In June’s FSMA Friday webinar, SafetyChain caught up with Dr. Peyman Fatemi of The Acheson Group (TAG) to discuss key elements of FSMA’s recently finalized Food Defense rule.
Here are the key highlights from this informative session including what the FDA expects from your food defense plan and tools to get you started. Though as always the complete session recording is available at: https://www.safetychain.com/webinars-events/
Vulnerability Assessment: Identifying where you are at risk – and FDA Tools to Help
The Food Defense rule may be considered one of the more straightforward legislative components of the Food Safety Modernization Act (FSMA) as its sole focus is preventing the adulteration of food products, which are intended to cause wide-scale public health harm.
But developing a plan that identifies and mitigates vulnerabilities to achieve the required level of public health protection requires activities that may be new to some.
Conducting a vulnerability assessment to identify susceptible entry points and processes, which provide opportunities for an attack, draws parallels to the steps one would take for conducting a hazard analysis—but they are not the same.
This is why the FDA developed the Food Defense Plan Builder (FDPB), an online software program to guide users through vulnerability assessments and determining appropriate mitigation strategies.
Interestingly, the rule excludes assessment of economically motivated adulterants (EMA’s) as they are covered by the Preventive Controls rule since the motivation is economic as opposed to intentional.
Identifying significant vulnerabilities with a high degree of public exposure is a critical aspect of the Food Defense rule. Specifically, the rule is most concerned with directing large companies at guarding the food supply chain against intentional attacks as their products reach a greater number of people.
Additionally, the rule strives to identify weaknesses in the process and supply chain, which can lead to widespread dissemination of food hazards.
As Dr. Fatemi notes, “they [FDA] are going to be paying special attention and focusing on certain process access points such as bulk liquid receiving and loading, liquid storage and handling, [and] secondary ingredient handling whether [the] ingredient is being added and mixing in similar activities.”
Vulnerability assessments must consider the severity and scale of the public health impact. From a product and hazard standpoint, a supplier must evaluate how much of the consumed product will cause harm, the nature of hazardous agents and infectious dose, and the timeframe for reaching the public. From a facility and operational standpoint, opportunity to adulterate product must be considered. For example, is the perimeter secure preventing unauthorized access? Or, are products secure in tamper-resistant packaging?
Once vulnerability is assessed and identified, the next step is developing and implementing mitigation strategies (i.e., controls) to prevent potential attacks.
Identifying a Plan to Mitigate Risks and Putting It Into Action
While food businesses affected by the rule likely have existing security measures, they may need to add to these to mitigate identified vulnerabilities. Mitigation strategies must be identified in the food defense plan and should be validated to ensure efficacy and protection.
Just like the food safety plan, the written food defense plan must include management activities to ensure consistent implementation. This includes monitoring of mitigation strategies, corrective action when monitoring indicates the strategy is not working and verification of the effectiveness of controls to ensure vulnerabilities cannot be exploited to cause harm.
Where monitoring indicates a problem, proper corrective action of mitigation gaps must extend beyond an immediate correction, be documented and correct the root cause failure. This in important aspect of the rule as Dr. Fatemi points out in his example of an external door left open.
Clearly, a simple way to correct site vulnerability in this scenario is to close the door and put a lock on it. But does this solution prevent the problem from recurring? Where monitoring identifies that the locked door strategy is not effective, the facility is responsible for documented corrective action, which ensures the door remains locked.
Subsequently, reanalysis of the plan may be appropriate to reevaluate ineffective controls. Additional tools provided by the FDA to assist with plan development or reanalysis include the Food Defense Mitigation Strategies Database (FDMSD) , which provides potential solutions to mitigate vulnerabilities at specific points, steps or procedures. At a minimum, the food defense plan must be reanalyzed every three years.
And as always, SafetyChain and TAG is here to help you...
The Acheson Group (TAG) can help you interpret how the Food Defense rule applies to your business; help identify gaps in your current defense plan and more - visit www.achesongroup.com to get connected.
SafetyChain’s comprehensive food safety and quality solutions provides the tools you need to more effectively manage your FSQA operations – and ensure FSMA compliance and audit-readiness. Schedule a consultation with SafetyChain today to learn more!
And of course be sure to join us for our next FSMA Fridays – taking place July 29. Special extended session this month focuses on what FSMA compliance really means. If you’re not part of our FSMA Fridays series yet – join today @ https://safetychain.com/resources/fsma-fridays/