Industrial Security Model for a Leading Textile Manufacturing Enterprise

Introduction

One of our first customers, a leading textile manufacturer that produces a high volume of different types of yarn and exports globally is based in the Union Territory of Dadra and Nager Haveli & Daman and Diu, bordering the state of Gujarat. The organization factories spread over 500+ acres have been experiencing various organizational challenges since its exponential growth from 2010 onwards. With revenues growing 2x, the production capacities along with market share have grown with new factories commenced set up within the factory land and expanding the production, increasing the number of employees.

Overview of the setup

The factory manufactures over 5 different types of textile products and each product has different manufacturing setups that are independent of each other. The design of the entire setup follows a batch-making process wherein raw materials processing units and finished goods storage areas are set up adjacent to each other. There are weighbridges to monitor the weight of the materials ( raw materials as well as finished goods ).

Some key highlights:

• There are multiple weighbridges on the premises

• There are over 40 buildings for production and storage facilities

• One single captive powerplant

• 9+ access points to the plant

• 1 parking Plaza on the premises

• 1 labour Colony for the full-time factory employees

• 1 oil tanker field

• 1 Administration office

Key Challenges at the site:

• Over 4500 vehicle movements per month ( daily average 175+ ), with limited parking avenues within the premises and the parking plaza ( maximum spot of 50–75 )

• High logistical movements inward and outward of the plant.

• Over 10000+ employees working in multiple shifts entering and exiting from 9+ key access points

• The Finished good storage ( warehouse ) capacity is less than production output, leading to a high amount of finished goods stored across the plants.

• There are no dedicated scrap storage areas within the premises

• There are no dedicated parking areas within the plants

• There are over 60+ loading &unloading points on the premises

• The physical security program is heavily dependent on manpower itself

• There are over 1500+ security surveillance systems to monitor the premises

• The security program does not have physical security technology systems

• There are over 450+ security personnel protecting the infrastructure of the premises with security controlling the access points, dispatch bays, weighbridge activities, and storage of goods across the plant areas.

Growing Pain:

1. Excess Material Breach:

There have been many instances of trucks overstaying within the premises. With many reports of a breach in the material weighed wherein extra materials have been processed.

2. Unauthorized Access:

With over 3km perimeter boundary spread, there have been numerous cases of unauthorized access within the premises.

3. ERP Downtime

There has been an event where the entire ERP data of goods produced has been deleted, with no account of how many materials were processed. The backup retrieval of the data has taken a considerable amount of time for investigations.

4. Worker Protests

The factory workers have in the past attacked plant employees as well have planned organized riots that have caused damage to the plant infrastructure & employees’ assets

5. Fire across factories

Oil is one of the main raw material components for producing various finished goods. One of the factories were gutted down causing tremendous losses to materials, machinery and human life

6. Vehicular Accidents

Since there is no traffic flow organized for movements within the plant, there are many vehicular accidents on the premises.

7. High Vendor Management

With multiple vendors for security programs as well as monitoring casual workers, there is dependence on the management of vendors across the plant operations.

8. Internal Movements of Materials

There are dedicated vehicles that move the materials across the plant areas. These data points are manually recorded and there is no multi-factor authentication to validate the materials recorded.

New Approach

Establishing a new security program to ensure high business continuity practices, would not occur without any challenges. As soon as we were onboarded by the management to address the various critical challenges, we ran into our first hurdle. The existing security team disagreed on the method of assessing the existing effectiveness of the security program. Each functional head was keen to suggest their respective methodology without any data to suggest what security program needs to be implemented and how would the new security architecture be designed.

To have a cohesive approach to finding a solution, we had to ensure all stakeholders are well-heard of and managed effectively and proactively.

We divided all the security functions under independent heads and analyzed each function’s effectiveness against a specific outcome. This way we were able to conclude the risk assessment that would help us identify dark spots in the whole design and suggest a new model that would reduce any incidents that impact the business in any manner. We divided our strategic steps into 5 key aspects:

Measuring Effectiveness

We realized that it was critical to solve operational issues to avoid the team ( the customer management and our internal team ) getting bogged down in them, in the long run, to continue solving tactical challenges every day. Our approach was that to measure the effectiveness, we must wear two hats i.e. as an independent auditor and as an employee of the organization. It was essential for us to disassociate the two issues. We created a different structure to ensure that the management teams hold separate meetings on operational issues with the internal stakeholders while at the same time having separate meetings to focus on security strategy.

