Tag Archives: food defense plan

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part III)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series addressed the importance of a physical security expert, insider threat detection programs, actionable process steps (APS) and varying approaches to a VA. Part II reviewed access, subject matter experts, mitigation strategies and community drinking water. This final article reviews broad mitigation strategies, feasibility assessments, food defense plans, partial ingredient security and the “Three Element” approach through more lessons learned from assessments conducted for the largest and most complex global food and beverage facilities, but which can also be applied to the smaller facilities that are currently in the process of readying for the next deadline of July 26.

Lesson 14: When the final rule was released, the concept of using broad mitigation strategies was eliminated. That notwithstanding and realizing that many companies seek to operate at a stricter standard for food defense with a clear focus on brand protection, versus only those process steps that potentially could result in a “wide scale public health impact.” Broad or facility-wide mitigation strategies should not be abandoned, but are less likely to get you a lot of credit for IA compliance. Including existing food safety prerequisite programs (PRP), programs and practices that are put in place to maintain a sanitary environment and minimize the risk of introducing a food safety hazard, can, in some cases, also be included as security mitigation. PRP’s with slight modifications can also contribute to a good “food defense” posture. For example, one PRP addresses hazardous chemicals and toxic substances. In some cases, non-food grade substances that could result in product contamination (not necessarily wide-scale public health impact) might be available to a disgruntled insider. It is obvious companies are concerned about contaminants being brought into the plants, but please do not overlook contaminants that are already there and ensure that they are properly secured when not in use.

Other facility-wide programs (broad mitigation) that contribute to effective food defense might include site perimeter or building security, visitor and contractor management, pre-employment background checks, employee security awareness and food defense training and sanitation chemical management.

Lesson 15: If you are using the three elements approach (Guidance Chapter 2 Section G) or the hybrid approach (Guidance Chapter 2 Section H), you will be required to make an assessment on feasibility. In the early VA’s conducted, prior to the second installment of the guidance in March of 2019, feasibility was essentially an all or nothing proposition. One could argue that a judgment call was required as to whether an intentional adulteration incident could be accomplished given the inherent conditions. Those conditions might include a lot of coworkers who might be able to observe and serve as witnesses to deter the act. With the release of the second installment of the guidance from the FDA, a new tool was made available which would allow food and beverage companies to run a calculation and make a more accurate prediction of how much of an unnamed “representative contaminant” which is assumed to be highly lethal and heat stable it might take to contaminate a product batch. Typically, the larger the batch size, the higher the quantity of the “representative contaminant” would be required to achieve a lethal dose (LD) in a serving size. So, to provide an additional level of validation with identified actionable process steps, the use of the LD calculation might be considered to provide more realistic insight into the feasibility element. For instance, if it would require one hundred pounds of the “representative contaminant,” you might feel justified in concluding that it is not realistic to get that amount of contaminant into the batch at the process step and rule out the point, step or procedure as an APS. This can save money and ensure limited food defense resources can be channeled to the areas where legitimate risk can be reduced.

Lesson 16: After an APS is identified, sites will need to determine, as the rule states, whether the existing “mitigation strategies can be applied…to significantly minimize or prevent the significant vulnerability.” Simply stated, what is in place today for food safety, and the broad-based security measures in use, may or may not be enough when you consider an insider motivated to contaminate the product. The FDA’s mitigation strategies database may offer some insights into additional food defense measures to consider. Where additional mitigation strategies are identified, from the time of completion of the VA until a site’s regulatory compliance deadline arrives (next one is July 26, 2020), that change must be incorporated into the food defense plan and fully implemented. We recommend that a site make a list of new mitigation strategies after the VA is complete for tracking purposes during the implementation phase. No mitigation strategies should be included in the food defense plan that are not fully implemented and where records cannot be adequately produced.

