The interpretation of FSMA compliance for Dietary Supplement (DS) distributers and manufacturers has varied since the law was signed in 2011. As much of the food industry, including FDA, has sought to understand compliance requirements of the various FSMA rules, the DS industry has had even more to assess and determine due to its unique requirements relative to food. This is further complicated by the maturity of specific requirements for the supplement category of products being tested by industry and regulators.

Dual Level of Regulation

Early under FSMA, many DS companies struggled—and many continue to do so—with their compliance to FDA requirements due to their direct regulatory obligations as food and DS companies. Historically, the DS industry enforcement requirements fall under FDA Section 111 GMPs, which require more stringent control of the full production process than what is required for food only. This presents DS with a dual level of regulation, with the DS-specific regulation established years prior to FSMA. In fact, this regulation was well in-place at the signing of FSMA and the additional requirements, which include the 117 GMPs.

The more conservative approach to ensure compliance is to meet requirements under both the FSMA and FDA Food and Dietary statutes concurrently. Alternatively, companies may wait for more clarity on FSMA, as the final rules and compliance dates were pending due to the rulemaking time that was instituted during the rollout phase.

Challenges of Compliance

In meeting the Section 111 GMP requirements for the DS industry, there is significant complexity; however, if managed correctly, Section 111 does address many of the related FSMA requirements. Specific areas required by FSMA but not included in the DS requirements remain, including a complete Food Safety Plan, preventive controls, environmental monitoring, program management updates, and specific organizational roles of Preventive Controls Qualified Individual (PCQI), Qualified Auditor, and Qualified Sanitation Lead.

The challenge of compliance for the DS industry lies in these issues, but also in the variation of company types within the industry (i.e., distributers, manufacturers, suppliers, and the supply chain). For DS companies with many varying aspects, there can be significant variation in requirements due to the various supply chain components. This makes development more challenging based on the proper responsible party for the specifications and the final branded product for distribution. In addition, the situation of making dietary supplements and food in the same plant must be properly addressed. These all must comply with Section 111 requirements. If the Section 111 program ensures a well-qualified supplier program, this can be referenced as 117 compliance for FSMA. Unfortunately, many organizations have not formalized their written and documented programs, as required by Section 111, as well as under FSMA.

To complicate things more, the DS industry is still evolving with rapid expansion of companies, manufacturers, and distributers participating in broad and changing product types. Within the DS supply chain, the functions of product development, specification, manufacturing, operations, and the ultimate responsibility for the product and raw material stages is not easy to determine. This leaves the ultimate responsibility party to be identified—often with overlapped and shared levels of responsibility, from raw material sourcing to final manufacture. Correspondingly, it is vital for DS companies to maintain strict control of suppliers, customers, and product identification at each step of the manufacturing process.

Direct Compliance vs. Third-Party Certification

FSMA maintains its position of direct compliance to the regulations vs. the use of third-party certification for industry-legal interpretation. However, the decision to pursue third-party certification must be evaluated within this rapidly changing industry. Acceptance of these certifications is growing along with FSMA compliance. In fact, many major retail chains require global certification under the Global Food Safety Initiative (GFSI) standards. In line with this, programs must be further defined and developed to meet the GFSI requirements associated with the benchmarked standards (i.e., BRC, IFS, FSSC22000, SQF).

The need for DS companies to be certified to the GFSI through one of the standards will only continue as the distribution channels for DS products grow. These standards are necessary to provide structured requirements and to ultimately simplify the compliance process based on even more research and learning.

Keys to Success

With this rapid evolution of unique DS products, compliance and certification efforts must consider and meet the test of time. This may take several years to establish. DS companies operating under FSMA must make appropriate decisions in the development of their programs to provide evidence that programs and processes have been appropriately implemented.

Key to this is developing and maintaining a documented system with written programs and validation to Section 111 and Section 117 GMPs under FDA to meet all necessary requirements. Sufficient records must be maintained as evidence that programs have been implemented, verified, updated, and maintained as current at all times. Any exceptions addressed by Section 111 or Section 117 compliance must be confirmed and documented within this system. As just one example, in some cases Section 117 cites specific requirements, such as the protection of outside storage containers. If they do not exist, a company must identify this has been determined as an exception.

