Food and beverage processing plants have a duty to protect against acts that are intended to cause harm to the public, consumers or companies from within a manufacturing site. Potential threats can range from tampering hoaxes to the less likely but still very real threat of a terrorist attack.
Food defense plans should be in full swing by now, since the FDA began enforcing its intentional adulteration (IA) rule under the Food Safety Modernization Act (FSMA) back in 2020 for large companies, and in July 2021 for all business sizes. For processors that fall under USDA guidelines, the Food Safety and Inspection Service (FSIS) promotes food defense by encouraging establishments to voluntarily adopt a functional food defense plan; implement food defense practices (including inside, outside and personnel security measures); and conduct training and exercises to ensure preparedness.
Regardless of size, all plants can benefit by having and implementing a facility-specific food defense plan that includes a vulnerability assessment, mitigation strategies, monitoring, corrective actions, verification, training and records, according to Ryan Newkirk, senior advisor for intentional adulteration, Food Defense and Emergency Coordination Staff, FDA.
— Ryan Newkirk, senior advisor for IA, Food Defense and Emergency Coordination Staff, FDA
“These activities can help protect employees, the company brand and public health,” he says. “How do we know this? We have worked collaboratively with the industry for many years and have developed a robust food defense program for facilities of all sizes. It is important for facilities, regardless of size, to understand their vulnerabilities, minimize them, ensure those activities that reduce vulnerabilities are working as intended, and train employees.”
Companies should be proactive and preventive in nature, says Lance Roberie, owner and food safety trainer at Food Safety & Quality Services LLC (FSQS). “One way to do that is to get ahead of it, right? You don't want to wait until you have an inspection to tell you that you're not doing something that you already know you're not doing.
“Ultimately, you want to impress auditors when they come in,” continues Roberie. “You want to have your training in place; you want to show them the certificate; and you want to brag about your facility. A facility shouldn’t be inactive just because they don’t know what to do.”
“Protecting public health is paramount...”
— Jon Woody, director, Food Defense and Emergency Coordination Staff, FDA
Tools for FDA plants
So how can companies get ahead? There are several tools available to help them build the right food defense plan.
Jon Woody, director, Food Defense and Emergency Coordination Staff, FDA, explains that the agency offers multiple resources to help plants comply with the IA rule. “Many of these resources were built with significant stakeholder input,” he notes. They include:
• Food Defense Plan Builder (FDPB): The FDPB guides users through a series of sections that, when completed, make up the content for a facility’s tailored food defense plan. The FDPB may assist the food industry in meeting many of the requirements of the rule and has been updated so that the content aligns with the rule’s requirements. Although the content of the FDPB is consistent with the FDA’s existing regulations and guidance, use of the FDPB is voluntary, and using the tool to develop a food defense plan does not guarantee compliance with the rule’s requirements.
• The Food Defense Mitigation Strategies Database (FDMSD): The FDMSD contains a collection of potential mitigation strategies to minimize or prevent significant vulnerabilities at actionable process steps. This collection of strategies was developed in collaboration with other government partners and food industry representatives who participated in the vulnerability assessments that the FDA conducted.
• Training: Training is important for both industry and inspectors who will be checking to make sure the requirements of the IA rule are met. The rule requires that certain food defense activities be performed by a “qualified individual”. Employees and supervisors working at a facility’s most vulnerable points are required to complete food defense awareness training.
This training is available for free through the Food Safety Preventive Controls Alliance (FSPCA) or facilities can also create their own training program. FSPCA offers additional IA courses, such as Conducting Vulnerability Assessments using Key Activity Types, Conducting Vulnerability Assessments using the Three Elements, Identification and Explanation of Mitigation Strategies, and Food Defense Plan Preparation and Reanalysis; courses also can be taken from other training providers.
“Ultimately, you want to impress auditors when they come in.”
— Lance Roberie, owner and food safety trainer at Food Safety & Quality Services LLC (FSQS)
Roberie says, “Our recommendation is the FDPB. Version 2.0 has been modified to comply with the current IA rule. This program really guides you through the process. It matches up with the mitigation strategies database, and it’ll help you design your whole food defense plan.”
