Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series addressed the importance of a physical security expert, insider threat detection programs, actionable process steps (APS) and varying approaches to a VA. To further assist facilities with reviewing old or conducting new VAs, Part II will touch on access, subject matter experts, mitigation strategies and community drinking water through more lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.
Lesson 6: Utilization of Card Access. The FDA costs of implementing electronic access control, as reported in the Regulatory Impact Analysis document (page 25) are shown in Table 1.
Average Cost Per Covered Facility
Initial
Recurring
Total Annualized
Prohibit after hours key drop deliveries of raw materials
$
$1070
$1070
Electronic access controls for employees
$1122
$82
$242
Secured storage of finished products
$1999
$–
$285
Secured storage of raw materials
$3571
$–
$508
Cameras with video recording in storage rooms
$3144
$–
$448
Peer monitoring of access to exposed product (not used)
$47
$1122
$1129
Physical inspection of cleaned equipment
$–
$303
$22
Prohibit staff from bringing personal equipment
$157
$–
$22
Total
$9993
$1455
$2878
Table I. Costs of Mitigation
In our opinion, these costs may be underreported by a factor of five or more. A more realistic number for implementing access control at an opening is $5,000 or more depending on whether the wire needs to be run in conduit, which it typically would. While there are wireless devices available, food and beverage organizations should be mindful that the use of wireless devices may in some cases result in the loss of up to 50% of electronic access control benefits. This happens because doors using this approach may not result in monitored-for-alarm conditions, such as when doors are held open too long or are forced open. Some wireless devices may be able to report these conditions, but not always as reliable as hardwired solutions. Using electronic access control without the door position monitoring capability is a mistake. From a cost standpoint, even a wireless access control device would likely be upwards of $2,000 per opening.
Lesson 7: In the interest of time, and in facilities with more complex processes (which increases the work associated with the VA), plan to have quality, food safety and physical security personnel present for the duration of the VA. But also bring in operational specialists to assess each point, step or procedure for the respective operational areas. You may wish to have a quick high-level briefing for each operational group when it’s their turn to deliberate on their portion of the manufacturing operation. Proper planning can get a hybrid style VA done in one-and-a-half to three days maximum for the most complex of operations.
Lesson 8: Conduct a thorough site tour during the assessment process; do not limit your vulnerability activity to a conference room. Both internal and external tours are important in the assessment process by all members of the team. The external tour is needed to evaluate existing measures and identify vulnerabilities by answering questions such as:
Is the perimeter maintained?
Are cameras pointed correctly?
Are doors secure?
Are vehicles screened?
Are guards and guard tours effective?
Internal tours are important to validate documented HACCP points, steps or procedures.A tour also helps to validate process steps that are in multiple parts and may need to be further assessed as a KAT, for public health impact, accessibility and feasibility or to identify issues that have become “invisible” to site employees which might serve a security purpose.
Properly conducted tours measure the effectiveness of a variety of potential internal controls such as:
Access control
Visitor controls
Use of identification measures
Use of GMP as a security measure (different colors, access to GMP equipment and clean rooms)
Effectiveness of buddy systems
Employee presence
Lesson 9: Do not forget the use of community drinking water in your processes. This is an easy way to introduce a variety of contaminants either in areas where water is being treated on site (even boiler rooms) or where water may sit in a bulk liquid tank with accessibility through ladders and ports. In our experience, water is listed on about half of the HACCP flow charts we assessed in the VA process.
Lesson 10: Some mitigation strategies may exist but may not be worth taking credit for in your food defense plan. Due to the record keeping requirements being modeled after HACCP, monitoring, corrective action and verification records are required for each mitigation strategy associated with an APS. This can often create more work than it is worth or result in a requirement to create a new form or record. Appropriate mitigation strategies should always be included in your food defense plan, but sometimes it produces diminishing returns if VA facilitators try to get too creative with mitigation strategies. Also, it is usually better to be able to modify an existing process or form than having to create a new one.
Lesson 11: In cases of multi-site assessments, teams at one plant may reach a different conclusion than another plant on whether an identical point, set or procedure is an APS. This is not necessarily a problem, as there may be different inherent conditions from one site to the next. However, we strongly suggest that there be a final overall review from a quality control standpoint to analyze such inconsistencies adjudicate accordingly where there is no basis for varying conclusions.
