In our January 2018 FSMA Fridays session, Rolando Gonzalez, PhD of The Acheson Group joined Brian Sharp, VP Marketing at SafetyChain to discuss FSMA-related news, including recently released guidance documents, which include those that provide clarification on the Foreign Supplier Verification Program and guidance pertaining to the Produce Safety Rule. The session included a an exploration of the topic of food defense, including explanations of the Intentional Adulteration Rule, regulatory approach to food defense, upcoming compliance dates for IA Rule, and a discussion of food fraud. Dr. Gonzalez provided an overview of what the industry should do to get ready for compliance with the IA Rule, including the establishment of Food Defense Plans.
In recent weeks, the FDA has released new guidance for both human and animal food manufacturers to clarify program requirements. Additionally, it has released more detailed requirements for foreign supplier verification programs, and due to the projected impact of the Food Safety Modernization Act (FSMA), it has also announced guidance outlining areas where enforcement discretion will be exercised. With that said, the discretion will only be exercised in four of FSMA’s rules. FSMA food defense should therefore remain very much a priority for companies covered by the rule.
In particular, companies should have a strategy in place to satisfy the Intentional Adulteration (IA) Rule, which requires food and beverage companies to prevent or significantly minimize any acts of intentional or deliberate contamination of food supply which could have an impact on public health. FSMA’s IA Rule is similar to the approach set forth by HACCP, with a few key differences. However, many of the efforts companies already have in place will likely aid in their ability to comply with the IA Rule.
What Is Food Defense?
Food defense addresses the risk of intentional harm to public health, and should therefore not be confused with food safety or food security. One example of an intentional attack on public safety via food is the 1984 Rajneeshee bioterror attack, which took place in The Dalles, OR. Followers of Bhagwan Shree Rajneesh, leader of the Rajneesh movement, used salmonella to contaminate salad bars at ten local restaurants in an attempt to intentionally poison the voting population so their candidate would win an upcoming election. Although rare, these types of attacks can have a significant impact on public safety.
The Regulatory Approach to Food Defense
From an FDA perspective, hazards in food defense are considered to be vulnerabilities. The aim of the IA Rule is to have companies assess their potential vulnerabilities throughout food manufacturing and handling operations. While each company can perform a more extensive assessment of their own vulnerabilities, the FDA has identified four key activity types which pose the greatest potential risks:
- Bulk liquid receiving and loading
- Liquid storage and handling
- Secondary ingredient handling
- Mixing and similar activities
Who Is Covered by IA Rule & When Does It Apply?
Companies must register with the FDA to be covered by the IA rule. Compliance dates for varying company sizes are as follows:
- Large businesses: July 26, 2019
- Small businesses: July 27, 2020
- Very small businesses: July 26, 2021
There are some exemptions, including companies making less than $10 million annually, animal food producers, farms, and alcoholic beverages. However, it should be noted that facilities do not have to be U.S.-based to be impacted; those exporting to the U.S. must comply as well.
EMA/Food Fraud
EMA, or economically motivated adulteration, is often referred to as food fraud. As the intentional substitution of ingredients for economic purposes, it is not performed to intentionally cause public harm. Nonetheless, there have been instances in which EMA has caused public harm, such as when companies unknowingly substitute ingredients with potential allergens. While EMA prevention should be a part of an overall food defense strategy, it is not covered by IA Rule and instead is encompassed by the preventive controls rule for human food.
How to Prepare for IA Rule
To prepare for IA Rule compliance, companies should adopt a Food Defense Plan with the following key steps:
- Perform a vulnerability assessment
- Implement mitigation strategies to prevent or significantly minimize the appearance and potential impact of intentional adulteration
- Continuously monitor the program performance
- Implement corrective actions
- Verify the program is working by performing routine reanalysis
- Document all of the above with clear, accessible records
As with any aspect of FSMA, effective record keeping practices are critical. As the saying goes, “If you didn’t write it down, it’s as if you never did it.”
What to Expect from the FDA in 2018
Because compliance isn’t due for IA Rule until 2019, the industry won’t see much enforcement or action this year. With that being said, it’s projected that the FDA will take a tiered approach. They may start by looking at the basic elements of the food defense plans for each of the registered companies to identify the highest risks. Thereafter, they may begin to perform the most comprehensive inspections at the tier with the highest risks before taking a more widespread approach.
Although the industry has more than a year to comply with the rule, now is the time to adopt a powerful Food Defense Plan. By putting a plan in place and developing a strategy for effective records management, companies can become primed for enforcement and prevent the hassle and stress caused by last-minute preparations.
Missed the session? Click here to access the recording.
Click here for the presentation deck on SlideShare.
SafetyChain Software is a cloud-based food quality management system that reduces costs, waste, and risk for food companies. Our powerful FSQA platform gives quality and operations managers an easy-to-use tool to automate compliance, safety, and quality programs while providing valuable real-time data to help optimize operations. Learn more at https://safetychain.com.