The most effective way to respond to an emergency is to properly plan for it before it happens. That’s precisely why so many federal, state, and municipal laws and regulations require many facilities to develop and implement some sort of Emergency Response Plan (ERP).

Effective Emergency Response

An ERP is intended to outline the steps an organization needs to take in an emergency—and after—to protect workers’ health and safety, the environment, the surrounding community, and the business itself. The requirements developed by various agencies are important, as they establish the components that must be included in an ERP to comply with regulations and respond effectively.

Most ERPs contain the same basic information. However, it can get complicated when a facility is subject to more than one regulation requiring an ERP, because even though the various regulations share many similarities, they also contain important differences (e.g., command structures, training requirements, equipment needs, operating protocols). Often, facilities end up creating a different ERP to respond to the different regulatory requirements. In an actual emergency, this can create inconsistencies or, worse yet, an implementation nightmare trying to figure out which ERP to follow.

Importance of Integration

The solution lies in integration. For example, consider an integrated management system that allows organizations to align standards, find common management system components (e.g., terminology, policies, objectives, processes, resources), and add measurable and recognizable business value. The same can be done with the various ERPs required within a facility.

It shouldn’t come as a surprise that in 1996, the U.S. National Response Team (NRT) published initial guidance for consolidating multiple ERPs into one core document. The Integrated Contingency Plan (ICP or One Plan) is a single, unified ERP intended to help organizations comply with the various emergency response requirements of the Environmental Protection Agency (EPA), U.S. Coast Guard, Occupational Safety and Health Administration (OSHA), Department of Transportation (DOT), and Department of Interior (DOI). The ICP Guidance does not change any of the existing requirements of the regulations it covers; rather, it provides a format for consolidating, organizing, and presenting the required emergency response information.

While the ICP does not currently incorporate all federal regulations addressing emergency response, it does establish a basic framework for organizations to pull in ERPs for any applicable regulations. And the benefits of doing so are many:

• Streamlined planning process. A single document simplifies the planning, development, and maintenance process. When plans are integrated, it minimizes duplication of effort, eliminates discrepancies and inconsistencies, and helps the organization identify and fill in gaps.
• Improved emergency response. It is much easier—and faster—for emergency responders and employees to navigate one plan rather than multiple separate ones. One plan allows for a single command structure with defined roles rather than potentially conflicting responsibilities. This all allows responders to act quickly and decisively to minimize potential disruption to the organization and public.
• Greater compliance. An integrated ERP provides improved visibility to all parts of the organization’s emergency response and helps reveal gaps that could prove costly and/or dangerous. This is especially important for organizations that must comply with several regulations.
• Potential cost savings. Streamlined and simplified planning reduces the resources required to build the plan. An integrated ERP may also help eliminate regulatory fines and minimize the need for and associated costs of emergency response/cleanup efforts.

Find Your Format

The goal of an integrated ERP is not to create new requirements but to consolidate existing concepts into a single functional plan structure. Regardless of what the plan looks like, it should start with:

1. An assessment of the facility’s vulnerabilities to various emergency situations.
2. An understanding of the various applicable emergency planning laws and regulations to determine which specific requirements must be incorporated. For example, food emergency response has different implications that must be integrated, particularly when it comes to recovery. A food production facility that is ordered or otherwise required to cease operations during an emergency may not reopen until authorization has been granted by the regulatory authority. Food facilities also have strict guidelines to follow for salvaging, reconditioning, and/or discarding product.

With this understanding, the ERP should then comprise step-by-step guidelines for addressing the most significant emergency situations. The core plan should be straightforward and concise and outline fundamental response procedures. More detailed information can be included in the annex. Most ERPs should include the following basic elements:

• Facility information. Consolidate common elements required in various plans, including site description, statement of purpose, scope, drawings, maps, roster of emergency response personnel, emergency response equipment, key contacts for plan development and maintenance, etc.
• Steps to initiate, conduct, and terminate a response. Outline essential response actions and notification procedures, with references to the annex for more detailed information. Provide concise and specific information that is time-critical in the earliest stages of the response and a framework to guide responders through key steps to deliver an effective response.
• Designated emergency responders. Develop a single command structure for all types of emergencies. Assign qualified, high-level individuals who are familiar with emergency procedures to fill emergency roles. In addition, list the appropriate authorities for specific emergencies, as well as their contact information.
• Evacuation plan/routes and rally points. Clearly mark evacuation routes and identify rally points where employees should meet upon exiting. Do not allow employees to leave designated rally points until it has been documented they have safely left the building.
• Data and information backup technology. Develop provisions for data backup to secondary/off-site systems, as well as alternate options for communications and power.  
• Designated plan for communication. Outline who is communicating what, when they are communicating it, and how it is being communicated. This includes internal communication, as well as communication to customers/clients/suppliers/vendors that may be impacted, the media, and the appropriate regulatory authorities.
• Supporting materials. The annex should provide detailed support information based on the procedures outlined in the core plan and required regulatory compliance documentation. Importantly, facilities should create a table that cross-references individual regulatory requirements with the plan to ensure there are no gaps and to demonstrate compliance.

Ensuring Success

The goal of emergency response planning is to minimize impacts to the environment and workers’ health and safety, as well as disruptions to operations. An integrated ERP has the potential to significantly reduce the number of decisions required to respond in an emergency, eliminate confusion and disagreement regarding roles and responsibilities, and enable a timelier, more coordinated response.

That all being said, an integrated ERP will only be effective if it is thoroughly and consistently communicated to all employees. These best practices will help ensure that the integrated ERP functions not only on paper, but also in practice:

• Periodic training is vital to ensure employees understand the ERP and are fully aware of emergency response procedures. It is especially important in an integrated ERP that first responders are trained to handle all potential emergencies rather than more narrowly trained on response for a single regulation.
• Routine drills significantly improve understanding of the ERP, clarify employee roles, test procedures to ensure they work, and diminish confusion during an emergency.
• Posting an abbreviated version of the ERP throughout the plant provides easy access to all employees if an emergency occurs. This summary version of the ERP should highlight the most vital information for quick response: recognized hazards, high-level emergency procedures, evacuation routes, and key contacts.

Since corporations do not act independently, the only way to hold them accountable for a violation and to enforce the law is to hold corporate directors who are responsible for the violations accountable. They may be held to the same standard as the corporation in terms of accountability (United States v. Park, 421 U.S. 658 (1975)).

The Park Doctrine—also known as the Responsible Corporate Officer (RCO) Doctrine—imposes strict, vicarious criminal liability upon RCOs for misdemeanor Food, Drug, and Cosmetic (FD&C) Act violations. The word vicarious is important, because it means RCOs can be penalized without having personally participated in the violation, having been an accessory to it, or even being aware of it. And recently, there have been increasing cases of holding corporate leaders accountable for food safety issues that negatively impact public health.

Setting Precedent

A legal doctrine is a set of rules or principles typically established through legal precedent that courts widely follow. The following two landmark cases set the precedent for the Park Doctrine.

The Park Doctrine has its roots in a 1943 Supreme Court case—United States v. Dotterweich. In this case, the jury determined that Dotterweich, as President of the company, was guilty of FD&C Act violations because he shared in the responsibilities related to the transaction of mislabeled product, even though he had no knowledge of the violation. With this decision, the Court held that individuals could be held criminally liable for the company’s FD&C Act violations.

1975 marks the Supreme Court decision on the United States v. Park. In this case, Park (the President and CEO of a national retail food chain) knew about a rat infestation issue but delegated responsibility to employees to resolve the issue. When it was not resolved by the FDA’s inspection, Park and the company were both charged with FD&C Act violations for introducing adulterated food into interstate commerce. Again, the Court maintained that RCOs are held to strict accountability standards, and—very importantly—liability does not require proof of negligence, intent, involvement, or even awareness of wrongdoing. Rather, liability is based solely on the RCO’s role and responsibilities. Park had a duty to remedy the violations and to implement measures to prevent them—he did neither.

Park Doctrine Criteria

In January 2011, the Food and Drug Administration (FDA) published criteria for recommending Park Doctrine prosecutions that factor in the individual’s position in the company, his/her relationship to the violation, and whether the RCO had the authority to correct or prevent the violation. Specific factors under consideration also include the following:

• Whether the violation involves actual or potential harm to the public.
• Whether the violation is obvious.
• Whether the violation reflects a pattern of illegal behavior and/or failure to heed prior warnings.
• Whether the violation is widespread.
• Whether the violation is serious.
• The quality of the legal and factual support for the proposed prosecution.
• Whether the proposed prosecution is a prudent use of Agency resources.

