Tag Archives: intentional adulteration

Rick Biros
Biros' Blog

In Defense of FSMA

By Rick Biros
No Comments
Rick Biros

The lead (pardon the pun) headline in Tuesday’s New York Times digital edition is “Lead-Tainted Applesauce Sailed Through Gaps in Food-Safety System: Hundreds of American children were poisoned last year. Records show how, time and again, the contamination went unnoticed.

The headline is misleading. The article says the cinnamon originated in Sri Lanka and was shipped to Ecuador, where it was ground into a powder. It was probably there, the FDA has said, that the cinnamon was likely contaminated with lead chromate, a powder that is sometimes illegally used to tint or bulk up spices.

The ground cinnamon was then sold, bagged, and sold again to a company called Austrofood, which blended it into applesauce and shipped pouches to the U.S. It was sold under the brand name WanaBana and various generic store labels.

The article states that Austrofood was last inspected five years ago, implying that this is the gap in the Food Safety System.

The authors did not look into the reasons why there are reductions in FDA inspections, which by the way, the FDA is ramping up again. FDA has seen huge budget cuts year after year reducing its ability to hire new inspectors. The Covid-19 pandemic reduced the number of inspectors and inspections dramatically.

The Food Safety Modernization Act (FSMA) is not perfect, but it is a huge step up from the past. The new powers and resulting responsibilities for FDA personnel, combined with the public’s expectation for the agency to do more (to protect the public) but with less resources must be part of the discussion as we dissect contamination events.

 

FDA Logo

FDA Identifies Suspect in Lead Contamination Investigation

FDA Logo

On Tuesday, the FDA announced a suspect in the WanaBana cinnamon-applesauce pouch contamination investigation. Per the FDA, Ecuadorian officials in Agencia Nacional de Regulación, Control y Vigilancia Sanitaria (ARCSA) have reported that Carlos Aguilera of Ecuador, the processor of the ground cinnamon supplied by Negasmart to Austrofoods and later used in recalled apple cinnamon products, is the likely source of contamination. According to ARCSA, the unprocessed cinnamon sticks used in recalled products were sourced from Sri Lanka and were sampled by ARCSA and found to have no lead contamination. ARCSA’s investigation and legal proceedings to determine ultimate responsibility for the contamination are still ongoing.

The FDA noted that it has limited authority over foreign ingredient suppliers who do not directly ship product to the U.S. This is because their food undergoes further manufacturing/processing prior to export. Thus, the FDA cannot take direct action with Negasmart or Carlos Aguilera.

As of February 2, there were 100 confirmed cases of lead poisoning, 277 probable cases and 36 suspected cases of for a total of 413 cases from 43 different states. As of February 5, 2024, no additional cases had been reported, and the FDA stated that it has no indication that this issue extends beyond these recalled products nor has it received any confirmed reports of illnesses or elevated blood lead level adverse events reported for other cinnamon-containing products or cinnamon. Confirmed complainants, or people for whom a complaint or adverse event was submitted and met FDA’s complainant definition, are between zero and 53 years of age and the median age is one year old.

CDC’s National Center for Environmental Health is conducting case finding efforts in collaboration with state and local health departments. CDC’s case definition for state partners includes a blood lead level of 3.5 µg/dL or higher measured within three months after consuming a recalled WanaBana, Schnucks, or Weis brand fruit puree product after November 2022.

 

Susanne Kuehne, Decernis
Food Fraud Quick Bites

You Know My Methods, Watson

By Susanne Kuehne
No Comments
Susanne Kuehne, Decernis
Food fraud
Find records of fraud such as those discussed in this column and more in the Food Fraud Database, owned and operated by Decernis, a Food Safety Tech advertiser. Image credit: Susanne Kuehne

Food fraud, also known as the intentional adulteration of food for economic gain, is described as a criminal act that in some cases can have a significant impact on consumers, honest producers and societies. The perpetrators utilize loopholes in the surveillance, investigation, enforcement and prosecution of food fraud. A recent publication describes the anatomy of eight example food fraud scandals in the UK to enable investigators to understand, track and prosecute complex fraud cases more efficiently.