In the audit meetings, we focused on process effectiveness scores such as:

• Access Controls processes for vehicles and employees

• Access controls processes for

• Monitoring Vehicle traffic processes

• Dispatch processes

• Monitoring the premises virtually

• Storage of inventory processes

• Measurement of competencies

• Measuring the output of the security team members

• Scrap Management Processes

• Perimeter monitoring effectiveness

• Emergency response effectiveness

• Weighbridge monitoring and controls

• Parking of vehicles

• Entry of Raw Materials

• The exit of Finished goods

• Monitoring of Guards output

• Personnel Movement monitoring

• Vehicle Monitoring in the premises

• Training monitoring & many more

The focus was to identify how efficient each process was in specific areas that were bifurcated as per the ease of operations.

As a team, all of us would conclude the effectiveness by rating the efficiency of each process on a score between 1–5. This would ensure help us derive an aggregate score backed with substantiated evidence to the represented scores. This way, we were able to consider the views of all the partners cumulatively and generate a measured score. Each team member was trained on measuring the performance against the key metrics and developed this standard for creating a pathway to measure risk more proactively.

The changes of this were:

• Systems and processes were in place for identifying which areas needed to be improved.

• Trendline on the security process score that was improving with every month

The cornerstone of our strategy was to remain completely neutral while dealing with all the internal stakeholders and management.

Proceeding with this activity, we created flowcharts for identifying new processes for all the activities:

In total, we created processes for multiple areas and multiple functions and the total constituted over 1350 Processes that effectively controlled the security program at the site.

New Operating Model

Now that our processes were created effectively, our next main aim was to focus on delivery. As an organization, we firmly believe that efficiencies and optimization lead to success in any endeavor. Now, this 500-acre plant had over 450+ security personnel with 20+ management layers. This was very high and we challenged ourselves to optimize our existing workforce. We took learnings from the Indian Special Forces, the parachute regiment ( PARA SF ) which is one of the most efficient and effective organizations in the globe. To take these learnings, we recruited 15 ex-Para SF soldiers to monitor and control the operations across the plant. We optimized our workforce by 50% and controlled multiple functions through a well-planned approach. There were tremendous apprehensions by various stakeholders however our business continuity practices were never hindered and we continued to ensure high and effective practices. Each personnel deployed was trained on:

• Organizations’ policies and practices

• System Practices

• Understanding industrial security practices

With challenges about manpower discipline, and a few instances of low effectiveness in operations, vehicle assessment failures; the success of this model started with complete control on all business practices.

The model’s pillars were:

• Critical Area coverage with static personnel securing the nearby areas

• Non-critical area coverage through beat patrols at an X value.

Each personnel was enabled with a platform to cover and control the technology parameter.

Quality Controls

We recommended setting up a SOC at the premises to monitor and control the delivery of the operations. With the deployment of our model, we experienced certain additional challenges. It was difficult to align internal company processes, people, vendors, and request assets for the model delivery. The current system had a SOC to monitor the vendors and not augment the operations or control the processes. We had to quickly migrate to a model without a SOC in its initial days itself while changing our technology at the backend.

The situation was complicated by the absence of reliable SOC enabled communications to integrate operations. We lacked critical site data to address key risks immediately and there were high errors in information flow to the management.

With management demands for transition, we had to move fast. We transitioned to a SOC setup that was smaller in scale to:

• Collect information on material movements proactively

• Allocate resources to help in each transaction ( any security activity )

• Transition to a centralized SOC setup with key security controls aligned from the SOC itself

• Monitor the entire process and identify deviations

• Manage key vigilance activities across the plant

• Monitor the personnel delivery at the site

Data Generation

The current ERP used by the organization was SAP. We needed data to be pushed to our devices proactively that would help us take planned activities on a real-time basis. However, the IT team of the organization could not push data through API to our platforms. The IT team’s views on integration varied. We had the most aggressive approach to collect data from the operations ( business data such as sales orders, purchase orders, scrap declaration, finished goods etc. )

It was required for us to automate data requests and set up an Artificial Intelligence layer for the security program. It was quite difficult for the management to agree to share such critical data whereas it was essential for us to develop an automation program from this data to reach our goal of data-driven operations. To resolve the stalemate, we digitized physical registers which were by default being filled by the security personnel. This key data helped us automate information being relayed to the management. We had all the data insights right from the source for our consumption.

• We enabled our workforce with mobile devices that had critical operational information being relayed on the site.

