Risk, food safety

Food Defense and Intentional Adulteration: How Prepared Is Industry?

By Maria Fontanazza
No Comments
Risk, food safety

Companies seem to be at varying levels of readiness, and now is the time to plan.

The FSMA Intentional Adulteration rule (Mitigation Strategies To Protect Food Against Intentional Adulteration) requires companies that fall under the rule to implement a written food defense plan, identity vulnerabilities and establish mitigation strategies based on those vulnerabilities. This is new territory for FDA as well as for many companies in the industry—and for this reason, the agency has established a longer compliance timeline. However, that doesn’t mean companies should wait—the time to prepare is now.

Christopher Snabes, senior manager, food safety at the The Acheson Group (TAG) and Jennifer van de Ligt, Ph.D., associate director at the Food Protection & Defense Institute (FPDI) sat down with Food Safety Tech to discuss some of the challenges they see industry facing related to intentional adulteration and food defense.

In addition, TAG and FPDI are interested in gauging the industry’s level of readiness in this area and have put together the survey, Intentional Adulteration & Food Defense Industry Preparedness. We encourage you to take the survey. And don’t miss subject matter experts from TAG and FPDI at this year’s Food Safety Consortium as they discuss Food Defense: Lessons Learned from Recent Incidents + Key Steps to Mitigating Risks.

Food Safety Tech: Given the subject matter of the survey, what do you feel is the current preparedness level regarding compliance with the FSMA Intentional Adulteration rule?

Christopher Snabes, The Acheson Group
Christopher Snabes, The Acheson Group

Christopher Snabes: I see this from a variety of fronts. Some companies established food defense solely on the events of 9/11, putting initial food defense plans in place [that involved] fences, installing security guards and gates, and locking the outside doors. Some companies we’ve worked with feel this is sufficient enough to meet the IA rule, and that’s not correct.

TAG has assessed several companies that are in the process of conducting food defense assessments, and they’re doing them based on best industry practices, and preparing for the inside attacker and/or a terrorist getting into key production areas.

TAG has worked with some companies that are fully waiting for the second and third guidance documents from FDA to come out before they do the full food defense plan. We’ve worked with some companies doing a mix of the above—they’re not waiting for the guidance but are actively testing their plans and having an outsider test their vulnerability, and then they’re rewriting plans based on the findings. They’ll also update their food defense plans, once the second and third FDA guidances are released to the public.

We feel these are the most prepared facilities; there are not a lot of companies at this point, but they’re starting to pick up steam. At this point, I would say most companies are actively pursuing a food defense plan as well as beginning to test their vulnerability.

Jennifer van de Ligt, Food Protection and Defense Institute, University of Minnesota
Jennifer van de Ligt, Food Protection and Defense Institute

Jennifer van de Ligt: I agree with Chris and would add that in the past two years or so, there’s also been a shift in how the industry is viewing the Intentional Adulteration rule. Many companies currently have food defense plans based on the events of 9/11 and, for the first couple of years, as the new Intentional Adulteration rule was being written, there was still a heavy emphasis on “that should be enough.” I very rarely hear that now when discussing the Intentional Adulteration rule with our industry partners. I think companies are more prepared from an understanding perspective to move beyond perimeter security and guards to really think about the risks in the facilities that would come from people with legitimate access— what the rule defines as “insider attackers”. Although understanding is increasing, Chris is correct that different parts of industry are on different paths. Some just now understand that they have to do more, while others are well on the way on to looking at how they need to structure themselves internally and are already moving towards vulnerability assessments.

FST: Are you seeing company size play a role in the readiness level?

Join the Food Protection and Defense Institute and The Acheson Group (TAG) at the 2018 Food Safety Consortium for an interactive discussion as they explore recent food defense events, highlighting key components of the incidents relative to government interactions, FSMA regulations, brand reputation, financial interests, and public health response. van de Ligt: The larger companies thinking about a multi-international approach seem to be further along in the process. I think they started thinking about the vulnerability assessment, how they’re going to structure it in their company, and how they’re going to come to compliance because of the breadth and the scope that impacts them. But we’re also seeing, at least in our training, some of the mid-sized companies beginning to take action. I think again, they realize that even though they’re smaller, they’re going to need additional resources, and they might not have those resources in house, so it might take them a bit longer.

