Tag Archives: food defense

SGS, food safety

Food Defense and FSMA

SGS, food safety

FSMA rule for “Mitigation Strategies to Protect Food against Intentional adulteration” (or FSMA Intentional Adulteration rule) is aimed at protecting the U.S. food supply against acts intended to cause wide-scale harm to public health. The rule is a major breakthrough, since it takes food defense to a practical level, into the processes of a food facility. The notion of food defense has been around for many years, but it is safe to say that FSMA gave food defense a new momentum by incorporating it into a regulatory framework, hence facilitating its integration into the food system.

To understand intentional adulteration, it would be essential to cover the basics. PAS 96 and other schemes have taught us those basics, and FSMA created an environment for food defense notions to grow and evolve. Growth and evolution require a sustainable environment, a robust food defense system.

It is critical to consider threats and vulnerabilities in dealing with food defense at the planning stage. FSMA Intentional Adulteration rule makes reference mainly to vulnerabilities as a start. However, it is up to the facility to decide how far it would be willing to go to safeguard its food supply chain.

sgs_fooddefense_fsmaAfter all, the scope of food defense is not confined within the boundaries of the facility.  An “inside-out” vulnerability assessment may prove to be effective, but a complementary outside-in analysis would render food defense more comprehensive, thus expanding its scope into critical areas within the supply chain.

Therefore, the Threat Assessment and Critical Control Point (TACCP) methodology of PAS 96 combined with the vulnerability assessment and food defense management requirements of FSMA Intentional Adulteration rule would be a winning combination in addressing FSMA compliance and mitigating intentional adulteration risks across the entire food supply chain.

With more than 130 years experience in Agriculture and Food businesses, we understand the challenges that you face. Protect your brand, build customer trust and open the door to a more profitable business with food industry solutions from SGS.

From training and inspection, audit and certification, testing and advisory services to retail store checks and mystery shopping our global team of industry experts help you guarantee that your operations meet the highest global standards.

Quality, safety and efficiency are key drivers in the food value chain. Each of these elements impacts on the sustainability of your business, the desirability of your products and the marketability of your business.

Hank Karayan, SGS North America, Inc. Global FSMA Program Director

Alert

How Safe Is Your Facility from Threats?

By Maria Fontanazza
No Comments
Alert

Vulnerability assessments are a key provision of the FSMA final rule, Mitigation Strategies to Protect Food Against Intentional Adulteration. With this requirement comes the “identification of vulnerabilities and actionable process steps” that must be taken to mitigate potential threats. During the IAFP annual meeting Lance Reeve, senior risk management consultant for food safety and defense at Nationwide Agribusiness Insurance Co., reviewed the important and sometimes-overlooked areas that companies should be looking at when conducting vulnerability assessments.

Inside the Plant

To start, vulnerability assessments should be conducted at different times of the day, and the process should involve a team approach, said Reeve. Food defense cannot effectively be managed by a single person within a facility: It needs to involve all departments, from human resources to IT to production to warehousing, and extend to outside suppliers and vendors. How is the flow of employees and visitors around the facility managed? Do staff members wear color-coded badges? Some companies have a color-coding plan to prevent contamination, but it is also a useful tool to ensure that unauthorized employees, outside contractors and visitors aren’t in restricted areas. For example, the maintenance shop may contain deadly food contaminants—do you really want general employees to be able to get into this area? Consider using electronic technology such as biometric access control to limit access based on employee/security credentials.

Working with the human resources department is a critical part of protecting a facility. Does your company have the capability to conduct thorough background checks on all employees? In addition, with all the different types of contractors and vendors who enter your facility it’s important to find out whether your contracting companies are doing the same level of background checks as your organization when they hire employees.  And finally, examine how the culture within the organization. Do employees challenge the presence of visitors who shouldn’t be on the premises?

Outside the Facility

In many cases, companies will look at the inside of their facility for potential hazards and vulnerabilities, but what about the perimeter? How are you controlling the people who are coming onto company property? While this may seem obvious, Reeve recommended physical objects to establish authority: Fences (establish physical border), signs (establish where control begins), and CCTV cameras (establishes security). And when looking at the outside of the building itself, how secure is the roof? What access does a potential attacker have into the facility via the roof? How often are security checks conducted here (if at all)?

