Tag Archives: vulnerabilities

FDA

FDA Updates Food Defense Plan Builder to Support Compliance with Intentional Adulteration FSMA Rule

By Food Safety Tech Staff
No Comments
FDA

Attend the Food Defense Plenary Panel Discussion at the 2019 Food Safety Consortium | Tuesday, October 1, 2019Today FDA released an updated version of its Food Defense Plan Builder in efforts to help companies comply with the International Adulteration FSMA rule. Version 2.0 of the tool includes the following sections to help food facility owners and operators in developing a facility-specific food defense plan:

  • Facility Information
  • Process/Product Description
  • Vulnerability Assessment
  • Mitigation Strategies
  • Food Defense Monitoring Procedures
  • Food Defense Corrective Action Procedures
  • Food Defense Verification Procedures
  • Supporting Documents
  • Signature

The tool is for use on a computer, and FDA states that it does not have access to any content or documents used with the tool, nor does it track or monitor how the tool is being used. The agency also emphasizes that use of this tool is not required by law and its use does not mean that a company’s food defense plan is FDA approved or compliant with the IA rule requirements.

The original version of this tool was released in 2013. FDA will be conducting a demonstration of the Food Defense Plan Builder v. 2.0 during a webinar on October 10.

Data protection, security

Threat of Cyberattacks to Food Safety on the Rise

By Food Safety Tech Staff
No Comments
Data protection, security

A new report released by the University of Minnesota’s Food Protection and Defense Institute warns that the food industry is vulnerable to cyberattacks, suggesting that food companies need to beef up their security and IT systems. According to the report, “Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing”, the systems that food companies use for processing and manufacturing could be the most vulnerable and as such, serve as an attractive target for an attack—especially as industries that are currently common targets improve their cybersecurity.

“The food industry has not been a target of costly cyberattacks like financial, energy, and health care companies have,” said Stephen Streng, lead author of the FPDI report, in a news release. “However, as companies in those sectors learn to harden their defenses, the attackers will begin looking for easier victims. This report can help food companies learn about what could be coming their way and how to begin protecting themselves.”

The report calls out that in 2011, researchers and manufacturers found more than 200 vulnerabilities in industrial control systems. In addition to the fact that these vulnerabilities are in many components from different vendors, many of these systems have obsolete operating systems and passwords that are easy to hack. Compounding this issue, “Companies often lack knowledge about how their industrial control systems and IT systems interact and lack awareness about cyber risks and threats,” the FPDI release notes.

And if you’re a small company, don’t think you’re immune, the report cautions. It cites that 74% of U.S. food manufacturers have fewer than 20 employees—yet software company Symantec Corp. points out that small companies have been targeted as often, or sometimes even more, than large companies.

How can food companies address this risk? The report recommends the following “critical” steps all companies should take:

  • Bridge the gap and facilitate more communication between OT (operational technology) and IT (information technology) personnel
  • Conduct risk assessments of inventory control systems and IT systems
  • Ensure that staff with the cybersecurity knowledge is involved in procuring and deploying inventory control system devices
  • Incorporate cybersecurity into your food safety and food defense culture.

FPDI’s full report is available on the organization’s website.

Karen Everstine, Decernis
Food Fraud Quick Bites

It’s All About the Supply Chain

By Karen Everstine, Ph.D.
No Comments
Karen Everstine, Decernis

I recently attended two webinars that highlighted distinct perspectives on two challenging aspects of food fraud prevention. First, Chris Elliott from Queen’s University Belfast discussed the current situation with meat fraud. He cited his “top three” fraud-prone foods as meat, olive oil and honey. While we cannot determine the true scope of food fraud globally, looking at the data we have collected from the past 10 years, meat is also in our “top three.”

Commodities, food draud, Decernis
Top 10 Commodity Groups. Source: Decernis Food Fraud Database

Meat is prone to fraud in many ways, including misrepresenting the animal species, fraudulent labeling of production practices (organic, kosher, halal, etc.), the use of unapproved additives, the addition of non-meat-based protein ingredients, and misrepresentation of geographic origin (among others).

Elliott discussed some of the reasons that meat is prone to fraud, which included the fact that the industry is highly competitive, relies on low profit margins, and the supply network can be complex. Discussing specifically the horsemeat scandal in Europe a few years ago, he cited the “mess of subcontracts” involved in the adulterated meat, which were based primarily on price. He finished his presentation by noting that certain aspects of meat authentication are still challenging from an analytical perspective, such as ensuring country of origin and verifying the claims about animal feed consumption.

The final in a series of food fraud webinars sponsored by the IAFP Food Fraud Professional Development Group (PDG) focused on another aspect of food fraud: E-commerce. One of the big challenges with food fraud is the intentional nature of the crime, which can make anticipation of adulterants and fraud methods difficult.

