Tag Archives: GFSI

Debby Newslow
FST Soapbox

FSMA’s Preventive Control’s and Current GFSI-Approved Scheme Compliance

By Debby L. Newslow
No Comments
Debby Newslow

Confusion reigns in many organizations and especially with our food safety and quality professionals, as we debate and attempt to decide how best to address the requirements of FSMA. With the first compliance date of September 2016 drawing near, companies are feeling increased pressure to take action. As many are already accredited to a GFSI-approved food safety scheme such as SQF Level 3, BRC, Primas, IFS or FSSC 22000, often the question is, how does my current system fit into FSMA, and where do I need to make changes? The undercurrent to this question is the implication that changing the system to fit FSMA will cause it to no longer be tailored for the desired GFSI food safety scheme, and that a change could cause issues with those audits (which are crucial for purchasing, marketing and sales).

The Food Safety Consortium will discuss critical industry issues, including FSMA compliance. The event takes place in Schaumburg, IL | December 5–9, 2016 | LEARN MOREAs with so many of our industry challenges, there is no easy and prescriptive answer to these questions. Each organization has to make the decision for their own system based on their individual hazard analysis, risk tolerance and resources. Some over-arching themes begin to emerge, which may be analyzed to assist the decision makers in the creation of a road map to FSMA compliance.

During our FSMA Preventive Control Qualified Individual (PCQI) training courses we are repeatedly asked, “What qualifies as a preventive control? Are our critical control points (CCPs) automatically a preventive control? How about our operational prerequisite programs (OPRPs)—are these PCs also?” While there is no easy answer (yes or no), there are some important things to keep in mind that can help in the decision.

The official answer is that a preventive control should be any point in the process where, with a loss of control, it is reasonably foreseeable that a significant food safety hazard either will occur or has an increased likelihood of occurrence. Remember this is intended to be a single point in the process, not the entire process. For example, the sanitation program may be managed as a prerequisite program; however, there may be a point in the process that requires special sanitation attention and without it, there is a reasonably foreseeable likelihood of a hazard.

Thinking about the concept, a logical conclusion is that a loss of control leads to a significant food safety hazard or, at the very least, increases the likelihood of said hazard. It follows that a loss of control would beget the need for a withdrawal if the product had already left the organization’s control. Therefore, one should only designate a point as a preventive control if the implications of conducting a recall in the event of failure have been analyzed as part of the risk assessment. The organization must be fully prepared to conduct such a recall in the event of failure.

The FSMA Preventive Control regulation (§21CFR117.135 – Preventive Controls) requires a recall program only if there is a preventive control identified in the process. Of course, any food processing organization would be remiss if they did not have an effective recall program defined and tested by regular mock recalls. Waiting for a true recall is no time to find out that your program has issues.  Even without a preventive control, what happens if a supplier contacts the processor with an issue that requires a recall?

Through the evolution of compliant and mature food safety management systems, it is common for an organization to initially identify multiple CCPs and then, through data collection and process improvements, slowly reduce the CCPs to control points managed through OPRPs or PRPs over time.  So, should an OPRP (Operational Prerequisite Program – ISO 22000:2005 Section 7.5) also be designated preventive control?  This is perhaps one of the grayest of gray areas in this arena.  A deviation in a preventive control, if the product has left the organization’s control, requires a recall.  A recall for a deviation in an OPRP is not absolute, and it is actually handled by the food safety team and management on a case-by-case basis, depending on the risk.  In addition, although identified when possible, a critical limit is not required for an OPRP (ISO 22000:2015 Section 7.5).  Parameters are required for a preventive control.

There really isn’t one answer that fits every situation, but it is important to remember that the requirements for FSMA Preventive Controls regulation (§21CFR117.135) are designed for those operations that in the past have not had the opportunity to define, implement and maintain a food safety program—one that includes a hazard analysis based on HACCP guidelines (Codex Alimentarius Commission [Annex to CAC/RCP 1-1969, Rev. 3 (2003)]) and/or a GFSI-approved food safety scheme.  Personally, we feel that if an organization has evaluated their process in compliance with a GFSI-approved food safety scheme, then any reasonably foreseeable hazards have been identified and addressed through a control point such as a CCP, OPRP or PRP. However, that said, upwards of 90% of recalls are linked to either ineffective or nonexistent PRPs such as allergen mislabeling, which accounted for 53% of all recalls last year. Thus, it is imperative that we evaluate all aspects of our processes with the same scrutiny that we do our microbial pathogen and metal control programs, which are common CCPs in today’s world of food safety.

Risks must be evaluated through an effective risk assessment based on science and facts. We start almost all of our workshops with the great American Society for Quality (ASQ) video: Cost of Poor Quality. This highlights the lack of an effective risk assessment performed on January 28, 1986, related to the launch of the Challenger. Unfortunately, emphasis was not on the fact that the engineers presented about the lack of cold temperature stability of critical O-rings, but rather on the fact that the launch had already been postponed for two days, and there was intense media and political hype surrounding the event. An effective risk assessment must be based on facts and objectivity, not on our feelings about what we want or need the decision to be.

FSMA PCQI training stresses the use of reliable and credible resources such as academia, trade organizations and process authorities. The internet itself can also be a valuable resource. Jon Porter stated in 2004, “HACCP, as we know it, would not exist without the internet.”  (If Jon could only see us now.)  However, again, we must be sure we are choosing credible information from the internet. We all know that we can usually find any answer we desire on the internet, but is it credible and accurate?

