Cannabis Legal for Adult Use Across
Canada October 17
A Google search of "Canada LP licensing consultant" (with the quotes) produces about 7,760,000 results. So how do you choose? All applications must include security content meeting requirements of the Cannabis Act. Businesses currently licensed under the Access to Cannabis for Medical Purposes Regulations (ACMPR) that have been in effect since August 24, 2016 will already meet the security requirements required for Adult Use.
These requirements include but are not limited to:
- Security Clearances
- Head of Security
- Site Risk Assessment
- Security Operational Plan
- Site Security Plan
- Vault Security Plan
- Detailed Security SOPs
According to Health Canada as of May 25, 2017 there have been 1665 applications received, 265 applications have been refused, 428 applications are in progress, 69 have been withdrawn, and 858 were incomplete and have been returned. The application is not a simple process and can be costly. According to an article on CBC News from April 29, 2017 titled 'Not for the faint of heart': Why getting a marijuana producer license is a long shot, it is not uncommon to spend $75,000 in lawyer and consulting fees just for the application process, only to be refused a license. The article advises anyone who's considering applying for a license should beware of what one applicant described as "charlatan consultants" working in the field. He cited one person who was recommended to his group as a security consultant, but proved to be a "total fool."
Many LP licensing consultants state they have "partnered with security consultants" to provide the security content for the application process. Look carefully at these "partners" and ensure they are capable of providing the needed expertise and not simply providing the needed security equipment. Be sure to look for their experience in conducting proper Risk Assessments and Analyses and developing Security Master Plans including SOPs. Ask for their experience developing and administering operational security training, which is entirely different than training on how to operate their security equipment. Look for their security management experience and certifications.
Dropping icons on a floor plan for video, access control, and alarms is not enough. Policies must be developed and then must be implemented. Actual experience using a system operationally can give insight to content for the security master plan that simply selling and installing the system can not. A story I always use to illustrate this comes from my time as a hospital security director. Shortly after assuming the position, I was contacted by the Director of Nuclear Medicine introducing themselves and requesting a list of persons who had access to the nuclear medicine storage room. This information needed to be reported to regulators on an annual basis.
I pulled the information from the electronic access control system and sent it along in an email. Almost immediately my phone rang. It was the Director of Nuclear Medicine and they were quite excited. She asked me if I had made a mistake as the list I sent her was several pages long. She said the list should be very short and should basically be the Nuclear Med leadership team and the Security team. She sent me a list from the prior year and said that it had been that short for several years but that my list was several pages in length and could not be correct. I again ran the report and it was the same several pages it was the first time. The list she had been given over the past several years was a list of persons who had the NUCLEAR MED STORAGE access level as opposed to a list of persons who had access levels that included the Nuclear Med Storage portal. The portal was included in several access levels such as ADMINISTRATION, ALL DOCTORS, ALL DOORS, etc. The security vendor responsible for the security systems programming had set up the access levels and obviously did not have any understanding of security sensitive areas and did not provide an accurate list of persons who could access the room. Needless to say, I had a lot of programming to correct.
No matter who you choose as a consultant to help you with your application, be sure the security content is provided by a qualified individual. Most application consultants do not have a security consultant in-house. It is up to you to use who they suggest or find your own security consultant to provide the security content of the application. The security of a site producing, processing, or selling cannabis is supposed to be taken seriously. Be certain your security consultant can be taken seriously too...