Throughout any given day, a company can receive several cargo shipments from a variety of different suppliers. Are you familiar with the food safety programs of your suppliers? They play a critical role in food defense strategies. And when your company receives shipments, Reeve advised that companies go beyond looking at the seals on trucks and examine the transportation system itself. Is cargo removed in a secure area? Is an authorized employee supervising the process or is it left in the hands of the third-party driver?

And finally, a critical part of your mitigation strategy should be to challenge the system. Once you think you may have found all the vulnerabilities, conduct penetration testing.

FSMA

FSMA Intentional Adulteration Rule Released

By Food Safety Tech Staff
No Comments
FSMA

–UPDATE (5/27/2016)– The final rule has been published on the Federal Register‘s website. –END UPDATE–

FDA just released the final FSMA rule, “Mitigation Strategies to Protect Food Against Intentional Adulteration”. Under the rule, domestic and foreign food facilities must complete and maintain a written food defense plan that assesses their vulnerabilities to intentional contamination.

“Today’s final rule on intentional adulteration will further strengthen the safety of an increasingly global and complex food supply,” said Stephen Ostroff, M.D., incoming FDA deputy commissioner for foods and veterinary medicine in a press release. “The rule will work in concert with other components of FSMA by preventing food safety problems before they occur.”

The final rule will be published on the Federal Register tomorrow. To preview the PDF document, visit the Federal Register’s website.

Specific Training Required Under FSMA: A Look at Each Rule

By James Cook
No Comments

All seven core rules of FSMA require general training of individuals or employees and qualified individuals requiring education, training or experience to perform specific tasks. By including training in these regulations, the FDA has made specific training mandatory.

Training Required by FSMA Final Rules

In the current Good Manufacturing Practices (cGMP) and preventive control rules, as per 21 CFR 117.4 and 507.4, all individuals engaged in the manufacturing, processing, packing and holding of food must have the education, training or experience to perform assigned duties and must be trained in the principles of food hygiene and food safety. However, the preventive controls qualified individual (PCQI) and qualified auditor, to rules 21 CFR 117.180 and 507.53, can be an individual who has successfully completed a class equivalent in curriculum to that recognized by the FDA, or have the necessary job experience. In both cases, the training must be documented, including the date of training, type of training and those personnel trained.

This means that all employees are to be trained in food hygiene and food safety to at least the standard presented in the regulations and more specifically as per the cGMP requirements. Additionally, individuals who are responsible for a specific critical control point will still need to be trained in HACCP. However, this will probably not be sufficient for an employee responsible for preventive control, as he or she may require training in Hazard Analysis Risk-Based Preventive Control (HARPC), or training specific to the area in which the employee is involved (e.g., allergens, sanitation, supply chain or recall programs, or preventive controls).

For the preventive control qualified individual and qualified auditor, the training needed may be that of the approved FDA curriculum, as developed by the Food Safety Preventive Control Alliance (FSPCA). Although this training course is not a regulatory requirement, FDA inspectors and other regulatory personnel who are auditing facilities will have completed this training, meaning qualified auditors will be expected to have this training, and eventually preventive controls qualified individuals (PCQIs) will be expected to do so too. The qualified auditor and a PCQI will still require the education, experience and other training to perform the specific job duties as listed in the regulations. Unfortunately, it is likely that neither the industry nor the government will have enough lead instructors ready to train everyone who would want or need to be trained before the compliance dates become effective. Additionally, this training course is not yet available for animal food, and the industry has been informed by FSPCA that a Foreign Supplier Verification Program (FSVP) training module will be added to the training course. The FSVP is discussed in the Supply-Chain Preventive Control module, and the fact that there are some similarities between these regulations helps individuals involved in the FSVP program, or in auditing it.

In the produce safety rule, training requirements are listed in subpart C 21 CFR 112.21, 112.22, 112.23 and 112.30. Personnel who require training are those handling covered produce and their supervisors. As with the cGMP and preventive control rules, the principles of food hygiene and food safety must be taught to these personnel. More specifically they must learn how to identify an ill or infected person, and be taught about microorganisms of public health significance, such as Salmonella, Listeria and E. coli O157 on food contact surfaces. Additionally, personnel who harvest covered produce must be trained in recognizing produce that is contaminated with known or reasonably foreseeable hazards to ensure it isn’t harvested. These personnel must be trained in the use of harvest containers and equipment to ensure that they are functioning properly, clean and maintained, and to identify when they are not. At the same time, employees must be trained in correcting any issues or in reporting them to a supervisor in order to have them corrected. All this training must be documented in the same way as the cGMP and preventive control programs.