Holding Individuals Accountable

A broad theme in law enforcement these days is holding individuals accountable, said Mary El Riordan, Senior Counsel in the Administrative & Civil Remedies Branch of the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG). Million-dollar settlements do not change behavior, but holding individuals accountable does.

On September 15, 2022, the Department of Justice (DOJ) released the Monaco Memo, affirming its focus on holding individuals accountable. Deputy Attorney General Lisa O. Monaco stated in her address that the DOJ’s top priority for corporate criminal enforcement is going after individuals who commit and profit from corporate crime. The Monaco Memo is fundamentally about individual accountability and corporate responsibility and represents a desire on the part of the DOJ and FDA to use the Park Doctrine to increase the numbers of criminal convictions of RCOs. 

Proactively Mitigating Risks

It is clear the DOJ and FDA are taking an increasingly aggressive stance and prosecuting more RCOs, even without knowledge or intent to commit a violation. In the case of the Price Doctrine, it is a crime to do nothing. It is ultimately the RCO’s duty to be aware of, prevent, and address potential violations.

To do so, there are several best practices companies can take to proactively mitigate risk:

• Implement and maintain an integrated management system (i.e., quality, food safety) to help identify compliance obligations and manage risks through an organized set of policies, procedures, practices, and resources.
• Conduct internal audits. Audits provide an essential tool for continually improving and verifying compliance performance. Routine audits should ensure policies and procedures are being followed and identify concerns before they become major violations.
• Engage in regular monitoring activities. Regular environmental monitoring that focuses heavily Zones 1 and 2 (i.e., food contact surfaces and surfaces directly adjacent to food contact surfaces, respectively) is vital to preventing foodborne illnesses.
• Establish clear roles and responsibilities for all employees, including leadership. Provide training for RCOs on the Park Doctrine so they clearly understand their duties and obligations.
• Resolve corrective and preventive actions (CAPAs) immediately. CAPAs are those actions an organization takes to make improvements and/or eliminate causes of non-conformities. Failure to conduct a CAPA may be considered a major non-conformance.
• Create a culture that encourages employees to speak freely when there are issues. Food safety culture is being integrated more completely and significantly into many of the Global Food Safety Initiative (GFSI)-benchmarked food safety certification standards to encourage widespread adoption.
• Be responsive and work with the FDA. The FDA sends warning letters to companies in violation of the FD&C Act (see example 2022 Warning Letter). The letter specifically outlines the required response and related consequences: You are responsible for investigating and determining the causes of the violations identified above and for preventing their recurrence or the occurrence of other violations. It is your responsibility to ensure your facility complies with all requirements of federal law, including FDA regulations. You should take prompt action to correct or implement corrections to the violations cited in this letter. Failure to do so may result in legal action without further notice, including, without limitation, seizure, injunction, or administrative action for suspension of food facility registration if criteria and conditions warrant.

Location: Chicago, Illinois (other locations considered)

KTL is seeking a Food Safety Specialist with 5-10 years of professional food safety consulting or relevant food industry experience to join our team. This individual will work under the direction of KTL Project Managers and Senior Consultants to manage and execute tasks for KTL’s food safety projects and meet client expectations. The Food Safety Specialist must have working knowledge of FDA, USDA, and GFSI requirements as they apply to food/food packaging manufacturing, processing, and distribution, and experience implementing/maintaining food safety documents and plans.  

