically restricted to corporate/government elements cleared to the SCI level.
    • Host devices must be located in a Physically Protected Space. Protected space is defined as a locked room with walls, floor, and ceiling that form a solid physical boundary to which only SCI-cleared personnel have access to.
    • SCI-cleared personnel must escort any uncleared or personnel with less than SCI-clearance that require access to this space.
    • Door will use Commercial Grade 1 hardware fitted with high security key cylinder(s) in compliance with UL 437.
    • Room must be protected by UL Extent 3 burglar alarm system and access control (unless manned 24 hours).
  • All transmissions of system information over the LAN/WAN must be encrypted using National institute of Standards and Technology (NIST) FIPS 140-2, VPN, or closed and sealed conveyance. FIPS-197 (AES) can be used with AO approval.
  • All host system components and equipment must be isolated in a way that includes (but aren’t limited to):
    • Firewalls
    • Virtual Private Networks (VPNs)
    • Virtual Routing Tables
    • Other Application Level security mechanisms or similar enhancements that allow secure and private data transfers only between the PCU, host computer, remote terminal and monitoring station
  • Any components of the IDS are remotely programmable, continuous network monitoring is needed. Network monitoring includes auditing and reporting of all network intrusion detection and prevention systems.
  • A secondary communication path may be used to augment an existing data communication link to reduce search of data communication failures of less than five minute duration.
    • Supervision for a secondary communication path must be equivalent to that of a primary communication path
    • Secondary communication path can be wireless only if approved by the AO after consulting with the CTTA and/or the appropriate technical authority
  • A unique user ID and password is required for each individual granted access to system host computing devices or remote terminal. Passwords must be a minimum of 12 characters consisting of alpha, numeric, and special characters. The password must be changed every six months or utilize US Government Personal Identity Verification (PIV) Card or Common Access Card (CAC) with two factor certificate authentication.
  • Persons with IDS admin access must immediately notify the AO or designee of any unauthorized modifications.

Remote System terminals:


Remote system terminals must utilize AO approved role-based user permissions (e.g. Super User, SO, Guard). All USG installations must prohibit non SCI cleared personnel from modifying the IDS or ACS. Remote system terminals require an independent user ID and password in addition to the host login requirements. Host systems must log and monitor failed login attempts. All remote sessions must be documented and accessible to the AO upon request.


All host systems and PCUs must be patched and maintained to implement current firmware and security updates. USG systems must be in compliance with Information Assurance Vulnerability Alert (IAVA) guidance.


Requirements for IDS Systems Software Passwords:

  • Passwords must be a minimum of 12 characters consisting of alpha, numeric, and special characters
  • The password must be changed every six months or utilize US Government Personal Identity Verification (PIV) Card or Common Access Card (CAC) with two-factor certificate authentication

IDS Modes of Operation

The IDS must operate in two modes: armed or disarmed. With this system there must not be any remote capability for changing the two modes by a non-SCI cleared personnel. Changing the arming or disarming status must be limited to just SCI-indoctrinated persons.


When the system is in disarmed mode, normal entry into the SCIF, following all security procedures, will not cause an alarm to sound. A record must always be maintained of who is responsible for disarming the IDS. However, tamper circuits and emergency exit door circuits must remain in armed mode. The PCU must have the ability to allow certain alarm points to remain armed while other points are in disarmed status.


The IDS is placed into armed mode when the last person leaves the SCIF. A record must also be kept identifying the person who armed the system. When in armed mode, any unauthorized entry into the SCIF will cause an alarm to be immediately transmitted to the monitoring station.


Each failure of arming or disarming the system must be reported to the SCIF Security Manager. Records of these events will be kept for two years.

Maintenance Requirements and Zone Shunting/Masking Modes

If maintenance is performed on the system, the monitoring station must be notified and a log must be kept. All maintenance periods must be archived in the system. System maintenance can only be done by an SCI cleared IDS administrator of SCIF Security Officer (SO). When a point is shunted or masked for reasons other than system maintenance, it must be displayed as such at the monitoring station throughout the period the condition exists.


Any sensor that has been shunted must be reactivated upon the next change in status from armed to disarmed. A PIN is required, for maintenance purposes, to be established and controlled by the SCI cleared IDS administrator or SCIF SO. All procedures must be documented in the SCIF SOP. PEDs (portable electronic devices) are only allowed attachment to the system equipment for the purpose of system maintenance, repair and reporting. The PED attachment can either be temporary or permanent depending on system needs. The stand-alone PED must meet the following requirements:

  • Must be kept under control of SCI-cleared personnel
  • PED, when not in use, must be maintained in a Physically Protected Space
  • Mass storage devices containing SCIF alarm equipment details, configurations, or event data will be protected at an AO-approved appropriate level.

