This week’s episode of the 2021 Food Safety Consortium Virtual Conference Series will discuss the challenges that the industry faces in managing the supply chain, including in the realm of audits. The following is the agenda for this Thursday’s session:
- Food Safety as a Supply Chain Management Problem, with John Spink, Ph.D., Michigan State University
- Supplier Certification in Today’s Supplier Quality Management Programs: A Discussion with Gary van Breda, McDonald’s; Jorge Hernandez, Wendy’s; and moderated by Kari Hensien, RizePoint; Sponsored by RizePoint
- What Needs to Change in Food Safety Certification: A GFSI Panel Discussion moderated by Erica Sheward, GFSI
- Auditing Update in the Age of COVID: FDA Standards and Regulations Alignment Pilot, with Trish Wester, AFSAP
This year’s event occurs as a Spring program and a Fall program. Haven’t registered? Follow this link to the 2021 Food Safety Consortium Virtual Conference Series, which provides access to all the episodes featuring critical industry insights from leading subject matter experts! Registration includes access to both the Spring and the Fall events. We look forward to your joining us virtually.
Managing the complexities of a management system is challenging for any food and beverage company, particularly for the team tasked with implementing the system throughout the organization. That is because every regulatory agency (e.g., FDA, USDA, OSHA, EPA) and voluntary certification (e.g., GFSI-benchmarked standards, gluten-free, organic, ISO) calls for companies to fulfill compliance requirements—many of which overlap. Supply chain and internal requirements can create further complications and confusion.
In today’s “New Era of Smarter Food Safety,” having a common system to organize, manage and track compliance offers an ideal solution. Dynamic tools are becoming available—systems that can manage employee training, pest control, laboratory testing, supply chain management tools, regulatory compliance and certification requirements, etc.
Unfortunately, these systems are often not set up to “talk” to each other, leaving company representatives to navigate many systems, databases, folders, and documents housed in many different locations.
The Solution: Compliance Management Systems
An integrated compliance management system (CMS) is intended to bring all these tools together to create one system that effectively manages compliance requirements, enables staff to carry out daily tasks and manage operations, and supports operational decision making by tracking and trending data that is collected daily by the team charged with implementation.
A CMS is used to coordinate, organize, control, analyze and visualize information to help organizations remain in compliance and operate efficiently. A successful CMS thinks beyond just access to documents; it manages the processes, knowledge and work that is critical to helping identify and control business risks. That may include the following:
- Ensuring only authorized employees can access the right information.
- Consolidating documents and records in a centralized location to provide easy access
- Setting up formal business practices, processes and procedures
- Implementing compliance and certification programs
- Monitoring and measuring performance
- Supporting continuous improvements
- Documenting decisions and how they are made
- Capturing institutional knowledge and transferring that into a sustainable system
- Using task management and tracking tools to understand how people are doing their work
- Enabling data trending and predictive analytics
CMS Case Study: Boston Sword and Tuna
In early 2019, Boston Sword and Tuna (BST) began the process of achieving SQF food safety certification. We initially started working with BST on the development, training and implementation of the program requirements to the SQF code for certification—including developing guidance documents for a new site under construction.
The process of attaining SQF certification included the development of a register of SQF requirements in Microsoft SharePoint, which has since evolved into a more comprehensive approach to overall data and compliance management. “We didn’t plan to build a paperless food safety management system,” explains BST President Larry Dore, “until we implemented our SQF food safety management program and realized that we needed a better way to manage data.”
We worked with BST to structure the company’s SharePoint CMS according to existing BST food safety management processes to support its certification requirements and overall food safety management program. This has included developing a number of modules/tools to support ongoing compliance efforts and providing online/remote training in the management of the site and a paperless data collection module.
