Learn more about how to mitigate the risks of food fraud and intentional adulteration at the Food Safety Supply Chain Conference | May 29–30, 2019 | Rockville, MD or attend virtuallyThis week FDA made an announcement during a public meeting that the agency’s routine inspection to verify compliance with the FSMA Intentional Adulteration rule will start next March.
The first compliance date for the rule is this July. It is a requirement for food facilities covered under this rule to develop and implement a food defense plan that identifies vulnerabilities and the consequent mitigation plan.
FDA stated that it has received feedback on the “novel nature” of the rule’s requirements and that stakeholders want more time to develop their food defense plans. “ To allow industry time with the forthcoming materials, tools, and trainings, and because the IA rule represents new regulatory territory for all of us, we will be starting routine IA rule inspections in March 2020,” FDA stated and added that it is working on developing more resources as well as the final part of draft guidance to continue to assist industry.
The FSMA Intentional Adulteration rule (Mitigation Strategies To Protect Food Against Intentional Adulteration) requires companies that fall under the rule to implement a written food defense plan, identity vulnerabilities and establish mitigation strategies based on those vulnerabilities. This is new territory for FDA as well as for many companies in the industry—and for this reason, the agency has established a longer compliance timeline. However, that doesn’t mean companies should wait—the time to prepare is now.
Christopher Snabes, senior manager, food safety at the The Acheson Group (TAG) and Jennifer van de Ligt, Ph.D., associate director at the Food Protection & Defense Institute (FPDI) sat down with Food Safety Tech to discuss some of the challenges they see industry facing related to intentional adulteration and food defense.
In addition, TAG and FPDI are interested in gauging the industry’s level of readiness in this area and have put together the survey, Intentional Adulteration & Food Defense Industry Preparedness. We encourage you to take the survey. And don’t miss subject matter experts from TAG and FPDI at this year’s Food Safety Consortium as they discuss Food Defense: Lessons Learned from Recent Incidents + Key Steps to Mitigating Risks.
Food Safety Tech: Given the subject matter of the survey, what do you feel is the current preparedness level regarding compliance with the FSMA Intentional Adulteration rule?
Christopher Snabes: I see this from a variety of fronts. Some companies established food defense solely on the events of 9/11, putting initial food defense plans in place [that involved] fences, installing security guards and gates, and locking the outside doors. Some companies we’ve worked with feel this is sufficient enough to meet the IA rule, and that’s not correct.
TAG has assessed several companies that are in the process of conducting food defense assessments, and they’re doing them based on best industry practices, and preparing for the inside attacker and/or a terrorist getting into key production areas.
TAG has worked with some companies that are fully waiting for the second and third guidance documents from FDA to come out before they do the full food defense plan. We’ve worked with some companies doing a mix of the above—they’re not waiting for the guidance but are actively testing their plans and having an outsider test their vulnerability, and then they’re rewriting plans based on the findings. They’ll also update their food defense plans, once the second and third FDA guidances are released to the public.
We feel these are the most prepared facilities; there are not a lot of companies at this point, but they’re starting to pick up steam. At this point, I would say most companies are actively pursuing a food defense plan as well as beginning to test their vulnerability.
Jennifer van de Ligt: I agree with Chris and would add that in the past two years or so, there’s also been a shift in how the industry is viewing the Intentional Adulteration rule. Many companies currently have food defense plans based on the events of 9/11 and, for the first couple of years, as the new Intentional Adulteration rule was being written, there was still a heavy emphasis on “that should be enough.” I very rarely hear that now when discussing the Intentional Adulteration rule with our industry partners. I think companies are more prepared from an understanding perspective to move beyond perimeter security and guards to really think about the risks in the facilities that would come from people with legitimate access— what the rule defines as “insider attackers”. Although understanding is increasing, Chris is correct that different parts of industry are on different paths. Some just now understand that they have to do more, while others are well on the way on to looking at how they need to structure themselves internally and are already moving towards vulnerability assessments.
FST: Are you seeing company size play a role in the readiness level?