Capability for remote diagnostics, maintenance, or programming of IDE must be accomplished only by SCI-cleared personnel and must be logged/recorded. In the event of a power failure, the system will automatically transfer emergency electrical power sources without causing alarm activation. 24 hours of uninterrupted backup power is required and must be provided by batteries, an UPS (uninterruptible power supply), generators, or any combination. An audible or visual indicator at the PCU shall provide an indication of the primary or backup power source in use. Equipment at the monitoring station will visibly and audibly indicate a failure in a power source or a change in power source. As directed by the AO, the individual system that failed will be indicated at the PCU or monitoring station.

Monitoring Stations

In accordance with UL 2050, monitoring stations must be government-managed or one of the following:

  • AO-operated monitoring station
  • Government contractor monitoring station
  • National industrial monitoring station
  • Cleared commercial central station

All monitoring station employees must be eligible to hold a U.S. SECRET clearance. Operators must be trained in system theory and operation in order to effectively interpret certain system incidents and take appropriate actions.

Operations and Maintenance of IDS


Alarm Response


All alarm activations must be considered an unauthorized entry until it’s resolved. Response force will take appropriate steps to protect the SCIF, as permitted by a written support agreement, until SCI-indoctrinated individual(s) arrive to take control of the situation. The SCI-indoctrinated individual(s) must arrive in 60 minutes (in accordance with UL 2050) or a response time approved by the AO.


The individual(s), upon arrival, will conduct an internal inspection of the SCIF, attempt to determine the cause of the alarm activation, and reset the IDS prior to the departure of the response force.


System Maintenance


All maintenance and repair personnel that aren’t TOP SECRET-cleared and indoctrinated for SCIF access must be escorted during system repairs/maintenance. Repairs must be initiated by a service tech within four hours of the receipt of a request for service or trouble signal. Until repairs are completed or AO-approved alternate documented procedures are started, the SCIF will be continuously manned on a 24-hour basis by SCI-indoctrinated personnel.


Emergency-power battery maintenance should follow the manufacturer’s periodic maintenance schedule and procedures. Battery maintenance will be documented in the system’s maintenance logs and kept for two years. If a generator is used to provide emergency power, it must also be tested per the manufacturers recommended testing procedures. If the communications path is through a network, the network’s power source must also be tested.


Network Maintenance


The system administrators must maintain configuration control, make sure the latest operating security patches have been applied, and configure the system to provide a high level of security. Inside the United States, all network maintenance personnel within the SCIF shall be a U.S. person and be escorted by cleared SCIF individuals. Outside the U.S., network maintenance personnel must be U.S. TOP SECRET-cleared or U.S. SECRET-cleared and be escorted by SCIF personnel.


Installation and Testing of the IDS


All IDS installation and testing within the U.S must be performed by U.S. companies using U.S. citizens. Outside the U.S., installation and testing must be performed by personnel who are U.S. TOP-SECRET-cleared or U.S. SECRET-cleared and escorted by SCIF personnel. All IDS system components and elements must be installed in accordance with the IDS requirements listed in Part I and Part II, UL 2050, and the manufacturer’s instructions and standards.


Prior to operational use, acceptance testing must be conducted on all systems to provide assurance that they meet all requirements prior to SCIF accreditation. Semi-annual IDS testing must be conducted to ensure continued system performance. All records of testing and test performance must be maintained in accordance with documentation requirements.


All motion detection sensors must be tested to ensure proper activation of the sensor at a minimum of four steps (“trial”) at a rate of one step per second (30 inches ± 3 inches or 760 mm ± 80 mm per second). This test must be conducted by taking a four-step trial, stopping for three to five seconds and then taking another four-step trial. These trials must be repeated throughout the SCIF and from different directions. An alarm must activate at least three out of every four consecutive trials made by moving through the SCIF.


All HSS devices must also be tested to ensure that an alarm signal activates before the non-hinged side of the door opens beyond the thickness of the door. For example, a 1 ¾ inch thick door will activate an alarm signal before the door opens 1 ¾ inches. Each IDS equipment cover will be individually removed or opened to ensure there’s an alarm activation at the PCU or monitoring station in both secure and access modes. Tamper detection devices only need to be tested when installed. However, the AO may require more frequent testing of tamper circuits if needed. 


Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.


Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C
SCIF Container Series | Part 6: Vents and Ducts
SCIF Container Series | Part 7: Modular SCIFs
SCIF Container Series | Part 8.1: Intrusion Detection Systems


Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.