Lesson 12: If there is no person formally responsible for physical security at your site, you may have a potential gap in a critical subject matter area. Physical security measures will make at least a partial contribution to food defense. Over 30 years, we have seen many organizations deploy electronic access control, video surveillance and lock and key control systems ineffectively, which provides a false sense of security and results in unidentified vulnerability. It is as important to select the right physical security measures to deploy, but also critical to administer them in a manner that meets the intended outcome. Most companies do not have the luxury of a full-time security professional, but someone at the plant needs to be provided with a basic level of competency in physical security to optimize your food defense posture. We have developed several online training modules that can help someone who is new to security on key food defense processes and security system administration.
Lesson 13: As companies move into ongoing implementation and execution of the mitigation strategies, it is important to check that your mitigation strategies are working correctly. You will be required to have a monitoring component, correction action and verification intended for compliance assurance. However, one of the most effective programs we recommend for our clients’ food defense and physical security programs is the penetration test. The penetration test is intended to achieve continuous improvement when the program is regularly challenged. The Safe Quality Food (SQF) Institute may agree with this and now requires facilities that are SQF certified to challenge their food defense plan at least once annually. We believe that frequency should be higher. Simple challenge tests can be conducted in 10 minutes or less and provide substantial insight into whether your mitigation strategies are properly working or whether they represent food defense theater. For instance, if a stranger were sent through the plant, how long would it take for employees to recognize and either challenge or report the condition? Another test might include placing a sanitation chemical in the production area at the wrong time. Would employees recognize, remove and investigate that situation? Challenge tests are easy high impact activities; and regardless of the outcome, can be used to raise awareness and reinforce positive behaviors.
Whether training a new security officer, reviewing existing security plans or preparing for an upcoming vulnerability assessment (due July 26, 2020), these lessons learned from experienced security consultants should help to focus efforts and eliminate unnecessary steps at your facility. The final installment in this series will address broad mitigation strategies, the “Three Element” approach and food defense plan unification. Read the final installment of this series on Lessons Learned from Intentional Adulteration Vulnerability Assessments, Part III.
Find records of fraud such as those discussed in this column and more in the Food Fraud Database. Image credit: Susanne Kuehne.
The nose knows: In case fish smells “fishy”, it is no longer fit for human consumption. A Canadian fish importing company pleaded guilty to the import of 9,000 pounds of rotten and partially decomposed fish into the United States. The potentially adulterated fish was sampled by the FDA, who declared it to be too spoiled to be sold in the country, hence refused its entry into the United States—but the fish was imported via a wrong shipment declaration anyway. The crime of importing refused food carries a prison sentence of up to a year.
Last month, the FDA held a public meeting to discuss its New Era of Smarter Food Safety initiative, with a rallying call to create a more “digital, traceable and safer food system.”
FDA Deputy Commissioner for Food Policy and Response Frank Yiannas made it clear that the FDA is not replacing FSMA. Rather, the goal is to build on it, recognizing changes in the food industry over the last 10 years and the technologies available to tackle new challenges.
This isn’t surprising given continuing quality issues resulting in food recalls and shelf withdrawals. Last year, two major outbreaks of E. coli that were tied to consumption of romaine lettuce made a mark on industry perceptions, impacting customer trust, brand loyalty and the bottom line of companies involved were affected. Research by Allianz found recall costs could reach $10,000,000 for significant events.
To achieve the FDA’s goal of end-to-end traceability, the amount of information carried by every food item needs to increase, as will information about its location and condition in the supply chain. Grocers are at the sharp end of the food chain, meaning everything the FDA is proposing will impact them. As well as being merchandisers, they are brand-owners in their own right. They work directly with farmers and growers, they are directly involved in food safety, storage and distribution, and they feel the impact of recalls more than most. Unlike others in the food chain, they interact with consumers daily. This is important to note, since consumers are expecting communication on recalls immediately. In a recent study of more than 15,800 global consumers, 66% of respondents noted that they expect immediate notification of a product recall and another 28% stated they expect notification within a week.1 Furthermore, 88% said if a retailer immediately informed them of an issue, they would be more likely or slightly likely to trust them. The study also found that only 16% of consumers completely trust the product information provided to them from retailers today. In short, the impact of recalls extends far beyond the empty store shelf, and gives the industry even more reason to strive for safety.
