What is ISO 45001?

ISO 45001 is a new international standard created by the International Organization for Standardization (ISO) that specifies requirements for an occupational, health & safety management system (OHSMS). It provides a framework for managing the prevention of death, work-related injury, and work illnesses. The ultimate goal of the standard is to help organizations proactively improve OHS performance and create a safe and healthy workplace.

Note that ISO 45001 provides guidance. It does not state specific criteria for OHS performance, nor is it prescriptive about the OHSMS design. It is a management tool for voluntary use by organizations to minimize OHS risks.

Why is ISO 45001 necessary?

There are several reasons why the creation of an international standard to manage OHS performance is necessary:

• First and foremost, organizations are responsible for minimizing the risk of harm to all individuals that may be impacted by their activities. The standard aims to protect human lives by encouraging organizations to create a safer, healthier workplace.
• According to the International Labour Organization (ILO), there were 2.34 million deaths worldwide in 2013 as a result of worker activities. The greatest majority (2 million) are associated with health issues, as opposed to injuries. The economic burden associated with this number of occupational injuries and illnesses is significant. Organizations must manage all their risks—including OHS—to survive. Poor OHS management can result in loss of key employees, business interruption, claims, higher insurance premiums, regulatory action, reputational damage, loss of investors, and loss of business.
• Finally, increased globalization creates new OHS challenges. ISO 45001 is an international standard that promotes global conformity.

What are the key aspects of ISO 45001?

Many of the elements of ISO 45001 are the same or similar to those found in OSHAS 18001. However, there are additions and changes in ISO 45001 that differentiate the new standard.

ISO 45001 establishes new roles for the organization’s people. First, it emphasizes worker participation in the OHSMS. This includes ensuring that workers are competent and have the appropriate skills to safely perform their tasks. Second, the role of top management is different than in OHSAS 18001. Of note, a designated Management Representative is no longer required; however, those individuals in management roles are expected to take ownership and demonstrate a commitment to OHS through leadership. Top management must demonstrate direct involvement and engagement with the OHSMS by:

• Ensuring the organization’s OHS policy and objectives are compatible with the overall strategic direction of the organization
• Integrating OHSMS processes and requirements into business processes
• Developing and promoting an OHS culture that supports the OHSMS
• Being accountable for the OHSMS’s effectiveness

In addition to people, ISO 45001 follows a risk-based approach that advocates prevention. This requires identifying activities that could harm those working on behalf of the organization. A large part of this involves understanding the “context” of the organization, another new element of ISO 45001. Organizations must be able to identify all external and internal factors that have the potential to impact OHS management objectives and results.

To address risks and opportunities, there are new clauses related to hazard identification, as well. As with other sections of the standard, hazard identification becomes a process rather than a procedure and, importantly, considers all individuals near the workplace who may be impacted by the organization’s activities. ISO 45001 further outlines a more defined hierarchy for organizations to determine appropriate controls.

How does ISO 45001 fit in with other ISO standards and management system approaches?

ISO 45001 follows the same high-level management system approach being applied to other ISO management system standards (e.g., ISO 14001 and ISO 9001)—Annex SL. Because of this, the ISO 45001 requirements should be consistent with the other standards to allow for relatively easy alignment and integration into the organization’s overall management processes.

In addition, ISO 45001 takes into account other OHS standards, including OHSAS 18001, ILO-OSH Guidelines, various national standards, and the ILO’s international labor standards and conventions.

What is Annex SL?

As mentioned above, Annex SL is the structure for all new and revised ISO standards. It defines the framework for a generic management system—and is then customized for each discipline. This standard structure allows for easier integration between management systems and improved efficiencies. The major clauses for all ISO management system standards are identical under Annex SL and fall into the Play-Do-Check-Act (PDCA) cycle. Organizations who have already implemented ISO 9001:2015 or ISO 14001:2015 will be familiar with the Annex SL structure.

The table below outlines the main clauses in Annex SL, as well as the OHSMS-specific clauses. Highlighted areas indicate those sections that are significant changes/additions to the existing OHSAS 18001 standard.

What does this mean for OHSAS 18001?