Responsibilities and tasks include the following: 

• Providing HACCP, SOP, and SSOP development and implementation support 
• Conducting gap assessments to FDA, USDA, and GFSI (i.e., IFS, BRC, FSSC22000, SQF) requirements 
• Conducting relevant food safety training for clients  
• Researching FDA, USDA, and GFSI regulatory requirements and maintaining standards updates 
• Researching labeling regulatory review 
• Interpreting third–party regulatory audits 
• Reviewing, recommending, and coordinating efforts for environmental contaminants and pathogen testing program 
• Working with clients and KTL senior staff to identify Food Safety Management System (FSMS) and program gaps and implement solutions for continuous improvement  
• Maintaining and updating documents to ensure conformance and compliance consistency 
• Participating in the development and management of KTL’s SharePoint® tools  
• Assisting in growing clients and other business development efforts, as requested 

Requirements

• B.S. degree in food science, biology, chemistry,  technology, microbiology, or other related life science  
• 5-10 years of related food industry experience in Quality Assurance/Control; experience in cooking, processing, manufacturing dairy, low-acid canned food, meat, or seafood preferred 
• Excellent communication and presentation skills  
• Excellent research, analytical, writing, and organizational skills 

 Preferred

• Microsoft SharePoint® and information management systems experience 
• High–risk food or ingredients experience  
• Understanding of food safety in food packaging 

How to Apply

Forward a resume to recruiting@kestreltellevate.com.

Company Description

KTL is a management consulting firm providing EHS, sustainability, food safety, and quality consulting services to a wide range of industry, municipal, university, and government clients. Our focus is to build strong, long-term client partnerships and provide value-added solutions that simplify management systems, improve compliance, and establish more sustainable operations. KTL specializes in developing and implementing strategies, processes, and tools that complement our clients’ investments in existing programs and resources. Our highly qualified personnel have an in-depth knowledge of U.S. federal, state, and international EHS requirements; global food safety compliance; ISO management systems; and information management tools. Our consultants possess the education, work experience, and professional registrations necessary to provide value-adding consulting services to our clients. 

Food Safety System Certification (FSSC) 22000 is a complete Global Food Safety Initiative (GFSI)-benchmarked certification scheme that is aligned with the ISO management system approach and harmonized structure. The first version of FSSC 22000 was published in 2009, and more than 16,000 sites have been certified under the scheme since.

On March 31, 2023, the Foundation FSSC published the most recent version of the FSSC 22000 scheme (FSSC V6.0) to:

• Integrate the requirements of ISO 22003-1:2022.
• Strengthen the requirements to support organizations in their contributions to meeting the United Nations’ Sustainable Development Goals.
• Incorporate feedback from the FSSC 22000 V6.0 development survey.

Overview of Changes

Foundation FSSC has set a 12-month period—between April 1, 2023 and March 31, 2024— for companies to transition from V5.1 to V6.0. In addition to changes in some of the requirements (as outlined below), V6.0 includes a realignment of the Food Chain Categories in accordance with ISO 22003-1:2022 and GFSI requirements (i.e., including Trading and Brokering (FII) and removing Farming (A)). Among others, some of the significant changes to the requirements include the following:

Food safety and quality culture. As we are seeing with other GFSI certification schemes, ISO management systems, and the FDA New Era of Smarter Food Safety, culture requirements are becoming more prominent. FSSC 22000 V6.0 requires senior management to “establish, implement, and maintain a food safety and quality culture objective as part of the management system,” addressing the following elements at a minimum: communication, training, employee feedback and engagement, and performance measurement of defined activities.

In addition, organizations must develop and implement a a documented food safety and quality culture plan that outlines objectives and timelines and follows the management system process of continuous improvement (i.e., plan-do-check-act (PDCA)).

Quality control. Quality control is a new clause of FSSC 22000 V6.0 that aligns with clauses 5.2 and 6.2 of ISO 22000:2018. Under this clause, organizations must establish, implement, and maintain a quality policy, objectives, and parameters in line with finished product specifications for all products within the scope of certification. As part of the quality program, organizations also need to establish and implement quality control and line startup and changeover procedures to ensure products meet customer and legal requirements.

Food loss and waste. The regulatory community has identified the lack of circularity in the food industry and a real need for addressing food waste. FSSC V6.0 now requires organizations to develop a documented policy with objectives and detailed strategy to reduce food loss and waste within the organization and the related supply chain.

Equipment management. Organizations must establish and implement a risk-based change management process for new equipment and/or any changes to existing equipment. This includes having documented purchase specifications to address such things as hygienic design, legal and customer requirements, and intended use of the equipment.

Allergen management. The requirement to have a documented allergen management plan is not new to V6.0. However, in addition to a including a risk assessment of all potential sources of allergen cross-contamination and related control measures, V6.0 now requires validation and verification of control measures; precautionary or warning labels as an outcome of the risk assessment to identify allergen cross-contamination risks (warning labels do not exempt the organization from implementing allergen control measures/verification testing); allergen awareness and control measures training; and annual review of the allergen management plan.

