Tag Archives: Focus Article

Cybersecurity

Maintaining Data Security in Plant Operations

By Matthew Taylor, Tony Giles
No Comments
Cybersecurity

When it comes to cybersecurity, the food industry is facing more threats and risks than ever before, which is creating increased vulnerability in plant operations and the rest of the supply chain. Cyberattacks are focusing more and more on critical infrastructure, putting the food industry squarely in the crosshairs of cybercriminals.

Studies have shown that cybercriminals can penetrate 93% of company networks. One of the most serious threats is food tampering, with malware turning food itself into a weapon of terror. Cybercriminals can hack into food processing, transportation, and storage systems to spoil food and cause food poisoning and food shortages.

Ramping up protection costs both time and money, but making a preemptive investment in information security can save significant costs, considering that the median cost of a cyberattack increased from $10,000 to $18,000 in 2022, costing 40% of attack victims $25,000 or more.

Employees: Your First Line of Defense

The first and most crucial step in cybersecurity is employee training. When it comes to information breaches, two segments of a company can be impacted: the business and the operations. Impacts on the business could include leaking confidential client information, formulations, and recipes, among other data, while operations could include sensitive employee information.

As a company’s first line of defense, employees need to understand how important and integral their role is in data security. Phishing and malware are among the most popular forms of cyberattacks. By preying on individual employees, successful hackers can shut down production lines, reroute deliveries, and delay shipments.

Person using a computer
Phishing tests can be used to gauge employee skills in “real-life” scenarios and encourage vigilance.

Tools such as phishing tests can help gauge employee skills in “real-life” scenarios and help companies identify weaknesses across the organization. Employees who consistently fail phishing tests can be provided with additional training. Tests can also be coordinated on a recurring, random basis to keep employees alert and vigilant.

Food companies, especially those with plant operations, should also focus on physical security. Hackers will sometimes try their hand at breaching physical locations by “tailgating,” following an employee into a secured building without a badge. This type of attack incurs risks to data stored within the location and the products being manufactured. Just as with phishing simulations, it is important to educate employees about the risks of physical breaches, with reminders on how to prevent tailgating, lock computers, and safely store sensitive information.

Creating a Cybersecurity Toolkit

Building a strong culture of information security starts from the top down. Senior management must prioritize cybersecurity for employees to care about and understand its importance. Security professionals can work with senior leaders to identify the organization’s security starting point. If management makes information security a priority, that mentality trickles down to the entire organization.

This mentality can be communicated in training, team meetings, emails, and office posters. Some companies incentivize employees by providing free lunch or a day off for passing cybersecurity training and simulated tests.

Businesses can ramp up data security by implementing controls across the organization. Passwords should require a combination of upper and lowercase letters, numbers, and special characters, as well as frequent updating. In combination with strong passwords, multi-factor authentication (MFA) can secure data even further. This extra layer of protection can stop a hacker who has breached the system from advancing to further applications.

Companies should also evaluate their software and hardware to determine if upgrades are needed. Legacy infrastructure can hamper an organization’s efforts to increase cybersecurity, as it often cannot be updated to meet current security needs. Patching assets is another area where companies can focus their efforts; unpatched assets are a popular way for hackers to breach systems.

When Incidents Do Occur

It is best practice to have a contingency plan in place for worst-case scenarios, such as a data breach or malware that shuts down operations. An incident response plan can be created with specific details included, such as whom to contact depending on the scenario, what systems must be shut down to reduce the reach of the incident, and what tools should be used to contact employees and stakeholders. By putting an incident response plan in place, operators can minimize the potential damage to systems and data. Employees should be trained on the plan. This help to increase response speed and minimize panic and confusion during real-life situations. Incident response plans should be updated at least annually.

Seek Third-Party Support

From providing security training to setting up off-site servers, there are numerous third parties that can help businesses to improve and strengthen their information security efforts. NSF-ISR’s basic security assessment and ISO 27001 certification provide a security framework to help businesses better manage their data and information. ISO 27001 is a globally recognized certification that defines requirements for creating and maintaining a cybersecurity management system and provides a comprehensive set of controls.

No matter what mode of action businesses take first to strengthen their information security, it is most important to simply get started. Operations are only going to become more digital, so when it comes to areas within the food industry where safety, the supply chain and confidential information can be impacted, cybersecurity is imperative.

Wendy White
Bug Bytes

Maximize Your Pest Control Program

By Wendy Wade White
No Comments
Wendy White

Pest Control (PC) companies have become so good at controlling insects, birds, rodents, and other pests that facility oversight of pest management programs often falls by the wayside. This neglect can cause huge issues when pest management plans are dusted off by an auditor or inspector or when there is an unexpected infestation. Here are a few, easy methods to help you improve your Pest Control Program and validate the efforts of your third-party PC provider.

Validating Facility Pest Maps

A common PC program nonconformance involves discrepancies to the Facility Pest Map. The number and placement of internal tin cat traps, fly lights, external bait stations, pheromone traps, etc. can become inaccurate over time. Ask your PC provider to update your map at least annually or when there are major changes. Small changes can be written on the map if they are dated and initialed. When a new version of the map is released, select someone to validate it by physically walking around the facility, checking the placard number and placement of the traps to the map, and making note of any discrepancies.

Dead cockroaches
Review Pest Control Service Reports for observations on conditions that could lead to a pest control issue and suggestions for corrective actions.

It’s also a good idea to periodically walk the map throughout the year to ensure that these devices haven’t been damaged. We all know how much forklifts love to crush tin cats, and these traps always seem to get moved around (used to prop open door or knocked out of the way). Different sections could be added to a monthly GMP internal audit to ensure the entire facility and surrounding grounds are covered.

Analyze Service Reports and Trends

It’s amazing how often Pest Control Service Reports are generated and fall into the black hole that is the Pest Control book. Sometimes they are signed by a facility representative, but how often is that person paying attention to the report’s contents to really understand the facility’s vulnerabilities? Many PC providers include observations on conditions that could lead to a pest control issue, suggestions for corrective actions, and other valuable advice for improvement. How often are these words heeded? Often pest control nonconformances discovered in audits and inspections were previously identified by a PC provider. Someone at the facility should be periodically analyzing these service reports to extract this information and act upon any necessary corrective actions. The designated employee can set themselves a calendar reminder to perform this task on a monthly or quarterly basis, remembering to document any corrective actions.