Join the Food Protection and Defense Institute and The Acheson Group (TAG) at the 2018 Food Safety Consortium for an interactive discussion as they explore recent food defense events, highlighting key components of the incidents relative to government interactions, FSMA regulations, brand reputation, financial interests, and public health response. van de Ligt: The larger companies thinking about a multi-international approach seem to be further along in the process. I think they started thinking about the vulnerability assessment, how they’re going to structure it in their company, and how they’re going to come to compliance because of the breadth and the scope that impacts them. But we’re also seeing, at least in our training, some of the mid-sized companies beginning to take action. I think again, they realize that even though they’re smaller, they’re going to need additional resources, and they might not have those resources in house, so it might take them a bit longer.
Snabes: In general I would agree with Jennifer. I think a lot of it is because they have additional resources, and they can leverage them across many facilities as needed. I don’t see as much action being taken outside the United States on the facilities that are importing into the United States. I think that’s just starting to ramp up. I’m also seeing very small businesses that aren’t required to follow the IA rule implementing this because they want to protect their brand.
FST: What challenges are you seeing companies experience in understanding food defense, IA, and the appropriate preventive actions they should be taking?
FSMA Checklist: Intentional Adulteration ruleSnabes: Just understanding how the rules can apply to the business. For some companies, that’s still a challenge. Other companies, like the large ones, get it. Other small- and mid-sized companies are still trying to figure out how it applies to them. After that, the challenge is realizing there are expenses involved. For example, they have to install key fobs, cameras in critical areas, etc. They also have to realize they can meet the IA rule by not spending an exorbitant amount of money. For example, within a budget there are things companies can do without having to spend a lot of money, such as food defense awareness training.
Another challenge is educating all workers in food defense; enforcing the food safety culture within the facility and the idea that their job can be at risk. They have to realize that if they don’t recognize an individual inside the premises, or if something is out of place in a critical area, they need to inform their supervisor. If they see something, they need to say something—and ensure that the intentional adulteration is not taking place.
Educating employees is the least expensive way to invest in food defense, and it is the most effective. However, this can be a challenge for the companies that, for example, have a high turnover rate—if you have a lot of employees coming in and out, that means constant training, enforcement and re-educating. We see quite a bit of companies with a large turnover rate.
van de Ligt: I agree with those points. In our training, we also talk about food defense culture and how it needs to be supported across the business, similar to the way food safety culture is already in many of our businesses, and how to incorporate food defense awareness training, and on-boarding and refresher training.
The other challenges I see is that once you get to the understanding of what needs to be done and you get the buy in, there are some logistical issues at some of the companies—from big to small. Some companies are struggling with understanding which part of the business should be responsible for this (the food safety group, the security group, etc). Because we are talking about legitimate access and who is responsible for putting the plan together: How do these groups that may not have worked closely within the bigger companies now create that shared collaborative environment?
At the smaller companies, where they may not have that breadth or resources, now you’re asking a specialist in one area to pick up a completely different expertise and discipline. With a food safety and quality person, part of their job may be supply chain and sourcing, and now they also have to learn food defense. How are they managing and balancing all the different FSMA rules in their portfolio—because you have one person actually thinking about the breadth of them all. This presents a challenge to the logistics of implementation.
The other challenge I see is that FDA has done a really good job in providing input, guidance and listening sessions, and has been open and available to answer questions—more so for this rule than any of the other rules that I’ve watched go through industry. However, with the guidance being published so close to the compliance date it presents a challenge—companies that are waiting on the guidance will have to comply very quickly without the best understanding on what FDA’s thoughts are—because they’re waiting on the pending guidance.
FST:What steps should companies take to mitigate the IA risk?
van de Ligt: I have three action items for every company to take.
Read the IA rule, including the preamble if they haven’t. There’s a lot of information there that will help them understand the mindset and how the IA rule came about.
Read the guidance document when it comes out. The first guidance contains many clarifying examples that will help understanding and implementation.
Train the key people who are going to be responsible for writing the food defense plan and all employees on food defense awareness.
There are resources out there, whether it’s talking with FDA or coming to a sponsored training, for folks to get assistance in understanding and interpretation, and it would be great for them to take advantage of it.
