Tag Archives: audits

Earlier this week SGS became the first certification body approved to audit against the Gluten-Free Certification Organization (GFCO) standards worldwide. GFCO, a program of the Gluten Intolerance Group, is globally recognized, providing independent certification services to gluten-free product producers. The program, which has certified more than 40,000 products from more than 900 companies in 29 countries, requires product reviews, on-site inspections, testing and ongoing compliance activities. The third-party certification verifies that a product meets strict gluten-free standards, ensuring valid gluten-free processes were followed during manufacturing.

SGS will be conducting the GFCO audits as a stand-alone service or in combination with its Food Safety certification audits.

April 4, 2017

Best Practices for ISO 17025 Accreditation: Preparing for Your Food Laboratory Audit (Part II)

By Joy Dell’Aringa

2 Comments

In Part I of this article, we explored the considerations a laboratory should initially evaluate when pursuing accreditation, as well as guidance from leading industry experts on how to prepare for an ISO 17025 audit. Here we will review what comes after the on-site assessment and provide practical user-based advice for preparing a response, common areas of non-conformance, and future changes to the ISO 17025 Standard.

The Response

Once the assessor has completed the audit, they will typically hold a closing meeting on-site where they present their findings, also referred to as deficiencies or non-conformances. For each finding they will document a specific reference to the standard as evidence and provide opportunity for questions and discussion. Most assessors will be open and conversational during this final portion of the assessment; laboratories are well suited to take advantage of this time. Some assessors will even brainstorm possible responses and corrective actions while onsite; this is valuable insight for the laboratories quality team and can help them get a jump on the response.

Depending on the accrediting body, the laboratory will have a certain amount of time to respond to the findings, usually 30–60 days. The anatomy of a well-assembled response will include a full corrective action report, complete with root cause analysis. Often, the assessor will also request supporting documents and records to show the effectiveness of a corrective action. Most laboratories will have forms to help guide users through the corrective action and root cause process. It is important to have a systematic approach to ensure your corrective action is thorough and balanced.

Determining root cause is a critical part of this exercise. Erin Crowley, CSO of Q Laboratories shares their approach. “We use a variety of root cause analysis techniques, but have found for our operation the principle of the ‘5 Why’s’ is very effective,” she says. “Don’t simply answer the singular deficiency. Accrediting bodies will want to know that you have addressed all variables that might be associated with a finding. For example, if a specific incubator was out of range on a specific date, don’t just indicate that someone fixed it and move on. Assess how they addressed the issue, any impact on data, what they did to react to it, and how they are putting systems in place to prevent it from happening in the future on any other incubator. You have to show the full process.”

Implementing procedures as an outcome of a corrective action can also bring challenges to an operation. As a national multi-site reference lab, Eurofins Quality Manager Peter Dragasakis must work with other departments and locations to deploy new or changed systems for compliance. “Sometimes the most challenging part of the entire audit process is coordinating internal stakeholders across other departments such as IT or complimentary analytical departments,” he says. “Coordinating a response in a timely manner takes full organizational cooperation and support.” Communication throughout the quality and operational arms of an organization is critical to a successful response. Often, accrediting bodies and laboratories may shuttle a response back and forth a few times before everyone is satisfied with the outcome.

Common Areas of Non-Conformance: Pro-Tips

While all areas of the standard are important to a conformant operation, there are a few key areas that are frequently the focus of assessments and often bare the most findings.

Measurement Uncertainty. Depending on the laboratories Field of Testing (FOT), Measurement Uncertainty (MU) can be captured in a multitude of ways. The process aims to systematically and quantifiably capture variability in a process. For chemical analysis this is typically well defined and straightforward. For microbiological analysis the approach is more challenging. A2LA’s General Manager, Accreditation Services, Adam Gouker says the reason many labs find themselves deficient in this area is “they don’t consider all of the contributors that impact the measurement, or they don’t know where to begin or what they need to do.” Fortunately, A2LA offers categorical guidance in documents P103a and P103b (for the life sciences laboratories, two of the of many guidance documents aimed at helping laboratories devise systems and protocols for conformance.

Traceability. There are several requirements in the ISO 17025 standard around traceability. In terms of calibration conformance, which accrediting bodies seem to have emphasized in the last few years, Dragasakis offers this tip: “When requesting [calibration] services from a vendor, make sure you’re requesting 17025 accredited service. You must specify this, as several levels of service may be available, and “NIST Traceable” certificates are usually no longer sufficient.” He also advises that calibration certificates be scrutinized for all elements of compliance closely. “Some companies will simply state that it is ‘ISO 17025 compliant’, [and] this does not mean it is necessarily certified. Look for a specific reference to the accrediting body and the accreditation certificate number. Buyer beware, there is often a price difference between the different levels of calibration. Always practice due diligence when evaluating your calibration vendor and their services, and contact the calibration service if you have any questions.”