High-Tech Next Steps
The FDA plans to publish a strategic blueprint early in 2020 of planned actions to meet its goal, but food brands and grocers need not wait to act. Proven technologies like brand compliance solutions, combined with emerging blockchain track and trace solutions and Internet of Things (IoT) sensors can add new depth and detail to traceability in the food supply chain, and these new technologies are already helping grocers and retailers keep consumers safe.
As retailers have sought a better means to track supply chain movements, blockchain technology has emerged as a potential way forward. Originally developed to manage financial transactions involving cryptocurrency, blockchain has proven to be capable of providing a verifiable record of the movement of goods through a supply chain. In fact, one major retailer has been piloting blockchain for more than a year and has already proven its value on produce items, cutting traceability times from more than a week to a matter of seconds. Some want to go even further and use IoT sensors to monitor the condition (e.g., temperature) of food products in the supply chain. Together, blockchain can help trace the path a product took through the supply chain and IoT can monitor the environmental conditions en route, providing a more cohesive picture of its supply chain journey.
But while supporting a few simple products with one ingredient and a one-step supply chain, such as fruits or vegetables, is one thing, scaling to address the needs of the average private brand retailer—now handling more than 10,000 active products from 2,000 production sites globally—is another. Managing the complexity of a product like tiramisu or a ready-made meal with dozens of ingredients, all coming from different sources, needs a different approach. To address the complexity, many are turning to brand compliance solutions—trusted, real-time repositories of information spanning the entire supply chain. For example, those using brand compliance solutions now have complete visibility of the ingredients in their private label products, helping them ensure labeling accuracy and transparency for consumers. Brand compliance tools also bring improved visibility of the food supply chain, enabling them to verify the status of manufacturing sites and respond quickly to food quality issues.
This combination of detailed product and supplier information makes brand compliance a foundational enabler for any blockchain/IoT-based initiative to improve supply chain visibility and traceability. For example, using brand compliance solutions, grocers can:
Confirm the ethical compliance of the supply chain at the point of selection or review, while using blockchain/IoT to monitor the ongoing conformance to these standards
Validate shelf life claims during formulation, while blockchain/IoT monitors logistical movement and environments to optimise products’ freshness
Record products’ formulation and ingredients to ensure safety, legal compliance and labeling accuracy, with blockchain/IoT monitoring the ongoing conformance to these standards
Rapidly identify potential risks across the entire formulation and supply chain, while tracking the affected batches to stores using blockchain and IoT
This convergence of static factual data (e.g., formulation, nutrition and allergens) linked to near real-time traceability and checking offers grocers confidence in the data and supports the consumer’s confidence of an actual product in their basket.
Looking Ahead
It seems clear that the food business is moving in the same direction as airlines and banks and becoming much more data driven. For grocers looking to keep pace, they will need to:
Treat data as a core competency. This means hiring information experts, investing for the future, and using data to identify ways to deliver better, safer products.
Create a customer-centric value promise. Grocers must go beyond regulatory compliance and use data to improve consumer transparency, support ethical sourcing initiatives, expand sustainable packaging and speed innovation.
Go above and beyond. Rather than waiting for FDA direction or simply complying with requirements, brands should take matters into their own hands, hold themselves to high markers and get started now.
In the future, improving the way that we manage the food supply chain is not just about how well we work with trucks and warehouses; it’s about how use information. The FDA’s initiative makes a clear statement that now is the time to modernize our food supply chains. As we look ahead to a new decade, the industry can come together to improve food safety and protect consumers, and we need not wait for the FDA’s blueprint or even the new year to get started.
Reference
Setting the Bar: Global Customer Experience Trends 2019. (2019). Oracle Retail. Retrieved from https://go.oracle.com/LP=86024.
Find records of fraud such as those discussed in this column and more in the Food Fraud Database. Image credit: Susanne Kuehne.
