The ISO/TC 176 took notice of the impact of requirements for written programs in an organization’s quality management systems. Organizations had to essentially establish parallel quality management systems that lead to the implementation of inefficient and redundant manual documentation systems just to satisfy the standard requirements and electronic-based documentation. This requirement for a written quality plan/policy was dropped in the newly released ISO 2000:2015 quality management standard, which now calls for the documentation of processes that are key towards the achievement of the organizational quality objectives. I’m certainly sure a similar scenario is playing out with the roll-out of the FSMA regulations—whereby organizations that have invested in some of these technological applications that provide a modular holistic approach in the management of their food safety systems will be forced to bend over backwards to meet the regulatory requirements by trying to transcribe their complex enterprise-based food safety systems into linear structured written food safety plans—a very difficult feat to achieve!
At its core, the new FSMA preventive controls rules call for the development of a written Food Safety Control Plan by all the qualified facilities as a conditional requirement towards the fulfillment of the requirements. Does this mean that a facility cannot employ new technological applications, such as a modular approach (use of models), in describing its food safety systems (especially if it’s food safety system is nested within the an enterprise corporate food safety program in a complex structure)? For example, if it develops a computerized model depicting its entire food supply chain (internal and external processes) with the capability of providing the granular interactions and interrelationships within and among all the processes involved in the manufacture of its product as a means of enabling an efficient end-to-end visibility of its manufacturing operations from supplier to consumers (including all the non-linear interrelationships that interplay at the boundaries of the facility food safety system and the larger corporate food safety system) and all the controls that have been effected to assure the safety of its product, does it still have to create redundant manual interpretations of this model in a written document that is formatted per the current regulatory requirements in order to maintain its registration? Will that add to inefficiency, negatively impacting on business goals? Further to this, inefficient processes, however effective they may be, may not be sustainable from a business point of view!
My opinion is that flexibility should be incorporated into the regulatory text to make room for adoption of future technological applications by facilities. This would require the revision of the regulatory text of the key elements at the heart of the HARPC; instead of mandating facilities to have written food safety plans, it should adopt a more accommodative approach of requiring facilities to have documented food safety plans that would allow room for application of electronic formats, such as use of food safety models, to describe the food safety control measures in those enterprise facilities that have complex organizational food safety systems.
On a parting shot that is just a food for thought: In the medical industry, new technological applications such as computer-generated simulation models are employed by teams of surgeons when preparing to undertake complex surgeries. No documentation is used, all the team members’ suggestions and evaluations of the potential risks related to the operation procedures under study are captured in the electronic models and can be available at the click of a button (in case a review is needed), thus no such “written plans” are required.
This is the trend of the future!
The views presented in this article are the author’s opinion and are not representative of the Hershey Company.
I disagree with your assertion that the regulation isn’t flexible or technology friendly. The basic premise that because FSMA requires a facility to have a documented PLAN in addition to records that demonstrate the plan is implemented does not by its nature have any affect on the controls an organization puts in place to achieve food safety. If a facility cannot describe, in their own way, what their Food Safety System entails then how can it be verified? How can one gauge its effectiveness? It seems that you’re also interpreting “written plan” to mean that it has to be physically printed out? FSMA does not require this, it requires the plan to be documented somewhere, it can be electronic and “available at the click of a button” and that suffices as a written plan. The key here is that there is a documented description of what WILL be done with respect to preventive controls that a facility has implemented… otherwise how could that PC ever be verified?
There’s lots of flexibility in the rules as evident by the detailed comments & responses released by FDA upon publication of the PC for Human Food final rule. Response, 131 on page 181 describes a food safety system in which magnets and screens could be categorized as cGMPs as opposed to preventive controls… if that’s not flexibility……
There’s really nothing in the text of the rule that precludes a facility from using an electronic approach to documenting how their system works. The key is that the food safety plan, in whatever form it takes, needs to be a detailed description of what is being done and includes the management components (monitoring, corrective actions, verification, and validation) as appropriate IN ADDITION to implementation records.
Patrick, I agree with David. FDA may have used a term that you interpreted as requiring paper documentation. However, 21CFR11 explicitly allows the use of electronic records for any prerequisite record in another section of the regulations. I see no reason that this would not include storage of the food safety plan. The key will be that the plan is readily accessable to all employees that need it.
Thank you gentlemen for the critical reviews, while I understand the perspectives of your arguments, I’d like to point out that the regulatory text itself-“a qualified facility should have a WRITTEN Plan differs from the statement David made, that a facility should have a DOCUMENTED food safety plan. It may seem like a trivial focus on semantics, but this trivial difference could have an impact on the architectural structure of an organization’s food safety system. I think we’ll all concur that in some facility’s(especially in corporate enterprises) food safety systems will not be implemented and function as discrete entities, but rather as sub-system elements nested within the organizational hierarchy of systems. The use of the regulatory text ‘Written programs’ in my view implicitly precludes the application of visual documentation in describing the processes or structure of a given system. With new technological advances that are enabling far more application enterprise engineering of organizational systems-including Food safety systems, using model based systems engineering, I don’t see how the term “written food safety plan” would be a good fit, versus a the use of the term a DOCUMENTED plan. From the regulatory enforcement perspective, I would see the need for the usage of a terminology that will enable uniformity in interpretation of the requirements-hence a written plan, such that one cannot have employ the use of a model based food safety system-It has to be a PLAN. However not all businesses are the same in structure, in fact every business is unique unto its business model. Well for my argument’s sake, what if the regulatory language was revised to say ‘Every Facility will be required to have a DOCUMENTED food safety plan, describing the implementation of all the preventive rules requirements? I’d bet this will accord businesses more leverage in determining the architectural structure of their food safety systems, and allow the application of a modular approach in developing their food safety management systems.
If you review the comments and arguments presented during the review of the ISO quality management standard ISO 2000:2015 by the ISO/TC 176 in changing a similar requiring that was in the previous standard ISO 2000:2008 .The technical committee changes it’s requirement provisions from requiring that an organizations have WRITTEN quality Plans, to requiring DOCUMENTED informationhttp://www.iso.org/iso/documented_information.pdf, you can see the basis of my argument.
Thanks
Written documented plan with a virification system should work fine! HACCP- based with a full GMPs in place.