Validation vs. Verification. One of the more nuanced areas of the standard lies in determining when a test requires validation, verification, or an extension, specifically when there is a modification to a method or a sample type not previously validated by an internationally recognized organization (AOAC, AFNOR, etc.). Certified Laboratories Director Benjamin Howard reminds us, “think of validation and verification as existing on a spectrum. The more you stray away from an existing validation, the more validation work is required by the analyzing laboratory.” For example, analyzing Swiss cheese for Salmonella by a method that has already been validated for soft queso cheese may require only minimal verification or matrix extension. However, a laboratory that is altering a validated incubation time or temperature would require a much more robust and rigid validation process. Howard cautions, “Accredited laboratories must be transparent about modifications, not only on their scope of accreditation but on their reports [or CofA’s] as well. Under FSMA, companies are now accountable to the data that their laboratories generate. If you see a “modification” note on your report, perform due diligence and discuss this with your laboratory. Ensure a proper validation of the modification was performed. “Additionally, the ISO 17025 standard and accrediting bodies do not mandate how a validation or verification should be done. Laboratories should have a standalone SOP that outlines these procedures using scientifically supported justification for their approach.

CAPA / Root Cause. A good corrective action / preventive action (CAPA) and root cause (RC) analysis program is at the heart of every sound quality system. “Corrective and preventive action (CAPA) processes can either add value or steal time away from the organization according the quality of the root cause analysis,” says Vanessa Cook, quality systems manager at Tyson Foods Safety & Laboratory Services. “CAPA might be the single greatest influence on an organization’s ability to continuously improve and adapt to change if diligence is given to this activity.” Investing in resources such as ongoing training in CAPA/RC programs and techniques are key components to ensuring a robust and effective CAPA / RC program.

Continue to page 2 below.

Pages: 1 2

February 22, 2017

Audits: The Opening Meeting

By Bryan Armentrout

2 Comments

Read Part I: What Do Food Facility Auditors Really Want?When I train my QA managers on how to start an audit, I teach them to always say something to this effect: “Thank you, Mr. Auditor for coming here today. We are proud of the work we have done on our quality system and are happy to show you our hard work. To be clear, we are using SQF Version 7.2 Level 2 as our standard for this audit. If you have any suggestions for improvement outside of that expectation, we would love to hear them. Sound fair?”

Who would not agree to that? It establishes the rules of the game and if the auditor steps out of bounds, it sets up an expected course of action on your part.

So, during the audit, if the auditor does step outside of the standard (and they usually do at some point), you can return easily and without confrontation to the scope of the audit.

If this happens, you can respond like this: “I hear what you are saying, Mr. Auditor. That is very interesting, but I am confused. I know the standard and the section you are referencing, but I cannot find where it addresses your requirement. Where in the standard do I find your point?”

If he cannot find it, it is a suggestion for your program to improve and not something that can be written up as a deviation. Tell him that you will consider it and that you appreciate the advice.

If the auditor still wants to include this in the audit as a deviation, you don’t have to accept that.

Don’t wait if this happens. Immediately call your contact at the audit company headquarters. Sit down with the auditor on speakerphone. Explain what you are discussing and have both sides state their case. Ask for clarification on what the auditor is proposing.

This is not confrontational; you are simply getting clarification from the authority. If is it is in the standard, you learned something. If not, the auditor did. You both win.

As a bonus, the auditor will think twice before writing up the next out of scope deviation. He knows what you do.

February 7, 2017

Effective Supplier/Retailer Communication Eases Pain of Food Recalls

By Holly Mockus

No Comments

Food recalls are not 100% avoidable, and they are costly. The hit to an individual food company or retailer, on average, can run to tens of millions of dollars. Annually, millions of consumers become ill as a result of contaminated food products, and the dollar costs in terms of lost productivity, medical treatment and deaths run into the tens of billions.¹ More than 20% of consumers have said that they would not purchase any brands from a company suffering a food recall.² At best, damage to a company’s brand and reputation could take a long time to repair. Clearly, the need to prevent food contamination is obvious and should be the ultimate goal of all food safety professionals.

But despite the best industry efforts, recalls inevitably occur. And since they aren’t 100% avoidable, suppliers and retailers must continue to look for ways to minimize the safety and financial impact of the recall events that do occur. It’s good to begin that process by understanding some statistics surrounding the most common recalls. Globally, 46% of food recalls are for chemical hazards or the introduction of non-food-grade ingredients. 79% of these are due to undeclared allergens. 26% of recalls are for food-borne pathogens, and 8% are due to physical hazards (metal, glass, plastic, paper, wood, etc.). The remaining 20% are generally quality-based recalls and withdrawals.³

Head Off Recalls Before They Occur

Knowing the numbers helps suppliers and retailers home in on their most likely problem areas and get a leg up on potential product contamination problems. Since chemical hazards are the single biggest culprit, and because most of these instances are due to allergens, food companies should closely examine their cleaning and sanitation practices during production line changeovers. Keep in mind the potential role of contract service providers as sources of adulteration. Regarding pathogens, evaluate raw and ready-to-eat segregation procedures, staff access points, and good manufacturing practices and employee traffic patterns.