The BST CMS has been designed to support daily task activities with reminders and specific workflows that ensure proper records verifications are carried out as required. The system houses tools and forms, standards/regulatory registers, and calendars for tracking action items, including the following:
- Ambient Temperature
- Corrective and Preventive Action (CAPA)
- Chemical Inventory/Safety Data Sheets (SDS)
- Compliance Management
- Customer Complaints
- Document Control
- Employee Health Check
- Food Safety Meetings Management Program
- Forklift Inspections
- Good Manufacturing Practices (GMP) Audit
- SQF Register
- Maintenance (requests/work orders/assets/repairs)
- Nightly Cleaning Inspections
- Operational/Pre-Operational Inspections
- Sanitation Pre-Op Inspections
- Scale Calibration
- Sharp/Knife Inspections
- Shipping/Receiving Logs
- Thawing Temperature Log
- Thermometer Calibration
Key Considerations for Designing a Successful CMS
An effective CMS requires an understanding of technology, operational needs, regulatory compliance obligations and certification requirements, as well as the bigger picture of the company’s overall strategy. There are several key considerations that can help ensure companies end up with the right CMS and efficiency tools to provide an integrated system that supports the organization for the long term.
Before design can even begin, it is important to first determine where you are starting by conducting an inventory of existing systems. This includes not only identifying how you are currently managing your compliance and certification requirements, but also assessing how well those current systems (or parts of them) are working for the organization.
As with many projects, design should begin with the end in mind. What are the business drivers that are guiding your system? What are the outcomes you want to achieve through your system (e.g., create efficiencies, provide remote access, reduce duplication of effort, produce real-time reports, respond to regulatory requirements, foster teamwork and communication)? Assuming that managing compliance and certification requirements is a fundamental objective of the CMS, having a solid understanding of those requirements is key to building the system. These requirements should be documented so they can be built into the CMS for efficient tracking and management.
While you may not build everything from the start, defining the ultimate desired end state will allow for development to proceed so every module is aligned under the CMS. Understand that building a CMS is a process, and different organizations will be comfortable with different paces and budgets. Establish priorities (i.e., the most important items on your list), schedule and budget. Doing so will allow you to determine whether to tackle the full system at once or develop one module at a time. For many, it makes sense to start with existing processes that work well and transition those first. Priorities should be set based on ease of implementation, compliance risk, business improvement and value to the company.
Finally, the CMS will not work well without getting the right people involved—and that can include many different people at various points in the process (e.g., end user entering data in the plant, management reviewing reports and metrics, system administrator, office staff). The system should be designed to reflect the daily routines of those employees who will be using it. Modules should build off existing routines, tasks, and activities to create familiarity and encourage adoption. A truly user-friendly system will be something that meets the needs of all parties.
Driving Value and Compliance Efficiency
When thoughtfully designed, a CMS can provide significant value by creating compliance efficiencies that improve the company’s ability to create consistent and reliable compliance performance. “Our system is allowing us to actually use data analytics for decision making and continuous opportunity,” said Dore. “Plus, it is making remote activities much more practical and efficient”.
For BST, the CMS also:
- Provides central management of inspection schedules, forms, and other requirements.
- Increases productivity through reductions in prep time and redundant/manual data entry.
- Improves data access/availability for reporting and planning purposes.
- Effectively monitors operational activities to ensure compliance and certifications standards are met.
- Allows data to be submitted directly and immediately into SharePoint so it can be reviewed, analyzed, etc. in real time.
- Creates workflow and process automation, including automated notifications to allow for real-time improvements.
- Allows follow-up actions to be assigned and sent to those who need them.
All these things work together to help the company reduce compliance risk, create efficiencies, provide operational flexibility, and generate business improvement and value.
Last year’s annual GFSI Conference was held in Seattle just weeks before the World Health Organization (WHO) declared COVID-19 a pandemic. This year’s event looked very different, as it joined the virtual event circuit—with hundreds of attendees gathering from across the globe, but from the comfort of their homes and offices. The 2021 GFSI Conference reflected on lessons learned over the past year, the fundamentals of building a better food system, and the idea that food safety is a collaborative effort that also encompasses training programs, effectively leveraging data and capacity building.
The pandemic provided the opportunity to reimagine safer, more resilient and sustainable food systems, said Dr. Naoki Yamamoto, universal health coverage, assistant director-general, UHC, Healthier populations at WHO. She also offered three clear messages that came out of the pandemic:
- Food safety is a public health priority and a basic human right. Safe food is not a luxury.
- Food safety is a shared responsibility. Everyone in the food chain must understand this responsibility and work towards a common goal.
- Good public private partnership can bring new opportunities and innovative solutions for food safety. We need to seek more collaborative approaches when working across sectors to achieve foods safety.
