Tag Archives: audits

Audit

Webinar Series: Improve Your Hazard Analysis

By Food Safety Tech Staff
No Comments
Audit
Patricia Wester, PA Wester Consulting
Patricia Wester, PA Wester Consulting and Founder, The Association for Food Safety Auditing Professionals

The most commonly cited observation during a Preventive Controls inspection is an incomplete or incorrect hazard analysis, according to FDA data. Food Safety Tech is hosting a special complimentary webinar series, instructed by Patricia Wester, founder of The Association for Food Safety Auditing Professionals, that will provide attendees with important tips on conducting and documenting a thorough hazard analysis. During the one-hour event, Wester will help participants understand how to recognize gaps in a hazard analysis as well as share best practices for closing those gaps. The content is geared toward food safety professionals and auditors who develop, manage or review food safety plans in a Preventive Controls landscape.

What: “Did You Know?” Tips on Improving Your Hazard Analysis
Date: Wednesday, September 18, 2019
Time: 12pm – 1pm ET
Register for the webinar

Leonard Steed, AIB International
FST Soapbox

Unannounced Audits: Are You Ready?

By Leonard Steed
No Comments
Leonard Steed, AIB International

Many industries are moving toward unannounced third-party certification audits and the food industry is no different. If regulatory audits are unannounced, why is the food industry reluctant to adopt unannounced third-party audits? There are a number of benefits to unannounced audits—most importantly is their positive impact on a company’s food safety culture and how they prepare facilities to face FDA inspections.

Unannounced audits for food are required for many third-party certification audits. Typically, regulatory audits are always unannounced. Unannounced audits help demonstrate compliance and provide confidence to all stakeholders that your manufacturing sites are operating on the same GMP level, day to day, shift to shift, for every day your organization is manufacturing and distributing food products. With announced audits, companies tend to prepare for them before they occur. However, if there is a significant amount of difference between your sanitary operations prior to and during an announced audit versus normal operating conditions, you are sending your employees the wrong message.

Although there are differences between certification schemes, the GFSI third-party unannounced audits usually have a 40- to 60-day window in which the audit must be completed to allow the certification body to complete technical reviews and review corrective actions so that the certificate does not lapse. If it is a surveillance audit, then the audit is more likely to be truly unannounced, but a company still has the option of using blackout dates and the auditor will verify that the request was necessary. The bottom line is most companies have a certain timeframe when they know unannounced audits will occur.

Leonard Steed will present “Unannounced Audits: Are You Ready?” on November 14 at the 2018 Food Safety ConsortiumThe biggest impact on third-party audits is when the audit score is directly related to financial incentives for employees. This situation motivates employees to pursue activities to achieve the maximum score, not directly related to food safety. Activities may include significant audit preparation to eliminate or reduce GMP deficiencies, reduce or control the auditor’s access to records or areas of known plant deficiencies, “auditor shopping”, and to appeal any audit finding that lowers the score. Switching auditors or appealing findings can be legitimate tools to correct a system when auditors make errors in judgement or behavior. The activities to achieve the highest score should be reasonably governed because they could take away from the primary goal to operate in a food safe mode.

The goal of an internal audit program is to be compliant with regulatory inspections and third-party certification requirements and should therefore be risk-based. Determine what factors present the most risk to an organization and then align internal audits with those risks. At this point in time, being able to perform well on a regulatory audit should be a primary concern. Since the FDA and state regulatory agencies usually perform unannounced inspections, it would seem necessary to have your food safety plan, prerequisite programs and operations in a constant state of readiness to mitigate the risk of potentially unsafe food in commerce resulting in a recall.

