New challenges are coming into focus as food companies move from writing their FSMA safety plans to using them day-to-day to monitor for hazards.
This changeover is moving the industry closer to the heart of the law, says David Acheson, MD, CEO and president of The Acheson Group consulting.
“It (FSMA) really was built to change the way that food companies look at food safety forever in terms of ongoing controls,” Acheson says. “It was truly going to be driven by how effective you are in managing those risks on an ongoing basis.”
With the FDA beginning to shift from a mostly educational phase to the era of enforcement, safety managers and quality assurance teams are learning the best ways to react to preventive controls (PC) data.
Some teams are grappling with monitoring bacterial swabs, are fine-tuning responses to murkier potential threats like radiation and are facing FSMA’s final major rule requiring plans to defend food from intentional alteration.
FDA inspections aren’t focused largely on FSMA yet, but consultants say they are hearing from small numbers of clients that need help improving plans based on FDA findings.
For the majority of companies whose plans haven’t been inspected and might not be for a while, the consultants advise them not to get complacent: Inquiries about hazard controls will ramp up in the coming years as the FDA trains more inspectors in what to look for.
Software helped with speedy, smooth inspection
“Keep your eye on the ball in recognizing you’ve got to move from the build (of the plan) to the maintenance,” says Acheson, a former FDA associate commissioner for foods.
In the meantime, quality assurance teams and food safety managers are still in a learning curve at some companies on how to best use data collected for FSMA.
Disconnect with leadership
For starters, executives often want explanations about what’s needed to implement the plans after the initial wave of action to write the documents, consultants say.
“The C-suite is saying, ‘What do you mean you need more, you need us to continue to invest in this?’” Acheson says.
The food safety manager might have to show that the company is monitoring a couple dozen new things and running an ongoing supplier approval program. And without corrective actions, the company would get dinged on inspections.
“It’s that sort of transition that’s the challenge,” he says.
What do we do with all this data?
Food safety workers wrestle with finding clues in data that might indicate a bigger, undiscovered risk. When they catch a problem, they need to develop a “seek and destroy” mentality toward the hazard, Acheson says.
For example, if a drain with Salmonella is verified cleaned, but the bacteria keeps returning after disinfecting, a safety manager’s thinking should evolve to consider whether the data is “telling us a story,” he says.
“Is there some source that we haven’t found? Or is this just pure dumb luck that the same drain is positive four times in a row? Typically, no. Typically, there’s something behind that.”
With some plants taking more swabs, companies are figuring out which locations to test and how many samples are needed, says Kathy Knutson, who advises companies and trains safety workers through Kathy Knutson Food Safety Consulting. Striking a balance is important because environmental testing is costly.
The FDA expects that the safety team and the PCQI will do trend analysis to map hits over time and look for clusters and problem sites, she says.
“There’s going to be a big disparity in the industry in that the large companies have the resources to do that, where the small companies, I can certainly see that they would be struggling with what to do with all this data.”
Fixes can be expensive
Because monitoring is relatively inexpensive and reacting quickly to problems can be costly, one potential pitfall could be that firms establish monitoring procedures without having entrenched plans to respond to results, says Charles Breen, an independent FSMA consultant for EAS Consulting Group.
“Most food firms want to do it right. Many food firms struggle with what doing it right really means when it runs up against production deadlines, profitability and things like that,” he says. “FSMA is a motivator, if nothing else, to prevent economic interests from trumping health and safety interests.”
He reminds companies that the short-term cost of a fix is much less than the cost of a recall.
He finds that small food firms are prepared to spend on corrective actions because they know that failing to solve a safety problem could lead to bigger expenses that put them out of business.
However, some big companies with a lot of tight fiscal controls haven’t loosened them enough to react to problems early, he says.
Really monitoring suppliers
With FSMA’s requirement to manage risks from suppliers, companies use varied methods, including ordering a third-party audit if they find an ingredient containing Salmonella, for example.
But Acheson cautions against meeting the regulatory requirement with simple “box-checking” by ordering audits, a potential danger when resources are tight. “Have you really understood the risk? That’s where we try to take our clients, to go above and beyond just the straight regulatory compliance.”
Breen says that food importers and brand name holders that contract with others to process their products need to ask the same type of questions to unearth problems.
For instance, with bacterial hazards in ready-to-eat foods, companies ask manufacturers for results of environmental sampling to verify that a remedy worked. Companies send their employees to suppliers to do inspections, and if third parties are brought in, Breen notes that businesses sometimes have to verify that those auditors are doing their jobs properly.
For unintentional cross-contact with allergens, a top reason for recalls, companies need to ensure suppliers don’t change their formulas without notification, Breen notes.
The supplier verification process is challenging, but “in large part all of these concepts have been proven to be effective,” he says.
Brian Kellerman, chief regulatory officer of Kellerman Consulting, says large suppliers typically have documentation in order to meet customers’ needs, but smaller operations find it more difficult to become approved suppliers.
Radiation hazard confusion
Kellerman, who previously ran a company’s GFSI program, says one PC that is bewildering food companies is how to address possible radiological risks. Client surveys show the majority, especially among pet food companies, are not doing radiation assessments, but they should be, he says.
Many smaller businesses aren’t aware of the requirement until the FDA asks for their assessments, and companies of all sizes feel overwhelmed when working on plans, he says. But a simple approach works.
First, think about whether operations are affected by a major known radiation source, he says.
For example, Pacific Ocean seafood could have a risk because of the 2011 nuclear plant disaster in Japan, he notes. But companies using corn from an Iowa granary could indicate a low environmental risk.
