Puerto Rico has become home to a prominent pharmaceutical industry; more than 60 pharmaceutical plants dot the 3,500 square miles of Puerto Rico’s main island. Chief among the industry’s security worries is the risk that the chemicals they handle could be used as explosives should they fall into the wrong hands.
Many of the pharmaceutical campuses in Puerto Rico cover hundreds of acres, making perimeter protection a major concern. The typical plant, say experts, uses concentric rings of protection—specifically, outer and inner perimeter fencing. Random guard patrols also surveil the perimeter. Tank farms receive special attention.
The types and quantities of chemicals on site, and the potential for pharmaceutical plants to attract terrorists, make emergency preparedness planning essential. Pharmaceutical companies work closely with the community and with each other to prevent and prepare for disasters. They do this through local Community Awareness and Emergency Response (CAER) groups, operated in conjunction with local fire departments.
Do This, Don’t Do That
Pharmaceutical companies face the challenge of complying with a host of overlapping regulatory schemes. While each has its purpose, and all of the requirements may be well-intentioned, they can lead to some redundancy. For example, one security manager’s facilities were inspected at least ten times in 2006 alone. (He did not complain about it, but merely cited it as evidence of how strict the requirements are.) Here’s a look at some of the compliance regimes with which companies must deal.
The Customs-Trade Partnership Against Terrorism (C-TPAT) program is designed to give companies an incentive to raise security standards. Companies that meet standards of supply-chain security get through U.S. Customs and Border Protection faster, saving time and money. Validation teams from C-TPAT go on site at pharmaceutical firms that want to be C-TPAT members; they conduct detailed reviews of personnel and physical security, access controls, conveyance security, manifest procedures, and other areas.
Other government agencies—such as the Food and Drug Administration, the Department of Transportation, and the Drug Enforcement Administration, to name a few—have security regulations that apply to the pharmaceutical industry as well. For example, FDA regulations attempt to ensure the integrity of pharmaceutical products. Some regulations are designed to prevent terrorists from tampering with the drug supply.
Some companies also comply with the American Chemistry Council’s Responsible Care Security Code, which calls on companies that use or work with chemicals to conduct comprehensive vulnerability assessments of their facilities, put in place security enhancements, and obtain independent verification that those enhancements have been made.
More regulatory hurdles are on their way. As this issue went to press, DHS had received comments on its draft interim rules on antiterrorism security requirements for chemical facilities. (The rules were passed pursuant to the DHS Appropriations Act of 2007.) Those rules would require chemical facilities that present a “high level of security risk” to conduct vulnerability assessments and develop and implement site security plans based on those assessments. (The final rule was released April 4, 2007.)
Michael A. Gips, formerly a senior editor at Security Management, is director of strategic operations at ASIS International.