Stay Ahead of Your Audits: 5 Steps to Better Manufacturing Security

Stay Ahead of Your Audits: 5 Steps to Better Manufacturing Security

Robots, assembly lines, 3D printers, and other technologies have changed the manufacturing industry forever. For many firms, cybersecurity has become a greater problem than labor relations. Even if you are never attacked, large customers like Walmart have high cybersecurity expectations. If your security processes are weak or ineffective, you may lose some of your most lucrative customers.
Deloitte predicted that cybersecurity will become the #1 IT risk for manufacturing firms. Therefore, take a proactive approach to your cybersecurity by following these steps.

1. Review Internal Audit Findings

Ask to review your company’s last internal audit report and, if available, IT audit. These reports provide an independent perspective on the state of your controls. What if IT controls and issues are not explicitly covered in the report? You can indirectly infer the status of your program based on the overall control framework. To better manage this risk in the future, ask management to consider adding IT security to next year’s audit strategy.

Action Step: Contact your internal audit or risk management unit to request IT audit or internal audit reports from the past 12 months.

2. Assess Physical Security Approach

Physical security systems and practices are critical to successful manufacturing. At the most basic level, all individuals accessing your facility should be identified by security, including vendors and visitors. The next step is adding heightened security areas, such as those containing raw materials. Why protect raw materials? According to an Australian study, “The most frequently stolen items from building sites were raw materials.” The same risks are likely to be present at manufacturing sites. If your facility has raw materials with a high street value, such as cooper, adding an additional layer of security makes sense.
Action Step: Walk through your facilities to verify if high-value materials and products are properly protected with additional security measures.

3. Review Security Procedures for Complexity

In management, complexity is the enemy. If you ask your managers and employees to complete a 20-step security process, they are unlikely to follow each step. To make life easier for your staff, use a security automation process. Using Avatier as your manufacturing identity management solution will put you in good company. Boral, CF Industries, and Clarion Corporation of America already use Avatier.
Action Step: Hold a team meeting with your security staff and a few managers to discuss the current state of your security practices. Pay close attention to complaints, references to errors, and other pain points. It is likely that your less diligent managers may skip security steps if they are too complicated.

4. Improve Supply Chain Transparency

The rise of outsourcing, offshoring, and increased trade means supply chain management is now a critical skill. If your company has weak supply chain capabilities, you may face a firestorm of media criticism. From 2012 to 2013, Apple’s manufacturing practices in Asia were criticized. The company managed to recover after carrying out an extensive review of its supply chain. Instead of waiting for a problem to explode, take the time to carry out your own “practice audit” of your supply chain. In particular, explore how these companies comply with your security requirements.

Supply chain transparency is more than a good idea – it is a legal requirement in some areas. In 2012, the California Transparency in Supply Chains Act went into force. While this law does not address IT security specifically, it does underscore the importance of understanding and managing suppliers.

Action Step: Review your supply chain control process for security and legal requirements. Trust us, it is better to ask these questions yourself than waiting for an auditor to find the problem.

5. Check Your Certification Requirements

Maintaining your manufacturing certifications is one way to stand out from the competition. For example, ISO 9001 now emphasizes a risk-based approach to management and quality. Based on that requirement, the increasing risks posed by security incidents must be considered. Just imagine how quality will be impacted if an unauthorized person gains access to your facility.

Action Step: Review your key certifications to determine additional requirements related to cybersecurity.

Further Reading on Manufacturing Trends and Risks

For additional details on the resources discussed in this article, please see the citations below.

Bob Deysher, A “Risk Based Thinking Model for ISO 9001:2015, ASQ

Deloitte, Understanding risk assessment practices at manufacturing companies, March 2015

Australian Institute of Criminology, Theft and vandalism at residential building sites in Australia, 2008

Kit Eaton, Apple Supply Audit Finds Use Of Underage Labor By Manufacturing Partner, Fast Company, January 25 2013

Written by Nelson Cicchitto