Tag Archives: Preventive Controls

Question mark

FSMA: What Does ‘Qualified’ Mean?

By Maria Fontanazza
No Comments
Question mark

The term “qualified” appears a few different ways in the FSMA rules. In a Q&A with Food Safety Tech, Cathy Crawford, president of HACCP Consulting Group, was invited by DNV-GL to clear up some of the ways the term is used in the FSMA rules.

Food Safety Tech: Can you break down the difference what “qualified” means as it relates to a qualified individual, qualified auditor and qualified facility?

Cathy Crawford, HACCP Consulting Group
Cathy Crawford, president of HACCP Consulting Group

Cathy Crawford: Explaining the term happens all at once. I think it’s not clear in the preventive controls or sanitary transportation [FSMA] rules; they use the word in two different ways. “Qualified” sometimes means that you’re officially recognized as trained or suitable for something, but “qualified” can also mean modifications or limitations or exceptions. That’s why it is confusing, because it can seem like it has opposite meanings.

“Qualified” [means] trained or ready to do a certain job—that’s the most common meaning. The preventive controls rule talks about a qualified individual, as a person who has the training, education or combination of those needed to manufacture, process or hold food. That’s appropriate to their duties—meaning not everyone has to be qualified to do everything, but individuals have to be qualified when it comes to doing their job when it pertains to food safety.

The regulation goes on to say that it might be education and experience, but there is also some mandatory training. I think a lot of companies aren’t paying attention to this—that all qualified individuals have to be trained in food safety, hygiene and the specific duties of their job, and because that’s a regulatory requirement, they have to have documentation to support that they did this. The regulation also says that supervisors should have the education or experience necessary to supervise, so their training should demonstrate that it’s a little more in depth than what other qualified individuals would get.

Then there’s the PCQI, the preventive controls qualified individual. That’s someone with the education, experience or training to be able to perform specific functions that are called out in the preventive controls rule—meaning they can create a food safety plan, they can conduct or oversee verification, validation and corrective action, or they can reanalyze the food safety plan. The regulation specifically says the PCQI has to do those things. So that’s a different sort of qualified individual; it’s another step basically.

The other term is the qualified auditor. That definition starts with a qualified individual (QI) and elevates from QI to supervisor to PCQI and then to a qualified auditor. A qualified auditor is a QI who has the technical experience needed to conduct audits. That’s about as far as it goes in the regulation, except that they give examples such as that it could be a government employee or an agent of a certification body, but you have to take it in context. The regulation doesn’t say those are the only examples, so I think there’s some flexibility in those examples, and we have yet to see how FDA is going to implement the rule going forward.

When we talk about these qualified individuals, we mostly think about the preventive controls rule, but it also pops up in the sanitary transportation rule. In that rule, the term isn’t defined at all, so I suspect they would share the definition that’s in the preventive controls rule for a qualified individual. But under the sanitary transportation [rule], only the qualified individual can make decisions about what to do when there is an unusual circumstance in transportation such as an accident or a refrigeration unit that breaks down.

FST: Can a “qualified” person be company staff or is there an inclusion that someone can be brought in to take care of these duties, for example, on an outsourcing basis?

Crawford: That’s certainly an option. I haven’t experienced any companies that have chosen that option. I suspect maybe smaller companies or those that are members of a strong affiliation like a coop or trade association might reach out to get someone to play the role of PCQI. But it’s a very significant role, and there’s a certain level of responsibility and therefore liability associated with it, so I think it’s best that the person is a company employee.

I also highly recommend training. Although the two-and-a-half-day class on the preventive controls rule isn’t technically mandatory, it’s extraordinarily helpful.

At first when our company (as a consulting group) was teaching this course, many of the classes contained 50% or more of participants from FDA. It was interesting because industry and FDA were learning together. I think most companies are sending one or two people so they can get the information and share it when they come home.

FST: Discuss some of the confusion surrounding the term “qualified facilities”.

Crawford: This is where “qualified” has almost the opposite meaning. Here’s an analogy: There’s the concept of a lifeguard—you can be qualified to be a lifeguard like a person can be a qualified individual in a food facility, but you could also have a qualified lifeguard certificate, which means you’re limited and can only do lifeguarding when there’s no more than 25 people in the pool; versus someone who has more training and can do it anytime. It’s a limitation.