• We created NFC tags at the site that made it easier for us to log in critical information

• Each dispatch bay was empowered with a tablet that was digitized for seeking direct information on material movements

• Each access control had digitized Visitor management systems

• The CCTV layer was augmented with computer vision programs to identify perimeter breaches, vehicle speeding, illegal parking, movement of goods, key business indicators such as dock time, load and unload time, fire identification, smoke identification, key footfalls statistics etc

Data-Driven Operations

Our team of data scientists now were sitting beside a massive data lake that we had created. With this, we created various models to predict key business events such as the purchase or raw material consumption or key business statistics such as the effect on sales due to certain external events.

This feature is still ongoing as we continue to function on such models to create more models to further optimize and create more automated decisions.

Benefits we achieved in comparison with other plants.

The entire operational transition from a manpower-intensive operation to data-driven operations yield maximum returns with:

• Reduced operational cost

• higher productivity per unit of manpower deployed

• Technology integration with a reduced operational service cost

• Introduction of SOC for the operations

• Lower transaction cost per unit

Our De-risking Strategy Apart from the challenges that were enormous during the operational rollouts, we had to identify a framework for monitoring the risks and distinguish them between tactical challenges and key physical risks. We utilized a Risk Identification Framework that was key to our de-risking strategy. Step 1 — Identification of Key Risks. Some examples of key risks we identified.

• Finished goods stored across the plant. High probability of theft of finished goods either through perimeter breach or material being thrown across the perimeter wall.

• Inflammable substances are found across the plant. High probability of fire incidents at the plant.

• Trends identified during oil price rise, theft of raw materials and finished goods increased. During an increase in commodity pricing, the theft of copper cables and steel materials increased considerably.

• Excess casual workers’ entries into the plant lead to multiple accounting of the wages being paid. Workers entering from 1 access point and exiting from another access point in absence of d

• Blackspots across the perimeter wherein intrusions were significantly high. These blackspots gave access to intruders directly to critical locations that could cause several losses.

• Truck overstaying within the premises despite being given permission to exit once the paperwork has been completed.

• Forklifts operators remove fuel from their respective vehicles in container bottles and place the bottles outside the perimeter boundaries. The trend line showed consumption of fuel increasing considerably during an increase in the fuel prices.

• Transporters remove fuel from their fuel tanks prior to entering the weighbridge during the measurement of gross weight to carry out excess finished goods and refuel the fuel that was taken out upon exiting the premises.

• Inflammable scrap stored near the Sewage treatment plant and Effluent treatment plant

• Project materials stored across the boundaries lead to the high possibility of theft.

Step 2 — Prioritizing Risk Reduction We aimed to measure the risks by identifying the likelihood of an event happening ( probability ), the vulnerability of that specific threat at any location & the impact it can cause to the business.

This study is done by understanding the existing security systems, policies, and infrastructure across the plant.

Once the threat score is generated, we commence to our next step

Step 3 — Identification of Resource Requirement

We proceed to identify the following scores for helping us estimate the resource requirements.

• Risk Assurance ( Current effectiveness of controls against each risk )

• Residual Risk ( Risk score once controls have been initiated )

• Risk Appetite ( The risk an organization accept )

• Risk Tolerance ( The deviation in the risk appetite that is permissible to the organization )

• Process Efficiency Score ( The health of each security process )

• Value at Risk ( The total value { human, IP, technology, machinery or infrastructure } that is at risk

Once the scores are identified, we use statistical models such as standard deviations ( 1,2 or 3 of mean ) to determine risk behavior against specific processes

Step 4 — Operating Model

Once the operating model is in place, we focus at developing operations strategy for the security management.

Operating Methodology

Our de-risking strategy included several variables that would move in tandem with each other and were interconnected. Human Resources, technology systems and process controls were measured effectively against a target established. Our business KPI’s were finalized prior our launch.

Human Resources:

The competencies required to complete any given tasks along with the training required to fulfill the daily targets at any given specific location

Technology:

The total technology system was built to monitor risk behavior across the site. Each area had specific information that was collected by our supervisors which denoted risk score and basis that risk score actions were initiated to cover that specific risk.

Process Controls:

Generating real time process efficiencies scores and monitoring deviations had become very easy and all activities were under our control sphere.

Business KPI’s:

Multiple variables were measured to monitor the effectiveness of our de-risking strategy in this plant

The above was a snippet of our manufacturing industry case study that we had established.