Back in the 1980s in Wasco County, Ore., an extremist group sought to sway election results by poisoning people. They did so by contaminating 10 restaurant salad bars with Salmonella, and 751 people got sick.
In 2014, thousands in Japan became ill after eating food laced with 2.6 million times the allowable level of the pesticide malathion. This was the work of a disgruntled employee from a frozen food company. Before it was over, 6.4 million bags of frozen food were recalled.
This past December, two boys, aged 12 and 13, broke into a Sioux City, Iowa, honey farm and knocked over all of the hives. No bees survived the winter temperatures and the business was devastated.
Political gain. Revenge. Plain old vandalism. The motives and the methods are different, but these three stories have several things in common: the companies were completely unprepared for these actions; and the business and the brand were harmed.
There are many more stories, and with the increasing globalization of the food supply chain, there will be many more opportunities for the intentional contamination of food. No one in our industry is exempt from the threat.
Food Defense in a Global Supply Chain
We live in a country where food from everywhere in the world enters our food supply chain every day. We are truly fortunate to have such choice. But we must also ask ourselves how many steps are in place to protect those products on their journey?
A classic illustration is milk. It is stored at individual dairy farms, transported from farm to farm via tanker truck, moved to a co-op, transferred to a dairy milk processor and moved through storage tanks, mix tanks, homogenizers, and fillers, and finally into a carton destined for a state-wide school system. The possible points of entry for an attack are numerous, and the impact both emotional and physical in loss of life and suffering would be devastating.
These very real threats have been recognized by the U.S. government and the voluntary Global Food Safety Initiative (GFSI) benchmarked standards, which contain criteria for food defense. With the passage of the Food Safety Modernization Act (FSMA), the Intentional Adulteration rules and regulations have been put in place. These state that you must develop and implement a food defense plan that includes: a vulnerability assessment; mitigation strategies; monitoring, corrective actions, and verification procedures; and training and recordkeeping.
At a minimum, the food defense plan must be reanalyzed every three years. Records of all activities must be maintained for two years.
If a vulnerability assessment is an evaluation of each point, step, or procedure in your food operation to identify significant vulnerabilities and actionable process steps, the parallels to Hazard Analysis and Critical Control Points (HACCP) are unmistakable. Any company that has a food safety management system in place understands the framework within which the food defense plan must be developed.
But it would be wrong to simply add food defense to your HACCP team’s list of duties. Food defense requires a different mindset and a different set of skills. And just as you train your workforce in food safety best practice, you must train them in food defense awareness and mitigation strategies.
Building Your Food Defense Training Plan
What to train and how much to train will depend on the specific responsibilities of your workers. The baseline is awareness training: What is intentional adulteration? How does it differ from food safety and food fraud? And what can each individual do to protect the company?
The FDA has developed resources to help you build awareness in your workforce, and I encourage you to take advantage of them.
A series of webinars on the Intentional Adulteration rule can be found on the Food Safety Preventive Controls Alliance (FSPCA) website.
In these webinars FDA presents expectations and methods for achieving compliance to the rule. Present them to your food defense team and employees, customize the message to your situation, and, above all, get the conversation started.
There’s also a tool for identifying appropriate mitigation strategies. This tool is built on a mitigation strategies database, which is broad reaching and practical.
The FDA also provides helpful posters, called Employees First. These can be printed off and used to educate frontline food employees as to what they can do to promote food defense.
Beyond awareness training, the topics and level of complexity in your education programs will be dictated by the responsibilities of the individual. The following table provides a breakdown of topic categories based on job role.
The Qualified Individual
The Intentional Adulteration rule clearly states that the food defense plan must be prepared by a qualified individual. The plan must also include a written explanation stating how each strategy significantly minimizes or prevents the significant vulnerability at the actionable process step.
One of the ways to gain this expertise is by taking the FSPCA intentional adulteration training that will be available in both a face-to-face version and an online option.
The qualified individual, with support from senior management, will be best positioned to determine a training plan that will address all individuals in the facility including seasonal and temporary employees.
The Food Defense Team
The food defense team is at the heart of your defense plan. Who is on that team and how they are trained is critical. Most will never have been involved in a food defense event, and this will be new territory for them.
Following best practices for risk assessment and building a multi-disciplinary team will be particularly helpful in this situation. In addition to a trained and knowledgeable team leader, consider other plant roles, such as human resources, health and safety, security, and IT, as team members. They can bring insight into potential vulnerabilities that need to be understood and addressed.