In the United States, the FDA is responsible for regulations and recommendations to protect public health, which includes the prevention of any type of food adulteration (unintentional contamination, intentional adulteration, and food fraud – or “economically motivated adulteration”). FSMA (the Food Safety Modernization Act) resulted in new regulations and guidance with strategies to reduce all types of risks in food facilities. It was the most comprehensive reform of FDA’s food safety regulations in more than 70 years.
By Cori Goldberg, Adam Brownrout, John Kendzior No Comments
On October 29, 2019, the USDA released its long-awaited draft rule establishing a domestic hemp production plan, providing clarity to growers and ancillary businesses about how the USDA will regulate the hemp crop. The USDA, under authority provided by the 2018 Agricultural Improvement Act (2018 Farm Bill), was tasked with promulgating regulations and guidelines to establish and administer a program for the production of hemp in the United States. This rule has now arrived and been published in the Federal Register. The rule provides requirements for all state and tribal hemp production plans including requirements for testing hemp, licensing growers, disposing of non-compliant hemp, and collecting and storing information related to hemp production. The USDA will now accept public comment on the rule until December 30, 2019.
Although the USDA rule will greatly contribute to the expansion of legally grown hemp in the United States, this rule does not alter the law regarding CBD foods and CBD dietary supplement products. This is because the 2018 Farm Bill left intact FDA’s authority to regulate the sale and marketing of CBD foods, dietary supplements, drugs, and cosmetics, as those product types fall under FDA’s purview generally. FDA has allowed the sale of CBD cosmetics, with certain restrictions, and companies may submit CBD products to FDA through FDA’s drug approval process. However, it has maintained that the addition of CBD to foods and dietary supplements is illegal. Under the federal Food, Drug, and Cosmetic Act (FDCA), once a substance is approved as an Active Pharmaceutical Ingredient (API) in an FDA-approved drug, that substance may not be placed into interstate commerce in a food. Also under the FDCA, once a substance is approved as an API in an FDA-approved drug, that substance is excluded from the definition of a dietary supplement. FDA approved the pediatric epilepsy drug, Epidiolex, whose API is CBD. Therefore, FDA has concluded that CBD may not be placed into foods in interstate commerce and that CBD products are excluded from the dietary supplement definition and therefore may not be sold as dietary supplements. The USDA rule does nothing to change the legal status of CBD food or dietary supplement products. Thus, despite the expected increase of hemp availability following the passage of the USDA rule, CBD companies must wait for the FDA green-light in order to manufacture or sell hemp-derived CBD food products lawfully.Learn more about important regulatory & quality issues in the cannabis space from Cannabis Industry Journal
However, the rule does state that additional hemp is necessary to support the growing CBD market, and it notably put pressure on FDA by stating that if “FDA does not provide clarity about their plans for future regulation of CBD, there will continue to be uncertainty and downward pressure on the CBD portion of the hemp market.”
So what does the USDA rule do? Under the USDA rule, states and tribes will have the option of either submitting a proposed hemp regulation plan to the USDA for approval or agreeing to submit to the USDA’s general requirements. All state and tribal plans must include certain provisions, including but not limited to:
Land used for production: State and tribal plans must identify a process for collecting, storing and maintaining relevant information regarding land used for growing hemp in the state. This includes information regarding the description, acreage, and boundaries of the farm land.
Sampling and testing for delta-9 tetrahydrocannabinol (THC): State and tribal plans must implement testing procedures to ensure that plants do not exceed THC levels above 0.3% (as provided in the 2018 Farm Bill). All testing facilities must be DEA approved, as non-compliant product with THC levels over 0.3% would be considered “marihuana” and a schedule 1 substance under the Controlled Substances Act of 1970 (CSA). Additionally, laboratories will be required to report a “measure of uncertainty” in their testing, designed to provide a buffer for the potential variation in sampling and testing procedures. Accordingly, plants testing higher than 0.3% THC but still within the “measure of uncertainty” will be considered compliant.
Disposal of non-compliant products: States and tribes must develop a procedure for destroying non-compliant cannabis containing more than 0.3% THC. Because non-compliant product is considered a controlled substance, all product must be disposed of in a manner consistent with the CSA. Therefore, product must be collected and destroyed by a DEA agent or law enforcement officer.