Resource

  1. Smith, R., Manning, L., and McElwee, G. (October 11, 2021). “The anatomy of ‘So-called Food-Fraud Scandals’ in the UK 1970–2018: Developing a contextualised understanding”. Crime, Law and Social Change.
Food Safety Consortium Virtual Conference Series

2021 FSC Episode 8 Preview: Food Defense: Yesterday, Today and Tomorrow

By Food Safety Tech Staff
No Comments
Food Safety Consortium Virtual Conference Series

You don’t want to miss this week’s episode of the 2021 Food Safety Consortium Virtual Conference Series. The session, Food Defense: Yesterday, Today and Tomorrow, will discuss pre-FSMA IA Rule voluntary food defense programs, compliance timelines, and regulatory compliance vs. enterprise risk based approaches to food defense. Presenters will address the status of Food Defense plan quick checks and share insights on Food Defense Plan reanalysis. Participants will gain insights on threat intelligence sources and food defense-based research updates. Other topics to be covered include a brief overview of recently released insider risk mitigation reference material, cyber/IT “vulnerabilities”, critical infrastructure protection and how an all-hazards mindset to “all of the above” can help to contribute to a Food Protection Culture.

The following is the line up of speakers for Thursday’s episode, which begins at 12 pm ET.

  • Jason Bashura, PepsiCo (moderator)
  • Food Defense Yesterday with Raquel Maymir, General Mills
  • FBI HQ Perspectives of Food Defense with Helen S. Lawrence and Scott Mahloch, FBI
  • Food Defense Tomorrow with Frank Pisciotta, ASIS Food Defense & Ag Security Community and Cathy Baillie, Mars, Inc.
  • Risk-based Food Defense with Jessica Cox, Department of Homeland Security, Chemical Security Analysis Center
  • Food Defense & Supply Chain Perspectives: Regional Resilience Action Plan with Jose Dossantos, Department of Homeland Security/CISA

The Fall program runs every Thursday from October 7 through November 4. Haven’t registered? Follow this link to the 2021 Food Safety Consortium Virtual Conference Series, which provides access to all the episodes featuring critical industry insights from leading subject matter experts!

Susanne Kuehne, Decernis
Food Fraud Quick Bites

Fraud Is the Spice Of Life

By Susanne Kuehne
No Comments
Susanne Kuehne, Decernis
Food Fraud, cumin
Find records of fraud such as those discussed in this column and more in the Food Fraud Database. Image credit: Susanne Kuehne.

The high value of spices makes them one of the most popular targets for intentional adulteration. Researchers in Brazil developed an efficient method for fraud detection: Near-infrared spectrometer (NIR) associated with chemometrics. This method is able to detect adulterants like corn flour and cassava in spice samples, revealing a high rate of adulteration, between 62% for commercial black pepper and 79% for cumin samples.

Resource

  1. Amanda Beatriz Sales de Lima et al. (January 2020). “Fast quantitative detection of black pepper and cumin adulterations by near-infrared spectroscopy and multivariate modeling”. Food Control. Vol. 107.
Susanne Kuehne, Decernis
Food Fraud Quick Bites

Germany’s Food Warning Website

By Susanne Kuehne
No Comments
Susanne Kuehne, Decernis
Food fraud, Germany
Find records of fraud such as those discussed in this column and more in the Food Fraud Database. Image credit: Susanne Kuehne

Unapproved ingredients and allergens, whether added intentionally or unintentionally, were the third largest reason for recalls in Germany last year, behind microbiological contamination and impurities from foreign matter. The German food warning system by the BVL (Bundesamt fuer Verbraucherschutz und Lebensmittelsicherheit) is accessible by the public and provides detailed information of warnings considering food and beverages. The warnings issued per year are growing steadily, from 100 warnings in 2015 to 161 in 2017 to 198 warnings in 2019.

Resource

  1. WirtschaftsWoche (January 10, 2020) “Um Rueckruf wird gebeten”. Retrieved from WirtschaftsWoche3, 2020. Original source Bundesamt fuer Verbraucherschutz und Lebensmittelsicherheit

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part III)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series addressed the importance of a physical security expert, insider threat detection programs, actionable process steps (APS) and varying approaches to a VA. Part II reviewed access, subject matter experts, mitigation strategies and community drinking water. This final article reviews broad mitigation strategies, feasibility assessments, food defense plans, partial ingredient security and the “Three Element” approach through more lessons learned from assessments conducted for the largest and most complex global food and beverage facilities, but which can also be applied to the smaller facilities that are currently in the process of readying for the next deadline of July 26.