Lesson 17: In the second installment of the guidance, the concept of partial ingredients was introduced. The key activity types (KAT) of secondary ingredients is now considered to include the storage of partially used, open containers of secondary ingredients where the tamper-evident packaging has been breached. Tamper evident tape looked to have promising benefits, but several of our clients have abandoned the use of this mitigation strategy, which has been proven repeatedly to be defeated without detection. It appears that using containers that can be secured with numbered seals might be a better option and even better if the seals would be metal detectable in the event one went astray in a product stream.

Lesson 18: Food defense plan unification. Facilities regulated under the IA rule are likely to already have a food defense plan for other initiates such as SQF or BRC. The IA Rule is not unlike other counter-terrorism regulations in potential to create challenges to meet voluntary and regulatory requirements without having multiple food defense plans. The IA Rule based on its modeling after HACCP creates some very specific requirements in terms of how data needs to be presented and records maintained. Sites may be doing other things to support food defense, and one strategy that might keep auditors in their lane would be to include any non-IA Rule food defense content (e.g., for SQF or BRC) in an appendix to the IA Rule Food Defense Plan.

Lesson 19: Under the VA method the FDA refers to as “the “Three Element” approach, suggestion is made in the guidance released in March 2019 that regulated facilities might consider creating stratified categories for each element of public health impact, degree of physical access and ability of the attacker to successfully contaminate product. This is asking regulated facilities to engineer their own vulnerability assessment methodology. It is our opinion that this is asking a lot from a food and beverage facility and that creating categories for each element (e.g., refer to Table 3 on page 54) will extend the time it takes to complete a vulnerability assessment, create a lot more uncertainty in the process and does not necessarily help companies to identify the areas where intentional adulteration risk is highest.

Conclusion

Organizations who have yet to execute vulnerability assessments (due July 26) or those who have already completed vulnerability assessments who may wish to reflect back on their existing VAs in an effort to eliminate unnecessary APS’s should find these strategies helpful in focusing limited resources to the areas where they can have the greatest effect. Since the initiation of this article series, the FDA has released its third installment of the guidance. Once we reflect on this new installment, we will address our thoughts in a future article.

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part II)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series addressed the importance of a physical security expert, insider threat detection programs, actionable process steps (APS) and varying approaches to a VA. To further assist facilities with reviewing old or conducting new VAs, Part II will touch on access, subject matter experts, mitigation strategies and community drinking water through more lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.

Lesson 6: Utilization of Card Access. The FDA costs of implementing electronic access control, as reported in the Regulatory Impact Analysis document (page 25) are shown in Table 1.

Average Cost Per Covered Facility Initial Recurring Total Annualized
Prohibit after hours key drop deliveries of raw materials $ $1070 $1070
Electronic access controls for employees $1122 $82 $242
Secured storage of finished products $1999 $– $285
Secured storage of raw materials $3571 $– $508
Cameras with video recording in storage rooms $3144 $– $448
Peer monitoring of access to exposed product (not used) $47 $1122 $1129
Physical inspection of cleaned equipment $– $303 $22
Prohibit staff from bringing personal equipment $157 $– $22
Total $9993 $1455 $2878
Table I. Costs of Mitigation

In our opinion, these costs may be underreported by a factor of five or more. A more realistic number for implementing access control at an opening is $5,000 or more depending on whether the wire needs to be run in conduit, which it typically would. While there are wireless devices available, food and beverage organizations should be mindful that the use of wireless devices may in some cases result in the loss of up to 50% of electronic access control benefits. This happens because doors using this approach may not result in monitored-for-alarm conditions, such as when doors are held open too long or are forced open. Some wireless devices may be able to report these conditions, but not always as reliable as hardwired solutions. Using electronic access control without the door position monitoring capability is a mistake. From a cost standpoint, even a wireless access control device would likely be upwards of $2,000 per opening.

Lesson 7: In the interest of time, and in facilities with more complex processes (which increases the work associated with the VA), plan to have quality, food safety and physical security personnel present for the duration of the VA. But also bring in operational specialists to assess each point, step or procedure for the respective operational areas. You may wish to have a quick high-level briefing for each operational group when it’s their turn to deliberate on their portion of the manufacturing operation. Proper planning can get a hybrid style VA done in one-and-a-half to three days maximum for the most complex of operations.