During the session “Ready for Anything: How Resiliency and Technology Will Build Consumer Trust and Help Us Mitigate Disruption in the 21st Century”, industry leaders discussed how the pandemic reminded us that a crisis can come in many forms, and how applying the right strategy and technology can help us remain resilient and equipped to address the challenges, said Erica Sheward, GFSI director.
“When you think about business resiliency—it’s about our own, but most importantly, it’s about helping our customers become more resilient to those disruptions,” said Christophe Beck, president and CEO of Ecolab. He added that being able to predict disruptions, help customers respond to those disruptions, and provide real-time control to learn and prepare for the next pandemic or serious crisis is critical. Companies need to ensure their technology systems and contingency plans are ready to go, advised David Maclennan, chairman and CEO of Cargill. The key to a resilient food supply chain system is access and the ability to keep food moving across borders. And above all, whether dealing with a health crisis or a food safety crisis, consumers must always be front and center, said Natasa Matyasova, head of quality management at Nestle. “In short term, [it’s] first people, then business contingency, and then help the community as needed,” she said.
The second and third days of this year’s virtual 2021 GFSI Conference (see GFSI Day 1 Wrap) took the opportunity to recognize the impact of COVID-19 on the industry but more importantly, addressed the future of providing safe food to a global population. “The COVID-19 pandemic has been an exceptional challenge to public health and food systems and everyone in the world, but it has also been an opportunity to reimagine safer, more resilient and sustainable food systems,” said Naoko Yamamoto, M.D., a physician and epidemiologist at the World Health Organization. “We need to seek more collaborative approaches to be inclusive and innovative when working across sectors to achieve food safety.”
Speakers discussed the importance trust and transparency related to food safety and sustainability. With the United Nations’ Sustainable Development Goals deadline set at 2030, GFSI developed a new code of ethical conduct in its new Governance rules. “We need strong engagement from the private sector for our agrifood systems to become more efficient, more inclusive, more resilient and more sustainable,” said Qu Dongyu, Director-General of the Food and Agriculture Organization of the United Nations.
In addition to networking breaks during the event, concurrent special sessions targeted auditing, chemical hazards, pest management and technology solutions. Day three also featured Ask GFSI sessions, which were conducted in Zoom, and allowed speakers to field questions from the live attendees.
The 20th annual GFSI Conference convened yesterday, but instead of bringing together an international group of food industry stakeholders in one central location, the event was held online, streamed throughout offices and homes across the globe.
Day one kicked off with a welcome from Wai-Chan Chan, managing director of The Consumer Goods Forum, Qu Dongyu, Director-General of the Food and Agriculture Organisation of the United Nations, who addressed the humanitarian and consumer perspective of food safety. “We need a strong engagement of the private sector for our agrifood systems to become more efficient, more inclusive, more resilient and more sustainable,” Chan stated. The conversation about the global importance of sustainability continued with a conversation led by Erica Sheward, GFSI Director, and Howard Popoola, vice president, corporate food technology and regulatory compliance for The Kroger Company and Roy Kirby, global director, microbiology, food safety and toxicology for Mondelez International. They talked about GFSI’s program, Race to the Top, and the /global Markets Programme capability tool, which was established more than 10 years ago to help companies implement continuous improvement to develop an effective food safety management system, and its potential in developing markets. “Think about what this could do for farmers, think about what it could do for families in Africa, in those places described as countries of opportunity, producing niche products, who just need an opportunity to be able to sell their products into the world stage,” said Popoola, who is also a GFSI steering committee member.
During the course of the day, stakeholders also discussed pandemic-specific issues including supply chain disruptions, and the role of crisis communications and messaging to consumers related to the safety of the food supply.
More exclusive updates will be available from Food Safety Tech. Read GFSI’s full update on Day One of the conference.
This year’s GFSI Conference will take place March 23–25 and bring together experts, decision makers and innovators in the food industry. With the theme of “rethink, reset, recharge”, the three-day virtual program includes online networking features to allow attendees to connect with professionals across the globe, and sessions that explore COVID-19; supply chain disruption and public health; building consumer trust and transparency; sharing best practices; and technologies shaping the future of food safety.