One way to evaluate your food safety culture is to anonymously survey employees at all levels of the organization to gather information on attitudes and opinions about food safety and institute changes to improve your position. Another way is to initiate change by instituting unannounced audits on all manufacturing shifts and require participation by all departments in the audit function to move away from “QA-centric” food safety verification systems. The significant change is that all departments would be involved as an auditor and responsible for maintaining regulatory compliance. For some companies, the inclusion of all plant departments in the audit function has moved the needle in the goal to improve their food safety culture. To further define food safety culture in other terms, it could mean adhering to GMPs all the time, the importance of accurately completing and verifying food safety records, and fostering consensus between departments on the severity of food safety nonconformances requiring prompt corrective action.

Maintaining GFSI certification is an excellent way to achieve food safety requirements for compliance with FDA inspections. Although not specifically required by GFSI, another application of your internal audit program is to review your regulatory policy by performing a mock FDA inspection to identify any gaps in hazard analysis, identify preventive controls including the supply chain controls, accurately complete food safety records, and provide examples of corrective actions when preventive controls were not completed properly, and environmental corrective actions. If you decide to perform a mock FDA inspection of your facility, do not forget to include the FDA Guidance document criteria, as it is important to understand what the FDA expects to see when they are evaluating your implementation. Your internal audit program is a proactive program to note nonconformances before they become full blown problems, so don’t be afraid to use it to its fullest extent.

Craig Reeds, DNV GL

Six Ways to Prepare for a Cybersecurity Audit

By Craig Reeds
No Comments
Craig Reeds, DNV GL

In the food manufacturing industry, just as in any other industry, cybersecurity is very important. Your organization should be having cyber vulnerability assessments or penetration tests performed at least once a year. Like any big test you have taken in your life, this sort of assessment can be scary, but if you prepare for it, you can greatly improve the potential of passing the test. As you prepare for the assessment, there are six things you can either implement or do to make the result of this audit better for your organization.

  1. Do an inventory of what is connected to your network. You cannot expect to defend devices on your network that you are not aware of. Be sure when you perform this inventory that you include any device that connects to your network. Think past the routers, switches, desktop PCs, laptops and printers. What is connecting to your wireless network? Is your security system or HVAC system connected to the network? Creating a network device inventory can be difficult, but there are tools available to make it easier. Once you have created the initial inventory, your baseline, go back at least monthly to look for new devices or devices that are no longer connected so you can update your inventory.
  2. Determine what is running on all of your network devices. In the first step you inventoried the hardware—now we need to inventory what is running on each device. You can use tools such as Nessus to inventory the software on each computer as it scans the network to perform the device inventory. This is the quickest way to complete both of these steps. If there is old or unused software on a device, remove it. You need to document the operating system and application software on each device. This software Inventory should also be included in your baseline and verified/updated on at least a monthly basis.
  3. Use the Principle of Least Privilege. This is a very valuable cybersecurity concept. Never give a user or device more rights on the network than they/it need to perform their assigned tasks. Privileges are assigned based on roles or job functions. If a user is unable to download and install applications on their PC or laptop, you reduce the chance of a device becoming compromised. Many hackers, once in a network, move laterally through the network from machine to machine looking for information or vulnerabilities that can be used to give themselves more abilities on the network. If a hacker were to gain access to a user account or system with low privileges, it decreases the amount of damage they could do.
  4. Use Secure Configurations. All operating systems, web browsers and many other networked devices have secure configuration settings. One of the problems with doing this is that operating systems alone can have hundreds of settings to choose from. The Center for Internet Security provides benchmarks for just about every conceivable device. The CIS Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
  5. Set up a policy and procedure for applying security patches. New vulnerabilities are discovered every day and when these vulnerabilities are found, vendors release updates or patches to mitigate the vulnerability. Exploiting vulnerabilities is what a hacker lives for. An unpatched vulnerability can be almost an open door for a hacker to get into your computer or network. It is mind boggling to hear that some organization was hit with ransomware because they didn’t load a security patch that was released six to 12 months ago. When an application reaches end-of-support, the vendor stops releasing patches, and that should tell you that it is time to upgrade the software to the newest version or find another tool to perform that task. Never use unsupported software on your network. Speaking as an auditor, a fully patched network is impressive.
  6. Create an Incident Response Plan. Let’s face it, no matter what you do to protect yourself, something is eventually going to go wrong. Do you have a plan to continue operations if you lose access to your office building? Do your users know what to do if they receive or fall prey to a phishing e-mail? This process starts with performing a risk assessment. Once you have determined the potential risks, you then move on to determining how to mitigate the risks. You will need to create policies and procedures and then train the employees on them, so they know what to do.