In the regulation, a facility is the qualified facility when it meets certain characteristics that don’t have to follow the entire rule, but can follow a smaller piece of it.

“Qualified” is based on size. If a facility is very small, with inventory less than $1 million in food assets and sales annually, then they are a qualified facility, so they don’t have to follow the entire preventive controls. They follow a modified version, which is primarily around having the GMPs in place but not necessarily having a food safety plan like the larger facilities must have.

FST: When a company is uncertain about their status, where can they go to get help?

Crawford: Many companies ask their own attorneys and FDA. The FDA has a website called the TAN (Technical Advisory Network) where companies or citizens can submit questions. It takes a bit of time but you will get an answer, and that’s a good way to go.

FST: With all the differences and nuances in these terms, what can companies do to better familiarize themselves with what these terms mean as they relate to FSMA so they can effectively execute required tasks?

Crawford: Number one: Either read the regulation on your own or attend the class that goes over the regulation like the two-and-a-half-day preventive controls course.
Second, companies need to document their training activities, because it’s required to demonstrate that someone is qualified. FDA has said they don’t intend to visit a facility and then document a 483 due to lack of a PCQI or a QI. That’s not the focus of their inspection—it’s an important part of the regulation, but they wouldn’t write a 483 just for missing training records. What they’re looking for is an effective system. If they visit and the system isn’t in place or it’s not documented, then they might back up and realize the reason it wasn’t done right is because they don’t have a QI or PCQI.

Finally, understand the terms, and make sure you have qualified people in place and that you can prove with records that they really are qualified.

Randy Fields, Repositrak
FST Soapbox

How Your Approved Supplier Program Can Reduce Your Risk

By Randy Fields
No Comments
Randy Fields, Repositrak

Editor’s note:
Randy Fields, Chairman & CEO of Park City Group and CEO of ReposiTrak, will be featured in the keynote panel on the past, present and future of food safety journey at the upcoming Food Safety Consortium November 29, 2017 in Schaumburg, Il. He will discuss how to leverage technology and an approved supplier program to reduce a company’s risk. Here’s a preview of some of that content.


Everyone in the extended food supply chain, from ingredient and packaging suppliers through manufacturers and ultimately to the retailers or foodservice operators work hard to ensure the safety of the consumer. It’s why they’re in business. These companies also work to understand the various risks inherent in the supply chain and deploy comprehensive and repeatable processes designed to reduce the potential impact of those issues.

Selecting suppliers has inherent risks, so a comprehensive process is needed to mitigate any threats. Without properly vetting potential suppliers, companies may encounter existential challenges without the right tools needed to survive.

One of the most important areas for this risk mitigation is the approved supplier program which helps to ensure product quality standards are met. These programs are also required under the Preventive Controls portion of the Food Safety Modernization Act.

A best-in-class supplier approval process includes certifying suppliers, monitoring external and internal risk levers, continual and repetitive analysis to determine how programs are affecting the business and mitigating risk by planning for potential disruptions. It needs to be proactive and predictive to address the ever-changing consumer and business environments.

A successful supplier approval program attempts to address every foreseeable risk concern, from product recalls to supply chain disruptions. It is typically based on a standardized checklist that includes a comprehensive list of questions to assess a supplier’s food safety and quality systems. Sample questions focus on items like food safety certificates, compliance documentation, quality assurance programs, HACCP plans and third-party audits.

Supplier and product risk assessment is a critical element of the supplier approval program. Companies need to examine hazards that could contaminate products or create issues related to allergies. The risk assessment is usually a scorecard that establishes a series of levels and a baseline under which a supplier is not acceptable.

To ensure accuracy and consistency throughout the onboarding and subsequent procurement processes, companies should have a single repository of supplier information. Having a centrally located database of supplier information and required documentation will not only increase efficiency, it can help maintain compliance and give your organization the visibility it needs to take action. This database should include details on the approved primary suppliers and any potential risks associated with the supplier or its products. The system should have a process to conduct ongoing monitoring of suppliers to ensure that agreed upon standards are maintained.

Once the supplier approval program is up and running, it needs to be monitored constantly or the risks companies are trying to mitigate will return. Managing risk is not a one-time event., nor is managing supplier information. Implementing a process where established suppliers will update their information annually will help ensure companies are working with the most current information.