In addition, it is very important DS companies determine their compliance assessment process for FSMA. These determinations must be made relevant to the existing and verified Section 111 programs and requirements under Section 117. Decisions within any program for FSMA compliance must be clear, verified, and implemented so they can be inspected or audited with proper evidence.

Conducting an internal compliance audit can be a very helpful and important step in confirming all requirements are met and all documented programs and practices are verified and up to date. Any identified risks will lead to program non-conformity, which must be closed to meet the regulatory requirements of Section 111, Section 117, and GFSI, if appropriate. A failure in one compliance situation has the potential to create multiple non-conformances across three areas and, therefore, must be appropriately and quickly addressed.

Mapping Your Requirements

Ultimately, mapping the compliance process for both regulations—and possibly to GFSI certification requirements—must be made, along with a final register of documentation showing all requirements are being met. This requires not only time and resources of the identified qualified personnel, but this effort also must be supported by a well-founded Management Review process to ensure compliance in this rapidly evolving sector.

Biotechnology Focus

• Are you managing your waste correctly? 
• Are you disposing of your waste efficiently and cost-effectively? 
• Do you have a system to track your waste and sustain its management? 

Waste is one of those risks that is often overlooked at companies because it isn’t something core to operations. Unfortunately, if waste is incorrectly managed, there are regulatory compliance risks, exposure risks, and potential financial penalties that can impact your business.  

The following represent just some of the challenging waste situations facing biotech companies that must be addressed:  

• Chemical liquid waste going down the drain 
• Chemicals being evaporated up the hood 
• Biohazardous materials being thrown in the trash 
• Chemical spill cleanup materials that are being thrown in the trash 

Waste products such as these do not belong in standard trash and may hold either more value or more risk to the organization. For example, some wastes have continued value through recycling or repurposing. Conversely, other wastes may be regulated, requiring special disposal processes. Improperly disposing these regulated wastes (i.e., through standard trash) can create safety or environmental risks that may cost big dollars.  

How do you avoid making pricey mistakes?  

Methodical Approach

A methodical, analytical approach to characterizing and evaluating waste can substantially improve efficiencies when it comes to handling waste, and minimize the risks of improper waste management. Evaluation of waste streams (i.e., the type of waste generated and how/where it is generated) can help to identify:  

• Areas to improve efficiencies in waste management processes 
• Wastes that can be minimized and/or prevented to reduce disposal costs 
• Alternative strategies for disposal and waste management that may result in minimized inputs and lower cost of initial supplies  
• Regulatory requirements to avoid any potential penalties for non-compliance 

Let’s take the evaluation of waste solvent as one example. Companies frequently purchase large quantities of solvent and then end up paying for its disposal. Reviewing the type of solvent and how it is being used may reveal an alternative with the potential for significant savings, such as a bench–top distillation unit, which would provide for: 

• Lower upfront costs in the purchase of solvent 
• Lower costs in the disposal of hazardous waste solvent 
• Fewer risks and regulatory requirements associated with stocking less solvent   

Business Benefits

Strategic evaluation of one type of generated waste may also lead to significant business benefits beyond the waste itself. A thorough review of business and operational processes and the waste being generated creates the opportunity for a “bottom–to–top” evaluation of all regulatory compliance. And that can lead to potential savings that a business may not have previously identified. Review and understanding of wastes being generated within a lab or business often leads to the following program area discussions: 

• Review of EPA hazardous waste and opportunities to minimize or more cost-effectively manage this expensive waste stream. 
• Evaluation of compliance with EPA waste requirements to make sure waste is labeled, stored, disposed, and reported correctly. 
• Review of other waste streams, such as biohazardous, radiological, and universal waste streams, to assure they are being efficiently managed and in compliance with regulations. 
• Evaluation of how chemicals are being managed in accordance with regulatory requirements (e.g., EPA, OSHA, DOT). 
• Review of OSHA safety programs and discussions to ensure training, documentation, and procedures are in place to keep employees safe while meeting requirements for such programs as hazard communication, personal protective equipment (PPE), respiratory protection, safety showers, eye wash stations, fire extinguishers, confined space, energy control and emergency response planning. 
• Exploration of options for recycling and best practices that have the potential to significantly improve financial bottom line management and increase sustainability of lab operation. 

