Tag Archives: mitigation strategies

Lessons Learned from Intentional Adulteration Vulnerability Assessments (Part II)

By Frank Pisciotta, Spence Lane
No Comments

Food defense is the effort to protect food from intentional acts of adulteration where there is an intent to cause harm. Like counterterrorism laws for many industries, the IA rule, which established a compliance framework for regulated facilities, requires that these facilities prepare a security plan—in this case, a food defense plan—and conduct a vulnerability assessment (VA) to identify significant vulnerabilities that, if exploited, might cause widescale harm to public health, as defined by the FDA. Lessons learned during the conduct of food defense vulnerability and risk assessments and the preparation of the required food defense plan are detailed throughout this three-part series of articles. Part I of this series addressed the importance of a physical security expert, insider threat detection programs, actionable process steps (APS) and varying approaches to a VA. To further assist facilities with reviewing old or conducting new VAs, Part II will touch on access, subject matter experts, mitigation strategies and community drinking water through more lessons learned from assessments conducted for the largest and most complex global food and beverage facilities.

Lesson 6: Utilization of Card Access. The FDA costs of implementing electronic access control, as reported in the Regulatory Impact Analysis document (page 25) are shown in Table 1.

Average Cost Per Covered Facility Initial Recurring Total Annualized
Prohibit after hours key drop deliveries of raw materials $ $1070 $1070
Electronic access controls for employees $1122 $82 $242
Secured storage of finished products $1999 $– $285
Secured storage of raw materials $3571 $– $508
Cameras with video recording in storage rooms $3144 $– $448
Peer monitoring of access to exposed product (not used) $47 $1122 $1129
Physical inspection of cleaned equipment $– $303 $22
Prohibit staff from bringing personal equipment $157 $– $22
Total $9993 $1455 $2878
Table I. Costs of Mitigation

In our opinion, these costs may be underreported by a factor of five or more. A more realistic number for implementing access control at an opening is $5,000 or more depending on whether the wire needs to be run in conduit, which it typically would. While there are wireless devices available, food and beverage organizations should be mindful that the use of wireless devices may in some cases result in the loss of up to 50% of electronic access control benefits. This happens because doors using this approach may not result in monitored-for-alarm conditions, such as when doors are held open too long or are forced open. Some wireless devices may be able to report these conditions, but not always as reliable as hardwired solutions. Using electronic access control without the door position monitoring capability is a mistake. From a cost standpoint, even a wireless access control device would likely be upwards of $2,000 per opening.

Lesson 7: In the interest of time, and in facilities with more complex processes (which increases the work associated with the VA), plan to have quality, food safety and physical security personnel present for the duration of the VA. But also bring in operational specialists to assess each point, step or procedure for the respective operational areas. You may wish to have a quick high-level briefing for each operational group when it’s their turn to deliberate on their portion of the manufacturing operation. Proper planning can get a hybrid style VA done in one-and-a-half to three days maximum for the most complex of operations.

Lesson 8: Conduct a thorough site tour during the assessment process; do not limit your vulnerability activity to a conference room. Both internal and external tours are important in the assessment process by all members of the team. The external tour is needed to evaluate existing measures and identify vulnerabilities by answering questions such as:

  • Is the perimeter maintained?
  • Are cameras pointed correctly?
  • Are doors secure?
  • Are vehicles screened?
  • Are guards and guard tours effective?
  • Internal tours are important to validate documented HACCP points, steps or procedures.A tour also helps to validate process steps that are in multiple parts and may need to be further assessed as a KAT, for public health impact, accessibility and feasibility or to identify issues that have become “invisible” to site employees which might serve a security purpose.
  • Properly conducted tours measure the effectiveness of a variety of potential internal controls such as:
    • Access control
    • Visitor controls
    • Use of identification measures
    • Use of GMP as a security measure (different colors, access to GMP equipment and clean rooms)
    • Effectiveness of buddy systems
    • Employee presence

Lesson 9: Do not forget the use of community drinking water in your processes. This is an easy way to introduce a variety of contaminants either in areas where water is being treated on site (even boiler rooms) or where water may sit in a bulk liquid tank with accessibility through ladders and ports. In our experience, water is listed on about half of the HACCP flow charts we assessed in the VA process.