Environmental monitoring. V6.0 expands on the previous requirements for organizations to have a risk-based environmental monitoring program (EMP) for relevant pathogens, spoilage, and indicator organisms and documented procedures for evaluating the effectiveness of all controls in preventing contamination. V6.0 requires that the EMP must be reviewed for continued effectiveness at least annually, including when specific triggers occur (e.g., significant changes related to products, processes, legislation; when no positive test results have been obtained over an extended period; and when there is a repeat detection of pathogens during routine environmental monitoring).

Validation/verification of packaging claims. When a claim is made on the product label or packaging, the organization must maintain evidence of validation to support the claim and must have verification systems in place to ensure product integrity.

Food defense. V6.0 clarifies and strengthens requirements related to food defense. Organizations now must conduct and document a food defense threat assessment based on defined methodology to identify and evaluate potential threats linked to processes and products. In addition, the food defense plan must be based on the threat assessment, specify mitigation measures and verification procedures, and be implemented and supported by the food safety management system (FSMS).

Food fraud mitigation. Again, V6.0 clarifies and strengthens food fraud mitigation requirements by requiring organizations to conduct and document the food fraud vulnerability assessment to identify potential vulnerabilities and develop and implement appropriate mitigation measures. The food fraud mitigation plan must be based on the vulnerability assessment, specify mitigation measures and verification procedures, and be implemented and supported by the FSMS.

Other requirements. V6.0 also includes clarifications on the requirements for the certification process and implements the addition of a QR Code on FSSC 22000 certificates for improved traceability. It updates Communication Requirements (2.5.17) so organizations must 1) inform the certification body within three days of serious events/situations that may impact the FSMS and/or the integrity of the certification, and then 2) implement corrective measures as part of the emergency response and preparedness process. In addition, the standard requires that major nonconformities must be closed by the certification body within 28 calendar days from the last day of the audit. If this is not possible, the Corrective Action Plan must include temporary measures and controls necessary to mitigate the risk until permanent corrective action can be implemented.

Next Steps

Sites currently certified to FSSC 22000 have a transition period of 12 months to prepare their FSMS to be audited against the V6.0 requirements. The next year affords these organizations the time to assess current FSSC 22000 elements; identify improvements that are internally desirable and/or required by the new V6.0; and implement those updates to reduce nonconformances with FSSC 22000 V6.0. This can be done through a series of phases to ensure adoption throughout the organization:

Phase 1: Internal Assessment. Review existing FSSC 22000 food programs, processes, and procedures; document management systems; and employee training tools and programs to identify those areas in need of updates, development, and/or implementation to meet the requirements of V6.0.

Phase 2: FSMS Updates. Based on the assessment, develop a plan for updating your FSSC 22000 FSMS, including major activities, key milestones, and expected outcomes. This may include updating/developing programs, processes, procedures, and training with missing V6.0 requirements.

Phase 3: Training. To ensure staff are prepared to implement and sustain the updated FSSC 22000 V6.0 program, they must be trained on applicable requirements; specific plans, procedures, and good manufacturing practices (GMPs) developed to achieve compliance; and the certification roadmap to prepare for future assessments.

View the complete FSSC V6.0 standard.

As one of the premier events in the food industry, the Food Safety Summit provides a comprehensive conference and expo for attendees to learn from subject matter experts, exchange ideas, and find solutions to current industry challenges.

• When: May 8-11, 2023
• Where: Donald Stephens Convention Center, Rosemont, Illinois
• Who: Retailers, food processors, distributors, food manufacturers, growers, foodservice, testing laboratories, importing/exporting, law firms, and other food safety professionals
• Find KTL: Stop by our booth (#534) in the exhibit hall!

KTL Solutions Stage Presentation

Be sure to also update your agenda to attend KTL’s Solutions Stage presentation on Thursday, May 11 at 2:00 pm CT:

The Big Secret: You already have the software you need to build your FSMS.
Having a simple, centralized FSMS to manage, track, communicate, and report compliance program information can enable staff to complete required tasks, improve compliance performance, and support operational decision-making. It sounds expensive, but it doesn’t have to be—not when most companies already have the software and just need the right combination of food safety and IT expertise to customize it. KTL will present several examples that demonstrate how various food companies are leveraging Microsoft 365® with SharePoint and the Power Platform to elevate their FSMS and effectively manage food safety compliance documentation, data, and certification requirements.

