Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series is intended to assist facilities that have not yet conducted vulnerability assessments or wish to review those already conducted, by leveraging lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.
Lesson 1: VA outcomes are greatly enhanced if a physical security professional is consulted. In support of this contention, there are several physical security mitigation strategies, which can be employed to support a food defense program, that are frequently under-utilized and are not optimally managed by non-security staff. Also, the FDA seems to promote the use of cameras even though this equipment is unlikely to prevent an incident of intentional adulteration. For organizations that choose to use video surveillance, a competent security professional can help organizations engineer and operate video surveillance for maximum benefits and to meet challenging record-keeping requirements when this mitigation strategy is included in a food defense plan.
Lesson 2: Given the focus by the FDA on the insider, a formal insider threat detection program is highly recommended. Trying to promote the common, “See Something, Say Something” strategy may not be enough. For example, if employees are not clearly told what to look for in terms of uniform requirements, how to identify persons who do not belong or changes to a coworker’s baseline behavior, which may indicate moving toward a path to violence or sabotage, then “See Something, Say Something” may end up being no more than a catchy slogan.
A key element of an insider threat detection program is the completion of effective background checks for all persons who will be allowed in the facility unescorted. This includes temporary employees and contractors. A common theme in many of the recent, serious intentional adulteration incidents was that the person responsible was involved in some sort of grievance observable to coworkers and supervisors. In all insider threat detection programs, the grievance becomes an important trip wire. The Carnegie Mellon University Software Engineering Institute has published a document titled, “Common Sense Guide to Mitigating Insider Threats, Sixth Edition”. In this document is some particularly helpful guidance that can be used to stand up an insider threat detection program, but this is an effort that can take some time to fully implement.
Lesson 3: The FDA has made it abundantly clear that they believe the focus for the food and beverage industry should be the radicalized insider. A closer look at all the recently publicized contamination events suggests that there are other profiles that need to be considered. A good foundational model for building profiles of potential offenders can be found in the OSHA definitions for workplace violence offenders, which has been expanded to address ideologically based attacks. Table I applies those descriptions to the food and beverage industry, with an asterisk placed by those offender profiles that exist in recent incidents and discussed later in the text.
|Class||OSHA Workplace Violence Offender Description||Motivation Translated to the Food and Beverage Industry|
|1||The offender has no legitimate relationship to the business or its employee(s). Rather, the violence is incidental to another crime, such as robbery, shoplifting, trespassing or seeking social media fame.||Behavioral Health Patient *
Social Media Fame Seeker *
Economic motivation *
|2||The violent person has a legitimate relationship with the business—for example, the person is a customer, client, patient, student, or inmate—and becomes violent while being served by the business, violence falls into this category.||My load isn’t ready, you are costing me money|
|3||The offender of this type of violence could be a current employee or past employee of the organization who attacks or threatens other employee(s) in the workplace.||I am upset with a coworker and adulterate to create problems for that person *
I am upset with the company and adulterate as retribution and to harm the brand *
I am not paid enough *
|4||The offender may or may not have a relationship with the business but has a personal (or perceived personal) relationship with the victim.||I am upset with an intimate partner/ coworker and adulterate to create problems for that person|
|5||Ideological workplace violence is directed at an organization, its people, and/or property for ideological, religious or political reasons. The violence is perpetrated by extremists and value-driven groups justified by their beliefs.||Radicalized Insider|
|Table I. A description of OSHA workplace violence offenders and how it can be applied to the F&B industry.|
A supermarket in Michigan recalled 1,700 lbs. of ground beef after 111 people fell ill with nicotine poisoning. The offender, an employee, mixed insecticide into the meat to get his supervisor in trouble. In Australia, the entire strawberry industry was brought to its knees after a disgruntled supervisor “spiked” strawberries with needles. There were more than 230 copycat incidents impacting many companies. A contract employee in Japan, apparently disgruntled over his low pay, sprayed pesticide on a frozen food processing line resulting in illnesses to more than 2,000 people. A contract worker upset with a union dispute with the company at a food manufacturing plant videoed himself urinating on the production line, then uploaded the video to the Internet. Be cognizant of any grievances in the workplace and increase monitoring or take other proactive steps to reduce the risk of intentional adulteration.