Lesson 10: Some mitigation strategies may exist but may not be worth taking credit for in your food defense plan. Due to the record keeping requirements being modeled after HACCP, monitoring, corrective action and verification records are required for each mitigation strategy associated with an APS. This can often create more work than it is worth or result in a requirement to create a new form or record. Appropriate mitigation strategies should always be included in your food defense plan, but sometimes it produces diminishing returns if VA facilitators try to get too creative with mitigation strategies. Also, it is usually better to be able to modify an existing process or form than having to create a new one.

Lesson 11: In cases of multi-site assessments, teams at one plant may reach a different conclusion than another plant on whether an identical point, set or procedure is an APS. This is not necessarily a problem, as there may be different inherent conditions from one site to the next. However, we strongly suggest that there be a final overall review from a quality control standpoint to analyze such inconsistencies adjudicate accordingly where there is no basis for varying conclusions.

Lesson 12: If there is no person formally responsible for physical security at your site, you may have a potential gap in a critical subject matter area. Physical security measures will make at least a partial contribution to food defense. Over 30 years, we have seen many organizations deploy electronic access control, video surveillance and lock and key control systems ineffectively, which provides a false sense of security and results in unidentified vulnerability. It is as important to select the right physical security measures to deploy, but also critical to administer them in a manner that meets the intended outcome. Most companies do not have the luxury of a full-time security professional, but someone at the plant needs to be provided with a basic level of competency in physical security to optimize your food defense posture. We have developed several online training modules that can help someone who is new to security on key food defense processes and security system administration.

Lesson 13: As companies move into ongoing implementation and execution of the mitigation strategies, it is important to check that your mitigation strategies are working correctly. You will be required to have a monitoring component, correction action and verification intended for compliance assurance. However, one of the most effective programs we recommend for our clients’ food defense and physical security programs is the penetration test. The penetration test is intended to achieve continuous improvement when the program is regularly challenged. The Safe Quality Food (SQF) Institute may agree with this and now requires facilities that are SQF certified to challenge their food defense plan at least once annually. We believe that frequency should be higher. Simple challenge tests can be conducted in 10 minutes or less and provide substantial insight into whether your mitigation strategies are properly working or whether they represent food defense theater. For instance, if a stranger were sent through the plant, how long would it take for employees to recognize and either challenge or report the condition? Another test might include placing a sanitation chemical in the production area at the wrong time. Would employees recognize, remove and investigate that situation? Challenge tests are easy high impact activities; and regardless of the outcome, can be used to raise awareness and reinforce positive behaviors.

Whether training a new security officer, reviewing existing security plans or preparing for an upcoming vulnerability assessment (due July 26, 2020), these lessons learned from experienced security consultants should help to focus efforts and eliminate unnecessary steps at your facility. The final installment in this series will address broad mitigation strategies, the “Three Element” approach and food defense plan unification. Read the final installment of this series on Lessons Learned from Intentional Adulteration Vulnerability Assessments, Part III.

Contamination, Adulteration Remain Highest Priority

By Maria Fontanazza
No Comments

Increased media attention and consumer awareness of verifying ingredients, detecting allergens and effectively tracing the source of outbreaks has placed much higher scrutiny on food processors and manufacturers. With the anticipated FSMA final rule on intention adulteration (Focused Mitigation Strategies to Product Food Against Intentional Adulteration) expected in late spring, having the ability to effectively detect and address product contamination and adulteration will be of significant importance to manufacturers. In preparation for the upcoming Food Labs Conference March 7–8, Food Safety Tech sat down with Craig Schwandt, Ph.D., director of industrial services at McCrone Associates, to learn how contamination is currently affecting food companies and what they should be doing to protect their products and ensure consumer safety.