Unlike the cGMP and preventive control rules, the produce safety rule’s requirement to have a qualified individual, supervisor or responsible party on each farm that has completed a recognized FDA course, or equivalent, is not optional. This course will be available through the Produce Safety Alliance and is anticipated to start in September 2016. The grower food safety course required for supervisors will include an introduction to produce safety, worker health and hygiene training, soil amendments, wildlife, domestic animals and land use, agricultural water, post-harvest handling and sanitation, as well as how to develop a food safety plan.

The training for produce, conducted by the Produce Safety Alliance and/or trained trainers, does not cover training for sprouts; training for sprouts is being developed by the Sprout Safety Alliance and will include topics specifically for sprouts, such as antimicrobial treatment of sprouting seeds.

In the FSVP, the qualified individuals must have the education, training or experience necessary to perform activities as per 21 CFR 1.503. These qualified individuals will develop the FSVP and those activities such as hazard analysis, supplier approval, determining verification activities and frequency, corrective actions and other activities for the FSVP. These personnel must be able to read and understand the records to be reviewed for this program. This means they must know English and may also need to know the local language at point of product manufacture or farming. 

At this time there is no structured training program for these individuals, but the FSPCA training program, alongside education and experience can provide the training necessary for these people to perform the job activities. A PCQI would be qualified for the role of a FSVP qualified individual, but the FSVP probably would not be qualified for the PCQI role. This is because the activities in the FSVP are not as complicated as those required by the cGMP and preventive controls rules, and therefore the FSVP qualifications would not need to be as stringent.

Training Under Proposed Rules

In the proposal for Sanitary Transportation of Human and Animal Foods, 21 CFR 1.910, the FDA requires carriers of these products to train personnel who are engaged in transportation operations. This should include awareness of potential food safety problems that may occur to food during transport, basic sanitary practices that would address those problems and the responsibilities of the carriers in the regulation. As with all training in these regulations, the type of training, who was trained and when they were trained must be documented.

Since this is a proposal, the training for teaching the carrier’s responsibility is not yet finalized but will require nothing more than explaining that section of the regulation. The training of potential food safety issues and the problems that might occur during transport are handled during standard cGMP and food safety training.

For the proposed Intentional Adulteration rule, per 21 CFR 121.160, the personnel and supervisors assigned to the actionable process steps must receive training in food defense awareness and their responsibilities in implementing the migration strategies. Also, as per 21 CFR 121.130, the vulnerability assessment is to be performed by a qualified individual, and this individual is to be qualified through experience and/or appropriate training.

For basic food defense, the FDA offers various courses and information, such as Food Defense 101, on their food defense webpage. An online course is offered in English and Spanish and covers the awareness training and the regulations for employees. Upon course completion, a certificate is provided. The agency also has a downloadable food defense plan builder that can be used to develop a food defense program. The agency also provides vulnerability assessment software, but additional training in PAS 96 or ISO/TS 22000 food defense would aid qualified personnel in making sure that this vulnerability assessment is correct and that the strategies to reduce risks are appropriate and not excessive.

There is an abundance of training courses and materials available from the FDA, USDA FSIS, associations and industry. FSMA employee training requires having personnel with the proscribed education and experience to perform specific tasks, and that they be trained as soon as possible in order for them to develop the programs. Additionally, all personnel should be trained at least annually in food hygiene, food safety and food defense.

Rod Wheeler, The Global Food Defense Institute

Are Food Companies Prepared for Intentional Contamination?

By Maria Fontanazza
1 Comment
Rod Wheeler, The Global Food Defense Institute

Unfortunately, quite often we are reminded of the vulnerabilities throughout the food supply chain. The latest E. coli outbreak linked to Chipotle restaurants in Oregon and Washington once again has consumers and the food safety industry on edge about traceability and a company’s ability to quickly identify the source of a serious outbreak. According to the CDC’s most recent update, laboratory testing is ongoing to find the DNA fingerprint of the bacteria. Concerning as this may be, no deaths have been reported thus far, but 42 people have been reported ill and 14 have been hospitalized in Washington and Oregon. In the most recent statement released on Chipotle’s website, the company said it is “aggressively” taking steps to address the problem, including by conducting deep cleaning and sanitization of its restaurants as well as environmental testing in its restaurants, and replacing all food items in the establishments that it closed “out of an abundance of caution”.