Lesson 14: When the final rule was released, the concept of using broad mitigation strategies was eliminated. That notwithstanding and realizing that many companies seek to operate at a stricter standard for food defense with a clear focus on brand protection, versus only those process steps that potentially could result in a “wide scale public health impact.” Broad or facility-wide mitigation strategies should not be abandoned, but are less likely to get you a lot of credit for IA compliance. Including existing food safety prerequisite programs (PRP), programs and practices that are put in place to maintain a sanitary environment and minimize the risk of introducing a food safety hazard, can, in some cases, also be included as security mitigation. PRP’s with slight modifications can also contribute to a good “food defense” posture. For example, one PRP addresses hazardous chemicals and toxic substances. In some cases, non-food grade substances that could result in product contamination (not necessarily wide-scale public health impact) might be available to a disgruntled insider. It is obvious companies are concerned about contaminants being brought into the plants, but please do not overlook contaminants that are already there and ensure that they are properly secured when not in use.

Other facility-wide programs (broad mitigation) that contribute to effective food defense might include site perimeter or building security, visitor and contractor management, pre-employment background checks, employee security awareness and food defense training and sanitation chemical management.

Lesson 15: If you are using the three elements approach (Guidance Chapter 2 Section G) or the hybrid approach (Guidance Chapter 2 Section H), you will be required to make an assessment on feasibility. In the early VA’s conducted, prior to the second installment of the guidance in March of 2019, feasibility was essentially an all or nothing proposition. One could argue that a judgment call was required as to whether an intentional adulteration incident could be accomplished given the inherent conditions. Those conditions might include a lot of coworkers who might be able to observe and serve as witnesses to deter the act. With the release of the second installment of the guidance from the FDA, a new tool was made available which would allow food and beverage companies to run a calculation and make a more accurate prediction of how much of an unnamed “representative contaminant” which is assumed to be highly lethal and heat stable it might take to contaminate a product batch. Typically, the larger the batch size, the higher the quantity of the “representative contaminant” would be required to achieve a lethal dose (LD) in a serving size. So, to provide an additional level of validation with identified actionable process steps, the use of the LD calculation might be considered to provide more realistic insight into the feasibility element. For instance, if it would require one hundred pounds of the “representative contaminant,” you might feel justified in concluding that it is not realistic to get that amount of contaminant into the batch at the process step and rule out the point, step or procedure as an APS. This can save money and ensure limited food defense resources can be channeled to the areas where legitimate risk can be reduced.

Lesson 16: After an APS is identified, sites will need to determine, as the rule states, whether the existing “mitigation strategies can be applied…to significantly minimize or prevent the significant vulnerability.” Simply stated, what is in place today for food safety, and the broad-based security measures in use, may or may not be enough when you consider an insider motivated to contaminate the product. The FDA’s mitigation strategies database may offer some insights into additional food defense measures to consider. Where additional mitigation strategies are identified, from the time of completion of the VA until a site’s regulatory compliance deadline arrives (next one is July 26, 2020), that change must be incorporated into the food defense plan and fully implemented. We recommend that a site make a list of new mitigation strategies after the VA is complete for tracking purposes during the implementation phase. No mitigation strategies should be included in the food defense plan that are not fully implemented and where records cannot be adequately produced.

Lesson 17: In the second installment of the guidance, the concept of partial ingredients was introduced. The key activity types (KAT) of secondary ingredients is now considered to include the storage of partially used, open containers of secondary ingredients where the tamper-evident packaging has been breached. Tamper evident tape looked to have promising benefits, but several of our clients have abandoned the use of this mitigation strategy, which has been proven repeatedly to be defeated without detection. It appears that using containers that can be secured with numbered seals might be a better option and even better if the seals would be metal detectable in the event one went astray in a product stream.

Lesson 18: Food defense plan unification. Facilities regulated under the IA rule are likely to already have a food defense plan for other initiates such as SQF or BRC. The IA Rule is not unlike other counter-terrorism regulations in potential to create challenges to meet voluntary and regulatory requirements without having multiple food defense plans. The IA Rule based on its modeling after HACCP creates some very specific requirements in terms of how data needs to be presented and records maintained. Sites may be doing other things to support food defense, and one strategy that might keep auditors in their lane would be to include any non-IA Rule food defense content (e.g., for SQF or BRC) in an appendix to the IA Rule Food Defense Plan.

