When he describes the security function's goals at Starbucks Coffee, Francis D'Addario shares a 13-syllable mantra: Protect people. Secure assets. Enable mission.
Those six words inform everything the Starbucks security team does, from keeping coffee buyers safe on trips to Indonesia and Ethiopia, to helping coffee baristas understand what to do if there's an attempted robbery, to monitoring coffee shipments from farm to roasting plant to corner store.
D'Addario, vice president at Starbucks, and members of his security team -- Elizabeth King, vice president, information management services; Sean Dettloff, manager, partner and asset protection; and Rick Gipson, director, U.S. partner and asset protection -- gave an overview of the company's asset protection strategies to at a recent CSO U.S. Perspectives conference.
Among the points the Starbucks team made:
* Their challenges increase because the US$7.8 billion company with 13,000 stores in 40 countries is growing so fast, about 20 percent annually, opening up on average six new retail outlets daily. D'Addario said Starbucks security focuses on identifying risk and investing in risk mitigation measures that show return on investments; authenticating partners, trusted agents and goods providers; building a global view of operations that reports exceptions. The company also seeks continuous improvements in people, process and technology "in a culturally relevant way."
* The security team has built what it calls "Enterprise Security Platform," a central security facility that "converges enterprise and physical security," by monitoring critical facilities, retail stores, as well as monitoring conditions around the globe.
* Container security is a key part of supply chain management. Starbucks uses video monitoring of loading facilities, to capture images of loading and sealing containers with "container security devices" -- a magnetic device that tracks the closing of the container doors, its opening, and temperature and humidity along its journey. The device also is capable of uploading data from third party logistics providers. And it detects tampering. (Starbucks rejected using RFID or GPS devices as not worth the cost, Dettloff said.)
* A cross-functional governance council sets company policies for the company. Starbucks has built an electronic policy library to help employees know what to do and how to do it.
* Security provides in-store training to employees to help them understand how to handle risky situations, from customers who turn violent to criminal activity. Design elements also provide for lighting and clear visibility into stores. Future enhancements call for furniture designed to help consumers protect their handbags and laptops, Gipson said.