Many companies focus their efforts on passing food safety certification audits, but faithful adherence to food safety measures just to pass an audit misses the point. Focus on the development and implementation of comprehensive food safety systems to guard against contamination and food safety incidents, and not just avoid non-conformances to certification codes. Preventing food safety incidents and recalls before they happen must be the priority.

Supplier Best Practice: The Mock Trace

Manufacturers, suppliers and certification bodies have evolved a set of best-practice recommendations that will go a long way toward reducing the number of food safety incidents and recalls. These include conducting regular internal audits of food safety plans and procedures, including approved supplier programs and environmental monitoring programs, both to re-evaluate their effectiveness and discover new or previously overlooked gaps.

Suppliers should consider taking things to the next level. SQFI’s LeAnn Chuboff suggests that suppliers “make their retailers happy” through the use of mock trace exercises.³ These “dry runs” are invaluable for reinforcing the close examination and evaluation of recall plans and to become intimately familiar with the necessary procedures in the event of an actual adulteration event. Mock trace exercises should be intensive: They are particularly effective in identifying gaps when they occur during off shifts. Making the exercise challenging rather than check-the-box easy helps companies reveal and close critical gaps. Conduct the mock trace in both directions, from raw materials to finished goods, and vice versa.

Include every department in the company. For mock trace exercises to be completely effective, review all documentation for errors or omissions. All employees should be interviewed to determine whether they fully understand food safety and documentation procedures. Review training modules and observe manufacturing procedures for evidence of knowledge or operational gaps. Examine bulk material receiving and storage, employee and material traffic patterns, packaging materials and procedures, and cleaning and maintenance chemicals.

Speed as well as accuracy and thoroughness are critical in the event of an actual recall event. Companies should practice rapid response. Take advantage of all the accumulated experiences from the mock exercise to improve every aspect of the company’s food contamination response tools and practices.

Pages: 1 2

Bill Bremer is Principal, Food Safety Compliance at Kestrel Management LLC

October 4, 2016

FST Soapbox

Post-FSMA Food Safety Inspection: Are You Ready?

By Bill Bremer

No Comments

Note: FSMA will include the scheduled compliance inspection as part of the implementation of rules. This will occur in the next several years for many food companies.

With FSMA rules moving to the compliance stage, food companies must prepare appropriately to best respond to the requirements and, correspondingly, to additional inspections. These inspections are in addition to others, including GFSI with its emphasis on unannounced level audits for some schemes. For example, these audits may be required by the code (as with SQF) or as part of customer arrangements per certification contracts.

Learn more about FSMA Inspection Readiness at this year’s Food Safety Consortium in Schaumburg, IL | December 7-8, 2016 | REGISTERWith the growing potential for inspections and audits, a well-planned program and response must be developed, implemented and tested to achieve a most successful outcome. This is an important area to address, especially given the many changes in compliance under FSMA, greater scrutiny under GFSI, and a rapidly changing responsibility for food safety management resources.

For companies experienced with past FDA compliance audits, the new rules and Section 117 cGMPs will require more formalized programs and strong evidence of compliance through internal audits and oversight by Qualified Individuals (QI). The inspectors will look to focus heavily on new requirements and the “letter of the law”. Additionally, organizations under the Preventive Control Rule must have multiple Food Safety Plan QIs, qualified audit resources and competent sanitation management, along with competent plant operators. It is critical to have established roles, planning and testing as part of any inspection readiness program.

Self-Diagnostic Assessment Tool

The following self-diagnostic assessment tool can help organizations better determine their current state of planning when it comes to developing inspection readiness. To complete your own planning assessment, review your progress compared to the questions in Table I.

FSMA Inspection checklist — Table I. Kestrel Management’s self-diagnostic tool can help a company assess its level of inspection readiness and preparedness for FSMA compliance.

Get Compliance-Ready

Companies must have the appropriate plans and resources to comply with FSMA and certifications or face possible violations that can include fines and penalties under FDA enforcement. The questions in Table I will help companies identify areas to consider for Inspection readiness. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage all of your food safety requirements—and change “No” responses into “Yes” responses that promote best practices for FSMA and food safety compliance.

June 22, 2016

Bug Bytes

Get Your Food Manufacturing Facility Audit-Ready

By Zia Siddiqi, Ph.D.

No Comments

Being audit-ready at any moment can be a daunting task, but pest management is one aspect of your audit that you can ace if you’re doing the right things. Pest control can account for up to 20% of your score, so taking it seriously can give you a huge boost the next time an auditor comes to your facility.

There are two components needed to help ease the stress of a third-party audit: An Integrated Pest Management (IPM) program and proper documentation.

IPM programs focus on incorporating green prevention and exclusion tactics into your facility’s ongoing sanitation and facility maintenance strategies, only using chemical solutions as a last resort. FSMA established that these tactics should be used when dealing with food safety issues and that thorough records should be kept to document the risk-based prevention efforts. This gives food manufacturing facilities even more of a reason to employ an IPM program.