He recommends straightforward steps including:
- Asking for radiation statements from suppliers of all electrical equipment, even though machinery typically isn’t a source of significant radiation
- Researching publicly available information about radiation sources in the area of plants
- Collecting radiation assessments from ingredient suppliers
“There has to be an attempt to do some research. There has to be some reaching out to suppliers, and there has to be a reaching out to equipment manufacturers.”
Working out the bugs
As companies use the safety plans, consultants expect they will need several years to tweak them for maximum efficiency, realigning some parts as they learn whether responses worked well. And some will find they simply need to increase their responses.
Kellerman says he finds that plans that run too long usually come from people with less expertise. He helps shrink plans to a size that employees will read.
“If it’s too long, people won’t read it. If they don’t read it, it’s not worth anything,” he says.
Looking further ahead: After food safety plans are implemented, companies will have to turn around to reanalyze them at least every three years.
The evolving FDA inspection
FDA inspectors haven’t flipped a switch and started intently reviewing FSMA compliance, Acheson says. “I’m looking at several years before the inspectors really get comfortable with what this should look like, and that might create a false sense of security and complacency with food companies.”
He still hears mostly from clients proactively trying to ensure their plans are good enough, instead of reacting to 483s for FSMA violations. But one company was written up when asked for its foreign supplier verification plan and the answer was basically “My what?” because the firm didn’t know it needed one, he says.
Consultants say companies with low-risk products, such as coffee roasters and bakeries, aren’t getting heavy enforcement.
“The tricky part is everybody in industry wants to know if they’re going to get inspected,” Knutson says.
The FDA won’t tell, she says, but it advises companies to monitor a few indicators that could increase their inspection chances:
- Problems detected at a competitor, a supplier or a sister facility
- Published warning letters on problems your business might face
- Recalls for a similar product or an ingredient your product uses
With FSMA, regulators still are expected to focus resources on large problems, she says. “From the FDA perspective, it’s all about wide-scale public harm.”
Breen, who conducts mock inspections with clients, says companies he works with are still being inspected more for GMPs than PCs, but the FDA is not hesitating to take action if there is a health risk because of poor FSMA implementation.
He has started to get a few new clients whose plans came up short. They’re “the ones who did their best, and now that FDA is inspecting, are finding their best wasn’t exactly what FDA wanted.”
Breen also is hearing about inspections of importers, who are adjusting to monitoring risks from foreign suppliers for the first time. A minority of importing businesses—though still a large group—haven’t documented their strategies, with some hoping to get around to it before the FDA gets to them, he says. “The most frequently cited deficiency in the Foreign Supplier Verification is: You’ve got no plan,” he says.
Historically, FDA inspections captured a snapshot of how clean a plant was on the day the reviewers visited, Breen says. With FSMA giving the agency the right to look back at documentation, inspectors will check whether plants operated properly weeks, months and years ago.
“The FDA will be spending more time looking at records, possibly less time on the factory floor,” he says.
Kellerman says he’s glad the old mentality of “don’t tell the FDA anything” is over.
“When they show up, they no longer have to prove some sort of problem in order to get access to what is going on in that facility.”
Up next: food defense
Many companies aren’t thinking much yet about FSMA’s requirement that they create plans to try to prevent someone—like a disgruntled employee or a plant visitor —from purposely tainting food, consultants say. The largest companies are expected to comply with the last of FSMA’s seven pillars by July.
Key employees at companies that have started formulating plans often are confused and overwhelmed about how much plants should do to head off tampering, advisers say.
David Acheson, CEO and president of The Acheson Group consulting, says one food defense expert at a large company suggested the only way to keep the product safe was to put cages over all conveyor belts. But that would be a nightmare to clean and would cost millions.
“You can start to see dozens and dozens and dozens of places where somebody could do something harmful. And then companies go into a tailspin,” he says. “We’ve lost our way on this.”
The intent is to identify single points of attack that could lead to mass casualties, experts say. Consultants advise against sophisticated, expensive safeguards, at least until FDA inspectors start to indicate whether more is needed.
Experts’ examples of simple fixes easily maintained over time include:
- training employees about new prevention methods
- installing cameras to monitor some areas (like conveyor belts)
- limiting access to high-risk areas with key fobs and IDs, which most plants already use
- using visual identifiers to differentiate among employees authorized to work in specific areas, such as smocks in varied colors
- seals on trucks to show that loads haven’t been compromised
“We can’t expect food companies to invest tens of millions of dollars to put something in place (to protect against something) that probably isn’t going to happen at all to them,” Acheson says.
Hank Karayan, global FSMA program director for SGS inspection and certification company, says companies that are certified to third party schemes may already have some intentional adulteration aspects covered within their food safety programs.
“For this category of companies, upgrading to FSMA IA is less of a task than those going through the exercise for the first time,” he says.
The most important aspect of intentional adulteration prevention is having trained resources to develop the food defense plan, he says.
“It would be a good idea to have their system assessed by a different set of eyes, to make sure they’ve covered all potential areas of intentional adulteration risks and vulnerabilities in their food defense plan.”
A lot of food companies are still trying to get a handle on their preventive controls, and switching gears to food defense might prove difficult because it requires a different approach, says Kathy Knutson, who runs Kathy Knutson Food Safety Consulting. She expects to be busy in the next year and a half helping companies making that transition.
Engineers’ input will be helpful because so much of food defense planning is equipment-based, she says.
Companies will ask questions like: How are we keeping the storage tank safe? How much access do people have to ingredients when they’re moved from one piece of equipment to another?
“The engineers are going to understand the conveyance, the access, and they’re going to be heavily involved.”
For more information:
The Acheson Group, www.achesongroup.com
Kellerman Consulting, www.kellermanconsulting.com
EAS Consulting Group, www.easconsultinggroup.com
Kathy Knutson Consulting, firstname.lastname@example.org
Report Abusive Comment