The risk assessment team must think outside the box and challenge themselves to consider vulnerabilities that are unique to the process and the particular facility. For example, have they considered the threat of a cyberattack? How easy would it be for the refrigeration systems to be hacked? Could hackers break into your PLC or refrigeration systems, bypass the alarm, and turn a cooler up for five hours and then back down on a weekend?
If some of your team members are new to risk assessment in general, they will require training on the topic. The same is true for procedure writing skills, conducting a gap analysis, understanding cybersecurity threats, and recognizing signs of employee dissatisfaction.
The type of vulnerability assessment training that you select will depend on the two methodologies outlined by the FDA: the three elements from Carver + Shock or the four key activity areas. It is up to you to select the one that you feel your team can best manage.
The results of the vulnerability assessment will highlight the food defense practices required to maintain the production processes and environment, and these may function much like food safety prerequisite programs. Once again, training will help focus efforts and prioritize implementation of prevention strategies. Most of us understand the need to keep doors closed and locked, but how significant is that threat when compared to protecting an isolated area of the facility where product is exposed and multiple ingredients are blended?
Here again, the FDA has provided a useful tool in its Food Defense Plan Builder. This user-friendly software program helps you tailor a food defense plan to your facility. It harnesses existing FDA tools, guidance, and resources into a single application. By asking you a series of questions about your production process, it calculates a vulnerability score for each step in the process that will help you prioritize your efforts.
Training to Support a Food Defense Culture
The ultimate goal of any training program is behavior change. You want people to do things differently. In this case, you want them to understand how intentional adulteration can occur, recognize threats to your food products, and take ownership of the part they play in preventing threats from becoming realities.
There are three key areas in training:
- Knowledge—how well your employees know the topic, both the fundamentals of food defense and the requirements of your plan;
- Skill—how well they can perform specific tasks as itemized in your food defense plan; and
- Attitude—how they approach their role in food defense.
Once you have classified these areas, you can customize your training program to address specific gaps. Assessing attitude is by far the most difficult task, as is training for attitude change. And yet, it is the most important. Just because someone has been trained on a topic, or has passed an exam, it’s no guarantee of success.
When people choose to do something because they believe it is the right thing to do—even though it might take longer and even though it might interfere with their other duties—then you know you are building a strong food defense culture.
Onett is the technical manager for training and education services at NSF International. Reach her at [email protected].
The FSMA Intentional Adulteration Rule
The purpose of the Intentional Adulteration rule is to prevent intentional acts of adulteration of the food supply that would cause wide-scale harm to the public. Since 2004, the FDA has been conducting vulnerability assessments on a wide range of products and processes as per the Homeland Security Presidential Directive #9.
Using the Carver + Shock prioritization tool, it identified three of the seven elements that contributed most consistently and significantly to the threat of intentional adulteration of food:
- Criticality—measure of public health and economic impact;
- Accessibility—degree of physical access to the facility and the product; and
- Vulnerability—ease of accomplishing the attack (including the possibility of an inside attacker).
These form the basis for the step-by-step vulnerability assessment of the process and contributed to the FDA’s identification of four key activity types: 1) bulk liquid receiving and loading; 2) liquid storage and handling; 3) secondary ingredient handling; and 4) mixing and similar activities.
A food defense vulnerability assessment must at a minimum assess the process against the key activity types. This assessment must also include the possibility of an inside attacker.
The guidance document released by FDA in August 2017 describes the rule in detail and includes the following training requirements.
- The vulnerability assessment and the resulting food defense plan must be conducted by a qualified individual, with the education, training, and experience to conduct the assessment and the reanalysis. This includes the written explanation of the chosen mitigation strategies.
- The individuals responsible for implementing the mitigation strategy at the actionable process steps must be trained in those activities and must receive food defense training.
- Supervisors of those responsible for implementing the mitigation strategy at actionable process steps must receive training to ensure they can carry out supervisory activities and receive food defense training. Records of training must include the type of training, date, and names of the persons trained and must be maintained for two years.—K.O.
ACCESS THE FULL VERSION OF THIS ARTICLE
To view this article and gain unlimited access to premium content on the FQ&S website, register for your FREE account. Build your profile and create a personalized experience today! Sign up is easy!
GET STARTED
Already have an account? LOGIN