A highly functional security program must include attention to detail, dynamic communication, and building and fostering relationships. Whether during my time serving in a combat environment in Vietnam as a medic with the U.S. Army’s 5th Special Forces Group, leading the United States Secret Service as its 19th Director, or developing security practices for all NFL stadiums during my tenure as the director of security for the Cleveland Browns, these core pillars have always been required for success.

The same holds true for a top tier security program for a regulated cannabis business. Here is my advice for startups developing their own security plans.

1. Pay attention to detail.

Details are important. Certainly, this applies to highly complex evolutions, like designing and configuring sophisticated intrusion detection systems. However, it is equally important for maintaining a fleet of delivery vehicles that are mechanically sound, mission ready, and clean/sterile for today’s COVID-19 world.

2. Conduct a risk assessment, and never stop.

A detailed approach begins with an initial thorough risk assessment. This evaluation should not only examine the threat environment (i.e., the actors, their capabilities, and the realities of your environment), but also be tailored to effectively support the regular and sustained operations of the facility and business. Additionally, the risk assessment must include the local community, its resources, its geography, and prospective mutually beneficial partnerships with first responders and community leadership. Undoubtedly, the ongoing risk assessment program is not only vitally important, but it becomes more complex with intelligence management, defensive strategies, and evolving environments. Most any security company can perform a security assessment, although the quality of the assessment is contingent on the quality of the security company.

3. Overcommunicate.

Communication works in all directions, up and down the chain of command and outward to clients, vendors, and the local community. Communication has already failed if it addresses only confirmed concerns and issues—it must be proactive and anticipate conflicts. Practice the (often overlooked) basics of communication: Self-awareness, seeing yourself (or your team) from the optics of others, identifying shortcomings or breakdowns in others’ expectations vs. actual performance.

4. Build a rapport with locals and law enforcement officials.

I was very fortunate in this respect, as Andy Rayburn, CEO of Buckeye Relief, prioritized communication with the local community at the business’s very early stages. This was a team effort that included educational discussions in announced public forums with concerned citizens and local city, county, and state leaders. From the very beginning, Buckeye Relief was committed to working with and giving back to the community. Matt Winningham, Buckeye Relief’s security lead, and I built a strong, mutually beneficial relationship with the local police department by inviting them into our facility, volunteering, supporting multiple annual fundraisers, and more. These relationships continue to pay dividends for security operations at Buckeye Relief.

5. Create a plan that includes your IT department.

Additionally, a relationship with the information technology (IT) director or department is a paramount security connection that requires accurate, relevant, and timely communication. In a world that is continuously becoming more technical and automated, no state-of-the-art security program can be absent of cutting-edge technology; therefore, a security program and the people behind it must understand the latest technical vulnerabilities and be well-versed in cybersecurity. Andy Rayburn put John Grafton in place, who is perfectly suited to meet this challenge. My security program would significantly struggle without cutting-edge technology.

6. Make everyone’s roles and responsibilities clear.

Communication is also needed to ensure that everyone is aligned and understands their roles within the overall security department and its operations. Furthermore, security leadership must communicate and align with management to understand possible risks and exposures, as well as to identify and understand all acceptable risks. This process begins with the initial security plan and its submission to the governing body, and continues through construction, building operations, product transportation, and all future modifications, updates, and unforeseen events.

7. Do not discount the value of cordiality.

Everyone, including security officers and the secure transport team, must have customer service skills to communicate effectively and build and maintain relationships. This is critical for our team, as security personnel are regularly the face of Buckeye Relief to its visitors, guests, potential customers, and, most importantly, its dispensary partners. Having a team that can address any perceived discrepancies in manifests during deliveries (which can avoid product rejection) requires communication with sales, the shipping/manifest team, and various dispensary personnel. This is especially true during the ramp-up of a new industry, as there are often deliveries with compliance issues, both perceived and actual, and updated orders from dispensaries with an expected turnaround time of less than 24 hours.

8. Consider hiring former law enforcement officers and/or veterans.

Having a team that can respond professionally and maintain the needed attention to detail, especially in stressful situations with unexpected circumstances, has led us to recruit team members with military or former law enforcement experience. This team of professionals has excelled in unknown and sometimes chaotic environments, including the introduction of COVID-19 into our world and society. Our disciplined team has been able to successfully operate a schedule of more than 40 separate deliveries per week, all with minimal impact on operations.

9. Thoroughly vet your security team and partners.

The cannabis industry tends to attract large swaths of vendors, contractors, prospective employees, and others, due to the perception that it is an extremely lucrative industry. It can be difficult for stakeholders in a cannabis company to quickly determine qualified and competent security applicants and solutions versus those groups claiming to have the same qualities and same wealth of experience. Some of the security companies with the biggest marketing efforts that I have come across had some of the more significant safety and security deficiencies. Thorough vetting of a potential security program and employee can help you avoid a similar fate. Whether in-house or external, validate verifiable extensive experience, preferably in the cannabis industry, that demonstrates a core mastery of attention to detail, dynamic communications, and the ability to build and foster successful relationships.

Lew Merletti is the director of security at Buckeye Relief, a medical cannabis provider located in Eastlake, Ohio, and served as the Secret Service’s 19th Director.

Read the Cultivation Startup & Expansion Guide