Strategy Going Forward

Effectively managing your waste really begins with a comprehensive review of operations. It is a process of understanding what you have, where it fits, and what you need to do with it to minimize risk, reduce costs, and ensure compliance. This process walks a company through the following basic questions:  

• What are my business processes? 
• What kind of waste does my company generate? 
• What waste regulations apply to my business? 
• How do I understand the potential impacts of my waste? 
• How do I come up with a strategy to effectively minimize waste and reduce cost while keeping employees safe? 
• How do I ensure that we efficiently and cost-effectively manage waste and compliance for the long run? 

Over the next several weeks, we will be answering each of these questions in a series of articles to help address some of the common—and often costly—mistakes related to waste management and to help ensure you are managing your wastes in the appropriate and most cost-effective ways possible. 

Kestrel is proud to provide our ongoing support for the manufacture, processing, and distribution of safe food. This fall, we look forward to joining our food industry friends and colleagues at a number of events to promote safe and quality food.

Food Safety Consortium

The Food Safety Consortium is a premiere event for food safety education and networking. The Consortium offers three days of informational sessions on topics including FSMA final rules, FDA inspections under FSMA, food defense, food recalls, new technology, hiring and retaining sanitation workers, building your food safety team, allergen management, proper use of sanitation chemicals, Prop 64, environmental monitoring, GFSI, and more.

• DATE: October 1-3, 2019
• LOCATION: Schaumburg, Illinois
• REGISTER NOW!

---

PROCESS EXPO with Special Food Safety Training

Kestrel will once again be joining FPSA at PROCESS EXPO, the nation’s largest trade show dedicated to bringing the latest technology and integrated solutions to all segments of the food and beverage processing and packaging industry.

• DATE: October 8-11, 2019
• LOCATION: Chicago, Illinois
• REGISTER NOW!

---

SupplySide West with Featured Panel Discussion

SupplySide West is all about the science and strategy around the development of finished products that drive the global business economy. Learn about new trends from over 1,300 exhibitors and 140 hours of educational and conference programming. Don’t miss Kestrel’s Workshop: FSMA & Import Requirements for Food & Supplement Brands.

• DATE: October 15-19, 2109
• WORKSHOP DATE: October 16, 9 am – 12 pm
• LOCATION: Las Vegas, Nevada
• REGISTER NOW!

---

We look forward to seeing you this fall. Contact us if you are interested in learning more about one of these events or setting up a time to meet!

On August 14, 2019, the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) released a proposed rule to make several miscellaneous amendments to the Hazardous Materials Regulations (HMR) to ensure the safe and secure movement of hazardous materials to industry and consumers by all modes of transportation. This proposed rule is in response to numerous petitions submitted requesting PHMSA address a variety of provisions, including some on packaging, hazardous communication, and incorporation by reference documents. According to PHMSA, the amendments are intended to update, clarify, improve the safety of, or provide relief from various regulatory requirements in the HMR. The proposed amendments include:

• Adopting a phase-out schedule for certain railroad tank cars used to transport poisonous-by-inhalation materials
• Clarifying the cleaning standard for metal drums, including removing residual adhesive from labels
• Allowing the continued use of certain portable and mobile refrigerator systems commonly used in the produce industry
• Allowing for all waste materials to be managed in accordance with the lab pack exception whether they meet the definition of a hazardous waste per the U.S. EPA
• Incorporating an industry standard that can help to enhance the production of oil and gas wells
• Several additional proposed amendments derived from PHMSA’s petition for rulemaking process

EPA’s Hazardous Waste Generator Improvements Rule became effective on May 30, 2017, federally and in those states and U.S. Territories not authorized for RCRA (i.e., Iowa, Alaska, tribal lands and most of the territories). In the remainder of the states, the rule becomes effective when the state adopts it and adds it to their regulations. States were required to adopt more stringent revisions by July 1, 2019, which means the impacts of this rule should start to be realized across the country. The states are in various stages of adopting the regulation; check the status for your state.

For all intents and purposes, this is a good thing, as the Improvements Rule is designed to:

• Make the RCRA hazardous waste generator regulations easier to understand;
• Provide greater flexibility in how hazardous waste is managed to better fit today’s business operations; and
• Improve environmental protection.