In addition to service reports, many PC providers also provide trending information, which summarizes pest activity over time. Many facilities don’t understand how valuable this information can be. For example, looking at rodent activity (gnaw marks on the bait) of your external bait stations can help identify the locations in your grounds with the most rodent activity. Some rodent activity is expected, but if it’s excessive, there could be a root cause that can be improved. For example, there may be a harborage point or perhaps the grass in the back field should be mowed more frequently in the summer or you may identify areas where additional bait stations are needed.

Leveraging Pest Control Provider Expertise

Many PC providers have entomologists and other pest experts on staff that can conduct an initial vulnerability assessment, which is normally revised annually, to customize the PC program and better protect the facility. These individuals can also be utilized to troubleshoot infestations. Once the type of pest is identified, specific corrective actions can be implemented to eradicate the infestation and preventive actions carried out to prevent a reoccurrence. For example, if birds are a problem around the shipping docks, nets might be used to reduce access to the rafters for nesting birds, or random sirens might be used to scare away migratory birds. For insect infestations, different chemicals (and the application of those chemicals) might be used to maximize remediation.

Mouse
Post a copy of the Pest Sighting Log in the employee breakroom, and empower employees to report any issues.

At a minimum, PC providers should be providing you with a PC book which contains: a current facility map, regular service reports, current licenses for all PC technicians, and the Safety Data Sheets for all chemicals that might be used inside your facility.

Better Utilize the Pest Sighting Log

All PC programs use a Sighting Log in which any pest observations made between PC technician visits can be identified and acted upon. Too often, this log is hidden in the PC book and only used by a designated facility representative. There might be an understanding that sightings observed by other employees are reported to QA, so they can log the sighting. Sometimes this procedure works, but it’s often disrupted and the PC technician doesn’t receive this valuable information. How many issues could be prevented by identifying the problem early?

A solution is to post a copy of the Pest Sighting Log in the employee breakroom and direct the PC technician to check it during services. Train all employees of the purpose and location of this log, and empower them to report any issues. Employees have a vested interest in preventing pest infestations in their workplace, so you might be surprised how successful this simple change can be.

Pest Control Program Innovations

PC programs haven’t changed much in the last few decades. PC providers use technicians to make regularly scheduled visits to maintain pest control devices and apply chemicals when needed. For large facilities, this can be an arduous practice involving hours or even days of work. In the past few years, there have been significant efforts to automize these efforts, allowing remote monitoring of PC devices. Most of the larger PC providers have been working towards this technology and a few now these devices commercially available.

There are some clear benefits to remote monitoring. It gives PC technicians more time to investigate potential issues instead of checking empty traps. Also, remote activity notifications can lead to earlier action, which can prevent mild issues from turning into full-blown infestations. These devices can also be used in hard-to-reach places, such as a narrow void in the ceiling. There are still some concerns with this technology; it’s much more expensive than traditional devices and an automated system could lead to complacency.

While we wait for the technology to become perfected, there are many small changes that can make immediate improvements to your PC program. Validate your program to better understand vulnerabilities, analyze service reports and trends to identify emerging issues, and leverage the resources (pest experts and internal employees) already available to maximize efforts and strengthen your PC program.

Jeff Chilton

What Food Manufacturers Can Learn from the Baby Formula Recall

By Jeff Chilton
1 Comment
Jeff Chilton

Months after the most high-profile product recalls in U.S. history, grocery stores are replenishing their supplies of baby formula. While the news remains fresh in everyone’s memory, food manufacturers have an opportunity to reflect on the mistakes that brought about this tragic event.

Abbott Nutrition, which produces about one-fourth of the nation’s infant formula, will be associated with this year’s baby formula shortage for years because it failed on so many levels to keep products safe at its plant in Sturgis, Michigan.

Many of the factors behind this crisis could have been easily avoided or at least quickly corrected. Instead, it took a whistleblower to alert the FDA, citing falsified records, releasing of untested products, sanitation problems, information hidden from auditors, failure to take corrective actions, and traceability issues.

In addition to near irreparable damage to its brand, Abbott Nutrition and members of its executive team are facing regulatory actions, criminal prosecution, and lawsuits.

The formula recall offers an opportunity for food manufacturers to learn from Abbott’s mistakes and to prepare for intensified scrutiny from federal regulators. Let’s dive into some of the most important lessons learned from the Abbott baby formula recall.

Empower Employees
Your frontline employees are your best defense for maintaining food and workplace safety. Make sure they know they won’t face retaliation for reporting incidents. In Abbott’s case, the whistleblower talked about retaliation against employees for reporting food safety concerns. And some employees were afraid they might lose their jobs if they raised concerns.

Take Corrective Actions
A failure to take effective corrective action was a big issue across the board for Abbott and something that all companies find difficult to do. Unfortunately, in the food industry, it’s much more common to put a band-aid on a symptom than conduct a root cause analysis to identify a problem. Fix the root problem as soon as you discover it so you’re not fighting the same fire day after day.

Ensure Record-Keeping Integrity
This seems obvious, but many food manufacturers still don’t have a formalized process to maintain proper record-keeping practices. This process should be documented and shared when necessary with auditors, and there should always be a zero-tolerance policy to prevent falsified records.

Provide Audit Transparency
During the Abbott investigation and audits, there was a lack of transparency and a willingness to withhold information. This can be a fine line to walk. When your workers’ and customers’ health and safety are on the line, it’s critical to be as forthcoming as possible. When preparing for audits, there is the temptation to answer questions only when asked and to avoid volunteering additional information. However, this mentality can mask problems that will eventually come to light.

Establish Proper Sanitation Practices
Many food manufacturers fail to maintain, validate, and consistently implement proper sanitation procedures. Sanitation jobs can be challenging. They involve cold and wet processing environments and are usually worked during third shifts. Most companies struggle with an excessively high employee turnover in these positions. And with few workers on hand, they strive to prepare for the next shift in just a few hours. Maintaining sanitation procedures is a big challenge for many companies, but critical to delivering safe food products.