Snabes: I agree with those three points. In general—do an FDA food defense assessment of your facility. Look for and concentrate on the key activity types that are critical. At least get a list of what areas are going to be the ones you have to mitigate. For example: The offloading of liquids, open vats, hand applied additives, etc. The most important thing I suggest doing right away is food defense awareness training for not just the supervisors, but all the employees—everyone from receiving to shipping to supply chain, etc. Everyone should be aware of the importance of food defense training and how their job depends on it.
In general, with food defense or IA—the rule is a brand new concept to FDA. It’s something they never tackled before. Because of that, there is going to be a longer time of educating before regulating. FDA is going to bend over backwards to work with companies so they understand how this rule is going to be implemented.
Any company out there can have a “strong employee” who wants to cause intentional adulteration, so the time to plan for that is now. Don’t wait for the rule to come into effect before you start planning.
Question 1: Is food fraud addressed in the FDA’s Intentional Adulteration rule (“Mitigation Strategies to Protect Food Against Intentional Adulteration”)?
Karen Everstine: Food fraud, or what the FDA calls “economically motivated adulteration” (EMA), is certainly an intentional act. However, recent U.S. regulations for food fraud/EMA are outlined in the Preventive Controls (PC) rules (“Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Human Food” and “Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Food for Animals”) and not in the Intentional Adulteration (IA) Rule. FDA indicated that the IA rule was intended to “prevent acts intended to cause wide-scale harm.” Therefore, new requirements related to food fraud/EMA are included in the hazard analysis requirements in the PC rules. FDA indicated they anticipate EMA preventive controls to be needed only in rare circumstances and “usually in cases where there has been a pattern of EMA in the past.” It is important to note that these requirements are specific to hazards that may be introduced for the purposes of economic gain. EMA that only affects product quality is outside the scope of the PC rules. However, there are misbranding and adulteration provisions of the Food Drug and Cosmetic Act that apply to EMA more broadly (whether or not the substance used may be a hazard).
Question 2: If my facility includes food fraud/EMA in our hazard analysis, will we be compliant with global food fraud requirements?
Everstine: Addressing food fraud/EMA only in your hazard analysis is not sufficient for GFSI compliance. Therefore, if your facility needs to be GFSI compliant, you will need to implement a food fraud vulnerability assessment and mitigation plan that covers all types of fraud. This includes fraud that only affects quality and it includes counterfeiting, theft, diversion, and gray market production. While FDA has indicated they are primarily focused on food fraud/EMA that has a known pattern of occurrence and could be a hazard, GFSI requires that industry evaluate vulnerability more broadly. This includes identifying fraud opportunities (such as complex supply chains), individual capability, and “weak signals” of fraud that could include indicators such as price changes for commodities.
As we look to 2018, the need for food defense activity remains. Increased adulteration incidents in 2017, consumer purchasing trends and FSMA rules implementation drive this need and the work necessary to complete it in 2018.
Intentional Adulteration of Food. It was evident that intentional adulteration of food did not diminish over the past year and likely increased. Adulteration cases of spices with undeclared ingredients to extend the product or boost color were documented. Terrorists plans and food adulteration tests were uncovered and publicized. In Germany, a man threatened to put antifreeze in the nation’s baby formula supply chain. And disgruntled employees continued to adulterate food to get revenge on their employer or co-workers. Given the complexity of our food system and the limited transparency of supply chains from farm to fork, those willing and able to adulterate will continue to do so in 2018.
Consumer Demands. Look in your local grocery aisles and you will find an ever-increasing section of “freedom foods”. These are foods that claim to be free of something whether it be gluten, lactose, pesticides or GMOs. With increasing frequency consumers are also asking questions about the sustainability and agriculture practices of the food they buy. How have the oceans been fished? Are my eggs from cage-free chickens? Does the food I buy protect the environment. Based on current trends, consumers will continue to spend their food dollars on organic, free-of, and sustainability produced food. This means food defense needs to have a keen eye on where fraudsters could adulterate products representing these food trends.
