This week, a name came across my email that invoked a rather strong feeling of wanting to empty my stomach contents on my keyboard. The company, who shall remain nameless, is one of the largest agrichemical companies in the U.S. that generates genetically modified corn and soy. Corn and soy seeds that grow plants that manufacture their own pesticide and resist the spraying of herbicides, also sold by the same company. They’ve also been the focus of a lot of negative press and are currently in the process of being purchased by a larger company. If you don’t know who they are by that description, you need to stop watching the 90% of news outlets owned by just 6 companies. I won’t hold it against you personally for having done so, as I was there for the first 38 years of my life. Anyway, my opinion of this company immediately caused me to react negatively and I had hoped it would just go away if I ignored it, after all, I was just cc’d on the email request. Two days of ignoring the email didn’t help, and I was pulled into the conversation, now as a To: participant. Crap.
While in a meeting reviewing the security questionnaires I had received, I hesitated on the one from the aforementioned nameless company. My manager picked up on this immediately and asked what the deal was with this one. I chose not to get into it as there were multiple people in the room that didn’t need to hear my negative and personal emotions about this one company, so I waited until after the meeting and it was just the two of us. I unloaded, with a courteous warning in advance, about how this one company had created an agrichemical monopoly that was using human beings as experimental test subjects. How can plants designed to produce their own pesticide produce corn that isn’t harmful when eaten? How can plants that continue to produce pesticide even after they are harvested and tilled under not be harming the soil for future generations? For all it’s worth, he just listened to my words knowing that I needed to get it out.
I’m thankful for a manager that is easy-going enough to know when to just listen. He didn’t take any of it personally and has had similar feelings with other customers our company has done business with and in some cases, still does business with. The application we had questions to answer for was covered by an ISO certification, so his recommendation was to send the Statement of Applicability and just move on. He agreed with all of my points and admitted that he didn’t have answers to some of my questions. He even told me he was shocked about the pesticide fact and asked me to send him some links that explains how that worked. To the best of my recollection, I’ve not had such a strong response to a customer company in my career. This is one of two jobs in my career that I’ve worked closely with customers though, so its plausible that I’ll run into others. The nature of our products focuses on infrastructure, agrichemical, petrochemical, and other non-savory industries in the world today.
I work as an IT Controller, which essentially means that I am the person that ensures compliance with a host of certifications and standards my company has obtained for the applications and systems we develop and sell. Some of those certifications include SOC2 Type II, ISO 27001, FedRAMP, NIAP. There are literally hundreds of certifications a company can obtain depending on their business. ISO and FedRAMP are the two that have the most impact. FedRAMP allows you to do business with U.S. based governments and takes 2 years to obtain in most cases. ISO is what we tend to focus on mostly as it involves just an expansion of the scope. There are two selling points for ISO that make it worth obtaining: it’s non-prescriptive, meaning you can’t exclude or change any of the control language, and it’s on a 3-year certification cycle that is based on improvement year over year. The controls are strict and the Information Security Management System (ISMS) is the mechanism that ISO puts in place to make sure everything is working as it’s documented. I’ve generalized and over-simplified the process, it truly is a full-time job keeping up with it.
OK, now that the background is out-of-the-way, the main part of my daily work involves the completion of security questionnaires from our current and potential customers. These vary in length, detail, complexity, etc. from one company to another. I don’t usually complete them, but perform a first pass prior to sending them off to co-workers that are much more familiar with our applications. As I’ve never been in the industry my company serves, a lot of the customer names I see are unknown to me. That fact makes it easy to answer questions without bias or preconceptions and just provide the best and most truthful answers possible. If it’s changed after I provide an answer, that decision was above my pay grade and I’m no longer accountable for that answer. Yes, I’ve used this defense multiple times in the past year to my benefit when brown stuff flew into some fan blades.
In theory, the fact that I know the customers is irrelevant, as my job is to get the security questions answered and returned back to the account manager. They’re the ones dealing with the customers. There are just some companies that, due to their reputation and what they’ve done and are doing, are hard to do work for. I’m still apprehensive about the idea that software my company makes is allowing this customer to get their work done. Work that ultimately affects me in a negative way by putting genetically modified food on my table. In 2015, 89% of corn, 94% of soybeans, and 89% of cotton produced in the US were genetically modified to be herbicide-tolerant, making it impossible to get away from. Other countries have banned GMO foods until further research can be done to determine if they’re safe or not. A fact I found disturbing, Heinz ketchup has a GMO variety (sold in the U.S.) and a non-GMO certified variety (sold outside the U.S.). This is not the only company that does this by the way. Why haven’t Americans woken up to this threat yet? If you don’t think its a problem, watch the movie Consumed. Then read this blog post that is critically reviewing the movie, the comments tell the story. The point I get stuck on is how a 90-day trial is even marginally sufficient. As an example, lead takes significantly longer to build up in the human body before the symptoms start showing, a 90-day trial would not yield the results needed to determine lead is harmful.
There is a lot of talk about banning Glyphosate, which is a main component of the herbicide that is sprayed with while crops are growing to keep weeds controlled. Bacillus thuringiensis (Bt) produces a toxin that is toxic to certain insects and is what is used in GMO crop seeds to allow the plant to produce Bt while growing to reduce the use to pesticide spraying. The research has shown that Bt is eliminated during digestion due to the acid present in our digestive systems. Despite the research saying otherwise, I’m skeptical that our experiment in genetic modification isn’t going to have adverse affects sometime in the near future. The truth is that we just don’t know the long-term effects of using GMO seeds in the environment and we are forcing plants to do things they normally would have never done if we didn’t modify their genes. We’re living in a petrochemical and agrichemical world. The warning signs are all around us that we’re causing damage to ourselves and the environment. When is that going to change?