A strong IPM program already has documentation built into it, as tracking pest activity and monitoring results over time are crucial steps to implementing the most effective pest prevention techniques for your business. Every IPM plan is tailored to your facility’s needs, so it needs to be dynamic and adaptable over time as new technologies emerge and your business needs change. Having the ability to show documentation of these changes and their positive effects will get you off to a great start on your next audit in showing your risk-based prevention food safety plan. If you do not already have an IPM program in place, speak with your pest management provider about establishing one.

Auditors like to see IPM programs in place because it means your business is taking a proactive approach and keeping detailed records.

Think about it like this: If the auditor is the judge and there’s no jury, would you ever walk into a court case without any evidence to prove your innocence? Of course not! So you wouldn’t want to walk into an audit without any documentation either.

In other words, document everything. Facilities must prepare and implement written food safety plans that identify potential risks to food safety, enumerate the steps and processes that will be executed to minimize or prevent those dangers, identify and implement monitoring procedures, keep detailed records of the food safety program, and list actions that will be taken to correct problems that do arise. If you’re doing all of this, you’ll make an auditor’s life that much simpler and improve the chances of receiving a high score.

When working to get audit-ready, you’ll want to have the following forms of documentation ready to go:

Proof of Training and Certification

Even though you know that your pest management professional is properly trained and certified, your auditor does not. Keep documentation on hand at your facility, as auditors may want to see one or more of the following documents:

A copy of the valid registration or certification document
hysical, written evidence that your pest management provider has been properly trained to use the materials necessary for your IPM program
Evidence of training on IPM and Good Manufacturing Practices (GMPs)

Proof of Service and Material Changes

A strong IPM program changes as new technologies emerge and your business’s needs shift over time, so be sure to have detailed documentation of these changes as they occur. It’s also important to note the reasons for making changes. Auditors will be looking for written documentation for even the smallest of changes to your IPM program, so take careful notes as your program adapts along with your business.

It can also help to assign specific roles to your employees. This not only will give employees clear direction on how they can contribute to your IPM program, but it can also help your case with an auditor by showing that your facility is maintained by an entire team rather than just a few people. Teamwork is a key part of any IPM program, so be prepared to show how your team runs effectively.

Pest Sighting Reports That Correspond with Corrective and Preventive Actions

When there is a pest sighting in your facility, record it immediately. Keeping records of sightings will help ensure that steps are taken to improve and show accountability to an auditor. Once action is taken, record exactly what was done and the results of the counteractive efforts. That way, you’ll have a paper trail that shows an auditor that for every pest problem, your pest management provider came up with a proactive pest solution that resolved—or is working to resolve—the issue.

After taking corrective action, continue monitoring the issue over time and note any developments in order to help prevent the issue from reoccurring. Creating a trend report that keeps track of which pests your facility is dealing with over time can help, too, as it will help you determine which pests are the most problematic. Your provider can help build such a report.

Records of Pest Monitoring Devices and Traps with Corrective Actions

Pest monitoring devices and traps are great for giving insight into areas around your facilities that are most susceptible to pests. Along with these devices, however, you’ll need to show the following information to an auditor:

When and how often the monitoring devices and traps were checked
The type and quantity of each pest found
Corrective actions taken to reduce pest activity and prevent further issues

Work with your pest management provider to gather all of this information, as it is usually the technician who works on these devices regularly. Being able to give an auditor the full picture can certainly help you on your inspection as it demonstrates attention to detail throughout your entire facility.

Annual Pest Management Assessments and Resulting Actions Taken

With most IPM programs, your pest management provider will thoroughly inspect your facility annually to identify areas that can be improved. Many auditors require these annual check-ups, and they will be looking for proof that these facility assessments occurred and that action was taken as a result that led to positive changes. Year-over-year improvement is important, so measure your success against the areas of improvement specified in these annual inspection reports. That way, you can meet the objectives prior to an audit.

These annual inspections give you a chance to look back and see the progression over the years. If there are any pest issues that pop up year after year, make them a priority in order to show that your program is trending in the right direction.

This proactive approach to pest management will help protect your business from pests and the inherent risks, as well as help give you a better chance of receiving an excellent score on your next audit.

So don’t be afraid of an audit the next time one comes around. With a strong IPM program in place and detailed documentation over the course of the year, there won’t be an exorbitant amount of preparation needed. Stay organized and keep all of the above-mentioned documents together and on-site to keep things simple for both you and your auditor. All of these elements will help your facility receive a strong score and be audit-ready at a moment’s notice.

April 12, 2016

GFSI Basics: Is FSSC 22000 Right For Your Company?

By Maria Fontanazza

No Comments

Food Safety Tech recently sat down with experts from Eurofins to discuss FSSC 22000. According to Kristopher Middleton, technical manager at Eurofins, and Kim Knoll, food safety systems national sales manager at the company, there are still quite a few companies (especially in North America) that are unfamiliar with the ins and outs of the certification scheme. In a Q&A with FST, Middletown and Knoll break down the basics of FSSC 2000, along with explaining some of its benefits.

Food Safety Tech: How is the trend with FSSC 22000 evolving?