Company Food Defense. Two things have increased in the requests we are getting from companies: New incidents and the nearing deadline for compliance of the FSMA Intentional Adulteration (IA) rule. First, adulteration incidents that affect your product or the ingredients you use changes the lens you see food defense through. Even an adulteration in an ingredient or product similar to yours makes you look twice at how protected you are. With the continued incidents, companies are taking a hard look at how they are affected. Second, food companies have completed their work to prepare for the early FSMA rules such as Preventive Controls and Foreign Supplier Verification moving their attention to the next rules. The IA rule compliance dates begin in July 2019, and we anticipate increased activities, questions and food defense efforts in 2018.
As you can see, there is a nexus of need to accomplish defense work in our food system. Perhaps 2018 will be “the” year of food defense where individually and collectively we close vulnerability gaps.
The FSMA Intentional Adulteration rule is focused on preventing intentional adulteration from acts intended to cause wide-scale food safety impacts to public health, including acts of terrorism, economic adulteration and disgruntled employees. Such acts, while unlikely, could cause illness, death and economic disruption of the food supply absent mitigation strategies. This rule requires mitigation strategies to reduce risk versus specific food hazards.
How much do you know about the Intentional Adulteration Rule? Test your smarts by taking the FSMA IQ Test here The Intentional Adulteration rule is established to address large companies with products that reach many people, while exempting smaller companies. This rule requires covered facilities to conduct a “vulnerability assessment” to identify vulnerabilities and actions to take for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these vulnerabilities must be identified and evaluated. Covered facilities must also prepare and implement a Food Defense Plan. This written plan must identify the vulnerabilities and actionable process steps; mitigation strategies; and procedures for food defense monitoring, corrective actions and verification. A reanalysis is required every three years or when certain criteria are met, including mitigation strategies that are determined to be improperly implemented.
Self-Diagnostic Assessment Tool
The following self-diagnostic assessment tool can help organizations better determine their current state of planning when it comes to implementing and managing FSMA Intentional Adulteration requirements. To complete your own assessment, review and compare your programs to the questions in Table I.
Companies must have the appropriate systems in place to comply with FSMA Intentional Adulteration requirements or face possible willful non-conformance, which can include fines and criminal penalties under FDA enforcement. The questions in Table I will help companies identify areas to consider regarding their program. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage all your food safety requirements, and change “No” responses into “Yes” responses that promote best practices for FSMA and food safety compliance.
The FSMA Intentional Adulteration rule provides a new level of compliance in food security and defense with specific requirements to be determined, implemented and maintained. The planning must include effective assessments on possible risk areas and steps for responding to these. Do you know the correct response to these questions?
Working with Bill Bremer, principal of food safety compliance at Kestrel Management, LLC, Food Safety Tech is continuing its FSMA IQ test series. Results will be posted monthly in our Food Safety Consortium newsletter leading up to the 2017 event.
Confirm your company responsibility in meeting FSMA Intentional Adulteration rule compliance by answering True or False.
The Food Protection and Defense Institute held its annual Food Defense Conference on May 3 and 4. This unique conference focused on food fraud detection, food crime, intentional adulteration FSMA updates, advocacy for food protection and defense, and big data and how to use it. The event garnered active discussion and collaboration among speakers and attendees representing six international government agencies, 11 domestic federal, state and local government agencies, 33 private food sector partners, and many academic partners.
The keynote address by Andy Morling, head of the UK National Food Crime Unit, led off the conference with discussion on food fraud and food crime. He profiled the tremendous work being taken to bridge the food regulatory and criminal systems to curb food crime in the UK. The UK response to food crime is guided by the 4P approach: Prevent, Protect, Prepare and Pursue. The Protect (reducing vulnerabilities) and Prepare (investing in capacity and capability building) components of the 4P approach embody key concepts of successful food defense plans.
