Don’t Get Behind
As with many of FDA’s new rules that are part of the Food Safety Modernization Act, the Intentional Adulteration rule sets a standard for the industry that’s similar to what many food processors already have in place. Companies which have a GFSI certification, like SQF or BRC, already have something called a “Food Defense” plan that includes consideration of facility security measures such as locking doors, fences, security cameras, protection of digital resources, design of processing equipment, and even mail controls.
However even if this is you, don’t assume that your programs already meet the requirements of the rule; there are some new requirements to consider. And of course, if your company still doesn’t have a food defense program you should take a serious look at what this rule expects from processors.
First, the Basics
This rule, as with the Preventive Controls rule, applies to most companies who are required to register with FDA as a food processor –the majority of the food processing industry. This includes both domestic companies, and those foreign companies whose product is sold in the U.S. For readers that import products into the U.S., take note! Part of your “Foreign Supplier Verification Program” may soon need to include verifying that food defense controls are in place at your supplier’s facility.
In true FSMA fashion, compliance dates are staggered based on Company size:
|Company Size||Compliance Date|
|Very small businesses: |
Less than $10 Million in total manufactured, processed, packed, or held
|Small Businesses: |
Less than 500 FTE Employees
|All Others||July 2019|
The rule’s requirements can be summarized as follows:
- Develop a food defense plan
- Conduct an assessment of potential risks to product from intentional adulteration. Adulteration may be committed by trespassers, visitors, or even employees.
- Determine mitigation strategies (controls to reduce risk)
- Implement the plan
- Train employees
- Implement mitigation strategies
- Monitor control measures
- Apply corrective actions where needed
- Verify the plan and its controls
- Reanalyze the plan periodically
What’s New or Different from GFSI?
In previous years food defense has been managed much like GMPs: companies would use a standard checklistto assess their facility controls, much like the tool from FSIS used by many manufacturers. While these tools are helpful, they don’t meet the new requirements that FDA has developed.
Under this rule, FDA will expect to see a more robust program, similar to a HACCP-based approach. A full assessment of the facility and each process step will need to be done just like a HACCP plan:
- Assemble a food defense team
- Describe the product under evaluation
- Develop a process flow diagram
- Describe the process steps
- Assess risk at each step based on 3 factors:
- Severity of potential public health impact
- Degree of access to product
- Ability to successfully contaminate product
- Identify & implement mitigation strategies
- Monitor mitigation strategies
- Apply corrective actions as needed
- Verification of the program
With regard to processing steps, the FDA has already provided guidance that there are a few key activity types considered high risk, which they will expect food processors to focus on in their facilities:
- Receiving and loading of bulk liquid ingredients / raw materials
- Liquid storage and handling processes
- Secondary ingredient handling (any point where dry or liquid ingredients are handled or manipulated)
- Mixing, grinding, and similar activities
As you can see based on the above, FDA’s perspective is that when ingredients or products are handled and processed in bulk there is a greater risk. But aside from this, it is each processors’ job to conduct a full assessment of all their processes and identify controls needed at any step.
Available Guidance and Tools
There are a variety of tools that FDA has made available for the industry; the difficulty is sifting through all of the information they’ve provided, as it can be overwhelming. Here are a few key items we recommend:
- FDA has published an excellent guidanceon the rule and has more guidance planned in the future. You can sign up for email updates on FSMA on their website.
- The FDA’s “Food Defense Plan Builder” is a piece of software that can be downloaded and used to build a compliant program.
- FDA has provided a short trainingthat can be taken by front-line employees to help them understand regulatory requirements andassist their company in meet the training requirements.
- The Food Safety Preventive Controls Alliance (FSPCA) has various types of trainingavailable in various formats, for members of management involved in developing food defense programs.
This article was written by Jon Kimble of the Safe Food Alliance.