According to the World Health Organization (WHO), foodborne diseases affect 1 in 10 people worldwide each year. Safe food is a key contributor to reducing these foodborne illnesses and other poor health conditions, including impaired development, micronutrient deficiencies, noncommunicable and communicable diseases, and mental illnesses. Only when food is safe can we fully benefit from its nutritional value.

FAO Strategic Priorities for Food Safety

In March 2023, the Food and Agriculture Organization of the United Nations (FAO) published its Strategic Priorities for Food Safety 2022-2031 to “support members in continuing to improve food safety at all levels by providing scientific advice and strengthening their food safety capacities for efficient, inclusive, resilient and sustainable agrifood systems.”  

The Strategic Priorities document is structured around four strategic outcomes:

• Governance (intergovernmental and intersectoral) is coordinated and reinforced at all levels.
• Scientific advice and evidence provide the foundation for decisions made about food safety.
• National food control systems are continually strengthened and improved by supporting members in:
  • Evaluating food control systems, identifying needs, and designing programs.
  • Developing and transitioning economy countries to participate in Codex Alimentarius work.
  • Developing and updating food safety standards, legal frameworks, government policies, and operational procedures and guidelines.
  • Generating relevant food safety data to reflect the national situation.
  • Implementing technology developments in food control and food safety management.
• Public-private partnerships along the food chain are being fostered to ensure food safety management and controls.

World Food Safety Day

On June 7, countries around the globe celebrated World Food Safety Day, focusing this year on “Food Standards Save Lives” as the theme. Established by the United Nations General Assembly in 2018, World Food Safety Day is an annual observation intended to mobilize action to prevent, detect, and manage foodborne risks and improve human health. The WHO and the FAO jointly facilitate the observance of World Food Safety Day.

This year’s theme coincides with the 60th anniversary of Codex Alimentarius, a collection of food standards, guidelines, and codes of practice that encourage governments and food safety advocates around the world to focus on the importance of applying safety standards.

Along with WHO and FAO, the U.S. Food and Drug Administration (FDA) is calling on everyone to join in the efforts to ensure safe food for all. Check out FDA’s information on ways to reduce foodborne illnesses and the Guide to World Food Safety Day 2023 for ideas on how you can participate in World Food Safety Day every day.

KTL is pleased to introduce our newest team members:

Estefania Lopez, Consultant, is an FSQA professional with nearly 10 years of experience working in the food industry. She is an SQF Practitioner and PCQI with specialized expertise in managing supplier and manufacturer compliance with state and federal food safety regulations, certification standards, supplier requirements, and internal programs. In addition, Estefania has significant laboratory experience conducting nutrient, chemical, environmental, and sensory testing. She is based in California.

Victoria Gutierrez, Consultant, is an FSQA professional with experience working across many areas of the food and beverage industry, including supply chain, distribution, and retail. She has working knowledge of FDA and USDA food safety regulations and GFSI certification standards. Victoria has experience developing and implementing digital platforms and IT systems to help manage food safety programs. She excels at finding IT solutions to improve data management and create operational efficiencies. She is based in Iowa.

Kyle Weiher, Consultant, is a Power Platform Developer with experience developing and implementing digital platforms and IT solutions to help clients manage business processes and improve performance, reliability, and compliance. Kyle is expert in various IT systems (e.g., Microsoft® SharePoint, Power Apps, Power Automate, Dataverse) and has been involved in the design, development, and implementation process of building out Power Platform solutions. He is based in Wisconsin.

Functionality: What does it do?

Certification standards are designed to ensure an organization’s customers, suppliers, and stakeholders that its products/services meet best practices. Each of these standards (e.g., ISO, GFSI, industry-specific) has a set of requirements that must be met to achieve certification. An electronic standards register organizes all of an organization’s standards requirements into an online tool, allowing for better management, tracking, and overall compliance.

Benefits: Why do you need it?

An electronic standards register:

• Assists with compliance demonstration and document control by allowing mapping of documents to specific certification standard requirements.
• Facilitates activities during remote or onsite audits.
• Ensures standard version support during future updates.
• Identifies common requirements and allows documentation to be linked between standards, as needed.
• Allows the internal audit team to complete and keep notes for the internal audit.

