Tag Archives: compliance

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part II)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series addressed the importance of a physical security expert, insider threat detection programs, actionable process steps (APS) and varying approaches to a VA. To further assist facilities with reviewing old or conducting new VAs, Part II will touch on access, subject matter experts, mitigation strategies and community drinking water through more lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.

Lesson 6: Utilization of Card Access. The FDA costs of implementing electronic access control, as reported in the Regulatory Impact Analysis document (page 25) are shown in Table 1.

Average Cost Per Covered Facility Initial Recurring Total Annualized
Prohibit after hours key drop deliveries of raw materials $ $1070 $1070
Electronic access controls for employees $1122 $82 $242
Secured storage of finished products $1999 $– $285
Secured storage of raw materials $3571 $– $508
Cameras with video recording in storage rooms $3144 $– $448
Peer monitoring of access to exposed product (not used) $47 $1122 $1129
Physical inspection of cleaned equipment $– $303 $22
Prohibit staff from bringing personal equipment $157 $– $22
Total $9993 $1455 $2878
Table I. Costs of Mitigation

In our opinion, these costs may be underreported by a factor of five or more. A more realistic number for implementing access control at an opening is $5,000 or more depending on whether the wire needs to be run in conduit, which it typically would. While there are wireless devices available, food and beverage organizations should be mindful that the use of wireless devices may in some cases result in the loss of up to 50% of electronic access control benefits. This happens because doors using this approach may not result in monitored-for-alarm conditions, such as when doors are held open too long or are forced open. Some wireless devices may be able to report these conditions, but not always as reliable as hardwired solutions. Using electronic access control without the door position monitoring capability is a mistake. From a cost standpoint, even a wireless access control device would likely be upwards of $2,000 per opening.

Lesson 7: In the interest of time, and in facilities with more complex processes (which increases the work associated with the VA), plan to have quality, food safety and physical security personnel present for the duration of the VA. But also bring in operational specialists to assess each point, step or procedure for the respective operational areas. You may wish to have a quick high-level briefing for each operational group when it’s their turn to deliberate on their portion of the manufacturing operation. Proper planning can get a hybrid style VA done in one-and-a-half to three days maximum for the most complex of operations.

Lesson 8: Conduct a thorough site tour during the assessment process; do not limit your vulnerability activity to a conference room. Both internal and external tours are important in the assessment process by all members of the team. The external tour is needed to evaluate existing measures and identify vulnerabilities by answering questions such as:

  • Is the perimeter maintained?
  • Are cameras pointed correctly?
  • Are doors secure?
  • Are vehicles screened?
  • Are guards and guard tours effective?
  • Internal tours are important to validate documented HACCP points, steps or procedures.A tour also helps to validate process steps that are in multiple parts and may need to be further assessed as a KAT, for public health impact, accessibility and feasibility or to identify issues that have become “invisible” to site employees which might serve a security purpose.
  • Properly conducted tours measure the effectiveness of a variety of potential internal controls such as:
    • Access control
    • Visitor controls
    • Use of identification measures
    • Use of GMP as a security measure (different colors, access to GMP equipment and clean rooms)
    • Effectiveness of buddy systems
    • Employee presence

Lesson 9: Do not forget the use of community drinking water in your processes. This is an easy way to introduce a variety of contaminants either in areas where water is being treated on site (even boiler rooms) or where water may sit in a bulk liquid tank with accessibility through ladders and ports. In our experience, water is listed on about half of the HACCP flow charts we assessed in the VA process.

Lesson 10: Some mitigation strategies may exist but may not be worth taking credit for in your food defense plan. Due to the record keeping requirements being modeled after HACCP, monitoring, corrective action and verification records are required for each mitigation strategy associated with an APS. This can often create more work than it is worth or result in a requirement to create a new form or record. Appropriate mitigation strategies should always be included in your food defense plan, but sometimes it produces diminishing returns if VA facilitators try to get too creative with mitigation strategies. Also, it is usually better to be able to modify an existing process or form than having to create a new one.

Lesson 11: In cases of multi-site assessments, teams at one plant may reach a different conclusion than another plant on whether an identical point, set or procedure is an APS. This is not necessarily a problem, as there may be different inherent conditions from one site to the next. However, we strongly suggest that there be a final overall review from a quality control standpoint to analyze such inconsistencies adjudicate accordingly where there is no basis for varying conclusions.

Lesson 12: If there is no person formally responsible for physical security at your site, you may have a potential gap in a critical subject matter area. Physical security measures will make at least a partial contribution to food defense. Over 30 years, we have seen many organizations deploy electronic access control, video surveillance and lock and key control systems ineffectively, which provides a false sense of security and results in unidentified vulnerability. It is as important to select the right physical security measures to deploy, but also critical to administer them in a manner that meets the intended outcome. Most companies do not have the luxury of a full-time security professional, but someone at the plant needs to be provided with a basic level of competency in physical security to optimize your food defense posture. We have developed several online training modules that can help someone who is new to security on key food defense processes and security system administration.