When preparing for compliance and certification audits, environmental monitoring is an area where there are often questions: What are my requirements? How much do I need to do? What happens if I have a deviation? There are many intricacies associated with environmental monitoring that can depend largely on operational processes and compliance and certification requirements—many of which are not always clearly defined. KTL’s food safety experts offer their high-level perspective on some common questions regarding environmental monitoring.

What is environmental monitoring?

Environmental monitoring involves sampling and testing your facility’s environment for pathogens, spoilage and indicator organisms, and allergens to prevent foodborne illness. Environmental monitoring is typically done by swabbing various surfaces for pathogens and sending those samples to an accredited lab for analysis. This monitoring helps to 1) assess how effective the plant’s cleaning and sanitation programs are, and 2) determine whether any pathogens are living in the facility so it can respond accordingly (e.g., adjusting cleaning procedures, addressing personnel hygiene issues, etc.). 

What is an Environmental Monitoring Program (EMP)?

An EMP refers to an entire program for organizing the monitoring process to prevent pathogens—and foodborne illness—in finished product. The EMP helps to identify those areas where harmful microorganisms could be harboring in the facility and to implement and verify the effectiveness of pathogen controls (e.g., cleaning and sanitation procedures, sampling frequency and methodology, employee hygiene practices). Ultimately, the purpose of an effective EMP is to help a facility identify and implement strategies to eliminate pathogens and prevent their recurrence.

Who needs an EMP?

Certain foods are considered high risks for harboring pathogens and growing bacteria. These include beef, poultry, dairy, seafood/shellfish, ready-to-eat (RTE) food, baby food, leafy greens, and tree nuts. According to U.S. Public Health Service, the organisms in the table below—and their sources—are the biggest culprits of foodborne illness:

The kill step is the point in food manufacturing when dangerous pathogens are removed from the product. This is often done by killing pathogens through processes such as cooking, pasteurization, irradiation, and freezing. It is one of the most important steps in keeping food safe. The following questions can help determine whether an EMP may be necessary for your facility:

• Does your process have a kill step that removes dangerous pathogens from the product?
• Is your product exposed to the environment after the kill step and before packaging?
• Does your product combine RTE products without including a kill step?

Why do I need an EMP?

From a compliance perspective, the Food and Drug Administration’s (FDA) Food Safety Modernization Act (FSMA) Final Rule for Preventive Controls for Human Food requires it: “A facility who has identified a potential environmental pathogen or indicator organism as a hazard to RTE foods is required to include an EMP in its Food Safety Plan. A trained Preventive Controls Qualified Individual (PCQI) needs to review EMP test results to ensure that the Food Safety Plan is being followed.”

From a certification perspective, most Global Food Safety Initiative (GFSI) food safety certification schemes also require an EMP, and failure to have an effective program will result in a major non-conformance.

From a consumer protection perspective, environmental monitoring is intended to protect consumers by keeping harmful bacteria from contaminating the food we eat. An EMP can help serve as an early warning system for identifying a potential contaminant before it spreads throughout the facility and into food that reaches the consumer.

What does an EMP include?

EMP requirements are set forth by FDA and GFSI certification programs, but retailers and consumers may also have their own requirements that impact the food supply chain. According to FDA, a FSMA-compliant EMP should include:

• Established, written, and scientifically valid procedures.
• Identified testing microorganisms, adequate locations, and number of collection sites.
• Identified timing and frequencies for collecting and testing samples.
• Identified corrective action procedures in compliance with CFR 21 section 117.150.
• Testing performed by an accredited laboratory.

