Following the 9/11 attack in 2001, U.S. food regulators began to focus in earnest on preventing deliberate attacks on the food supply. Historically, this resulted in the passing of the Bioterrorism Act in 2002 that resulted in new requirements for the food industry around registration requirements, submitting prior notice for imported foods, and product tracking. However, FDA regulated food companies were not required to put in a “Food Defense” program – until now. FSMA now requires registered firms to determine if they need a food defense plan, and they have about one more year to get such a plan in place. While incidents where food is deliberately contaminated with the intent to cause harm are rare, they can pose a significant threat to public health and severely tarnish the reputation of a company. One of the first documented cases of intentional adulteration of food was reported in The Dalles Chronicle, Oregon, where the food in salad bars at several restaurant locations in town was purposely contaminated with Salmonella by leaders of a cult who wanted to sway the results of local elections in 1984. Efforts devoted to preventing such criminal actions are captured in the notion of food defense, which is not a new concept. What is new about food defense is its mandatory compliance nature under FSMA and the modified approach that FDA has delineated for food manufacturers to follow in preventing intentional adulteration. FSMA’s Intentional Adulteration (IA) rule – officially known as Mitigation Strategies to Protect Food Against Intentional Adulteration – was made effective on July 26, 2016 and is, per FDA, “aimed at preventing intentional adulteration from acts intended to cause wide-scale harm to public health, including acts of terrorism targeting the food supply.” What are the FDA expectations for your company? At first read, the expectations can sound daunting. TAG has developed a program to help companies understand their risks around food defense, and put a food defense plan in place that will address the new FSMA requirements. The basic requirements are that FDA-registered facilities operating domestically or overseas are covered by the requirements of the IA rule unless the company is making less than $10 million in sales annually; is an animal food or alcoholic beverages producer, a farm, a foodservice operation or a very small business; or qualifies under a short list of some additional exemptions. While not expected to be as resource intensive as a Food Safety Plan, covered facilities are required to develop a similarly structured food defense plan that addresses significant vulnerabilities identified through a vulnerability assessment. Special focus should be placed on high-risk activities at (actionable) processes, steps and procedures defined by FDA as most vulnerable in food production (regardless of the food commodity), such as bulk liquid receiving and loading, liquid storage and handling, secondary ingredient handling, mixing, and similar activities. Consistent with the overall FSMA approach to food protection, specific science- and risk-based criteria should be used when assessing the criticality of each step, point or procedure. At a minimum, companies need to consider the potential impact to public health, the degree of physical access to product, and the ability of an attacker (including an insider) to successfully contaminate the product. The food defense plan should then stipulate the mitigation strategies that have been identified and implemented to provide assurances that the significant vulnerability at each actionable process step will be significantly minimized or prevented. Procedures are required for monitoring the consistent application of those mitigation strategies (including frequency) as well as verification procedures to ensure that they have been implemented. Corrective actions must also be defined for cases in which the mitigation strategies are not properly implemented, with detail on how the problem will be corrected and the likelihood of future occurrence minimized. IA rule compliance is also to include employee training and awareness-raising as the first line of defense in protecting against intentional adulteration of food. This also should address proper implementation of mitigation strategies at actionable process steps and certain components of the food defense plan, particularly for those employees and supervisors responsible for specific elements of the plan. Documentation of all elements of the food defense plan, including training, is required and subject to verification by the agency. A reanalysis of the food defense plan is required at least every three years –or earlier upon the identification of new or increased vulnerabilities, evidence of mitigation strategies not being properly implemented, new information becoming available regarding new threats or scientific developments, and/or FDA request. How does TAG recommend your company prepare for compliance with the IA rule? For companies covered by this Food Defense FSMA rule, the compliance deadline is fast approaching, with the first wave of businesses having to meet its requirements my mid-2019. Now is the ideal time for companies to identify vulnerabilities and implement effective mitigation strategies that will help prevent deliberate acts intended to cause wide-scale harm to public health, as well as assessing and confirming the effectiveness of their food defense systems. To do so: Gather an interdisciplinary team for conducting a vulnerability assessment focused on the critical aspects of your business that could be more prone to deliberate attacks. Consider having a penetration assessment of your facility and operations in which an unauthorized person attempts to access the facility or a specific area within the facility to see if their activity is noticed and challenged. Identify effective mitigation strategies using internal expertise as well as resources available from regulatory agencies, academia and industry organizations. Provide engaging training to both line workers and supervisors to raise awareness of food defense. Creating a Food Defense plan can appear complex, so let TAG help you understand what you have to do and assist you in undertaking your food defense vulnerability assessment and Food Safety Plan build. With vast experience in conducting vulnerability assessments, penetration challenges, mitigation strategies identification, and robust food defense plan development and implementation, TAG can effectively complement your efforts in food defense. Contact us here. About The Acheson Group (TAG) Led by Former FDA Associate Commissioner for Foods Dr. David Acheson, TAG is a food safety consulting group that provides guidance and expertise worldwide for companies throughout the food supply chain. With in-depth industry knowledge combined with real-world experience, TAG’s team of food safety experts help companies more effectively mitigate risk, improve operational efficiencies, and ensure regulatory and standards compliance. www.AchesonGroup.com