Inspection of hemp producers: States and tribes must develop procedures for inspecting hemp producers on an annual basis and also for inspecting random samples. The state must also develop procedures to identify and attempt to correct certain negligent acts such as not obtaining licenses or producers exceeding acceptable hemp THC levels.
Information sharing: State and tribal plans must include procedures for reporting information to the USDA. This information must be provided to the USDA within 30 days of receipt from the hemp producers and includes contact information for all hemp producers in the state, legal descriptions of the land used for hemp production, and the license status of all hemp producers in the state.
In states and tribes without an approved or proposed plan, hemp producers will be subject to the USDA general plan. The general plan also provides similar requirements for the testing and sampling of hemp. The USDA will provide licenses directly to hemp producers in states without an approved or submitted plan as some states may not want to have primary regulatory authority of hemp. These states will essentially hand over regulatory responsibility to the USDA. These licenses will be available by application 30 days after the final rule is published. Notably, the draft USDA rule also provides that states and tribes are restricted from prohibiting the transportation or shipment of hemp or hemp products produced under a state plan, tribal plan or a license issued under the FDA. The interstate commerce provision should put an end to the arrests of those transporting legally produced hemp from one state to another. For example, in July 2019, a trucker was arrested and charged with felony possessions of marijuana and intent to distribute while transporting legally grown hemp through South Dakota (South Dakota still considers hemp a controlled substance).
So while the USDA rule is much anticipated and grabbed the attention of many when published, food and dietary supplement manufacturers, distributors, and retailers are still stuck where they were before. We will all continue to wait and see what FDA will do.
During the past year, the headlines have been filled with stories of foodborne illness, product recalls, and consumers becoming sick from tainted food. In a Q&A with Food Safety Tech, Sean O’Leary, CEO at FoodLogiQ, talks food safety, traceability, and how small percentages can translate into big victories for the food industry and for the people they serve.
Food Safety Tech: From your perspective, what is the current sentiment of consumers with regard to food safety?
Sean O’Leary: Over the last few years, the consumer mindset has changed about food in general. We’ve watched fad diets come and go; however, the interest in healthy ingredients and the concern about where food comes from has graduated from a passing trend to a full shift into the public consciousness. Consumers are much more discerning about what they eat; they also demand to know where their food comes from, how it was produced, and how it got to their table. We are living in the age of transparency, and consumer expectations are high.
And who can blame them? CDC statistics tell us that approximately 48 million people get sick every year from foodborne illnesses—and that’s just in the United States; 128,000 of them end up in the hospital. When a person is admitted to the hospital, it affects more than just that one individual. If the patient is the sole breadwinner of their family, their illness affects the entire family. If the person who gets sick is a child, there can be long-term consequences that trickle down to his or her whole community. And when you consider that 3,000 people die every year from foodborne illness—that’s one 9/11 every year. That’s unacceptable, because this is a preventable issue, and unfortunately, these illnesses are an underreported public health problem.
My challenge to the food industry is simple: What if we made just a 1% improvement in the number of cases of foodborne illness? That seems like such a small percentage, but when you do that math, that’s 480,000 people who don’t get sick this year; 1,280 people who aren’t admitted to the hospital; and 30 people who don’t die. Those are significant numbers.
Sean O’Leary joined FoodLogiQ as CEO in January 2019 with more than 25 years of experience in the technology industry.
FST: To help shed additional light on this subject, FoodLogiQ conducted a national survey to tap into how U.S. consumers feel about issues related to food transparency. What did you learn from those consumer responses?
O’Leary: We polled more than 2,000 people to gauge their sentiment around food traceability and their expectations for food companies regarding foodborne illness and product recalls. The survey also posed questions around consumer preferences regarding their food sources and how they are identified on food labels and menus. The results were enlightening, to say the least.
We learned that a brand or restaurant will pay a high price in terms of customer loyalty if they experience a food recall due to consumer illness. And those customers have some strong opinions regarding how quickly the brand or restaurant should address a food safety issue.
35% of survey respondents told us they would avoid an affected brand or restaurant for a few months, and maybe they would return after the issue had been resolved. Meanwhile, nearly 25% admitted they would never use the brand or visit the restaurant again.