Validate Environmental Monitoring
Food manufacturers should have environmental monitoring programs in place where they test equipment and the processing environment for various pathogens. From food contact surfaces to areas inside the processing room—including floors, walls, and drains—to outside processing areas like break rooms and common hallways, it is imperative to identify the correct sites to sample, ensure adequate sampling frequency, and act when necessary based on the results.

Establish Traceability

Food manufacturers need to be able to trace all raw materials, packaging materials, processing aids, and anything else that goes into their finished product, as well as their shipping processes and destinations. Most companies have a good idea of where products are shipped, but they’re not as adept at tracing the raw materials and processing aids that come into their manufacturing facilities. That was one of the issues cited with Abbott Nutrition, and it’s a problem in the food industry.

Ensure Redundancy and Sustainability in the Supply Chain

Our country relies too much on just a few manufacturers to supply critical food supplies in too many areas. In the case of Abbott Nutrition, one major factory shutdown sent shockwaves through the industry and panicked consumers. Food manufacturers must have backup plans and processes in place in case of recalls, fires, tornados, floods, sabotage, or any other issue that might bring their operations to a halt.

These are some of the most prominent lessons we can all learn from Abbott’s missteps around their baby formula recall. The food industry must do as much as possible to ensure a safe and sustainable food supply. This means evaluating food safety and quality assurance systems to identify potential risks and reassessing programs to create a stronger food safety quality assurance system.

It’s also critical to develop a robust food safety culture across the entire company from the top down. Every manufacturer needs to be proactive in maintaining food safety. No company should rely on inspectors or auditors to discover their issues. They must anticipate questions and problems that can occur during audits through robust internal review processes. This not only allows them to pass their audits but also gives them the ability to proactively identify and address issues before they become major violations or national recalls that make headlines.

Jennifer Allen
Food Safety Attorney

No Magic Bullets: Making Health Claims that Comply with FDA Regulations

By Jennifer Allen
No Comments
Jennifer Allen

With increasing numbers of Americans paying closer attention to the contents of the food they eat, food manufacturers are understandably eager to publicize the health benefits of their products. The FDA allows food manufacturers to make health claims on food labels, but, perhaps not surprisingly, it is strict about how manufacturers make those claims, and all health claims require pre-approval.

First, what qualifies as a health claim? A health claim is any claim on a label or labeling that expressly or impliedly characterizes a relationship between a substance and a disease or health-related condition. The claim may state that increased consumption of a particular substance reduces certain disease risks, or it may state that decreased consumption reduces that risk. The former claim would be associated with a product high in a particular substance, the latter with a product low in a particular substance. A health claim may not state that the substance diagnoses, cures, mitigates, or treats disease. Only pre-approved drugs and medications may carry those claims.

The statement “Adequate calcium throughout life, as part of a well-balanced diet, may reduce the risk of osteoporosis,” is an example of the former type of health claim. It connects consumption of a higher amount of a particular substance (calcium) with the reduced risk of a particular disease (osteoporosis). In contrast, the statement “Diets low in saturated fat may reduce the risk of heart disease” is an example of the latter type of health claim. Note that health claims are different from structure/function claims, which don’t reference a specific disease. The statement “Calcium builds strong bones” is a structure/function claim, a type of claim that does not require FDA pre-approval.

You can find the list of currently approved health claims in the regulations at 21 CFR 101, commonly referred to as Subpart E. As an example, if your product contains calcium and vitamin D, you would look to 21 CFR 101.72 for guidance on how to make a claim on your label that consuming more of these substances reduces the risk of osteoporosis. You would look to §101.75 for guidance on making a claim about reduced saturated fat and heart disease.

Disqualifying Substance Levels

But before you make any health claim, you must first ensure that your product doesn’t contain disqualifying levels of certain substances, namely fat, saturated fat, cholesterol, and sodium. You can find those levels in 21 CFR 101.14. The reason for that requirement is, health claims lead the consumer to believe that the product they are consuming is “healthy.” If, for example, your readymade meal product contains 2,500 mg of sodium, the FDA frowns on you marketing it as healthy, even if you’ve manufactured the meal with increased levels of vitamin D.

Key Criteria To Support “Healthy” Labeling

If your product passes the initial test above and meets the following criteria, you can make a health claim:

  • All your statements are consistent with the detailed and specific requirements in Subpart E;
  • Your claim is limited to describing the value of either decreased or increased consumption of the substance as part of a total dietary pattern;
  • Your claim is complete, truthful, and not misleading;
  • All the information is in one place, without intervening material. Note that in place of making a direct claim on the label, you may instead refer the consumer to another location, such as a website, for information about the claim. If you include a graphic image to portray the claim, it must be immediately adjacent to the verbal claim or reference statement;
  • The claim enables the consumer to comprehend the information and understand its relative significance in the context of a total daily diet; and
  • The particular substance is either low enough or high enough to justify the claim.

These six requirements can be summed up in the following statement: Don’t offer false promises to the consumer. Reduction of disease risk is a lifelong process. No single food or group of foods can work miracles. Consuming a low fat dessert product will probably not protect the consumer from heart disease if she routinely consumes it after enjoying a fast-food meal. Your health claim shouldn’t suggest in any way that it will. After all, you’re selling a food product, not a magic bullet.

Tyler Williams
FST Soapbox

A Nugget of Welcome News: USDA Adds Salmonella as a Chicken Adulterant

By Tyler Williams
No Comments
Tyler Williams

Chicken producers and processors must always pay close attention to listeria and E. coli. Their regulated to-market protocols incorporate intense testing and cleaning standards that help ensure the people who buy chicken sandwiches at fast casual restaurants, chicken fingers at sporting arenas and trays of fresh chicken legs at supermarkets don’t get sick.

The companies stay on top of listeria and E. coli because the USDA Food Safety and Inspection Service (FSIS) has considered them “adulterants,” or substances that should not be found in meat products, for decades. The federal agency banned listeria in 1987, and in 1994 listed E. coli as an adulterant in the wake of an E. coli outbreak at Jack in the Box restaurants that sickened 700 people in four states, and led to 171 hospitalizations and four deaths.