Lesson 4: The IA Rule requires that every point, step and procedure be analyzed to determine if it is an actionable process step (APS). The Hazard Analysis Critical Control Point flow charts are a good starting point to comply with this element of the law but cannot be counted on completely to achieve the standard of analyzing every point, step or procedure. Critical thinking and persons familiar with the production process need to be involved to ensure that no steps are missed. Oftentimes companies modify the HACCP flow diagrams after a VA.
Lesson 5: The FDA states in the second installment of guidance (here’s the full copy) to the industry that, “There are many possible approaches to conducting a VA. You may choose an approach based on considerations such as the time and resources available and the level of specificity desired. You have the flexibility to choose any VA approach, as long as your VA contains each required component (21 CFR 121.130).”
The FDA further states that the Key Activity Type, or KAT method, is an appropriate method for conducting a VA because it reflects consideration of the three required elements and the inside attacker. Using this methodology alone, however, can result in substantially more APS’s, which might otherwise be ruled out for practical purposes such as a lack of accessibility or a lack of feasibility to contaminate the product at a point, step or procedure. We have experienced up to a 90% decline in APS’s by utilizing another FDA recommended assessment approach, the hybrid approach, which assesses each point, step or procedure as first whether it is a KAT. Then to qualify as an APS, it must also trigger positively for public health impact, accessibility and feasibility to contaminate the product.
Organizations who have yet to execute vulnerability assessments (due July 26, 2020) or who may wish to reflect back on their existing VA’s in an effort to eliminate unnecessary APS’s should find these strategies helpful to focus limited resources to the areas where they can have the greatest effect. The next two articles in this series will cover more information on electronic access, the value of site tours, comparisons to drinking water security strategies, dealing with multi-site assessments and more. Read Part II of this series on intentional adulteration.
Attend the Food Defense Plenary Panel Discussion at the 2019 Food Safety Consortium | Tuesday, October 1, 2019Today FDA released an updated version of its Food Defense Plan Builder in efforts to help companies comply with the International Adulteration FSMA rule. Version 2.0 of the tool includes the following sections to help food facility owners and operators in developing a facility-specific food defense plan:
- Facility Information
- Process/Product Description
- Vulnerability Assessment
- Mitigation Strategies
- Food Defense Monitoring Procedures
- Food Defense Corrective Action Procedures
- Food Defense Verification Procedures
- Supporting Documents
The tool is for use on a computer, and FDA states that it does not have access to any content or documents used with the tool, nor does it track or monitor how the tool is being used. The agency also emphasizes that use of this tool is not required by law and its use does not mean that a company’s food defense plan is FDA approved or compliant with the IA rule requirements.
The original version of this tool was released in 2013. FDA will be conducting a demonstration of the Food Defense Plan Builder v. 2.0 during a webinar on October 10.
What is FMEA? What is a vulnerability assessment (VA)? How can these two be linked? Despite what you may think, there are similarities between these two methods. FMEA (Failure Modes and Effects Analysis) methods can be utilized to help objectively assess the vulnerable steps within your process.
After July 26, 2019, businesses other than small and very small businesses (defined by FDA) must comply with the FSMA Intentional Adulteration (IA) Rule. The rule is intended to enforce industry regulation to conduct vulnerability assessments and address proper mitigation plans to prevent any potential fraud risks within the food defense plan. For small businesses, the compliance date is July 27, 2020; for very small businesses, the compliance date is July 26, 2021.