Of the respondents who say they care about the quality of the food they eat, 55% say they expect a recall to be executed within 24 to 48 hours.
In reality, it sometimes takes weeks for a product to be pulled from the store or restaurant. This is frequently due to communication issues, since everyone along the supply chain—the grower, supplier, packing and distribution centers, corporate office, and the retailer or restaurant—all must be notified, and a recall plan must be set in motion. Unfortunately, that communication process takes time. When that communication takes place via email or by phone call, the people responsible for pulling product may not have the information they need or may have received misinformation. This can result in lag time, and potentially unsafe product can still get into the hands of consumers.
The faster a food company can address a recall situation and return to business as usual, the faster customers will come back. But comprehensive supply chain transparency is needed to be able to make swift, accurate decisions during this time of crisis. By having a robust end-to-end traceability program and technology that provides real-time data and visibility, companies facing a recall can isolate and surgically withdraw the tainted product out of the supply chain without recalling more items than necessary. That limits the disruption and the waste of good food, which saves the company money.
O’Leary: FoodLogiQ was honored to have the opportunity to share our intricate knowledge of the food supply chain, as well as best practices regarding whole chain traceability during this monumental meeting with the FDA with more than 250 food industry leaders.
In retrospect, one thing is clear—we’re in the midst of a pivotal time of change for the world’s food supply chain. In the United States, the food industry remained status quo for decades, but the introduction of FSMA has brought increased scrutiny and accountability; I think it’s made every food company pause and evaluate where they are with regard to food safety, and that’s a good thing. And now, with the launch of the “New Era” campaign, we’re coming together in a collaborative fashion to map out how technology tools, prevention measures, new business models, and an evolving culture of food safety can be merged as a framework for a long term food safety solution. I agree with the FDA; ‘Smarter Food Safety’ is people-led, FSMA-based, and technology-enabled. It will take all of us working together to reach that goal.
Today The White House issued a statement in which President Trump announced his plan to nominate Stephen Hahn, M.D. to the position of FDA commissioner. Hahn is a radiation and medical oncologist, and currently serves as the chief medical executive at The University of Texas MD Anderson Cancer Center in Houston.
According to The Washington Post, current Acting FDA Commissioner Ned Sharpless will return to his position as director of the National Cancer Institute while HHS official Brett Giroir will step in at FDA until Hahn is confirmed. The Post reports that Sharpless’ term ends Friday, and it could only be extended if the White House named a successor—however, the White House cannot do so because paperwork has not been completed.
Honey is defined as “the natural sweet substance produced by honey bees” from the nectar of plants. However, there is not currently an FDA standard of identity for honey in the United States, which would further define and specify the allowed methods of producing, manufacturing and labeling honey (there is, however, a nonbinding guidance document for honey). Some of the details of honey production that a standard of identity might address include allowable timing and levels of supplemental feeding of bees with sugar syrups and the appropriate use of antibiotics for disease treatment.
In circumstances where strict regulatory standards for foods are not available, they may be created by other organizations.
What Is a Food Standard?
A food standard is “a set of criteria that a food must meet if it is to be suitable for human consumption, such as source, composition, appearance, freshness, permissible additives, and maximum bacterial content.”1
To ensure quality, facilitate trade, and reduce fraud, everyone in the supply chain must have a shared expectation of what each food or ingredient should be. Public standards set those expectations and allow them to be shared. They help ensure that stakeholders have a common definition of quality and purity, as well as the test methods and specifications used to demonstrate that quality and purity. Public standards help ensure fair trade, quality and integrity in food supply chains.
How Is a Standard Different from a Method?
A method is generally an analytical technique to assess a particular property of the content or safety of a food or food ingredient. For example, methods for detection of nitrates in meat products or baby food, coliforms in nut products, or high fructose syrups in honey. Methods are an important component of food standards.
A food standard goes a step further and provides an integrated set of components to define a substance and enable verification of that substance. Standards generally include a description of the substance and its function, one or more identification tests and assays (along with acceptance criteria) to appropriately characterize the substance and ensure its quality, a description of possible impurities and limits for those impurities (if applicable), and other information as needed (see Figure 1).