What if this were a situation of intentional contamination? Would Chipotle or any other company in this type of scenario really be prepared? These questions were posed by Rod Wheeler, CEO of The Global Food Defense Institute during a recent conversation with Food Safety Tech about food defense, and food tampering and intentional adulteration. Wheeler and Bruce Lesniak, president of Lesniak & Associates, shared their views on the threats that the food industry is facing and why companies need to have a strong plan in place to prepare for an attack on the food supply.

During next week’s Food Safety Consortium conference, Rod Wheeler will moderate the Ask the Experts session, “Engaging Food Tampering Discussion Surrounding Food Defense” on Wednesday, November 18.  LEARN MOREFood Safety Tech: What challenges do you see companies facing in the area of food tampering and adulteration?

Rod Wheeler: Our food supply is wide open. It accounts for 13% of the overall U.S. GDP. One thing we know about terrorists is that they want to affect our financial markets. What’s the best way to do that? You attack the 13% GDP – and what infrastructure is that? It’s our wireless systems, airline systems, transportation systems, medical supply, or our food and agricultural supply. Those are the top areas in which we need to focus, and we have to make sure the food & agriculture supply remains safe and secure in the United States.

On 9/11 the world changed, and the challenge for us becomes, within all of our 18 infrastructures, but how have we changed? Do we continue to do business the same way we always have, even prior to 9/11? Over the past few years, we’ve seen a significant increase in terroristic activity around the world—from France to Syria to Yemen to Pakistan. Here in the United States, we have to be mindful of what is happening.

Rod Wheeler, The Global Food Defense Institute
Rod Wheeler, CEO of The Global Food Defense Institute

We’ve always had food safety programs: HACCP, HARPC, GFSI, SQF, etc.—those are good for unintentional contamination. But what happens if someone wants to intentionally place a deadly contaminant into a product?

In this country, on a daily basis we see contaminations occurring.  We were recently notified of a massive outbreak of E. coli that has occurred throughout the Chipotle system: 47 Chipotle stores have been closed. What does that mean? Is that just a food safety issue? What if that E. coli could have been intentionally grown in a test tube and placed into the food supply? Going forward, we have a duty and an obligation to look at these things, not just at face value but think about whether they are intentional events.  

FST: Where are the biggest holes within food defense plans?

Wheeler: With more than 15 years of visiting food processing facilities, agricultural farms, dairy farms, and dairy processing facilities, the biggest concern that resonates with me is the fact that the culture of security is not there. The culture of security is simply security awareness—not planning. People in food plants are being taught to be mindful not vigilant. The largest of food companies have well thought out and active safety and defense plans, and their employees are educated, trained and empowered. We find that this falls off sharply with the mid-sized and small manufacturers and suppliers.  All food providers must have a comprehensive and strategic security plan that is active and measureable.

For example, let’s say a contractor is walking though a food plant. You have worked in that plant for five years but have never seen this person before. Would you question that person about their credentials? Are people thinking about the things they can personally do to reduce or mitigate the risk… are they empowered?

Darin Detwiler of STOP Foodborne Ilness, PCA sentencing
“When Someone Dies, It’s Not Business as Usual”: Darin Detwiler of STOP Foodborne Illness discusses the impact of the PCA sentencing on the food industry. Watch the video

So, the question is “what do you do when/if”: This is one of the topics we will be discussing at the [Food Safety Consortium] conference. It’s interesting that when we present this scenario to the management of a food company, many answer back with a blank stare. We ask, do you shut down your facility? Do you notify your customers? Do you notify the national media? This question goes to the root of the company’s security culture and the strength of its strategic planning. Until we develop the necessary plans, processes and protocols to respond proactively, we will continue to remain vulnerable.  

FST: Do you think many food companies assume something catastrophic won’t happen to them?