By performing these six steps you will be protecting and strengthening your networks, your users, and trust me, you will impress the auditor. Also, it should be noted that these are not once and done steps—these are steps that must be repeated sometimes on a daily, if not at least on a monthly, basis.

Steven Burton, Icicle Technologies
FST Soapbox

Food Recall Strategies: What You’re Missing (And What You’re Risking)

By Steven Burton
No Comments
Steven Burton, Icicle Technologies

You’ve heard the horror stories of product recalls: The Peanut Corporation of America in 2009, Blue Bell ice cream in 2015, and Darwin’s Raw Pet Foods this year. Beyond the nightmare scenario, the truth is that food recalls are common—even for companies that take food safety seriously, train effectively and keep excellent records. Yet all of these things, when done properly and efficiently, go a long way to reduce the impact and severity of a recall.

Unfortunately, many food manufacturers, although required to have a written recall plan, aren’t ready for the challenge. Without the proper systems in place, businesses needlessly risk their customers, reputation, revenue and future.

Risks Of Inadequate Recall Strategies

Resolving a recall can take years and potentially millions of dollars in fines, product shipping and disposal cost, production line downtime, lawsuits, and lost market share as consumers lose trust in the company. But there are two strategic errors that can amplify these consequences—and they both have to deal with traceability.

The first problem we frequently see is lot codes not being specific enough. Rather than breaking up production into discrete lot codes so the scope of recalls can be as limited as possible, some facilities just run the same lot code for many production runs. The record we have seen so far is three years! When a recall occurs,this results in a recall of massive scope that can easily bankrupt a company.

The second problem that is even more common is a lack of dynamic documentation. Assembling transactions using disconnected records from different departments can be time-consuming and error-prone. When you’re under pressure from regulators or auditors to connect the dots between an ingredient and customers through complex, multi-stage production processes using such a record system, it can cause stress and potential audit failures.

These two missing pieces make recalls larger, more time-consuming, and more expensive than necessary due to a lack of precise traceability. Let’s take a look at the two ways you can fill these gaps in your system and mitigate the consequences of recalls.

Get Specific with Ingredients, Suppliers and Lot Codes

Streamlining your product lines and packaging options lists is a straightforward way to reduce potential headaches in the event of a recall. The more products and packaging options with which you work, the more complex it will be to pinpoint and resolve food safety failures. Anyway, this type of housekeeping is beneficial as far too many companies have large lines where only a small subset of their products sell well at decent margins. Larger, more mature organizations tend to thin down their lines to optimize for profitability, and smaller companies can often benefit from doing the same.

The next strategy you can employ to mitigate the consequences of a recall is by being ultra-precise when it comes to your records and lot codes. The more narrowly you refine your lot coding system, the fewer items you’ll have to recall. Let’s look at a specific example of how this could have saved two companies millions of dollars.

In 2010, Hillandale Farms and Wright County Egg recalled about 550,000,000 eggs, one of the largest recalls in the history of the United States. Although the company was able to resolve the specific dates and facilities where the contaminated product originated, they had 53 million hens laying, so this level of resolution may not have been adequate enough. Had they implement traceability lot codes down to the hen house level, they may have been able to contain the recall.

Automate Your Traceability To Be Audit Ready, All The Time

The challenge of maintaining an overly broad product line or providing customized packages is that you create hundreds or thousands of variants in your products. When records are maintained manually, it becomes extremely difficult to manage recalls effectively. An Excel spreadsheet may keep a record of everything, but it’s certainly not dynamic or time-efficient when undertaking mass balance calculations.