Technology Used

SharePoint

The National Bioengineered Food Disclosure Standard defines bioengineered foods (a/k/a genetically modified organisms (GMOs)) as “foods that contain detectable genetic material that has been modified through certain laboratory techniques and for which the modification could not be obtained through conventional breeding or found in nature.”

Genetic engineering allows scientists to take a beneficial gene (e.g., insect resistance or drought tolerance) and transfer it to a plant. Genetic modifications can create many desirable results, including higher crop yields, less crop loss, longer storage life, better appearance, enhanced nutritional value, or some combination thereof.

Genetic engineering can also be used to create a plant-based protein. The Food and Drug Administration (FDA) is aware that some developers are now exploring transferring genes for proteins that are known food allergens (including the “Big 9”) into new plant varieties for foods. Managing this introduction of food allergens into bioengineered food is a significant concern.

Regulatory Framework

The FDA, Environmental Protection Agency (EPA), and U.S. Department of Agriculture (USDA) work together to ensure bioengineered foods are as safe and healthful for humans, plants, and animals—or even more so—as their non-GMO counterparts.

• FDA ensures those who produce, process, store, ship, or sell bioengineered foods or foods with bioengineered ingredients meet the same food safety standards as all other foods. FDA’s voluntary Plant Biotechnology Consultation Program allows developers to work with FDA on a product-by-product basis to evaluate the safety of bioengineered foods before they enter the market. 
• EPA regulates the safety of the substances that protect bioengineered plants to make them resistant to insects and disease and monitors all types of pesticides used on crops.
• USDA Animal and Plant Health Inspection Service (APHIS) establishes regulations to ensure bioengineered plants do not harm other plants.

Warning Letter

In April 2023, FDA issued a letter to developers and manufacturers who intend to transfer genes for proteins that are known food allergens into new plant varieties for foods. The letter serves as an important reminder that developers of these new plant varieties are obligated to make sure the products they market are safe for consumers and implement all measures needed to comply with the Food, Drug, and Cosmetic (FD&C) Act.

If not appropriately managed, the development of these plants could result in the presence of an unexpected allergen in the bioengineered food product. And if an unexpected allergen enters the food supply, there is real risk of a severe or even life-threatening allergic reaction and, subsequently, needing to recall affected products.

Early Actions

The FDA implores, “We are specifically reminding those developers who are now exploring development of these types of plant varieties of their responsibility for food safety. In particular, we are reminding them to consider the allergenicity issues related to their products, and how they would be stewarded from production to manufacturing to consumption so that they do not inadvertently or unexpectedly enter the food supply.”

The FDA is asking developers to consider the food safety risks posed by such allergens and to plan early in development to manage those risks. Developers who intend to create these plant varieties using proteins that are food allergens need to:

• Take advantage of the Plant Biotechnology Consultation Program early in the development process to ensure new varieties meet FD&C Act requirements and consumers are protected.
• Develop a robust risk management plan that includes significantly stronger mitigation strategies and practices (e.g., crop segregation) to provide assurance that foods containing the transferred allergen are not mixed with other foods.
• Consider whether the entire supply chain can maintain appropriate conditions to prevent allergens from inadvertently entering the food supply.
• Properly label bioengineered foods by declaring the presence of an allergen on the food label.

The most effective way to respond to an emergency is to properly plan for it before it happens. That’s precisely why so many federal, state, and municipal laws and regulations require many facilities to develop and implement some sort of Emergency Response Plan (ERP).

Effective Emergency Response

An ERP is intended to outline the steps an organization needs to take in an emergency—and after—to protect workers’ health and safety, the environment, the surrounding community, and the business itself. The requirements developed by various agencies are important, as they establish the components that must be included in an ERP to comply with regulations and respond effectively.

Most ERPs contain the same basic information. However, it can get complicated when a facility is subject to more than one regulation requiring an ERP, because even though the various regulations share many similarities, they also contain important differences (e.g., command structures, training requirements, equipment needs, operating protocols). Often, facilities end up creating a different ERP to respond to the different regulatory requirements. In an actual emergency, this can create inconsistencies or, worse yet, an implementation nightmare trying to figure out which ERP to follow.

