Cut cantaloupePrior to last year’s cantaloupe recall, the cantaloupe producer/processor had made a change to its washing process, ostensibly to improve it. However, the change from a chlorinated to non-chlorinated wash plus a change of washing equipment may have contributed to the Listeria outbreak. In addition, while auditors pointed out that wood was found on the unloading and packing tables, hot water hand wash was not available, and facility doors were left open during operating hours, the facility still scored a 96 percent grade in a third-party audit. It’s important to note no pathogen issues or foodborne illness outbreaks had ever been recorded at this facility until these process changes were made.

While a producer may have the best intentions to improve a system by making process changes, without some expert help with validation and verification, the processor may only be guessing as to whether the changes will be effective and safe. And, when disaster strikes, it’s too late to second guess what went wrong. One thing is sure: A pathogen outbreak and recall can bring on lawsuits and put a processor out of business.

In an interview with John Petie, food safety program manager, TÜV SÜD America, FE asked how processors can avoid catastrophes like this. TÜV SÜD is an international food safety auditing and consulting agency.


FE: Obviously, you can’t test food safety and quality into a product. Let’s assume a processor has an existing process designed with HACCP principles. How can the processor verify and/or validate it is meeting its HACCP plan and producing safe food?

John Petie: All GFSI (Global Food Safety Initiative) programs require businesses to implement HACCP programs based on Codex Alimentarius principles, covering all foods marketed to consumers, whether processed, semi-processed or raw. HACCP programs are a core requirement for obtaining certification, and HACCP plans must be validated and verified at least annually and whenever changes are made that could impact food safety. For example, each time a new supplier is added, the impact upon the HACCP plan must be reviewed. Conducting this review is a requirement and must be documented, utilizing a multi-disciplinary team.

John Petie
John Petie, food safety program manager at TÜV SÜD America, can be reached at 800-888-0123, or via email.

As far as validation is concerned, businesses should not only state the regulatory requirements are being met but, most importantly, demonstrate the effectiveness of their process using the specific equipment within the business. For example, a company cooking meat (beef) should adhere to Appendix A of the USDA/FSIS, Compliance Guidelines For Meeting Lethality Performance Standards For Certain Meat And Poultry Products, for thermal processing and Appendix B, Compliance Guidelines For Meeting Lethality Performance Standards For Certain Meat And Poultry Products, for cooling. Demonstrating adherence to these standards could entail using data loggers to map and monitor the meat temperatures throughout the oven to prove all products contained within the oven have achieved the correct time/temperature ratio. The critical control point (CCP) would need to be set to the coldest part of the oven under worst-case scenarios (e.g., coldest time of year, fully loaded oven, with largest piece sizes).

Within the day-to-day operations, the plan must be verified demonstrating that it is functioning properly. This can be done by utilizing two methods:

  • First, direct observation: A third party observes an appropriately HACCP-trained CCP monitor who regularly conducts the measurement. In other words, if a production employee is responsible for monitoring the temperature of cooked product exiting an oven, a verification process could involve a member of the QA team to observe the measurement. This would then be recorded on process paperwork.  
  • Second, a QA member conducting independent measurement alongside of production:  Prior to releasing a product, an independent member of the QA department or a shipping supervisor reviews all process paperwork and ensures all aspects of the process have been adhered to. Paperwork is then signed, and product is released for shipping.


FE: What is the difference between verification and validation?

Petie: Verification and validation are independent procedures used in combination to ensure a system of checks and balances for a product, service or system(s). The key difference between the two is that validation (as applied to control measures) seeks to prove the intended result was achieved and it actually worked, while verification (as applied to control measures) seeks to prove the control measure was done according to its design.


FE: How can consultants help with verification and validation?

Petie: For the purpose of verification and validation, consultants can provide valuable insight and expertise a business may not possess—both in terms of resource capability and availability. They can provide knowledge and expertise to ensure a business’ HACCP plans are validated and verified. It should be noted that although a skilled consultant can add value to an organization, employing the skills of a consultant does not abdicate a business of its own legal, moral and ethical responsibilities to ensure the production of safe food.