The bottom line is that a company’s reputation may be tarnished if there is a product recall or worse. Ensuring approved procedures and processes are followed every time a new supplier or product is considered will greatly help to mitigate the risks involved.

Robert Rogers
FST Soapbox

Validating Your Foreign Material Inspection System

By Robert Rogers
No Comments
Robert Rogers

The Food Safety Modernization Act (FSMA) requires that food manufacturing and processing companies identify potential hazards within their production systems and then:

  • Put in place preventive controls to address those hazards,
  • Monitor those preventive controls to ensure their effectiveness &
  • Provide documentation proving compliance with these requirements.

There are also requirements for each company to develop and establish its own plan identifying potential food safety hazards and preventive controls to counter them, and to establish the monitoring procedures that will verify the efficacy and reliability of the preventive controls.

Validating, verifying and monitoring the performance of the systems that ensure that only safe food enters the market enables food manufacturers and processors to meet the specific regulatory standards mandated by the countries where they operate and sell. This enables them to avoid product recalls that are costly and that severely damage brand identity. But these processes, in addition to satisfying regulators, also play a valuable part in protecting the companies from potential liability lawsuits, which can often be even more damaging.

The preventive controls most often used to effectively deal with such identified hazards are inspection systems (checkweighers and metal detection, X-ray and machine vision inspection systems) that quickly and efficiently detect non-standard and contaminated products and defective packaging and reject them from production lines before they can enter the marketplace. The performance of these systems must be validated, verified and monitored on an ongoing basis to ensure that they are performing as intended.

These terms–validation, verification and monitoring–are often used interchangeably, creating confusion within organizations and across industries because people interpret and use these terms in different ways. In fact, each term identifies a distinct process that has a clear purpose and role to play at different points throughout the equipment lifecycle. It is important to understand the purpose of each process to make sure that validation, verification and routine performance monitoring tests are performed to comply with regulatory requirements, particularly where the equipment is designated as a Critical Control Point (CCP).

Validation

The fundamental act of “validation,” when applied to inspection systems that are part of a food manufacturing or processing production line, is conducting an objective, data-based confirmation that the system does what it was designed, manufactured and installed to do. The International Featured Standards (IFS) organization defines validation as “confirmation through the provision of objective evidences, that the requirements for the specific intended use or application have been fulfilled.” In 2008, the Codex Alimentarius Commission defined validation as, “Obtaining evidence that a control measure or combination of control measures, if properly implemented, is capable of controlling the hazard to a specified outcome.” An important part of the validation procedure is the production of detailed data that demonstrates to line managers and to regulators that the system is operating as designed.

The manufacturer of each inspection system will validate its performance before delivery, testing it with generic products and packaging similar to what the customer will be producing. But that is only the beginning of the validation process. Onsite, that same system needs to be validated when inspecting the specific products that the production line where it will operate will be processing and/or packaging. This is ideally done at the time the system is originally installed in a production line, and then becomes one element of a complete program of validation, periodic verification and ongoing monitoring that will keep the system operating as intended and ensure that products are adequately and accurately inspected, and that accurate records of those inspections are kept.

It is critical for producers to remember, however, that the original onsite validation relates only to the specific products tested at the time. As new or additional sizes of products are developed and run on the production line, or packaging (including labeling) changes, the system will need to be re-validated for each change.

Verification

Verification is the process of periodically confirming that the inspection equipment continues to be as effective as when it was first validated. The verification process uses standard, established tests to determine whether the inspection system is still under control and continuing to operate as originally demonstrated. This verification process is conducted periodically at regular intervals to provide evidence-based confirmation that the system continues to be effective as specified. Formal performance verification is typically an annual process, to support audit requirements. It should continue throughout the productive life of the system.

Both validation of an installed system and periodic verification of operating systems can be conducted either internally by the end-user, or by the supplier of the equipment. Validation and verification services are often included as part of equipment purchase contracts.

Monitoring

Routine performance monitoring, as distinct from periodic verification, consists of a series of frequent, regular performance checks, during production, completed to determine whether processes are under control and to confirm that there has not been a significant change in the system’s performance level since the last successful test. The monitoring frequency may be as often as every two hours, depending on company standards, industry standards and/or retailer codes of practice.

