Attend the Food Defense Plenary Panel Discussion at the 2019 Food Safety Consortium | Tuesday, October 1, 2019Today FDA released an updated version of its Food Defense Plan Builder in efforts to help companies comply with the International Adulteration FSMA rule. Version 2.0 of the tool includes the following sections to help food facility owners and operators in developing a facility-specific food defense plan:
Food Defense Monitoring Procedures
Food Defense Corrective Action Procedures
Food Defense Verification Procedures
The tool is for use on a computer, and FDA states that it does not have access to any content or documents used with the tool, nor does it track or monitor how the tool is being used. The agency also emphasizes that use of this tool is not required by law and its use does not mean that a company’s food defense plan is FDA approved or compliant with the IA rule requirements.
The original version of this tool was released in 2013. FDA will be conducting a demonstration of the Food Defense Plan Builder v. 2.0 during a webinar on October 10.
A new report released by the University of Minnesota’s Food Protection and Defense Institute warns that the food industry is vulnerable to cyberattacks, suggesting that food companies need to beef up their security and IT systems. According to the report, “Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing”, the systems that food companies use for processing and manufacturing could be the most vulnerable and as such, serve as an attractive target for an attack—especially as industries that are currently common targets improve their cybersecurity.
“The food industry has not been a target of costly cyberattacks like financial, energy, and health care companies have,” said Stephen Streng, lead author of the FPDI report, in a news release. “However, as companies in those sectors learn to harden their defenses, the attackers will begin looking for easier victims. This report can help food companies learn about what could be coming their way and how to begin protecting themselves.”
The report calls out that in 2011, researchers and manufacturers found more than 200 vulnerabilities in industrial control systems. In addition to the fact that these vulnerabilities are in many components from different vendors, many of these systems have obsolete operating systems and passwords that are easy to hack. Compounding this issue, “Companies often lack knowledge about how their industrial control systems and IT systems interact and lack awareness about cyber risks and threats,” the FPDI release notes.
And if you’re a small company, don’t think you’re immune, the report cautions. It cites that 74% of U.S. food manufacturers have fewer than 20 employees—yet software company Symantec Corp. points out that small companies have been targeted as often, or sometimes even more, than large companies.
How can food companies address this risk? The report recommends the following “critical” steps all companies should take:
Bridge the gap and facilitate more communication between OT (operational technology) and IT (information technology) personnel
Conduct risk assessments of inventory control systems and IT systems
Ensure that staff with the cybersecurity knowledge is involved in procuring and deploying inventory control system devices
Incorporate cybersecurity into your food safety and food defense culture.
I recently attended two webinars that highlighted distinct perspectives on two challenging aspects of food fraud prevention. First, Chris Elliott from Queen’s University Belfast discussed the current situation with meat fraud. He cited his “top three” fraud-prone foods as meat, olive oil and honey. While we cannot determine the true scope of food fraud globally, looking at the data we have collected from the past 10 years, meat is also in our “top three.”
Meat is prone to fraud in many ways, including misrepresenting the animal species, fraudulent labeling of production practices (organic, kosher, halal, etc.), the use of unapproved additives, the addition of non-meat-based protein ingredients, and misrepresentation of geographic origin (among others).
Elliott discussed some of the reasons that meat is prone to fraud, which included the fact that the industry is highly competitive, relies on low profit margins, and the supply network can be complex. Discussing specifically the horsemeat scandal in Europe a few years ago, he cited the “mess of subcontracts” involved in the adulterated meat, which were based primarily on price. He finished his presentation by noting that certain aspects of meat authentication are still challenging from an analytical perspective, such as ensuring country of origin and verifying the claims about animal feed consumption.
The final in a series of food fraud webinars sponsored by the IAFP Food Fraud Professional Development Group (PDG) focused on another aspect of food fraud: E-commerce. One of the big challenges with food fraud is the intentional nature of the crime, which can make anticipation of adulterants and fraud methods difficult.