Competent industry sector-experienced consultants may also be good options if the organization ensures their credibility. Sometimes, a set of independent eyes can be just what the doctor ordered. Even in cases where the organization has a fully qualified team that is perfectly capable of managing the food safety program on their own, the right external resource (i.e., consultant) may provide an additional, independent viewpoint to your process. A friendly debate with an external resource can oftentimes open a whole new vista of previously unconsidered possibilities for the team.

The FSMA Preventive Controls regulation (§21CFR117.135) states that “each organization is required to have a PCQI that has successfully completed training in the development and application of risk-based preventive controls at least equivalent to that received under a standardized curriculum recognized as adequate by FDA or be otherwise qualified through job experience to develop and apply a food safety system”. What qualifies an individual to be qualified through job experience is not specifically defined but is judged by the effectiveness of their food safety program. However, if FDA visits the facility and asks for the PCQI and no one has taken an FDA-recognized course—but there is someone that the organization has identified as qualified—this has the potential to start the visit off with a negative focus. We urge each organization to send two food safety associates to an FDA-recognized FSMA PCQI training course regardless of their background (this provides a back-up person in case the primary representative is ill, traveling for business or pleasure, wins the lottery, or otherwise leaves the company, etc.). This provides a strong foundation for the future, as ownership of the system is always crucial to not just surviving an inspection, but excelling—and as food safety professionals that is an idea we can all support.

 

GFSI Basics: Is FSSC 22000 Right For Your Company?

By Maria Fontanazza
No Comments

Food Safety Tech recently sat down with experts from Eurofins to discuss FSSC 22000. According to Kristopher Middleton, technical manager at Eurofins, and Kim Knoll, food safety systems national sales manager at the company, there are still quite a few companies (especially in North America) that are unfamiliar with the ins and outs of the certification scheme. In a Q&A with FST, Middletown and Knoll break down the basics of FSSC 2000, along with explaining some of its benefits.

Kristopher Middleton
Kristopher Middleton, technical manager, Eurofins

Food Safety Tech: How is the trend with FSSC 22000 evolving?

Kristopher Middleton: The scheme started in 2009 based on a demand for people wanting to have an ISO-based certification within the GFSI benchmarking process. When the program came out, it trended toward larger companies that already had ISO-based certifications, mainly ISO 22000 and ISO 9001. The FSSC 22000 scheme is the fastest growing GFSI benchmarking scheme currently. It’s not just for large multinational companies; a lot of smaller suppliers are seeking certification to this scheme. The foundation continues to expand its scopes to become a true farm-to-fork certification program.

FST: Is FSSC 22000 also appropriate for a single site or for a company with fewer than 50 employees?

Middleton: The certification doesn’t discriminate based on facility size—nor footprint or number of employees. It’s ideal for any company that has a robust food safety management system and manufacture products that fall within the FSSC 22000 scope of certification. This currently includes manufacturers of perishable animal products (feed and food), perishable vegetable products, products with a long shelf life, biochemical products (i.e., food ingredients, vitamins, biocultures, etc.), manufacturers of food packaging, and primary production of animal products.

The key thing about FSSC 22000 certification is that it is not a terribly prescriptive food safety scheme, when compared to others that are available. You will be successful with FSSC 22000 certification if you are confident and knowledgeable about your own food safety management system, and you have appropriate justification or validation for the method in which your programs have been implemented, as well as validation for the controls of your food safety hazards.

FST: Are there quite a few companies that have not heard of FSSC 22000 or are not aware that it is a GFSI-recognized scheme?

Middleton: Since ISO 22000 was not terribly popular here in North America, it didn’t catch on right away. It was more so overseas that it caught on. However, within the past two years the scheme has become increasingly popular here, especially among companies that have other ISO standards already implemented (i.e. ISO 9001, 14001, 18001,etc), where it relates to occupational health and safety, environmental, and quality. The reason for that is the FSSC can easily intertwine with that entire management system program so that it all works together versus having separate programs in place.

Kim Knoll
Kim Knoll, food safety systems national manager, Eurofins

Kim Knoll: I’m having a lot of conversations with smaller manufacturers who are brand new to GFSI. Many of them are being asked by their customers to achieve a GFSI benchmarked certification and are in the early stages of researching scheme options.  Some of these companies are surprised to learn that FSSC 22000 is a viable option.  Like other certification schemes, Eurofins lends support to companies planning to pursue FSSC 22000 through training courses, consulting services, pre-assessments and ultimately certification services. Even though FSSC 22000 is a newer scheme, auditor availability is not an issue.

FST: What are the key differences between FSSC 22000 and the other GFSI schemes?

Middleton: Probably the most apparent difference with FSSC compared to other GFSI benchmark schemes is the fact that your certification lasts for three years, not one year. The reason for that is that it’s not a product-based certification like the others, it is a process-based certification and it uses the accreditation standard of ISO 17021 not ISO 17065. It also uses ISO 22003 for direction to the certification body for the conducting of the audit. That doesn’t mean that sites won’t be audited annually; it just means that once the certificate is granted, it’s good for three years.

Another key difference is that there is no true pass or fail within the audit. It’s a conform or not-conform audit. The decision to certify is based off the findings from the auditor and their recommendations, as well as the decision from a technical review meeting at the certification body. It requires the effective closure of a particular non-conformance or satisfactory plan being submitted for the closure of those non-conformances before the actual certificate can be granted. So that’s a bit different, because you can just submit plans for your non-conformances [instead of] actually showing that everything has been completely resolved. That being said, if a facility isn’t able to hold or get a certificate, if there’s an imminent food safety threat noted during an audit—if there’s an issue, such as a potential recall or contaminated goods, the ability to be granted that certificate is not feasible.

FST: Can you walk us through the auditing and certification process under FSSC 22000?