Economically Motivated Adulteration and Food Fraud will be discussed at the Food Safety Supply Chain Conference | June 5–6, 2017 | Learn moreThe food crime discussion was followed by insight on food fraud detection in the European Union from Franz Ulberth, Ph.D., head of the Fraud Detection and Prevention Unit at the European Commission’s Joint Research Centre. This included results from Operation Opson in which Europol and INTERPOL coordinated with 61 countries. The goal of Operation Opson is to protect public health and safety through international cooperation to combat counterfeit and substandard food and drink. In Operation Opson VI, more than 9,800 tons, 26.4 million liters, and 13 million units/items of potentially hazardous food worth an estimated €230 million were seized between December 2016 and March 2017. The scope of products seized spans the range of all foods and beverages such as mineral water, alcohol, olive oil, seasonings, seafood and caviar, and includes both every day and luxury items. In addition, Dr. Ulberth outlined key characteristics of food fraud, the most common foods susceptible to fraud, and types of vulnerability and mitigation in the food fraud area.
Defense against food fraud through the use of genomics and ingredient supply chain understanding were presented by Robert Hanner of the Biodiversity Institute of Ontario at the University of Guelph and Cheryl Deem, executive director of the American Spice Trade Association, respectively. Genomics have been particularly helpful in identifying and quantifying the prevalence of seafood fraud. The most common seafood fraud is when one species of seafood is marketed and sold as a different species. The primary driver for this deception is to promote lower quality or illegal seafood species as a species of higher quality, premium location, or simply allowed in commerce. The genomics technique has been used successfully in the food fraud arena. It identified puffer fish, which produces a toxin, being deceptively marketed as monkfish. The accurate identification allowed public health officials to confirm that consumer illnesses accompanying this deception were caused by puffer fish toxin consumption. Similar to analytical techniques, supply chain understanding can help protect food manufacturers and consumers from food fraud. For example, major spice providers worked together to develop a guide to identification and prevention of adulteration because spices are often a target for adulteration. One aspect of the guide is a decision tree used to protect against supply chain vulnerabilities.
The conference also featured the authors of the FSMA Mitigation Strategies to Protect Against Intentional Adulteration Rule. They are part of the Food Defense and Emergency Coordination Staff at CFSAN. The author of the Intentional Adulteration rule discussed updated information on FDA efforts to develop both guidance for industry and training materials to support implementation of the regulation. In addition, they provided insight on the use of key activity types as an appropriate method for vulnerability assessments. For inspection and compliance, the authors indicated a two-step approach will be taken. The two-step approach will include a quick check at all registered facilities that is followed by a food defense inspection at a limited number of prioritized facilities. Inspection will occur in a tiered and staged approach after compliance dates pass. The FDA presentation at the Food Defense Conference was the launch of the new information campaign with additional detail and insight on guidance, training, inspection and vulnerability assessment approaches.
The knowledge and passion of the professionals gathered at the conference allowed appreciation of and connection between the incredible global efforts dedicated to improving defense and protection of the food system. The future of food defense to protect and create a resilient food system will be assured by continued efforts and expertise shared like those at this conference.
Nearly 10% of the food supply is affected by food fraud, yet many food companies are not well equipped to deal with the problem, according to a survey cited by SSAFE at USP’s recent Food Fraud Mitigation Hands-on Workshop. Nearly 40% of companies said it is easy for fraudsters to fake their food products and about one-third named gaps in supply chain transparency as a fraud vulnerability problem. In addition, about one third of respondents were unaware of whether their suppliers have been part of a criminal offense.
Food fraud is defined as the intentional misrepresentation of the true identity or contents of a food ingredient or product for economic gain, said Janet Balson, senior food safety consultant at USP. In many cases, adulteration cannot be detected by visual inspection alone. Companies must look at the susceptibility of certain ingredients and products (common targets include olive oil, honey, milk, chicken, tea, spices and fish), potential economic gain, and vulnerabilities in the supply chain. Since only a small amount of fraud cases are detected, it is important to conduct a thorough vulnerability assessment that examines the supply chain, QA methods, testing frequency, audits, supplier history, and historical, geo-political and economic factors, and from there, a multi-disciplinary team can develop an appropriate control plan based on the level of risk.