If the monitoring process finds that a particular device is out of specification, all product that has passed through the production line since the last successful routine performance-monitoring event must be considered suspect and re-inspected.

In many cases, it is line operators that conduct online performance monitoring. However, many of today’s more sophisticated product inspection systems incorporate built-in performance monitoring software that automates this process and alerts operators when deviations occur. This valuable software feature removes any human error factor from the monitoring activity to help ensure that inspection processes are still being performed properly. It also provides documentation that will guide the end-user company’s QA groups in their continuous improvement efforts, and that will also be a valuable asset in the event of an inspection visit from regulators.

Routine performance monitoring can also have a direct impact on the production line’s OEE. Installing a system with built-in condition monitoring capability that automatically detects when the system may need correction and communicates that information directly to line operators reduces the frequency needed for verification testing, maximizing the line’s production uptime.

Reliance on the experts

Finally, food manufacturers and processors should remember that, while they are knowledgeable experts regarding their products, it is their equipment suppliers that are the experts on the capabilities and qualification procedures of their equipment. That expertise makes them the best source of reliable recommendations on questions from the most effective inspection equipment type for specific product needs, where to place that equipment on the production line for optimum results and how to validate, verify and monitor its performance.

Relying on these experts to conduct onsite validation and to advise on conducting periodic verification and ongoing performance monitoring can reduce both the time needed for the original onsite validation time and that needed for verification and ongoing monitoring procedures, increasing productivity.

Companies can also rely on these experts to be knowledgeable on the most current food safety regulations and the technology that affect equipment validation. It is critical for their success that they stay current on those topics, and sharing that knowledge is a valuable part of their service.

magnifying glass

Sanitation and FSMA: Is Your Program Deficient?

By Maria Fontanazza
1 Comment
magnifying glass
Bill Bremer is Principal, Food Safety Compliance at Kestrel Management LLC
Bill Bremer, Principal, Food Safety Compliance at Kestrel Management LLC

Proper sanitation plays a crucial role in the FSMA Preventive Controls rule, and FDA is paying more attention during facility inspections. However, many companies currently have deficient sanitation programs, according to Bill Bremer, principal at Kestrel Management, LLC. “It’s a key aspect of FSMA and requires that you have key personnel or a qualified sanitation manager either at each site or over each site (if it’s not local). That’s in FSMA,” he says. “In most cases, and for high-risk companies, sanitation must be supported by validated environmental testing programs (i.e., the typical swab-a-thons that FDA has done under FSMA). Sanitation chemicals that are used must be diligently approved for use and validated. In addition, chemicals must be appropriately applied, which is a big issue. These areas are key inspection points for FDA under FSMA, as well as for customer requirements. Sanitation has been elevated with FSMA and Preventive Controls, and it has to be addressed at a higher level—and for the most part, it isn’t.”

Bremer was invited by DNV-GL to discuss the importance of sanitation as a goal of FSMA in a Q&A with Food Safety Tech.

Food Safety Tech: Let’s first talk about the importance of a proper sanitation program. What are the factors at play here and what are the deficiencies with current sanitation programs?

Bill Bremer: We’re starting to conduct major sanitation program process improvements or process assessments for companies big and small. What we’re seeing in some of the key areas is that chemicals are not validated with the chemical provider. That includes the fit for use for them as well as the training of the people using them (i.e., if it’s liquid, it has to be diluted at right level and confirmed at right parts per billion).

Before you sanitize, you’re supposed to clean (in some cases it’s called debris removal). You can’t sanitize unless surfaces that are being sanitized are clean. We’re finding that cleaning isn’t done appropriately and thus companies are sanitizing over dirt, and you can’t sanitize over dirt or debris.

We’re also running into cases where the cleaning is done, and because it looks clean, a company is not sanitizing, so you run into another issue with those missed steps. And, this entire process needs to be validated and you must have records on it. You also have to support it with environmental programs, especially for high risk. So that means swabbing to make sure that once you clean and sanitize, you prove that the activities have ultimately removed any bacteria, germs or allergens from the process.

This is a high-profile area for FDA to inspect.

Some of the common deficiencies are with the program itself and the documented procedures to follow. It’s a weak area. Sometimes, a company will have different cleaning and sanitation programs documented (e.g., shift-by-shift or site-by-site), which leads to people who do the cleaning not following a standard set of instructions. It really gets down to both the programs and lack of qualified supervision and management of the cleaning and sanitation process.

