本文件规定了为种植（室内和室外）、加工、储存/分销、运输、零售以及研究和测试目的处理大麻和大麻产品的场所和设施的最低安全要求，以防止损害和/或未经授权访问资产，包括（但不限于）: —？实物资产； —？人员； —？大麻和大麻制品； —？记录和信息。 笔记？本文件涵盖的场所包括室内和室外种植、加工/生产设施和零售店。 本文件所述的总体安保方案和个别安保措施包括三类: a)物理控制； b)技术控制； c)行政控制。 本文件规定了大麻和大麻产品一般安全的最低要求，包括:—？旨在拒绝、阻止、延迟、响应和恢复未经授权的访问的物理安全设计/措施； —？设计、安装和维护旨在限制进入、检测入侵和目视监控/记录安全敏感区域活动的电子安全系统； —？程序性安全措施，旨在指导整个组织的日常和紧急安全活动； —？人员安全措施，旨在确保所有进入设施的人员都得到适当的安全意识筛查、指导和培训； —？监测大麻和大麻产品从种植到零售（包括运输）的整个产品生命周期的安全状况。 本文件为以下方面提供了指导方针: —？安装、维护和检查物理和电子场所安全和网络安全系统；—？在组织层面实施信息安全治理，包括政策、程序和标准，以保护记录和信息的机密性、完整性和可用性。 本文件中的所有要求都是通用的，旨在适用于大麻供应链中的所有组织，无论其规模和/或复杂程度如何。

This document specifies minimum requirements for the security of sites and facilities that handle cannabis and cannabis products for the purposes of cultivation (indoor and outdoor), processing, storage/distribution, transportation, retail sales, and research and testing, in order to prevent harm and/or unauthorized access to assets including (but not limited to): —？physical assets; —？personnel; —？cannabis and cannabis products; —？records and information. NOTE？Premises covered in this document include indoor and outdoor cultivation, processing/production facilities and retail stores. The overall security programme and individual security measures addressed in this document incorporate three types:

1. a) physical controls;
2. b) technical controls;
3. c) administrative controls.

This document specifies minimum requirements for general security of cannabis and cannabis products, up to and including: —？physical security design/measures intended to deny, deter, delay, respond to, and recover from unauthorized access; —？design, installation and maintenance of electronic security systems intended to restrict access, detect intrusion and visually monitor/record activity in security-sensitive areas; —？procedural security measures intended to instruct day-to-day security activities, both routine and emergency, across an organization; —？personnel security measures intended to ensure all personnel attending the facility are properly screened, instructed and trained in security awareness; —？the monitoring of the security status of cannabis and cannabis products throughout the product lifecycle, from cultivation to retail sale, including transportation. This document provides guidelines for: —？the installation, maintenance and inspection of physical and electronic premises security and cybersecurity systems; —？the implementation of information security governance at organizational level to include policies, procedures, and standards to protect the confidentiality, integrity and availability of records and information. All requirements in this document are generic and intended to be applicable to all organizations in the cannabis supply chain, regardless of size and/or complexity.