An EMP should be tailored to the facility’s specific operations and food products; however, there are several steps that every program should include:

• Perform a risk assessment. Determine the risks associated with the plant’s operations, including identifying high-risk foods and potential pathogens that could be present. The frequency of environmental monitoring will be determined by the hazards and risks identified.
• Determine hygienic zones. An EMP should include sampling to assess activities, pathogens, associated risks, and mitigation options within the following zones (from highest to lowest risk):
  • Zone 1: Direct food contact services (e.g., counters, conveyers, utensils).
  • Zone 2: Indirect food contact surfaces that are close to food contact surfaces (e.g., crevices of equipment, drip shields).
  • Zone 3: Indirect food contact surfaces that are not close to food contact surfaces (e.g., walls, floors, drains).
  • Zone 4: Areas distant from food contact surfaces and processing areas (e.g., locker rooms, lunchrooms, offices).
• Implement and manage testing protocols. Testing and sampling protocols should identify the frequency of sampling required (depending on risks), number of samples (depending on the facility size), timing of sampling (before/during/after production), person responsible for conducting sampling, and an accredited lab (ISO 17025) to use for testing, as needed. Some facilities may opt to conduct internal “rapid tests” at interim phases of production by trained staff to provide more immediate and cost-effective results and leave third-party lab testing for the final product. Regardless of whether testing is done internally or by a lab, an effective EMP will swab different sites each time to reduce the likelihood of contamination going undetected.
• Develop corrective action procedures. Sampling is intended to identify high-risk areas. How an establishment responds to any findings—and how quickly—is critical. Potential corrective actions may include changing cleaning chemicals, increasing frequency of cleaning program, requiring uniforms, etc.
• Verify and validate the EMP. Data, programs, and procedures should be regularly reviewed to ensure the EMP is serving its intended purpose. Verification provides proof the EMP is working; validation provides proof it is effective.

What do I do if I have a deviation?

The FDA anticipates that facilities with EMPs will occasionally detect environmental pathogens. If this happens, the facility should immediately enact the corrective actions outlined in the facility’s EMP (see above). This may include modifying cleaning and sanitation procedures, recleaning areas, conducting retesting, holding product, or even issuing a product recall.

It is important for facilities to remember that any environment has the potential to become contaminated with a pathogen. Never having a positive result for a common environmental pathogen might not necessarily mean that the EMP is “perfect;” rather, it might be a sign that the right areas are not being swabbed adequately. Keep in mind that any positive result offers an opportunity to improve the EMP and related cleaning/sanitation/hygiene procedures.

How can I prevent environmental pathogens?

There are a number of key actions food processors can undertake to prevent environmental pathogens from contaminating their facilities and food products:

• Apply Good Manufacturing Practices (GMPs). GMPs apply to EMPs, as with every other aspect of a strong food safety program. GMPs that will impact environmental monitoring results include employee hygiene practices, sanitary facility and equipment design, and cleaning and sanitation processes.
• Evaluate, implement, and verify preventive controls. Identify your greatest risks for environmental pathogens, and proactively develop strategies to implement controls in your process flow. These may include controlling pedestrian walkways to avoid personnel contamination; using dedicated tools, equipment, and/or staff post-process; having special uniforms for staff, etc. Just as important, you must verify the performance of your preventive controls through environmental monitoring and take corrective action immediately if problems arise.
• Ensure employees and other resources are qualified. Employees responsible for sanitation, sampling, and overseeing the EMP must have the necessary training and/or experience for assigned duties. In addition, any outside labs used for environmental testing must be accredited under ISO 17025.
• Review and update the EMP. Products, operations, equipment, employees, processes, and other environmental factors change—and all of these can impact the EMP. Conducting periodic reviews to ensure processes and procedures reflect any new conditions is important in ensuring a facility’s overall hygiene and its products’ quality and safety.

With a rapidly growing market, pending regulatory action related to marketing cannabidiol (CBD) products is certainly an issue to watch. And the Food and Drug Administration (FDA) set the tone for 2023, issuing a decision on January 26, 2023, concluding that existing regulatory frameworks for food and dietary supplements are not appropriate for regulating CBD. Rather, the FDA press release states, “A new regulatory pathway for CBD is needed that balances individuals’ desire for access to CBD products with the regulatory oversight needed to manage risks.”

Regulating CBD Products

Products containing cannabis or cannabis-derived compounds are subject to the same requirements as FDA-regulated products containing any other substance. FDA has currently approved only one cannabis-derived and three cannabis-related drug products, all of which are only available with a prescription from a licensed healthcare provider. There are no other FDA-approved drug products that contain CBD. In addition, there are currently three generally recognized as safe (GRAS) notices for the following hemp seed-derived food ingredients: hulled hemp seed, hemp seed protein powder, and hemp seed oil. 