As outlined in the table above, ISO 45001 does not conflict with OHSAS 18001. In fact, it expands and enhances the existing standard to improve integration of the OHSMS into the overall business. ISO 45001 is intended to replace OHSAS 18001. Much like other management system standards, current users of OHSAS 18001 will need to update their systems according to the requirements of the new standard within a three-year transition period.

Who should use ISO 45001?

The short answer is everyone. ISO 45001 is designed to be a flexible management system that can be implemented by any organization, no matter the size, type, or industry. As long as the organization has people who may be affected by its activities, an OHSMS has value in ensuring worker health and safety and fulfilling legal requirements.

Why should I do this? Why are management systems like ISO 45001 beneficial?

A management system is an organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value.

What do I do next?

• Get informed! Start reading up on ISO 45001 to get familiar with how the new standard is structured.
• Identify gaps in your existing OHSMS that will need to be addressed to meet any new requirements. If you don’t have an existing OHSMS, review the requirements and determine what pieces you may already have in place.
• Develop an implementation plan. There is a three-year transition period. Plan according to this timeline.
• Provide training. It is vital to ensure that workers and management are engaged in the OHSMS and that they are competent in any new skills/responsibilities that may be required.
• Put your plan into action. Update/develop your OHSMS to meet the ISO 45001 requirements and provide verification of its effectiveness to ensure certification.

Each year, Kestrel looks forward to the Food Safety Summit as one of the premier events in the food industry for networking with other food professionals, hearing about industry trends, and learning practical information to bring back to our food industry clients.

Kestrel is proud to provide our ongoing support for the manufacture, processing, and distribution of safe food, and to be taking an active role in the Summit again this year!

Food Safety Summit Expo & Conference
May 8-11, 2017
Donald Stephens Convention Center
Rosemont, Illinois
BOOTH #708

Connect with Kestrel

Stop by to visit with Kestrel representatives at our booth (#708). We are happy to also welcome special guests from Grainger to our booth, who will be on-hand to discuss their solutions. We look forward to talking further about your food safety needs and how Kestrel might be of assistance.

The Food Safety Modernization Act (FSMA) includes new requirements for food site inspections. Beyond that, the Act increases the frequency of established inspections. For example, FSMA mandates that high-risk facilities must be inspected within five years of enactment and no less than every three years following the initial inspection. The Act also requires inspection of at least 600 foreign facilities initially and double that number every year for the next five years. Routine inspections from FDA and other enforcement agencies will continue based on schedules to be communicated.

With FSMA rules moving to the compliance stage, food companies must prepare to best respond to the requirements and, correspondingly, to additional inspections beyond GFSI or as part of customer requirements.

Be Prepared

Inspectors will focus heavily on new requirements and the “letter of the law”. Therefore, a well-established inspection program and response that is implemented and tested will help to achieve the most favorable outcome. This is an important area to address, especially given the many changes in compliance under FSMA, greater scrutiny under GFSI, and a rapidly changing responsibility for food safety management resources. It is critical to have established roles, planning, and testing as part of any inspection readiness program.

Inspection Agencies

As reported, the FDA is underfunded to conduct the scheduled inspection of food operations under FSMA. While many inspections will be administered by the FDA, which will continue to expand internal resources, some local agencies are already under contract for conducting inspections that will be much more detailed than visits from them in the past.

These local regulatory agencies, including state health departments, are providing the “boots on the ground” to conduct inspections for direct compliance under FSMA or as a means of communicating more serious issues to the FDA. Based on recent experience, more critical issues are being raised to the FDA level for final action.

Roles and Responsibilities

Regardless of a company’s experience with FDA compliance audits, the new rules and Section 117 cGMPs will require more formalized programs and strong evidence of compliance through internal audits and oversight by Qualified Individuals. Additionally, organizations under the FSMA Preventive Control Rule must have multiple Food Safety Plan Qualified Individuals, Qualified Auditors, competent sanitation management, and competent plant operators. Ultimately, all food company employees must be prepared for their roles in an FDA compliance inspection.

Planning

As preparation for FDA inspections, companies must establish a program to best address an inspection.  The focus must be on compliance to FDA, FSMA, and internal requirements—with the inspection providing this for the company in question. The biggest concern is gaps in compliance or known non-compliances; however, with FSMA there is no tolerance or excuse for ignorance.

