November 1996 € Volume 6 € Number 11
Promoting And Enforcing Security In A WMS
By Jan B. Young, CFPIM
If you run a large warehouse, you probably have a half-million
dollars invested in your warehouse management system (WMS), much more
if the cost of the computer and terminals are included. This
investment, important as it may be, is probably dwarfed by your
investment in data, for which there is no number. If your data were
suddenly, irretrievably lost, the cost of recreating it would
certainly exceed the cost of the system. Protecting this investment
is an easy subject to overlook but obviously an important one.
Security considerations
Warehouse management system security involves some special
considerations. Compared to most other systems, the number of users
is relatively large and their educational levels and degree of
commitment to the job may be low. Turnover can be high, requiring
substantial investments in training. Equipment is portable and
therefore subject to some risks not encountered elsewhere. In some
third-world countries, an RF terminal can represent three months pay.
Temptation, particularly to the uneducated, can be great.
For example, some years ago, before moving-beam laser scanners
were common, one warehouse used off-line portable terminals with
infrared wands to scan bar codes. Being infrared, the wands were
tipped with a red glass lens to focus the light. This company
suffered the loss of a large number of wands because the employees
somehow got the idea that the lenses were made of ruby. Eventually,
the workers found out the truth and the problem was solved, but not
before a good deal of money had been flushed down the drain.
Managing hardware losses
There are two basic ways to manage hardware losses:
- Train, train, train. Make sure the people know what the
various devices are and what they do. Distinguish the rubies from
the glass. Discretely let the employees know that the RF terminals
have absolutely no use at home and minimal value on the black
market.
- Develop a system of checking in and checking out terminals,
laser guns and battery packs on a daily basis. Maintain detailed
records on each terminal so you know who used it. Keep track of
accumulated wear and damage and make the employee responsible for
damage other than routine wear.
Protecting data
Preventing both willful and unknowing damage to data is a little
harder, since data can be damaged in many ways. We must consider the
disgruntled employee, intelligent enough and well enough trained to
know how to screw things up royally. But possibly more important is
the employee who is perfectly happy, but has no idea of the
importance of the data or of the cost of replacing or correcting it.
Here are some ways to protect your data:
- It goes almost without saying that data should be absolutely
protected against hardware failure such as disk crashes, power
failures and application errors. The methods used to provide such
protection are complex and technical and warehouse management may
not need to understand them fully. That does not, however, relieve
management of the responsibility to ask pointed questions of the
right people so that you are assured that valuable data can never
be irretrievably destroyed by a system problem.
- Your WMS should provide a scheme to limit access to data. This
scheme should allow employees to view some things without having
the ability to update, should allow them to update information
where appropriate, and should bar them entirely from data that
they do not need access to. Most such schemes are based on
passwords.
- Passwords should automatically expire on a regular basis. When
they expire, every employee should be required to define a new and
different password for use during the next cycle.
- The WMS should use passwords to provide an audit trail of who
changed what data and who entered what data. The design of such an
audit trail can be difficult because immense amounts of data can
be generated. The size of the audit trail file can sometimes be
managed by keeping only required data; requirements can differ
from item to item, customer to customer, and possibly employee to
employee based on length of service and demonstrated reliability.
- Password administration is the responsibility of the warehouse
manager and is an important subject. Passwords should be unique to
each employee and should be secret, known only to the employee,
the computer and maybe one administrator. Employees should be
given strict instruction to maintain the privacy of their
passwords and any sharing of passwords should be followed by
disciplinary procedures. Passwords should be immediately changed
by an administrator or access capabilities deleted when an
employee quits or changes jobs.
Jan B. Young, CFPIM, is director of warehouse technology
for Catalyst USA, Inc., a supplier of off-the-shelf warehousing and
distribution systems. He is the author of Modern Inventory
Operations, published by Van Nostrand Reinhold in 1990.
For more information about this
article, input the number 9 in the appropriate
place on the
November
Reader Service Form
Copyright © 2020 by APICS The Educational
Society for Resource Management. All rights reserved.
Click
here to return to the table of contents.