Lesson 19: Under the VA method the FDA refers to as “the “Three Element” approach, suggestion is made in the guidance released in March 2019 that regulated facilities might consider creating stratified categories for each element of public health impact, degree of physical access and ability of the attacker to successfully contaminate product. This is asking regulated facilities to engineer their own vulnerability assessment methodology. It is our opinion that this is asking a lot from a food and beverage facility and that creating categories for each element (e.g., refer to Table 3 on page 54) will extend the time it takes to complete a vulnerability assessment, create a lot more uncertainty in the process and does not necessarily help companies to identify the areas where intentional adulteration risk is highest.

Conclusion

Organizations who have yet to execute vulnerability assessments (due July 26) or those who have already completed vulnerability assessments who may wish to reflect back on their existing VAs in an effort to eliminate unnecessary APS’s should find these strategies helpful in focusing limited resources to the areas where they can have the greatest effect. Since the initiation of this article series, the FDA has released its third installment of the guidance. Once we reflect on this new installment, we will address our thoughts in a future article.

FDA

FDA Releases Supplemental Draft Guidance for Intentional Adulteration Rule

By Food Safety Tech Staff
No Comments
FDA

Read the series: Lessons Learned from Intentional Adulteration Vulnerability AssessmentsThis week FDA issued a supplemental draft guidance to aid in compliance with the FSMA Intentional Adulteration Rule. The draft, “Mitigation Strategies to Protect Food Against Intentional Adulteration”, includes chapters that address food defense corrective actions and verification, reanalysis and recordkeeping. It also includes appendices on FDA’s Mitigation Strategies Database, along with how business can assess their status as a small or very small business.

This is the third and final installment of the draft guidance for the IA rule.

The FDA is still on schedule to begin routine intentional adulteration inspections next month.

magnifying glass

Top 10 Food Safety Articles of 2019

By Food Safety Tech Staff
No Comments
magnifying glass

#10

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part I)

#9

Lead in Spices

#8

Three Practices for Supply Chain Management in the Food Industry

#7

Changes in the Food Safety Industry: Face Them or Ignore Them?

#6

How Technology is Elevating Food Safety Practices & Protocols

#5

Five Tips to Add Food Fraud Prevention To Your Food Defense Program

#4

2019 Food Safety and Transparency Trends

#3

Sustainability Strategies for the Food Industry

#2

Is Food-Grade always Food-Safe?

#1

E. Coli Update: FDA Advises Consumers to Avoid All Romaine Lettuce Harvested in Salinas, California

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part I)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series is intended to assist facilities that have not yet conducted vulnerability assessments or wish to review those already conducted, by leveraging lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.

Lesson 1: VA outcomes are greatly enhanced if a physical security professional is consulted. In support of this contention, there are several physical security mitigation strategies, which can be employed to support a food defense program, that are frequently under-utilized and are not optimally managed by non-security staff. Also, the FDA seems to promote the use of cameras even though this equipment is unlikely to prevent an incident of intentional adulteration. For organizations that choose to use video surveillance, a competent security professional can help organizations engineer and operate video surveillance for maximum benefits and to meet challenging record-keeping requirements when this mitigation strategy is included in a food defense plan.

Lesson 2: Given the focus by the FDA on the insider, a formal insider threat detection program is highly recommended. Trying to promote the common, “See Something, Say Something” strategy may not be enough. For example, if employees are not clearly told what to look for in terms of uniform requirements, how to identify persons who do not belong or changes to a coworker’s baseline behavior, which may indicate moving toward a path to violence or sabotage, then “See Something, Say Something” may end up being no more than a catchy slogan.

A key element of an insider threat detection program is the completion of effective background checks for all persons who will be allowed in the facility unescorted. This includes temporary employees and contractors. A common theme in many of the recent, serious intentional adulteration incidents was that the person responsible was involved in some sort of grievance observable to coworkers and supervisors. In all insider threat detection programs, the grievance becomes an important trip wire. The Carnegie Mellon University Software Engineering Institute has published a document titled, “Common Sense Guide to Mitigating Insider Threats, Sixth Edition”. In this document is some particularly helpful guidance that can be used to stand up an insider threat detection program, but this is an effort that can take some time to fully implement.