A response procedure should be well-orchestrated to meet and respond to the representative of the FDA or the agency visiting the site for an FDA inspection. Along with the immediate response to any inspection (including those planned and those unplanned), food companies should consider the following:

1. Completely develop an FSMA Food Safety Plan to ensure that it is aligned with a possible audit and includes reference to all supporting programs, cCMPs, resource qualifications, and records. The plan must be developed under the oversight, validation, and verification of preventive controls Qualified Individual, as trained, qualified and designated.

2. Have the most appropriate organizational structure (i.e., with Qualified Individuals, Qualified Auditor, sanitation leads and food plant operators) to meet FSMA resources and minimize the organizational impacts.

3. Regularly review the FSMA Food Safety Plan as part of a general and management review process, including the internal audit by the Qualified Auditor, to ensure the up-to-date compliance of the Plan.

4. Review all records to maintain verification requirements for FSMA, as required by Section 117. Ensure that all records are complete, validated, and verified.

5. Conduct mock regulatory inspections to ensure readiness and understanding of the responsibilities of each employee based on their roles in the process. This should include following the program and confirming all actions, roles, and responsibilities. All improvements from this process should be updated into programs and implemented for possible inspection purposes.

6. Ensure compliance with all other regulatory requirements, including FSMA Sanitary Transportation, Foreign Supplier Verification, site registration, and any other related regulatory requirements.

7. Confirm compliance with Management of Change (MOC) to ensure that all building, equipment, and process changes are reflected in current Food Safety Plans and Section 117 cGMPs. This must include product-level specifications, including packaging, ingredients, and processing.

8. Document and update review and mock drills of regulatory inspection programs with any non-conformances addressed as quickly as possible. Consider the process for verifying the inspector’s credentials, opening the session, and ensuring that all required personnel or backups are onsite in the case of an inspection. In cases where all cannot be present or for outside contacts, ensure availability of ownership, corporate compliance management, and designated legal counsel.

Compliance with both FSMA and GFSI requirements means fully conforming with the other. A non-conformance to the GFSI food safety system represents a potential FSMA violation; correspondingly, lack of conformance to FSMA can be a non-conformance to GFSI certification. Criminal violations for non-compliance to FSMA begin with misdemeanor charges starting at $250,000 and up to one year in jail. With these consequences on the line, the importance of FDA inspections must be taken very seriously.

All types of business and operational processes demand a variety of audits and inspections to evaluate compliance with standards—ranging from government regulations to industry codes, to system standards (i.e., ISO), to internal corporate requirements.

Audits provide an essential tool for improving and verifying compliance performance. Audits may be used to capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices.

By combining effective auditing program design, standardized procedures, trained/knowledgeable auditors, and computerized systems and tools, companies are better able to capture and analyze audit data, and then use that information to improve business performance. Having auditing software of some sort can greatly streamline productivity and enhance quality, especially in industries with many compliance obligations.

The following tips can help ensure that companies are getting the most out of their auditing process:

1. Have a computerized system. Any system is better than nothing; functional is more important than perfect. The key is to commit to a choice and move forward with it. Companies are beginning to recognize the pitfalls of “smart people” audits (i.e., an audit conducted by an expert + notebook with no protocols or systems). While expertise is valuable, this approach makes it difficult to compare facilities and results, is not replicable, and provides no assurance that everything has been reviewed. A defined system and protocol helps to avoid these pitfalls.

2. Invest time before the audit. The most important time in the audit process is before the audit begins. Do not wait until the day before to prepare. There is value in knowing the scope of the audit, understanding expectations, and developing question sets/protocol. This is also the time to ensure that the system collects the data desired to produce the final report.
   

3. Capture data. Data is tangible. You can count, sort, compare and organize data so it can be used on the back end. Data allows the company to produce reports, analytics, and standard metrics/key performance indicators.
   

4. Don’t forget about information. Information is important, too. The information provides descriptions, directions, photos, etc. to support the data and paint a complete picture.
   

5. Be timely. Reports must be timely to correct findings and demonstrate a sense of urgency. Reports serve as a permanent record and begin the process of remediation. The sooner they are produced, the sooner corrective actions begin.
   