All along, however, another prominent bacteria, Salmonella, remained unregulated, despite its proclivity for making people ill—more than a 1.3 million cases of salmonellosis appear in the U.S. every year, leading to about 26,500 hospitalizations and roughly 400 deaths. It is the No. 1 cause for foodborne illness in the U.S., and most cases stem from chicken products.

But earlier this year the USDA announced that it now plans to consider Salmonella an adulterant in some chicken products. The matter is out for public comment now; if the USDA doesn’t change its clear intention to regulate Salmonella, federal food inspectors soon will be testing for it in select chicken products.

The chicken industry opposes the measure. In a news release issued shortly after the FSIS’ August announcement, the National Chicken Council (NCC) pointed toward the 1957 Poultry Products Inspection Act, which did not include Salmonella as an adulterant, as a set of standards worth upholding today.

Subscribe to the Food Safety Tech weekly newsletter to stay up-to-date on the latest news and information on food safety.

Well, a lot has changed in industrial agriculture during the past 65 years, and that includes a dramatic expansion of chicken farming and consumption across the country. In the 1950s, the average American ate about 16 pounds of chicken a year, compared to 56 pounds of beef and 50 pounds of pork. But by this year, Americans were eating close to 112 pounds of chicken a year, along with 56 pounds of beef and 50 pounds of pork. In terms of meat consumption, chicken now rules the roost. Regulating it might not have been necessary back when Dwight D. Eisenhower was president. But today I believe it most definitely is.

As a professional in the food safety industry, I champion the FSIS’ decision. It’s about time the agency added Salmonella to its list of adulterants; the bacteria causes far too much illness and death in the U.S. every year. Many of those cases could have been prevented through regulatory oversight.

Addressing Poultry Industry Concerns

It is true, as opponents of the proposed regulation argue, that Salmonella doesn’t always emerge in the processing plant; humans can inadvertently introduce the bacteria in their own kitchens. Why, the industry asks, should it be penalized for conditions outside of its control? In addition, proper cooking methods will kill Salmonella. If people don’t follow cooking directions on the packages of chicken they buy, and get sick from Salmonella as a result, the chicken industry believes it should not be held accountable.

On the first issue, it is unlikely that cases revolving around individual consumers introducing Salmonella to their chicken products would ever lead to penalties. Federal regulators scrutinize public health data for clusters of outbreaks, which often point toward entire product lines being infected with bacteria; isolated one-off cases, many of which indeed could be the result of human error, do not concern them.

For the second point, yes, people should read labels and closely follow cooking directions. But in my opinion, that is irrelevant; dangerous levels of Salmonella simply should not dwell in foods, and it’s the job of regulators to make sure food is safe.

Toy manufacturers, for example, must eliminate choking hazards from products designed for kids under 3 years, thanks to federal regulations. It shouldn’t be up to parents to constantly monitor their toddlers while they play with toys, to ensure they don’t gag on something potentially dangerous found on the stuffed giraffe.

Should the rule become policy, the FSIS will focus on just one category: stuffed, breaded and raw chicken products. These products, including dishes like chicken Kiev and chicken cordon bleu, often are heat-treated to set the batter or breading, but are not fully cooked. They have been associated with 14 outbreaks and about 200 illnesses since 1998.

This represents a solid start. Next, I’d like to see the FSIS pursue regulating Salmonella in other chicken products. Even if the agency doesn’t, however, many processors will have to implement new practices and testing procedures for all of their products anyway, as in many cases it won’t make sense to just incorporate new protocols within a few discrete product lines. Among other things, I would anticipate boosted commitments among producers and processors to cleaning and sanitation processes, environmental monitoring (probably the most important pursuit) and overall facility food safety measures.

Will this action by the FSIS completely eliminate Salmonella from the targeted products? Absolutely not. The rule sets a maximum threshold for Salmonella in the food the agency tests; in many cases, chicken products that contain negligible amounts of the bacteria will still make it to market. It’s just products containing dangerous amounts of Salmonella that will be subject to penalties.

Food safety serves as one of the foundations of a healthy society. It also reinforces and bolsters public trust in the products consumers buy, which nurtures and strengthens the entire food industry. With this proposed Salmonella rule by the USDA, the U.S. takes another important step toward ensuring the health of its citizens, and further enhancing consumer trust in the chicken products they buy.

Scott Pritchett

Modern Mycotoxin Testing: How Advanced Detection Solutions Help Protect Brands and Consumers

By Scott Pritchett
No Comments
Scott Pritchett

Mycotoxins are toxic compounds produced by several types of fungi. These mycotoxin-producing fungi grow on a variety of crops and foodstuffs, such as cereals, nuts, and coffee beans, contaminating up to 25% of the world’s crops every year.

In humans, ingesting even small amounts of some mycotoxins can lead to acute poisoning—research has also linked mycotoxin ingestion to long-term effects such as cancer and immune deficiency. In livestock, the situation is similar with mycotoxin exposure responsible for a greater incidence of disease, poor reproductive performance, and suboptimal milk production. With the health consequences so severe, it’s easy to see why mycotoxin contamination can harm the brand reputation of food producers and suppliers.

Mycotoxin contamination also poses a significant economic risk. The U.S. FDA estimates that mycotoxin contamination is responsible for an estimated annual crop loss of $932 million while, the Food and Agriculture Association estimates toxigenic fungi drive annual food and food product losses of ~1 billion metric tons, which includes losses due to reduced livestock productivity.

Learn more about how to prevent and detect physical and chemical contamination risks in your facility at the Food Safety Tech Hazards Series: Physical and Chemical Contamination virtual conference. Now available on demand.

To minimize the risks posed by mycotoxins, robust mycotoxin testing is essential. Through rigorous testing, food suppliers can identify and remove unsafe products in the supply chain and indicate where preventive measures may need strengthening. Global regulations permit very low maximum levels of mycotoxins in foods, and international trade regulations make testing food and animal feed for mycotoxins a critical step before export.

