FSMA Preventive Controls: Are You Prepared? Use this self-diagnostic assessment tool to help determine your current state of planning for FSMA.With so many factors and new requirements to consider, have you and your team thought about how well you really know FSMA and all that the new regulations entail? Here at Food Safety Tech, we’ve heard from sources in the industry that many elements of FSMA are not fully understood.
Working with Bill Bremer, principal of food safety compliance at Kestrel Management, LLC, Food Safety Tech is introducing a six-part FSMA IQ test. Results will be posted each week in our Food Safety Consortium newsletter leading up to the 2016 event.
Today, September 19, marks the first major FSMA compliance date. Larger companies (500 employees or more) must meet certain requirements of the Preventive Controls for Human Food final rule related to current good manufacturing practice requirements. In anticipation of the questions surrounding these requirements, FDA has released a Q&A with Joann Givens, co-chair of the FSMA Operations Team Steering Committee and director of the agency’s Food and Feed Program in the Office of Regulatory Affairs.
“We know that this is new territory for food companies; it’s new territory for us too. For years we’ve been talking about the FSMA rulemakings and our implementation plans,” says FDA’s Joanna Givens. “Now, an important compliance date is here for some companies. As we enter this new chapter, the FDA’s primary focus will continue to be on education, training and technical assistance to help companies comply with the new requirements.”
FDA recently took action to aid industry with the upcoming FSMA compliance dates. The agency issued two draft guidances with the intent of helping both domestic and foreign companies comply with the CGMP requirements and the human food by-product requirements in the FSMA Preventive Controls for Animal Food rule.
FDA is also extending compliance dates for provisions within the FSMA Preventive Controls, Foreign Supplier Verification Programs and Produce Safety rules. According to an agency release:
“The changes include providing more time for manufacturers to meet requirements related to certain assurances that their customers must provide, more time for importers of food contact substances, and other extensions to align compliance dates for various other food operations or provide time for FDA to resolve specified issues. The rule also clarifies the timeframe for agricultural water testing.”
3. Determining whether to initiate a market withdrawal or recall procedure depends on the situation and unfortunately, is not always a clear-cut decision.
2. According to the CDC, the multi-state outbreak of Shiga toxin-producing E. Coli O121 has sickened at least 42 consumers (with 11 hospitalizations) across 21 states.
As part of FSMA implementation, FDA has announced a final rule, effective today, that will better protect public health by improving accuracy of the food facility registration database. The Amendments to Registration of Food Facilities will also help the agency more efficiently use its resources to conduct inspections and aid in a faster response to food-related emergencies.
The final rule adds provisions to the current regulations to codify certain provisions of FSMA that were self-implementing and effective upon enactment of the regulation, according to an FDA update. Provisions require:
Email address for registration
Registration renewal every two years
Registrations must have assurance that FDA will be allowed to inspect the facility at any time
Important dates:
Final rule effective July 14, 2016. Registrations must contain type of activity conducted at the facility for each food product category.
Requirement of electronic submission of facility registrations takes effect January 4, 2020.
As part of registration proves, food facilities must provide unique facility identifier (UFI) beginning October 1, 2020.
Do you have a background in science and policy? Are you interested in produce safety? Do you want to work for the FDA? If you answered ‘yes’ to these three questions, then FDA might have a job for you.
The agency is looking for eight experts to help build the Produce Safety Network, which will support implementation of the FSMA produce safety rule. These folks will be part of the first phase of new FDA hires to support compliance with the rule and will work with state public health and agricultural agencies throughout the United States.
If you’re interested in the consumer safety officer position, you’ll need to move quickly. According to the agency’s listing on usajobs.gov, the position listing closes on Friday, July 15.
Later this year FDA will hire 40 more consumer safety officers to work domestically and internationally on inspection, investigations and technical assistance.
Compliance to FSMA has presented a new and difficult challenge for industry, the public and the FDA since it passed on January 4, 2011. With compliance dates for the initial FSMA rule—Preventive Controls—coming in September 2016, food sites must establish plans now to meet the impending deadline.
Complying with the Preventive Controls Rule
The Preventive Controls Rule was published September 17, 2015, with the compliance date for registered companies (more than 500 employees) scheduled for September 19, 2016. The compliance date is one year later for companies with fewer than 500 employees, unless otherwise specified under FSMA.