Figure 1. The Anatomy of an FCC Standard (Source: Food Science Program, Food Chemicals Codex, USP)
Figure 1. The Anatomy of an FCC Standard (Source: Food Science Program, Food Chemicals Codex, USP)
A standard defines both what a food or food ingredient should be and documents how to demonstrate compliance with that definition.
Public Standards and Food Fraud Prevention
Many of the foods prone to fraud are those that are not simple food ingredients, but agricultural products that can be more complex to characterize and identify (such as honey, extra virgin olive oil, spices, etc.). Milk products are an example of a commodity that is prone to fraud with a wide range of adulterants (for example, fluid cow’s milk is associated with 155 adulterants in the Food Fraud Database). Ensuring the quality and purity of a product link milk requires implementation of multiple analytical techniques or the development of non-targeted methods.
The creation of effective public standards with input by a range of stakeholders will be particularly important for ensuring the quality, safety and accurate labeling of these high value commodities in the future.
Reference
A Dictionary of Food and Nutrition 2005, Oxford University Press.
Resources
The Food Chemicals Codex is a source of public standards for foods and food ingredients. It was created by the U.S. FDA and the National Institute of Medicine in 1966 and is currently published by the nonprofit organization USP. The FCC contains 1250 standards for food ingredients, which are developed by expert volunteers and posted for public comment before publication.
The Decernis Food Fraud Database is a continuously updated collection of food fraud records curated specifically to support vulnerability assessments. Information is gathered from global sources and is searchable by ingredient, adulterant, country, and hazard classification. Decernis also partners with standards bodies to provide information about fraudulent adulterants to support standards development.
Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series is intended to assist facilities that have not yet conducted vulnerability assessments or wish to review those already conducted, by leveraging lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.
Lesson 1: VA outcomes are greatly enhanced if a physical security professional is consulted. In support of this contention, there are several physical security mitigation strategies, which can be employed to support a food defense program, that are frequently under-utilized and are not optimally managed by non-security staff. Also, the FDA seems to promote the use of cameras even though this equipment is unlikely to prevent an incident of intentional adulteration. For organizations that choose to use video surveillance, a competent security professional can help organizations engineer and operate video surveillance for maximum benefits and to meet challenging record-keeping requirements when this mitigation strategy is included in a food defense plan.
Lesson 2: Given the focus by the FDA on the insider, a formal insider threat detection program is highly recommended. Trying to promote the common, “See Something, Say Something” strategy may not be enough. For example, if employees are not clearly told what to look for in terms of uniform requirements, how to identify persons who do not belong or changes to a coworker’s baseline behavior, which may indicate moving toward a path to violence or sabotage, then “See Something, Say Something” may end up being no more than a catchy slogan.
A key element of an insider threat detection program is the completion of effective background checks for all persons who will be allowed in the facility unescorted. This includes temporary employees and contractors. A common theme in many of the recent, serious intentional adulteration incidents was that the person responsible was involved in some sort of grievance observable to coworkers and supervisors. In all insider threat detection programs, the grievance becomes an important trip wire. The Carnegie Mellon University Software Engineering Institute has published a document titled, “Common Sense Guide to Mitigating Insider Threats, Sixth Edition”. In this document is some particularly helpful guidance that can be used to stand up an insider threat detection program, but this is an effort that can take some time to fully implement.
Lesson 3: The FDA has made it abundantly clear that they believe the focus for the food and beverage industry should be the radicalized insider. A closer look at all the recently publicized contamination events suggests that there are other profiles that need to be considered. A good foundational model for building profiles of potential offenders can be found in the OSHA definitions for workplace violence offenders, which has been expanded to address ideologically based attacks. Table I applies those descriptions to the food and beverage industry, with an asterisk placed by those offender profiles that exist in recent incidents and discussed later in the text.
Class
OSHA Workplace Violence Offender Description
Motivation Translated to the Food and Beverage Industry
1
The offender has no legitimate relationship to the business or its employee(s). Rather, the violence is incidental to another crime, such as robbery, shoplifting, trespassing or seeking social media fame.
Behavioral Health Patient *
Social Media Fame Seeker *
Copycat *
Extortion *
Economic motivation *
2
The violent person has a legitimate relationship with the business—for example, the person is a customer, client, patient, student, or inmate—and becomes violent while being served by the business, violence falls into this category.