Importance of Integration

The solution lies in integration. For example, consider an integrated management system that allows organizations to align standards, find common management system components (e.g., terminology, policies, objectives, processes, resources), and add measurable and recognizable business value. The same can be done with the various ERPs required within a facility.

It shouldn’t come as a surprise that in 1996, the U.S. National Response Team (NRT) published initial guidance for consolidating multiple ERPs into one core document. The Integrated Contingency Plan (ICP or One Plan) is a single, unified ERP intended to help organizations comply with the various emergency response requirements of the Environmental Protection Agency (EPA), U.S. Coast Guard, Occupational Safety and Health Administration (OSHA), Department of Transportation (DOT), and Department of Interior (DOI). The ICP Guidance does not change any of the existing requirements of the regulations it covers; rather, it provides a format for consolidating, organizing, and presenting the required emergency response information.

While the ICP does not currently incorporate all federal regulations addressing emergency response, it does establish a basic framework for organizations to pull in ERPs for any applicable regulations. And the benefits of doing so are many:

• Streamlined planning process. A single document simplifies the planning, development, and maintenance process. When plans are integrated, it minimizes duplication of effort, eliminates discrepancies and inconsistencies, and helps the organization identify and fill in gaps.
• Improved emergency response. It is much easier—and faster—for emergency responders and employees to navigate one plan rather than multiple separate ones. One plan allows for a single command structure with defined roles rather than potentially conflicting responsibilities. This all allows responders to act quickly and decisively to minimize potential disruption to the organization and public.
• Greater compliance. An integrated ERP provides improved visibility to all parts of the organization’s emergency response and helps reveal gaps that could prove costly and/or dangerous. This is especially important for organizations that must comply with several regulations.
• Potential cost savings. Streamlined and simplified planning reduces the resources required to build the plan. An integrated ERP may also help eliminate regulatory fines and minimize the need for and associated costs of emergency response/cleanup efforts.

Find Your Format

The goal of an integrated ERP is not to create new requirements but to consolidate existing concepts into a single functional plan structure. Regardless of what the plan looks like, it should start with:

1. An assessment of the facility’s vulnerabilities to various emergency situations.
2. An understanding of the various applicable emergency planning laws and regulations to determine which specific requirements must be incorporated. For example, food emergency response has different implications that must be integrated, particularly when it comes to recovery. A food production facility that is ordered or otherwise required to cease operations during an emergency may not reopen until authorization has been granted by the regulatory authority. Food facilities also have strict guidelines to follow for salvaging, reconditioning, and/or discarding product.

With this understanding, the ERP should then comprise step-by-step guidelines for addressing the most significant emergency situations. The core plan should be straightforward and concise and outline fundamental response procedures. More detailed information can be included in the annex. Most ERPs should include the following basic elements:

• Facility information. Consolidate common elements required in various plans, including site description, statement of purpose, scope, drawings, maps, roster of emergency response personnel, emergency response equipment, key contacts for plan development and maintenance, etc.
• Steps to initiate, conduct, and terminate a response. Outline essential response actions and notification procedures, with references to the annex for more detailed information. Provide concise and specific information that is time-critical in the earliest stages of the response and a framework to guide responders through key steps to deliver an effective response.
• Designated emergency responders. Develop a single command structure for all types of emergencies. Assign qualified, high-level individuals who are familiar with emergency procedures to fill emergency roles. In addition, list the appropriate authorities for specific emergencies, as well as their contact information.
• Evacuation plan/routes and rally points. Clearly mark evacuation routes and identify rally points where employees should meet upon exiting. Do not allow employees to leave designated rally points until it has been documented they have safely left the building.
• Data and information backup technology. Develop provisions for data backup to secondary/off-site systems, as well as alternate options for communications and power.  
• Designated plan for communication. Outline who is communicating what, when they are communicating it, and how it is being communicated. This includes internal communication, as well as communication to customers/clients/suppliers/vendors that may be impacted, the media, and the appropriate regulatory authorities.
• Supporting materials. The annex should provide detailed support information based on the procedures outlined in the core plan and required regulatory compliance documentation. Importantly, facilities should create a table that cross-references individual regulatory requirements with the plan to ensure there are no gaps and to demonstrate compliance.