Under the FSMA rules, registered food facilities must evaluate and implement preventive control provisions and meet the requirements and the approaching deadline. The most urgent concerns for companies subject to the Preventive Controls Rule include developing a Preventive Controls Program, identifying a Preventive Control Qualified Individual (PCQI), and implementing a Food Safety Plan.
The following areas are all included under the FSMA Preventive Controls Rule:
Hazard Analysis. Companies must identify and evaluate known and reasonably foreseeable hazards.
Preventive Controls. Preventive controls must be implemented to significantly minimize or prevent the occurrence of hazards.
Monitoring. Preventive controls must be monitored for effectiveness.
Corrective Actions. Procedures for addressing failures of preventive controls and prevention of affected food from entering commerce are required.
Verification. Facilities are required to verify that preventive controls, monitoring and corrective actions are adequate.
Recordkeeping. Records must be kept for two years.
Written Plan and Documentation. A written plan must document and describe procedures used to comply with requirements.
Qualified Individual. A Qualified Individual who has been adequately trained must be present at the facility to manage the preventive controls for the site and the products processed and distributed at/from the site.
Failure to implement Preventive Controls (a.k.a., Hazard Analysis and Risk-based Preventive Controls (HARPC)) for qualified sites may result in fines and possible jail sentences.
Self-Diagnostic Assessment Tool
The following self-diagnostic assessment tool can help organizations better determine their current state of planning for FSMA compliance (see Table I). To complete your own planning assessment, review your progress compared to the questions below.
Get Compliance-Ready
Companies must have their training, planning and development underway to comply, or face possible violations, fines, and penalties under FDA enforcement. The questions in Table I will help companies identify the areas in which they need to focus attention. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage the preventive controls program—and change “No” responses into “Yes” responses that promote best practices for FSMA compliance.
Food Safety Tech recently sat down with experts from Eurofins to discuss FSSC 22000. According to Kristopher Middleton, technical manager at Eurofins, and Kim Knoll, food safety systems national sales manager at the company, there are still quite a few companies (especially in North America) that are unfamiliar with the ins and outs of the certification scheme. In a Q&A with FST, Middletown and Knoll break down the basics of FSSC 2000, along with explaining some of its benefits.
Food Safety Tech: How is the trend with FSSC 22000 evolving?
Kristopher Middleton: The scheme started in 2009 based on a demand for people wanting to have an ISO-based certification within the GFSI benchmarking process. When the program came out, it trended toward larger companies that already had ISO-based certifications, mainly ISO 22000 and ISO 9001. The FSSC 22000 scheme is the fastest growing GFSI benchmarking scheme currently. It’s not just for large multinational companies; a lot of smaller suppliers are seeking certification to this scheme. The foundation continues to expand its scopes to become a true farm-to-fork certification program.
FST: Is FSSC 22000 also appropriate for a single site or for a company with fewer than 50 employees?
Middleton: The certification doesn’t discriminate based on facility size—nor footprint or number of employees. It’s ideal for any company that has a robust food safety management system and manufacture products that fall within the FSSC 22000 scope of certification. This currently includes manufacturers of perishable animal products (feed and food), perishable vegetable products, products with a long shelf life, biochemical products (i.e., food ingredients, vitamins, biocultures, etc.), manufacturers of food packaging, and primary production of animal products.
The key thing about FSSC 22000 certification is that it is not a terribly prescriptive food safety scheme, when compared to others that are available. You will be successful with FSSC 22000 certification if you are confident and knowledgeable about your own food safety management system, and you have appropriate justification or validation for the method in which your programs have been implemented, as well as validation for the controls of your food safety hazards.
FST: Are there quite a few companies that have not heard of FSSC 22000 or are not aware that it is a GFSI-recognized scheme?
Middleton: Since ISO 22000 was not terribly popular here in North America, it didn’t catch on right away. It was more so overseas that it caught on. However, within the past two years the scheme has become increasingly popular here, especially among companies that have other ISO standards already implemented (i.e. ISO 9001, 14001, 18001,etc), where it relates to occupational health and safety, environmental, and quality. The reason for that is the FSSC can easily intertwine with that entire management system program so that it all works together versus having separate programs in place.