“Collaboration to ensure safe food for consumers everywhere and sustainable food systems has never been more critical – and this event provides a major opportunity to learn from an unprecedented period and move forwards in the best possible way. We’re excited by the chance to help colleagues across the industry build on the ingenuity, resilience and dedication shown by the food industry over the past 12 months,” said Erica Sheward, director of GFSI, in a press release. “With the conference taking place virtually for the first time, it’s easier than ever before for food industry professionals to get involved—and we’re urging people from all corners of the globe to ensure they’re part of this unique and collaborative forum. Food safety is everyone’s business, and we must continue to work together to build consumers’ trust in the food they buy.”
More information about the GFSI conference, along with registration, agenda and partner details, can be found on the event website.
GFSI is a partner organization for the 2021 Food Safety Consortium Virtual Conference Series.
The coronavirus pandemic has impacted the food industry on several fronts from production to consumer purchasing habits to in-restaurant dining adjustments. While facility operations might look different, the demand for product is certainly still high, so operations should be tighter than ever.
Unfortunately, pest activity has not slowed down during the pandemic. From rodents and cockroaches to stored product pests and birds, your facility is susceptible to pest disruptions. With shipments coming and going and limited staffing, it’s also highly likely you don’t have time to prioritize your pest management program. An unchecked, contaminated shipment leaving your facility and making it into the homes of consumers is all it takes to wreak havoc on your business.
If you already have an integrated pest management (IPM) program in place, you’re heading in the right direction with securing your facility. IPM programs help food processing facilities keep pests from entering and destroying your product by applying preventive measures such as identifying potential and existing sanitation opportunities and regularly evaluating the state of facility maintenance.
The last thing you need right now is a failed audit due to preventable pest issues. Failing a first, second or third-party audit can lead to many consequences such as a damaged reputation, reduced profits and worst of all, lost customers. With most regulators resuming on-site audits, offering remote options or a hybrid of the two, ensuring your facility stays within regulations is still possible, and highly encouraged. After all, pest control plays a significant role in all major food safety audits and can account for up to 20% of your score.
Food Safety Audits during the Pandemic and New Changes
Not only do facility managers have to regulate operations during a pandemic, but they also must maintain strict food safety standards to ensure that the food supply chain stays healthy. With the arrival of COVID-19 vaccines, there is some hope that the pandemic may be under control soon, but it is not over yet, and food safety audits should not be avoided because of a pandemic. To accommodate, many auditors implemented new measures such as remote and hybrid audits for food processing facilities, in addition to on-site audits.
If your facility is still unable to conduct on-site audits at this time, special accommodations can be made. The following auditors have made updates to their food safety audits amid the pandemic:
- BRCGS: In addition to blended audits, BRCGS is offering certificate extensions for up to six months with a risk assessment and review. Although not benchmarked by GFSI, remote assessments are also available and involve a video audit of your facility’s storage and production areas in additional to reviewing internal audit results and documentation.
- SQFI: SQFI is postponing certifications for extenuating circumstances and implemented additional processes for risk assessments. Certifying bodies will have to conduct risk assessments to determine whether a certificate extension is needed.
- FDA: After temporarily suspending all facility inspections last March, the FDA has resumed domestic inspections on a case-by-case basis when safe to execute. Foreign inspections have not yet resumed so, take extra care if your facility regularly receives foreign shipments.
- FSIS: Inspections of meat, poultry and egg facilities continued through the pandemic. These regulated facilities continue to require sanitation SOPs to help maintain food safety and prevent the spread of diseases.
Whether your facility is able to resume onsite audits or needs to switch to a remote or hybrid option, pests will still be trying to take advantage. Working with your pest control provider to ensure your documentation and pest management measures are in order is one of the best ways to ensure any audit or risk assessment goes smoothly. While each auditor has specific requirements, here are some key considerations for your next third-party inspection.
Implement an IPM Program
We cannot stress enough the importance of a proactive pest management program for food processing facilities. The best way to reduce pest issues is to build them out. Your pest control partner will identify and communicate to you on ways to reduce, or in some cases even eliminate food, water and harborage for pests. Ensure your contract specifies the roles and responsibilities of your pest control partner and you, the scope of service and a risk assessment plan. If you’re unsure of what your contract entails, now is the time to get in touch with your pest control partner.