Middleton: Like any of the standards out there, you can get a pre-assessment, which is not necessarily part of the certification activity. The certification activity starts at a Stage 1 audit within this scheme (also known as a document audit within other schemes). It’s an evaluation of a facility’s food safety management system document to determine if they’re valid. The process does not include an entire evaluation of the implementation of the program, just simply that the programs are adequately designed and meet the requirements that are in place.

Next there’s a Stage 2 audit (sometimes referred to a facility audit) that is conducted no more than six months after the Stage 1 audit. The Stage 1 audit will identify the areas of concern—programs that might not meet exactly what the specifications required within the standard, which would become non-conformances in a Stage 2 audit (also called a facility audit or certification audit).

The Stage 2 audit is the full evaluation of the implementation of the program that was reviewed in the Stage 1 audit. Following completion of the audit, effective closure of non-conformances is required. This closure can either be [related to] major non-conformances, CAPA or root cause analysis. You have to supply evidence that the non-conformance is properly eliminated and will not recur, and this evidence must be supplied to the certification body and the auditor for review.

Any other non-conformances (also known as minor non-conformances) must have corrective action plans. Companies need to state how they plan on resolving the issue. They will be “closed” but left open for the next audit, which has to occur within one calendar year (known as a surveillance audit). The term “surveillance audit” within this standard is different from some of the other standards. Within some of the other standards, a surveillance audit is not a yearly activity—it is done within the year of certification. The surveillance audit within this standard is a yearly audit that is required to meet the requirements of GFSI. It’s also a requirement within [ISO] 17021 and [ISO] 22003 that surveillance audits are conducted. The GFSI requirement changed the surveillance audit within the ISO world because they used to do a sampling audit, which progressed to a full-blown audit. Your whole food safety management system will be evaluated, which is slightly different from ISO 22000 surveillance audits.

After that audit is conducted, you have another surveillance audit in the following calendar year. Within those surveillance audits, if any minor non-conformances or non-conformances from the previous audit are still present, they are upgraded to major non-conformances and [companies] would have to implement a full corrective action plan, root cause analysis, etc. and then determine the solution.

Once the second surveillance audit is conducted, the following year will be your recertification audit, which is simply another facility audit. It’s not a document audit—you don’t have to do Stage 1 audits after that initial one. This recertification audit occurs prior to your certificate expiring.

Food Safety Culture Series: 2016 Outlook

By Maria Fontanazza
No Comments

In the final article in Food Safety Tech’s Q&A series on food safety culture, Lone Jespersen, director of food safety at Maple Leaf Foods, and Brian Bedard, executive director of the GMA Science and Education Foundation sound off on the development of food safety culture this year.

Food Safety Tech: Where are we headed in the food safety culture landscape in 2016?

The GMA Science Forum takes place April 18–21, 2016 in Washington, DC | LEARN MORELone Jespersen: I think we’re going down a path of standardizing or at least agreeing on a set of definitions for food safety culture. Some of this will come out of the GFSI technical working group on food safety culture. That will lead us to better guidelines for what the different components of food safety culture are. That’s going to be strongly science based and collectively agreed upon. I think we’ll see a lot of that work done in 2016.

I think we’re also going to see a greater focus on connecting food safety culture to organizational culture. Many organizations are looking at integrating food safety and quality assessments into their organizational culture assessments and I think for larger organizations this makes sense.

Lone Jespersen of Maple Leaf Foods debates food safety culture at the 2015 Food Safety Consortium.
Lone Jespersen of Maple Leaf Foods debates food safety culture at the 2015 Food Safety Consortium.

I hope we’ll get closer to having compared measurement systems and be able to publish work around that so we don’t fall into a trap of a fragmented and independent approach, but rather building on each other as we work [together] and have a common definition.

Brian Bedard: The measurement tools and the gap analysis for which these tools are being developed needs to be done. In terms of operationalizing and actually getting food safety embedded in companies, I would envision a roadmap that looks at a four-tiered framework of who the targets are for changing behaviors. That would be focused around senior leaders in an organization, mid-level managers, supervisors in operations, and at the fourth level, the operators on the plant floor. At GMA’s Science & Education Foundation, we have a group of companies investing in this to roll out a portfolio of training programs. We’re trying to consolidate them under the umbrella of food safety culture and dealing with the full spectrum, from entry level and plant operators through to senior leadership.

GFSI and the Road to FSMA

By Maria Fontanazza
No Comments

Many companies certified to a GFSI scheme appear to have a leg up on preparing for FSMA, especially in the area of documentation and record keeping. During a quick chat with Food Safety Tech, Bob Butcher, group operations manager at Ipswich Shellfish Company, explained how GFSI has helped the seafood processor get ready for FSMA. Do you agree? Sound off in the comments section.

Food Safety Tech: What common challenges do companies experience when managing compliance with a GFSI scheme?

Bob Butcher: Every time there’s a new regulation it’s a matter of understanding how that regulation applies to us. The seafood industry has been regulated by FDA mandatory HACCP requirements for years now. Some of the items that are covered under FSMA have already been covered by the seafood regulations. Our facilities have also undergone third-party audits for a number of years and three are already SQF certified—so in order to meet those certifications, we comply with all the FSMA requirements at this point. That being said, there’s always a challenge or opportunity to make sure we comply with all the regulations and above that, make sure that the quality [of the product] we send to our customers meets both their standards and our standards.

FST: Has being certified to a GFSI scheme helped your company better prepare for FSMA compliance?

Butcher: Because we’re SQF certified and are meeting most of the requirements of the seafood industry, we’re well ahead of meeting FSMA requirements. Maintaining the GFSI requirements put us in great shape for FSMA.