Although the IA rule does not specify a particular method that you must use to conduct your VA and address proper mitigation plans, the following elements must be considered during your evaluation and mitigation strategy and must be implemented at each actionable step afterwards:
- The potential public health impact (e.g., severity and scale) if a contaminant were added (21 CFR 121.130(a)(1))
- The degree of physical access to the product (21 CFR 121.130(a)(2))
- The ability of an attacker to successfully contaminate the product (21 CFR 121.130(a)(3))
During the 2019 Food Safety Consortium, Melody Ge will present: How to prepare ourselves in this data-driven transitioning time for the smart food safety era? | October 2 @ 10 am FMEA is a Six Sigma method widely used in operations when implementing a new process. It is a structured approach to discover potential failures that may exist within the design of a product or process. Within FMEA, the RPN (Risk Priority Number) score is used to prioritize risks and is calculated by Severity × Occurrence × Detection. RPN is a quantified number that helps you prioritize risks when determining actions. If we employ the same mentality, FMEA is a useful method in helping to identify vulnerable steps based on the risk within your process. Take a close look at how the RPN is generated; the following three components are also important during the vulnerability assessment.
Severity or the potential public health impact (e.g., severity and scale) if a contaminant were added.
Severity is identified when considering the consequence of when a processing step goes out of control; or thinking about the severity of the health impact. We can consider those impacts or consequences using four common categories:
- Biological contaminants
- Chemical contaminants
- Physical contaminants
- Intentional adulteration for economic gain contaminants
Occurrence or the degree of physical access to the product.
Occurrence is identified when considering how frequently a process step is expected to go out of defined controls. Is it once a week or once a month? Depending on how often the step goes out of defined controls, this will trigger different action steps as well as mitigation plans.
Detection or the ability of an attacker to successfully contaminate the product.
Detection is considered by how easy it can be detected when the failure occurs. For example, within the food production operation, mixing steps is relatively easier than a CIP step to be detected. More references could be found in FDA’s definition of KAT (Key Activity Types, as discussed in the draft guidance, “Mitigation Strategies to Protect Food Against Intentional Adulteration”), such as:
- Bulk and liquid receiving and storage
- Liquid storage and handling
- Secondary ingredient handling
- Mixing and similar activities
Once the RPN is identified, then the vulnerable steps can be sorted based on the RPN. To utilize this approach, Table 1 provides a template to be considered using FMEA for the vulnerability assessment.
|Process Step||Description||Is it KAT? (Y/N)||RPN||Action Process Step||Mitigation Strategy||Explanation|
|Table 1: Determine the vulnerable steps (for reference)|
As IA rules regulate, a mitigation plan must be generated once a vulnerable step is identified. The intention of the plan shall ensure those risks identified are mitigated and controlled so that the final finished products are not impacted or contaminated. One tip to begin this process is to start with reviewing your current control plan for potential food safety risks. As FSMA Preventive Controls are fully implemented, all food plants shall have a food safety plan in place with validated control plans that are intended to reduce risks for potential physical, chemical, biological and adulteration for economic gain. Sometimes, these risks are highly associated with potential vulnerable steps for intentional adulteration, especially those processing steps associated with potential economic gain hazards. If those controls are not working properly, then we can seek out other mitigation plans. Nevertheless, regardless of what steps are taken, they have to be validated to show that the IA risks are effectively mitigated. Monitoring and verification shall be conducted as well once the mitigation plan is implemented.
Of course, like all food safety management systems, every food plant should have its own designated plans based on the products being produced, operations implemented and the nature of the production. Ultimately, it will be your choice to find an effective method that fits your production culture. However, the intention should always be in compliance with the IA rules: Identify the vulnerable steps within the process, and conduct mitigation plans to control the risks of intentional adulteration.
Learn more about how to mitigate the risks of food fraud and intentional adulteration at the Food Safety Supply Chain Conference | May 29–30, 2019 | Rockville, MD or attend virtuallyThis week FDA made an announcement during a public meeting that the agency’s routine inspection to verify compliance with the FSMA Intentional Adulteration rule will start next March.