6. Note immediate fixes. During the audit, there may be small things uncovered that can be fixed immediately. These items need to be recorded even if they are fixed during the audit. Unrecorded items “never happened”. Correspondingly, it is important to build a culture where individuals are not punished for findings, as this can result in underreporting.
   

7. Understand the audience. Who will be reading the final report? What do they need to know? What is their level of understanding? Not all data presentation is useful. In fact, poorly presented data can be confusing and cause inaction. It is important to identify key data, reports desired, and the ways in which outputs can be automated to generate meaningful information.
   

8. Compare to previous audits. The only way to get an accurate comparison is if audits have a common scope and a common checklist/protocol. Using a computerized system can ensure that these factors remain consistent. Comparisons reinforce and support a company’s efforts to maintain and improve compliance over time.
   

9. Manage regulatory updates. It is important to maintain a connection to past audits and the associated compliance requirements at the time of the audit. Regulations might change and that needs to be tracked. Checklists, however, may remain the same. Companies should have a process for tracking regulatory updates and making sure that the system is updated appropriately.
   

10. Maintain data frequency. For data, the frequency is key. Consider what smaller scope, higher frequency audits look like. These can allow the company to gather more data, involve more people, and improve the overall quality and reliability of reports.

A well-designed and well-executed auditing program—with analysis of audit data—provides an essential tool for improving and verifying business performance. Audits capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices. And using a technology tool or system to manage the audit makes that information even more useful.

Organizations in the chemical manufacturing and energy industry face the daily challenge to safely manage the processing, storage, and transportation of hazardous materials. To enable this, a great deal of focus and effort is put into compliance, strong management systems, well-maintained equipment, and organizational capability.

A key component of organizational capability is the competence of employees. This is critical to an organization’s success—and very relevant to process safety. In fact, process safety competence is both a regulatory requirement and a business improvement driver. But what does competence mean when it comes to the management of process safety?

Defining Competence

Process safety competence is an area that is sometimes misunderstood as simply providing training to employees. However, it is much more. Organizations need to understand the definition of competence and ensure employees have the basic competence required to fulfill their job function successfully.

Competence is often defined as “an individual having the right level of training and experience to enable the successful execution of defined job responsibilities”. By this definition, competence is a step beyond basic job training—one that necessitates understanding and the ability to successfully apply what is learned.

To fulfill this intent, especially for those working on the management of process safety, it is critical that employers have a structured and sustainable approach to ensure process safety competence. This may include a clear process safety competence assurance program. Not only will this assist with regulatory compliance, it is a critical element in the prevention of a process safety incident.

Steps to Ensure Competence

To successfully create an organizational culture that values and emphasizes process safety competence assurance, there are some basic steps that need to be followed, including those outlined below:

• Understand and define positions within the organization that impact or influence process safety.
• Define desired competence levels and requirements for each of these positions.
• Develop an organizational competence matrix for process safety that documents the positions and requirements.
• Assess position holders’ (i.e., employees’) process safety competence against the requirements outlined on the organizational matrix.
• Identify gaps in competence for each individual and develop individual closure plans.
• Work with employees to address identified competency gaps and verify that they have been closed.

When filling a position that has process safety requirements, the identified candidate(s) should undergo an assessment against the defined process safety requirements for the position to ensure they are competent. It is important to ensure the new employee has the required competence before they are appointed or hired. Successful candidates may have some minor gaps that can quickly be rectified, but putting candidates into jobs that impact or influence process safety as “development” or a “learning opportunity” is a large risk to the organization and unfair to the individual. It is also a practice organizations should stop if they are truly committed to process safety.

Maintaining the Commitment to Competence

To further enhance the ongoing process safety competence of an organization, each position that impacts or influences process safety must maintain the required process safety competencies identified on the competence matrix. The commitment must be sustained to be successful; it should not be a one-time effort.

Organizations can do this by:

• Reviewing competence requirements and adjusting the matrix as new requirements are identified;
• Conducting regular assessments to verify employee competence; and
• Providing opportunities for training and experiential learning that ensure process safety competence remains a top priority.