Substantial Regulatory Revisions

The final rule includes over 60 revisions and new provisions to the hazardous waste generator program to make requirements more “user-friendly” in the end. Many of the revisions are technical corrections that address inadvertent errors in the regulations, remove obsolete programs, and clarify unclear citations. Some of the more substantial changes in the final rule, which states are required to adopt unless their requirements are more stringent, are outlined below.

Very Small Quantity Generators (VSQGs)

Conditionally exempt small quantity generators are now called very small quantity generators (VSQGs), and VSQG regulations are moved from 40 CFR 261.5 to 40 CFR 262. A VSQG generates less than 100 kg of hazardous waste in a month and may not accumulate more than 1,000 kg of hazardous waste.

Renotification for Small Quantity Generators (SQG)

The new rule now requires periodic renotification for SQGs every four years; SQGs were previously only required to notify once.

Waste Determinations

Any facility that generates waste needs to determine whether that waste is hazardous. According to the Improvements Rule, his waste determination must be made at the point of generation of the waste, prior to any dilution, mixing, and/or alteration.

Waste Consolidation

VSQGs are allowed to send hazardous waste to a large quantity generator (LGQ) to consolidate it before sending it to a RCRA-designated facility for management, under the condition that the facilities are under the control of the same person. Waste containers must be appropriately labeled (i.e., VSQG Hazardous Waste), and the LQG must notify the state of their participation.

Episodic Generation

Episodic generation of hazardous waste occurs when a non-routine event (planned or unplanned) results in a smaller generator generating atypically larger amount of hazardous waste in a month, triggering more stringent regulations. Under the Improvements Rule, VSQGs and small quantity generators (SQGs) are allowed to maintain their existing generator category in the event they experience an episodic generation event. The Rule allows for one event per calendar year, with the potential to petition for a second. Generators must notify EPA/state agency 30 days prior to initiating a planned event or within 72 hours of an unplanned event. 

Enhanced Labeling

Previous RCRA program labeling regulations did not require waste generators to identify the hazards of wastes, which resulted in failure to communicate risks of wastes being transported, accumulated, or stored in different locations. Under the Improvements Rule, labeling and marking of containers and tanks must clearly indicate the hazards of the hazardous waste contained inside and include the words “Hazardous Waste” . 

Waste generators may use one of several established methods to indicate the waste hazards, including:

• DOT hazard communication consistent with 49 CFR part 172 subpart E (labeling) or subpart F (placarding)
• OSHA hazard statement or pictogram, as described in the OSHA Hazard Communication Standard in 29 CFR section 1910.1200
• NFPA code 704 chemical hazard label
• RCRA hazardous waste characteristic (i.e., ignitable, corrosive, reactive, toxic)

The labeling requirements for containers in the satellite accumulation areas and for containers in the central accumulation area are identical, with the additional requirement that containers in the generator’s central accumulation area are marked with the date that the satellite container was moved to the storage area or the date that waste was initially added to the container in the central accumulation area.

Note that marking containers with RCRA codes is required for SQGs and LQGs prior to sending hazardous waste off-site, per 40 CFR 262.32.

Emergency Response

Previous regulations required generators to make arrangements with Local Emergency Planning Commissions (LEPCs) for potential emergency situations. The Improvements Rule expands this to require documentation of these arrangements/efforts with the LEPCs. In addition, LQGs must prepare an executive summary of their contingency plans containing the information most critical for immediate response to an emergency situation. This Quick Reference Guide must contain the following eight elements:

• Types/names of hazardous waste and associated hazards
• Estimated maximum amounts of hazardous waste onsite
• Hazardous wastes requiring special treatment
• Map highlighting where hazardous wastes are generated, accumulated, and treated
• Map of facility and surroundings that identifies routes of access and evacuation
• Location of water supply
• Identification of onsite notification systems
• Name of emergency coordinator and contact information

Ensuring Compliance

Again, the final rule includes over 60 revisions and new provisions, and authorized states are required to adopt the more stringent portions of the rule and may choose to adopt the less stringent portions. It is important for facilities to:

1. Get a solid understanding of the rule for the states in which it operates. Regulations may vary from state to state.
2. Determine waste generator status to understand which requirements are applicable. VSQGs, SQGs, and LQGs have some different requirements due to their potential impacts on the environment.
3. Assess compliance with the new and revised provisions. Each facility should be assessed to compare existing efforts with updated regulatory requirements.
4. Create a plan to close any compliance gaps. In many cases, the rule offers flexibility to help facilities in their efforts to comply. There are alternatives facilities can and should explore to find solutions that offer the greatest economic and environmental benefits.