Kim Knoll: I’m having a lot of conversations with smaller manufacturers who are brand new to GFSI. Many of them are being asked by their customers to achieve a GFSI benchmarked certification and are in the early stages of researching scheme options. Some of these companies are surprised to learn that FSSC 22000 is a viable option. Like other certification schemes, Eurofins lends support to companies planning to pursue FSSC 22000 through training courses, consulting services, pre-assessments and ultimately certification services. Even though FSSC 22000 is a newer scheme, auditor availability is not an issue.
FST: What are the key differences between FSSC 22000 and the other GFSI schemes?
Middleton: Probably the most apparent difference with FSSC compared to other GFSI benchmark schemes is the fact that your certification lasts for three years, not one year. The reason for that is that it’s not a product-based certification like the others, it is a process-based certification and it uses the accreditation standard of ISO 17021 not ISO 17065. It also uses ISO 22003 for direction to the certification body for the conducting of the audit. That doesn’t mean that sites won’t be audited annually; it just means that once the certificate is granted, it’s good for three years.
Another key difference is that there is no true pass or fail within the audit. It’s a conform or not-conform audit. The decision to certify is based off the findings from the auditor and their recommendations, as well as the decision from a technical review meeting at the certification body. It requires the effective closure of a particular non-conformance or satisfactory plan being submitted for the closure of those non-conformances before the actual certificate can be granted. So that’s a bit different, because you can just submit plans for your non-conformances [instead of] actually showing that everything has been completely resolved. That being said, if a facility isn’t able to hold or get a certificate, if there’s an imminent food safety threat noted during an audit—if there’s an issue, such as a potential recall or contaminated goods, the ability to be granted that certificate is not feasible.
FST: Can you walk us through the auditing and certification process under FSSC 22000?
Middleton: Like any of the standards out there, you can get a pre-assessment, which is not necessarily part of the certification activity. The certification activity starts at a Stage 1 audit within this scheme (also known as a document audit within other schemes). It’s an evaluation of a facility’s food safety management system document to determine if they’re valid. The process does not include an entire evaluation of the implementation of the program, just simply that the programs are adequately designed and meet the requirements that are in place.
Next there’s a Stage 2 audit (sometimes referred to a facility audit) that is conducted no more than six months after the Stage 1 audit. The Stage 1 audit will identify the areas of concern—programs that might not meet exactly what the specifications required within the standard, which would become non-conformances in a Stage 2 audit (also called a facility audit or certification audit).
The Stage 2 audit is the full evaluation of the implementation of the program that was reviewed in the Stage 1 audit. Following completion of the audit, effective closure of non-conformances is required. This closure can either be [related to] major non-conformances, CAPA or root cause analysis. You have to supply evidence that the non-conformance is properly eliminated and will not recur, and this evidence must be supplied to the certification body and the auditor for review.
Any other non-conformances (also known as minor non-conformances) must have corrective action plans. Companies need to state how they plan on resolving the issue. They will be “closed” but left open for the next audit, which has to occur within one calendar year (known as a surveillance audit). The term “surveillance audit” within this standard is different from some of the other standards. Within some of the other standards, a surveillance audit is not a yearly activity—it is done within the year of certification. The surveillance audit within this standard is a yearly audit that is required to meet the requirements of GFSI. It’s also a requirement within [ISO] 17021 and [ISO] 22003 that surveillance audits are conducted. The GFSI requirement changed the surveillance audit within the ISO world because they used to do a sampling audit, which progressed to a full-blown audit. Your whole food safety management system will be evaluated, which is slightly different from ISO 22000 surveillance audits.
After that audit is conducted, you have another surveillance audit in the following calendar year. Within those surveillance audits, if any minor non-conformances or non-conformances from the previous audit are still present, they are upgraded to major non-conformances and [companies] would have to implement a full corrective action plan, root cause analysis, etc. and then determine the solution.
Once the second surveillance audit is conducted, the following year will be your recertification audit, which is simply another facility audit. It’s not a document audit—you don’t have to do Stage 1 audits after that initial one. This recertification audit occurs prior to your certificate expiring.
There is no question that we are in the midst of a unique time period in history. Technology is continuing to innovate at an increasingly rapid rate, which has led to drastic changes that affect nearly every corner of day-to-day life. From the way we find information to our food choices, technology is influencing our lives in new ways.