Lesson 13: As companies move into ongoing implementation and execution of the mitigation strategies, it is important to check that your mitigation strategies are working correctly. You will be required to have a monitoring component, correction action and verification intended for compliance assurance. However, one of the most effective programs we recommend for our clients’ food defense and physical security programs is the penetration test. The penetration test is intended to achieve continuous improvement when the program is regularly challenged. The Safe Quality Food (SQF) Institute may agree with this and now requires facilities that are SQF certified to challenge their food defense plan at least once annually. We believe that frequency should be higher. Simple challenge tests can be conducted in 10 minutes or less and provide substantial insight into whether your mitigation strategies are properly working or whether they represent food defense theater. For instance, if a stranger were sent through the plant, how long would it take for employees to recognize and either challenge or report the condition? Another test might include placing a sanitation chemical in the production area at the wrong time. Would employees recognize, remove and investigate that situation? Challenge tests are easy high impact activities; and regardless of the outcome, can be used to raise awareness and reinforce positive behaviors.

Whether training a new security officer, reviewing existing security plans or preparing for an upcoming vulnerability assessment (due July 26, 2020), these lessons learned from experienced security consultants should help to focus efforts and eliminate unnecessary steps at your facility. The final installment in this series will address broad mitigation strategies, the “Three Element” approach and food defense plan unification.

Allison Kopf, Artemis

How Technologies for Cultivation Management Help Growers Avoid Food Safety Issues

By Maria Fontanazza
No Comments
Allison Kopf, Artemis

Visibility, accountability and traceability are paramount in the agriculture industry, says Allison Kopf, founder and CEO of Artemis. In a Q&A with Food Safety Tech, Kopf explains how growers can take advantage of cultivation management platforms to better arm them with the tools they need to help prevent food safety issues within their operations and maintain compliance.

Food Safety Tech: What are the key challenges and risks that growers face in managing their operations?

Allison Kopf: One of the easiest challenges for growers to overcome is how they collect and utilize data. I’ve spent my entire career in agriculture, and it’s been painful to watch operations track all of their farm data on clipboards and spreadsheets. By not digitizing processes, growers become bogged down by the process of logging information and sifting through old notebooks for usable insights—if they even choose to do that.

Allison Kopf, Artemis
Allison Kopf is the founder and CEO of Artemis, a cultivation management platform serving the fruit, vegetable, floriculture, cannabis, and hemp industries. She is also is an investment partner at XFactor Ventures and serves on the boards of Cornell University’s Controlled Environment Agriculture program and Santa Clara University’s College of Arts and Sciences.

I was visiting a farm the other day and the grower pulled out a big binder. The binder contained all of his standard operating procedures and growing specifications for the varieties he’s grown over the past 20 years. Then he pulled out a pile of black notebooks. If you’ve ever worked on a farm, you’d recognize grower notebooks anywhere. They’re used to log data points such as yield, quality and notes on production. These notebooks sit in filing cabinets with the hopeful promise of becoming useful at some point in the future—to stop production from falling into the same pitfalls or to mirror successful outcomes. However, in reality, the notebooks never see the light of day again. The grower talked about the pain of this process—when he goes on vacation, no one can fill his shoes; when he retires, so does the information in his head; when auditors come in, they’ll have to duplicate work to create proper documentation; and worse, it’s impossible to determine what resources are needed proactively based on anything other than gut. Here’s the bigger issue: All of the solutions are there; they’re just filed away in notebooks sitting in the filing cabinet.

Labor is the number one expense for commercial growing operations. Unless you’re a data analyst and don’t have the full-time responsibilities of managing a complex growing operation, spreadsheets and notebooks won’t give you the details needed to figure out when and where you’re over- or under-staffing. Guessing labor needs day-to-day is horribly inefficient and expensive.

Another challenge is managing food safety and compliance. Food contamination remains a huge issue within the agriculture industry. E. coli, Listeria and other outbreaks (usually linked to leafy greens, berries and other specialty crops) happen regularly. If crops are not tracked, it can take months to follow the contamination up the chain to its source. Once identified, growers might have to destroy entire batches of crops rather than the specific culprit if they don’t have appropriate tracking methods in place. This is a time-consuming and expensive waste.

Existing solutions that growers use like ERPs are great for tracking payroll, billing, inventory, logistics, etc., but the downside is that they’re expensive, difficult to implement, and most importantly aren’t specific to the agriculture industry. The result is that growers can manage some data digitally, but not everything, and certainly not in one place. This is where a cultivation management platform (CMP) comes into play.

FST: How are technologies helping address these issues?

Kopf: More and more solutions are coming online to enable commercial growers to detect, prevent and trace food safety issues, and stay compliant with regulations. The key is making sure growers are not just tracking data but also ensuring the data becomes accessible and functional. A CMP can offer growers what ERPs and other farm management software can’t: Detailed and complete visibility of operations, labor accountability and crop traceability.

A CMP enables better product safety by keeping crop data easily traceable across the supply chain. Rather than having to destroy entire batches in the event of contamination, growers can simply trace it to the source and pinpoint the problem. A CMP greatly decreases the time it takes to log food safety data, which also helps growers’ bottom line.

CMPs also help growers manage regulatory compliance. This is true within the food industry as well as the cannabis industry. Regulations surrounding legal pesticides are changing all the time. It’s difficult keeping up with constantly shifting regulatory environment. In cannabis this is especially true. By keeping crops easily traceable, growers can seamlessly manage standard operating procedures across the operation (GAP, HACCP, SQF, FSMA, etc.) and streamline audits of all their permits, licenses, records and logs, which can be digitized and organized in one place.

FST: Where is the future headed regarding the use of technology that generates actionable data for growers? How is this changing the game in sustainability?

Kopf: Technology such as artificial intelligence and the internet of things are changing just about every industry. This is true of agriculture as well. Some of these changes are already happening: Farmers use autonomous tractors, drones to monitor crops, and AI to optimize water usage.