Mycotoxins: A Significant and Growing Analytical Challenge

Mycotoxin testing is complex. Laboratories tasked with the endeavor face several hurdles, including:

  • Varied and complex matrices. Analyzing food samples for low levels of contaminants is inherently difficult, as complex matrices contain a myriad of other compounds that can interfere with analyte detection.
  • Greater testing burden than other contaminants. For example, with pesticides, testing after crop harvest is sufficient to ensure food safety, as foodstuffs are unlikely to acquire pesticide contaminants beyond this point. However, foods can acquire mycotoxin contaminants at several points after crop harvest—for instance, during transportation and storage. Testing at multiple points in the supply chain is therefore needed, which demands testing be easy to deploy, efficient, and cost-effective.
  • New, emerging threats. Mycotoxin contamination concerns go beyond the ‘big six’ classes most commonly encountered (aflatoxins, ochratoxin A, patulin, fumonisins, zearalenone, and nivalenol/deoxynivalenol). Emerging mycotoxins—lesser-known, novel mycotoxins neither routinely determined nor regulated—pose a threat to human and animal health, too. But new and emerging mycotoxins are not often reported or monitored due to limitations of current ELISA-based testing technology.
  • A warming climate. As average global temperatures rise, more regions will offer the warm, humid environments in which mycotoxin-producing fungi thrive. Some testing labs are already detecting classes of mycotoxins previously limited to other geographies. Moreover, rising temperatures may create ideal conditions for new mycotoxin-producing fungal strains and different combinations of mycotoxins. Thus, labs will increasingly need the flexibility to accommodate an expanding menu of known and unknown mycotoxin contaminants and mycotoxin combinations.
  • Broader, tighter regulations. Regulatory bodies are continually reducing the maximum permissible mycotoxin levels in food. For instance, in August 2022, the European Commission lowered the maximum levels of ochratoxin A in certain foodstuffs. Regulatory bodies will likely also expand analyte panels to accommodate new, emerging threats. Unless a laboratory’s testing equipment has sufficient sensitivity and flexibility to meet these continually changing requirements, labs may face unnecessary additional expenditure on new technologies each time regulations change.

Accordingly, to meet the needs of today while best positioning themselves for tomorrow, mycotoxin testing labs need testing methods that are highly sensitive, with the flexibility to quantify multiple known and unknown analytes in complex matrices. To meet ever-growing demand for efficiency, these methods should also be easy to use, and maximize lab productivity.

The Promise of Advanced LC-MS Solutions

Thankfully, advanced, high-throughput liquid chromatography mass spectrometry (LC-MS) and liquid chromatography tandem mass spectrometry (LC-MS/MS) solutions can alleviate these challenges.

For example, Quick, Easy, Cheap, Effective, Rugged, and Safe (QuEChERs) sample preparation kits can accelerate and simplify sample preparation across a variety of matrices prior to LC-MS analysis, helping facilitate high-throughput multi-residue analysis. To improve analysis of low abundance analytes in complex matrices, automated solutions are available that perform analyte pre-concentration and sample clean-up online, offering analytical confidence and greater speed compared to offline methods. Similarly, robust, high-performance liquid chromatography (HPLC) and ultra-HPLC (UHPLC) solutions can better resolve analytes in complex matrices, maximizing instrument utilization, and unlocking superior laboratory throughput.

When it comes to mass spectrometry (MS) systems, more productive, confident targeted compound quantitation is possible with advanced triple quadrupole MS (QQQ) instruments. QQQ systems offer analysts high sensitivity, selectivity, and specificity, making them ideal for the detection of multiple low-level compounds in the most challenging matrices. In addition, the fast data acquisition speeds and rapid polarity switching of these systems mean labs can greatly improve their workflow productivity. The latest QQQ systems are also easy to use, require minimal training, and facilitate streamlined method creation and optimization, enabling labs to better keep pace with changing regulations and emerging threats.

The advent of orbitrap mass spectrometry has transformed analytical testing workflows across a range of applications, including mycotoxin testing. Orbitrap mass spectrometers offer ultra-high resolution (figure 1) and accurate mass measurements, together with high dynamic range. These instruments can, therefore, better resolve the lowest-level analytes from background interferences in crowded matrices, as well as elucidate the fine isotopic structures needed for more confident analyte identification. Orbitrap instruments have significant productivity benefits too, being able to perform both quantitative and qualitative analyses of multiple analytes in a single platform, and often in a single run—all while maintaining high sensitivity.

Orbitrap curve
Figure 1: Across a broad m/z range, orbitrap mass spectrometers offer superior resolution relative to other mass spectrometry systems, such as quadrupole time-of-flight (Q-TOF) instruments.

Perhaps most important, though, is the value of orbitrap systems for unknown analysis. Orbitrap systems can generate full-scan high-resolution accurate mass data during untargeted analysis, enabling analysts to capture information from all ions in the run. When this data is compared against extensive high-resolution spectral fragmentation libraries (such as the mzCloud), labs can more easily and confidently identify novel compounds such as emerging mycotoxins. Even when no direct spectral match is available, analysts can now tap into advanced data analysis algorithms that provide the best candidate structures for unknown compounds.

Toward Multi-residue, Multi-panel Workflows

Recent studies have demonstrated the success of several advanced LC-MS and LC-MS/MS solutions and workflows for fast, economical, and highly sensitive multi-residue mycotoxin analysis. For example, one recent study looked at quantifying 48 myco- and phytotoxins (either currently regulated or under discussion for regulation in the EU) in cereal in a single analytical run. In the experiment, researchers used a UHPLC system coupled to a QQQ instrument, and cereals were extracted with acetonitrile/water, followed by evaporation and sample reconstitution.

The results demonstrated that sample preparation is simple, fast, and economical for this method. And, for all legislated mycotoxins, the limits of quantitation were lower than the maximum residue limits (MRL) established by regulations. Researchers also noted good precision and reproducibility across five replicates at the limit of detection. The authors therefore concluded that this method is suitable for the quantitation of all 11 legislated mycotoxins and 37 more that are either already legislated in feed or are prospects for further legislation.

Another study demonstrated the value of an orbitrap-based workflow for efficiently detecting a range of unknown food contaminants, including mycotoxins. In the study, researchers analyzed vegetables, fruits, nuts, and cereals, preparing samples using the Swedish ethyl acetate method (SweEt). In terms of equipment, the team used an UHPLC system connected to an orbitrap mass spectrometer, and analyzed data using a qualitative software tool. To help identify unknown compounds, the software used isotopic pattern recognition, fragments, and isotope distribution data to search spectral libraries for matches.