Ensuring Success

The goal of emergency response planning is to minimize impacts to the environment and workers’ health and safety, as well as disruptions to operations. An integrated ERP has the potential to significantly reduce the number of decisions required to respond in an emergency, eliminate confusion and disagreement regarding roles and responsibilities, and enable a timelier, more coordinated response.

That all being said, an integrated ERP will only be effective if it is thoroughly and consistently communicated to all employees. These best practices will help ensure that the integrated ERP functions not only on paper, but also in practice:

• Periodic training is vital to ensure employees understand the ERP and are fully aware of emergency response procedures. It is especially important in an integrated ERP that first responders are trained to handle all potential emergencies rather than more narrowly trained on response for a single regulation.
• Routine drills significantly improve understanding of the ERP, clarify employee roles, test procedures to ensure they work, and diminish confusion during an emergency.
• Posting an abbreviated version of the ERP throughout the plant provides easy access to all employees if an emergency occurs. This summary version of the ERP should highlight the most vital information for quick response: recognized hazards, high-level emergency procedures, evacuation routes, and key contacts.

Since corporations do not act independently, the only way to hold them accountable for a violation and to enforce the law is to hold corporate directors who are responsible for the violations accountable. They may be held to the same standard as the corporation in terms of accountability (United States v. Park, 421 U.S. 658 (1975)).

The Park Doctrine—also known as the Responsible Corporate Officer (RCO) Doctrine—imposes strict, vicarious criminal liability upon RCOs for misdemeanor Food, Drug, and Cosmetic (FD&C) Act violations. The word vicarious is important, because it means RCOs can be penalized without having personally participated in the violation, having been an accessory to it, or even being aware of it. And recently, there have been increasing cases of holding corporate leaders accountable for food safety issues that negatively impact public health.

Setting Precedent

A legal doctrine is a set of rules or principles typically established through legal precedent that courts widely follow. The following two landmark cases set the precedent for the Park Doctrine.

The Park Doctrine has its roots in a 1943 Supreme Court case—United States v. Dotterweich. In this case, the jury determined that Dotterweich, as President of the company, was guilty of FD&C Act violations because he shared in the responsibilities related to the transaction of mislabeled product, even though he had no knowledge of the violation. With this decision, the Court held that individuals could be held criminally liable for the company’s FD&C Act violations.

1975 marks the Supreme Court decision on the United States v. Park. In this case, Park (the President and CEO of a national retail food chain) knew about a rat infestation issue but delegated responsibility to employees to resolve the issue. When it was not resolved by the FDA’s inspection, Park and the company were both charged with FD&C Act violations for introducing adulterated food into interstate commerce. Again, the Court maintained that RCOs are held to strict accountability standards, and—very importantly—liability does not require proof of negligence, intent, involvement, or even awareness of wrongdoing. Rather, liability is based solely on the RCO’s role and responsibilities. Park had a duty to remedy the violations and to implement measures to prevent them—he did neither.

Park Doctrine Criteria

In January 2011, the Food and Drug Administration (FDA) published criteria for recommending Park Doctrine prosecutions that factor in the individual’s position in the company, his/her relationship to the violation, and whether the RCO had the authority to correct or prevent the violation. Specific factors under consideration also include the following:

• Whether the violation involves actual or potential harm to the public.
• Whether the violation is obvious.
• Whether the violation reflects a pattern of illegal behavior and/or failure to heed prior warnings.
• Whether the violation is widespread.
• Whether the violation is serious.
• The quality of the legal and factual support for the proposed prosecution.
• Whether the proposed prosecution is a prudent use of Agency resources.

Holding Individuals Accountable

A broad theme in law enforcement these days is holding individuals accountable, said Mary El Riordan, Senior Counsel in the Administrative & Civil Remedies Branch of the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG). Million-dollar settlements do not change behavior, but holding individuals accountable does.

On September 15, 2022, the Department of Justice (DOJ) released the Monaco Memo, affirming its focus on holding individuals accountable. Deputy Attorney General Lisa O. Monaco stated in her address that the DOJ’s top priority for corporate criminal enforcement is going after individuals who commit and profit from corporate crime. The Monaco Memo is fundamentally about individual accountability and corporate responsibility and represents a desire on the part of the DOJ and FDA to use the Park Doctrine to increase the numbers of criminal convictions of RCOs. 