GFSI has stated “any plans and activities to mitigate, prevent or even understand the risks associated with food fraud should consider an entire company’s activities, including some that may not be within the traditional food safety or even HACCP scope, applying methods closer to criminal investigation.” This is particularly true for fraud involving intellectual property (IP) infringement, which adds another layer of complexity to detection and prevention strategies. We have more than 200 records documenting fraud involving “counterfeit” products. Counterfeit products are a problem both because of the IP infringement and because, often, the actual contents of the product cannot be verified. Many of the records we have documented involve counterfeit vodka, whiskey, and wine, as well as non-alcoholic soft drinks.
As part of the IAFP webinar, Axel Hein from ApiraSol discussed their work using global customs data to detect counterfeit products, so-called “fantasy trademarks,” and geographical indication infringements.
Many countries provide public access to customs data which, when aggregated and combined with other sources (such as Alibaba transactions), allows mapping of supply chains and detection of unusual patterns that may indicate fraud. In school, I spent many months digging through U.S. customs data trying to uncover patterns that might indicate fraud, so I was very interested to see this being done on a larger scale.
Although each webinar was distinct in its focus, each highlighted the importance of supply chain control and monitoring in mitigating food fraud risk. To paraphrase a point made by Elliott, each arrow in a supply network is a potential vulnerability. The continued globalization of the food supply requires new and innovative ways to reduce these supply chain vulnerabilities.
Learn more about how to mitigate the risks of food fraud and intentional adulteration at the Food Safety Supply Chain Conference | May 29–30, 2019 | Rockville, MD or attend virtuallyThis week FDA made an announcement during a public meeting that the agency’s routine inspection to verify compliance with the FSMA Intentional Adulteration rule will start next March.
The first compliance date for the rule is this July. It is a requirement for food facilities covered under this rule to develop and implement a food defense plan that identifies vulnerabilities and the consequent mitigation plan.
FDA stated that it has received feedback on the “novel nature” of the rule’s requirements and that stakeholders want more time to develop their food defense plans. “ To allow industry time with the forthcoming materials, tools, and trainings, and because the IA rule represents new regulatory territory for all of us, we will be starting routine IA rule inspections in March 2020,” FDA stated and added that it is working on developing more resources as well as the final part of draft guidance to continue to assist industry.
The FSMA Intentional Adulteration rule is focused on preventing intentional adulteration from acts intended to cause wide-scale food safety impacts to public health, including acts of terrorism, economic adulteration and disgruntled employees. Such acts, while unlikely, could cause illness, death and economic disruption of the food supply absent mitigation strategies. This rule requires mitigation strategies to reduce risk versus specific food hazards.
How much do you know about the Intentional Adulteration Rule? Test your smarts by taking the FSMA IQ Test here The Intentional Adulteration rule is established to address large companies with products that reach many people, while exempting smaller companies. This rule requires covered facilities to conduct a “vulnerability assessment” to identify vulnerabilities and actions to take for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these vulnerabilities must be identified and evaluated. Covered facilities must also prepare and implement a Food Defense Plan. This written plan must identify the vulnerabilities and actionable process steps; mitigation strategies; and procedures for food defense monitoring, corrective actions and verification. A reanalysis is required every three years or when certain criteria are met, including mitigation strategies that are determined to be improperly implemented.
Self-Diagnostic Assessment Tool
The following self-diagnostic assessment tool can help organizations better determine their current state of planning when it comes to implementing and managing FSMA Intentional Adulteration requirements. To complete your own assessment, review and compare your programs to the questions in Table I.
Companies must have the appropriate systems in place to comply with FSMA Intentional Adulteration requirements or face possible willful non-conformance, which can include fines and criminal penalties under FDA enforcement. The questions in Table I will help companies identify areas to consider regarding their program. Kestrel can also help answer questions, provide input on solutions, discuss how to better manage all your food safety requirements, and change “No” responses into “Yes” responses that promote best practices for FSMA and food safety compliance.
Strictly Necessary Cookies
Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for these cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
If you visit and/or use the FST Training Calendar, cookies are used to store your search terms, and keep track of which records you have seen already. Without these cookies, the Training Calendar would not work.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.
Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.
In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.
You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.