Kristopher Middleton: The scheme started in 2009 based on a demand for people wanting to have an ISO-based certification within the GFSI benchmarking process. When the program came out, it trended toward larger companies that already had ISO-based certifications, mainly ISO 22000 and ISO 9001. The FSSC 22000 scheme is the fastest growing GFSI benchmarking scheme currently. It’s not just for large multinational companies; a lot of smaller suppliers are seeking certification to this scheme. The foundation continues to expand its scopes to become a true farm-to-fork certification program.

FST: Is FSSC 22000 also appropriate for a single site or for a company with fewer than 50 employees?

Middleton: The certification doesn’t discriminate based on facility size—nor footprint or number of employees. It’s ideal for any company that has a robust food safety management system and manufacture products that fall within the FSSC 22000 scope of certification. This currently includes manufacturers of perishable animal products (feed and food), perishable vegetable products, products with a long shelf life, biochemical products (i.e., food ingredients, vitamins, biocultures, etc.), manufacturers of food packaging, and primary production of animal products.

The key thing about FSSC 22000 certification is that it is not a terribly prescriptive food safety scheme, when compared to others that are available. You will be successful with FSSC 22000 certification if you are confident and knowledgeable about your own food safety management system, and you have appropriate justification or validation for the method in which your programs have been implemented, as well as validation for the controls of your food safety hazards.

FST: Are there quite a few companies that have not heard of FSSC 22000 or are not aware that it is a GFSI-recognized scheme?

Middleton: Since ISO 22000 was not terribly popular here in North America, it didn’t catch on right away. It was more so overseas that it caught on. However, within the past two years the scheme has become increasingly popular here, especially among companies that have other ISO standards already implemented (i.e. ISO 9001, 14001, 18001,etc), where it relates to occupational health and safety, environmental, and quality. The reason for that is the FSSC can easily intertwine with that entire management system program so that it all works together versus having separate programs in place.

Kim Knoll: I’m having a lot of conversations with smaller manufacturers who are brand new to GFSI. Many of them are being asked by their customers to achieve a GFSI benchmarked certification and are in the early stages of researching scheme options. Some of these companies are surprised to learn that FSSC 22000 is a viable option. Like other certification schemes, Eurofins lends support to companies planning to pursue FSSC 22000 through training courses, consulting services, pre-assessments and ultimately certification services. Even though FSSC 22000 is a newer scheme, auditor availability is not an issue.

FST: What are the key differences between FSSC 22000 and the other GFSI schemes?

Middleton: Probably the most apparent difference with FSSC compared to other GFSI benchmark schemes is the fact that your certification lasts for three years, not one year. The reason for that is that it’s not a product-based certification like the others, it is a process-based certification and it uses the accreditation standard of ISO 17021 not ISO 17065. It also uses ISO 22003 for direction to the certification body for the conducting of the audit. That doesn’t mean that sites won’t be audited annually; it just means that once the certificate is granted, it’s good for three years.

Another key difference is that there is no true pass or fail within the audit. It’s a conform or not-conform audit. The decision to certify is based off the findings from the auditor and their recommendations, as well as the decision from a technical review meeting at the certification body. It requires the effective closure of a particular non-conformance or satisfactory plan being submitted for the closure of those non-conformances before the actual certificate can be granted. So that’s a bit different, because you can just submit plans for your non-conformances [instead of] actually showing that everything has been completely resolved. That being said, if a facility isn’t able to hold or get a certificate, if there’s an imminent food safety threat noted during an audit—if there’s an issue, such as a potential recall or contaminated goods, the ability to be granted that certificate is not feasible.

FST: Can you walk us through the auditing and certification process under FSSC 22000?

Middleton: Like any of the standards out there, you can get a pre-assessment, which is not necessarily part of the certification activity. The certification activity starts at a Stage 1 audit within this scheme (also known as a document audit within other schemes). It’s an evaluation of a facility’s food safety management system document to determine if they’re valid. The process does not include an entire evaluation of the implementation of the program, just simply that the programs are adequately designed and meet the requirements that are in place.

Next there’s a Stage 2 audit (sometimes referred to a facility audit) that is conducted no more than six months after the Stage 1 audit. The Stage 1 audit will identify the areas of concern—programs that might not meet exactly what the specifications required within the standard, which would become non-conformances in a Stage 2 audit (also called a facility audit or certification audit).

The Stage 2 audit is the full evaluation of the implementation of the program that was reviewed in the Stage 1 audit. Following completion of the audit, effective closure of non-conformances is required. This closure can either be [related to] major non-conformances, CAPA or root cause analysis. You have to supply evidence that the non-conformance is properly eliminated and will not recur, and this evidence must be supplied to the certification body and the auditor for review.

Any other non-conformances (also known as minor non-conformances) must have corrective action plans. Companies need to state how they plan on resolving the issue. They will be “closed” but left open for the next audit, which has to occur within one calendar year (known as a surveillance audit). The term “surveillance audit” within this standard is different from some of the other standards. Within some of the other standards, a surveillance audit is not a yearly activity—it is done within the year of certification. The surveillance audit within this standard is a yearly audit that is required to meet the requirements of GFSI. It’s also a requirement within [ISO] 17021 and [ISO] 22003 that surveillance audits are conducted. The GFSI requirement changed the surveillance audit within the ISO world because they used to do a sampling audit, which progressed to a full-blown audit. Your whole food safety management system will be evaluated, which is slightly different from ISO 22000 surveillance audits.