Craig Schwandt will be presenting “Contaminant Particle Identification: Establishing Provenance and Complying with FSMA” at this year’s Food Labs Conference | March 7–8 | LEARN MOREFood Safety Tech: What are the big issues facing the food industry related to product contamination?

Craig Schwandt: I think the biggest issue facing the food safety industry is realizing that FSMA, in its final ruling, comes with requirements to ensure food safety from farm to table. In the past, many [ingredients] were GRAs, or generally recognized as safe, so when there was a contaminant, [food companies] had a lot of liberty in disposing of the batch and weren’t too concerned about where it came from.

FSMA is going to require that [food companies] keep records of what contaminants are found, how they address it and whether it’s a recurring problem, and [that they] have a procedure in place to track back and [conduct] forensic analysis. In the analytical services industry we call it investigational analysis, which is a description of what actually takes place for ascertaining what the contaminant is and how it got there. That information is provided to clients so they can track back in their production process—all the way to the raw materials and then ascertain where the contaminants came from in that production chain.

The big challenge will be in recognizing that they have to start keeping records and then actually doing the investigation to determine what contaminants are there and determine where they’re coming in.

Craig Schwandt_McCrone Associates
Craig Schwandt, Ph.D., McCrone Associates

FST: Are companies taking the right steps to detect and identify contaminants in food?

Schwandt: Some of them do and some don’t.  At last year’s Institute of Food Technologist’s conference in Chicago, there was a session on FSMA in which there were representatives from FDA, the Grocery Manufacturers Association and a major food company.  I was a little bit shocked by the food company’s position.  They felt they didn’t need to take all of the steps required by FSMA because they dealt directly with producers from all over the world.  They felt removing intermediaries from their supply chain sufficiently protected their products from adulteration. This seems to be oversimplifying the production and supply chain process. Even though they may directly deal with farmers, there’s still opportunity from the time food stuff is harvested to being dried, placed in containers, and shipped from overseas to the U.S.—there are several steps where unintentional contaminants can arise. So to say they didn’t need to look at the potential for contamination because they dealt directly [with farmers] is a bit oversimplified.  I think this perspective typifies some of the industry’s viewpoint at the moment.

The Foreign Supplier Verification Program specifically addresses this concern.  Even companies that deal directly with producers and supplies in the country of the product’s origin will be required to demonstrate that they tested it and verified it as uncontaminated.

The understanding and recognition by suppliers of these new regulations is the biggest issue facing the food industry right now—especially now that the final rulings have been issued and we’re in the grace period before compliance with the regulation is required.

FST: What technologies are helping in the effort to fight product adulteration, especially as it relates to FSMA compliance?

Schwandt: Handheld instrumentation is making headway at identifying, at a gross scale, screening capabilities—handheld x-ray fluorescence instrumentation and handheld infrared spectroscopy, to identify things at the bulk level. Mass spectrometry methods and chromatography are exceptional at their ability to do really fast general screening for chemical adulterants. I think many of the food laboratories and food companies have in-house laboratories and screen in that general way.

In terms of some of the solid phase contaminants, I think there’s a lack of in-house capability at the moment where one can use simpler [methods] like optical microscopy and another microscopy-based methods to identify the physical solid phase contaminants.

A good example is the use of magnetometers.  Many companies use large-scale process line magnetometers to highlight the presence of metal pieces in their product. A magnetometer tells you that there are metal contaminants in your product, it does not provide a specific alloy identification.  Whether one needs to go further to use additional methods and actually ascertain the composition of the alloy, is the question.  That’s a new requirement—to identify what it is and then to try and assess where in the process it may have occurred. Using a microscopy-based method is advantageous because metal pieces are easily isolated and identified. Once food industry clients have an idea of what the alloy is, they can compare it to the metal alloys that make up their machinery along the way, whether it’s packaging or sorting machinery, [and] essentially establish where the particles enter into the food process.