As the agriculture industry becomes more connected, the more growers will be able to access meaningful and actionable information. Plugging into this data will be the key for growers who want to stay profitable. These technologies will give them up-to-the-second information about the health of their crops, but will also drive their pest, labor, and risk & compliance management strategies, all of which affect food safety.

When growers optimize their operations and production for profitability, naturally they are able to optimize for sustainability as well. More gain from fewer resources. It costs its customers less money, time and hassle to run their farms and it costs the planet less of its resources.

Technology innovation, including CMPs, enable cultivation that will provide food for a growing population despite decreasing resources. Technology that works both with outdoor and greenhouse growing operations will help fight food scarcity by keeping crops growing in areas where they might not be able to grow naturally. It also keeps production efficient, driving productivity as higher yields will be necessary.

Beyond scarcity, traceability capabilities enforce food security which is arguable the largest public health concern across the agricultural supply chain. More than 3,000 people die every year due to foodborne illness. By making a safer, traceable supply chain, new technology that enables growers to leverage their data will protect human life.

Brett Madden, Aviaway
Bug Bytes

How to Prepare an Integrated Bird Management Audit Program

By R. Brett Madden
No Comments
Brett Madden, Aviaway

Birds of different species can become a pest problem depending upon where they are landing, roosting or nesting. In terms of food facilities, birds can cause various concerns: Product safety risks, possible contamination (bird droppings/feathers), poor audit grades, inspection failure, secondary insect pest problems, vectoring of foodborne illness pathogens, plant closures or fines. It is for these reasons that it is essential that food, beverage and product manufacturers (FBP) establish an integrated bird management (IBM) program.

An IBM program will ensure that every essential team member is on the same page in terms of the protocols for managing pest birds within and around the facility. Even if a facility has taken a proactive approach to bird control, the potential exists for birds to enter a facility. Especially considering bird pressures around adjacent properties, buildings, bodies of water and food sources near the facility.

Read Part I of this series: Bird Problems and Control Methods for Food Production FacilitiesIBM for food industry facilities is a systematic approach to preventing birds from gaining access within a facility and reducing the length of time birds remain within a facility. Nuisance birds, depending upon how severe the bird pressure—i.e., how many birds are landing, roosting and/or nesting within a given area—can cause severe damage to equipment, property, food products, displays, vegetation, façade signage, ledges, roofs, HVAC equipment, drains, fire suppression, electrical equipment and more. The longer that birds are permitted to remain within and around a facility, the more damage they can cause, and the harder it is to remedy the problem. Thus, it is critical to remove any birds that have gained entry as soon as possible to prevent possible FBP contamination and the birds getting comfortable within the facility.

There are several components to developing an IBM program. First, you need to conduct a complete inspection of the interior/exterior of the facility, followed by a review of the current data as well as any historical bird data. Now that you have all the raw data, you can begin developing the site-specific IBM plan for the FBP facility. Now that you have the program designed, the program can be implemented. Finally, after a defined timeframe that the IBM program has been active, the program needs to be evaluated to determine if any adjustments need to be made to the program.

Inspection

The first step in developing an IBM program is to conduct an initial site inspection audit of the interior and exterior of the facility.

Integrated bird management, audits, food safety
An example of an integrated bird management food safety audit checklist. Credit: Aviaway

The following various elements need to be inspected and with said findings documented.

Interior audit, pest management
An example of an interior audit spreadsheet. Source: Aviaway. (Click to enlarge)

On the interior of the facility, look at the following items:

  • Active Birds with the Facility
    • List the areas and locations of birds
      • Example: Location(s): Food prep area(s), warehouse, etc.
    • Any history of birds and related areas
  • Interior Landscaping
    • Type(s) and necessity
  • Food Processing Areas
    • Any active control measures in place
    • Assess the level of risk
  • Bay Doors
  • Location(s): Gaps
  • Location(s): Bumpers
  • General Doors
    • Location(s): Gaps
    • Location(s): Bumpers
    • Location(s): Structural
    • Location(s): Doors left open
  • Additional Access Point(s)
    • Check all equipment areas that enter/exit building
  • Pipe-Line Penetrations
  • Sanitation
  • Conductive Conditions
    • Location(s): Standing water
    • Location(s): Food Sources
    • Debris
  • Bird Droppings or Nesting Materials
  • Staff feeding birds
    • All access to food and water
Exterior audit, pest management
An example of an exterior audit spreadsheet. Source: Aviaway. (Click to enlarge)

On the exterior of the facility, look at the following items:

  • Active birds with the facility
    • List the areas and locations of birds
      • Example: Locations(s): Rear loading dock
    • Any history of birds around the exterior of the facility
  • Adjacent Structures
    • Accessory buildings and structures
  • Sanitation Practices (Exterior)
    • Location(s): Dumpsters
    • Exposed food sources and spillage
  • Trash Receptacles
  • Trash Removal Frequency
  • Food Waste on Ground
  • Cleaning Practices
  • Cleaning Practices Schedule
  • Cleaning Food Waste Bins
  • Motion Doors
  • Bay Doors (Exterior)
    • Location(s): Gaps
    • Location(s): Bumpers
    • Location(s): Structural
  • General Doors (Exterior)
    • Location(s) Doors Being Left Open
  • Additional Access Point(s)
  • Bodies of Water
  • Conductive Conditions
  • Structural (Exterior)
    • Location(s): Pipe-Line Penetrations
    • Location(s): Flashing
    • Location(s): Pipes
    • Location(s): Openings
    • Location(s): Roof
    • Location(s): Roof Hatches
    • Location(s): Windows
    • Location(s): Canopy (Front/Rear)
    • Location(s): Awnings (Front/Rear)
    • Location(s): Façade Signage (Front/Rear/Side)
  • Drainage
  • Standing Water
  • Clogged Drains
  • Landscaping
    • Retention ponds
  • Bird Droppings or Nesting Materials
  • Exterior Storage
  • Merchandise Displays
  • Existing Bird Control Devices