GFSI has stated “any plans and activities to mitigate, prevent or even understand the risks associated with food fraud should consider an entire company’s activities, including some that may not be within the traditional food safety or even HACCP scope, applying methods closer to criminal investigation.” This is particularly true for fraud involving intellectual property (IP) infringement, which adds another layer of complexity to detection and prevention strategies. We have more than 200 records documenting fraud involving “counterfeit” products. Counterfeit products are a problem both because of the IP infringement and because, often, the actual contents of the product cannot be verified. Many of the records we have documented involve counterfeit vodka, whiskey, and wine, as well as non-alcoholic soft drinks.

As part of the IAFP webinar, Axel Hein from ApiraSol discussed their work using global customs data to detect counterfeit products, so-called “fantasy trademarks,” and geographical indication infringements.

Global customs data, food fraud
Slide used with permission from ApiraSol

Many countries provide public access to customs data which, when aggregated and combined with other sources (such as Alibaba transactions), allows mapping of supply chains and detection of unusual patterns that may indicate fraud. In school, I spent many months digging through U.S. customs data trying to uncover patterns that might indicate fraud, so I was very interested to see this being done on a larger scale.

Although each webinar was distinct in its focus, each highlighted the importance of supply chain control and monitoring in mitigating food fraud risk. To paraphrase a point made by Elliott, each arrow in a supply network is a potential vulnerability. The continued globalization of the food supply requires new and innovative ways to reduce these supply chain vulnerabilities.

FDA

FDA Says Routine Intentional Adulteration Inspections Will Start March 2020

By Food Safety Tech Staff
No Comments
FDA

Learn more about how to mitigate the risks of food fraud and intentional adulteration at the Food Safety Supply Chain Conference | May 29–30, 2019 | Rockville, MD or attend virtuallyThis week FDA made an announcement during a public meeting that the agency’s routine inspection to verify compliance with the FSMA Intentional Adulteration rule will start next March.

The first compliance date for the rule is this July. It is a requirement for food facilities covered under this rule to develop and implement a food defense plan that identifies vulnerabilities and the consequent mitigation plan.

FDA stated that it has received feedback on the “novel nature” of the rule’s requirements and that stakeholders want more time to develop their food defense plans. “ To allow industry time with the forthcoming materials, tools, and trainings, and because the IA rule represents new regulatory territory for all of us, we will be starting routine IA rule inspections in March 2020,” FDA stated and added that it is working on developing more resources as well as the final part of draft guidance to continue to assist industry.

Bill Bremer is Principal, Food Safety Compliance at Kestrel Management LLC
FST Soapbox

FSMA Checklist: Intentional Adulteration Rule

By Bill Bremer
1 Comment
Bill Bremer is Principal, Food Safety Compliance at Kestrel Management LLC

The FSMA Intentional Adulteration rule is focused on preventing intentional adulteration from acts intended to cause wide-scale food safety impacts to public health, including acts of terrorism, economic adulteration and disgruntled employees. Such acts, while unlikely, could cause illness, death and economic disruption of the food supply absent mitigation strategies. This rule requires mitigation strategies to reduce risk versus specific food hazards.

How much do you know about the Intentional Adulteration Rule? Test your smarts by taking the FSMA IQ Test here The Intentional Adulteration rule is established to address large companies with products that reach many people, while exempting smaller companies. This rule requires covered facilities to conduct a “vulnerability assessment” to identify vulnerabilities and actions to take for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these vulnerabilities must be identified and evaluated. Covered facilities must also prepare and implement a Food Defense Plan. This written plan must identify the vulnerabilities and actionable process steps; mitigation strategies; and procedures for food defense monitoring, corrective actions and verification. A reanalysis is required every three years or when certain criteria are met, including mitigation strategies that are determined to be improperly implemented.

Self-Diagnostic Assessment Tool

The following self-diagnostic assessment tool can help organizations better determine their current state of planning when it comes to implementing and managing FSMA Intentional Adulteration requirements. To complete your own assessment, review and compare your programs to the questions in Table I.

FSMA, Intentional Adulteration
Table I. Kestrel Management’s self-diagnostic tool can help a company assess its Intentional Adulteration program for FSMA compliance.

Get Compliance-Ready

Companies must have the appropriate systems in place to comply with FSMA Intentional Adulteration requirements or face possible willful non-conformance, which can include fines and criminal penalties under FDA enforcement. The questions in Table I will help companies identify areas to consider regarding their program. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage all your food safety requirements, and change “No” responses into “Yes” responses that promote best practices for FSMA and food safety compliance.