Food Security is becoming bigger and bigger in the food industry. Many companies are now including it on the list of HACCP pre-requisites.
Best place to start would be to conduct a risk analysis of your plant. Start by looking at the threats to your site - i.e., Industrial Espionage, Cyber Attack, Blackmail, Purchasing from unapproved suppliers, Disgruntled staff or ex-staff etc.
Then mention what damage such threats could cause your company / product, e.g. direct addition to the product, addition of detergent and sanitisers, tampering with water supplies, theft of sensitive documents.
Then list the preventative measures you have in place to thwart such attacks, e.g. Only approved suppliers and transport companies used, All staff are trained in Site Security procedures and are encouraged to confront unknown intruders and inform Management when they believe finished products have been tampered with, The Company have a full product recall system in place which contains a list of contact numbers for all customers, government, police, fire, rescue, and health agencies, Any security issues that have to be communicated to staff can be hung on the Company noticeboards, The Company provide an appropriate level of supervision to all staff, including cleaning and maintenance staff, contract workers, especially, new staff, Senior Management conduct routine security checks of the premises, including automated manufacturing lines, utilities and critical computer data systems for signs of tampering or malicious, criminal, or terrorist actions, Any threats or information about signs of tampering or other malicious, criminal, or terrorist actions will be fully investigated and the Police informed, Annual review of Site Security Management Programme that includes all areas of the premises (including external) using knowledgeable in-house
staff, and keeping this information confidential, The Company looks for “unusual behaviour” amongst staff. Staff are monitored for unusual or suspicious behaviour. For example, staff who, without an identifiable purpose, stay unusually late after the end of their shift or arrive unusually early, staff gaining access files
and information that are not related to their work or staff that gain access to areas of the facility outside of the areas of their responsibility, A series of security cameras cover the majority of the external and internal of the premises, A full record of all visitors to the site is maintained.
And finally, mention the deterrent controls you have in place, i.e. security cameras, alarmed fire doors, fences around the site, chemical control, back up and password protected servers. I have found that a nice touch during audits is to excuse yourself from the auditor for a moment to take a phone call and then organise a few of your largest, most violent members to staff to surround the auditor and start demanding identification. "Wow! They broke your nose! They sure do know their site security though, don't they! And hey, check out our bodily fluids spillage procedure!"
I must admit, when I carried out my first risk assessment, I treated it as a bit of a box-ticking waste of time, but I have to say it has been a good eye-opener. Custom it to your own premises and products. Think of the worst case scenarios (take this as an example for a brewery..http://www.thefreelibrary.com/How+Aston+Manor+is+bubbling.-a0146756552) and work through it.
Just remember, the only reason there hasn't been a food industry related episode of CSI is because the producers haven't realised that there are Quality Managers out there as good looking as me. I'm so hot I make the critical limit for a 6 log reduction in listera 75'C for 20 seconds. And it's jokes like that that REALLY impress the ladies.