Review

Next, after all the above items have been inspected and findings recorded, all the data needs to be reviewed. In addtion, all the current bird management practices within the facility, documentation practices, and current audit/inspection findings should be all evaluated together. All this information is your road map for developing your IBM Program. Make sure that while you are collecting all the said raw data, you also speak with all necessary staff to get the most accurate information possible.

Documentation

Now that you have conducted your inspections and collected all the data, it’s time to create a site-specific IBM Policy & Plan for the facility. The development and implementation of the IBM plan will provide the appropriate procedures that are to be implemented to prevent, control and exclude birds from entering a facility and from keeping birds an acceptable distance away from the facility. With proper training and implementation of IBM procedures, there will be a reduced likelihood that birds will be able to enter the facility, and the length of time birds remain inside the facility will be reduced—thus, reducing the level of pest bird damage caused, reducing hazards to food sources, equipment, the public, and the facility environment.

Each facility is unique in its operation, location and potential for bird activity. The facility’s IBM plan will be designed to factor its control options when remedying and preventing bird pressure.

Implementation

Now that you have an IBM Plan, it’s time to implement the plan. First, make any necessary changes based upon findings of the audit and review of all data. Next, correct any conducive conditions that were discovered during the inspection. All the items that may require adjustment may need to be planned out depending upon budgetary constraints. Define staff roles regarding bird control efforts on a front-line facility level. Each member of the action team must fully understand their role and responsibility about the implementation and day-to-day operation of the plan.

The IBM Plan is the roadmap that should be followed for managing pest birds throughout the interior and exterior of the facility and related structures. It will set forth the facility’s bird threshold levels and site-specific facility needs. Furthermore, the IBM Plan will provide in detail how each phase of the plan will be implemented at each facility. The facility coordinator, in collaboration with the IBM coordinator, shall be responsible for the administration and implementation of the IBM plan. Each of their roles and responsibly should be thoroughly reviewed and understood.

Next, conduct staff training on proper bird control removal methods if handing live removal internally. Otherwise, what are the approved processes for third-party vendors who are providing removal services? Finally, conduct a review of the new documentation process to record all necessary data for the IBM program. Data collection is a critical component in evaluating the success of the plan and determining if any adjustments need to be made.

Evaluation

To ensure goal compliance, the IBM program should be evaluated at each site annually. The review must consist of all records, the number of birds that gained access into the store, corrective actions taken (at the facility level and outside efforts), and any plan adjustments. By reviewing all the data collected, the plan’s effectiveness can be determined, and whether alterations need to be made. Note that the IBM plan is not a static document that sits in a binder. The plan will have to evolve as operations change, or the set goals of the program are not met.

Conclusion

A proactive approach to reducing bird populations is critical for food industry facilities. As such, the IBM program will ensure that your entire staff is adequately trained on all the site-specific bird control methods, reduce the frequency of birds entering the facility and create a documented bird control program that is designed for your specific facility.

Data protection, security

The Digital Transformation of Global Food Security

By Katie Evans
No Comments
Data protection, security

Modern food supply chains are inherently complex, with products typically passing through multiple suppliers and distributors, as well as countries and continents, before they end up on the supermarket shelf. While global supply chains offer consumers greater choice and convenience, they also make protecting the security of food products more challenging. With additional stakeholders between farm and fork, products are exposed to an elevated risk of biological or chemical contamination, as well as food counterfeiting and adulteration challenges—potentially putting consumer health and brand reputation in jeopardy.

Given the importance of maintaining the safety, quality and provenance of food products, global regulatory bodies are placing the integrity of supply chains under increased scrutiny. In the United States, for example, the adoption of FSMA moved the focus from responding to foodborne illnesses to preventing them by prioritizing comprehensive food testing measures, enforcing inspections and checks, and enabling authorities to react appropriately to safety issues through fines, recalls or permit suspensions.1 Similarly, China’s revised Food Safety Law (known as FSL 2015) is widely considered to be the strictest in the country’s history, and seeks to drive up quality standards by empowering regulators, and enhancing traceability and accountability through robust record-keeping. 2 The European Union continues to closely regulate and monitor food safety through its General Food Law, which is independently overseen by the European Food Safety Authority from a scientific perspective.

Achieving the Highest Standards of Food Security, Integrity and Traceability

For producers, manufacturers and distributors, the heightened regulatory focus on the security and integrity of the food supply chain has placed additional emphasis on accurate record-keeping, transparent accountability and end-to-end traceability. To meet the needs of the modern regulatory landscape, food chain stakeholders require robust systems and tools to manage their quality control (QC), environmental monitoring and chain of custody data. Despite this, many businesses still handle this information using paper-based approaches or localized spreadsheets, which can compromise operational efficiency and regulatory compliance.