Food companies can leverage several tools (they also work in a complementary fashion) to identify and assess potential hazards in ingredients and products, including EMAlert, USP’s Food Fraud Database 2.0 and SSAFE’s Food Fraud Vulnerability Assessment tool. Arcchana Patil, senior manager of food safety & defense, QRC at The Hershey Company and Samantha Cooper, manager of food safety & quality assurance at GMA compared several of these platforms, offering a few tips on their capabilities and how companies can make the best use of the tools.
USP Food Fraud Database 2.0: Contains almost 7,000 food fraud records and allows searching of records by ingredient. Helps in the process of evaluating food fraud vulnerability. Its customizable dashboard and search function update users on new records. The platform also provides automated analytics tools. The tool is best used by subject matter experts, a group or by food fraud and food defense teams.
EMAlert: A real-time predictive model for economically motivated adulteration that quantitatively analyzes vulnerability for a group of ingredients based on weights given by users. Commodity data for each attribute is continuously updated. It provides a good platform for commodity scanning for sourcing and procurement teams. The tool is best used by subject matter experts, a group or by food fraud and food defense teams.
SSAFE Food Fraud Vulnerability Assessment: Available in 10 languages, it provides a good starting point for companies to assess their vulnerability at an ingredient, product, brand, facility, country or company-wide level. It identifies vulnerabilities to enable mitigation, but it does not offer mitigation techniques. The tool can be applied throughout the supply chain, from feed and primary production to manufacturing and catering. It can be used by different segments of the supply chain, along with corporate, but it is best used by cross-functional teams in quality, lab, procurement, legal and manufacturing.
World Factbook of Food: With more than 130 foods and 75 country profiles, the Factbook data is curated from a variety of sources to assist in risk assessment. The repository of food and country profile contains product uses, consumption, production and trade information, along with population, economy, climate and governance.
Food Adulteration Incidents Registry: Containing more than 550 unique incidents of food fraud and intentional adulteration, the registry provides verified event information to support vulnerability assessments. The platform uses a repository of open data records.
The shortage of food due to climate, environmental and political changes will put further pressure on the availability of certain ingredients and is likely to cause an uptick in food fraud. However, there are more tools than ever before to help companies deal with this problem, but the key is to try to stay one step ahead. As the speakers and attendees at the USP workshop reflected on the issue, they shared their predictions on where they see food fraud headed in the near term:
Companies will need to use technology to push further into their supply chains (i.e., tier two or three) where there is a higher risk.
The implementation of blockchain technology will make it more difficult for fraudsters to fake data, especially with processed foods.
The food industry will be able to learn from other industries that have counterfeiting issues, such as the pharmaceutical industry.
Use of smarter complementary tools that fight food fraud will help companies better mitigate risks and intervene more swiftly.
FDA, as part of FSMA, released its rule titled “Protecting Food Against Intentional Adulteration” on May 27, 2016. This rule was proposed in 2013. FDA received and responded to 200+ comments prior to its final release.
FDA states that this rule “is aimed at preventing intentional adulteration from acts intended to cause wide-scale harm to public health, including acts of terrorism targeting the food supply. Such acts, while not likely to occur, could cause illness, death, [and] economic disruption of the food supply absent mitigation strategies.”1
The rule requires a documented “Food Defense Plan” that at a minimum includes the following:
Procedures for food defense monitoring
Food defense corrective action procedures
Food defense verification procedures
Records confirming implementation, maintenance and conformance to the defined requirements
Evidence of effective training
As a food safety professional with more than 30 years in the industry, reviewing this rule brought back many memories. These memories combined with information gained from a recently completed Food Defense/ Crisis Management workshop presented by Rod Wheeler really set my brain into motion.2
Years ago, industry focused on crisis management and product recall. Requirements included having a crisis management team that was led by associates representing both upper and middle management. In addition, most programs included the following:
Posted identification of the crisis management team (i.e., pictures, phone numbers, etc.)