The first compliance date for the rule is this July. It is a requirement for food facilities covered under this rule to develop and implement a food defense plan that identifies vulnerabilities and the consequent mitigation plan.
FDA stated that it has received feedback on the “novel nature” of the rule’s requirements and that stakeholders want more time to develop their food defense plans. “ To allow industry time with the forthcoming materials, tools, and trainings, and because the IA rule represents new regulatory territory for all of us, we will be starting routine IA rule inspections in March 2020,” FDA stated and added that it is working on developing more resources as well as the final part of draft guidance to continue to assist industry.
The FSMA Intentional Adulteration rule (Mitigation Strategies To Protect Food Against Intentional Adulteration) requires companies that fall under the rule to implement a written food defense plan, identity vulnerabilities and establish mitigation strategies based on those vulnerabilities. This is new territory for FDA as well as for many companies in the industry—and for this reason, the agency has established a longer compliance timeline. However, that doesn’t mean companies should wait—the time to prepare is now.
Christopher Snabes, senior manager, food safety at the The Acheson Group (TAG) and Jennifer van de Ligt, Ph.D., associate director at the Food Protection & Defense Institute (FPDI) sat down with Food Safety Tech to discuss some of the challenges they see industry facing related to intentional adulteration and food defense.
In addition, TAG and FPDI are interested in gauging the industry’s level of readiness in this area and have put together the survey, Intentional Adulteration & Food Defense Industry Preparedness. We encourage you to take the survey. And don’t miss subject matter experts from TAG and FPDI at this year’s Food Safety Consortium as they discuss Food Defense: Lessons Learned from Recent Incidents + Key Steps to Mitigating Risks.
Food Safety Tech: Given the subject matter of the survey, what do you feel is the current preparedness level regarding compliance with the FSMA Intentional Adulteration rule?
Christopher Snabes: I see this from a variety of fronts. Some companies established food defense solely on the events of 9/11, putting initial food defense plans in place [that involved] fences, installing security guards and gates, and locking the outside doors. Some companies we’ve worked with feel this is sufficient enough to meet the IA rule, and that’s not correct.
TAG has assessed several companies that are in the process of conducting food defense assessments, and they’re doing them based on best industry practices, and preparing for the inside attacker and/or a terrorist getting into key production areas.
TAG has worked with some companies that are fully waiting for the second and third guidance documents from FDA to come out before they do the full food defense plan. We’ve worked with some companies doing a mix of the above—they’re not waiting for the guidance but are actively testing their plans and having an outsider test their vulnerability, and then they’re rewriting plans based on the findings. They’ll also update their food defense plans, once the second and third FDA guidances are released to the public.
We feel these are the most prepared facilities; there are not a lot of companies at this point, but they’re starting to pick up steam. At this point, I would say most companies are actively pursuing a food defense plan as well as beginning to test their vulnerability.
Jennifer van de Ligt: I agree with Chris and would add that in the past two years or so, there’s also been a shift in how the industry is viewing the Intentional Adulteration rule. Many companies currently have food defense plans based on the events of 9/11 and, for the first couple of years, as the new Intentional Adulteration rule was being written, there was still a heavy emphasis on “that should be enough.” I very rarely hear that now when discussing the Intentional Adulteration rule with our industry partners. I think companies are more prepared from an understanding perspective to move beyond perimeter security and guards to really think about the risks in the facilities that would come from people with legitimate access— what the rule defines as “insider attackers”. Although understanding is increasing, Chris is correct that different parts of industry are on different paths. Some just now understand that they have to do more, while others are well on the way on to looking at how they need to structure themselves internally and are already moving towards vulnerability assessments.
FST: Are you seeing company size play a role in the readiness level?