Lesson 8: Conduct a thorough site tour during the assessment process; do not limit your vulnerability activity to a conference room. Both internal and external tours are important in the assessment process by all members of the team. The external tour is needed to evaluate existing measures and identify vulnerabilities by answering questions such as:

  • Is the perimeter maintained?
  • Are cameras pointed correctly?
  • Are doors secure?
  • Are vehicles screened?
  • Are guards and guard tours effective?
  • Internal tours are important to validate documented HACCP points, steps or procedures.A tour also helps to validate process steps that are in multiple parts and may need to be further assessed as a KAT, for public health impact, accessibility and feasibility or to identify issues that have become “invisible” to site employees which might serve a security purpose.
  • Properly conducted tours measure the effectiveness of a variety of potential internal controls such as:
    • Access control
    • Visitor controls
    • Use of identification measures
    • Use of GMP as a security measure (different colors, access to GMP equipment and clean rooms)
    • Effectiveness of buddy systems
    • Employee presence

Lesson 9: Do not forget the use of community drinking water in your processes. This is an easy way to introduce a variety of contaminants either in areas where water is being treated on site (even boiler rooms) or where water may sit in a bulk liquid tank with accessibility through ladders and ports. In our experience, water is listed on about half of the HACCP flow charts we assessed in the VA process.

Lesson 10: Some mitigation strategies may exist but may not be worth taking credit for in your food defense plan. Due to the record keeping requirements being modeled after HACCP, monitoring, corrective action and verification records are required for each mitigation strategy associated with an APS. This can often create more work than it is worth or result in a requirement to create a new form or record. Appropriate mitigation strategies should always be included in your food defense plan, but sometimes it produces diminishing returns if VA facilitators try to get too creative with mitigation strategies. Also, it is usually better to be able to modify an existing process or form than having to create a new one.

Lesson 11: In cases of multi-site assessments, teams at one plant may reach a different conclusion than another plant on whether an identical point, set or procedure is an APS. This is not necessarily a problem, as there may be different inherent conditions from one site to the next. However, we strongly suggest that there be a final overall review from a quality control standpoint to analyze such inconsistencies adjudicate accordingly where there is no basis for varying conclusions.

Lesson 12: If there is no person formally responsible for physical security at your site, you may have a potential gap in a critical subject matter area. Physical security measures will make at least a partial contribution to food defense. Over 30 years, we have seen many organizations deploy electronic access control, video surveillance and lock and key control systems ineffectively, which provides a false sense of security and results in unidentified vulnerability. It is as important to select the right physical security measures to deploy, but also critical to administer them in a manner that meets the intended outcome. Most companies do not have the luxury of a full-time security professional, but someone at the plant needs to be provided with a basic level of competency in physical security to optimize your food defense posture. We have developed several online training modules that can help someone who is new to security on key food defense processes and security system administration.

Lesson 13: As companies move into ongoing implementation and execution of the mitigation strategies, it is important to check that your mitigation strategies are working correctly. You will be required to have a monitoring component, correction action and verification intended for compliance assurance. However, one of the most effective programs we recommend for our clients’ food defense and physical security programs is the penetration test. The penetration test is intended to achieve continuous improvement when the program is regularly challenged. The Safe Quality Food (SQF) Institute may agree with this and now requires facilities that are SQF certified to challenge their food defense plan at least once annually. We believe that frequency should be higher. Simple challenge tests can be conducted in 10 minutes or less and provide substantial insight into whether your mitigation strategies are properly working or whether they represent food defense theater. For instance, if a stranger were sent through the plant, how long would it take for employees to recognize and either challenge or report the condition? Another test might include placing a sanitation chemical in the production area at the wrong time. Would employees recognize, remove and investigate that situation? Challenge tests are easy high impact activities; and regardless of the outcome, can be used to raise awareness and reinforce positive behaviors.