Proactively Mitigating Risks

It is clear the DOJ and FDA are taking an increasingly aggressive stance and prosecuting more RCOs, even without knowledge or intent to commit a violation. In the case of the Price Doctrine, it is a crime to do nothing. It is ultimately the RCO’s duty to be aware of, prevent, and address potential violations.

To do so, there are several best practices companies can take to proactively mitigate risk:

• Implement and maintain an integrated management system (i.e., quality, food safety) to help identify compliance obligations and manage risks through an organized set of policies, procedures, practices, and resources.
• Conduct internal audits. Audits provide an essential tool for continually improving and verifying compliance performance. Routine audits should ensure policies and procedures are being followed and identify concerns before they become major violations.
• Engage in regular monitoring activities. Regular environmental monitoring that focuses heavily Zones 1 and 2 (i.e., food contact surfaces and surfaces directly adjacent to food contact surfaces, respectively) is vital to preventing foodborne illnesses.
• Establish clear roles and responsibilities for all employees, including leadership. Provide training for RCOs on the Park Doctrine so they clearly understand their duties and obligations.
• Resolve corrective and preventive actions (CAPAs) immediately. CAPAs are those actions an organization takes to make improvements and/or eliminate causes of non-conformities. Failure to conduct a CAPA may be considered a major non-conformance.
• Create a culture that encourages employees to speak freely when there are issues. Food safety culture is being integrated more completely and significantly into many of the Global Food Safety Initiative (GFSI)-benchmarked food safety certification standards to encourage widespread adoption.
• Be responsive and work with the FDA. The FDA sends warning letters to companies in violation of the FD&C Act (see example 2022 Warning Letter). The letter specifically outlines the required response and related consequences: You are responsible for investigating and determining the causes of the violations identified above and for preventing their recurrence or the occurrence of other violations. It is your responsibility to ensure your facility complies with all requirements of federal law, including FDA regulations. You should take prompt action to correct or implement corrections to the violations cited in this letter. Failure to do so may result in legal action without further notice, including, without limitation, seizure, injunction, or administrative action for suspension of food facility registration if criteria and conditions warrant.

Functionality: What does it do?

Corrective and preventive actions (CAPAs) are those actions an organization takes to make improvements and/or eliminate causes of non-conformities. The CAPA Tracking Log records, assigns, and tracks CAPAs to closure. This is important, as failure to implement and close a CAPA may be considered a major non-conformance.

KTL’s CAPA Tracking Log also tracks recommendations to improve. Unlike CAPAs, recommendations do not correct a non-conformance; rather, they are suggestions to refine or improve processes.

Benefits: Why do you need it?

The CAPA Tracking Log provides the following:

• Records, assigns, and tracks CAPAs to closure.
• Assigns tasks to specific team members.
• Communicates due dates and sends notifications when tasks are overdue.
• Facilitates verification of completed activities and associated documentation.
• Prevents the occurrence and/or recurrence of issues.
• Optimizes processes and ensures that deliverables are free from defects and other non-conformities. 

Technology Used

• SharePoint
• Power Automate

Every year on April 22, Earth Day celebrates the birth of the modern environmental movement. The very first Earth Day—spearheaded by Senator Gaylord Nelson in 1970—led to the creation of the U.S. Environmental Protection Agency (EPA) and the passage of new environmental laws, including the National Environmental Education Act, the Occupational Safety and Health Act, and the Clean Air Act. 

While the early Earth Days concentrated on enacting legislation to clean up environmental concerns, Earth Day today is largely focused on what we can do to sustain our planet for future generations…

Creating a Green Future

The EARTHDAY.ORG 2023 theme picks up from last year—”Invest in Our Planet”—and is focused on engaging governments, institutions, businesses, and citizens to do their part: everyone accounted for, everyone accountable. According to Kathleen Rogers, President of EARTHDAY.ORG, “Businesses, governments, and civil society are equally responsible for taking action against the climate crisis and lighting the spark to accelerate change towards a green, prosperous, and equitable future.” 

Government Initiatives

Governments around the globe have enacted many significant green policy initiatives, yet nearly every country in the world is not on track to meet greenhouse gas (GHG) neutrality by 2050, according to EARTHDAY.ORG.