Lesson 3: The FDA has made it abundantly clear that they believe the focus for the food and beverage industry should be the radicalized insider. A closer look at all the recently publicized contamination events suggests that there are other profiles that need to be considered. A good foundational model for building profiles of potential offenders can be found in the OSHA definitions for workplace violence offenders, which has been expanded to address ideologically based attacks. Table I applies those descriptions to the food and beverage industry, with an asterisk placed by those offender profiles that exist in recent incidents and discussed later in the text.

Class OSHA Workplace Violence Offender Description Motivation Translated to the Food and Beverage Industry
1 The offender has no legitimate relationship to the business or its employee(s). Rather, the violence is incidental to another crime, such as robbery, shoplifting, trespassing or seeking social media fame. Behavioral Health Patient *
Social Media Fame Seeker *
Copycat *
Extortion *
Economic motivation *
2 The violent person has a legitimate relationship with the business—for example, the person is a customer, client, patient, student, or inmate—and becomes violent while being served by the business, violence falls into this category. My load isn’t ready, you are costing me money
3 The offender of this type of violence could be a current employee or past employee of the organization who attacks or threatens other employee(s) in the workplace. I am upset with a coworker and adulterate to create problems for that person *
I am upset with the company and adulterate as retribution and to harm the brand *
Youthful stupidity
I am not paid enough *
4 The offender may or may not have a relationship with the business but has a personal (or perceived personal) relationship with the victim. I am upset with an intimate partner/ coworker and adulterate to create problems for that person
5 Ideological workplace violence is directed at an organization, its people, and/or property for ideological, religious or political reasons. The violence is perpetrated by extremists and value-driven groups justified by their beliefs. Radicalized Insider
Table I. A description of OSHA workplace violence offenders and how it can be applied to the F&B industry.

A supermarket in Michigan recalled 1,700 lbs. of ground beef after 111 people fell ill with nicotine poisoning. The offender, an employee, mixed insecticide into the meat to get his supervisor in trouble. In Australia, the entire strawberry industry was brought to its knees after a disgruntled supervisor “spiked” strawberries with needles. There were more than 230 copycat incidents impacting many companies. A contract employee in Japan, apparently disgruntled over his low pay, sprayed pesticide on a frozen food processing line resulting in illnesses to more than 2,000 people. A contract worker upset with a union dispute with the company at a food manufacturing plant videoed himself urinating on the production line, then uploaded the video to the Internet. Be cognizant of any grievances in the workplace and increase monitoring or take other proactive steps to reduce the risk of intentional adulteration.

Lesson 4: The IA Rule requires that every point, step and procedure be analyzed to determine if it is an actionable process step (APS). The Hazard Analysis Critical Control Point flow charts are a good starting point to comply with this element of the law but cannot be counted on completely to achieve the standard of analyzing every point, step or procedure. Critical thinking and persons familiar with the production process need to be involved to ensure that no steps are missed. Oftentimes companies modify the HACCP flow diagrams after a VA.

Lesson 5: The FDA states in the second installment of guidance (here’s the full copy) to the industry that, “There are many possible approaches to conducting a VA. You may choose an approach based on considerations such as the time and resources available and the level of specificity desired. You have the flexibility to choose any VA approach, as long as your VA contains each required component (21 CFR 121.130).”

The FDA further states that the Key Activity Type, or KAT method, is an appropriate method for conducting a VA because it reflects consideration of the three required elements and the inside attacker. Using this methodology alone, however, can result in substantially more APS’s, which might otherwise be ruled out for practical purposes such as a lack of accessibility or a lack of feasibility to contaminate the product at a point, step or procedure. We have experienced up to a 90% decline in APS’s by utilizing another FDA recommended assessment approach, the hybrid approach, which assesses each point, step or procedure as first whether it is a KAT. Then to qualify as an APS, it must also trigger positively for public health impact, accessibility and feasibility to contaminate the product.

Organizations who have yet to execute vulnerability assessments (due July 26, 2020) or who may wish to reflect back on their existing VA’s in an effort to eliminate unnecessary APS’s should find these strategies helpful to focus limited resources to the areas where they can have the greatest effect. The next two articles in this series will cover more information on electronic access, the value of site tours, comparisons to drinking water security strategies, dealing with multi-site assessments and more. Read Part II of this series on intentional adulteration.