The key here is to adopt software that you can incorporate into every department. Shipping, receiving, accounting, production—when all the records are kept in a central database, checking and updating those records becomes much easier. But the best systems don’t just centralize your collected data; they automate your data collection.

Dynamic documents automatically update each other. When a supplier changes, an ingredient lot gets swapped out, or products are shipped out, all the connected records for every department are automatically updated. No user mistakes, no failure to update the notes—just seamless, streamlined, auto-updating records.

There’s no better way to track complex production processes, control hazards, and collect all the necessary information necessary to breeze through audits than by using an automated system. With all your documentation interconnected, you don’t have to piece together the puzzle or play connect the dots—it’s all done for you, and that means you won’t waste millions on recalling products unnecessarily because you couldn’t pinpoint the exact path every ingredient took on the way to the customer.

Recalls are detrimental in every way, but they happen, so don’t get caught off guard. A little bit of proactive technology will go a long way in keeping your business afloat if you ever do face the nightmare of a recall.

Steven Burton, Icicle Technologies
FST Soapbox

Six Best Practices To Make Audits Stress-Free

By Steven Burton
No Comments
Steven Burton, Icicle Technologies

Your next audit is already on its way. Now that many regulatory bodies and certification agencies are no longer required to give you a heads-up about upcoming audits, it’s completely up to you to stay on top of compliance, recordkeeping, and a myriad of other tasks on a day-to-day basis. And without that buffer of warning from auditors, falling behind can be more detrimental than ever.

Let’s walk through some effective practices that keep you ready for an audit at a moment’s notice, make the process go smoothly once the auditor arrives, and get rid of some unnecessary stress all along the way.

Connect All Departments to an Online Database

When it comes to collecting and moving data from one department to another, there’s nothing as inefficient as disconnected documents. Not only are they a strain to keep organized in big filing cabinets or file folders, but they take a long time to create, share and edit. It seems cliche to harp on this point in 2018; yet, many food safety coordinators have a purely manual system.

By connecting your entire company to an online database, you enable different departments to organize, share and update documents in seconds, rather than minutes. This level of connectivity can shave time off dozens of tasks per day, which ultimately leads to hours or days of extra productivity over the course of a year. When you adopt a system that updates connected documents in real time, you won’t have to make manual changes to multiple documents for small changes.
If you want to get extra efficient, the real trick to this best practice is to find software that you can incorporate into every department. Then, as people go about their normal jobs, the information they collect is automatically uploaded to the central database.

Utilize the Internet Of Things to Streamline Data Collection

These days, it’s possible to connect almost every piece of equipment to the Internet of Things. Even if your machinery doesn’t have measurement tools built-in, there are almost certainly additional tools you can install to create that functionality.

Having your equipment feed data directly into your central database is faster than manually collecting information and eliminates the risk of human error when it comes to data entry. Thanks to that simple degree of automation, already standard in large parts of the global economy, you can also use system dashboards and alerts that let you know when something’s off, like the temperature in the freezer or the production speed of equipment on the floor.

Don’t Settle for Uninspired Internal Audits

Many food safety coordinators are so focused on specific issues that they forget to take steps back to look at the situation from a bird’s eye view. When the time for an internal audit comes around, they do it with one eye on the audit and one eye on the next fire that needs putting out.

Lazy internal audits are not only noticeable to external auditors, they keep you in the dark about what’s really happening in your facility. Here are a few ways you can ensure your internal audit empowers you rather than slows you down:

  • Schedule the internal audit ahead and make it immovable
  • Plan out your scope, objectives and process to establish momentum and direction
  • Dedicate your full attention to running the audit and managing relevant staff
  • Report your findings in detail and discuss with necessary employees
  • Schedule and verify corrective actions

A well-performed internal audit is a powerful way to regroup, refresh goals and stay on track.

