Tag Archives: vulnerability

Elise Forward, Forward Food Solutions
FST Soapbox

Take Food Defense Concepts Beyond Your Four Walls

By Elise Forward
No Comments
Elise Forward, Forward Food Solutions

The new food defense regulations have caused quite a stir in the food industry and have left many scratching their heads. Many companies are worried about how to implement these programs. The regulations have created a format and structure in which many companies can adapt within their existing food defense programs to comply with the new law. Still, one of the biggest challenges of food defense is merely the idea of developing the food defense plan and coming into compliance with the FDA’s new Food Defense rule. The FDA received many comments from industry in response to the draft guidance. Many of these comments asked the agency for additional time to come into compliance, and the FDA responded by delaying the compliance dates well beyond what was proposed in the draft rules.

According to the regulations, companies are required to implement a food defense plan that focuses on the vulnerabilities in their facility. If you follow the FDA’s template, a food defense plan will look very similar to the traditional HACCP plan. The term, VACCP, Vulnerability Analysis Critical Control Points, is a term that is being tossed around as of late. The FDA wants companies to make sure that they consider an internal attacker, one that has inside access to the buildings, processes and products that are being produced. For many companies, this is stretching them beyond their current paradigms and may force some to implement new procedures. In reality, this paradigm shift is not insurmountable when the items to be controlled are within the four walls of their facility. Even subcontractors, such as pest control providers, maintenance subcontractors, auditors, etc., can be included in these programs. However, is this enough to ensure the safety of the product you are selling, the one you are putting your name on, and the one you are personally standing behind?

The goal of current risk-based thinking is to find the weakest link in the process, evaluate the risk and likelihood of a threat to food safety, and respond appropriately to control the risk. Unlike the Preventive Controls rule and the FSVP rule, the Food Defense rule focuses on the processes occurring in a facility and does not take into account the processes involved in the supply chain.  CargoNet Command Center found that there were 1500 security breaches in the transportation industry in the United States and Canada in 2015. The data was categorized by types of product and the highest percentage of any group of products was the food and beverage products which comprised 28% of the cargo thefts.  On average, that is greater than one food or beverage cargo theft per day. CargoNet Command Center provides a nice map on their website showing the location of these instances and I encourage you to review this map.  If your product passes along the hot spots of cargo theft, as well as having risk factors such as being valuable or in limited supply, it would be very beneficial to build systems and programs in place to address these additional risks to your product.

In another study presented at the Food Defense conference, there was a statistically significant link between breaches in IT systems to a follow-up cargo theft. Many quality and food safety professionals, much less executives, fully understand the interdependence of all business units on food safety. Many companies have problems with siloed departments, and unfortunately, this increases the vulnerabilities to attacks on the food we are trying to protect. This is a great example of how food safety is everyone’s job, and having this mentality is key to the success of food safety programs.

Of course, the requirement to the Food Defense rule must be addressed, but I challenge the industry to look beyond the walls of our facilities and instead, take a whole business approach and apply the principals of food defense to all inputs of the process that impacts the finished product. As food safety professionals, we need to work with our suppliers and our customers to ensure that the whole supply chain is protected from an attack.

Resources

Food Fraud

PwC Partnership Fights Food Fraudsters

By Food Safety Tech Staff
No Comments
Food Fraud

Each year, food fraud costs the industry $30–$40 million worldwide, according to Michigan State University. In an effort to help food companies combat vulnerabilities in their supply chain, PricewaterhouseCoopers (PwC) and non-profit organization SSAFE have created a free tool to help detect food fraud. Developed in partnership with Wageningen University (The Netherlands), VU University Amsterdam and other industry experts, the tool consists of 50 questions and is available via a downloadable app or Excel spreadsheet. Upon completion, the tool provides a profile of the company’s potential for food fraud vulnerability in the form of a report that can be added to food safety documentation.  According to PwC, the assessment is confidential, and while the profile doesn’t offer any mitigation techniques, it provides links on where and how a company can find solutions to the issues mentioned.  

“Beyond the economic cost, food fraud can harm public health and damage consumer trust,” said Craig Armitage, PwC’s Global Leader of Food Supply and Integrity Services in a press release. “Food frauds, such as horse meat being passed off as minced beef or the addition of melamine in dairy, have increased the urgency with which the food industry is taking action.”

Companies can begin using the Excel spreadsheet, which is available on PwC’s website. The app will be available in February.

Food Defense Culture is Coming

By Maria Fontanazza
1 Comment

FSMA’s proposed rule on intentional adulteration isn’t the only reason companies should be paying attention to food defense.

Establishing metrics in food defense, similar to the growing awareness around the importance of measuring behaviors in a food safety culture, was a topic recently brought up at FDA’s FSMA public meeting in the spring. The agency acknowledged that it will need to both clearly define what exactly is intentional adulteration and how it can be measured.

While food safety involves assessing and mitigating hazards, food defense is all about the threat and protection against intentional contamination. “The threat of fraud is a growing problem as supply chains get more complex, resources grow scarcer and the cost of food increases. All this provides more opportunity and potential reward for food adulterers,” stated a recent PwC report on food trust.

The FSMA final rule Focused Mitigation Strategies to Protect Food Against Intentional Adulteration is scheduled to be published in spring 2016, and companies need to be revisiting and revamping their food defense plans to prepare.

Prevention is the key word and on the most fundamental level of a food defense plan, businesses need to have management commitment before building, or even revisiting, a food defense plan—do they understand the resources, time and cost involved?

Conducting a vulnerability assessment is the first step in finding the gaps and examining whether a facility is secure. Beyond the standard questions that companies may ask when embarking on this assessment, businesses should identify potential attackers, asking how an attacker could have access to a product or process and what would be the outcome of an attack. Then look at the protective measures that are already in place—would these act as a deterrent? And if deterred, would the attacker proceed to the next target or would he or she stop? What measures are in place to find the attacker before there is an effect on the product?

When developing a food defense plan, there are several areas of potential vulnerability:

  • Shipping and receiving and packaging
  • Laboratories and testing sites
  • Recall and traceability programs and processes
  • Water used in processing/manufacturing—what is its origin?
  • Employees—what are the health risks? Is there a process for employee health reporting? Is there a process for reporting disgruntled employees?
  • Security personnel

With food fraud on the rise, it’s important for companies to continue to revisit and update their food defense plans, considering changes to facility designs or strategies, packaging changes, security improvements, etc. Companies should also be proactive in monitoring their employees both from a satisfaction (reducing the incidence of a disgruntled employee) and awareness perspective. FDA has initiatives to help companies build a food defense culture and employee awareness, including the ALERT training course for owners and operators of food facilities and Employees FIRST, and the National Center for Food Protection and Defense has programs aimed at workforce training as well as undergraduate and graduate curriculum on food defense.