The fundamental flaw of these traditional data management approaches is their reliance on manual data entry and transcription steps, leaving information vulnerable to human error. To ensure the accuracy of data, some companies implement resource-intensive verification or review checks. However, these steps inevitably extend workflows and delay decision-making, ultimately holding up the release of products at a high cost to businesses. Moreover, as paper and spreadsheet-based data management systems must be updated by hand, they often serve merely as a record of past events and are unable to provide insight into ongoing activities. The time lag associated with recording and accessing supply chain information means that vital insight is typically unavailable until the end of a process, and data cannot be used to optimize operations in real-time.

Furthermore, using traditional data management approaches, gathering information in the event of an audit or food safety incident can be extremely challenging. Trawling through paperwork or requesting information contained in spreadsheets saved on local computers is time-consuming and resource-intensive. When it comes to establishing accountability for actions, these systems are often unable to provide a complete audit trail of events.

Digital Solutions Transform Food Security and Compliance

Given the limitations of traditional workflows, food supply chain stakeholders are increasingly seeking more robust data management solutions that will allow them to drive efficiency, while meeting the latest regulatory expectations. For many businesses, laboratory information management systems (LIMS) are proving to be a highly effective solution for collecting, storing and sharing their QC, environmental monitoring and chain of custody data.

One of the most significant advantages of managing data using LIMS is the way in which they bring together people, instruments, workflows and data in a single integrated system. When it comes to managing the receipt of raw materials, for example, LIMS can improve overall workflow visibility, and help to make processes faster and more efficient. By using barcodes, radiofrequency identification (RFID) tags or near-field communication, samples can be tracked by the system throughout various laboratory and storage locations. With LIMS tracking samples at every stage, ingredients and other materials can be automatically released into production as soon as the QC results have been authorized, streamlining processes and eliminating costly delays.

By storing the standard operating procedures (SOPs) used for raw material testing or QC centrally in a LIMS, worklists, protocols and instrument methods can be automatically downloaded directly to equipment. In this way, LIMS are able to eliminate time-consuming data entry steps, reducing the potential for human error and improving data integrity. When integrated with laboratory execution systems (LES), these solutions can even guide operators step-by-step through procedures, ensuring SOPs are executed consistently, and in a regulatory compliant manner. Not only can these integrated solutions improve the reliability and consistency of data by making sure tests are performed in a standardized way across multiple sites and testing teams, they can also boost operational efficiency by simplifying set-up procedures and accelerating the delivery of results. What’s more, because LIMS can provide a detailed audit trail of all user interactions within the system, this centralized approach to data management is a robust way of ensuring full traceability and accountability.

This high level of operational efficiency and usability also extends to the way in which data is processed, analyzed and reported. LIMS platforms can support multi-level parameter review and can rapidly perform calculations and check results against specifications for relevant customers. In this way, LIMS can ensure pathogens, pesticides and veterinary drug residues are within specifications for specific markets. With all data stored centrally, certificates of analysis can be automatically delivered to enterprise resource planning (ERP) software or process information management systems (PIMS) to facilitate rapid decision-making and batch release. Furthermore, the sophisticated data analysis tools built into the most advanced LIMS software enable users to monitor the way in which instruments are used and how they are performing, helping businesses to manage their assets more efficiently. Using predictive algorithms to warn users when principal QC instruments are showing early signs of deterioration, the latest LIMS can help companies take preventative action before small issues turn into much bigger problems. As a result, these powerful tools can help to reduce unplanned maintenance, keep supply chains moving, and better maintain the quality and integrity of goods.

While LIMS are very effective at building more resilient supply chains and preventing food security issues, they also make responding to potential threats much faster, easier and more efficient. With real-time access to QC, environmental monitoring and chain of custody data, food contamination or adulteration issues can be detected early, triggering the prompt isolation of affected batches before they are released. And in the event of a recall or audit, batch traceability in modern LIMS enables the rapid retrieval of relevant results and metadata associated with suspect products through all stages of production. This allows the determination of affected batches and swift action to be taken, which can be instrumental in protecting consumer safety as well as brand value.

Using LIMS to Protect Security and Integrity of the Food Supply Chain

Increasingly, LIMS are helping businesses transform food security by bringing people, instruments and workflows into a single integrated system. By simplifying and automating processes, providing end-to-end visibility across the food supply chain, and protecting the integrity of data at every stage, these robust digital solutions are not only helping food supply chain stakeholders to ensure full compliance with the latest regulations; they are enabling businesses to operate more efficiently, too.

References

  1. FDA. (2011). FDA Food Safety Modernization Act. Accessed October 3, 2019. Retrieved from https://www.fda.gov/food/food-safety-modernization-act-fsma/full-text-food-safety-modernization-act-fsma.
  2. Balzano, J. (2015). “Revised Food Safety Law In China Signals Many Changes And Some Surprises”. Forbes. Accessed October 3, 2019. Retrieved from https://www.forbes.com/sites/johnbalzano/2015/05/03/revised-food-safety-law-in-china-signals-many-changes-and-some-surprises/#624b72db6e59.

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part I)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series is intended to assist facilities that have not yet conducted vulnerability assessments or wish to review those already conducted, by leveraging lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.

Lesson 1: VA outcomes are greatly enhanced if a physical security professional is consulted. In support of this contention, there are several physical security mitigation strategies, which can be employed to support a food defense program, that are frequently under-utilized and are not optimally managed by non-security staff. Also, the FDA seems to promote the use of cameras even though this equipment is unlikely to prevent an incident of intentional adulteration. For organizations that choose to use video surveillance, a competent security professional can help organizations engineer and operate video surveillance for maximum benefits and to meet challenging record-keeping requirements when this mitigation strategy is included in a food defense plan.

