By Philip E. Quigley, CFPIM

Of course, this new operations reality causes immense new security concerns. These concerns can be talked about in two areas: physical security for plant, employees and equipment; and information security.

Physical security means protecting the plant — which includes equipment, raw material, finished material and the people working there. Look at some of these examples of physical security breaches:

1. In southern California, police have been tracking down gangs that raid high-tech computer company warehouses for parts.
2. Also in southern California, a police bulletin was issued to office buildings informing companies of gangs visiting offices disguised as service reps and then stealing laptops and other PC equipment.
3. Employees have been arrested at several shipping companies stealing shipments of PCs and other electronic equipment.
4. Several people I have met at APICS meetings talk about thefts from their plants and trucks in various foreign companies — it was a way of life that took 10 percent of all their shipments from some plants.
5. There have been kidnappings and terrorists attacks around the world — they seem to come in waves, but they are always there.

These happenings can only be magnified when you are operating around the clock. You used to be able to close down the plant and have maximum security. Now your plants, warehouses and distribution centers are open around the clock. Your plants are also working at a faster pace; no one wants to slow down for security checks or procedures. Therefore, the opportunity for theft is now much greater, and so is its impact. If you are shipping or receiving on a JIT (Just-in-Time) basis, a theft of one shipment can shut down a plant.

Operating on a global basis year-round also requires companies to use much more sophisticated systems. Herein lies a double problem — companies are very dependent on information systems, and the more they use them and spread them out physically, the more vulnerable they are to attack. When people travel around the world using laptops, and plants and offices are interconnected globally, weaknesses or sloppiness in one office or one individual can be lethal to the entire organization. Look at the effect of one person who brings in a computer virus and spreads it around the world via e-mail with one click of the mouse, or the impact of one person who lets his password out by leaving a note in his hotel room, or has his laptop stolen in an airport or hotel.

It used to be that many companies kept their major IS equipment processors and disk files in one central, highly secure facility. Now servers may be spread around the world in local offices and plants. These servers are not very big and can easily be stolen. So just what is the impact on your system if a local server is stolen? And besides the physical hole created in your network, what is the effect of losing the data?

Think of the affect on your business that can be caused by someone who can come in and steal all of your electronic design information for new products? Impossible? There have been articles in Business Week and Fortune detailing how easy it is for computer professionals to break into corporate IS systems and steal data.

This new security reality calls for new thinking on security by an organization — a new thinking that must be backed up by management action and spending money. Some steps management must take include:

1. Make security a priority by creating a management position for security that is at an executive level.
2. Develop and implement security plans for all facilities on a worldwide basis — the plans must be based on the reality of the plants' physical location and use.
3. Monitor and report security problems directly to company executives.
4. Develop and implement plans for IS security, including formal policies on password protection, hardware security, backup for disaster, etc.
5. Systems must be designed and implemented with proper security built-in.
6. A system for monitoring day-to-day security problems must be developed, and any problems must be reported to senior management on a regular basis.
7. Relationships must be built with local, national and international police organizations to exchange information on a routine basis.

These steps are not rocket science, but they do take time, effort and money. Remember, all it takes is one major break-in or theft for the effort to prove its worth. Materials professionals — from individual planners to senior executives — need to be thinking about this subject and its impact.