GFSI covers so many areas. [Regarding] vendor compliance, we critically examine the seafood that comes in every day and it’s a very perishable commodity, but every plant is a little different in the talent they have and the number of people. We’ve been able to focus on making sure that the product meets the same criteria at each of the facilities no matter who is receiving it and documenting it accordingly. And whether [complying with] GFSI or FSMA, documentation is important.

We’ve gone the extra step in automating so we can better track how each of the plants and suppliers are performing. We started rolling it out at one plant two years ago and then extended it to all plants. All of our facilities have been under it for a year.  

I think more and more companies are acknowledging the need to automate. With paper forms it’s difficult to make sure the employee has the correct and latest version, and the filing and recovery of that document [is difficult]. If it’s digital, you can get your hands on the latest version any time you want. Plus, you can analyze digital information and easily look for trends.

However, the seafood industry isn’t like a number of other industries—the margins are low, and so cost is absolutely a factor. If it’s a single facility, having paper forms, depending on the extent of the operation, may be acceptable. But if you get into multiple locations, it’s a whole different challenge all together.

FST: What are the broader issues that the seafood industry is currently facing?

Butcher: Supply and sustainability—making sure that you have a handle on the sustainability of the species and are able to explain that to your customers. That ties into record keeping—getting the right product, when it’s an MSC [Marine Stewardship Council] or ASC [Aquaculture Stewardship Council] chain of custody, or whether it’s having the right relationship with the vendors so you know your source. Cost is a concern, along with quality and inventory levels.

There are a lot of very small companies and a lot of them aren’t GFSI certified. A lot of them don’t even have any type of third-party audits, so I’m not sure how ready they are. It’s always a challenge for a small company to get up to speed.

FST: Does compliance with a GFSI scheme help address these issues to some extent?

Butcher: As we started working on GFSI or FSMA, and even HACCP many years ago, we started looking at products differently. You’re documenting more and gaining information—and once you have that information, you can focus on cost factors and inventory. So from that standpoint, it has been very helpful.  At this point, we’re SQF Level, and we plan to go Level 3, which involves more quality parameters and certification. That will greatly impact the product and the profitability as well.

FST: What are your tips for companies in terms of being audit ready?

Butcher: The software program we use helps us maintain our facilities to be as audit ready as we can from a documentation standpoint. With SQF there will be unannounced audits, and it’s always been FDA’s practice or the state inspector’s practice to pop in anyway, so you have to be ready for that inspection at any time. The whole principle of HACCP is to make sure you’re documenting what you’re doing. And whether it’s an auditor or an inspector, they’re coming in at any time and can look at records for the past two years, so you should be in compliance and be able to prove that.

FSMA, Food Safety Tech, FDA

Certified to FSSC 22000? You’re Ready for FSMA

By Maria Fontanazza
No Comments
FSMA, Food Safety Tech, FDA

If my company is GFSI-certified, is it also FSMA compliant? The answer is: With shared goals of producing safe food, coordinating preventive measures and ensuring continuous improvement, if your company is FSSC 22000 certified, you’re well on the road to FSMA compliance, according to Jacqueline Southee, Ph.D., U.S. Liaison, FSSC 22000.  Southee discussed several areas in which FSSC 22000 aligns with FSMA as part of a recent Leadership Series, “GFSI in the Age of FSMA”.

Supply Chain Visibility

FSSC 22000 is applicable to all aspects of the supply chain and requires interactive communication (all of which must be documented), from the downstream level in ensuring raw materials and suppliers meet requirements of ISO 22000 framework to communication with customers and suppliers to verify and control hazards.

FSMA controls the hazard of food within the United States, says Southee, whereas GFSI certification is a global initiative, thereby extending supply chain visibility to foreign suppliers.

The Food Safety Plan

There has been much discussion surrounding building a FSMA-ready food safety plan and the migration from HACCP to HARPC. “HARPC can be referred to as HACCP with preventive controls,” says Southee. FSSC 22000 provides a flexible yet robust approach in a framework that is applicable to all situations (i.e., different manufacturers have different issues, such as producing ice cream versus baked goods). Rather than being prescriptive, the prerequisite program has the flexibility to apply to a particular situation. In addition, validation, verification, monitoring and documentation are an inherent part of the ISO 22000 approach and the FSSC 22000 certification.

FSSC 22000 serves as an effective tool in preparing companies for FSMA compliance. “We’re not a regulatory system; FDA has that domain,” says Southee. “They’re the ones that carry the responsibility of meeting those regulations. We work with everyone…to do the best job we can.”

Audit Readiness

Being audit ready all the time is a key part of preparing for FSMA. FSSC 22000 certifies a food safety management system (a three-year certification cycle) and requires internal audits of company performance, along with helping companies ensure that their records are organized at all times. The goal is to install a management system that enables constant monitoring, reevaluation and assessment as part of an ongoing process of keeping food safe, according to Southee. “If you’re certified and have an effective ongoing management system, unannounced audits won’t be an issue,” she says.

Food Safety Culture

FSSC 22000 and ISO 22000 provide a strong foundation for building food safety culture. ISO 22000 requires proof of management commitment to the food safety process, along with accountability, and for management to make resources available to see the food safety process through. “We agree that culture has to come from the top,” says Southee. “The personnel have to see that management is committed, and the culture will come from that commitment.” It also requires constant communication, up and down the supply chain as well as internally. This includes involving all employees and making sure that they know what they’re doing (i.e., training). “Everyone needs to know they’re valued and important, and how their function contributes to the function of safe food,” says Southee.