The EPA released its most recent EPA Perspective: 5 Ways EPA is Protecting People and the Planet in honor of Earth Day. The Agency cites the following key areas the U.S. government is concentrating on to positively impact our planet:

1. Tackling the climate crisis with the urgency it demands, including technology standards for cars and trucks and funding for local governments to cut climate pollution.
2. Confronting longstanding environmental injustices and inequities, through investments in EPA’s environmental justice (EJ) initiatives to fund and support programs to reduce pollution and improve public health, particularly in historically underserved communities.
3. Improving air quality in neighborhoods across the country with several action to cut harmful air pollution and smog from power plants and industrial facilities.
4. Ensuring clean water for all families through President Biden’s Investing in America agenda, which invests billions in rebuilding our nation’s water infrastructure, and by proposing the first-ever legal limits for PFAS in drinking water.
5. Building a healthier future, from the Clean School Bus Program to accelerate a zero-emission transportation future, to starting new cleanup projects at 22 Superfund sites.

What You Can Do

Governments, businesses, and citizens are all essential in taking action to overcome the climate crisis.  When it comes to your organization, EARTHDAY.ORG suggests, “Businesses, inventors, and financial markets must drive value for their institutions and society through green innovation and practices. Like other economic revolutions, the private sector has the power to drive the most significant change, with both the necessary scale and speed.”

Change starts with action. Learn more about how you can be part of Earth Day every day.

Functionality: What does it do?

A document/records management system creates a company-wide framework for central and secure storage and organization of and access to documents and records. Having a good document management system is essential for maintaining the vast number of documents required by regulations and standards, particularly since some have retention cycles for as long as 30 years.

Benefits: Why do you need it?

Document management provides the following:

• Central and secure storage, organization, and access to documents and records locally or remotely.
• Process and document standardization.
• Higher quality data due to reduced human error.
• Improved collaboration and dissemination of document updates to staff.
• Improved document searchability and accessibility.
• Enhanced workflows for approving and completing tasks involving documents.
• Easy access for audits and clear audit trail.
• Version control and history.
• Reduced paperwork.
• Ease in uploading documents (similar to a shared network drive) and adding/updating metadata for searchability.
• Improved security of sensitive documents (permissions that can be applied at the document level).

All of which lead to more consistent, efficient, and reliable compliance performance.

Technology Used

SharePoint

Food Safety System Certification (FSSC) 22000 is a complete Global Food Safety Initiative (GFSI)-benchmarked certification scheme that is aligned with the ISO management system approach and harmonized structure. The first version of FSSC 22000 was published in 2009, and more than 16,000 sites have been certified under the scheme since.

On March 31, 2023, the Foundation FSSC published the most recent version of the FSSC 22000 scheme (FSSC V6.0) to:

• Integrate the requirements of ISO 22003-1:2022.
• Strengthen the requirements to support organizations in their contributions to meeting the United Nations’ Sustainable Development Goals.
• Incorporate feedback from the FSSC 22000 V6.0 development survey.

Overview of Changes

Foundation FSSC has set a 12-month period—between April 1, 2023 and March 31, 2024— for companies to transition from V5.1 to V6.0. In addition to changes in some of the requirements (as outlined below), V6.0 includes a realignment of the Food Chain Categories in accordance with ISO 22003-1:2022 and GFSI requirements (i.e., including Trading and Brokering (FII) and removing Farming (A)). Among others, some of the significant changes to the requirements include the following:

Food safety and quality culture. As we are seeing with other GFSI certification schemes, ISO management systems, and the FDA New Era of Smarter Food Safety, culture requirements are becoming more prominent. FSSC 22000 V6.0 requires senior management to “establish, implement, and maintain a food safety and quality culture objective as part of the management system,” addressing the following elements at a minimum: communication, training, employee feedback and engagement, and performance measurement of defined activities.

In addition, organizations must develop and implement a a documented food safety and quality culture plan that outlines objectives and timelines and follows the management system process of continuous improvement (i.e., plan-do-check-act (PDCA)).

Quality control. Quality control is a new clause of FSSC 22000 V6.0 that aligns with clauses 5.2 and 6.2 of ISO 22000:2018. Under this clause, organizations must establish, implement, and maintain a quality policy, objectives, and parameters in line with finished product specifications for all products within the scope of certification. As part of the quality program, organizations also need to establish and implement quality control and line startup and changeover procedures to ensure products meet customer and legal requirements.