Note: EPA developed a workshop on the Hazardous Waste Generator Improvements Rule. The training is designed to explain the Rule’s provisions.

Compliance risk assessment helps to identify and assess risks related to applicable regulatory requirements. Internal and external events or conditions affecting the entity’s ability to achieve objectives must be identified, distinguishing between risks and opportunities. These risks are analyzed, considering the following:

• Size of the risk – where, how big, how often/many?
• Severity of the outcome – to what extent can it impact safety, environmental, operational, financial, customer relations, regulatory compliance?
• Likelihood/probability of each risk – how likely is the occurrence of a negative outcome, considering the maturity of existing controls?

Based on this assessment, management can prioritize risks, select appropriate risk responses (avoiding, accepting, reducing, sharing), and develop a set of actions to align with the entity’s risk tolerance/appetite. An acceptable level of residual risk is considered after selected improvements and controls are applied. From there, policies and procedures can be established and implemented to help ensure the risk responses are effectively communicated so operating managers and individuals can carry out their responsibilities.

A deeper dive compliance program assessment may be performed for those risks that are identified as the company’s most significant.

Compliance Program Assessment

A compliance program assessment looks beyond “point-in-time” compliance to critically evaluate how the company manages compliance programs, processes, and activities, with compliance assurance as the ultimate goal. Capability, capacity, programs, and processes to comply are examined as part of this review. Conducting routine process and compliance audits are also key components of a compliance assurance program.

Compliance program assessment should follow a disciplined and consistent process, resulting in an effective program that guides alignment of activities to an integrated management system for sustained compliance and continuous improvement. An essential part of the assessment, audits capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices.

Compliance program assessment enables a company to define and understand:

• Compliance requirements and where regulated activities occur throughout the organization
• Current company programs and processes used to manage those activities and the associated level of program/process maturity
• Deficiencies in compliance program management and opportunities for improvement
• How to feed review recommendations back into elements of the management system to create a roadmap for sustaining and continually improving compliance

There are six phases associated with a compliance program assessment:

Phase 1 – Regulations, Requirements, and Applicability Analysis: Phase 1 focuses on identifying, organizing, validating, and understanding all of the requirements (legal or other) with which the company must comply. It provides an applicability analysis of the requirements to company operations by functional area and evaluates the associated risks. This stage engages representatives across the company who are responsible for activities subject to the requirements.

Phase 2 – Activities Analysis: This phase involves developing an inventory/profile of all company activities that may trigger the requirements identified in Phase 1. It asks the question, “What activities does the company carry out that are covered by the requirements?”

Phase 3 – Desired Compliance Program Standard: Establishing the company’s expectations for compliance program processes and controls—the desired condition—is essential. This “to-be” standard integrates management system principles into compliance program management. Programs should examine relative risks and ensure that risk-based priorities are being set.

Phase 4 – Actual Compliance Program Condition: In contrast to the desired standard identified in Phase 3, Phase 4 is about describing the company’s current compliance program. It defines how the company performs the activities outlined in Phase 3 (along with who, when, and where)—the “as-is” condition. This is done in the same framework as the desired standard in order to compare them in the next phase.

Phase 5 – Gap Analysis: The gap analysis compares actual compliance program management against the desired standard. It evaluates compliance program management processes, controls, and maturity to determine if they are good as is, need improvement, or are missing. These gaps and opportunities provide the basis for the improvement actions developed in Phase 6.

Phase 6 – Improvement Actions: Phase 6 moves the process along to developing action plans and an approach for ongoing management review that will guide the compliance program development and improvement activities. Compliance program management review is established at the end of this last phase. If there is a management system in place, program review information and action plan tracking can be integrated into that management system.