Wheeler: I always ask why it is that we don’t anticipate these things in advance. People are complacent. “It’s not going to have happen here,” they say. “What terrorist would come to our small town and do this? We’re just a small mom and pop [business].”

Recently, I received a call from a 17-employee company in Tennessee. This particular company processes honey for 100 large box retail stores. I received a call from the CEO who said, “My client wants us to have one of those vulnerability things.” He was referencing the vulnerability assessment. He said, “I don’t know why they’d want us to have one of those. We’re a small company down here in Tennessee, why does my client think some terrorist would come here?” The fact is, attackers will find the weakest link to attack: The small honey company is not the target; they are the vessel by which the attackers get to the primary target, and in this case, the big box retailer. The big box retailer/supplier is the target and the simplest, most effective way to get to them is through the hundreds of small, low to no protection suppliers.

These are the issues we need to enlighten and educate companies about; we need to get them thinking differently, because this way of thinking is completely different. If you ask someone who’s been in this industry for years, they’ll say, we never had to worry about locking our doors, or use biometrics to gain access to certain areas. We never had to think about these things in the Food & Ag supply before.

During our front line training course, we place a significant amount of focus on the food plant blending areas and why it is the number one threat area for intentional/unintentional contamination of our food supply in the United States. The blending area is exposed to a number of vulnerabilities and once attacked, the tainted ingredients are spread among numerous products that once distributed, are not necessarily quickly traced once they are blended into the final product.

Bruce Lesniak: The consequences of such an emergency are multifaceted; they affect the consumer and their product confidence, the manufacturer through recall and the retailer through recall, brand damage and loss of consumer loyalty. Often, this ripple effect begins with the small supplier and works its way upstream to affect the entire process.

We are seeing this scenario unfold in real time with Chipotle—this is huge in the food industry. FDA has not been able to determine exactly where that genetic fingerprint has originated resulting in location closures, shaken consumer confidence and brand damage. –Rod Wheeler

FST: What will it take the industry to wake up to what could become a serious reality?

Wheeler: Unfortunately it’s probably going to take a major incident for people to wake up and smell the coffee. With that said, we firmly believe that it is critical to awaken the sleeping giants before something happens. We must increase the awareness and provide education to heighten the reality of what can potentially happen and promote proactive engagement of risk mitigation.

FST: In the context of FSMA, are companies prepared for the compliance stage?

Wheeler: Over the years, I’ve seen a number of companies begin to ramp up security at their facilities. But a number of them are doing it because they realize they need to comply with the food defense elements of FSMA; the larger companies are driving compliance and are requiring that their suppliers comply. But I think convincing companies about “Why” this is important, is the challenge. Often times companies will say, “we’re doing this training”, or “we’re doing this vulnerability assessment because it’s a requirement of FSMA.”

We feel that if being compliant is your “Why “reason, then you are spending time and money for the entirely wrong reason. You don’t do vulnerability assessment or training in food defense because you want to comply with the law. You do it because you want to protect your company and the consumer from the reality of what can happen and proactively work to avoid a threat.

Lesniak: We see the adoption trend take hold as it has traditionally, in three phases. First are the early adopters—they understand the importance of compliance for the right reasons and the need for food defense, Second are those who feel the urgency to comply due to a compelling issues (an incident or have been instructed to do so by larger suppliers in order to retain contracts), and third are those who will come kicking and screaming.

Wheeler: A lot of the requirements of FSMA were generated as a result of the PCA event in 2009. The prosecution and subsequent conviction of the Parnell brothers isn’t the last prosecution we’re going to see for someone violating a food safety protocol. This is the first, and it’s a wake up call.

FDA

FDA Releases Voluntary Retail Program Standards

By Food Safety Tech Staff
No Comments
FDA

After receiving input from federal, state, and local regulatory officials, along with industry and trade associations, academia, and consumers, FDA issued its Voluntary National Retail Food Regulatory Program Standards last week. The standards address “what constitutes a highly effective and responsive retail food regulatory program,” according to the document.