FSMA Alignment and Gap Analysis

There are sure to be some gaps when it comes to FSSC 22000 and FSMA. FSSC 22000 has commissioned a gap analysis to compare the preventive controls for human and animal food rules with the GFSI scheme and will add addendums as needed. Areas of review include a requirement to include food fraud into the hazard analysis and a review of unannounced audit protocol.  

FST Soapbox

Technology Can Help Food Manufacturers Navigate FSMA in 2016

By Jack Payne
1 Comment

It’s safe to say that 2015 has been one of the worst years in recent history when it comes to food contamination. Everyone from global food manufacturers to major restaurant chains and grocery stores perpetuated or experienced outbreaks of foodborne illnesses like E. coli, Listeria, Salmonella and Norovirus. From farm to fork, the food industry needs to evalutate and improve its processes to deliver the utmost health and safety to consumers.

With FSMA and tougher industry standards in place, there will be much more emphasis on preventative measures—especially for food manufacturers. FSMA establishes a legislative mandate to require comprehensive, prevention-based controls across the food supply to prevent or significantly minimize the likelihood of problems occurring.

FSMA
Not surprisingly, most food manufacturers say they are being impacted by FSMA

Even though most of the regulations affiliated with the FSMA have just gone into effect, or will go into effect in 2016, food manufacturers are already feeling the heat. A recent survey found that the majority (81%) of food manufacturers are experiencing some level of impact from current and impending regulations. Processes pertaining to traceability, supplier and facility audits, HACCP and product recalls are causing the most concern. While most food manufacturers support FSMA’s mission to put prevention at the forefront, the reality is that many aren’t equipped to handle growing compliance demands.

There are still a sizeable number of food manufacturers that manually record their processes for identifying, evaluating and controlling food safety hazards. In fact, more than 30% of food manufacturers document their HACCP plan in this manner.

FSMA Infographic
58% of manufacturers surveyed are using an in-house system for recording issues as part of their HACCP plan

With FSMA, there isn’t any room for human error. Although technology with track and trace capabilities has been available long before FSMA came into play, obstacles such as complicated interfaces, lack of interoperability and resources deterred wide-spread adoption among food manufacturers. The tide is changing here. Advanced enterprise resource planning (ERP) solutions have built in track and trace functionality that is more intuitive and integrates seamlessly with vital manufacturing execution systems (MES).

FSMA and traceability
Manufacturing execution solutions play a key in helping companies achieve traceability. All figures courtesy of Aptean. View full infographic

Although the FDA does not have the legal authority to require companies to use computerized traceability solutions, implementing track and trace technology is one of the most effective measures a food manufacturer can take when it comes to FSMA compliance. It can help create a more systematic and reliable account throughout the lifecycle of a food product, and also establish preventative measures, including automated product checkpoints and quality tests throughout the supply chain. Ultimately, this gives food manufacturers the opportunity to identify and prevent issues before they become epidemics.

In addition to taking strong measures to prevent contamination, under FSMA the FDA now has authority to initiate mandatory recalls. Although mandatory recalls are anticipated to be rare, food manufacturers should use track and trace technology to make recall preparation routine. When used properly, these tools can pinpoint specifics about a product in real time, streamline quality reporting, and launch mock recalls.

Of course, technology is not only the vessel for improvement—to actually see change, food manufacturers need to take a critical look at their processes and make adjustments. Automating poor processes will only accelerate poor results, therefore approaching FSMA compliance and implementing track and trace technology requires time and strategy.

Ultimately, your company’s reputation is on the line as well as the safety of consumers. Dedicating necessary resources toward compliance planning and technology implementation is always well worth the investment. Many of the companies and suppliers that were in this year’s spotlight for contamination will look back on 2015 with regret because safety wasn’t at the forefront. Let’s learn from the hard lessons they provided and make 2016 the year that food manufacturers win back consumer trust and focus on quality.

Jill Bender, SafetyChain

GFSI in the Age of FSMA Series Helps Companies Prepare for FSMA Compliance

By Jill Bender
No Comments
Jill Bender, SafetyChain

The “GFSI in the Age of FSMA” three-part series wrapped up in early December, providing the food safety community insight on how leading GFSI schemes align with, and help prepare for, compliance with FSMA.  The series was presented by SafetyChain with media partner FoodSafetyTech.

Each GFSI scheme leader from SQF, BRC and FSSC 22000 discussed how their schemes align with FSMA in several key areas, including Supply Chain Controls, migrating Food Safety Plans from HACCP to HARPC, and audit readiness. While each scheme leader provided insights and details on how their scheme aligns with FSMA, common key themes across all three sessions included: 

  • FSMA’s focus on prevention vs. reaction is similar and aligns with GFSI’s objectives; Scheme certifications and ongoing compliance is centered around continuously assessing risks and putting preventive measures in place to mitigate those risks
  • GFSI’s global approach surrounding a company’s food safety program—to ensure better supply chain controls internally, upstream and downstream prepares companies to manage FSMA’s increased focus on both domestic and foreign supplier compliance
  • GFSI stringent documentation and recordkeeping requirements—along with unannounced audit protocols—are a strong foundation to help food and beverage companies prepare for FSMA’s “if it isn’t documented you didn’t do it” mantra

The GFSI scheme leaders also spoke about the importance and opportunity companies have to leverage technology tools to help more effectively manage the complexities and requirements of GFSI and FSMA compliance.  Series participants were able to see an example of how these automation tools work and the impact they can have on managing a robust food safety program via a post session demo of SafetyChain Software.

Archived recordings of all three sessions—SQF in the Age of FSMA, featuring Robert Garfield, Senior VP, SQF; BRC in the Age of FSMA, featuring John Kukoly, Director, BRC Americas; and FSSC 22000 in the Age of FSMA, featuring Jacqueline Southee, U.S. Liaison, FSSC 22000—are available and can be accessed here.

