Final IA Rule Guidance Released; Inspections to Begin
Updated: Mar 5
On February 13, FDA released the third and last installment of the draft guidance for FSMA’s Intentional Adulteration (IA) Rule, for which inspections are to begin this month (March 2020). In this issuance, rather than adding the new chapters to the existing guidance and noting them as “new,” FDA issued a supplemental publication containing only the new chapters. This publication finalizes the draft guidance last published in March 2019 with chapters on food defense corrective actions, verification, reanalysis, and recordkeeping. It also includes appendices on FDA’s online Mitigation Strategies Database and how businesses can determine their status as a small or very small businesses under the rule.
Following are brief overviews of the newly published chapters, and some thoughts on key points.
Food Defense Corrective Actions (Chapter 5). The IA Rule requires the establishment and implementation of written food defense corrective actions procedures that must be taken if mitigation strategies are not properly implemented. These are to describe the corrective actions steps you would take to identify and correct the problem and, when necessary, reduce the likelihood of recurrence. Corrective actions must be appropriate to the nature of the actionable process step and the nature of the mitigation strategy. As such, the chapter discusses how food defense corrective actions differ from food safety corrective actions; procedures; implementing corrective action and awareness training for an improperly implemented mitigation strategy that could result in intentional adulteration; and corrective action procedures and records. This chapter also provides examples of food defense corrective actions procedures for scenarios listed in Chapters 3 and 4, which were published in prior installments.
Food Defense Verification (Chapter 6). Food defense verification is the application of methods, procedures, and other evaluations, in addition to food defense monitoring, to determine whether a mitigation strategy or combination of strategies is or has been operating as intended according to the food defense plan (FDP). Verification is one of three mitigation strategies management components, as FDA allows flexibility in identifying and implementing the verification procedures a facility deems most appropriate. The verification activities must be documented to include, as appropriate, verification that food defense monitoring is being conducted, that appropriate decisions about food defense corrective actions are being made, that mitigation strategies are properly implemented and significantly minimizing or preventing the significant vulnerabilities, and verification of reanalysis. The chapter also discusses how verification of mitigation strategies differs from that of preventive controls, as well as the needed documentation and some scenarios.
Reanalysis (Chapter 7). The purpose of the reanalysis is to determine whether your FDP continues to be current and accurately reflect your significant vulnerabilities, and whether your mitigation strategies and mitigation strategy management components remain appropriate for your facility. A reanalysis will not always lead to changes needed in the FDP, but if it is determined that there is reasonable potential for a new vulnerability or a significant increase in a previously identified vulnerability, you must revise your written FDP or document why no revision is needed. Reanalysis is required at least once every 3 years, and when:
A significant change made in facility activities creates a reasonable potential for a new vulnerability or a significant increase in a previously identified vulnerability.
You become aware of new information about potential vulnerabilities associated with the food operation or facility.
A mitigation strategy, strategies, or the FDP as a whole is not properly implemented.
To respond to new vulnerabilities, credible threats to the food supply, and new scientific understanding (including results from the DHS biological, chemical, radiological, or other terrorism risk assessment).
The chapter also discusses circumstances requiring a reanalysis to include every three years, and reanalysis required by FDA, voluntary reanalysis, conducting a reanalysis, timeframe for completing a reanalysis, and documentation.
Recordkeeping (Chapter 9). The IA Rule requires the activity-concurrent creation and maintenance of records on activities related to the FDP, including vulnerability assessment, mitigation strategies, food defense monitoring procedures, food defense corrective actions procedures, and food defense verification procedures; as well as your food defense monitoring of mitigation strategies; corrective actions, verification activities, FDP reanalysis, and training. FDA accepts a variety of record types (e.g., original handwritten logs, forms with handwritten entries, and true copies of invoices or shipping documentation, as well as a combination of paper and electronic records) as long as they meet the requirements of 21 CFR 121.305. Additionally, they must be accurate, indelible, and legible; created when activity is performed; include facility identification, date and time; signature or initials of the individual performing the activity recorded; and product identity and lot code. The chapter also discusses additional requirements for food defense monitoring and for the FDP, record retention, offsite record storage of records; existing records; and protecting records. It is important to note the Food Defense Plans will be treated as “Trade Secrets” are treated, and as such, are protected from a FOIA request.
Mitigation Strategies Database (Appendix 2). FDA’s online Food Defense Mitigation Strategies Database (FDMSD) contains a collection of potential mitigation strategies that could be implemented to significantly minimize or prevent significant vulnerabilities at actionable process steps. Its use is voluntary, and it is intended as a starting point, so facilities can customize and tailor the strategies to their specific circumstances.
Small and Very Small Businesses Status (Appendix 3). This appendix defines small and very small businesses under the IA rule, noting that the requirements do not apply to a very small business, except that they must, upon request, provide documentation showing that it meets the criteria for the exemption; this must be retained for two years. It also includes examples of calculations to determine the applicability of a small, very small status.
On December 2019, the FSPCA IA Food Defense Plan Preparation and Reanalysis online course was released which provides training on the above chapters.
TAG can assist your food defense efforts, providing vulnerability assessments, Food Defense Plan preparation and assessment, identification and implementation of mitigation strategies, onsite penetration assessments, and awareness and specialized training. Give us a call today to ensure your program is the best it can be – and you are prepared for FDA IA inspections.
If you haven't yet subscribed to TAG's COVID-19 Resources & Updates, now is the time to do so! Stay updated and increase your understanding of this evolving global coronavirus through our Daily Updates, Advice for Food Industry, and perspectives on What can you (we) all do. Subscribe here.
About The Acheson Group (TAG): Led by Former FDA Associate Commissioner for Foods Dr. David Acheson, TAG is a food safety consulting group that provides guidance and expertise worldwide for companies throughout the food supply chain. With in-depth industry knowledge combined with real-world experience, TAG's team of food safety experts help companies more effectively mitigate risk, improve operational efficiencies, and ensure regulatory and standards compliance. www.AchesonGroup.com