EPA Proposes to Delay RMP Rule Effective Date to 2019

On Friday, March 31, 2017, U.S. Environmental Protection Agency (EPA) Administrator Scott Pruitt announced a proposed rule to further delay the effective date of the Obama Administration’s Risk Management Program (RMP) final rule until February 19, 2019. This will give the agency time to reconsider the final RMP rule published on January 13, 2017.

Industry organizations have raised serious concerns about the final rule. The proposal to further delay the effective date of the amendments will allow the Agency time to evaluate these objections and consider other issues that may benefit from the additional public input.

OSHA has released three new guidance documents to help employers comply with the agency’s Process Safety Management (PSM) standard. PSM is critically important to facilities that store highly hazardous chemicals. Implementing the required safety programs helps prevent fires, explosions, large chemical spills, toxic gas releases, runaway chemical reactions, and other major incidents. The new documents focus on PSM compliance for Small Businesses, Storage Facilities and Explosives and Pyrotechnics Manufacturing.

EPA Puts Risk Management Program Rule on Hold

This January, the much anticipated final RMP amendments were published in the Federal Register. According to the EPA, these amendments are intended to:

• Prevent catastrophic accidents by improving accident prevention program requirements
• Enhance emergency preparedness to ensure coordination between facilities and local communities
• Improve information access to help the public understand the risks at RMP facilities
• Improve third-party audits at RMP facilities

As Kestrel indicated in a recent article when the final RMP amendments were published, RMP faces an uncertain future under the Trump Administration. It is not clear at this point whether the final RMP rule will actually be implemented as published—or at all.

We are seeing the first wave of that uncertainty demonstrated. EPA received a petition dated February 28, 2017, from the RMP Coalition requesting a reconsideration and request for a stay for the RMP rule amendments. After a proceeding for reconsideration on March 13, 2017, EPA’s Administrator signed a final rule that provides a three-month (90-day) administrative stay of the effective date of the RMP rule amendments, delaying the effective date of the final rule to June 19, 2017. This stay is intended to allow the EPA to revisit these important issues and consider alternative approaches.

Over the past 30 years, there have been numerous events both nationally and internationally that have led organizations to bring a more concerted focus to process safety. Such a focus has many such organizations building process safety elements into their management systems. The goal is to not only comply with regulations, such as OSHA 1910.119, but to also ensure sustainable programs that prevent process safety incidents from ever happening.

A large part of this effort involves integrating process safety leadership into existing programs. Improving an organization’s process safety leadership and culture can have significant and lasting impacts on a company’s process safety performance. Three steps that organizations can undertake to advance this effort include the following:

• Amending metrics to include more leading indicators that are designed to prevent process safety incidents
• Cultivating communications geared toward process safety
• Ensuring incentive schemes include measures related to process safety

Traditional Management Systems

Traditional management systems include personal safety, environmental management, and industrial hygiene as the core elements. Management systems, metrics, and communications have historically been focused on personal safety and environmental management. These areas have clear industry compliance drivers and easy-to-understand metrics for organizational leaders. The prevention of personal injury or actions to protect the environment are relatable concepts for most.

The addition of process safety to the management system structure has been a smooth transition for many organizations, as the majority of the elements that cover process safety are already part of a typical management system. However, process safety—and the incidents that can occur if not managed well—can be complex in nature to explain. The challenging part of integrating process safety into an organization becomes getting leaders both comfortable and equipped to address it.

Leading Metrics

Due to the generally low frequency of process safety incidents, the development and measurement of process safety indicators is often not a priority for organizations. Many companies rely heavily on lagging personal safety and environmental metrics (Days Away from Work Rate, Total Recordable Incident Rate, Spill Rate). Injuries are easy for leaders to understand and explain. Leaders demonstrate empathy towards their staff and contractors, again making it easier for them to relate to personal safety. Minor spills are also easily understood and easier to discuss.