Barbara Levin, SVP of Marketing & Customer Community, SafetyChain Software

SafetyChain Software Wraps 2015 Food Safety & Quality Enabling Technologies Series with More Than 2,000 Participants

By Barbara Levin
No Comments
Barbara Levin, SVP of Marketing & Customer Community, SafetyChain Software

SafetyChain Software recently announced the successful wrap-up of its online series, “FSQA Enabling Technologies – the Food Safety & Quality Assurance Game Changer.” Kicked off in January of 2015 and ending this past October, the series attracted more than 2,000 participants.

Known for offering a wide variety of complimentary online FSQA thought leadership events to the food industry – including its FSMA Fridays and GFSI in the Age of FSMA series – SafetyChain introduced the Enabling Technologies series to begin an important dialogue on the role of emerging technologies in managing key challenges faced by today’s food and beverage companies.

The complimentary series, which featured Leadership Forums, Tech Talks and eBriefs – many featuring recognized industry thought leaders as well as SafetyChain experts – is now available on-demand.

  • Series topics included:
  • Leveraging Technology for Best-in-Class Food Safety & Quality Operations
  • Tackling FSMA Compliance
  • Understanding and Managing Cost of Quality
  • Unleashing the Power of the Cloud on Food Safety & Quality
  • Conquering HACCP, HARPC and Food Safety Program Management
  • Tackling Food Safety Audits
  • The Critical Role of Technology on Today’s Food Safety and Quality Operations
  • FSQA on the Go – the Power of Food Safety & Quality Automation Mobile Applications

Dr. David Acheson, president of The Acheson Group and former Chief Medical Officer for USDA and Associate Commissioner for Foods at FDA – who kicked off the series with a leadership forum on Food Safety Risk Management and Supply Chain Controls, which also featured Nancy Wilson, Director of Quality Assurance, Risk and Safety for Wawa – commented, “With today’s global, complex food supply chain – and increasing regulatory requirements such as FDA’s FSMA – it is becoming increasingly difficult to manage risk while meeting operational KPIs using manual FSQA management systems.” Acheson continued, “There’s an important role for enabling technologies to increase operational efficiencies while sending safer food into commerce, and this was an important series to bring the food safety community into the discussion.”

Added Jill Bender, Vice President of Marketing Communications for SafetyChain, “SafetyChain is a recognized leader in offering online forums that provide insights, and facilitate discussions, on how the industry addresses challenges in sending safe, quality food into commerce – with more than 20,000 registrants for our events.  Deploying enabling automation technologies has become a vital strategy for improving FSQA, creating ROI and protecting brand from risk – and we wanted to promote meaningful dialogue on the impact of technology on key food safety and quality issues. We’re delighted that more than 2,000 safety, quality and operations professionals joined the conversation.”

Series Now Available On-Demand

To access the series’ complimentary Leadership Forums, Tech Talks and eBriefs, visit: www.safetychain.com/2015techseries

SVP, Food Safety, United Fresh Product Association
FST Soapbox

GFSI and FDA’s Preventive Controls: Complementary or Redundant?

By Jennifer McEntire, Ph.D.
1 Comment
SVP, Food Safety, United Fresh Product Association

Accreditation, certification, certificates…the structure that supports the third-party audit system can be very confusing! Further, an audit company offers a menu of audits: An audit to their own private standard, audits to several GFSI benchmarked schemes, and perhaps in the future, an “FDA accredited” audit. How do you know which one you need? How do you know which best prepares you for FSMA?

Jennifer McEntire spoke during the session, “Staying Ahead of New USDA and FDA Mandates for Controlling Pathogens in Food Processing” at the Food Safety Consortium conference.  LEARN MOREUntil the compliance dates for the Preventive Controls rules pass, food manufacturers really only need to be compliant with good manufacturing practices (GMPs), from a regulatory standpoint. There are some specific audits that evaluate adherence to GMPs, but many companies wanted to take their food safety programs to the next level by demonstrating that they were implementing effective food safety management systems. Certification to a GFSI-benchmarked audit scheme (BRC, SQF, FSSC22000, IFS, etc.) was a primary means to show a commitment to food safety and the demonstration of exemplary programs. With the finalization of the Preventive Controls Rules, FDA is catching up. So how do the FDA requirements compare with the main elements of the GFSI Guidance Document?

Let’s evaluate the extent to which the scope of GFSI aligns with FSMA. In September, the Preventive Controls for Human Food rule was finalized, and the areas addressed within that rule constitute the bulk (although not all) of the topics covered by GFSI (GFSI covers additional areas for which FDA has not yet finalized rules, such as food defense and traceability). The question on everyone’s mind is, “If I’m certified to a GFSI-benchmarked audit scheme, am I compliant with the rule?” The answer is, “You’re probably in way better shape than someone who is not certified.” The reason is, regardless of which GFSI benchmarked audit scheme you choose, your facility will need to demonstrate, through fairly exhaustive documentation, the nature and validity of the programs that are in place, and the proof that those programs are followed day in and day out. FDA is looking for the same thing.

The Preventive Controls rules go beyond strict HACCP in that they require facilities to consider what has historically been termed the HACCP system. This includes programs that may not be critical control points (CCP) per se, but are critical to the safety of the food product. FDA identifies elements of sanitation and allergen control, as well as a supplier program, in this category. If you’re familiar with FSSC 22000, you might call these “operational prerequisite programs”.  FDA will want to see how each and every hazard is evaluated to determine if it needs a preventive control, whether that is a traditional CCP or another control. For the most part, this is aligned with the GFSI benchmarked schemes, although some of the language may differ.