Outcomes

As a whole, this process will help companies evaluate the degree to which:

• Compliance goals and objectives are set and communicated by management.
• Hazards and risks are identified, sized, and assessed, including an inventory of activities subject to the compliance requirements and the relative risks.
• Existing controls are adequate and effective, recognizing, and addressing changed conditions.
• Plans are in place to address risks not adequately covered by existing controls.
• Plans and controls are resourced and implemented.
• Controls are documented and operationalized across functions and work units.
• Personnel know and understand the controls and expectations, and are engaged in their design and improvement.
• Controls are being monitored with appropriate metrics and compliance auditing and assurance.
• Information system is sufficient to support management system-required functions (e.g., document management and control, action tracking, notifications, training tracking, task calendaring, metrics reporting). Information dashboards can be used for reports to management.
• Deficiencies are being addressed by corrective/preventive action and are being tracked to completion.
• Processes, controls, and performance are being reviewed by management for ongoing improvement, including the maintenance and continual improvement of the integrated management system.

The Occupational Safety and Health Administration (OSHA) is joining businesses and organizations nationwide to recognize the importance and successes of workplace safety and health programs during Safe + Sound Week: August 12-18, 2019.

The week-long event encourages employers to implement workplace safety initiatives, and highlight workers’ contributions to improving safety. Businesses that incorporate safety and health programs can help prevent injuries and illnesses, reduce workers’ compensation costs, and improve productivity.

Participating in Safe + Sound Week can help get your program started, energize an existing one, or provide a chance to recognize your safety successes. Learn more about how to help plan and promote safety and health plans.

A well-designed and well-executed compliance assurance program provides an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice on a daily basis.

The following can show evidence of a living, breathing program:

• Comprehensiveness of the program
• Dedicated staff and resources
• Employee knowledge and engagement
• Management commitment and employee perception
• Internal operational inspections, “walkabouts” by management
• Independent insider, plus third-party audits
• Program tailoring to greatest risks
• Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
• Tracking of timely and adequate corrective/preventive action completion
• Progress and performance monitoring

Best Practices

To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:

Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).

Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.

Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and the expectations set for operating managers to take responsibility for compliance.

Take action on issues and problems. Capture, log and categorize noncompliance issues, process nonconformances, and near misses. Implement a corrective/preventive action process based on the importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.

Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to the facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.

Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.

Maintaining Ongoing Compliance

The compliance assurance program must be a living, breathing program. As risks change, the program must be refreshed, refined, and redeployed. A management system framework can help ensure operational sustainability. A management system drives the auditing process and helps companies say what they will do, do what they say and, importantly, verify it.

Together, there is a real value at the intersection of a compliance assurance program and management systems. Management systems define the internal controls that are in place to reduce risks, prevent losses, and sustain and improve performance over time through the Plan-Do-Check-Act (PDCA) cycle of continual improvement.

Testing and Monitoring

Testing, monitoring, and measuring are crucial elements of this cycle. Without them, it is difficult to understand what is working and what needs improvement. Robust testing and monitoring programs can serve as early warning systems for identifying potential compliance risks before they become enforcement issues.

Compliance should be tested and monitored throughout each level of the organization. A strong testing program will evaluate the results of the compliance risk assessment and assign compliance risks to the business units and processes where they are most likely to occur, creating clear lines of responsibility and accountability. Key risks and the related controls should be tested periodically using statistically valid sampling methodologies, and monitoring activities should be performed on an ongoing basis. Doing so produces trend data that provides the rationale needed for making changes to underlying business processes, as well as emerging risks.

Ongoing compliance excellence relies on top management, operations managers, EHS personnel, and individual employees throughout the organization working together to build and sustain an organizational culture that places compliance on par with business performance. Senior management must focus on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. While it may be impossible to eliminate all risk exposure, a solid risk framework, assessment methodology, and compliance assurance program can help to prioritize risks for active management, sustained compliance, and positive business impacts.