Train All Employees for Go-Time

Do you know which employees an auditor is allowed to interview? Any of them. No person is disqualified from interviews, which means every employee needs to be well trained on food safety procedures. While most facilities only train employees until they know the basics of food safety for their department, going above and beyond here can have some major gains.

Consider the perspective of the auditor. When they are asking your employees questions, they’re not just trying to complete a basic inspection. They want to see signs that you haven’t done the bare minimum, but that your employees are immersed in a food safety culture, that they have been receiving training long-term, and that food safety is a fundamental value of your company.

When auditors get the sense that your employees are up-to-speed, things tend to go a little smoother, stress levels lower, and the auditor becomes less suspicious.

Give Food Safety Coordinators the Appropriate Authority (and Budget)

One issue that many facilities run into is an unempowered food safety coordinator. When that person discovers ways to improve or correct operations or employees that are not following protocol, he or she is often unable to take the appropriate action.

Hazards aren’t the only things that need corrective actions from time to time. Sometimes employees need to face consequences for compromising the production area with food or for haphazardly completing safety-related tasks. Other times, employees don’t have the necessary software or equipment to perform their job well and even though their managers may be aware, they don’t allocate the appropriate budget to improve the situation. In order for any company to thrive, standards must be enforced by relevant leaders; and there’s no one better to call the shots on food safety than the designated coordinator.

Establish a Company-Wide Food Safety Culture

When it comes down to it, companies that value food safety thrive. Companies that consider food safety an annoying task to check off the list—they’re the ones that run into extra trouble.

Building food safety into your company’s system of values starts at the very beginning with how you train your new hires. It continues on into how you provide ongoing training even to experienced employees. It’s not an item on the list of meeting topics; it’s a value that underscores the entire agenda.

In order for this approach to be successful, it has to start at the top. Facility owners and managers that value food safety will organically pass that on to the people below them. But when the upper levels can’t be bothered with food safety, the entire organization struggles to hold onto it as a value.

Some of these best practices you can start working on tomorrow; others will take time to implement. Embedding these into your company can be a long road, so keep your eye on the prize: A safe, efficient food safety program that impresses auditors and keeps things running smoothly.

Manik Suri, CEO and co-founder, CoInspect
Retail Food Safety Forum

Rodent Poop, the Olympics and Food Safety Inspections that Work

By Manik Suri
3 Comments
Manik Suri, CEO and co-founder, CoInspect

Another day, another potentially brand damaging story—just ask Little Caesars. On February 7, the health department closed down an Indianapolis-based location because customers found some rodent feces on their pizza—it was clearly a food safety violation, and pretty disgusting. Meanwhile on the other side of the planet, athletes prepared their entire lives to compete in the Olympics. More than 100 people contracted Norovirus around the Olympic sites in Pyeongchang, where the athletes were in danger of getting a violent, contagious stomach illness that would derail their dreams and prohibit them from competing.

We live in a world that eats out, and if we don’t develop new techniques to protect customers in restaurants and food service settings, more people are going to get sick (or worse) from foodborne illnesses. The current food safety process is broken, and needs to be fixed in restaurants nationwide and globally.

At Google, Larry Page has spent two decades managing the speed of a search result for the company’s core service. From 1997 forward, Page has obsessed about the right results as fast as possible. When has Google ever been slow? People use the search engine daily because it always works.

For restaurants to grow and thrive, they need habit formation from fickle consumers. Habits are formed when restaurants deliver on their value proposition slice after slice, burger after burger, and salad after salad. So what is your organization doing to make sure that every meal is extraordinary— not only delicious, but also safe? What are you doing to prevent Norovirus and other foodborne illnesses?

