Protecting Food Against Intentional Adulteration

A NATIONAL FOOD SAFETY MONTH – SPECIAL POST

INTRODUCTION

The Food Safety Modernization Act (FSMA) Final Rule provides us with guidance and law related to protecting food from intentional acts of contamination. To prevent an act of intentional adulteration (IA) that could cause harm to the public on a large scale, the FDA is implementing risk-reducing strategies to combat IA, as detailed in a recently required Food Defense Plan.

Strategies to build this plan include:

  • Vulnerability Assessment
  • Mitigation Strategies
    • Monitoring
    • Corrective Actions
    • Verification
  • Training and Record keeping

THE VULNERABILITY ASSESSMENT

The Vulnerability Assessment is the major starting step in the process. As Peter Drucker once said, “You can’t manage what you don’t measure”. While the FDA is not prescriptive in the methodology, they have discussed CARVER + Shock and the guidance from their Food Defense Plan Builder.

Some personal commentary on vulnerability assessment…

  • CARVER + Shock is great process and tool. However, as it was originally designed by the US military and used extensively in US government entities, few commercial clients can afford to do it.
  • Government operations with lots of resources and time to pull together large teams of subject matter experts to work through a very extensive methodology will produce tremendous results using CARVER + Shock.
  • The private sector is hard-pressed with regards to resources, time, and money to use CARVER + Shock or similar processes, and at the same time, keep this data current.
  • On an August 22, 2017 call, the FDA representatives acknowledged this challenge for private industry. On this same call, the FDA mentioned that their Food Defense Plan Builder tool is a bit dated, and is currently being refreshed. There is no firm date for the availability of the new plan builder. Some time ago, the FDA removed their CARVER + Shock software tool from public circulation.
  • No methodology is ever perfect, but one does need to start somewhere. Refining the assessment instrument over time, while refreshing the data to avoid unpleasant surprises from emerging threats.

The encouraging news from the recent FDA call with industry is that they are socializing Key Activity Types (KATs) as a legitimate vulnerability assessment method for the private sector. I believe this is great news for food producers and with some modifications, will provide an excellent vulnerability assessment model.

US GOVERNMENT VULNERABILITY ASSESSMENT PROJECT

From 2005 – 2008, the FDA, USDA, FBI, and DHS conducted CARVER + Shock threat assessments on 36 products, processes, or commodities in the food and agriculture sector. Afterwards, the FDA conducted another 18 assessments on products not previously assessed and updated another 16 that were previously examined.

 

Unfortunately, much of the data that resulted from these product, process, and commodity assessments are classified and cannot be shared with the industry!

What can be publicly shared is found here: https://www.fda.gov/Food/GuidanceRegulation/FSMA/ucm347023.htm

SOUND DOCUMENTATION IS IMPERATIVE

Examining the IA Rule, we want to ensure a complete food defense process, along with good documentation of our process, and why we made the recommendations and decisions we determined reasonable and appropriate. We would also want to document our reasoning for discounting certain traditionally vulnerable processes or areas.

Our process should look like this:

The Food Defense Plan

  1. Vulnerability Assessment
  2. Mitigation Strategies
  3. Procedures for food defense monitoring
  4. Food defense corrective actions procedures
  5. Food defense verification procedures
  6. Training
  7. Reanalysis
  8. Records

KEY ACTIVITY TYPES (KATs)

Examining the Key Activity Types (KATs) model, we see that the FDA determined that processing steps can be grouped, based on the types of activities are being carried out during the food production process.

FDA IDENTIFIED KATs

              I. Coating/Mixing/Grinding/Rework

            II. Ingredient Staging/Prep/Addition

          III. Liquid Receiving/Loading

          IV. Liquid Storage/Hold/Surge Tanks

We can examine the processing on our site and identify those points that present us with the most risk. We can apply the term Actionable Process Steps to these items.

For each point, step, or procedure we must consider at a minimum the following:

  1. The potential impact on public health
  2. To what degree there is physical access to product
  3. The ability of an attacker to successfully contaminate product

SPECIAL NOTES OF CAUTION:

  1. While other considerations may be prudent based on many factors, these three elements are fundamental and required for a Food Defense Vulnerability Assessment by the FDA.
  2. It is VERY important to note that you MUST consider the possibility of an inside attack in your vulnerability assessment. Also, the results of your assessment must be documented in writing.

KATs AND THE THREE FUNDAMENTAL ELEMENTS

In this chart, we see that the FDA has organized common vulnerabilities into generalized activity groups – Key Activity Types. They are linked to the three fundamental elements, as required.

THE FDA’S VIEW OF KATs

  1. Efficient
  2. Science-based
  3. An approach companies MAY use to ID actionable process steps

CONCLUSIONS

Key Activity Types, when combined with other physical security methodologies and body of knowledge can bring a Corporate Security Department to the leadership pinnacle. In my opinion, Key Activity Types presents us with a workable model to build on any existing food defense and food safety strategies. KATs helps us create a science-based Food Defense Vulnerability Assessment program that will:

  • Gather internal stakeholders that may not have previously been at the table
  • Help Corporate Security socialize a significant new approach to Food Defense
  • Ultimately if done right, build tremendous internal good will, buy-in and mitigation budgets

I would very much enjoy continuing this Food Defense discussion with you, the corporate security or food defense professional. As a Certified Food Defense Coordinator with many successful, hands-on vulnerability assessment projects during my career, I look forward to exploring with you new ways of thinking about old problems. PRS believes in charting new courses and approaching each project with a tailored approach. If KATs and some related tools are of interest to you, reach out and let’s have a chat. You can book a call with me through my calendar link:  calendly.com/joez

Please forgive the FDA slide quality. They were the only slides available to us from the source at time of writing.

Joe Zaccaria
Joe Zaccaria

Joe Zaccaria, CFDC serves as Managing Director | Consulting for Premier Risk Solutions. Joe lived and worked in Asia for many years, serving in a similar role for a global security organization. He then lived and worked in Canada for 15 years. Joe began his career in law enforcement and has engaged in global crisis security response for over 25 years. He is a Certified Food Defense Coordinator and has performed many food defense vulnerability assessments for large food production operations. He has performed over 600 risk assessments and 500 CPTED reviews for clients in banking, stock exchanges, high-tech, healthcare, manufacturing and many more. Joe is passionate about listening to client needs and providing kick-ass consulting solutions. He lives in and volunteers in emergency management in Blaine, WA. Joe holds several radio licenses and is a licensed Amateur Radio Operator – W7BWA.

You can reach him via:

Email: Joe@PremierRiskSolutions.com
You can book a call with Joe through this calendar link: calendly.com/joez