Lesson 2: Given the focus by the FDA on the insider, a formal insider threat detection program is highly recommended. Trying to promote the common, “See Something, Say Something” strategy may not be enough. For example, if employees are not clearly told what to look for in terms of uniform requirements, how to identify persons who do not belong or changes to a coworker’s baseline behavior, which may indicate moving toward a path to violence or sabotage, then “See Something, Say Something” may end up being no more than a catchy slogan.

A key element of an insider threat detection program is the completion of effective background checks for all persons who will be allowed in the facility unescorted. This includes temporary employees and contractors. A common theme in many of the recent, serious intentional adulteration incidents was that the person responsible was involved in some sort of grievance observable to coworkers and supervisors. In all insider threat detection programs, the grievance becomes an important trip wire. The Carnegie Mellon University Software Engineering Institute has published a document titled, “Common Sense Guide to Mitigating Insider Threats, Sixth Edition”. In this document is some particularly helpful guidance that can be used to stand up an insider threat detection program, but this is an effort that can take some time to fully implement.

Lesson 3: The FDA has made it abundantly clear that they believe the focus for the food and beverage industry should be the radicalized insider. A closer look at all the recently publicized contamination events suggests that there are other profiles that need to be considered. A good foundational model for building profiles of potential offenders can be found in the OSHA definitions for workplace violence offenders, which has been expanded to address ideologically based attacks. Table I applies those descriptions to the food and beverage industry, with an asterisk placed by those offender profiles that exist in recent incidents and discussed later in the text.

Class OSHA Workplace Violence Offender Description Motivation Translated to the Food and Beverage Industry
1 The offender has no legitimate relationship to the business or its employee(s). Rather, the violence is incidental to another crime, such as robbery, shoplifting, trespassing or seeking social media fame. Behavioral Health Patient *
Social Media Fame Seeker *
Copycat *
Extortion *
Economic motivation *
2 The violent person has a legitimate relationship with the business—for example, the person is a customer, client, patient, student, or inmate—and becomes violent while being served by the business, violence falls into this category. My load isn’t ready, you are costing me money
3 The offender of this type of violence could be a current employee or past employee of the organization who attacks or threatens other employee(s) in the workplace. I am upset with a coworker and adulterate to create problems for that person *
I am upset with the company and adulterate as retribution and to harm the brand *
Youthful stupidity
I am not paid enough *
4 The offender may or may not have a relationship with the business but has a personal (or perceived personal) relationship with the victim. I am upset with an intimate partner/ coworker and adulterate to create problems for that person
5 Ideological workplace violence is directed at an organization, its people, and/or property for ideological, religious or political reasons. The violence is perpetrated by extremists and value-driven groups justified by their beliefs. Radicalized Insider
Table I. A description of OSHA workplace violence offenders and how it can be applied to the F&B industry.

A supermarket in Michigan recalled 1,700 lbs. of ground beef after 111 people fell ill with nicotine poisoning. The offender, an employee, mixed insecticide into the meat to get his supervisor in trouble. In Australia, the entire strawberry industry was brought to its knees after a disgruntled supervisor “spiked” strawberries with needles. There were more than 230 copycat incidents impacting many companies. A contract employee in Japan, apparently disgruntled over his low pay, sprayed pesticide on a frozen food processing line resulting in illnesses to more than 2,000 people. A contract worker upset with a union dispute with the company at a food manufacturing plant videoed himself urinating on the production line, then uploaded the video to the Internet. Be cognizant of any grievances in the workplace and increase monitoring or take other proactive steps to reduce the risk of intentional adulteration.

Lesson 4: The IA Rule requires that every point, step and procedure be analyzed to determine if it is an actionable process step (APS). The Hazard Analysis Critical Control Point flow charts are a good starting point to comply with this element of the law but cannot be counted on completely to achieve the standard of analyzing every point, step or procedure. Critical thinking and persons familiar with the production process need to be involved to ensure that no steps are missed. Oftentimes companies modify the HACCP flow diagrams after a VA.

Lesson 5: The FDA states in the second installment of guidance (here’s the full copy) to the industry that, “There are many possible approaches to conducting a VA. You may choose an approach based on considerations such as the time and resources available and the level of specificity desired. You have the flexibility to choose any VA approach, as long as your VA contains each required component (21 CFR 121.130).”

The FDA further states that the Key Activity Type, or KAT method, is an appropriate method for conducting a VA because it reflects consideration of the three required elements and the inside attacker. Using this methodology alone, however, can result in substantially more APS’s, which might otherwise be ruled out for practical purposes such as a lack of accessibility or a lack of feasibility to contaminate the product at a point, step or procedure. We have experienced up to a 90% decline in APS’s by utilizing another FDA recommended assessment approach, the hybrid approach, which assesses each point, step or procedure as first whether it is a KAT. Then to qualify as an APS, it must also trigger positively for public health impact, accessibility and feasibility to contaminate the product.

Organizations who have yet to execute vulnerability assessments (due July 26, 2020) or who may wish to reflect back on their existing VA’s in an effort to eliminate unnecessary APS’s should find these strategies helpful to focus limited resources to the areas where they can have the greatest effect. The next two articles in this series will cover more information on electronic access, the value of site tours, comparisons to drinking water security strategies, dealing with multi-site assessments and more. Read Part II of this series on intentional adulteration.