The results showed SweEt to be an effective generic sample preparation approach to analyze different compound classes, and the workflow enabled the team to successfully identify many unwanted contaminants, including pesticides, mycotoxins, and food additives. As a result, the researchers concluded that the method was a suitable and efficient way to find unexpected and unwanted multi-group analytes in complex food matrices. Researchers have increasingly sought such multi-group analysis methods in recent years, owing to the significant efficiency gains they can offer to analytical labs.

Meeting the Needs of Modern Mycotoxin Testing

Mycotoxin contamination in food has significant consequences for human and animal health, as well as the reputation of food producers and suppliers. But mycotoxin testing is inherently complex, and several factors make testing increasingly difficult—from emerging mycotoxin threats to tightening regulations and growing pressure for greater efficiency.

Advanced LC-MS and LC-MS/MS solutions have the potential to address these challenges and transform mycotoxin testing workflows, delivering unprecedented sensitivity, confidence, and productivity. By adopting these high throughput, high-resolution solutions, testing labs can better meet the needs of today, while optimally positioning themselves for the future. Ultimately, these advanced approaches will help ensure the safety of the global food supply, for a healthier, safer world.

Listeria

Listeria Outbreak Response: Actions To Take Now

By Food Safety Tech Staff
No Comments
Listeria

The CDC is currently investigating two Listeria monocytogenes outbreaks. An outbreak linked to deli meats and cheeses has led to 16 illnesses, 13 hospitalizations and one death. A multistate outbreak related to Brie and Camembert soft cheese products announced in September had led to six illnesses and five hospitalizations to date and a widespread product recall.

The CDC notes that it is difficult for investigators to identify a single food as the source of outbreaks linked to deli meats and cheeses, because Listeria spreads easily between food and the deli environment and can persist for a long time in deli display cases and on equipment.

We spoke with Chip Manuel, Ph.D., Food Safety Science Advisor at GOJO about steps retail food establishments should be taking now to reduce the risk of Listeria contamination in their facilities.

With the multi-state Listeria outbreak happening in delis, what should retail delis and deli departments be doing to reduce the potential spread of Listeria until a specific food is identified?

Manuel: Since Listeria is a hardy bacteria that thrives in many food products and conditions, it’s vital that food retailers and operators not only understand the conditions in which Listeria can persist but also ensure that conditions are kept which help to minimize its growth. These best practices include ensuring that proper hot/cold temperatures for holding food are maintained; cleaning and sanitizing refrigerators, display cases and frequently used kitchen equipment (especially deli slicers!); and maintaining the sanitary conditions of your establishment.

Listeria can be found in various nooks and crannies throughout a facility, including those hard-to-reach equipment parts, such as blades, cart wheels, and even grease catches and drains. Lack of frequent sanitation of these locations can increase the risk of Listeria cross-contaminating food contact surfaces in these settings. Therefore, it is vital to:

  • Evaluate the conditions of your facility, equipment and tools. Are there issues with standing water or cracked tiles? These are notorious for harboring Listeria biofilms and need to be replaced and repaired. Similarly, are your cleaning tools in good condition without cracks? If not, consider replacing these. Research has shown that cleaning tools in poor condition, especially squeegees, can become a source of contamination.
  • Ensure your sanitation program is up to speed. First, ensure you are choosing products that are effective against Listeria. Make sure you give your employees the time needed to clean and sanitize equipment effectively, especially larger pieces of equipment such as deli slicers. Make sure they have the tools and knowledge required to clean and sanitize these pieces of equipment, including specifically in nooks and crannies where Listeria can hide.
  • Ensure that deli slicers are maintained properly. Repair and/or replace any components of slicers that are in disrepair, as these can become harborage sites for Listeria. Ensure deli slicers are completely broken down for cleaning and sanitization as required by the local regulatory authority (usually every four hours for deli slicers operating at room temperature).
  • Minimize the use of high-pressure hoses within a deli environment. Research has shown these tools can spread Listeria throughout a facility (for example, if sprayed directly into a contaminated drain).
  • Check that display, storage and refrigerator or cooler cases are set to an internal temperature of 41˚F or lower while ensuring adequate airflow.
  • Ensure raw and ready-to-eat products are stored in separate areas. RTE products can become contaminated if stored under raw products (due to dripping, etc.)

Looking at the soft cheese outbreak, what can retail food environments do to reduce the risk of distributing contaminated product to consumers and identify and respond to potential Listeria contamination in these higher-risk cheese products?

Having a supplier verification program and managing incoming ingredients with approved suppliers and approved sources is critical—particularly for soft cheeses which are at higher risk for contamination. Purchase solely from approved sources with food safety programs in place. Ensure that food safety is always part of your supplier specifications and requirements, and work with your suppliers to understand their pathogen prevention and environmental programs. If possible, visit their facilities to get a sense for how well their food safety program is operating.

Additional resources:

FSC C-Suite Panel 2022

Communicating to the C-Suite

By Food Safety Tech Staff
No Comments
FSC C-Suite Panel 2022

Food safety and quality assurance leaders are competing for a finite number of dollars within their respective organizations. Securing support or funding for new equipment, training or personnel can be challenging. Understanding the competing pressures and needs of corporate leaders can help FSQA professionals get their message across and ensure a commitment to food safety.

At the 2022 Food Safety Consortium in October, Deb Coviello, CEO, founder and business advisor at The Drop In CEO, moderated a panel discussion “Communicating to the C-Suite.” Panelists Peter Begg, senior vice president of quality and food safety at Hearthside Food Solutions, Melanie Neumann, JD, executive vice president and general counsel of Matrix Sciences International, and Ann Marie McNamara, vice president of food safety and quality for supply chain, manufacturing and commercialization at U.S. Foods, shared their tips and best practices for getting your message across in the board room.

When approaching the C-suite with updates and asks for financial support, you want to be both confident and concise. “If you can’t explain in five to seven slides what you need and why, you will lose them,” said Begg. “And it is very likely that you yourself do not understand the issue or are unclear of the implications and what the C-suite needs to know.”

Subscribe to the Food Safety Tech weekly newsletter to stay up-to-date on upcoming events and the latest news and information on food safety.