Join the Food Protection and Defense Institute and The Acheson Group (TAG) at the 2018 Food Safety Consortium for an interactive discussion as they explore recent food defense events, highlighting key components of the incidents relative to government interactions, FSMA regulations, brand reputation, financial interests, and public health response. van de Ligt: The larger companies thinking about a multi-international approach seem to be further along in the process. I think they started thinking about the vulnerability assessment, how they’re going to structure it in their company, and how they’re going to come to compliance because of the breadth and the scope that impacts them. But we’re also seeing, at least in our training, some of the mid-sized companies beginning to take action. I think again, they realize that even though they’re smaller, they’re going to need additional resources, and they might not have those resources in house, so it might take them a bit longer.
Snabes: In general I would agree with Jennifer. I think a lot of it is because they have additional resources, and they can leverage them across many facilities as needed. I don’t see as much action being taken outside the United States on the facilities that are importing into the United States. I think that’s just starting to ramp up. I’m also seeing very small businesses that aren’t required to follow the IA rule implementing this because they want to protect their brand.
FST: What challenges are you seeing companies experience in understanding food defense, IA, and the appropriate preventive actions they should be taking?
FSMA Checklist: Intentional Adulteration rule Snabes: Just understanding how the rules can apply to the business. For some companies, that’s still a challenge. Other companies, like the large ones, get it. Other small- and mid-sized companies are still trying to figure out how it applies to them. After that, the challenge is realizing there are expenses involved. For example, they have to install key fobs, cameras in critical areas, etc. They also have to realize they can meet the IA rule by not spending an exorbitant amount of money. For example, within a budget there are things companies can do without having to spend a lot of money, such as food defense awareness training.
Another challenge is educating all workers in food defense; enforcing the food safety culture within the facility and the idea that their job can be at risk. They have to realize that if they don’t recognize an individual inside the premises, or if something is out of place in a critical area, they need to inform their supervisor. If they see something, they need to say something—and ensure that the intentional adulteration is not taking place.
Educating employees is the least expensive way to invest in food defense, and it is the most effective. However, this can be a challenge for the companies that, for example, have a high turnover rate—if you have a lot of employees coming in and out, that means constant training, enforcement and re-educating. We see quite a bit of companies with a large turnover rate.
van de Ligt: I agree with those points. In our training, we also talk about food defense culture and how it needs to be supported across the business, similar to the way food safety culture is already in many of our businesses, and how to incorporate food defense awareness training, and on-boarding and refresher training.
The other challenges I see is that once you get to the understanding of what needs to be done and you get the buy in, there are some logistical issues at some of the companies—from big to small. Some companies are struggling with understanding which part of the business should be responsible for this (the food safety group, the security group, etc). Because we are talking about legitimate access and who is responsible for putting the plan together: How do these groups that may not have worked closely within the bigger companies now create that shared collaborative environment?
At the smaller companies, where they may not have that breadth or resources, now you’re asking a specialist in one area to pick up a completely different expertise and discipline. With a food safety and quality person, part of their job may be supply chain and sourcing, and now they also have to learn food defense. How are they managing and balancing all the different FSMA rules in their portfolio—because you have one person actually thinking about the breadth of them all. This presents a challenge to the logistics of implementation.
The other challenge I see is that FDA has done a really good job in providing input, guidance and listening sessions, and has been open and available to answer questions—more so for this rule than any of the other rules that I’ve watched go through industry. However, with the guidance being published so close to the compliance date it presents a challenge—companies that are waiting on the guidance will have to comply very quickly without the best understanding on what FDA’s thoughts are—because they’re waiting on the pending guidance.
FST: What steps should companies take to mitigate the IA risk?
van de Ligt: I have three action items for every company to take.
- Read the IA rule, including the preamble if they haven’t. There’s a lot of information there that will help them understand the mindset and how the IA rule came about.
- Read the guidance document when it comes out. The first guidance contains many clarifying examples that will help understanding and implementation.
- Train the key people who are going to be responsible for writing the food defense plan and all employees on food defense awareness.