He notes the FDA wants qualified individuals to be responsible for these programs, whether that be a current employee or third party. Roberie says, “My recommendation is to make somebody at the company a qualified individual because using a consultant or an outside party is not always an option,” he says. “We’re not there every day, so the first step is to train a qualified individual who understands the program and can justify their decisions.”
Tools for UDSA plants
FSIS has developed numerous tools and resources to assist the meat, poultry and egg processing industries with implementing best practices to prevent, mitigate, respond to and recover from incidents of intentional contamination of the food supply. These include guidance materials for slaughter/processing facilities, warehouse and distribution centers and food transporters; a general food defense plan; an online risk mitigation tool; an exercise kit; and training resources. Many of these are available in multiple languages. These can be found on the FSIS website (http://www.fsis.usda.gov/FoodDefense) but three are highlighted here:
• Preventing Cargo Theft and Contamination of Meat, Poultry, and Egg Products—an infographic-style poster provides helpful information on threats, recommended prevention measures and where to report a cargo theft incident. The guidance was developed in collaboration with the Department of Homeland Security Transportation Security Administration (TSA).
• Food Defense Risk Mitigation Tool—identifies some possible countermeasures that companies could implement, as part of a food defense plan, to better protect their business, employees and customers. Some of the countermeasures are specific to particular activities while others apply more generally to the facility as a whole.
• FSIS Food Defense Preparedness and Recall Exercise Package (FD-PREP)—a compilation of four scenarios, and supporting documents, based on potential intentional food contamination events. FD-PREP is designed to help establishments test and validate their food defense and recall plans.
— Colin Barthel, senior policy analyst, Food Defense and Emergency Coordination Staff, FDA
One challenge is for the industry to try to identify food defense vulnerabilities from new challenges such as cybersecurity issues. “FSIS works with partner government agencies such as DHS and the FBI to share information on a wide variety of food defense challenges, including cybersecurity threats to the food sector, best practices to mitigate these threats, and government resources available to assist the private sector,” according to an FSIS spokesperson.
FDA’s Newkirk says, “We see the challenges, firsthand, and stakeholders share their specific challenges with us, as well. Since this is a relatively new area of regulation, some stakeholders want a better understanding of what the FDA is looking for.” For example, he says they have heard concerns about the level of detail needed for vulnerability assessments and have received questions about how to implement the “right” mitigation strategy to reduce vulnerabilities.
“We found during site visits and public meetings, that we made good progress in addressing important areas of concern and uncertainty.” Newkirk adds that they have built as much flexibility into the rule as possible. “We do not specify what preventive steps must be used to reduce vulnerabilities. Companies have significant flexibility in choosing which mitigation strategies are most appropriate for them.
“Additionally, we describe numerous mitigation strategies that are in the IA rule guidance, including instances where technology-based strategies may be the best way for a facility to reduce a significant vulnerability. The guidance also describes other instances where a strategy based on personnel may be a more practical and cost-efficient strategy to reduce vulnerability,” he says.
Colin Barthel, senior policy analyst, Food Defense and Emergency Coordination Staff, FDA, says the FDA’s approach to the IA rule implementation and compliance is to educate while they regulate. “Our primary goal in this early period of IA rule compliance is to ensure that industry is informed and knowledgeable regarding the IA rule’s requirements and firms’ responsibilities regarding food defense plans and the implementation of those plans,” he says.
“We also are making sure the industry is aware of and has access to information and tools that could facilitate their compliance. Guidance, training, and tools such as FDPB and Mitigation Strategies Database can be valuable resources for a regulated industry when they develop, implement and reanalyze their food defense plans.”
Responsibility for protecting the food supply chain is shared across government and the private sector, notes an FSIS spokesperson. It’s important for food processors to put measures in place to prevent or reduce risk that a person or group can intentionally contaminate food and cause public health or economic harm. Additionally, developing and implementing appropriate risk-based food defense programs helps minimize the impact to a business, their customers and employees in the event of an intentional contamination incident.
The FDA’s Woody concludes, “Protecting public health is paramount. The purpose of the rule, and its requirements, is to protect food from a person or group of people who are intentionally doing something to food to either cause illness or death on a large scale. While the possibility for such an event is low, the potential public health consequences can be high. As we’ve learned through years of collaborative efforts, and now with regulatory requirements for some, implementing written food defense plans and training are essential components to understanding and mitigating intentional adulteration of food.”