Food loss and waste. The regulatory community has identified the lack of circularity in the food industry and a real need for addressing food waste. FSSC V6.0 now requires organizations to develop a documented policy with objectives and detailed strategy to reduce food loss and waste within the organization and the related supply chain.

Equipment management. Organizations must establish and implement a risk-based change management process for new equipment and/or any changes to existing equipment. This includes having documented purchase specifications to address such things as hygienic design, legal and customer requirements, and intended use of the equipment.

Allergen management. The requirement to have a documented allergen management plan is not new to V6.0. However, in addition to a including a risk assessment of all potential sources of allergen cross-contamination and related control measures, V6.0 now requires validation and verification of control measures; precautionary or warning labels as an outcome of the risk assessment to identify allergen cross-contamination risks (warning labels do not exempt the organization from implementing allergen control measures/verification testing); allergen awareness and control measures training; and annual review of the allergen management plan.

Environmental monitoring. V6.0 expands on the previous requirements for organizations to have a risk-based environmental monitoring program (EMP) for relevant pathogens, spoilage, and indicator organisms and documented procedures for evaluating the effectiveness of all controls in preventing contamination. V6.0 requires that the EMP must be reviewed for continued effectiveness at least annually, including when specific triggers occur (e.g., significant changes related to products, processes, legislation; when no positive test results have been obtained over an extended period; and when there is a repeat detection of pathogens during routine environmental monitoring).

Validation/verification of packaging claims. When a claim is made on the product label or packaging, the organization must maintain evidence of validation to support the claim and must have verification systems in place to ensure product integrity.

Food defense. V6.0 clarifies and strengthens requirements related to food defense. Organizations now must conduct and document a food defense threat assessment based on defined methodology to identify and evaluate potential threats linked to processes and products. In addition, the food defense plan must be based on the threat assessment, specify mitigation measures and verification procedures, and be implemented and supported by the food safety management system (FSMS).

Food fraud mitigation. Again, V6.0 clarifies and strengthens food fraud mitigation requirements by requiring organizations to conduct and document the food fraud vulnerability assessment to identify potential vulnerabilities and develop and implement appropriate mitigation measures. The food fraud mitigation plan must be based on the vulnerability assessment, specify mitigation measures and verification procedures, and be implemented and supported by the FSMS.

Other requirements. V6.0 also includes clarifications on the requirements for the certification process and implements the addition of a QR Code on FSSC 22000 certificates for improved traceability. It updates Communication Requirements (2.5.17) so organizations must 1) inform the certification body within three days of serious events/situations that may impact the FSMS and/or the integrity of the certification, and then 2) implement corrective measures as part of the emergency response and preparedness process. In addition, the standard requires that major nonconformities must be closed by the certification body within 28 calendar days from the last day of the audit. If this is not possible, the Corrective Action Plan must include temporary measures and controls necessary to mitigate the risk until permanent corrective action can be implemented.

Next Steps

Sites currently certified to FSSC 22000 have a transition period of 12 months to prepare their FSMS to be audited against the V6.0 requirements. The next year affords these organizations the time to assess current FSSC 22000 elements; identify improvements that are internally desirable and/or required by the new V6.0; and implement those updates to reduce nonconformances with FSSC 22000 V6.0. This can be done through a series of phases to ensure adoption throughout the organization:

Phase 1: Internal Assessment. Review existing FSSC 22000 food programs, processes, and procedures; document management systems; and employee training tools and programs to identify those areas in need of updates, development, and/or implementation to meet the requirements of V6.0.

Phase 2: FSMS Updates. Based on the assessment, develop a plan for updating your FSSC 22000 FSMS, including major activities, key milestones, and expected outcomes. This may include updating/developing programs, processes, procedures, and training with missing V6.0 requirements.

Phase 3: Training. To ensure staff are prepared to implement and sustain the updated FSSC 22000 V6.0 program, they must be trained on applicable requirements; specific plans, procedures, and good manufacturing practices (GMPs) developed to achieve compliance; and the certification roadmap to prepare for future assessments.

View the complete FSSC V6.0 standard.