There are resources out there, whether it’s talking with FDA or coming to a sponsored training, for folks to get assistance in understanding and interpretation, and it would be great for them to take advantage of it.
Snabes: I agree with those three points. In general—do an FDA food defense assessment of your facility. Look for and concentrate on the key activity types that are critical. At least get a list of what areas are going to be the ones you have to mitigate. For example: The offloading of liquids, open vats, hand applied additives, etc. The most important thing I suggest doing right away is food defense awareness training for not just the supervisors, but all the employees—everyone from receiving to shipping to supply chain, etc. Everyone should be aware of the importance of food defense training and how their job depends on it.
In general, with food defense or IA—the rule is a brand new concept to FDA. It’s something they never tackled before. Because of that, there is going to be a longer time of educating before regulating. FDA is going to bend over backwards to work with companies so they understand how this rule is going to be implemented.
Any company out there can have a “strong employee” who wants to cause intentional adulteration, so the time to plan for that is now. Don’t wait for the rule to come into effect before you start planning.
Question 1: Is food fraud addressed in the FDA’s Intentional Adulteration rule (“Mitigation Strategies to Protect Food Against Intentional Adulteration”)?
Karen Everstine: Food fraud, or what the FDA calls “economically motivated adulteration” (EMA), is certainly an intentional act. However, recent U.S. regulations for food fraud/EMA are outlined in the Preventive Controls (PC) rules (“Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Human Food” and “Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Food for Animals”) and not in the Intentional Adulteration (IA) Rule. FDA indicated that the IA rule was intended to “prevent acts intended to cause wide-scale harm.” Therefore, new requirements related to food fraud/EMA are included in the hazard analysis requirements in the PC rules. FDA indicated they anticipate EMA preventive controls to be needed only in rare circumstances and “usually in cases where there has been a pattern of EMA in the past.” It is important to note that these requirements are specific to hazards that may be introduced for the purposes of economic gain. EMA that only affects product quality is outside the scope of the PC rules. However, there are misbranding and adulteration provisions of the Food Drug and Cosmetic Act that apply to EMA more broadly (whether or not the substance used may be a hazard).
Question 2: If my facility includes food fraud/EMA in our hazard analysis, will we be compliant with global food fraud requirements?
Everstine: Addressing food fraud/EMA only in your hazard analysis is not sufficient for GFSI compliance. Therefore, if your facility needs to be GFSI compliant, you will need to implement a food fraud vulnerability assessment and mitigation plan that covers all types of fraud. This includes fraud that only affects quality and it includes counterfeiting, theft, diversion, and gray market production. While FDA has indicated they are primarily focused on food fraud/EMA that has a known pattern of occurrence and could be a hazard, GFSI requires that industry evaluate vulnerability more broadly. This includes identifying fraud opportunities (such as complex supply chains), individual capability, and “weak signals” of fraud that could include indicators such as price changes for commodities.
As we look to 2018, the need for food defense activity remains. Increased adulteration incidents in 2017, consumer purchasing trends and FSMA rules implementation drive this need and the work necessary to complete it in 2018.
Intentional Adulteration of Food. It was evident that intentional adulteration of food did not diminish over the past year and likely increased. Adulteration cases of spices with undeclared ingredients to extend the product or boost color were documented. Terrorists plans and food adulteration tests were uncovered and publicized. In Germany, a man threatened to put antifreeze in the nation’s baby formula supply chain. And disgruntled employees continued to adulterate food to get revenge on their employer or co-workers. Given the complexity of our food system and the limited transparency of supply chains from farm to fork, those willing and able to adulterate will continue to do so in 2018.
Consumer Demands. Look in your local grocery aisles and you will find an ever-increasing section of “freedom foods”. These are foods that claim to be free of something whether it be gluten, lactose, pesticides or GMOs. With increasing frequency consumers are also asking questions about the sustainability and agriculture practices of the food they buy. How have the oceans been fished? Are my eggs from cage-free chickens? Does the food I buy protect the environment. Based on current trends, consumers will continue to spend their food dollars on organic, free-of, and sustainability produced food. This means food defense needs to have a keen eye on where fraudsters could adulterate products representing these food trends.