Food Safety Tech: What methods should companies employ to meet FSMA requirements?

Bremer: This is an area where a diligent documentation program review is not always conducted. It’s assumed that we see the cleaning process—you see the foaming up of the cleaner, the sanitizer is all good—and we may see the cleaning record, but it’s not an SSOP, or standardized sanitation operating procedure.

However, when you look deeper and look at the documented programs, there very weak and unclear, and they need to be updated. That is one of the first things that we would investigate for a company. It’s also the qualification and training of the people—whether at the lower level or the management level, you have to be trained appropriately and the training has to be current.

Then we look at the physical process: Are they really doing debris removal in the cleaning process prior to sanitizing to make sure there’s no residue left for sanitation to be effective?

We also look at the environmental programs: Do they have a well-developed environmental program swab test? Are they using a third-party lab to validate their results? Today there are automatic test readers [that enable in-house] results. If you perform this in house, you need to have qualified people do it—and you should be checking those results with a third-party laboratory or service.

A proper sanitation program is an imperative. It’s an area where FDA is going to be investigating companies, even if they don’t have any record of products being recalled. If you look at the Blue Bell case, the big issue was that they didn’t do a good job of sanitizing their drains for Listeria, which got out of control and then it spread through the air system and to their suppliers, as well.

FSMA

FDA Releases Chapter 6 of Draft Guidance for PC Rule

By Food Safety Tech Staff
No Comments
FSMA

Last week FDA released the sixth chapter of the draft guidance, “Draft Guidance for Industry: Hazard Analysis and Risk-Based Preventive Controls for Human Food”. The document aims to assist food facilities in establishing and implementing a heat treatment (i.e., baking or cooking) to prevent bacterial contamination.

Learn more about FSMA compliance at the 2017 Food Safety Consortium | November 28– December 1 | The 60-page draft guidance addresses the use of heat treatments as a process control, providing information on understanding potential hazards, design and validation of the heat treatment, establishing and implementing monitoring procedures (and how often), verification, and record keeping.

FDA states that it intends to publish at least 14 chapters of the guidance. In just two weeks, the compliance date for the preventive controls for human food rule falls for small businesses (fewer than 500 full-time employees).

USP Food Fraud Database

Why Include Food Fraud Records in Your Hazard Analysis?

By Karen Everstine, Ph.D.
2 Comments
USP Food Fraud Database

Food fraud is a recognized threat to the quality of food ingredients and finished food products. There are also instances where food fraud presents a safety risk to consumers, such as when perpetrators add hazardous substances to foods (e.g., melamine in milk, industrial dyes in spices, known allergens, etc.).

FSMA’s Preventive Controls Rules require food manufacturers to identify and evaluate all “known or reasonably foreseeable hazards” related to foods produced at their facilities to determine if any hazards require a preventive control. The rules apply both to adulterants that are unintentionally occurring and those that may be intentionally added for economically motivated or fraudulent purposes. The FDA HARPC Draft Guidance for Industry includes, in Appendix 1, tables of “Potential Hazards for Foods and Processes.” As noted during the recent GMA Science Forum, FDA investigators conducting Preventive Controls inspections are using Appendix 1 “extensively.”

The tables in Appendix 1 include 17 food categories and are presented in three series:

  • Information that you should consider for potential food-related biological hazards
  • Information that you should consider for potential food-related chemical hazards
  • Information that you should consider for potential process-related hazards

According to the FDA draft guidance, chemical hazards can include undeclared allergens, drug residues, heavy metals, industrial chemicals, mycotoxins/natural toxins, pesticides, unapproved colors and additives, and radiological hazards.

USP develops tools and resources that help ensure the quality and authenticity of food ingredients and, by extension, manufactured food products. More importantly, however, these same resources can help ensure the safety of food products by reducing the risk of fraudulent adulteration with hazardous substances.

Incidents for dairy ingredients, food fraud
Geographic Distribution of Incidents for Dairy Ingredients. Graphic courtesy of USP.

Data from food fraud records from sources such as USP’s Food Fraud Database (USP FFD) contain important information related to potential chemical hazards and should be incorporated into manufacturers’ hazard analyses. USP FFD currently has data directly related to the identification of six of the chemical hazards identified by FDA: Undeclared allergens, drug residues, heavy metals, industrial chemicals, pesticides, and unapproved colors and additives. The following are some examples of information found in food fraud records for these chemical hazards.