FE: How can an independent, third-party auditor be trusted to provide accurate and actionable findings? In other words, if there is a problem, we don’t want a rubber stamp that everything is OK when it isn’t.

Petie: Third-party certificated audits—such as GFSI, SQF, BRC and FSSC22000—require auditors to meet strict educational and experiential requirements in order to be able to become an auditor. Additionally, there are examination requirements for each individual standard to ensure an auditor knows the specifics of each audit.

There is a series of audit observation and training requirements that differ for each standard and certification body. Auditors are required to follow codes of ethical conduct, which prevent conflicts of interest. At TÜV SÜD, we conduct rigorous internal reviews to ensure our auditors remain impartial.

Accreditation bodies thoroughly monitor and stipulate criteria for third-party auditing organizations. In addition to the standard-specific requirements, certification bodies are required to adhere to ISO65 and/or ISO17021 and are audited annually by the accreditation bodies to ensure they are behaving appropriately. These requirements cover a broad range from auditors’ evaluation and monitoring to ensuring contracts quality control.


FE: How can testing and inspection be used to improve operational efficiencies and food safety?

Petie: The food safety and quality of finished product are directly linked to that of the raw materials. By designing raw material specifications and conducting product testing and inspection protocols appropriately, food safety can be designed into a product rather than inspected in the finished product, thus increasing operational efficiency.

Starting with the correct materials is more likely to result in the correct finished product, given that all process parameters have been met.

Focusing more on raw material testing also reduces the level of finished product testing and contamination risks, identifying and eliminating problems earlier in the chain.


FE: When a customer approaches the processor, demanding some form of GFSI certification, can preparing for a GFSI audit (e.g., SQF or BRC) with the help of an accredited GFSI consultant flesh out potential trouble spots that might prevent a recall down the road?

Petie: One can never guarantee prevention against a recall; however, minimizing risk is paramount due to the number of variables in the mix. For example, the Peanut Corporation of America produced one of the largest recalls in US history, which led to hundreds of companies, from global corporations to smaller manufacturers, being affected.

All GFSI programs are risk reduction strategies for a business, and although the risks can never be entirely eliminated, the best consultants can and do identify potential issues for clients, adding significant value to their businesses.

As per SQF, not all GFSI standards have programs to register and certify consultants. Also, GFSI does not certify consultants. A consultant, however, offers useful advice and support provided businesses do their research and wisely select qualified, experienced consultants. It is the responsibility of a business to check the credibility and capability of the consultant who should be able to provide a client reference list.


Why should a processor become
GFSI certified?

The GFSI is a nonprofit foundation created under Belgian law with a mission to work on continuous improvement in food safety and quality management systems to ensure confidence in the safe delivery of food to consumers. Regulatory audits are less rigorous in nature and only look at the requirements as established by law. They do not consider quality management systems as GFSI standard requirements do. Regulatory audits are the bare minimum a processor must do to remain in business. GFSI standards raise the requirements to the next level of food safety and continuous improvement.

There are numerous reasons for becoming GFSI certified. GFSI’s primary intent is to ensure food safety to the consumer. It aims to achieve this by:
•    Promoting convergence between food safety standards via a benchmarking process for food safety management schemes. Schemes (e.g., BRC or SQF) must satisfy the requirements of the GFSI benchmark document.
•    Improving cost-efficiency throughout the food supply chain through the common acceptance of GFSI-recognized standards by retailers around the world, i.e., once audited and certified, accepted everywhere.
•    Providing a unique international stakeholder platform for networking, knowledge exchange and sharing of best food safety practices and information.

More and more retailers and international food manufacturers and processors are making GFSI compliance mandatory to continue their approved supplier status.  Retailers such as Walmart and manufacturers such as Coca-Cola have adopted this approach and many more will follow.

FE: If the processor decides to make a change in the process (e.g., plant structure, washing or pasteurization), what steps need to be taken to prevent the fiasco that happened to the cantaloupe producer? Doesn’t it need to go back and redefine the entire HACCP plan? What happens with the GFSI audit that was done prior to the change? In other words, when and how is the GFSI certification updated to reflect major (or minor) process changes?