McNamara tries to keep it to one slide and encourages FSQA professionals to: know your audience, stick to the facts, and communicate like an executive by using their terms and focusing on goals and metrics.

“You have to take off your FSQA hat and put on your business hat,” she said. “You can’t just be a technical expert, you need to be a translator and communicate the technical into business terms.”

Equate Risk to Dollar Amounts

If your consumers are at risk due to poor training, difficult-to-clean equipment or other concerns, you need to quickly equate the risk to a dollar amount when communicating with the C-suite. “You can use baseline data to quantify your risks,” said Neumann. For example, if you have a problematic piece equipment, look at the frequency and likelihood of inspection and the potential findings, and share this information as part of your presentation.

She follows a “go back to kindergarten” strategy to help develop a compelling presentation: learn and share the basic math, follow your ABCs by using clear, concise language and “do some show and tell,” said Neumann. In one instance, she brought a joint with multiple weld points from the floor to the board room to illustrate why this particular piece of equipment was so difficult to sanitize and had become a site of contamination. The leadership agreed to replace it.

“You need to be specific, and pick your battles,” said Neumann. “For example, if you need more ‘help,’ what does that look like—do you need more people, more training, a new system?”

Building Your Confidence

Standing in front of a group of executives to fight for your department can be intimidating. If public speaking is not your forte, practice speaking in front of a group. “Share your presentation with your team and ask what questions they would have to get feedback and input,” said McNamara.

Doing regular check-ins with the CFO regarding future resource needs, rather than waiting for a quarterly or annual presentation opportunity, can help you get a headstart on coming asks. In fact, developing relationships with all C-suite leaders is key to keeping food safety needs top of mind. “Introduce yourself to new leaders and understand how they want to be communicated with (i.e., text, email, phone),” said Begg. “Do regular check-ins with leadership and recommend quarterly presentations to keep them up to date.”

While all three panelists encouraged FSQA professionals to avoid getting emotional and focus on the facts as well as dollars and cents, you do want to remind executives of the impact of failure to act on food safety concerns. “Explain the financial risks and speak in terms of the impact to them, ‘What we want everyone in the company to understand is your loved ones are eating this food,’” said Begg.

 

 

 

 

 

Sara Bratager

Traceability and the Need for Global Standards

By Food Safety Tech Staff
No Comments
Sara Bratager

The FDA will officially implement a new food traceability rule on November 7, 2022. While the new rule requires a detailed account of food’s origin and movements throughout production, processing and shipping, the food industry still lacks international standardized guidelines that factor in countries’ varying health and agricultural priorities. As this continues to be one of the global food system’s biggest challenges, we spoke with Sara Bratager, Food Traceability & Food Safety Scientist at the Institute of Food Technologists, to discuss where the food industry stands currently, and opportunities to establish a global standard that is mutually beneficial (and achievable) for all. 

The FDA is scheduled to finalize new FSMA traceability rule on November 7. What are some of the key changes that food manufacturers and suppliers will need to address with the new rule?

Bratager: The finalized rule will be published in November. Based on the proposed rule, it will go into effect in January 2023 (60 days after publication) and companies will have two years after that to make any adjustments needed to achieve compliance. Entities that produce, process, ship or receive any of the products on the Food Traceability List will need to capture and store the established Key Data Elements (KDEs) at each of the Critical Tracking Events (CTEs) relevant to their operation. The rule will also require companies to provide electronic traceability information to the FDA no more than 24 hours after a request is made, necessitating a significant transition from traditional paper-based traceability systems.

How prepared is the food industry to implement these changes?

Bratager: Preparedness differs throughout the food industry; some industry actors have been preparing since the release of the proposed rule, while others have chosen to forgo significant effort pending finalization of the rule. Some entities may have even engaged in unintentional preparation; companies or commodities that have been the subject of repeated recalls and subsequent traceability initiatives will likely find themselves better prepared than traceability newcomers. The food tech industry is prepared to deliver digital traceability solutions that facilitate compliance among supply chain actors, but implementation is likely to be a challenge for many. Some operations will achieve compliance with minimal disruption, whereas others will face a more burdensome effort.

How will this affect companies working with global suppliers?

Bratager: The proposed rule covers any ingredients or foods on the Food Traceability List that may be sourced from global suppliers. One of the biggest challenges for companies working with global suppliers will be coordination and communication between supply chain partners. Some companies may find themselves responsible for educating their international trading partners on FSMA requirements. However, understanding will not guarantee compliance. Some global suppliers are already reporting traceability data for domestic or other export requirements and will be hesitant to take on the burden of yet another traceability scheme. The increasingly globalized nature of our food system highlights the need for traceability standards that streamline data collection and reporting efforts through the supply chain.

Are there any efforts underway to develop global standards related to food traceability?

Bratager: Several standards exist currently. The International Organization for Standardization’s ISO 22005:2007 details basic requirements for the design and implementation of food/feed traceability systems at an organizational level. GS1, the organization best known for barcodes, provides several foundational standards for the identification, capture and sharing of data; their EPCIS standard that allows disparate applications to create and share traceability event data is particularly relevant.

Food operations are incredibly unique, and widespread standards uptake will likely require a degree of customization, which is why sector or commodity-specific efforts that build upon existing foundational standards are so important. The Global Dialogue on Seafood Traceability (GDST) provides a great example with their GDST 1.1 Standard for interoperable seafood traceability that is built upon GS1 foundations. A second example is the Produce Traceability Initiative (PTI).

How can the industry and regulators move toward developing a global standard for traceability in the food industry?

Bratager: A necessary first step is alignment around the definition of traceability. Regulatory agencies and industry actors across the globe adhere to different definitions but cohesive, global progress will require alignment around a common definition for traceability.

Industry can support the creation and uptake of pre-competitive, commodity-based traceability initiatives that drive adopters toward common practices and data standardization. Interoperability must also be prioritized. Demand for interoperable data sharing will necessitate and incentivize widespread adoption of data standards.