Undeclared allergens: In addition to the widely publicized incident of peanuts in cumin, peanut products can be fraudulently added to a variety of food ingredients, including ground hazelnuts, olive oils, ground almonds, and milk powder. There have also been reports of the presence of cow’s milk protein in coconut-based beverages.

Drug residues: Seafood and honey have repeatedly been fraudulently adulterated with antibiotics that are not permitted for use in foods. Recently, beef pet food adulterated with pentobarbital was recalled in the United States.

Heavy metals: Lead, often in the form of lead chromate or lead oxide which add color to spices, is a persistent problem in the industry, particularly with turmeric.

Industrial Chemicals: Industrial dyes have been associated with a variety of food products, including palm oil, chili powder, curry sauce, and soft drinks. Melamine was added to both milk and wheat gluten to fraudulently increase the apparent protein content and industrial grade soybean oil sold as food-grade oil caused the deaths of thousands of turkeys.

Pesticides: Fraud in organic labeling has been in the news recently. Also concerning is the detection of illegal pesticides in foods such as oregano due to fraudulent substitution with myrtle or olive leaves.

Unapproved colors/additives: Examples include undeclared sulfites in unrefined cane sugar and ginger, food dyes in wine, and tartrazine (Yellow No. 5) in tea powder.

Adulteration, chili powder, skim milk powder, olive oil
Time Series Plot of Records for Chili Powder (blue), Skim Milk Powder (green), and Olive Oil (orange)

Continue to page 2 below.

Food fraud

Mitigating Food Fraud: Top Tips

By Food Safety Tech Staff
1 Comment
Food fraud

The complimentary webinar, Top Tips to Mitigate Food Fraud, takes place on June 22 at 1 pm ET. Register now.Recently, the topic of food fraud has been discussed with increasing urgency. From understanding the basics of what is food fraud to navigating the regulatory requirements, quality assurance, compliance and procurement professionals must have a general understanding of the components.

An upcoming free webinar will review the hazard analysis requirements surrounding the FSMA Preventive Control for Human Food, GFSI requirements for raw materials and risk assessments and food fraud mitigation plans. Attendees will also learn about food fraud mitigation implementation strategies. The speakers participating in this webinar are Jeff Chilton, vice president of professional services at Alchemy Systems and Peter Claise, marketing director for foods programs at USP.

Risk, food safety

Does Your Risk Control Program Meet FSMA’s Demands?

By Food Safety Tech Staff
No Comments
Risk, food safety

Identifying, prioritizing and managing supply chain risks is critical to maintaining FSMA compliance. Under the Preventive Controls rules, food companies must implement a hazard identification system for any known or foreseeable hazards. During an upcoming webinar, David Acheson, Ph.D. and Miles Thomas will discuss how data can help companies manage supply chain risk, methods for analyzing and prioritizing hazards, and mitigating risk to achieve FSMA compliance. They will also shine a spotlight on global trends in food safety and authenticity threats.

Learn more during the webinar, Don’t Get Blindsided by FSMA! April 27, 2017, 1 pm ET.

Elise Forward, Forward Food Solutions
FST Soapbox

Take Food Defense Concepts Beyond Your Four Walls

By Elise Forward
No Comments
Elise Forward, Forward Food Solutions

The new food defense regulations have caused quite a stir in the food industry and have left many scratching their heads. Many companies are worried about how to implement these programs. The regulations have created a format and structure in which many companies can adapt within their existing food defense programs to comply with the new law. Still, one of the biggest challenges of food defense is merely the idea of developing the food defense plan and coming into compliance with the FDA’s new Food Defense rule. The FDA received many comments from industry in response to the draft guidance. Many of these comments asked the agency for additional time to come into compliance, and the FDA responded by delaying the compliance dates well beyond what was proposed in the draft rules.