Well, you’re probably not studying the data to create better processes. A 2017 survey of the top 500 restaurant chains found that 85% use paper logs or spreadsheets as their core technology for safety, quality and standards management. Paper logs, line check clipboards or homemade Excel sheets on a laptop are inefficient and ineffective systems to manage something as critical as food safety.

Many restaurants have upgraded their mobile ordering software and relaunched their menus on LED screens, but still make employees use clipboards to conduct food safety line checks and QA audits. This devalues the importance of their food safety operating protocols. Restaurant teams are comprised mostly of millennials and Generation Z— the mobile generations. They expect to be trained, do work and solve problems with their phones. But when their employers train with paper manuals and complete work with paper forms, it’s a huge disconnect for them.

Moreover, how did people at Little Caesars HQ in Detroit have insight into that recent incident in their Indianapolis store? What operating data do they have to examine? What line checks happened in store on the day in question? When was their last third-party food safety audit? What corrective actions were taken? That information would be hard for them to know, if, like the vast majority of restaurant chains, they were not collecting and analyzing data with modern tools.

Upgrading your operating technology so that your people have digital tools is not expensive. Software is much more affordable today because of the software-as-a-service revolution and the extraordinary computing power and proliferation of mobile devices. An emerging ecosystem of safety and software companies is ready to take your facilities into the 21st century. But the C-Suite has to decide it wants to empower its employees to do their best work and commit to having real-time data that is actionable and accurate.

Having mobile ordering software and LED screens for menus is helpful and valuable. But food safety is the most important component of every restaurant (and other food service companies). It is imperative that the food service industry embraces digital solutions to elevate their food safety standards. Without proper food safety standards, any organization could face a crisis like Little Caesars and the Olympics recently experienced. All it takes is one tainted meal to harm your guests—and your brand.

Eurofins and Orion Assessment Partner to Expand Auditing and Certification Services

No Comments

Eurofins Food Safety Systems and Orion Assessment Services have announced a partnership that will expand their auditing and certification services on a global scale.

“The partnership will allow Eurofins to broaden their BRC Global Standards and GFSI scheme auditing resource base and provide them additional expertise in BRC to utilize. It will also allow Orion Assessment Services to operate under the Eurofins accreditation for BRC, SQF and FSSC 22000 schemes,” according to a Eurofins news release. “As a certification body, this collaboration will enhance the standards currently offered through Orion Assessment Services’ accreditation for ISO 17065 and ISO 17021, as well as offering brand new opportunities in the various GFSI schemes, for both existing and new clients internationally.”

Food Safety Supply Chain panel 2017

Registration Open for 4th Food Safety Supply Chain Conference

By Food Safety Tech Staff
No Comments
Food Safety Supply Chain panel 2017

Do you trust your suppliers? What about your supplier’s suppliers? Strengthening the links within your supply chain can be a challenging task, but it is necessary with FDA, and FSMA, recognizing the risk that exists.

Key topics, including vulnerabilities, inspections & audits, traceability, supplier verification, transportation, and recalls will be addressed at the 4th Food Safety Supply Chain conference from June 12–13 in Rockville, MD. The event will be held at the U.S. Pharmacopeial Convention.

This year’s agenda will be posted by March 1. In the meantime, the following are some topics covered at last year’s event:

Industry Experts Weigh in on Supply Chain Issues

Import Safe Food, Stay Out of Trouble with FDA

 

Lance Roberie, D.L. Newslow
FST Soapbox

Can You Defend Your Food Safety Plan?

By Lance Roberie
1 Comment
Lance Roberie, D.L. Newslow

As a food safety plan manager, do you ever get asked these questions regarding your food safety plan: What was your thought process for making this decision? Why do you do it this way? How do you answer this?

And, do you ever answer with one of the following statements:

  • I’m not sure? What do you mean?
  • That’s the way it has always been.
  • Our customer asked us to do it that way.
  • That’s what our last auditor recommended.
  • We make a low-risk product.