Specific training for receptionist and guards
Mock crisis exercises (i.e., fire drills)
Planned crisis calls to the operation’s direct incoming phone numbers (i.e., receptionist and guards)
Mock recalls (from supplier through finished product and distribution)
Security inspections which may now be considered the pre-cursor to today’s “Vulnerability Assessment”
With the introduction of the GFSI approved schemes (FSSC 22000, BRC, SQF, GlobalG.A.P., Primus, etc.), requirements for crisis management, emergency preparedness, security programs, food defense training and continuity planning gained an increase focus. Do any or all of these programs meet the requirement for a “vulnerability assessment”?
In the 2013 publication, Food Safety Management Programs, this subject-matter chapter was titled “Security, Food Defense, Biovigilance, and Bioterrorism (chapter 14)”.3 An organization must identify the focus/requirements that are necessary for its operation. This decision may relate to many different parameters, including the organization’s size, design, location, food sectors represented, basic GMPs, contractor and visitor communication/access, traceability, receiving, and any other PRP programs related to ensuring the safety of your product and your facility. Requirements must be defined and associates educated to ensure that everyone has a strong and effective understanding of the requirements and what to do if a situation or event happens.
Confirming the security of a facility has always been a critical operational requirement. Many audits have been performed that included the following management statement: “Yes, of course, all the doors are locked. Security is achieved through key cards or limited distribution of door keys, thus no unwanted intruder can access our building.” This statement reminds me of a preliminary assessment that I did not too long after the shootings at a Pennsylvania manufacturer in September of 2010. The organization’s representor and myself were walking the external parameter of a food manufacturer at approximately 7:30 PM (still daylight). We found two doors (one in shipping and one accessing the main office), with the inside door latch taped so that the doors were not secure. The tape was not readily evident. The doorknob itself was locked, but a simple pull on knob opened the door. Our investigation found that a shipping office associate was waiting for his significant other to bring his dinner and was afraid that he would not be at his desk when she arrived. An office associate admitted that that door had been fixed to pull open without requiring a key several months earlier because associates frequently forgot their keys and could not gain access to start work.
Debby Newslow will present ” Sanitary Transportation for Human & Animal Food – Meeting the new FDA Requirements” at the Food Safety Supply Chain Conference | June 5–6, 2017 | Attend in Rockville, MD or via webcast | LEARN MORE
We also observed a large overhead door adjacent to the boiler room along the street side of the facility open, allowing direct access to the processing area by passing through the boiler room and then the maintenance shop. It was stated that the door had been opened earlier in the day waiting for the delivery of new equipment. No one at the time knew the status of the shipment or why the door was still open.
Finding open access to facilities is becoming more and more common. A formal vulnerability assessment is not necessary to identify unsecured doors (24/7) in our facilities. Education and due diligence are excellent tools for this purpose.
Another frequently identified weakness is with organization’s visitor and contractor sign-in prerequisite programs. What type of “vulnerability” are we creating for ourselves (false confidence) with these programs? Frequently these programs provide more questions than answers:
Does everyone really sign in?
What does signing the visitor log mean?
Are visitors required to show identification?
Are the IDs actually reviewed and if so, what does this review include?
Who is monitoring visitors and contractors and are they trained?
Do all contractors have to sign the log or are they allowed to access the building at different locations?
Do those contractors who make frequent or regular trips have their own badges and/or keys (keycards) so they don’t have to take the time to sign-in (i.e., pest control, uniform supplier vending services)?
How are contractor badges controlled?
Are visitors required to be accompanied during the visit or does it depend on the visitor and whom they are visiting?
Are visitors and contractors trained in company requirements?
Do visitors and contractors have an identifying item to alert your associates of their status (i.e., visitor badge, visitor name badge, specifically colored bump cap, colored smock, etc.)?
How are truck drivers monitored? Do they have a secured room for them or do they have complete access to the facility to access the restrooms and breakroom?
How are terminated associates or associates that have voluntarily left the company controlled?
Can these associates continue to access the facility with keys, access cards, or just through other associates (i.e., friends or associates that did not know that they were no longer an employee)?
Strictly Necessary Cookies
Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for these cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
If you visit and/or use the FST Training Calendar, cookies are used to store your search terms, and keep track of which records you have seen already. Without these cookies, the Training Calendar would not work.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.
Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.
In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.
You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.