According to the regulations, companies are required to implement a food defense plan that focuses on the vulnerabilities in their facility. If you follow the FDA’s template, a food defense plan will look very similar to the traditional HACCP plan. The term, VACCP, Vulnerability Analysis Critical Control Points, is a term that is being tossed around as of late. The FDA wants companies to make sure that they consider an internal attacker, one that has inside access to the buildings, processes and products that are being produced. For many companies, this is stretching them beyond their current paradigms and may force some to implement new procedures. In reality, this paradigm shift is not insurmountable when the items to be controlled are within the four walls of their facility. Even subcontractors, such as pest control providers, maintenance subcontractors, auditors, etc., can be included in these programs. However, is this enough to ensure the safety of the product you are selling, the one you are putting your name on, and the one you are personally standing behind?

The goal of current risk-based thinking is to find the weakest link in the process, evaluate the risk and likelihood of a threat to food safety, and respond appropriately to control the risk. Unlike the Preventive Controls rule and the FSVP rule, the Food Defense rule focuses on the processes occurring in a facility and does not take into account the processes involved in the supply chain.  CargoNet Command Center found that there were 1500 security breaches in the transportation industry in the United States and Canada in 2015. The data was categorized by types of product and the highest percentage of any group of products was the food and beverage products which comprised 28% of the cargo thefts.  On average, that is greater than one food or beverage cargo theft per day. CargoNet Command Center provides a nice map on their website showing the location of these instances and I encourage you to review this map.  If your product passes along the hot spots of cargo theft, as well as having risk factors such as being valuable or in limited supply, it would be very beneficial to build systems and programs in place to address these additional risks to your product.

In another study presented at the Food Defense conference, there was a statistically significant link between breaches in IT systems to a follow-up cargo theft. Many quality and food safety professionals, much less executives, fully understand the interdependence of all business units on food safety. Many companies have problems with siloed departments, and unfortunately, this increases the vulnerabilities to attacks on the food we are trying to protect. This is a great example of how food safety is everyone’s job, and having this mentality is key to the success of food safety programs.

Of course, the requirement to the Food Defense rule must be addressed, but I challenge the industry to look beyond the walls of our facilities and instead, take a whole business approach and apply the principals of food defense to all inputs of the process that impacts the finished product. As food safety professionals, we need to work with our suppliers and our customers to ensure that the whole supply chain is protected from an attack.

Resources

FSMA, One Year Later: Top 5 Things We’ve Learned

By Erika Miller
No Comments

Now that the first of the FSMA compliance dates have passed, let’s look back at the past year of training new PCQIs, their questions and concerns from classes as well as the perspective from our FDA friends (yes, really!) who attended our workshops. We have learned so much, it is hard to narrow it down to only five things—but if we look at the issues that arose, the following five proved to be recurring themes throughout 2016.

5. Don’t Scrap Your Current Plan

Many clients have approached us and said they were planning to throw their current food safety and/or HACCP plan in the trash and start from scratch. Please don’t do this! Companies that care about quality and food safety already have effective quality management systems in place. It would be a disservice to the company and the general public for all these time-tested plans to go straight into the bin. It is more realistic to take a look at the current system in light of the new regulation and ask yourself if there are any gaps that can be addressed. This brings us to the next point.

4. Education Is Key

A compliant system cannot be developed without an understanding of the requirements. Although FSMA is derived from the basic principles of HACCP, there are key differences, and not all of them in the direction of less regulation. It is important to understand not only the updated Good Manufacturing Practices and Preventive Controls for both Human and Animal food, but also the Foreign Supplier Verification Program, Sanitary Transportation and the Produce Rule (if they apply). Although the FDA-recognized curriculum for some of these companion regulations have not yet been released, some independent training providers are offering workshops to help fill the gap while the FDA and FSPCA are working on the official curriculum. (Comment on this article for more information via email).

3. “You Must Evaluate If You Need It” Is Not the Same as “You Don’t Need It”

Some training providers have told their attendees that they can scrap many of their current systems because FSMA is less stringent than GFSI-approved schemes. Your certification body for FSSC 22000, SQF or BRC does not care one whit how stringent FSMA is (as long as you are compliant with its requirements, as local regulatory compliance is a key factor in GFSI approval). FSMA will not change expectations related to the GFSI-approved food safety schemes. It is also misleading to think that because FSMA is flexible, FDA regulators will not have expectations of excellence when they arrive at food processing facilities. This law gives regulators the power to take legal actions to address many infractions they have seen over the years but have been powerless to stop; the flexibility may well be a double-edged sword in that regard. Ensure that all decisions are based on data and records exist to validate any claims.