Invest in Your Employees
Train your staff to spot and record signs of pest activity so you can address them immediately with your pest control partner. This is particularly important if you had to adjust employee schedules during the pandemic to enforce proper social distancing. Fewer staff means fewer opportunities to spot pest issues, so making sure all employees are trained can help you in the long run.
Keep Up with Documentation
Your documentation is an integral part of your audit process because it shows third-party auditors that you can verify that you have an effective pest management plan in place. Three types of documents are needed for your audit: Proof of training and certification, pesticide documentation and general facility documentation. Most pest control providers now maintain digital documentation for their partners which makes it easier to track and monitor for pest trends, treatments and updates to your plan. Even with a proper pest management program in place, facilities can still lose points for not having proper documentation so don’t overlook this part.
Hold Practice Runs
A good pest control partner will encourage test audits to ensure you’re prepared for the real deal. An annual assessment is one of the best ways to make sure your pest management program is still working and to address any gaps if it isn’t. Don’t forget to review your documentation during test audits in addition to joining your pest control partner for a physical inspection of your facility (socially distanced, of course).
Prepare your Facility
Your goal, and the goal of your pest control partner, should be that your facility is ready for an audit at any time. However, if you have an upcoming scheduled audit, a week before your audit, work with your pest control partner to conduct interior and exterior inspections as well as a documents review. Make sure you are familiar with how to access your customer web portal so that you can access data if requested. During these inspections, make sure any monitoring devices meet auditor requirements and are properly placed and maintained. The day before your audit, make another run through the facility to be sure your facility is ready. You don’t want your auditor finding cobwebs in your storage room or debris showing up in the background of a video audit.
Food safety should be a top priority for your business—your reputation depends on it after all. As the food industry continues to navigate operating in a post-pandemic climate, maintaining a successful pest management program and updated records will give you a head start when it comes to audits no matter the format. With public health concerns at an all-time high, consumers and suppliers alike will be grateful for your increased attention to maintaining industry regulations.
COVID-19 has disrupted different sectors, and the food and beverage industry hasn’t been spared either. Despite all the new regulations that businesses had to put in place amid the global pandemic, one thing remained clear: There was still a need for food safety certifications.
However, with travel restrictions in place and strict regulations to curb the virus’s spread, in-house audits have become a thing of the past. Therefore, food and beverage companies have had to turn to remote audits to ensure they can still undergo the rigorous certification process.
Remote audits are a new concept, and it’s only fair that you don’t know how to go about it. This guide will highlight all the essential details about remote audits, why they are necessary, and how you can prepare for your first one ever.
Understanding Remote Food Safety Auditing
As the coronavirus hit the world, GFSI started exploring the feasibility of remote and virtual certification audits. In June, GFSI announced that it would support the use of information and communications technologies (ICT) during audits. The organization also updated its benchmarking requirements so that Certification program Owners could develop their own remote auditing procedures.
GFSI had been thinking of incorporating ICT in the audit processes, and the emergence of COVID-19 only accelerated the decision. Instead of doing away with in-person audits because of the risk of spread, GFSI used this opportunity to adopt instead of compromising strict food safety standards.
Benefits of a Remote Audit
Generally, audits help food and beverage companies maintain their safety standards compliance and certifications. During these times, the need to uphold these standards is high, mostly because of the strain on the healthcare system.
In addition to upholding standards, remote audits present several benefits.
- Cost Savings. Certifying bodies usually have to cater to travel expenses for the auditors. With remote auditing, auditors don’t need to travel, which helps them cut down their costs. Additionally, the process requires limited resources, easing the strain on the bodies and organization.
- Long-term record. Remote auditing will require the use of videos. These videos can be kept for future use, and the companies can use them to track their progress over time.
- Transparency. Usually, the food companies’ management and administration may not have access to the audit report. However, with remote auditing, the auditors give real-time insight, and the managers get authentic reports on their certification audits.
- Secure storage. Remote audit reports will be stored on centralized clouds that are safe. Only the customer and the auditor have access to the audit reports, which ensures the reports’ security.
How to Run a Remote Audit
Remote audits are usually conducted partially through either a walk-through video or installed cameras.
Via a walk-through video. An organization may have one of its employees record the company’s operations as they walk through different departments. For this approach, they could either use glasses equipped with a camera, a helmet with a mounted camera, or a hand device.