After that audit is conducted, you have another surveillance audit in the following calendar year. Within those surveillance audits, if any minor non-conformances or non-conformances from the previous audit are still present, they are upgraded to major non-conformances and [companies] would have to implement a full corrective action plan, root cause analysis, etc. and then determine the solution.

Once the second surveillance audit is conducted, the following year will be your recertification audit, which is simply another facility audit. It’s not a document audit—you don’t have to do Stage 1 audits after that initial one. This recertification audit occurs prior to your certificate expiring.

March 22, 2016

FST Soapbox

Inquiries, Responses and Audits: The Chipotle Effect

By Dan Bernkopf

No Comments

In an age where news is reported instantly, those outside the food industry have a heightened awareness and concern over their favorite brands’ commitment to food safety. Conversely, every food industry’s safety and quality operations teams are more than likely putting measures in place to tighten up their supply chain controls and re-evaluate their own food safety programs to ensure that their companies don’t become the next headline.

You better believe suppliers and their customers alike are also re-evaluating their ability to quickly, and effectively, respond to such an incident with the data and records needed to determine root causes—and with good merit, especially if you take a step back and really think about what is needed when a response or inquiry comes in surrounding a Chipotle-type food safety incident. Responses to such incidents typically fall along the lines of:

Evidence of current food safety plan, including comprehensive risk analysis, HACCP/HARPC plan, validation studies or documents
Inspection data and documents on your suppliers, including onsite inspection, transportation and product receiving inspections, complete with non-compliance reports and CAPAs for the last six months
All data records relative to your internal processing CCP(s) or equivalent, including monitoring frequencies and all non-compliance reports, complete with their CAPAs for the last six months
All regulatory and non-regulatory audit reports or actions, including non-compliance reports and their CAPAs
Additional available internal or external laboratory evidence that demonstrates environmental monitoring of your facilities and resulting continuous improvement and sanitation validation for the last two years
Additional internal or external laboratory pathogen monitoring programs for field, transportation, raw material supply and finished products, etc. as evidence to support your food safety program

The sheer volume of records, data and information needed in such an on-demand short timeframe can be extremely overwhelming. Without quick access to the critical records needed to determine root cause or, more importantly, thwart an incident from expanding, food safety and quality operations should be taking a close look at how they are managing their food safety data records and reports.

Are binders full of documents, or a combination of paper/silo data records going to suffice when it comes to inquiries, responses (and audits)? Or, is there a better way to manage food safety and quality data to ensure not only data is accessible, but also that food safety programs are working?

One sure bet is that there will be a higher number of audits and inquiries. Is your team and/or supplier prepared for the increase of these types of activities?

Inquiry: A request for a single or series of data and or documents usually related to a specific FSQA event or question
Response: The collected data, data reports, document or document reports related to a specific audit or inquiry
Audit: An activity that reviews one or many elements of a food safety plan to assure that the plan is complete, performed as described and meets the food safety design as intended. Audits are known and expected activities to review such safety plan elements even though the actual audit date and time may be known or unknown

We all know that audits are often lengthy exercises, yet they are still predictable. On the other hand, inquiries can be more difficult in that information requests may involve a very deep dive into a very specific area of inquiry.

In all honesty, if inquiries or responses or audits have to be planned for in advance, then you are not prepared. In order to always be prepared, it’s imperative to have better systems in place to manage any type of internal or external examination of your food safety and quality information. Regardless of whether it is an audit, response or inquiry, it is important to have easy access to records, verify that your programs are working, have corrective actions in place, and show visibility (and transparency) in your operation.

Thus it all comes back to how you or your suppliers are managing food safety records day in, day out. If FSQA operations are still relying on manual-based food safety and quality management processes versus food safety and quality management technologies, then chances are that you’re reacting to latent results, and you’re not able to identify trends and opportunities for improvement. The burden to manage inquires, responses or audits—as they continue to grow in cadence—will become overwhelming.

Without a doubt, the Chipotle effect is being felt throughout the industry. There will be increased accountability to ensure an adequate food safety program is in place and verification that the program is working. It will become even more imperative—and expected—that data and records are readily available to efficiently respond to inquiries, responses and audits.

February 24, 2016

Specific Training Required Under FSMA: A Look at Each Rule

By James Cook

No Comments

All seven core rules of FSMA require general training of individuals or employees and qualified individuals requiring education, training or experience to perform specific tasks. By including training in these regulations, the FDA has made specific training mandatory.

Training Required by FSMA Final Rules

In the current Good Manufacturing Practices (cGMP) and preventive control rules, as per 21 CFR 117.4 and 507.4, all individuals engaged in the manufacturing, processing, packing and holding of food must have the education, training or experience to perform assigned duties and must be trained in the principles of food hygiene and food safety. However, the preventive controls qualified individual (PCQI) and qualified auditor, to rules 21 CFR 117.180 and 507.53, can be an individual who has successfully completed a class equivalent in curriculum to that recognized by the FDA, or have the necessary job experience. In both cases, the training must be documented, including the date of training, type of training and those personnel trained.