The Rise of the Internet
Mary Meeker, the venture capitalist who was dubbed the “Queen of the Internet” more than 15 years ago, has described the current Internet age as a period of reimagining. At the heart of this reimagining has been the rapid growth, maturity and adoption of the Internet and Internet-enabled technologies.
In her most recent 2015 research, Meeker published some fascinating statistics. The number of people online has ballooned more 80 times, from a user base of a mere 35 million in 1995 to a staggering 2.8 billion users in less than 20 years. This figure translates into nearly 40% of the total global population.
It hasn’t just been the volume of usage that has evolved radically. The nature by which those billions of users are signing online has also changed. It’s hard to believe that the original iPhone was released in 2007, less than 10 years ago. In that time, the mobile Internet has gone from a novelty to a necessity for many of us in our daily lives. This smartphone adoption has fueled Internet use and has drastically increased the ease with which consumers can get online.
Reimagining Communication and Compliance
The result of our new “always-on,” globally connected world (to borrow Meeker’s term) is a complete reimagining of communication. Consumers expect a velocity and volume of communication that the world has never before experienced. We now take for granted that we can reach friends, family and acquaintances anywhere in the world—at any time—in an instant. This has also drastically changed our expectations of business relationships.
Consumers in an ever-connected world have an expectation of availability and transparency of information from the brands with which they interact and the establishments they frequent. What this means for businesses is that customers expect to have a degree of access to business data that they’ve never asked for previously.
A tangible side effect of this desire for data transparency can be seen within the regulatory environment that organizations operate. Governments and regulatory bodies have increased their expectations of data access and availability over time, resulting in more stringent regulations across the board.
Research from Enhesa shows that the regulatory growth rate is nearly as staggering as Internet growth rates. According to the firm’s research, from 2007–2014 regulatory increases by region were as follows:
North America: +146%
Europe: +206%
Asia: +104%
Impact on Food Safety: Consumer Engagement and Regulatory Growth
One particular area of regulatory growth has occurred within the food and beverage sector. Arguably no product category has a more direct impact on consumers than food, as it literally fuels us each day. It’s no wonder that in an environment of increasing regulations and more empowered consumers that food quality and food safety are under increased scrutiny.
In today’s environment, it becomes much more challenging to brush aside product recalls and food safety incidents or bury these stories in specialized media. The latest news is not just a fleeting negative headline. In a worst-case scenario these incidents are viral, voracious and more shareable than ever before. From Listeria outbreaks to contaminated meat to questionable farming practices—when fueled by the Internet, the negative branding impact of these stories can be staggering. Consumers are paying attention and engaging with these stories—for example, during a Listeria or Salmonella outbreak, online searches for these terms significantly rise.
The rise of hyper-aware consumers has had a measurable impact. As a result, governments have been quick to respond and have beefed up existing regulations for the food and beverage sector via FSMA and GFSI.
TraQtion has announced new software that is designed to help companies better manage supply chain risks. By scanning, evaluating and interpreting data, the upgraded cloud-based software is able to anticipate potential issues and whether corrective measure must be taken immediately, and alerts clients to suppliers, products and sites that pose a higher risk. Its intelligent compliance engine runs an algorithm in the background to provide visibility to problem areas and prioritizes responses across a company’s locations accordingly. A product inspection module automatically identifies in-spec and out-of-spec products through testing and inspection. A dashboard gives users an overview of the company’s quality and compliance program, and uses a color-coding system to rate suppliers, products and sites.
TraQtion is a wholly owned subsidiary of NSF International.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for these cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
We also use cookies to store your preferences regarding the setting of 3rd Party Cookies.
If you visit and/or use the FST Training Calendar, cookies are used to store your search terms, and keep track of which records you have seen already. Without these cookies, the Training Calendar would not work.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Cookie Policy
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.
Our Privacy Policy explains how we collect and use information from and about you when you use This website and certain other Innovative Publishing Co LLC services. This policy explains more about how we use cookies and your related choices.
How We Use Cookies
Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.
In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.
You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.
Individuals may opt-out of 3rd Party Cookies used on IPC websites by adjusting your cookie preferences through this Cookie Preferences tool, or by setting web browser settings to refuse cookies and similar tracking mechanisms. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device on which you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the websites. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc. You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly or less effectively.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.