While these lagging metrics are still important and can be used and communicated, organizations need to include different metrics to bring more focus on leading indicators that are designed to prevent process safety incidents. Some examples of leading metrics that can be developed, implemented, and tracked include the following:

• Identifying systems/equipment that are critical to prevent or mitigate a process safety event, and tracking their effectiveness and operability
• Tracking the completion of Management of Change (MOC)
• Tracking the effective closeout of Process Hazard Analysis (PHA) and PSM audit actions
• Assessing organizational capability around process safety and tracking identified gap closure plans
• Tracking the number of Pressure Relief Valve (PRV) activations
• Tracking anomalies from complete permit-to-work reviews

Communication

Once an organization has developed a set of leading process metrics applicable to the business, the metrics should be made visible to all staff and included in communications on business performance. Leaders also need to focus more of their strategic communications and site visits on process safety. This can include talking about leading process safety metrics and undertaking the following activities when at a facility:

• Ask members of the facility staff about the major identified hazards from the PHA
• Determine if staff are involved in reviewing and updating operating procedures
• Ask staff about the last emergency drill and actions taken
• Ask operations staff about the number of alarms they deal with on a typical shift to determine if alarm management/rationalization is required or if low criticality alarms are not burdening staff
• Hold discussion groups focused on process safety during leadership onsite visits

Incentive Schemes

Another outcome of tracking lagging metrics involves translating them into part of the organization’s incentive bonus criteria for leaders. Organizations should work to transition leadership bonus/incentive schemes away from just traditional personal safety and environmental lagging metrics, namely injury and spill rates. Again, it would not be necessary to immediately drop existing lagging metrics. Start with adding the new metrics and gradually change the percentage weightings so leading process safety indicators become the dominant factor. This will serve to reinforce the importance of process safety and incident prevention in overall business performance.

To truly have an organization that demonstrates process safety leadership and has a strong process safety culture, there need to be some changes and effective actions taken. The steps outlined in this article—amending metrics, cultivating communications toward process safety, and integrating process safety into incentive schemes—can help organizations take a few of the initial necessary steps to build process safety culture and leadership and, ultimately, prevent process safety incidents from occurring.

This year is being described as “the year of FSMA compliance,” as many compliance dates for the various FSMA rules fall in 2017. As one might expect, the FSMA law and rules include many aspects of the established Global Food Safety Initiative (GFSI) standard; however, there are also differences in how they are applied to create better food safety enforcement.

At the most basic level, GFSI is an industry conformance standard for certification, while FSMA is a compliance regulation that must be met. However, both work together to ensure companies are effectively managing food safety.

GFSI Conformance

The GFSI is facilitated by the industry network of The Consumer Goods Forum. It provides a very solid foundation and supporting objective of “safe food for consumers everywhere”.

GFSI was originally established based on a growing pattern of food safety outbreaks throughout the international marketplace. This led to the proactive development of GFSI standards as an alternative to the more limited and less effective customer audits in place at the time. An important part of this outcome was that CEOs in the food industry—not a regulatory body—determined the need to address food safety through the GFSI food safety standard.

With its beginning as a benchmarking organization, GFSI has since evolved throughout the food supply chain as a strong means for achieving global food safety. It is now established, growing, and improving across the primary supply chains within the global food market.

As such, much work to address food safety has been accomplished by GFSI over the past sixteen years. In fact, the industry-driven aspect of GFSI along the food supply chain has led many companies to achieve levels of food safety comparable to those required to achieve FSMA compliance. Based on its collaboration of food safety experts, GFSI provides for a significant evolution of food safety programs and supports those requiring FSMA compliance.

FSMA Compliance

During a similar timeframe, the United States identified food safety as a major concern for the public. In the 1990s, a growing number of food outbreaks from biological contamination continued to spread, prompting the addition of controls within both the USDA and FDA. These brought the mandated requirement for Hazards and Critical Control Points (HACCP) and supporting Good Manufacturing Practices (GMPs) to specific industry sectors. However, these efforts were measured to have limited effect, as the outbreaks continued.

By the early 2000s, the public concern for food safety continued, and the FDA was determined to make changes. Along with Congress, the FDA commissioned research into the underlying issues that were resulting in the growing number and severity of food outbreaks. This research was being conducted and analyzed just as GFSI was determining its final group of benchmarked standards. At the same time, GFSI was positioned to be advanced into the U.S. market by food industry leaders, including Cargill, McDonalds, Walmart, Kroger, Coca Cola and Wegmans.

The outcomes from the FDA studies determined that the GMPs (in existence for the past 40 years) were not effectively implemented across the U.S. food industry. Further, the studies indicated that the ability to prevent food safety issues through specific controls would provide a means for reducing the number of foodborne illness.