The Retail Program Standards include:

  • Promoting the adoption of science-based guidelines from the FDA Food Code
  • Promoting improvement of training programs to ensure local, state, tribal, and territorial staff have the necessary skills, knowledge and abilities
  • Implementing risk-based inspection programs
  • Developing outbreak and food defense surveillance plans to enable systematic detection and response to foodborne illness or food contamination

The 2015 edition contains new worksheets that are intended to assist regulatory programs in looking at how their programs line up with the 2013 Food Code. This includes helping them assess the consistency and effectiveness of their enforcement activities, and a verification tool to help independent auditors with these self-assessments. Although jurisdictions can use the worksheets and other materials without enrolling in the Retail Program Standards, FDA encourages them to do so, as enrollment allows them to apply for FDA funding. The agency also lists the jurisdictions enrolled in the program here.

Steps to Avoid a Food Crisis

By Maria Fontanazza
No Comments

Part two of Food Safety Tech’s interview with Alan Baumfalk, lead auditor and technical manager for Eurofins food safety systems, discusses how companies can reduce their chances of having a food crisis. “Sometimes we forget that part of our crisis management team is part of food defense,” says Baumfalk.

Food Safety Tech: Can you discuss the importance of the food defense plan within crisis management?

Alan Baumfalk: We need to defend the product within our facility, and we need to determine as part of the food defense plan the methods that we’re going to implement to prevent adulteration of product.

We need to step up and watch this: The process literally travels from farm to fork; from the crop through processing through distribution and to the final consumer. As part of our food defense plan we need to protect sensitive processing points from intentional adulteration, and we must watch for potential accidental adulteration.

It is important to carefully control the activities in the plant. Part of that involves limiting employee, subcontractor and visitor access to production equipment, manufacturing, and storage areas by designating access points.

These steps can help to eliminate issues involved in causing a crisis:

  • Secure the storage of raw materials, packaging equipment and hazardous chemicals
  •  Control all chemicals within the facility, because they can be used to deliberately or accidentally contaminate food.
  •  Hold finished products in secure storage.
  •  Control transportation. Apply seals to the full truckload.
  •  Monitor all points of distribution.

Food Defense Culture is Coming

By Maria Fontanazza
1 Comment

FSMA’s proposed rule on intentional adulteration isn’t the only reason companies should be paying attention to food defense.

Establishing metrics in food defense, similar to the growing awareness around the importance of measuring behaviors in a food safety culture, was a topic recently brought up at FDA’s FSMA public meeting in the spring. The agency acknowledged that it will need to both clearly define what exactly is intentional adulteration and how it can be measured.

While food safety involves assessing and mitigating hazards, food defense is all about the threat and protection against intentional contamination. “The threat of fraud is a growing problem as supply chains get more complex, resources grow scarcer and the cost of food increases. All this provides more opportunity and potential reward for food adulterers,” stated a recent PwC report on food trust.

The FSMA final rule Focused Mitigation Strategies to Protect Food Against Intentional Adulteration is scheduled to be published in spring 2016, and companies need to be revisiting and revamping their food defense plans to prepare.

Prevention is the key word and on the most fundamental level of a food defense plan, businesses need to have management commitment before building, or even revisiting, a food defense plan—do they understand the resources, time and cost involved?

Conducting a vulnerability assessment is the first step in finding the gaps and examining whether a facility is secure. Beyond the standard questions that companies may ask when embarking on this assessment, businesses should identify potential attackers, asking how an attacker could have access to a product or process and what would be the outcome of an attack. Then look at the protective measures that are already in place—would these act as a deterrent? And if deterred, would the attacker proceed to the next target or would he or she stop? What measures are in place to find the attacker before there is an effect on the product?

When developing a food defense plan, there are several areas of potential vulnerability:

  • Shipping and receiving and packaging
  • Laboratories and testing sites
  • Recall and traceability programs and processes
  • Water used in processing/manufacturing—what is its origin?
  • Employees—what are the health risks? Is there a process for employee health reporting? Is there a process for reporting disgruntled employees?
  • Security personnel

With food fraud on the rise, it’s important for companies to continue to revisit and update their food defense plans, considering changes to facility designs or strategies, packaging changes, security improvements, etc. Companies should also be proactive in monitoring their employees both from a satisfaction (reducing the incidence of a disgruntled employee) and awareness perspective. FDA has initiatives to help companies build a food defense culture and employee awareness, including the ALERT training course for owners and operators of food facilities and Employees FIRST, and the National Center for Food Protection and Defense has programs aimed at workforce training as well as undergraduate and graduate curriculum on food defense.