Designing and implementing a new compliance Information Management System (IMS)—or improving an existing one—is not a task to be taken lightly. Change when it comes to any IT system is significant because of the investments of time, money, and resources required, not to mention the disruption to the current way of doing things. That is why it is important to do your homework before jumping in with a system that, if not properly designed, may not meet your needs in the long run. The following eight tips can help ensure you end up with the right compliance IMS and efficiency tools for your organization:

1. Inventory your existing systems – Identify how you are currently managing your compliance needs/requirements. What’s working well? What isn’t working? Do the systems work together? Do they all operate independently? This inventory should evaluate the following:
   • Current systems and tools
   • Status and functionality of existing processes
   • Data sources and ability to pull information from various sources
   • Organizational complexity
   • Compliance status
   • Existing management systems
2. Determine your business drivers – Are you looking to save time? Create efficiencies? Reduce the number of resources required? Have better access to real-time information? Answer to senior management? Respond to regulatory requirements? These drivers will also drive the decisions you make when it comes to module development, dashboard design, reporting, and more.
3. Understand the daily routine of the individuals using the system – Systems and modules should be built according to existing daily routines, when possible, and then implemented and rolled out in a way that encourages adoption. Having a solid understanding of routine tasks and activities will ensure that the system is built in a way that works for the individuals using it.
4. Understand your compliance requirements – Do you have permitting requirements? Does your staff need training? How do you maintain your records? Are there regular (e.g., annual, semi-annual) plans and/or reports you need to submit? Do you have routine inspections and monitoring? All of these things can and should be built into a compliance IMS so they can be managed more efficiently.
5. Get the right parties involved – There are many people that touch a compliance IMS at various points in the process. The system must be designed with all of these users in mind: the end user entering data in the field, management who is reading reports and metrics, system administrator, etc. A truly user-friendly system will be something that meets the needs of all parties. If employees are frustrated by lack of understanding, if the system isn’t intuitive enough, if it is hard to put data in or get metrics out, the system will hold little value.
6. Make your wish list – While you may start your project one module at a time, it is important to define your ultimate desired end state. In a perfect world, how would the system operate? What parts and components would it have? How would things work together? What type of interfaces would users have?
7. Set your priorities, budget, and pace – What is the most important item on your list? Do you want to develop modules one at a time or as a fully functional system? It often makes sense to start where you already have processes in place that can be more easily transitioned into a new system to encourage user buy-in. Priorities should be set based on ease of implementation, compliance risk, business improvement, and value to your company.
8. Select the right consultant – For a compliance IMS, it is valuable to have a consultant who doesn’t just understand technology but also understands your operational needs, regulatory obligations, and compliance issues. An off-the-shelf software solution isn’t a silver bullet. A consultant who can understand the bigger picture of where you want to go and will collaborate to design the right compliance IMS and efficiency tools will bring the most value to your organization.

That is exactly the forward-thinking perspective Kestrel takes on all projects—thinking beyond individual efficiency tools, considering the desired state, and determining how technology can make that happen. By coordinating technology and compliance expertise, Kestrel offers unique capabilities and perspective. Our EHS and food safety professionals understand the regulatory obligations, business needs, and needs of the users. This drives design and development of the right compliance IMS and efficiency tools. That includes the time it takes to develop, adapt, and populate your compliance IMS, including:

• Understanding the bigger picture of where you want to go. We ensure your system is scalable and flexible; upfront planning enhances the outcome more efficiently.
• Collecting and organizing the information in a way that reflects how you conduct business and that aligns with other systems/processes.
• Offering guidance on compliance best practice and what modules and level of customization will bring you the most value.
• Providing as needed compliance support (e.g., review of existing forms and checklists, program improvement, development of training content, compliance audits, audit protocol).

About 100 years ago, when nutrition labeling first began in a modest form, the purpose was to provide basic ingredient information about the product to protect the consumer. Fast forward to today and the goal of nutrition labels has grown beyond just protection. Now, those labels are intended to protect and to help guide consumers in their food choices. Labels are designed to provide facts for nutrients that impact common health concerns, such as weight control, diabetes and high blood pressure.