Whether training a new security officer, reviewing existing security plans or preparing for an upcoming vulnerability assessment (due July 26, 2020), these lessons learned from experienced security consultants should help to focus efforts and eliminate unnecessary steps at your facility. The final installment in this series will address broad mitigation strategies, the “Three Element” approach and food defense plan unification. Read the final installment of this series on Lessons Learned from Intentional Adulteration Vulnerability Assessments, Part III.

FDA

FDA Updates Food Defense Plan Builder to Support Compliance with Intentional Adulteration FSMA Rule

By Food Safety Tech Staff
No Comments
FDA

Attend the Food Defense Plenary Panel Discussion at the 2019 Food Safety Consortium | Tuesday, October 1, 2019Today FDA released an updated version of its Food Defense Plan Builder in efforts to help companies comply with the International Adulteration FSMA rule. Version 2.0 of the tool includes the following sections to help food facility owners and operators in developing a facility-specific food defense plan:

  • Facility Information
  • Process/Product Description
  • Vulnerability Assessment
  • Mitigation Strategies
  • Food Defense Monitoring Procedures
  • Food Defense Corrective Action Procedures
  • Food Defense Verification Procedures
  • Supporting Documents
  • Signature

The tool is for use on a computer, and FDA states that it does not have access to any content or documents used with the tool, nor does it track or monitor how the tool is being used. The agency also emphasizes that use of this tool is not required by law and its use does not mean that a company’s food defense plan is FDA approved or compliant with the IA rule requirements.

The original version of this tool was released in 2013. FDA will be conducting a demonstration of the Food Defense Plan Builder v. 2.0 during a webinar on October 10.

FDA

FDA Says Routine Intentional Adulteration Inspections Will Start March 2020

By Food Safety Tech Staff
No Comments
FDA

Learn more about food fraud  at the Food Labs Conference | June 2–4, 2020 | Rockville, MDThis week FDA made an announcement during a public meeting that the agency’s routine inspection to verify compliance with the FSMA Intentional Adulteration rule will start next March.

The first compliance date for the rule is this July. It is a requirement for food facilities covered under this rule to develop and implement a food defense plan that identifies vulnerabilities and the consequent mitigation plan.

FDA stated that it has received feedback on the “novel nature” of the rule’s requirements and that stakeholders want more time to develop their food defense plans. “ To allow industry time with the forthcoming materials, tools, and trainings, and because the IA rule represents new regulatory territory for all of us, we will be starting routine IA rule inspections in March 2020,” FDA stated and added that it is working on developing more resources as well as the final part of draft guidance to continue to assist industry.

Bill Bremer is Principal, Food Safety Compliance at Kestrel Management LLC
FST Soapbox

FSMA Checklist: Intentional Adulteration Rule

By Bill Bremer
1 Comment
Bill Bremer is Principal, Food Safety Compliance at Kestrel Management LLC

The FSMA Intentional Adulteration rule is focused on preventing intentional adulteration from acts intended to cause wide-scale food safety impacts to public health, including acts of terrorism, economic adulteration and disgruntled employees. Such acts, while unlikely, could cause illness, death and economic disruption of the food supply absent mitigation strategies. This rule requires mitigation strategies to reduce risk versus specific food hazards.

How much do you know about the Intentional Adulteration Rule? Test your smarts by taking the FSMA IQ Test here The Intentional Adulteration rule is established to address large companies with products that reach many people, while exempting smaller companies. This rule requires covered facilities to conduct a “vulnerability assessment” to identify vulnerabilities and actions to take for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these vulnerabilities must be identified and evaluated. Covered facilities must also prepare and implement a Food Defense Plan. This written plan must identify the vulnerabilities and actionable process steps; mitigation strategies; and procedures for food defense monitoring, corrective actions and verification. A reanalysis is required every three years or when certain criteria are met, including mitigation strategies that are determined to be improperly implemented.