This effort led to the development of FSMA, which passed in January 2011. Additional FSMA rules have since been published, starting in September 2016. The FSMA rules represent a rewrite of the existing FDA food safety regulations. However, with the FSMA law taking several years to roll out, the existing FDA laws remain in effect until they are replaced. These actions expand the FDA’s jurisdiction now and until full compliance of FSMA.

Bringing GFSI and FSMA Together

The presence of GFSI in the U.S., as well as the GFSI certification of many suppliers to U.S. food importers, provides for a synergy between the GFSI standard and the FSMA law being enforced throughout the U.S. and its foreign suppliers. GFSI’s global focus provides the structure to adapt and meet many of the FSMA requirements, with the ability to expand to all FSMA requirements.

As one would expect, the FSMA law and rules include several aspects of the GFSI standard; however, there are many differences in how each is applied to encourage better food safety enforcement. For instance, GFSI has the advantage of providing the time to develop programs, and thousands of companies are certified to the various programs under the standard. Conversely, FDA is implementing FSMA compliance over several years, with 2017 being a big year for compliance (based on the rules’ published dates, company size and industry segment).

In this new order of food safety in the U.S., those companies that have achieved GFSI certification should have an advantage over those who do not, provided they can align their GFSI programs with the FSMA law requirements. However, there is also a benefit to starting with FSMA and moving to a GFSI certification.

Existing GFSI certifications provide an established framework, with many of the program requirements similar to those required by FSMA. For example, personnel are required by both to establish HACCP and Food Safety Plans, as well prerequisite procedures (PRPs) and current-Good Manufacturing Practices (cGMPs). The challenges are ensuring the complete development of these food safety procedures to guarantee they meet both GFSI and FSMA requirements.

As another example, personnel requirements are similar but different under FSMA and GFSI, which calls for training, updating and qualifying resources. Ultimately, advanced HACCP training under GFSI provides the means for establishing a Qualified Individual under FSMA, but it requires expanding the training to include FSMA Preventive Controls and procedures. The resulting plan is the Food Safety Plan, which can be based on HACCP but with the proper additions to meet FSMA requirements.

Global Food Safety Conference

The upcoming Global Food Safety Conference (February 27 – March 3 in Houston, Texas) provides an opportunity for those seeking compliance to FSMA or certification to a scheme within the GFSI Standard to get a deeper understanding of food safety. With 2017 being the year of FSMA compliance, it is very appropriate that the Global Food Safety Conference be held in the U.S. this year. The conference will provide U.S. companies attending, as well as foreign suppliers of products to the U.S. market, an educational opportunity and forum to reach out to experts from industry, government, and academia to better understand these two key areas for food safety program development. Some of the topics to be addressed at the conference include the following:

• Food safety management commitment and corporate governance
• Required training of food safety roles, including management, staff and operations
• Specific requirements of the documented food safety program or written programs under FSMA
• FDA requirements of the past and existing requirements prior to FSMA and the relationship of these as comparable to GFSI
• Implications for FDA enforcement under FSMA of these previous requirements and program requirements that may need to be formalized under FSMA
• The proof of evidence with supporting records required by FSMA that may be addressed in part by existing or GFSI-level food safety programs
• How to adapt a FSMA-level food safety plan and preventive controls cGMPs from existing programs, including GFSI, or develop these to function with existing programs
• Levels and numbers of qualified individuals, qualified auditors and competent sanitation for oversight and management of FSMA food safety plans
• Management reanalysis and update of the written FSMA programs to ensure compliance and readiness for inspection by FDA FSMA investigators
• Process used to ensure compliance with FSMA Preventive Controls and the other FSMA rules being issued in 2017 and 2018, including Foreign Suppler Verification, Sanitary Transportation and Intentional Adulteration

Kestrel has been a long-time advocate of GFSI, performing site certification program development support for hundreds of companies. We have served as a GFSI Stakeholder, Technical Working Group participant, and panelist at previous GFSI Global Food Safety Conferences. We look forward to seeing you at the 2017 GFSI Global Food Safety Conference and to helping you navigate GFSI conformance and FSMA compliance requirements.