If your business intention is to meet best-practice food defense and food fraud business protection for you, your customers, and consumers, focus on a deeper-dive effort and commitment to performing a comprehensive vulnerability assessment. Don’t be tempted to default to a traditional short-version food defense audit format to merely comply with the IA Rule vulnerability assessment requirement. In doing so, in my opinion, it doesn’t comply with the intent of the rule.
Conducting an Assessment
There is no more important component to a Food Defense Plan than conducting a credible and comprehensive vulnerability assessment. There are several FDA-approved training courses offered for anyone, including facility food defense-qualified individuals, to improve upon their vulnerability assessment skills and applied methodologies. The courses also showcase available tools that can be used in this type of critical intentional adulteration activity, including the following.
FDA’s Food Defense Plan Builder has a built-in vulnerability assessment tool and helps the user to numerically rank a given vulnerability and perpetrator accessibility. It can accommodate unique vulnerability and accessibility concerns at an individual site. In fact, this food-based risk assessment tool has been used with other non-food industry applications to help identify and mitigate product security gaps.
The Food Safety and Preventive Controls Alliance (FSPCA) at the Institute of Food Safety and Health offers online, self-paced courses including “Food Defense Awareness for the IA Rule,” “FSPCA Overview of the IA,” “FSPCA IA Conducting Vulnerability Assessments using Key Activity Types,” and “FSPCA IA Identification and Explanation of Mitigation Strategies.” In addition, an onsite “FSPCA IA Conducting Vulnerability Assessments” certificate course is offered using vulnerability assessment lead instructors. These lead instructor candidates successfully completed FSPCA-required prerequisite certificate courses. There are new plans for extended training requirements to a food defense-qualified individual who meets strict criteria based upon education, experience, and training. Their lead instructor certification comes after successful completion of a three-day “Vulnerability Assessment Lead Instructor Training” at various domestic locations starting May 2019.
The Food Defense and Protection Institute (FPDI) recently introduced a one-day FDA-standardized FSPCA course on “IA Conducting Vulnerability Assessments” as included as day one of a two-day “FDPI Food Defense Industry Training” course. The first such course was held May 1-2, 2019.
IA Rule Compliance
With the first FSMA IA Rule compliance date of May 27, 2019, for large food facilities that manufacture, process, pack, or hold (store) food, it is imperative to conduct a comprehensive vulnerability assessment for your facility. Ideally, this effort should be supported by outside food defense experts, identify vulnerabilities and actionable process steps, and determine optional mitigation strategies and priorities proposed by those experts and Food Defense Team. Also, facility financials will no doubt be affected by a number of these vulnerability mitigation decisions, particularly those requiring more significant capital budget approvals prior to implementation. After a food defense vulnerability assessment has been performed and mitigation strategies are in place according to your established Food Defense Plan, don’t be satisfied with this outcome. More can be done in challenging your plan. Consider the use of food defense experts in conducting a red team exercise with the intention of identifying any remaining significant vulnerabilities, viewing alternate methods for attack and revealing other outstanding product security risks for your specific facility.