Snabes: In general I would agree with Jennifer. I think a lot of it is because they have additional resources, and they can leverage them across many facilities as needed. I don’t see as much action being taken outside the United States on the facilities that are importing into the United States. I think that’s just starting to ramp up. I’m also seeing very small businesses that aren’t required to follow the IA rule implementing this because they want to protect their brand.

FST: What challenges are you seeing companies experience in understanding food defense, IA, and the appropriate preventive actions they should be taking?

FSMA Checklist: Intentional Adulteration rule Snabes: Just understanding how the rules can apply to the business. For some companies, that’s still a challenge. Other companies, like the large ones, get it. Other small- and mid-sized companies are still trying to figure out how it applies to them. After that, the challenge is realizing there are expenses involved. For example, they have to install key fobs, cameras in critical areas, etc. They also have to realize they can meet the IA rule by not spending an exorbitant amount of money. For example, within a budget there are things companies can do without having to spend a lot of money, such as food defense awareness training.

Another challenge is educating all workers in food defense; enforcing the food safety culture within the facility and the idea that their job can be at risk. They have to realize that if they don’t recognize an individual inside the premises, or if something is out of place in a critical area, they need to inform their supervisor. If they see something, they need to say something—and ensure that the intentional adulteration is not taking place.

Educating employees is the least expensive way to invest in food defense, and it is the most effective. However, this can be a challenge for the companies that, for example, have a high turnover rate—if you have a lot of employees coming in and out, that means constant training, enforcement and re-educating. We see quite a bit of companies with a large turnover rate.

van de Ligt: I agree with those points. In our training, we also talk about food defense culture and how it needs to be supported across the business, similar to the way food safety culture is already in many of our businesses, and how to incorporate food defense awareness training, and on-boarding and refresher training.

The other challenges I see is that once you get to the understanding of what needs to be done and you get the buy in, there are some logistical issues at some of the companies—from big to small. Some companies are struggling with understanding which part of the business should be responsible for this (the food safety group, the security group, etc). Because we are talking about legitimate access and who is responsible for putting the plan together: How do these groups that may not have worked closely within the bigger companies now create that shared collaborative environment?

At the smaller companies, where they may not have that breadth or resources, now you’re asking a specialist in one area to pick up a completely different expertise and discipline. With a food safety and quality person, part of their job may be supply chain and sourcing, and now they also have to learn food defense. How are they managing and balancing all the different FSMA rules in their portfolio—because you have one person actually thinking about the breadth of them all. This presents a challenge to the logistics of implementation.

The other challenge I see is that FDA has done a really good job in providing input, guidance and listening sessions, and has been open and available to answer questions—more so for this rule than any of the other rules that I’ve watched go through industry. However, with the guidance being published so close to the compliance date it presents a challenge—companies that are waiting on the guidance will have to comply very quickly without the best understanding on what FDA’s thoughts are—because they’re waiting on the pending guidance.

FST: What steps should companies take to mitigate the IA risk?

van de Ligt: I have three action items for every company to take.

  1. Read the IA rule, including the preamble if they haven’t. There’s a lot of information there that will help them understand the mindset and how the IA rule came about.
  2.  Read the guidance document when it comes out. The first guidance contains many clarifying examples that will help understanding and implementation.
  3. Train the key people who are going to be responsible for writing the food defense plan and all employees on food defense awareness.

There are resources out there, whether it’s talking with FDA or coming to a sponsored training, for folks to get assistance in understanding and interpretation, and it would be great for them to take advantage of it.

Snabes: I agree with those three points. In general—do an FDA food defense assessment of your facility. Look for and concentrate on the key activity types that are critical. At least get a list of what areas are going to be the ones you have to mitigate. For example: The offloading of liquids, open vats, hand applied additives, etc. The most important thing I suggest doing right away is food defense awareness training for not just the supervisors, but all the employees—everyone from receiving to shipping to supply chain, etc. Everyone should be aware of the importance of food defense training and how their job depends on it.

In general, with food defense or IA—the rule is a brand new concept to FDA. It’s something they never tackled before. Because of that, there is going to be a longer time of educating before regulating. FDA is going to bend over backwards to work with companies so they understand how this rule is going to be implemented.

Any company out there can have a “strong employee” who wants to cause intentional adulteration, so the time to plan for that is now. Don’t wait for the rule to come into effect before you start planning.

Hot Topics in Intentional Adulteration, Food Fraud and Food Crime

About The Author

Maria Fontanazza, Food Safety Tech

Leave a Reply

Your email address will not be published. Required fields are marked *