REGULATORY FOCUS
Editor
Sidebar:
|
As an ANSI-accredited standards development organization, The North American Security Products Organization (NASPO) issues standards for maintaining item and brand security. NASPO’s standards define specific security graphics products and can be used to identify related technologies organizations that have established a certified level of security.
“Pharmaceutical companies or any entity with security concerns would benefit from utilizing NASPO standards,” says Robert Sherwood, vice president, security programs management, and NASPO communications/membership committee chair. (Sherwood has also just earned the Certified Protection Professional designation from ASIS International, reportedly the largest organization for security professionals.)“The standards were originally born to improve security for printed financial and vital records, but grew into a mechanism to become a set of best practices for the production of products that provide authentication or that are subject to fraud.”
NASPO will soon release its revised Security Assurance standard. Once titled ANSI/NASPO-SA-v3.0P-2005, it will soon be known as ANSI/ NASPO-SA-2007, “Security Assurance Standards for Document and Product Industries.”
“As an ANSI standard, the NASPO standard is required to go through a periodic review to ensure that it’s up to date with the times and technologies,” says Sherwood, who is also vice president of sales and marketing for Sekuworks (Harrison, OH). “For NASPO, it’s a formality, as our standards committee meets quarterly to review the standard and determine whether it needs updating, clarification, or expansion.”
The latest revision will “identify new or emerging risks to be managed and required methods of reduction,” according to minutes from a July meeting of the NASPO National Standards Committee (NNSC). In addition, it will make “adjustments, as necessary, to the existing risk-reduction requirements.” Finally, it will fix “known bugs in the existing standard that have been revealed by audits carried out over the last two to three years” and give “due consideration to several changes that were proposed by a task team.”
Sherwood says that companies that are found in compliance with NASPO standards have “systems and procedures in place that regulate supply chain, personnel, materials, IT, disaster recovery, etc. As an example, a pharmaceutical company purchasing a label serving as an anticounterfeiting authentication device wants to be assured that the label printer produces only what they are contracted to produce, accounts for each label, destroys scrap labels, and uses authentication technologies that aren’t available to counterfeiters.”
NASPO audits and certifies companies yearly to make sure protection is in place, he adds. “A Pharma company may use the standard to tighten up its own supply chain to make sure counterfeits aren’t entering into their system and becoming legitimate product.”
Many companies audit their suppliers, Sherwood points out. “Companies like Intel have stated that they won’t have to spend the time and money to audit their security product suppliers if they are NASPO certified.”