When it comes to the implementation of a supplier program, facilities should be aware that FDA’s requirements of such a program are much more explicit than most of the GFSI-benchmarked schemes. Even if the result is the same at the end of the day, FDA inspectors may be looking for companies to follow a fairly structured approach compared to a GFSI auditor.

To further complicate matters, FDA will be finalizing a program for the accreditation of third-party auditors. If an effective private third-party audit system exists, why is FDA adding another layer with its own form of audits (separate from inspections)? The answer lies with Congress, not FDA, as it identified two specific circumstances in which a special regulatory audit would be necessary. One situation is when a facility (or their customer) wishes to participate in the forthcoming Voluntary Qualified Importer Program. The second is if FDA has determined that the food poses food safety risks such that a facility wishing to export that food needs a certification issued by an auditor under this program. In neither case will domestic facilities be audited under this program; this program only applies to foreign facilities and only in very limited instances.

Since the rule and accompanying guidance documents related to accreditation of third-party auditors hasn’t been issued by FDA, it is premature to comment on how these audits will compare to those in use by private industry today.

So with the implementation of new rules from FDA, is there still a market for audits? Absolutely. From a very practical standpoint, FDA won’t be inspecting most facilities on an annual basis, and many private audits are conducted on an annual schedule. Plus, industry typically pushes itself further than regulations, which lag behind. Regulations can be viewed as the floor for expectations, but not the ceiling. Moving forward, we expect audit standards and private audits to become even more stringent and aggressive in terms of promoting the very best food safety practices. But beware, as history has shown us, a certificate is not a guarantee or indication of the ongoing quality of a plant’s food safety system. This is why FDA will not blindly accept that a facility has a favorable audit; regardless of the audit certifications you hold, FDA will still inspect you. That said, depending on the audit, it can serve as a credible certification of a food safety system in a plant and demonstrate to your customers your level of food safety commitment.  And poor performance during an audit can find its way to FDA too, since in some instances the agency will have access to the conclusions of the audit and corrective actions taken in response to significant deficiencies identified during the audit. FDA initially proposed that serious issues uncovered during consultative audits conducted as part of the third-party accreditation of auditor program would be shared with FDA, and when audits are used as part of supplier programs, FDA will see how serious deficiencies in audits have been addressed. Be clear on why you are pursuing a particular audit, and take the program seriously. Audits should reflect your food safety culture, not serve as your motivation.

Hand

Why Management Reviews and the SQF System Go Hand-in-Hand

By Clare Winkel
1 Comment
Hand

SQF certification is an ongoing process; once you have attained it, you have effectively committed to a continuous improvement program for your business. Conducting regular, thorough and transparent management reviews will play a key role in ensuring that you continue to achieve your SQF goals.

The first and most important thing to understand about management reviews is that they don’t have to be a cost to your organization. In fact, when conducted correctly, these reviews should become the cornerstone of your continuous improvement program, assisting you in measuring company performance against documented objectives.

Once you’ve committed to a management review, it’s important to be aware of the fact that these reviews take significant preparation. The senior management team will be responsible for reviewing the SQF system, preparing for and documenting the review procedure in its entirety. As outlined in clause 2.1.2.4 of the SQF system, there are four key elements against which company performance must be reviewed:

  • The SQF policy manual
  • Internal and external audit findings
  • Corrective actions (investigation and resolution)
  • Customer complaints (investigation and resolution)
SQF Management Review Procedure
Click to enlarge this document on how to conduct a Management Review Procedure

The management team is required to make adequate resources available for food safety and quality objectives and to support the development, implementation and maintenance and ongoing improvement of the SQF system (clause 2.1.2.3). This team must also establish processes to improve the effectiveness of the SQF system in order to demonstrate continuous improvement (clause 2.1.2.9).

Keeping Good Records

One cannot overstate the importance of thorough and effective documentation of the review, so remember the mantra: If you don’t write it down, it didn’t happen.

Every aspect of your review must be clearly and thoroughly documented. These records are important documents in the SQF audit process and also as benchmarks against which company performance and subsequent reviews can be measured.

Management Review Process

The management review process comprises four key stages:

  • Identifying objectives
  • Collecting and analyzing data
  • Management review meeting
  • Disseminating results

1. Identifying Objectives

Identifying objectives should be your first step. You cannot start collating data before you know what you’ll be measuring it against. Objectives are essentially short statements that outline what you want your company to achieve in specific business areas. They should encompass a whole-of-company approach in that they should contribute to overarching company goals rather than delivering a one-sided or fragmented approach to continuous improvement. It is important to note that objectives are neither mission statements nor warm and fuzzy statements.

As a general rule of thumb, objectives should be:

  • Measurable. They should outline specific quantities and quotas for what you are trying to achieve.
  • Business-specific. Objectives should be relevant to the future of your business and to the individual business improvement process. Don’t worry about what your competitors are doing.
  • Relevant. Make sure the objectives will have a significant and lasting impact on your business once they are achieved. This might mean choosing complex objectives versus taking the easy way out.
  • Linked to a key performance indicator. Every objective should contribute to the company’s KPIs and be part of its broader strategic goals..
  • Clearly defined. Be clear about what you are trying to achieve and how you plan to achieve it.
  • Documented. Write your objectives down! The review process, future audits and your ongoing improvement efforts will be measured against them, so it is important to accurately capture the details.
  • Communicated across the breadth of the organization. Don’t make the mistake of keeping them in a filing cabinet somewhere. Put them in the lunchroom, put them in induction packs, hand them out during annual updates—share them with your team so that everybody understands the goals.

2. Collecting and Analyzing Data

Data collection is one of the most time consuming components of the management review process, so have a clear game plan ready before starting. Ask the following questions:

a.    What information must be extracted from company records?