Although this method is cost-effective, it may not be the best since the employee chooses what to show and could be biased.
Via installed cameras. This second method involves having cameras installed in different areas in the company. Recorded or live feeds from the camera are then chosen randomly and used during the audit. This method of remote auditing may not be too effective since employees may choose to remain compliant when they know the cameras are on.
Steps in a Remote Audit
The remote auditing process is quite similar to the in-house auditing process. However, companies must first assess themselves to ensure the remote process is successful. The following are the steps you need to follow when performing a remote audit.
1. Request the Remote Audit
You must first notify the certifying body that you need a remote audit. The certifying organization will then determine whether the audit is a viable option for your company. In some cases, remote audits may not be an option because of the COVID restrictions or other reasons.
2. Carry Out a Self-assessment
Once you have the go-ahead, the company needs to conduct a self-assessment. Here, you answer questions about the company’s programs, facilities or any changes to the operations process. You must also look at the previous audit report to determine the trend over the last year.
3. Technical Review
After submitting your self-assessment, the technical team will review your answers. They will then determine whether the company’s record-keeping, systems and procedures could be audited remotely. The team then decides whether they’ll conduct a remote audit or if the company should stick to onsite audits.
4. Have the Remote Audit
After the team approves your remote audit, you can start preparing for it. The team will recommend the best way to have the audit. After a successful audit, your company can receive certification. In a remote audit, the reports will be shared digitally over a private portal. The team will also give its recommendations over the portal. Also, your company may require an onsite audit at later time.
How to Prepare for a Remote Audit
Once the technical team gives you the go-ahead for a remote audit, you’ll need to start preparing for it. The following are five things you can do to ensure the process is smooth and successful.
1. Identify the Key Personnel in the Company
During an onsite audit, you should always have some of the company’s management around to ensure everything runs as intended. It would be best if you had these same people support your remote audit. Whether they are in the office or working remotely, these personnel should know they must be available. You could choose to use calls or video conferencing to ensure they’re involved in the entire process.
2. Identify the Needs with the Audit Team
You will have to find out from the audit team the requirements for the remote audit. The team will let you know the preferred method of conferencing and take you through the process. They will tell you everything you must do and sort out any issues before the actual audit date.
3. Digitize Your Documents
After finding out what you need, your next step should be to digitize any necessary documents. You will be sharing the documents over an online portal, and it is best to have everything ready before the audit day.
4. Gather Documentation From Auditors
Another requirement will be to send some documentation to your auditors. This documentation is the same required for onsite audits. Some of what to include is the visitor’s policy and any NDAs. You should gather all these documents early enough so that you have time to correct any issues that may arise.
5. Check the Internet Connection
Your remote audit will probably require some IT. Therefore, you should ensure your internet connection is reliable and that all the systems work as they should. Everyone involved in the audit process must ensure that their connection will remain reliable during the entire process.
Tips for Working with Remote Auditors
The entire concept of remote auditing may be new for all parties involved. Everyone has something to learn, but here are some of the things that food and beverage companies can do to make everything easier for all parties.
- Ensure you have the right technology, including webcams.
- Minimize the disruptions during the audit time by ensuring you’re in a quiet environment.
- Do a test run to ensure all the systems are working.
- Be calm during the entire audit process, including during the preparation period.
Although COVID-19 made it possible to transition to remote audits, there are high chances that GFSI and food and beverage companies will stick to them after the pandemic. They are convenient and present several benefits. Therefore, you just might need these actionable tips for more than only your first remote audit.
“Food safety plan” is a term often used in the food industry to define an operation’s plan to prevent or reduce potential food safety issues that can lead to a serious adverse health consequence or death to humans and animals to an acceptable level. However, depending on the facility, their customers, and or regulatory requirements, the definition and specific requirements for food safety plans can be very different. To ensure food safety, it’s important that the industry finds consensus in a plan that is vetted and has worked for decades.
One of the first true food safety plans was HACCP. Developed in 1959 for NASA with the assistance of the food industry, its goal was to ensure food produced for astronauts was safe and would not create illness or injury while they were in space. This type of food safety plan requires twelve steps, the first five of which are considered the preliminary tasks.
- Assemble a HACCP team
- Describe the finished product
- Define intended use and consumer
- Create process and flow diagram
- Verify process and flow diagrams
This is followed by the seven principles of HACCP.
