The Food Safety Modernization Act (FSMA) “Mitigation Strategies to Protect Food Against Intentional Adulteration” or IA Rule, as it is commonly known, specifies that covered food facilities are required to perform a vulnerability assessment prior to developing a Food Defense Plan as part of the published regulation final rule.
There is a reason why the FSMA calls for an assessment rather than the more typically performed audit. Frankly, I have struggled with food industry approaches to audits used to best “measure” preparedness of food safety and food defense responsibilities, policies, and procedures, along with identification and assignment of risk/threat mitigations, as prescribed by FDA regulations.
Most importantly, how can the industry best determine if a food facility obtains an accurate picture of their real exposure to adverse internal and external risks and threats? How can a food business, religiously following its food protection plans and operational implementation of these plans, have full confidence they have accomplished, in operational practice, what they are supposed to do to best protect their valued assets? That is, how comprehensive and committed is management to understand their risk and insist upon hazard/risk/threat assessments performed on their own site that would more accurately determine the probability, severity, and criticality of hazards and risks and effectiveness of their mitigation strategies that expose people, product, or the food facility to situations that could cause injury or death in humans or animals?
In my 47 years of wrestling with the merits if various risk/threat management approaches, I find fault in our overreliance upon internal and external audits to measure our confidence level as the fundamentally accepted way to verify that our food protection risk and threat detection systems are “always on” and working effectively.
Food Audits and Food Assessments
We need to first understand the difference between an audit and an assessment from a proven historical event perspective. We now rely upon industry food safety and food defense (and economically motivated adulteration, or EMA) standards organization audit formats. Those used are based upon requirements found in the Global Food Safety Initiative (GFSI) or specified in specific supplier requirements. For the most part, they are not designed for nor do they deeply probe critical issues enough in determining potential gaps and system flaws that are deeply rooted, often unnoticeable but often critical, in the identification of risk and threats in any given operational environment. Generally, even well-performed audits are more likely to miss what a true assessment for system weaknesses can uncover.| | | Next → | Single Page