Megan Nichols
FST Soapbox

Tips to Train Employees and Maintain FSMA Compliance

By Megan Ray Nichols
No Comments
Megan Nichols

Eight years ago, the government passed FSMA. As a manufacturer, training new and existing employees to remain compliant with legislation is paramount. The goal isn’t to make life harder for business owners—it’s to protect American consumers from unsafe food handling and transportation practices.

The following are five tips to help warehouse managers train employees while maintaining FSMA compliance.

Understand FSMA Final Rules

It’s essential for everyone in the facility, from the CEO to the newest hire, to understand the FSMA rules. According to current Good Manufacturing Practices (cGMP), everyone who works in manufacturing, processing or packaging of food is required to train in food hygiene and safety. Managers can offer training in one of two ways—through on the job experience or via an FSMA-accredited classroom curriculum.

For individuals with specialized jobs, such as quality auditors or preventative controls qualified individuals (PCQI), the training option that allows compliance with FSMA rules is an accredited curriculum.

Utilize Warehouse Management Systems

FSMA gives the FDA authority to issue mandatory recalls for any food products if deemed necessary. To meet FSMA standards, record keeping and lot tracking is a necessity. If a product type is linked to a disease outbreak, the FDA wants to know where each product in that lot is within 24 hours. Having the ability to track and trace 100% of the products ensures that the company is FSMA compliant.

A warehouse management system (WMS) can track products, but only if you train employees in its use. While the average employee won’t be responsible for tracing a production lot in the event of a recall, each worker needs to know how to enter data into the system correctly, and how to retrieve the information if necessary. Include training in your WMS to ensure compliance.

Warehouse management systems, when paired with IoT sensors, can prevent recalls and ensure compliance by monitoring temperature fluctuations in climate-controlled areas. According to the Department of Agriculture, frozen food stored at temperatures at or below -0.4° F is always safe. A comprehensive WMS can monitor the temperature inside a facility’s freezers and alert workers or management if there are dramatic fluctuations that may result in a recall.

Seek Out Alliances

Warehouse managers are not alone when it comes to creating a compliant workplace. The FDA has established and funded three alliances—Produce Safety, Food Safety Preventative Controls, and Sprout Safety—each with their own standardized curriculum designed to help those who fall under FSMA rules.These alliances work for the majority of those in the food production industry, though they may not work for everyone.

Seek out the applicable food safety alliance and see if their training curriculums apply to your facility. Even if they don’t fit directly, these alliances can give managers an excellent place to start creating their training curriculum.

Create a Culture of Compliance

FSMA isn’t designed to make life harder for warehouse managers. Its goal is to keep people safe when buying their weekly groceries. Don’t just focus on training to meet FSMA standards. Instead, create a culture of compliance throughout the facility. Make FSMA everyone’s responsibility, and make it easier for employees to communicate with management if they notice a problem that normal channels don’t address.

As part of this culture of compliance, create incentives that reward employees for reporting problems, maintaining compliance levels and completing accredited training. Sometimes incentives can be the best way to motivate employees, whether you’re offering money, paid vacation or other benefits. Walk employees through the process of how to spot a problem and report it to management.

Continue Education Throughout Employment

FSMA compliance training isn’t something you should restrict to an employee’s onboarding. It’s something you should continue throughout their time at your facility. Make FSMA education a priority for every worker in your facility. While you want to start their training with onboarding, it shouldn’t stop there. Offer new training courses once a month or every three months—as often as you’d like without compromising productivity.

As the day-to-day grind continues, most workers forget about rules and regulations. Continuing education ensures FSMA compliance is at the forefront of everyone’s mind throughout their careers. Continuing your employee’s education is also shown to increase loyalty and reduce turnover, keeping things running smoothly and preventing warehouse managers from training new workers every quarter.

Looking Forward

The FDA oversees food safety and can issue a recall when a problem occurs. Yes, as a whole, it’s the responsibility of every single person working in the food production industry—from the highest-paid CEO to the newest employee on the production floor—to maintain compliance. It’s not enough to review guidelines with new employees during onboarding.

Training is essential to ensure everyone in a facility maintains the rules laid down by FSMA. Seek out assistance in the form of the FDA-funded alliances, continue employee education and make it a point to create a culture of compliance from the moment employees walk through the door. Offer continuous training opportunities and you’ll never have to worry about breaking FSMA rules.

2019 Food Safety Consortium, Glenn Black, CFSAN, FDA

Say What? Perspectives We Heard at the 2019 Food Safety Consortium

By Maria Fontanazza
1 Comment
2019 Food Safety Consortium, Glenn Black, CFSAN, FDA

Last week’s seventh annual Food Safety Consortium brought together a variety of industry experts to discuss key topics around regulation, compliance, leadership, testing, foodborne illness, food defense and more. The following are just a few sound bytes from what we heard at the event. (Click on any photo to enlarge)

Food Safety Consortium, Frank Yiannas, FDA “The food system today, while it’s still impressive, it still has one Achilles heel—lack of traceability and transparency.” – Frank Yiannas, deputy commissioner for food policy & response, FDA. Read the full article on Yiannas’ keynote session

“A typical food company only has about 5% visibility into known supply chain threats.” – Ron Stakland, senior business development, FoodChain ID, Inc.

