Unfortunately, quite often we are reminded of the vulnerabilities throughout the food supply chain. The latest E. coli outbreak linked to Chipotle restaurants in Oregon and Washington once again has consumers and the food safety industry on edge about traceability and a company’s ability to quickly identify the source of a serious outbreak. According to the CDC’s most recent update, laboratory testing is ongoing to find the DNA fingerprint of the bacteria. Concerning as this may be, no deaths have been reported thus far, but 42 people have been reported ill and 14 have been hospitalized in Washington and Oregon. In the most recent statement released on Chipotle’s website, the company said it is “aggressively” taking steps to address the problem, including by conducting deep cleaning and sanitization of its restaurants as well as environmental testing in its restaurants, and replacing all food items in the establishments that it closed “out of an abundance of caution”.
What if this were a situation of intentional contamination? Would Chipotle or any other company in this type of scenario really be prepared? These questions were posed by Rod Wheeler, CEO of The Global Food Defense Institute during a recent conversation with Food Safety Tech about food defense, and food tampering and intentional adulteration. Wheeler and Bruce Lesniak, president of Lesniak & Associates, shared their views on the threats that the food industry is facing and why companies need to have a strong plan in place to prepare for an attack on the food supply.
During next week’s Food Safety Consortium conference, Rod Wheeler will moderate the Ask the Experts session, “Engaging Food Tampering Discussion Surrounding Food Defense” on Wednesday, November 18. LEARN MOREFood Safety Tech:What challenges do you see companies facing in the area of food tampering and adulteration?
Rod Wheeler: Our food supply is wide open. It accounts for 13% of the overall U.S. GDP. One thing we know about terrorists is that they want to affect our financial markets. What’s the best way to do that? You attack the 13% GDP – and what infrastructure is that? It’s our wireless systems, airline systems, transportation systems, medical supply, or our food and agricultural supply. Those are the top areas in which we need to focus, and we have to make sure the food & agriculture supply remains safe and secure in the United States.
On 9/11 the world changed, and the challenge for us becomes, within all of our 18 infrastructures, but how have we changed? Do we continue to do business the same way we always have, even prior to 9/11? Over the past few years, we’ve seen a significant increase in terroristic activity around the world—from France to Syria to Yemen to Pakistan. Here in the United States, we have to be mindful of what is happening.
Rod Wheeler, CEO of The Global Food Defense Institute
We’ve always had food safety programs: HACCP, HARPC, GFSI, SQF, etc.—those are good for unintentional contamination. But what happens if someone wants to intentionally place a deadly contaminant into a product?
In this country, on a daily basis we see contaminations occurring. We were recently notified of a massive outbreak of E. coli that has occurred throughout the Chipotle system: 47 Chipotle stores have been closed. What does that mean? Is that just a food safety issue? What if that E. coli could have been intentionally grown in a test tube and placed into the food supply? Going forward, we have a duty and an obligation to look at these things, not just at face value but think about whether they are intentional events.
FST: Where are the biggest holes within food defense plans?
Wheeler: With more than 15 years of visiting food processing facilities, agricultural farms, dairy farms, and dairy processing facilities, the biggest concern that resonates with me is the fact that the culture of security is not there. The culture of security is simply security awareness—not planning. People in food plants are being taught to be mindful not vigilant. The largest of food companies have well thought out and active safety and defense plans, and their employees are educated, trained and empowered. We find that this falls off sharply with the mid-sized and small manufacturers and suppliers. All food providers must have a comprehensive and strategic security plan that is active and measureable.
For example, let’s say a contractor is walking though a food plant. You have worked in that plant for five years but have never seen this person before. Would you question that person about their credentials? Are people thinking about the things they can personally do to reduce or mitigate the risk… are they empowered?
“When Someone Dies, It’s Not Business as Usual”: Darin Detwiler of STOP Foodborne Illness discusses the impact of the PCA sentencing on the food industry. Watch the video
So, the question is “what do you do when/if”: This is one of the topics we will be discussing at the [Food Safety Consortium] conference. It’s interesting that when we present this scenario to the management of a food company, many answer back with a blank stare. We ask, do you shut down your facility? Do you notify your customers? Do you notify the national media? This question goes to the root of the company’s security culture and the strength of its strategic planning. Until we develop the necessary plans, processes and protocols to respond proactively, we will continue to remain vulnerable.