My load isn’t ready, you are costing me money
3
The offender of this type of violence could be a current employee or past employee of the organization who attacks or threatens other employee(s) in the workplace.
I am upset with a coworker and adulterate to create problems for that person *
I am upset with the company and adulterate as retribution and to harm the brand *
Youthful stupidity
I am not paid enough *
4
The offender may or may not have a relationship with the business but has a personal (or perceived personal) relationship with the victim.
I am upset with an intimate partner/ coworker and adulterate to create problems for that person
5
Ideological workplace violence is directed at an organization, its people, and/or property for ideological, religious or political reasons. The violence is perpetrated by extremists and value-driven groups justified by their beliefs.
Radicalized Insider
Table I. A description of OSHA workplace violence offenders and how it can be applied to the F&B industry.
A supermarket in Michigan recalled 1,700 lbs. of ground beef after 111 people fell ill with nicotine poisoning. The offender, an employee, mixed insecticide into the meat to get his supervisor in trouble. In Australia, the entire strawberry industry was brought to its knees after a disgruntled supervisor “spiked” strawberries with needles. There were more than 230 copycat incidents impacting many companies. A contract employee in Japan, apparently disgruntled over his low pay, sprayed pesticide on a frozen food processing line resulting in illnesses to more than 2,000 people. A contract worker upset with a union dispute with the company at a food manufacturing plant videoed himself urinating on the production line, then uploaded the video to the Internet. Be cognizant of any grievances in the workplace and increase monitoring or take other proactive steps to reduce the risk of intentional adulteration.
Lesson 4: The IA Rule requires that every point, step and procedure be analyzed to determine if it is an actionable process step (APS). The Hazard Analysis Critical Control Point flow charts are a good starting point to comply with this element of the law but cannot be counted on completely to achieve the standard of analyzing every point, step or procedure. Critical thinking and persons familiar with the production process need to be involved to ensure that no steps are missed. Oftentimes companies modify the HACCP flow diagrams after a VA.
Lesson 5: The FDA states in the second installment of guidance (here’s the full copy) to the industry that, “There are many possible approaches to conducting a VA. You may choose an approach based on considerations such as the time and resources available and the level of specificity desired. You have the flexibility to choose any VA approach, as long as your VA contains each required component (21 CFR 121.130).”
The FDA further states that the Key Activity Type, or KAT method, is an appropriate method for conducting a VA because it reflects consideration of the three required elements and the inside attacker. Using this methodology alone, however, can result in substantially more APS’s, which might otherwise be ruled out for practical purposes such as a lack of accessibility or a lack of feasibility to contaminate the product at a point, step or procedure. We have experienced up to a 90% decline in APS’s by utilizing another FDA recommended assessment approach, the hybrid approach, which assesses each point, step or procedure as first whether it is a KAT. Then to qualify as an APS, it must also trigger positively for public health impact, accessibility and feasibility to contaminate the product.
Organizations who have yet to execute vulnerability assessments (due July 26, 2020) or who may wish to reflect back on their existing VA’s in an effort to eliminate unnecessary APS’s should find these strategies helpful to focus limited resources to the areas where they can have the greatest effect. The next two articles in this series will cover more information on electronic access, the value of site tours, comparisons to drinking water security strategies, dealing with multi-site assessments and more. Read Part II of this series on intentional adulteration.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for these cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
We also use cookies to store your preferences regarding the setting of 3rd Party Cookies.
If you visit and/or use the FST Training Calendar, cookies are used to store your search terms, and keep track of which records you have seen already. Without these cookies, the Training Calendar would not work.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Cookie Policy
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.
Our Privacy Policy explains how we collect and use information from and about you when you use This website and certain other Innovative Publishing Co LLC services. This policy explains more about how we use cookies and your related choices.
How We Use Cookies
Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.
In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.
You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.
Individuals may opt-out of 3rd Party Cookies used on IPC websites by adjusting your cookie preferences through this Cookie Preferences tool, or by setting web browser settings to refuse cookies and similar tracking mechanisms. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device on which you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the websites. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc. You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly or less effectively.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.