- Conduct the hazard analysis
- Identify critical control points
- Establish critical limits
- Establish monitoring requirements
- Establish corrective actions for deviations
- Procedures for verification of the HACCP plan
- Record keeping documenting the HACCP system
HACCP is accompanied by several prerequisites that support the food safety plan, which can include a chemical control program, glass and brittle plastics program, Good Manufacturing Practices (GMPs), allergen control program, and many others. With these requirements and support, HACCP is the most utilized form of a food safety plan in the world.
When conducting the hazard analysis (the first principle of HACCP), facilities are required to assess all products and processing steps to identify known or potential biological, chemical and physical hazards. Once identified, if it is determined that the hazard has a likelihood of occurring and the severity of the hazard would be great, then facilities are required to implement Critical Control Points (CCP) to eliminate or significantly reduce that identified hazard. Once a CCP is implemented, it must be monitored, corrective actions developed if a deviation in the CCP is identified and each of these are required to be verified. Records then also need to be maintained to demonstrate the plan is being followed and that food safety issues are minimized and controlled.
HACCP is, for the most part, the standard food safety plan used to meet the Global Food Safety Initiative (GFSI) standards. This is utilized in various third-party audit and customer requirements such as FSSC 22000, SQF, BRC, IFS and others. These audit standards that many facilities use and comply with also require the development of a food safety management system, which includes a food safety plan.
Further, HACCP is often used to demonstrate that potential food safety issues are identified and addressed. FDA has adopted and requires a regulated HACCP plan for both 100% juice and seafood processing facilities. USDA also requires the regulated development of HACCP for meat processing and other types of facilities to minimize potential food safety issues.
For facilities required to register with the FDA—unless that facility is exempt or required to comply with regulated HACCP—there is a new type of food safety plan that is required. This type of plan builds upon HACCP principles and its steps but goes beyond what HACCP requires. Under 21 CFR 117, specific additions assist in identifying and controlling additional food safety hazards that are on the rise. This includes undeclared allergen recalls, which constituted 47% of recalls in the last reportable food registry report published by FDA.
Prior to developing this plan, FDA provided recommendations for preliminary steps that can be completed and are essential in development of a robust food safety plan but are not a regulatory requirement. The steps are very similar to the preliminary tasks required by HACCP, including the following:
- Assemble a food safety team
- Describe the product and its distribution
- Describe the intended use and consumers of the food
- Develop a flow diagram and describe the process
- Verify the flow diagram on-site
Their recommended plan also requires a number of additional steps, including:
- A written hazard analysis. Conducted by or overseen by a Preventive Controls Qualified Individual (PCQI). However, this hazard analysis requires assessing for any known or reasonably foreseeable biological, chemical, physical, radiological, or economically motivated adulteration (food fraud that historically leads to a food safety issue only). You may note that two additional hazards—radiological and EMA—have been added to what HACCP calls for in the assessment.
- Written preventive controls if significant hazards are identified. However, similar preventive controls are different than a CCP. There are potentially four types of preventive controls that may be utilized for potential hazards, including Process Preventive Controls (the same as CCP), Allergen Preventive Controls, Sanitation Preventive Controls, Supply Chain Preventive Controls and Others if identified.
- A written supply chain program if a Supply Chain Preventive Control is identified. This includes having an approved supplier program and verification process for that program.
- A written recall plan if a facility identified a Preventive Control.
- Written monitoring procedures for any identified Preventive Control that includes the frequency of the monitoring what is required to do and documenting that monitoring event.
- Written corrective actions for identified Preventive Controls in case of deviations during monitoring. Corrective actions must be documented if they occur.
- Written verification procedures as required. This could include how monitoring and corrective actions are verified, procedures themselves are verified, and calibration of equipment as required. Also required is training, including a Preventive Control Qualified Individual. Additional training is required for those individuals responsible for performing monitoring, implementing corrective actions, and verification of Preventive Controls. Further, all personnel need to have basic food safety training and all training needs to be documented.
While the term “food safety plan” is used widely, it’s important that operations don’t just use the term, but enact a plan that is vetted, proven to work, and encompasses the principles of HACCP. Doing so will help ensure that their facility is producing foods that customers and consumers will know is safe.