FST: Do you think many food companies assume something catastrophic won’t happen to them?
Wheeler: I always ask why it is that we don’t anticipate these things in advance. People are complacent. “It’s not going to have happen here,” they say. “What terrorist would come to our small town and do this? We’re just a small mom and pop [business].”
Recently, I received a call from a 17-employee company in Tennessee. This particular company processes honey for 100 large box retail stores. I received a call from the CEO who said, “My client wants us to have one of those vulnerability things.” He was referencing the vulnerability assessment. He said, “I don’t know why they’d want us to have one of those. We’re a small company down here in Tennessee, why does my client think some terrorist would come here?” The fact is, attackers will find the weakest link to attack: The small honey company is not the target; they are the vessel by which the attackers get to the primary target, and in this case, the big box retailer. The big box retailer/supplier is the target and the simplest, most effective way to get to them is through the hundreds of small, low to no protection suppliers.
These are the issues we need to enlighten and educate companies about; we need to get them thinking differently, because this way of thinking is completely different. If you ask someone who’s been in this industry for years, they’ll say, we never had to worry about locking our doors, or use biometrics to gain access to certain areas. We never had to think about these things in the Food & Ag supply before.
During our front line training course, we place a significant amount of focus on the food plant blending areas and why it is the number one threat area for intentional/unintentional contamination of our food supply in the United States. The blending area is exposed to a number of vulnerabilities and once attacked, the tainted ingredients are spread among numerous products that once distributed, are not necessarily quickly traced once they are blended into the final product.
Bruce Lesniak: The consequences of such an emergency are multifaceted; they affect the consumer and their product confidence, the manufacturer through recall and the retailer through recall, brand damage and loss of consumer loyalty. Often, this ripple effect begins with the small supplier and works its way upstream to affect the entire process.
We are seeing this scenario unfold in real time with Chipotle—this is huge in the food industry. FDA has not been able to determine exactly where that genetic fingerprint has originated resulting in location closures, shaken consumer confidence and brand damage. –Rod Wheeler
FST: What will it take the industry to wake up to what could become a serious reality?
Wheeler: Unfortunately it’s probably going to take a major incident for people to wake up and smell the coffee. With that said, we firmly believe that it is critical to awaken the sleeping giants before something happens. We must increase the awareness and provide education to heighten the reality of what can potentially happen and promote proactive engagement of risk mitigation.
FST: In the context of FSMA, are companies prepared for the compliance stage?
Wheeler: Over the years, I’ve seen a number of companies begin to ramp up security at their facilities. But a number of them are doing it because they realize they need to comply with the food defense elements of FSMA; the larger companies are driving compliance and are requiring that their suppliers comply. But I think convincing companies about “Why” this is important, is the challenge. Often times companies will say, “we’re doing this training”, or “we’re doing this vulnerability assessment because it’s a requirement of FSMA.”
We feel that if being compliant is your “Why “reason, then you are spending time and money for the entirely wrong reason. You don’t do vulnerability assessment or training in food defense because you want to comply with the law. You do it because you want to protect your company and the consumer from the reality of what can happen and proactively work to avoid a threat.
Lesniak: We see the adoption trend take hold as it has traditionally, in three phases. First are the early adopters—they understand the importance of compliance for the right reasons and the need for food defense, Second are those who feel the urgency to comply due to a compelling issues (an incident or have been instructed to do so by larger suppliers in order to retain contracts), and third are those who will come kicking and screaming.
Wheeler: A lot of the requirements of FSMA were generated as a result of the PCA event in 2009. The prosecution and subsequent conviction of the Parnell brothers isn’t the last prosecution we’re going to see for someone violating a food safety protocol. This is the first, and it’s a wake up call.
The FDA issued the first of several final regulations aimed at modernizing the food safety system through the use of hazard analysis and risk-based preventive controls. Inherent in this system are a number of requirements that eligible food facilities must follow, such as developing a written food safety plan, monitoring, corrective actions and verification. Laboratory testing is an essential component as well.