Joseph Carson

Strategies To Identify and Prevent Cyber Attacks

By Joseph Carson
No Comments
Joseph Carson

Managing and combating cybercrime is no small feat; it can take over 200 days for companies to detect a cyber breach. The reason being cyber criminals often stay hidden even after gaining access to systems. They lie in wait for the best moment to access the information they want. Once they have it, they may use it to steal money or proprietary information or to collect a ransom. They also may sell access and information to other criminals who will take more aggressive means to exploit the organization.

Preventing cybercrime requires education and cooperation throughout an organization. Following are seven key components of cybersecurity food businesses should embrace to protect their businesses and products.

1.   Education and Awareness

One of the most effective countermeasures to cybercrime is building a culture of cyber defense and awareness that empowers all employees to ask for guidance and speak up when they see a suspicious situation. Educate employees on how they can prevent nefarious activity on their computers by:

  • Identifying suspicious applications with warnings and popups
  • Flagging suspicious emails with hyperlinks, attachments or unknown senders
  • Not clicking on links or ads from unfamiliar sources
  • Verifying the trustworthiness of a site before inputting credentials
  • Limiting activities on unsecured public Wi-Fi networks

This helps employees not only avoid breaches, but identify and report suspicious activity to help prevent cyber attacks.

Training should be top-down, beginning with the executive suite and department heads. This ensures that there is always someone accountable for implementing and maintaining security measures. From there, the rest of the team can be trained to assess and prevent cybersecurity threats and risks.

2.   Implement and Enforce Mobile App Security

Mobile apps on smartphones and tablets are at risk of security breaches that can expose large amounts of user data. All mobile apps have security controls to help developers design secure applications, but it’s up to the developer to choose the right security options.

Common problems with mobile apps may include:

  • Storing or unintentionally leaking data that could be read by other applications
  • Using poor authentication and authorization checks that could be circumvented by bad actors
  • Using data encryption methods that are vulnerable or easy to break
  • Transmitting sensitive data without proper encryption online

A simple app may not seem like a big deal, but they can allow a hacker to gain access to employee computers and networks. The following measures help improve mobile app security:

Guard sensitive information. Confidential data stored in an app without security measures in place are a target for hackers using reverse-engineering codes. The volume of data on the device should be reduced to minimize the risk.

Consider certificate pinning. Certificate pinning is an operating process that helps with app defense against intermediary attacks that occur on unsecured networks. There are limitations to this process, however, such as lack of support for network detection and response tools. Certain browsers make certificate pinning difficult, making it more difficult for hybrid applications to run.

Minimize application permissions. Permissions allow applications to operate more effectively, but they also open vulnerabilities to cyber attacks. Apps should only be given permission for their key functions, and nothing more, to reduce this risk.

Enhance data security. Data security policies and guidelines should be implemented. Measures such as having well-implemented data encryption, security tools and firewalls can protect information that’s being transferred, for example.

Do not “save” passwords. Some applications allow users to save their passwords for convenience, but if a theft occurs, these passwords offer access to a lot of personal information. If the password is unencrypted, it has a better chance of being stolen. Ultimately, users should never save passwords on mobile apps.

Log out after sessions. Users often forget to log out of an app or website, which can increase the risk of a breach. Apps with sensitive information, such as payment or banking apps, often enforce session logouts after a certain period of time, but it’s important for users to also get in the habit of logging out of all apps when they’re finished using them.

Add multi-factor authentication. Multi-factor authentication adds another layer of security for users on an app. This method can also shore up security for users with weak or old passwords that are easy to breach. With multi-factor authentication, the user receives a code that needs to be entered with the password to log in. The code may be sent through email, the Google Authenticator app, SMS or biometric methods.

3.   Analyze Logs for Suspicious Activity

Companies should continuously analyze security logs to identify unusual or suspicious activities, such as logins or application executions that occur outside of usual business hours. These measures not only help identify criminal activities, they can help companies determine the root cause of a breach and how it can be prevented in the future.

4.   Keep Systems Patched and Current

Patches identify and correct vulnerabilities in software and applications that may make them susceptible to cyber attacks. All systems and applications should be kept up to date with the latest security patches to prevent hackers and cyber criminals from accessing systems through existing vulnerabilities. Patching and updates may also fix bugs, add new features or increase stability to help the app or software perform better and reduce access points for hackers.

5.   Use Strong Passwords and Protect Privileged Accounts

Any password used in your organization should be strong and unique to the account. It’s also important for employees to change their passwords often. Most applications do not alert users to older or weak passwords. Accountability for password protection falls on the user.

If employees have multiple accounts and passwords, companies can create an enterprise password and account vault to manage and secure credentials. Encourage employees to avoid using the same password multiple times.

If employees have local administrator accounts or privileged access, that has a huge impact on organizational security. If a single system or user account is compromised, it can put the entire organization at risk. Your company should continuously audit and identify privileged accounts and applications that require privileged access and remove administrator rights when they’re not needed. You should also adopt two-factor authentication to prevent accounts from being hacked.

6.   Do Not Allow Installation of Unapproved or Untrusted Applications

Organizations that allow users to have privileged access also allow these users to install and execute applications as needed, no matter where they source the installation. As a result, ransomware and malware are able to infect your system easily, and the cyber criminal can install tools to permit future access at any time.

Privileged users may read emails, browse sites, click on links or open documents that install malicious tools onto their devices. The criminal now has access and may be able to launch attacks throughout the organization’s system or demand ransom for unlocking proprietary data.

There are security controls that can prevent applications and tools from being installed. They include: Application Allowlisting, Dynamic Listing, Real-Time Privilege Elevation and Application Reputation and Intelligence.

7.   Be Deceptive

Whether online or in person, predictability is a boon for criminals. Burglars stake out houses and look for residents with predictable routines, and the same is true of cyber criminals. Automation makes this even easier with scans that are run on a routine, and patches that are implemented on the same day every month, for example.

A predictable company is a vulnerable one, so it is vital to be deceptive. Use random activities and an ad-hoc approach for updates and assessments. With this method, hackers have a more difficult time staying hidden and it’s easier to detect cyber attacks as soon as they occur to mitigate their effects.

Cybercrime is a risk facing all businesses, and the food industry is no exception. Companies that take a proactive approach are in a much stronger position to protect against cyber threats and shore up security. No method is foolproof, but if a breach does occur, identifying it early and mitigating its effects can make a world of difference for your company’s financial health and reputation.