This means that all employees are to be trained in food hygiene and food safety to at least the standard presented in the regulations and more specifically as per the cGMP requirements. Additionally, individuals who are responsible for a specific critical control point will still need to be trained in HACCP. However, this will probably not be sufficient for an employee responsible for preventive control, as he or she may require training in Hazard Analysis Risk-Based Preventive Control (HARPC), or training specific to the area in which the employee is involved (e.g., allergens, sanitation, supply chain or recall programs, or preventive controls).

For the preventive control qualified individual and qualified auditor, the training needed may be that of the approved FDA curriculum, as developed by the Food Safety Preventive Control Alliance (FSPCA). Although this training course is not a regulatory requirement, FDA inspectors and other regulatory personnel who are auditing facilities will have completed this training, meaning qualified auditors will be expected to have this training, and eventually preventive controls qualified individuals (PCQIs) will be expected to do so too. The qualified auditor and a PCQI will still require the education, experience and other training to perform the specific job duties as listed in the regulations. Unfortunately, it is likely that neither the industry nor the government will have enough lead instructors ready to train everyone who would want or need to be trained before the compliance dates become effective. Additionally, this training course is not yet available for animal food, and the industry has been informed by FSPCA that a Foreign Supplier Verification Program (FSVP) training module will be added to the training course. The FSVP is discussed in the Supply-Chain Preventive Control module, and the fact that there are some similarities between these regulations helps individuals involved in the FSVP program, or in auditing it.

In the produce safety rule, training requirements are listed in subpart C 21 CFR 112.21, 112.22, 112.23 and 112.30. Personnel who require training are those handling covered produce and their supervisors. As with the cGMP and preventive control rules, the principles of food hygiene and food safety must be taught to these personnel. More specifically they must learn how to identify an ill or infected person, and be taught about microorganisms of public health significance, such as Salmonella, Listeria and E. coli O157 on food contact surfaces. Additionally, personnel who harvest covered produce must be trained in recognizing produce that is contaminated with known or reasonably foreseeable hazards to ensure it isn’t harvested. These personnel must be trained in the use of harvest containers and equipment to ensure that they are functioning properly, clean and maintained, and to identify when they are not. At the same time, employees must be trained in correcting any issues or in reporting them to a supervisor in order to have them corrected. All this training must be documented in the same way as the cGMP and preventive control programs.

Unlike the cGMP and preventive control rules, the produce safety rule’s requirement to have a qualified individual, supervisor or responsible party on each farm that has completed a recognized FDA course, or equivalent, is not optional. This course will be available through the Produce Safety Alliance and is anticipated to start in September 2016. The grower food safety course required for supervisors will include an introduction to produce safety, worker health and hygiene training, soil amendments, wildlife, domestic animals and land use, agricultural water, post-harvest handling and sanitation, as well as how to develop a food safety plan.

The training for produce, conducted by the Produce Safety Alliance and/or trained trainers, does not cover training for sprouts; training for sprouts is being developed by the Sprout Safety Alliance and will include topics specifically for sprouts, such as antimicrobial treatment of sprouting seeds.

In the FSVP, the qualified individuals must have the education, training or experience necessary to perform activities as per 21 CFR 1.503. These qualified individuals will develop the FSVP and those activities such as hazard analysis, supplier approval, determining verification activities and frequency, corrective actions and other activities for the FSVP. These personnel must be able to read and understand the records to be reviewed for this program. This means they must know English and may also need to know the local language at point of product manufacture or farming.

At this time there is no structured training program for these individuals, but the FSPCA training program, alongside education and experience can provide the training necessary for these people to perform the job activities. A PCQI would be qualified for the role of a FSVP qualified individual, but the FSVP probably would not be qualified for the PCQI role. This is because the activities in the FSVP are not as complicated as those required by the cGMP and preventive controls rules, and therefore the FSVP qualifications would not need to be as stringent.

Training Under Proposed Rules

In the proposal for Sanitary Transportation of Human and Animal Foods, 21 CFR 1.910, the FDA requires carriers of these products to train personnel who are engaged in transportation operations. This should include awareness of potential food safety problems that may occur to food during transport, basic sanitary practices that would address those problems and the responsibilities of the carriers in the regulation. As with all training in these regulations, the type of training, who was trained and when they were trained must be documented.

Since this is a proposal, the training for teaching the carrier’s responsibility is not yet finalized but will require nothing more than explaining that section of the regulation. The training of potential food safety issues and the problems that might occur during transport are handled during standard cGMP and food safety training.

For the proposed Intentional Adulteration rule, per 21 CFR 121.160, the personnel and supervisors assigned to the actionable process steps must receive training in food defense awareness and their responsibilities in implementing the migration strategies. Also, as per 21 CFR 121.130, the vulnerability assessment is to be performed by a qualified individual, and this individual is to be qualified through experience and/or appropriate training.