Robin Stombler presented “Laboratory Oversight and FSMA: Why and When” at the Food Labs Conference in Atlanta, GA | March 7–8, 2016So, what should food facilities know about laboratory testing within the context of the preventive controls for human food final rule? First and foremost, the final rule states, “facilities have a responsibility to choose testing laboratories that will produce reliable and accurate test results.” While a future regulation is expected to address the need for accredited laboratories and model laboratory standards, the preventive controls rule adopts other requirements pertaining to testing. Here are five questions that food facilities should ask about testing and the preventive controls rule.
1. What is the difference between pathogens and microorganisms?
The final rule defines “pathogen” to mean a microorganism that is of public health significance. A microorganism is defined as “yeasts, molds, bacteria, viruses, protozoa and microscopic parasites, and includes species that are pathogens.” Microorganisms that are of public health significance and subject food to decomposition or indicate that the food is adulterated or is contaminated with filth are considered “undesirable.”
2. How must food facilities account for pathogens?
Food facilities must prepare and implement a written food safety plan. One component of the food safety plan must include a written hazard analysis. This analysis must identify known or reasonably foreseeable hazards. These hazards may be biological, which includes parasites, environmental pathogens and other pathogens.
In another example, the food safety plan must include written verification procedures. This is to demonstrate that the facility is verifying that its preventive controls are implemented consistently and are significantly minimizing or preventing the hazards. These verification procedures are intended to be appropriate to the particular food facility, the food in question, and the nature of the preventive control and its role within the facility’s food safety system. With this in mind, facilities must conduct activities such as product testing for a pathogen or an appropriate indicator organism or other hazard, and environmental monitoring.
3. Are there written procedures specific to product testing?
Yes. Procedures for product testing must be scientifically valid and must identify the test microorganisms or other analytes. The procedures for identifying samples, including their relationship to specific lots of products, must be written and implemented. The procedures for sampling, including the number of samples and the sampling frequency, must be outlined. The facility must recognize the laboratory conducting the testing as well as describe the tests that are performed and the analytical methods used. Corrective action steps must also be included.
4. What are the procedures for environmental monitoring?
Similar to product testing, these procedures must be scientifically valid, identify the test microorganisms, and be put in writing. For routine environmental monitoring, the location from which the samples are collected and the number of sites that are tested must be stated. The final rule indicates that the “number and location of sampling sites must be adequate to determine whether preventive controls are effective.” Written procedures must also identify the timing and frequency for collecting and testing samples. Again, similar to product testing, the laboratory conducting the testing and the tests and analytical methods used must be divulged. Corrective action procedures must also be included.
5. How does the supply-chain program incorporate testing?
A receiving facility is required to document a written supply chain program in its records. A component of that program includes documentation of sampling and testing performed as a supplier verification activity. The documentation must include identification of the raw material or other ingredient (including, if appropriate, lot number) and the number of samples tested. It also means that the tests conducted and the analytical methods used must be identified. The date the test is conducted as well as the date of the test report must be provided, and the identity of the laboratory performing the testing must be revealed. Any corrective actions that were taken in response to a hazard detection must also be reported.
This Q&A provides a glimpse into how the preventive controls final rule for human food incorporates laboratory testing. For more details, access the final rule.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for these cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
We also use cookies to store your preferences regarding the setting of 3rd Party Cookies.
If you visit and/or use the FST Training Calendar, cookies are used to store your search terms, and keep track of which records you have seen already. Without these cookies, the Training Calendar would not work.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Cookie Policy
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.
Our Privacy Policy explains how we collect and use information from and about you when you use This website and certain other Innovative Publishing Co LLC services. This policy explains more about how we use cookies and your related choices.
How We Use Cookies
Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.
In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.
You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.
Individuals may opt-out of 3rd Party Cookies used on IPC websites by adjusting your cookie preferences through this Cookie Preferences tool, or by setting web browser settings to refuse cookies and similar tracking mechanisms. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device on which you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the websites. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc. You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly or less effectively.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.
