How PepsiCo upgraded its access control software
FSMA requires food processors control access to those who come into contact with food, so PepsiCo took immediate action to locate a reliable access control provider
FSMA’s final rule for preventing intentional adulteration of food from acts intended to cause wide-scale harm to public health, including acts of terrorism targeting the food supply, includes a section on Vulnerability Assessments where one specific requirement is the evaluation of: “The degree of physical access to the product. Things to be considered would include the presence of such physical barriers as gates, railings, doors, lids, seals and shields.”
These barriers don’t work if they have malfunctioning mechanical systems, nor do they provide a secure food environment without an access control system that records who entered what spaces or opened equipment in the facility and when. Without an adequate software-based access control system, it would be difficult to prove movements of authorized personnel within a plant or track unauthorized people who may have entered the grounds or facility.
Such is the predicament PepsiCo experienced about three years ago when its access control software provider announced “end of life” for its legacy security software, potentially leaving more than 300 PepsiCo locations in the lurch for an access control system. What to do?
“We were really put in a bind when our legacy access control software provider suddenly announced end-of-life for the product we were using,” says Jeffrey Reed, PepsiCo’s seasoned global security application engineering manager. “Their decision put a hurt on us.”
Reed and his team support more than 300 PepsiCo locations that include Pepsi, Frito-Lay, Quaker Oats and other well-known brands, as well as the more than 100,000 people serving those brands. These are largely warehouse facilities, with products that have a shelf life, making security especially critical. Because support for the existing product was being discontinued, Reed and his team had to move quickly and efficiently.
“It was an obscene deadline,” says Reed. “When they abandoned the product, they basically abandoned us.”
Even though promises were made offering a migration path to a new product, Reed contacted his integrators and began another internal audit of locations—audits he had been conducting on an ongoing basis since September 11, 2001 to create security standardization across PepsiCo locations. That audit and extensive review process suggested Honeywell’s Pro-Watch access control software as the standard and basis of the support Reed needed.
A deeper dive
Reed and his team tapped into his key integrators for recommendations. Meetings and presentations were held, and studies were conducted. It was an exhaustive, time-intensive process that had led directly to the Pro-Watch Software.
“I want to do business with people who want to do business with us,” says Reed. “At evaluation events it became very clear who those people were. You see, it’s not just about the software. I mean, it has to be scalable and flexible. In our extensive review process, we found that Pro-Watch had what we were looking for in terms of features: custom reporting capabilities and out-of-box customization of badging. Additionally, the web-based workstation made deployment so easy. Beyond these features, it’s really all about the support after you implement that is the real tell. And that was how we knew we made the right choice.”
Linda Birnbaum, Honeywell’s national account manager, notes, “We helped secure information and coordination with Structure Works, and PepsiCo’s other integrators involved in the process of selection with Jeff. Support is Honeywell’s real business.” Structure Works is a New York-based systems integrator, and one of the three Platinum Honeywell integrators that now support PepsiCo.
“In any migration, there are a lot of moving parts, and lots can go wrong,” says Reed. “That’s why there is an enormous amount of responsibility between the vendor, manufacturer and end user. And truth be told, we haven’t had a significant failure in three years of migration to Pro-Watch, which could not be said for the previous software.”
Looking at the benefits
“Access in control software has become something of a commodity,” says Reed. “You really need a proper evaluation in order to differentiate between them. All things considered, the difference will always boil down to service and support. We didn’t want to continue to ‘rip and replace.’”
Honeywell's Pro-Watch software was selected because it helps companies meet the most stringent compliance requirements, reduces total cost of ownership, and provides flexibility and scalability. In addition, Honeywell supports its base by putting integrators through an extended, rigorous certification process.
“We’re able to leverage existing installed hardware as the system expanded,” says Michael Villano of Structure Works. “Scalability is key, here, for what PepsiCo was doing in their facilities.”
Pro-Watch software also allows the company to provide remote security management for badging, reporting, and alarm and event monitoring. In addition, Pro-Watch allows for multiple readers.
“I like the hardware that these card readers attach to,” says Karen Hudgins, Reed’s partner global security application engineer at PepsiCo, who helped in bringing Pro-Watch online. “Plus, it’s Windows based. How good is that!”
A major feature of Pro-Watch that was attractive to the PepsiCo security team was its expandability with functionality they can call up as needed, such as Logical Device Exceptions.
“Access privileges are really based on the roles within an organization of an individual,” says Birnbaum. “One of the unique features of Pro-Watch that makes it so attractive to our clients is Logical Device Exceptions.”
With the Logical Device Exceptions functionality, the software enables the administrator to grant, revoke, or delete card access to Logical Devices (any input device such as a card reader or output device like a door), which are tied to individuals. This saves time because the security officer can search for a logical device anywhere in any location, generate a listing of people associated with that device, and adjust privileges by selecting and clicking.
Reed, as the writer and manager of the security engineering standards at PepsiCo, has made his operation the center of excellence for security. That said, he will tell you, “No software can predict events. You really need people to react quickly, efficiently.”
That’s why the biggest problem that Pro-Watch solved for PepsiCo was service. As Reed notes, “Service is always the issue. I want to know that the product can be installed and is installed. And that it works and will continue to work and not be declared suddenly end-of-life. Our integrators, Honeywell and our internal team created a ‘triangle of trust’ and were all integral to the successful implementation of Pro-Watch.”
For more information, visit Honeywell Building Technologies or call 800-323-4576.
“TACCP: HACCP for threat assessments,” FE, March 2016
“VACCP: HACCP for vulnerability assessments,” FE, Feb. 2016
“Semper paratus! Food defense depends on it,” FE, May 2014
“Food processors balance cyber, physical security,” May, 2017