US Food and Drug Administration demands tougher food defense plans for food processors

By Sascha Matuszak

Table of Contents

On March 5, the U.S. Food and Drug Administration (FDA) released draft guidance related to the “Intentional Adulteration” rule, one of the seven rules that make up the Food Safety Modernization Act (FSMA). The rule, also known as the Mitigation Strategies to Protect Food Against Intentional Adulteration rule, requires that companies implement documented mitigation strategies, similar to what is often known in the food industry as a “food defense” plan, but with some additional requirements not found in traditional food defense programs.

The food defense plan is in essence a compliance program focused on critical points within the food supply chain that carry the risk of tampering. Companies are required to do a thorough risk assessment, implement mitigating measures, monitor and audit implementation, and document each step along the way. As with the other rules contained within FSMA, the Intentional Adulteration rule has staggered deadlines for compliance based on facility size. The first deadline, intended for the largest enterprises, occurs in July 2019. Small businesses, defined as businesses employing fewer than 500 persons, must be in compliance by July 2020. Very small businesses, those with less than USD 10 million in sales of total manufactured, processed, packed or held food, must be in compliance by July 2021.

This most recent draft guidance, “Mitigation Strategies to Protect Food Against Intentional Adulteration: Guidance for Industry,” revises and updates previous guidance and includes topics, such as:

  • “the components of the food defense plan;

  • “how to conduct vulnerability assessments by

    1. “using the four Key Activity Types method (bulk liquid receiving and loading, liquid storage and handling, secondary ingredient handling, mixing and similar activities),

    2. “evaluating the Three Fundamental Elements (potential public health impact, degree of physical access to the product, ability of an attacker to successfully contaminate the product), or

    3. “using the Hybrid Approach, which is a combination of the Key Activity Types and Three Fundamental Elements methods;

  • “how to identify and implement mitigation strategies;

  • “food defense monitoring requirements;

  • “education, training, and experience.”

From checklist to compliance

Prior to the introduction of the FSMA, the private food industry relied primarily upon the Global Food Safety Initiative for information, data, certification, and networking relating to food safety. Much of the current FSMA regulation was adopted from Global Food Safety Initiative standards and platforms, but there are gaps.

One of the biggest gaps involves the transition from a checklist approach to an approach that incorporates the major elements of a legitimate compliance program. The new requirements are similar to the FDA’s Hazard Analysis and Critical Control Points approach, which involves a systematic approach and the establishment of a dedicated team that focuses on the risks and mitigation strategies for each product. The FDA’s requirements under FSMA and the Hazard Analysis and Critical Control Points approach have much in common with the seven elements of an effective compliance program:

  • Creating standards policies and procedures.

  • Administration.

  • Communication, education, and training.

  • Monitoring, auditing, and risk assessment.

  • Internal reporting system.

  • Investigation and remediation efforts.

“A lot of companies understand the importance of food security,” said Jon Kimble, Senior Food Safety Manager at the Safe Food Alliance, a California-based association that provides training, certification and audits to the food industry. “But many are still using the older checklist system, and that is not what the FDA requires.”

The initial mantra of the FDA as they rolled out FSMA regulations was “educate then regulate,” to reflect the time needed to understand the law and get compliant with it. That slogan morphed into “educated while we regulate” as more deadlines passed and the rules of FSMA became final, binding regulations. With the posting of the final guidance to the Intentional Adulteration rule and the deadline just three months away, the clock is ticking for those companies that have not yet implemented a food defense plan, as required by the FDA.

“The FDA will enforce this rule,” Kimble said. “If they perceive a risk, they will take action right away; or if they have inspected a facility and identified necessary changes in the operation, they will take action in their next visit if those changes have not been implemented. Under FSMA they have new authorities which allow them to take decisive action where necessary.”

The FDA has three primary ways to enforce compliance:

  1. Hourly re-inspection fees (approx. USD 225 per hour).

  2. Product recalls.

  3. Suspension of facility registration.

Items 2 and 3 are generally reserved for situations in which there are clear risks to the public. The real driver for compliance, however, is market reaction. Contamination of the food supply chain can and will result in public backlash and downstream buyers refusing to do business with the negligent company, resulting in loss of reputation, brand value and market access.

Training, worksheets and templates

The FDA released guidance in December 2018 that included an online training course, “Conducting Vulnerability Assessments using Key Activity Types,” and as well as various training materials and free tools and resources. The training course is operated in collaboration with the Food Safety Preventative Controls Alliance, an industry alliance whose mission it is to “support safe food production by developing a nationwide core curriculum, training and outreach programs to assist companies producing human and animal food in complying with the preventive controls regulations that will be part of the [FSMA].” The Alliance has an extensive list of training materials and resources available to food processors to help with compliance, including four online courses (two of which are free). They are also currently developing a 1.5-day training course for those who are responsible for implementing these documented programs.

The FDA provides training and certification for this final rule, such as this video, “Guarding Against Intentional Adulteration of Food,” as well as other free tools, including the Food Defense Plan Builder, software designed to “assist owners and operators of food facilities with developing personalized food defense plans for their facilities” and mitigation strategies databases.

There are also multiple certification bodies and industry associations, such as the Safe Food Alliance, that can help companies comply with the many of the FSMA’s requirements.

Takeaways

  • The Food Safety Modernization Act’s Intentional Adulteration rule will reach its first deadline in July 2019. All large food processors operating within the U.S. market are required to comply.

  • Although most companies are not currently in compliance with the rule, especially the “food defense plan” requirement, the U.S. Food and Drug Administration and other organizations have tutorials, certifications and other resources available to help these companies become compliant.

This publication is only available to subscribers. To view all documents, please log in or purchase access.
Purchase Login


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings