Functionality: What does it do?

Vendor management is the process of coordinating vendors and suppliers. It includes activities such as selecting and approving suppliers, reviewing qualifications, negotiating contracts, ensuring quality, and compiling required documentation. KTL’s vendor management/supplier approval system provides a web-based tool to effectively approve and manage vendors and suppliers. It enables businesses to control costs, minimize potential risks related to vendors/suppliers, and meet regulatory requirements (e.g., Food Safety Modernization Action (FSMA) Foreign Supplier Verification Program (FSVP) Rule).

Benefits: Why do you need it?

KTL’s web-based supplier approval system:

• Provides a checklist to ensure all vendors and suppliers meet required criteria (e.g., certifications, licenses, performance history).
• Manages vendor and supplier-specific requirements.
• Stores and organizes supplier documents and records; suppliers can upload their own documents in a secure folder (if external user access is allowed).
• Enables facilities to conduct and manage vendor evaluations.
• Sends email notifications of supplier-related compliance deadlines.

Technology Used

• SharePoint
• Power Automate (for email notifications)

According to the Food and Drug Administration (FDA), millions of Americans have food allergies. While most reactions are mild, some people experience severe or even life-threatening symptoms. FDA’s Current Good Manufacturing Practice (cGMP), Hazard Analysis, and Risk-Based Preventive Controls for Human Food (PCHF) Rule (21 CFR Part 117) requires domestic and foreign food facilities that manufacture human food develop and implement a Food Safety Plan that includes an Allergen Program to address this concern.

Eight Becomes Nine

While many different foods can cause many different types of reactions and symptoms, the Food Allergen Labeling and Consumer Protection Act of 2004 (FALCPA) identified what has commonly been known as the “Big 8” major allergens:

1. Milk
2. Eggs
3. Fish (e.g., bass, flounder, or cod)
4. Crustacean shellfish (e.g., crab, lobster, or shrimp)
5. Tree nuts (e.g., almonds, pecans, or walnuts)
6. Wheat
7. Peanuts
8. Soybeans

Sesame was added as the ninth major food allergen when the Food Allergy Safety, Treatment, Education, and Research (FASTER) Act became effective on January 1, 2023. FALCPA requires that food labels clearly identify the food source names of any ingredients that are a major food allergen or contain protein derived from a major food allergen. The intent of FALCPA is to help allergic consumers identify foods or ingredients that they should avoid to prevent an allergic or other reaction due to hypersensitivities.

New Guidance

On the heels of the FASTER Act’s effective date, FDA recently published draft guidance for Food Allergen Programs in September 2023. This is part of the Agency’s ongoing updates to its Draft Hazard Analysis and Risk-Based Preventive Controls for Human Foods Guidance for Industry. Comprised of 16 chapters, FDA has been releasing new chapters since the guidance was announced in 2016 as they are developed to help facilities develop a Food Safety Plan in accordance with regulatory requirements. The most recent guidance published includes Chapter 11: Food Allergen Program.

Chapter 11 focuses on developing a Food Allergen Program to ensure finished food is properly labeled for major food allergens and, even more so, to protect food from major food allergen cross-contamination. According to FDA, “Some manufacturers are intentionally adding sesame to products that previously did not contain sesame and are labeling the products to indicate presence, rather than taking appropriate measures to minimize or prevent cross-contact.” Through the new guidance, FDA is encouraging industry to prevent allergen cross-contamination rather than intentionally adding sesame (or other major allergens) to products and then labeling them to comply with the law.

FDA recognizes the challenges of ensuring products are allergen-free, and the guidance is intended to help companies find solutions to meet the needs of consumers with food allergies. Chapter 11 explains how to develop and implement a Food Allergen Program by providing detailed recommendations for each aspect of the Program. It offers multiple examples for illustrative purposes that demonstrate ways to significantly minimize allergen cross-contact and undeclared allergens using cGMPs and preventive controls.

Labeling errors are the major reason for most FDA food allergen recalls. As such, the new chapter also offers guidance on how to monitor and verify that food allergies are properly declared and correctly labeled. In addition, the guidance addresses what facilities can do when allergen presence due to cross-contact cannot be completely avoided, including using allergen advisory statements.

Previously Published Guidance

The comprehensive Draft Guidance for Industry remains a work in progress. In addition to Chapter 11: Food Allergen Programs, the following draft chapters are currently available:

• Chapter 1: The Food Safety Plan
• Chapter 2: Conducting a Hazard Analysis
• Chapter 3: Potential Hazards Associated with the Manufacturing, Processing, Packing, and Holding of Human Food
• Chapter 4: Preventive Controls
• Chapter 5: Application of Preventive Controls and Preventive Control Management Components
• Chapter 6: Use of Heat Treatments as a Process Control
• Chapter 14: Recall Plan
• Chapter 15: Supply-Chain Program for Human Food Products
• Chapter 16: Acidified Foods

FDA plans to still publish the following chapters as they are developed:

• Chapter 7: Use of Time/Temperature as a Process Control
• Chapter 8: Use of Product Formulation or Drying/Dehydrating as a Process Control for Biological Hazards
• Chapter 9: Validation of a Process Control for a Bacterial Pathogen 
• Chapter 10: Sanitation Controls
• Chapter 12: Preventive Controls for Chemical Hazards
• Chapter 13: Preventive Controls for Physical Hazards
• Chapter 17: Classification of Food as Ready to Eat or Not Ready to Eat

Whether for allergen management or other identified hazards, taking a systematic approach to establishing risk-based preventive controls helps protect food products—and the consumer—from biological, chemical, and physical risks. FDA’s guidance can provide an excellent resource for meeting regulatory requirements and protecting consumers.

Functionality: What does it do?

The Occupational Safety and Health (OSH) Act requires certain employers to prepare and maintain records of work-related injuries and illnesses. Employers must keep an OSHA 300 Log and OSHA 300A Summary for each establishment or site that documents specific details when an incident occurs. KTL’s OSHA 300 PowerApp is a comprehensive intake form tailored to OSHA 300 and OSHA 300A requirements that makes it easier to collect, search, and analyze data—and maintain OSHA compliance.

Benefits: Why do you need it?

KTL’s OSHA 300 PowerApp provides the following:

• Easier data entry. The app guides users through all required OSHA questions to help ensure no crucial data points are missed.
• Reduced errors. The intuitive design and in-built checks reduce the chances of errors, leading to more accurate reporting.
• Improved searchability. Microsoft Dataverse provides quick and efficient access to stored records. The digital format makes it easy to filter, search, and analyze records and data to offer deeper insights into safety performance.
• Mobility. The PowerApp can be accessed from any device, anytime, anywhere, making the reporting process more flexible.
• Data security. Log entries are stored safely, ensuring data integrity and security.
• Improved visualization. Incident data can be viewed in real-time as two paginated reports:
  • OSHA 300 Log: Detailed record of work-related injuries and illnesses.
  • OSHA 300A: Summary of the OSHA 300 Log, which can be displayed prominently at workplaces.

Technology Used

• PowerApps
• Microsoft Dataverse
• Power BI

Audits offer a systematic, objective tool to assess compliance across the workplace and to identify any opportunities for improvement. Audits can also present an opportunity for organizational learning and development, particularly related to non-conformances. In many cases, non-conformances are not a result of intentionally ignoring the requirements; rather, they can often be attributed to not fully understanding compliance requirements.

KTL has identified three areas where our environmental auditors repeatedly identify non-conformances that stem from lack of knowledge or understanding—and what companies need to know to eliminate them.

Waste Handling

Do you know your generator status? If a facility does not accurately determine its generator status, it will likely have waste handling non-conformances during an audit.

Generator status is determined by the volume of hazardous waste the facility generates per month and accumulates onsite. There are three categories of generators:

• Very Small Quantity Generator (VSQG)
• Small Quantity Generator (SQGs)
• Large Quantity Generator (LQG)

Determining which category a facility falls into is key to understanding which requirements apply and, subsequently, maintaining compliance. How much waste does the facility generate? How much waste does the facility accumulate? What types of risks does this waste present? This information will dictate whether the facility is a VSQG, SQG, or LQG.

Hazardous waste generator status should be registered with the Environmental Protection Agency (EPA) and/or state environmental agency. Generator status can be verified in the EPA’s Enforcement and Compliance History Online (ECHO) database. If the information is incorrect, the facility will need to complete Form 8700-12 to ensure generator status is correct, as VSQGs, SQGs, and LQGs have some different requirements due to their potential impacts on the environment. From there, the facility should identify the applicable regulatory requirements and train staff on their responsibilities to avoid non-conformances.

Chemical Spillage

Any facility that generates waste needs to determine what waste is hazardous. In the event of a spill, it is critical that the facility can characterize whether the spill cleanup is hazardous or nonhazardous, as that will dictate the appropriate response. If a waste determination/characterization has been completed, this can typically be determined from the chemical’s Safety Data Sheet (SDS).

Emergency preparedness is another element of compliance when it comes to a spill. Facilities need to make sure supplies are appropriate for any spill that could potentially occur. For example, if a forklift battery leaks, that is an acid spill. The facility spill kit should contain baking soda to neutralize the acid.

Universal Waste

EPA regulates a class of waste referred to as universal waste. Universal wastes are hazardous in their composition but can be recycled. Under EPA’s definition, the following are the current universal waste streams:

• Batteries (Li, Ni-Cd, Ag, Hg)
• Mercury-containing equipment (MCE)
• Electric lamps
• Cathode ray tubes (in electronics)
• Pesticides (recalled or farmer-generated)
• Non-empty aerosol cans (in some states)
• Others, as determined by state-specific regulations

EPA regulators have focused on these waste streams as a source of penalty for the past decade. Failure to collect, label, store, and recycle universal waste properly is one of the most frequent citations issued. Although not as complex as the requirements for proper hazardous waste management, universal waste has nuances that a generator must be aware of to properly meet the regulatory requirements.

Universal waste doesn’t “count” against generator status. It does not have to be manifested but generally requires specific labeling language (e.g., universal waste lamp, universal waste battery). Universal waste must also be stored in closed, intact containers. Universal waste can only be kept onsite for one year, so these containers should be dated when the first waste is added as a best practice or a log/schedule should be maintained of dates. A mail-back program for universal waste may be an appropriate consideration for generators of small quantities of universal waste to comply with disposal regulations.

Remedy for Compliance

Many of the non-conformances found in these three areas can be relatively simply remedied—or avoided altogether by making sure facilities educate and train impacted staff on how to:

1. Inventory, characterize, and quantify wastes.
2. Determine/verify generator status.
3. Identify applicable federal and state regulatory requirements based on the above. States may have additional rules provided they are at least as stringent as the federal requirements.
4. Implement the appropriate procedures, programs, systems, and training to eliminate non-conformances.

Functionality: What does it do?

Whether a company sells directly to consumers or to other manufacturers, managing, monitoring, responding to, and trending customer complaints is an important part of a risk management strategy.  KTL’s customer complaints log provides a central location for companies to capture and respond to customer complaints—and then trend that data to ensure complaints are tracked to closure and any necessary changes are made to alleviate company risk. 

Benefits: Why do you need it?

A web-based customer complaints log:

• Simplifies collection of customer complaint information via electronic forms.
• Aggregates all customer complaints in one central database to support the management and trending of customer complaint data.
• Documents, assigns, and tracks resolution of customer complaints.
• Establishes follow-up action requirements and associated deadlines to ensure any required changes are made.
• Helps manage the risks associated with customer complaints and potential recalls.
• Meets certification standard requirements for complaint management (e.g., Global Food Safety Initiative (GFSI)).

Technology Used

• Power Apps: Creates customized forms and applications for data capture and initial complaint logging.
• Power BI: Allows for advanced analytics, data visualization, and trending of customer complaint data.
• Power Automate: Automates the workflow, task assignments, reminders, and follow-up actions related to complaints.

In July, the Safe Quality Food (SQF) Institute published an article citing the most common non-conformances encountered during certification audits. Interestingly, the transition to SQF edition 9 has changed the number and types (i.e., critical, major, minor) of non-conformances SQF is seeing, with non-conformances related to pest prevention, Food Safety Plan, cleaning and sanitation, and management review and internal audits topping the list.

KTL’s food safety experts break down SQF’s top non-conformances and what you can do to address them.

Prioritizing Pest Prevention 

According to SQF, pest prevention is the leading non-conformance under edition 9, with both critical and major findings. Exposure to pests—and the diseases they carry—creates the risk of food contamination and the spread of infectious diseases. Companies need a pest prevention program, whether managed internally or by a third-party contractor, that integrates sufficient measures to minimize pest populations. This may include mechanical preventions and controls, waste minimization, or controlled use of pesticides.

KTL Recommendations:

• Review any findings with your food safety team and the pest control contractor, if used. Include frequent review of the approved chemicals or chemicals used for any treatment and ensure the site has access to copies of their safety data sheets (SDSs). Corrective and preventive actions (CAPAs) should be applied to act right away on any open observations. CAPAs should be regularly monitored and tracked to closure. If a third-party contractor is used, open observations should be discussed with the contractor; they may have helpful information on how to handle a pest issue.
• Review pest control trending data at monthly management review meetings. This will help ensure pest prevention data is tracked and monitored. It can also help identify larger, more systemic issues that might necessitate additional CAPAs to resolve the problems.
• Incorporate evaluation of pest prevention performance into the validation and verification schedule.
  • Validation should include review of inspection records (at each visit), an annual assessment by the food safety team or pest control provider, and review of trends at the annual management review meeting.
  • Verification should include a monthly visual inspection during internal good management practices (GMP) inspections. A simple check to ensure these inspections are thorough enough can involve putting a business card in a tin can for pest control to find and identify on the report.

SQF Tip Sheet: Pest Prevention

Strengthening the Food Safety Plan 

The Hazard Analysis and Critical Control Points (HACCP) Food Safety Plan is the foundation of the SQF System. Given this, it makes sense that non-conformances related to the Food Safety Plan always top the list. SQF indicates that many of these findings are now being marked as critical with edition 9. The most common non-conformances include missing hazard analysis, incomplete ingredient hazard analysis, and misidentification of critical control points (CCPs).

KTL Recommendations:

• Review and update the HACCP Plan at least annually or whenever there is a change to operations (e.g., ingredients, processes, equipment, etc.) to ensure all inputs and outputs are identified and appropriately managed.
• Use a risk ranking chart to identify risks; determine their severity and likelihood; and document when a hazard is controlled by a GMP, CCP, or other preventive control (PC).
• Use specification sheets and known information about ingredients to facilitate the identification of hazards during the hazard analysis. Ensure copies of any studies or guidance documents are available to the HACCP team and any applicable updated scientific consensus is reviewed. Hazards should be specifically identified rather than just listed as general categories (e.g., biological, chemical, etc.).
• Document everything in a food safety management system (FSMS). Recordkeeping proves that all requirements of the Plan are met.

SQF Tip Sheet: HACCP Food Safety Plan

Emphasizing Cleaning and Sanitation 

Cleaning and sanitation methods vary based on the nature of operations, as well as the microbiological and allergen risks. Regardless, every facility needs to develop, implement, and document a cleaning and sanitation program that fits their production processes. According to SQF, this area remains second on the list of major findings in edition 9.

KTL Recommendations:

• Understand all the areas and equipment that need to be cleaned and sanitized in the facility. Pay attention to the condition of floors, ceilings, walls, doors, etc. to ensure you are maintaining a hygienic and safe environment.
• Create a robust cleaning and sanitation, preventive maintenance, and maintenance schedule. Regular maintenance of equipment, utensils, and building materials is crucial to prevent non-conformances.
• Incorporate monitoring of the cleaning and sanitation program into the validation and verification process:
  • Validation: Review sanitation records and logs, environmental monitoring records, and trending data to identify areas of concern.
  • Verification: Conduct visual inspections and records review. Consider swab testing to monitor compliance and trends, especially if using a contracted company for cleaning and sanitation. Review GMP inspection findings and CAPAs at monthly management meetings and track to closure.

SQF Tip Sheet: Cleaning and Sanitation

Management Review and Internal Audits 

SQF includes management review (2.1.2.1) as minor nonconformance, highlighting the importance of incorporating food safety culture into the review process. Internal audits remain a crucial way to identify areas of improvement, though they are now on the minor non-conformance list.

KTL Recommendations:

• Set objectives/goals for the year and monitor the performance of these objectives at monthly and annual management review meeting. Resources should be allocated appropriately based on trends identified in these meetings to reach goals and ensure the overall effectiveness of the food safety culture.
• Conduct regular GMP inspections, trend results, review them during management meetings, and identify CAPAs, as necessary.
• Distribute food safety questionnaires to personnel to gather input. Review results during management review meetings and use the data collected to create action plans for maintaining or improving scores.
• Conduct a comprehensive internal audit at least annually and address any identified gaps in compliance. Internal audit findings should be reviewed at monthly and annual management review meetings. CAPAs should be assigned for findings, and data can be used to refine food safety objectives/goals.

SQF Tip Sheets: Management Commitment / Internal Audit Plan

Knowing and truly understanding the requirements of the SQF Code—or any of the Global Food Safety Initiative (GFSI) certification standards—is essential to avoiding non-conformances. Paying particular attention to the identified top non-conformances can help facilities to proactively mitigate these risks, strengthen food safety culture, and improve overall compliance.

We are pleased to welcome Lucas Velez to the KTL team! Lucas is an Environmental Engineer with specialized experience in solid and liquid waste management and process optimization. He has worked at some of the largest breweries in Latin America developing systems to quantify the amounts of solid and liquid residue produced in each of the plants. Lucas provides project support in these areas, as well as general environmental management (e.g., air quality, wastewater treatment, renewable energy), program development, and compliance support services. He excels at deploying environmental procedures and standards that address regulatory requirements and company policies and initiatives. He is based in Atlanta. View his full bio…

Functionality: What does it do?

Training is a key component of maintaining ongoing compliance—whether with regulatory requirements, supply chain mandates, or internal policies. Having a system that records employee training is critical, especially to ensure policies, procedures, and work instructions are followed. KTL’s training tracking systems allow for the centralized implementation, management, tracking, scheduling, assignment, and analysis of organizational training efforts.

Benefits: Why do you need it?

A web-based training tracking system can help:

• Outline and document training requirements.
• Create training plans and workflows for scheduling training and assignments by job title and function.
• Ensure competency through online quizzes.
• Log and track training and certifications completed—including classes, required reading, online education, CEUs, and outside certifications.
• Track certification/training expirations and send notifications to complete training.
• Create individual dashboards and training reports for managers and employees, improving accessibility of training expectations and records.
• Demonstrate compliance with regulatory requirements for training.

Technology Used

• SharePoint to store the training data
• PowerApps to record and manage course information
• Power Automate for email notifications

KTL is excited to be joining the 2023 Midwest Environmental Compliance Conference (MECC) in Overland Park, Kansas, September 26-27, 20023 as a featured presenter. MECC takes a fresh, regional approach to the increasingly difficult task of environmental compliance, permitting, enforcement, and other critical environmental issues that impact Midwest facilities and institutions.

KTL’s presentions are part of the workshop’s technical agenda:

What is an energy audit—and why you should do one
September 26, 2023 | 12:30 pm | Coulter Wood, CEM, CPEA, Senior Consultant

Want to reach your sustainability goals, improve your energy efficiency, and save money? Learn what an energy audit is, how it can help you better understand your energy usage and issues, and how you can leverage your audit to identify opportunities to create energy efficiencies and reduce your carbon footprint.

The big secret: you already have the software you need to manage EHS programs
September 27, 2023 | 9:35 am | Joe Tell, Principal

Implementing software to manage EHS compliance sounds expensive, but it doesn’t have to be—not when most companies already have the software they need. See how to leverage the Microsoft Power Platform® to elevate EHS and effectively manage compliance documentation and data.

Safe + Sound Week

At the most basic level, a root cause is the fundamental reason—or the highest-level cause—for the occurrence of a problem, incident, or event. Getting to the root cause of any problem is important not just for resolving the issue at hand, but for identifying underlying issues to ensure that similar problems do not recur in the future. Importantly, finding the root cause should not focus on placing blame on an individual but rather on finding the systemic cause of an incident. This starts with a process called the root cause analysis (RCA).

What Is the Root Cause Analysis (RCA)?

RCA is a method of problem-solving used to identify the underlying (i.e., root) cause(s) of a problem or incident. It is a systematic process based on the basic idea that effective management requires more than merely putting out fires and treating symptoms. RCA seeks to identify and address the true, underlying concerns that contribute to a problem or event.

Why is this important? If you just treat the symptoms of the problem, that alleviates them for the short term, but it does nothing to prevent the problem from coming back again. Lasting solutions address the underlying factors—the root cause(s)— that create the problem in the first place. Targeting corrective measures at the identified root causes, subsequently, is the best way to alleviate risk and ensure that similar problems do not occur in the future.

Best Practice

The Occupational Safety and Health Administration (OSHA) encourages organizations to conduct RCA following any incident or near miss at a facility. RCA can be broken down into a simple six-step process, as outlined below.

Step 1: Identify and Clearly Describe the Problem

The first step is to understand and document the problem/issue/incident that occurred. This might involve interviewing key staff, reviewing security footage, investigating the site, etc. to get an accurate account of the issue. Safety-related incidents might require an immediate fix or prompt action before carrying out the complete RCA. This is always the priority.

Some problems are easier to define than others based on what happened and the extent of the issue. When defining and describing the problem, it is important to be as descriptive as possible, as this will aid in future steps to identify the root cause(s).

Step 2: Identify Possible Causes…Why?

There are several methods for identifying possible root causes, including the following:

• 5 Why Method simply involves asking the question “Why” enough times (i.e., five times) to get past all the symptoms of a problem and down to the underlying root cause of the issue.
• Event Analysis builds a detailed timeline around the target event and analyzes it to see where things went wrong. This method is best for one-time incidents versus a pattern of behavior.
• Change Analysis helps determine the root cause of a general shift in behavior. It looks at all changes in the organization that preceded the change in safety behavior/metrics; defines the relationship between possible causes and effects; and categorizes each organizational change as either unrelated, correlated, contributing, or root cause.
• Fishbone or Ishikawa Diagram is a visual cause-and-effect diagram that encourages you to think of every possible cause by examining a wide variety of aspects of the incident.

Step 3: Identify Root Cause(s)

Where does your questioning lead you? Is there one root cause or a series of root causes that emerge? The root cause(s) of most incidents ultimately fall under one of the following:

• Poor management/supervision
• Lack of company culture
• Insufficient work environment
• Improper training

Again, identifying the root cause should not focus on placing blame on an individual but rather on finding the systemic cause of an incident.

Step 4: Corrective and/or Preventive Action Taken

Based on the identified root causes, it then becomes possible for the facility to determine what corrective and/or prevention actions (CAPAs) can be taken to fix the problem and, just as important, prevent it from recurring in the future.

Step 5: Analyze Effectiveness

The effectiveness of whatever action is taken in step 4 needs to be evaluated to determine whether it will resolve the root cause. If not, another CAPA should be explored, implemented, and analyzed to assess its impact on the issue/problem. If it is a root cause, it should help to resolve the issue and you should move on to step 6 below.

Step 6: Update Procedures, as necessary

As CAPAs are implemented, once they prove effective, related policies and procedures must be updated to reflect any changes made. This step ensures the outcomes of the RCA will be integrated into operations and used to prevent similar incidents from happening in the future.

Benefits of RCA

Following these steps will help ensure a thorough investigation that identifies root cause(s) versus just symptoms is conducted. It further ensures that any changes related to the root cause are integrated into the organization to prevent similar events from happening again. In the end, the RCA can help:

• Reduce the risk of injury and/or death to workers and community members.
• Avoid unnecessary costs resulting from business interruption; emergency response and cleanup; increased regulation, audits, and inspections; and OSHA fines.
• Improve public trust by maintaining an incident-free record.
• More effectively control hazards, improve process reliability, increase revenues, decrease production costs, lower maintenance costs, and lower insurance premiums.