Company Food Defense. Two things have increased in the requests we are getting from companies: New incidents and the nearing deadline for compliance of the FSMA Intentional Adulteration (IA) rule. First, adulteration incidents that affect your product or the ingredients you use changes the lens you see food defense through. Even an adulteration in an ingredient or product similar to yours makes you look twice at how protected you are. With the continued incidents, companies are taking a hard look at how they are affected. Second, food companies have completed their work to prepare for the early FSMA rules such as Preventive Controls and Foreign Supplier Verification moving their attention to the next rules. The IA rule compliance dates begin in July 2019, and we anticipate increased activities, questions and food defense efforts in 2018.
As you can see, there is a nexus of need to accomplish defense work in our food system. Perhaps 2018 will be “the” year of food defense where individually and collectively we close vulnerability gaps.
The FSMA Intentional Adulteration rule is focused on preventing intentional adulteration from acts intended to cause wide-scale food safety impacts to public health, including acts of terrorism, economic adulteration and disgruntled employees. Such acts, while unlikely, could cause illness, death and economic disruption of the food supply absent mitigation strategies. This rule requires mitigation strategies to reduce risk versus specific food hazards.
How much do you know about the Intentional Adulteration Rule? Test your smarts by taking the FSMA IQ Test here The Intentional Adulteration rule is established to address large companies with products that reach many people, while exempting smaller companies. This rule requires covered facilities to conduct a “vulnerability assessment” to identify vulnerabilities and actions to take for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these vulnerabilities must be identified and evaluated. Covered facilities must also prepare and implement a Food Defense Plan. This written plan must identify the vulnerabilities and actionable process steps; mitigation strategies; and procedures for food defense monitoring, corrective actions and verification. A reanalysis is required every three years or when certain criteria are met, including mitigation strategies that are determined to be improperly implemented.
Self-Diagnostic Assessment Tool
The following self-diagnostic assessment tool can help organizations better determine their current state of planning when it comes to implementing and managing FSMA Intentional Adulteration requirements. To complete your own assessment, review and compare your programs to the questions in Table I.
Companies must have the appropriate systems in place to comply with FSMA Intentional Adulteration requirements or face possible willful non-conformance, which can include fines and criminal penalties under FDA enforcement. The questions in Table I will help companies identify areas to consider regarding their program. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage all your food safety requirements, and change “No” responses into “Yes” responses that promote best practices for FSMA and food safety compliance.
The results are in for this year’s final FSMA IQ test on the intentional adulteration rule. If you didn’t take the test yet, follow this link. Find out how you fared below.
- The Intentional Adulteration program that must be developed can rely on food security issues addressed by Preventive Control programs.
- 39.51% answered correctly
- In developing your Intentional Adulteration Plan, you must determine vulnerabilities to your food product risks.
- 98.81% answered correctly
- Your written program is called a Food Security Plan.
- 62.65% answered correctly
- There is no reanalysis provision for Intentional Adulteration programs and Food Defense Plans under the rule.
- 89.29% answered correctly
- The Intentional Adulteration compliance plan must include the monitoring of certain key areas.
- 95.18% answered correctly
- Only large food companies over a certain size need to develop and establish a Food Defense Plan under the FSMA Intentional Adulteration rule.
- 6.02% answered correctly
- There is now risk assessment associated with the Intentional Adulteration rule requirements.
- 10.84% answered correctly
- Mitigation strategies within the Food Defense Plan are key components to a compliant program.
- 96.43% answered correctly
- Each point, step, or procedure in the facility’s process must be included in the Intentional Adulteration vulnerability assessment process.
- 80.72% answered correctly
- Economic adulteration is a key component of the FSMA Intentional Adulteration rule?
- 23.81% answered correctly