“For most of us, our supply chain is a big black hole. Why are we so fearful of technology? Is it the implementation itself? What if technology could help us solve some of those perennial problems? There are resources available to help us get there.” – ¬ Jeremy Schneider, business development director, food safety and quality assurance, Controlant

“The records tell the story of how well the facility is being managed. It’s the first thing the regulators are going to look at.” – Glenn Black, Ph.D., associate director for research, CFSAN, FDA, on validation considerations and regulations for processing technologies in the food industry 2019 Food Safety Consortium, Glenn Black, CFSAN, FDA

“We’ll see more robotics enter the food space.” – Gina Nicholson Kramer, executive director, Savour Food Safety International

Melody Ge, Corvium, 2019 Food Safety Consortium “Changes are happening; you can choose to face it or ignore it. We’re at least 10 years behind on technology. Automation/technology is not a new term in aerospace, etc., but to us [the food industry], it is. We will get there.” – Melody Ge, head of compliance, Corvium, Inc., on how industry should prepare for the data-driven transformation occurring in the smarter era of food safety

It’s okay to risk and fail, but how are going to remediate that with your employee? The more learners practice in different scenarios, the less they rely on specific examples. [They] become more adept with dealing with decision making.” – Kathryn Birmingham, Ph.D., VP for research and development, ImEpik, on employee training

“As a contract lab with the vision of testing for foodborne viruses for about 10 years—it wasn’t until about three or four years ago that we had the test kits to turn that into a reality. We also didn’t have a reference method.” – Erin Crowley, chief scientific officer, Q Laboratories, on the viral landscape of testing in the food industry

“You have to be strong and you have to believe in yourself before you get into any situation—especially as a food safety professional.” – Al Baroudi, Ph.D., vice president of quality assurance and food safety at The Cheesecake Factory, on what it takes to earn respect as a food safety professional Jorge Hernandez, Al Baroudi, Ph.D., 2019 Food Safety Consortium

“’See something, say something’ is likely not enough. We recommend that companies develop a formal detection program that includes management buy-in, HR and governance, and policy documents, formal training and an awareness program…While FDA focuses on the insider threat, we feel that using a broader mitigation approach works best.” – R. Spencer Lane, senior security advisor, Business Protection Specialists, Inc. on lessons learned from food defense intentional adulteration vulnerability assessments

“Food safety is a profession, a vocation, [and] a way of life.” – Bob Pudlock, president of Gulf Stream Search

FDA

FDA Updates Food Defense Plan Builder to Support Compliance with Intentional Adulteration FSMA Rule

By Food Safety Tech Staff
No Comments
FDA

Attend the Food Defense Plenary Panel Discussion at the 2019 Food Safety Consortium | Tuesday, October 1, 2019Today FDA released an updated version of its Food Defense Plan Builder in efforts to help companies comply with the International Adulteration FSMA rule. Version 2.0 of the tool includes the following sections to help food facility owners and operators in developing a facility-specific food defense plan:

  • Facility Information
  • Process/Product Description
  • Vulnerability Assessment
  • Mitigation Strategies
  • Food Defense Monitoring Procedures
  • Food Defense Corrective Action Procedures
  • Food Defense Verification Procedures
  • Supporting Documents
  • Signature

The tool is for use on a computer, and FDA states that it does not have access to any content or documents used with the tool, nor does it track or monitor how the tool is being used. The agency also emphasizes that use of this tool is not required by law and its use does not mean that a company’s food defense plan is FDA approved or compliant with the IA rule requirements.

The original version of this tool was released in 2013. FDA will be conducting a demonstration of the Food Defense Plan Builder v. 2.0 during a webinar on October 10.

Melody Ge, Corvium

Corvium’s Melody Ge Joins Food Safety Tech Advisory Board

By Food Safety Tech Staff
No Comments
Melody Ge, Corvium
Melody Ge, Corvium
During the 2019 Food Safety Consortium, Melody Ge will present, “What shall we prepare in this data-driven transitioning time?” on Wednesday, October 2 | View the agenda

Melody Ge, head of compliance at Corvium, Inc. has been appointed to the Food Safety Tech/Food Safety Consortium Advisory Board. Ge joins an esteemed group of food safety professionals who care deeply about helping the industry understand and navigate the various challenges companies face on a daily basis.

“As someone who has contributed insightful knowledge to our publication, we chose to extend an invitation to Melody to join our Board because we think she will be an asset for the industry to learn from when it comes to better compliance and leveraging technology in food safety programs,” said Maria Fontanazza, editor-in-chief of Food Safety Tech, in a Corvium press release.

“All of us in the food industry understand the importance of embracing the best practices to ensure the safest products to protect the public,” said Ge. “I look forward to bringing my experience which complements so many other industry leaders already part of this organization.”

Some of Ge’s recent contributions to Food Safety Tech include:

FDA

FDA Says Routine Intentional Adulteration Inspections Will Start March 2020

By Food Safety Tech Staff
No Comments
FDA

Learn more about how to mitigate the risks of food fraud and intentional adulteration at the Food Safety Supply Chain Conference | May 29–30, 2019 | Rockville, MD or attend virtuallyThis week FDA made an announcement during a public meeting that the agency’s routine inspection to verify compliance with the FSMA Intentional Adulteration rule will start next March.

The first compliance date for the rule is this July. It is a requirement for food facilities covered under this rule to develop and implement a food defense plan that identifies vulnerabilities and the consequent mitigation plan.

FDA stated that it has received feedback on the “novel nature” of the rule’s requirements and that stakeholders want more time to develop their food defense plans. “ To allow industry time with the forthcoming materials, tools, and trainings, and because the IA rule represents new regulatory territory for all of us, we will be starting routine IA rule inspections in March 2020,” FDA stated and added that it is working on developing more resources as well as the final part of draft guidance to continue to assist industry.