Customer seal security, is it necessary to lock them away?

I have a quesiton on customer seal security in a Storage environement.  We keep customer seals out openly in our warehouse, but all access to the warehouse is restricted by key-coded doors, which only employees can access.  Is it necessary to also lock the seals in a storage cabinet or such within the warehouse?

Depends on your auditor to be frank and honest.

I would argue it does not since there is restricted access.  The real question is how restrictive is the current access?  Yes, there are key-coded doors, but do unauthorized individuals make their way in?  How often?  What happens when they do?  All questions that need to be vetted.  It basically comes down to what is the risk and the frequency of an unauthorized person making their way in?

For example, our last SQF audit the auditor was adamant we had to have our chemical drums we dispense from inside our secure facility under lock and key.  We have the same type of restriction for our facility, only persons with key cards can get into the facility.  She was not content with us having this be the only security step for the chemicals.  So we had to get lockable bungs for our drums.  Ironically, not more than 20 feet away was several access points direct to product lines or equipment.

So how do you think auditors or customers would respond to your security of the seals?

It is normal practice to record the seal number on documentation when using the seal. If you do this then I don't see why you would need to lock the seals away, they are already in a restricted area.

Kind regards,

Tony

It is normal practice to record the seal number on documentation when using the seal. If you do this then I don't see why you would need to lock the seals away, they are already in a restricted area.

 

Kind regards,

 

Tony

The concern is someone taking the seals and using them on other trucks, containers, shipments, etc.

If seal numbers are recorded and in place no a shipment.  If the same driver for that shipment is able to take any other seal with him/her, what prevents him/her from updating the records with the seal numbers they took and doing something to the shipment and resealing it?  Nothing.

This is why seals should be secured regardless of record keeping.

If the same driver for that shipment is able to take any other seal with him/her, what prevents him/her from updating the records with the seal numbers they took and doing something to the shipment and resealing it?  Nothing.

but all access to the warehouse is restricted by key-coded doors, which only employees can access. 

Also I would expect to see seals logged and accounted for.

Kind regards,

Tony

Also I would expect to see seals logged and accounted for.

 

Kind regards,

 

Tony

That's helpful too, but it still doesn't PREVENT the situation from happening.  With logging and accounting for seals you will see when you may have a discrepancy, but that could be too late.

Best prevention is keep them secured and only personnel who use them has access to them.  Furthermore, those personnel should never take more than they need at the time.

In my experience, resources are better applied to securing seals and personnel training in handling of the seals than maintaining a log of the seal inventory, that can be quite cumbersome especially when dealing with a very large number of trucks and tankers each day.

"[locked doors] which only employees can access"

I think this is where auditors start to say your controlled storage isn't enough. For example, in the "secure area" checkpoints on the FSIS food security checklist, it alternates between "is access to X restricted" for some items and "is access to X restricted to authorized employees", indicating a higher level of security. FDA and auditing schemes are asking you to address an internal threat for food defense more and more often, which inevitably requires this extra level of "only some employees have access" to anything that could be contaminated or used to contaminate products and ingredients.

Like Ryan said, security measures that focus on control as opposed to discrepancy are preventative in nature and will be better received. It feels safe to say that your 5-year-plan should have additional layers of security included that focus on access, so you can address each of these things as new auditors come by and request that extra level of security. It's probably safe to start with a "bike lock" approach, and choose measures that would prevent "opportunistic" events, rather than criminal masterminds. Something as simple as a locker for your seals with a key stored in a desk nearby already makes it much more secure against strangers, with little impact to you.