The Regulations

Nutrition Labeling and Education Act (NLEA) The Nutrition Labeling and Education Act (NLEA) was signed into law in 1990. The Act requires most foods to contain nutrition labeling. In addition, it requires all nutrient content claims (i.e., high fiber, low fat, etc.) and health claims be consistent with Food and Drug Administration (FDA) regulations. Compliance with the nutrition labeling regulations is based on the date the product was labeled, as opposed to the date the product is offered for entry into interstate commerce. NLEA requires information in the following four areas:

• Nutrition Facts Panel
• Ingredient List
• Allergen Statements
• Nutrition Content Claims

Uniform Compliance Dates It is not uncommon for FDA to issue regulations that sometimes require changes in food labeling. To minimize the economic impacts of responding separately to each change, in 1996 the FDA introduced the concept of uniform compliance dates. The uniform compliance date establishes a final compliance deadline for all new food labeling requirements that are established within a specific time period. Most recently, the FDA established January 1, 2022, as the uniform compliance date for food labeling regulations that are published on or after January 1, 2019, and on or before December 31, 2020. Note that the FDA sets compliance dates other than the uniform compliance date, when necessary, such as the final rules for Nutrition Facts labels for packaged foods, as described below. Nutrition Facts Labels All foods sold in packages are required to have a food label. On May 27, 2016, the FDA published final rules on the new Nutrition Facts panel for packaged foods to reflect updated scientific information, including the link between diet and chronic diseases (e.g., obesity and heart disease). As mentioned above, this label is intended to help guide consumers in making more informed food choices. These labels come with their own deadlines that are separate from the uniform compliance dates that FDA has established:

• January 1, 2020 for manufacturers with > $10 million in annual sales
• January 1, 2021 for manufacturers with < $10 million in annual food sales
• July 1, 2021 for manufacturers of single-ingredient sugars, such as honey, maple syrup and certain cranberry products

Compliant Labels

Nutrition labeling can be complex and confusing, particularly for first-time food manufacturers. There are very specific requirements that must be addressed to remain compliant not only with FDA requirements, but also with many vendors who require verification of labeling compliance as a condition of doing business (e.g., Amazon, Walmart, Costco). The following label components must be developed and then continually reviewed to identify which labels need further modification and to ensure ongoing compliance:

• Nutrition Facts Panel is included on all packaging in a place where it can easily be seen by consumers. The panel includes the following:
  • Serving size and servings per container, per FDA guidelines
  • Calories per serving
  • Nutrient values of the following:
    • Total fat (saturated and trans fats)
    • Cholesterol
    • Sodium
    • Total carbohydrates (dietary fibers and sugars)
    • Protein
    • Vitamin A
    • Vitamin C
    • Calcium
    • Iron
• Ingredient List must include all ingredients and sub-ingredients present in the product in the order of predominance by weight in the product.
• Allergen Statements present a high-risk area, as they alert the consumer to the presence of one of more of the top eight allergens:
  • Milk
  • Eggs
  • Fish
  • Crustacean shellfish
  • Tree nuts
  • Wheat
  • Soybeans
  • Peanuts
• Nutrition Content Claims include statements such as low fat, high fiber, low sodium, and can help a company positively market food products. However, these claims must be checked, as each has specific requirements established by the FDA.

In addition, any required instructions for making/preparing the product should be reviewed to ensure they are accurate and properly convey key steps in the process.

Why Comply?

At the most basic level, non-compliance can result in products being pulled from store shelves. However, there are other implications to also consider:

• Improper labeling may impact a company’s ability to supply product to larger retailers with specific requirements.
• It can destroy the integrity of a company who makes false product claims or provides inaccurate nutritional information.
• It can result in legal action if inaccuracies present high risks (e.g., allergen statements, nutritional claims).

To ensure compliance, the food manufacturer must assume responsibility for the following—or work with an experienced food labeling consultant who can:

• Keep track of the most current regulatory requirements, as well as uniform compliance dates (and any other established compliance dates).
• Develop product labeling to ensure labels include the required information.
• Regularly review product labeling to identify any modifications to maintain compliance, particularly due to regulatory changes.
• Preserve the integrity of the company by ensuring consumers are provided with accurate information regarding all products.

Kestrel has worked with food manufacturers/producers in most food categories including baking, candy/confection, meats/proteins, specialty foods, grains flavors, and many others to help meet FDA and large product retailer food labeling requirements. Join Kestrel at the PROCESS EXPO, as we discuss this topic and others during our special food safety training courses this October in Chicago.