For basic food defense, the FDA offers various courses and information, such as Food Defense 101, on their food defense webpage. An online course is offered in English and Spanish and covers the awareness training and the regulations for employees. Upon course completion, a certificate is provided. The agency also has a downloadable food defense plan builder that can be used to develop a food defense program. The agency also provides vulnerability assessment software, but additional training in PAS 96 or ISO/TS 22000 food defense would aid qualified personnel in making sure that this vulnerability assessment is correct and that the strategies to reduce risks are appropriate and not excessive.

There is an abundance of training courses and materials available from the FDA, USDA FSIS, associations and industry. FSMA employee training requires having personnel with the proscribed education and experience to perform specific tasks, and that they be trained as soon as possible in order for them to develop the programs. Additionally, all personnel should be trained at least annually in food hygiene, food safety and food defense.

Gary Smith, Eurofins’ Food Safety Systems

February 15, 2016

FSMA Mandates Employee Training. Are You Prepared?

By Maria Fontanazza

No Comments

Training plays a huge role in the effective implementation of FSMA. The preventive controls for human food final rule calls out areas in which training is now obligatory, namely ensuring that employees involved in the manufacturing, processing, packaging and holding of food are properly educated on food safety and food hygiene (mandated under Current Good Manufacturing Practices). FDA has initiated an extensive training strategy, part of which includes establishing a National Coordination Center (the agency awarded a $600,000 grant to the International Food Protection Training Institute in October), along with several collaborative efforts with other federal agencies and industry partners.

Although many food companies have been conducting training as part of their standard procedures, preparing employees for the implementation phase of FSMA may be more complicated than they anticipated. In a Q&A with Food Safety Tech, Gary Smith, director of food safety services at Eurofins Scientific, shares insights on some of the hurdles that industry is encountering (including manufacturers in the animal food arena) related to training and FSMA compliance.

Food Safety Tech: How has FSMA changed the landscape of employee training?

Gary Smith: There are a couple of updates that are very important to note for the industries as a whole. First, employee training is now mandatory for both human food facilities and, probably even more importantly, animal food facilities. Many of the human food folks may have been asked by customers or by other entities via corporate internal procedures to do training of employees and to have a training program in place. For a lot of the pet food and animal feed manufacturers, having a comprehensive training program for all employees is significantly different than what has been requested and expected of them in the past.

Second, the preventive controls rule for both human food and animal food specifically requires that animal food and human food manufacturers conduct training of all their employees on at least food safety and food hygiene topics. Now, what does that mean? We’re interpreting that to mean basic GMPs as well as common food safety hazards. Realistically, this will probably be a 30 to 60-minute training session in which everyone in the facility will have to attend, and FDA doesn’t state specifically that it has to be done more than at least once. There is no frequency for re-training. However, once the compliance dates are effective, it’s mandatory that the training has been completed. This is a new concept for the majority of industry who may have had corporate training programs or customer-driven training programs, but never a mandated regulatory requirement for training.

FST: What challenges do food companies face in ensuring that employees are prepared for the implementation phase?

Smith: There’s the challenge of putting together the training, which, in the big picture of FSMA, shouldn’t be that big of a deal.

Some of the biggest challenges companies face (especially in trying to get ahead of the game and be proactive) is the identification of the preventive controls qualified individual. Is it an internal person? Is it a consultant? Do they have to go through a specific training class? The answer is yes, they do. How do they deal with foreign suppliers? A lot of folks are really confused about the concept of the Foreign Supplier Verification Program rule and what it means. Do they need to audit [their suppliers]? Do they need to be GFSI certified? There are a lot of questions concerning the importation of ingredients from outside the United States—what’s the requirement? This is probably the biggest area in which people seek clarity.

Another [challenge] is internal supplier approval, because the new rule talks about supplier approval as one of the preventive controls that has to be in place. Again, who can do those audits? When do we have to conduct an audit? What does the audit have to cover? A lot of folks are struggling with this area as well.

The last challenge: A lot of folks have HACCP, whether they are human or animal food manufacturers, and this has been required or requested by customers for a while. But how do we transition from having a HACCP plan to a food safety plan that meets the preventive control requirements in addition to the HACCP requirements? How do I build in allergen management as a preventive control? How do I build in sanitation as a preventive control? How do I build in supplier approval as a preventive control? There are a lot of questions surrounding whether companies should scrap their HACCP plan and start over, or whether they have to add on to it.

FST: Eurofins offers an extensive training schedule for the first half of 2016. How do these offerings play into FSMA’s compliance requirements?

Smith: Eurofins is now offering the highly anticipated 2.5-day training created by the FDA’s Food Safety Preventive Controls Alliance (FSPCA). The standardized curriculum is designed to meet the training requirements under Title 21 Code of Federal Regulations Part 117.115 for the “preventive control qualified individual” who conducts certain Food Safety Plan activities. In addition, Eurofins offers core courses such as Environmental Monitoring, Internal Food Safety Auditing and HACCP to help support the development and implementation of a company’s food safety plan.