Petie: When making changes to any of the processes, it is the responsibility of a manufacturer to ensure they are conducted in a controlled and appropriate manner. A processor should use HACCP principles to ensure there is no risk to food safety. This is not the responsibility of any certification body.

A certification body is only responsible for auditing the systems as per the relevant GFSI standard on an annual or six-month basis, depending on the previous audit grade.

Although I cannot comment on the specifics of the cantaloupe producer, it is worth mentioning the particular audit in question was not a recognized GFSI certification audit, and the standards the company was being audited to were proprietary. The business operated under FDA guidelines, but these were not followed.

All changes that may affect food safety must be reviewed by the HACCP team. These changes may include, but are not limited to:

  • Raw materials or suppliers of raw materials
  • Ingredients/recipe
  • Processing conditions or equipment
  • Packaging, storage or distribution conditions
  • Consumer use.


Other aspects for consideration might include:

  • Emergence of a new risk—for example, adulteration of an ingredient
  • Developments in scientific information associated with ingredients, processes or products.

Based upon the extent of the changes, the HACCP [documentation] may need to be totally reviewed. Under GFSI, minor changes should be reviewed at the next scheduled surveillance or recertification audit on a semi-annual or annual basis. 

I cannot stress enough that it is a business’ responsibility to ensure any changes to its processes or products are done so in such a manner that does not compromise food safety. GFSI standards are proven strategies to reduce consumer food safety risks and concerns. 

GFSI programs are audited on either a six-month or annual basis through certification, surveillance or recertification audits to ensure continued adherence to a GFSI standard of the food safety systems implemented within a business. If the systems are not maintained between audits, this will be identified, and recertification will not be granted.

Each standard has slightly different requirements relating to the processor being required to notify the certification body.

For example, BRC Global Standards require notification if there are major changes such as:

  • Manufacturing facilities not taken into account in the original audit
  • New processing technology (e.g., the canning of low-acid products when formerly only high-acid products were in the scope)
  • New products introducing a significant new risk (e.g., the inclusion of a nut-based product to a previously allergen-free site).

Where major changes are identified, the certification body will assess the significance of the changes and determine whether a site visit may be necessary to examine the aspects of the required scope extension.


FE: Eventually FDA-based processors will probably be inspected at some point in the near future. Will this inspection be more exacting than local (county and/or state) health inspectors, and how will it compare with the rigors of passing a GFSI audit?

Petie: While no one has a crystal ball on what will happen with FDA-based processors, regulatory inspections will likely be more exacting than audits performed at the county or state level.

Who will conduct these audits is still unclear as there are major regulatory resources, skills and cost implications associated with the audits. They are unlikely to be as rigorous in content and scope as the GFSI audits due to the holistic approach of the current standards, but will undoubtedly share significant similarities, particularly around the HACCP aspect and the practical application and implementation, albeit from a regulatory viewpoint.

The main difference [is] that regulatory audits can result in a facility being forced to stop producing, whereas GFSI audits do not have the authority to shut down production at any facility.


FE: What other steps can a processor take to increase efficiency and food safety while presenting a positive public image that its food is always safe and fresh to eat?

Petie: The most important measure for preventing foodborne illness and food safety risks is to have a well-trained workforce. If a processor does not have the appropriate level of skills and knowledge in-house, it should hire consultants to bring the business up to speed and train the business’ current employees. Skills and knowledge can indeed be developed through rigorous training of in-house employees.

For more information, visit TÜV SÜD America’s website or contact TÜV.

Contact John Petie, 800-888-0123, or by email.


About John Petie, Food Safety Program Manager, TÜV SÜD America

With more than 30 year’s food safety experience, John Petie holds a bachelor’s degree in food manufacture and an MBA. His expertise is high-care and high-risk, short-shelf-life RTE/RTRH products. Petie worked for a number of blue-chip food manufacturers, developing and implementing quality management systems (BRC/SQF) and best practices both at site and corporate level. For nine years, he provided interim technical management and consultancy services, e.g., systems, technical trouble-shooting, sanitation best practices etc. Prior to joining TÜV SÜD America in 2011 as food safety program manager, he worked for another certifying body and managed a team of 15 auditors.

View a PDF version of this article.