Determining the sort of data you need depends largely on your management review objectives. Your data should deliver insights on company performance and provide an evidence base for changes you make to your business processes. As a food company, your SQF systems should monitor and collect data on a wide range of business activities, including:

  • Preventative maintenance result reports
  • Equipment breakdown reports
  • Goods inwards records
  • Verification results (i.e., swab results, lab results)
  • Cleaning records
  • Corrective action reports
  • Near miss incident records
  • Pest control records
  • Swab and microbiological results from cleaning processes
  • Microbiological results from water supply and product testing, or raw material testing
  • Insurance and credit claims
  • Chemical product results
  • Mock recall tests
  • Product traceability tests

Think about the data sources that respond directly to the objectives you developed for your review. You should be leveraging the systems you already have to collate information, with a view to feeding the information back into work practices to create a loop of continuous improvement.

b.    What format is the data in and how can you make it accessible?

Like most food companies, your company is likely to be home to a mix of paper-based and electronic data. Different data types throw up different challenges when it comes to data acquisition. Paper forms are easy for staff to use and easy for management to collect, but they require double handling in order to translate relevant data into a format that can be analyzed with any degree of depth. Electronic data collection is more useful when it comes to number crunching, but you need access to specific expertise when it comes to data extraction if you want your data to work effectively for you. Newer, more sophisticated data management systems will help automate data collection activities and will also ensure that your database systems can communicate with each other to share relevant information.

Data access is another issue to think about early in the process. Who is responsible for all the different data sets that must be accessed for the review? Is he or she the right person to manage that data? Will he or she be available at the time you need to access the data before the review?

c.     Who will analyze the data, and do you have the requisite skills in-house?

Another important element of the pre-planning process is the question of who will analyze the data once it has been extracted from your systems. Does your staff have the skills and time required to conduct effective statistical analysis? Do you have suitable software systems to support the analysis process? If so, you’ll need to allocate each data analysis task to a staff member, making roles, responsibilities and timelines for the analysis process clear. In addition, ensure that all managers have access to (and an understanding of) the previously identified management review objectives so they can target their analysis appropriately.

If you don’t have the requisite data management skills in-house, you need to think through potential solutions during the pre-planning stage, whether it involves providing training for staff or bringing in outside expertise.

Prior to the data analysis process, you should also be looking at your raw data and reviewing data outliers (that is, data that lies above or below the mode)—these can sometimes provide interesting insights about your processes and procedures. It’s important to have an experienced quality assurance team on board before you start assessing your outliers; your QA team should already understand the variables within your processes and procedures, and will therefore be able to identify whether the outliers are one-off data spikes or trends requiring further investigation.

3. Management Review Meeting

a. Meeting preparation

Meticulous preparation is key to a successful management review meeting. Ensuring all meeting attendees are on board with the agenda and meeting outcomes is a good way to get started. First, develop a written agenda and timeline for the review. Think about the timing of your meeting in conjunction with your unannounced SQF audit. Set the date of the meeting with enough time to ensure close off of the corrective actions issued as a result of the meeting. Yes, if you’re doing it properly, you should have corrective actions issued.

Next, you’ll need to get all participating staff members up to speed with the review process. Pull together the requirements of the review, the relevant SQF clauses, customer requirements and company objectives, and put them into a document that can be circulated well in advance of the meeting. Identify the individual managers who will be involved with the review—that is, the managers whose business areas will make a contribution to, or be impacted by, the review process itself. Ask participating managers to prepare the data that is relevant to their key performance areas and to the management review objectives you’ve identified, as this will be distributed at the meeting.

b. At the meeting

Good record keeping is particularly important during the management review meeting itself. Poor documentation can undermine the review and its subsequent outcomes, not to mention the SQF auditing process. As such, it’s important to capture the details of the discussion that occurs at the meeting—you need more than just a few scribbled notes. Nominate a scribe whose sole responsibility is to take notes at the meeting. Ensure they capture (at a minimum) the following:

  • Meeting date and time
  • Meeting attendees and no-shows
  • Discussion of each agenda topic
    • Key items
    • Outcomes
    • Conclusions
    • Action points
    • Objectives. Were they met? If not, why not? Do they need to be modified for next year? If so, why, and to what?
  • Action points, role responsibilities and verification of actions being undertaken
  • Conclusions

The scribe should also be responsible for compiling all supporting documentation from the meeting for audit purposes and for review prior to future management review meetings.

4. Disseminating Results

Once the review process is completed, any processes and procedures identified as requiring modification must be updated. This is also the time to follow up on action items—your meeting documentation should clearly show who is responsible for each item and their respective tasks. Engage with the staff members responsible for each item at regular intervals to chart their progress, and follow up again at subsequent management meetings to ensure that all actions have been completed.

Communicating review outcomes is very important. Charting a specific course requires an understanding of, and commitment to, that course by everyone involved in the navigation process—and you need your team to understand where you’re going so that they can help you get there. This means communicating all the outcomes, both good and bad, to all relevant personnel, and taking the time to thank and congratulate staff who were instrumental in achieving positive results.

The last step of the review process is to share your success—don’t let your hard work go unnoticed! Communicate the value of the review both to your team and your superiors, and demonstrate the link between the review itself and the achievement of individual, team and company KPIs.

Conclusion

A completed management review will deliver significant benefit to your company in the form of documented, measurable and communicated objectives that are reviewed on an annual basis. Additional benefits include:

  • Increased business value
  • Enhanced safety (for staff) and quality of product (for clients)
  • A more targeted approach to business strategy
  • Reduced financial risk and increased profitability