If this is one of your answers, defending your food safety plan may be a challenge. There is a major shift taking place in the world of food safety. With the implementation of FSMA Preventive Controls, the widespread adoption of GFSI audits, along with advanced technologies such as rapid pathogen and allergen detection, whole genome sequencing, and transparency efforts such as Blockchain, as well as with the increasing use of social media and access of information via the internet, food industry professionals are more educated and informed than ever before and ready to challenge your every move. As a food safety plan manager, you and your team must be ready! Being prepared to defend your food safety plan can be the difference between a recall and a routine audit. If you cannot fully explain the reasoning behind your decision-making, then how will you be able to prove that you are in complete control and are being proactive against food safety hazards? It will not be easy.

You must be ready to defend each and every part of your food safety plan. You must be able to defend questions and challenges with certainty and facts. Every decision made in your hazard analysis should be written down and backed with factual evidence whenever possible. Even the “none identified” areas should be backed by strong reasoning if no other factual evidence is available. You can use the data that you collect daily to help justify your decisions. Data collected from your prerequisite programs (ATP swab results, allergen cleaning validations, GMP audit findings, pest control trends, etc.) and food safety plan (CCP’s, validations, verifications) is all support for your decisions. Have this on file and ready to review when necessary.

If something looks out of the ordinary in your plan, make sure you can fully explain it and can back it with solid justification. If not, auditors, regulators, customers, etc. may start to become suspicious, which can lead to unwanted questions. You will then oftentimes start to get suggestions for change based on others’ individual expertise. Regulators may make “strong suggestions” for changes, for instance, and some people will just go along with it to avoid the pushback or because they simply don’t have a better solution. If this happens, soon your plan is no longer yours—it’s everyone’s. Some of these suggestions may be good, but is it really the right change for your plan? If not, it will often make the plan less rational and often difficult to defend.

The following are tips to help you avoid this situation.

  1. Meet with your food safety team regularly. Go through each part of your food safety plan and figure out how to answer the “why’s”. Why are things done this way? Why did we decide if this hazard was significant or not? Have annual reviews to make sure your plan is still functioning as originally intended and review new industry trends to be proactive regarding new potential hazards.
  2. Write a process narrative. Writing a process narrative documenting what happens at each step of your process and explaining your “thought process” for making decisions is a great support tool. It gives your team a chance to elaborate on the “justification” column in the hazard analysis, providing more decision-making details without crowding the hazard analysis form.
  3. Gather supporting documents. Scientific studies, guidance documents, expert opinions, etc. are vital pieces to have in your supporting documents library. Make sure it is appropriate for your individual products and the documents are from reputable sources, such as FDA, USDA, universities, process authorities, etc. Oh, and don’t forget about history! A reputable supplier with a long track record of safe product, a low history of recalls for the products you produce, etc. can help justify your decision-making.
  4. Conduct Internal Audits. Having an internal audit schedule and well-trained internal auditors help with finding inconsistencies within your program and allow you to make corrections before outside parties find these issues.
  5. Prepare. Have a “mock audit” and prepare for questions that are commonly asked during audits. Practice your answers and make sure you have supporting evidence when needed. Stay up-to-date with industry trends, especially common audit non-conformances.
  6. Be organized. It’s great to have all the supporting documents that you need, but if you cannot find them, then you just as well have nothing.
  7. Be confident. People, especially experienced auditors and inspectors, can quickly sense fear and lack of confidence. This often prompts more questions. Knowledge is power, and knowledge also builds confidence. Simply put, the more knowledgeable you are about your food safety plan, the more confident you will be when someone is trying to test you.
  8. Continuously Improve. It’s understandable that mistakes will be made. However, the next logical question you will be asked is: What did you do about it? Remember, for every nonconformance you find in your system, there should be a correction or corrective and preventive action to address it. It must not simply restate the problem, but legitimately correct the issue. This will give regulators, auditors, customers and anyone else looking at your system confidence that you are in control and can provide a consistently safe product.