Self-Diagnostic Assessment Tool

The following self-diagnostic assessment tool can help organizations better determine their current state of planning when it comes to implementing and managing FSMA Intentional Adulteration requirements. To complete your own assessment, review and compare your programs to the questions in Table I.

FSMA, Intentional Adulteration
Table I. Kestrel Management’s self-diagnostic tool can help a company assess its Intentional Adulteration program for FSMA compliance.

Get Compliance-Ready

Companies must have the appropriate systems in place to comply with FSMA Intentional Adulteration requirements or face possible willful non-conformance, which can include fines and criminal penalties under FDA enforcement. The questions in Table I will help companies identify areas to consider regarding their program. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage all your food safety requirements, and change “No” responses into “Yes” responses that promote best practices for FSMA and food safety compliance.

Complacency Kills. What To Do Before a Recall

By Maria Fontanazza
2 Comments

A control point breakdown can lead to a food safety recall. Here’s what to expect, what to do, and how to move forward. But most importantly, this discussion with Alan Baumfalk, lead auditor and technical manager for Eurofins food safety systems, will focus on prevention and re-evaluating whether your company’s current plans will be effective in the wake of a recall.

Food Safety Tech: What is the role of the crisis management plan as it relates to a company’s food safety program?

Alan Baumfalk: The crisis management plan is an interwoven topic. Some people use crisis management or business continuity interchangeably, but they tend to have a bit of a different focus.

First of all, a crisis management plan usually goes together with a food safety plan, and in some cases, it is part of a food safety plan. We are all familiar with the food safety plan, which includes a HACCP plan (Hazard Analysis and Critical Control Points). HACCP consists of seven principles. We’re all involved in HACCP everyday; it’s related to everything we do. We identify the hazards that might be involved in the food we’re producing; we identify the hazards that might be involved in our daily lives (for example, we choose no to drive in rush hour traffic because of the potential hazards that might be involved).

This all fits into our food safety program where we try to eliminate risk through risk assessment. We establish critical limits of what we will and will not accept, and then we monitor and verify them. We take corrective actions when something we monitor is not within that critical limit. Verification involves verifying that what we’re monitoring is indeed being monitored, and finally, there is record keeping.

The crisis management team wants to prevent a recall, which is a crisis to the business, to the brand, and to the health and welfare to the public. No one wants to have a recall. When putting together this plan, you need to make sure you have a multidisciplinary team. It cannot consist of all sales people, nor can it be solely quality control people. You have to bring in people with certain expertise: Include people that are from legal, media/communications, and the business group.

FST: In preparing for a crisis, where does business continuity planning fit into the picture?

Baumfalk: Crisis management has two additional components—the business continuity plan and the food defense plan. They are not exactly the same, and they are not necessarily interchangeable. The business continuity plan is related to how you are going to continue your business if you have a situation that occurs. It can be a crisis that involves a buyer, an environmental hazard, or a physical hazard, for example.

Sometimes people will consider what is happening in the media right now. What happens if there’s an incidence at the local school and your employees have children there. What are you going to do and how will you respond? How will you continue to do business in a safe way?

When putting together a business continuity plan, you need to ask yourself, how are you going to cope with the business crisis and continue doing business.

  • Designate a senior manager who is in control of handling the organization and making the necessary decisions.
  • Identify a multidisciplinary crisis management team. Each person should have a specific responsibility (i.e., medical, regulatory services, contacting customers, suppliers and internal/external communications). Each team member should be prepared to respond to food safety issues.
  • Develop a contact list that includes legal and various experts in the industry.
  • Train employees.
  • Devise a worst-case scenario and practice, practice, practice. The plan should be tested rigorously and on an annual basis.

When we talk about a mock recall, one of the biggest deficiencies is that people don’t rigorously test it. The number one priority should be to have the plans in place and test them, and identify the weaknesses that you can correct. One of the biggest problems that may eventually cause a recall is complacency. The employees think they got it all covered. It’s important to note that an ounce of prevention is worth a pound of cure.

In Part II of this series, Baumfalk will make the connection between crisis management planning and food defense.