While the FDA recognizes the potential therapeutic benefits CBD could offer, the agency is committed to following the drug approval process to help ensure the safety and efficacy of any products derived from cannabis. The use of CBD in dietary supplements and food (both human and animal) raises a variety of safety concerns for the FDA—especially associated with long-term use and vulnerable populations (e.g., children, pregnant women)—that are not fully understood. As a result, the FDA’s internal working group concluded that “it is not apparent how CBD products could meet the safety standards for dietary supplements or food additives”:

• Dietary Supplements. CBD products are excluded from the dietary supplement definition under section 201(ff)(3)(B) of the Food, Drug & Cosmetic (FD&C) Act [21 U.S.C. § 321(ff)(3)(B)]. This exclusion applies unless the FDA issues a regulation finding that the product would be lawful under the FD&C Act. To date, no such regulation has been issued for any CBD substance. All products that are marketed as dietary supplements must then comply with the regulations governing dietary supplement products, including current Good Manufacturing Practices (cGMPs) and labeling.
• Human and Animal Food Additives. It is a prohibited act to introduce or deliver for introduction into interstate commerce any food (i.e., human or animal) to which CBD has been added under FD&C Act [21 U.S.C. § 331(ll)].

Warning Letters

The FDA is concerned with the growing number of products containing CBD that are being marketed for therapeutic or medical uses without FDA approval. The agency has sent warning letters to companies illegally selling CBD products that claim to “prevent, diagnose, treat, or cure serious diseases,” as well as to companies that sell CBD-infused food and beverages (e.g., cookies, gummies, etc.). Until a regulatory framework is established, FDA will continue to act against CBD and other cannabis-derived products to protect the public.

New Regulatory Pathway

The FDA believes there is currently not adequate evidence to determine how much CBD can be consumed and for how long before causing harm, and the agency’s existing foods and dietary supplement authorities provide only limited tools for managing the potential risks associated with CBD products. As such, a new regulatory pathway would “benefit consumers by providing safeguards and oversight to manage and minimize risks related to CBD products for humans and animals.”

Risk management tools could include:

• cGMPs
• Clear labeling on products
• Prevention of contaminants
• CBD content limits
• Measures to mitigate the risks of ingestion by children (e.g., minimum purchase age)

Many states are trying to close the gap the best they can by putting some regulations in place, but this is currently being done piecemeal. In addition, several organizations have launched cannabis standards and certifications—often based on the Global Food Safety Initiative (GFSI) and cGMPs—to improve the overall safety and quality of cannabis and cannabis-infused products in the market.

Companies getting involved in this growing industry need to stay on top of the rapidly changing regulatory environment. Take the time now to assess operations, determine what standards might be appropriate, identify gaps in existing programs, prepare for a new regulatory framework—state and/or federal—and begin implementing solutions to eliminate risks.

A November 29, 2022, reader poll conducted by Quality Assurance & Food Safety Magazine identified the following top food safety concerns for 2023: 25% recalls, 25% traceability, 25% supplier/supply chain issues, 12% labor shortages, 12% something else.

Over the past few years, KTL has seen many of these concerns—and others—present challenges across the food industry.  We also recognize the opportunity some of these present when appropriately and proactively addressed. Here are some of the top food safety trends KTL is tracking in 2023—and some guidance to help you as you establish your food safety priorities.

Resource Constraints and Technology Solutions

Not surprisingly, one of the biggest challenges we have witnessed our clients grappling with is related to staffing, from turnover in the quality department to being understaffed in production. Employees are stretched thin and are carrying more responsibilities that they aren’t necessarily qualified to do, including food safety. Achieving and maintaining food safety compliance and Global Food Safety Initiative (GFSI) certification requires great management and expertise to ensure all aspects of a company’s technical compliance have been identified and are being actively handled. KTL has been working with more and more food safety and quality departments to fill these gaps—either with outsourced personnel or compliance efficiency tools—as companies look to recruit food safety staff.

Guidance:

• Invest in food safety training and education for all staff and start with the basics. Even experienced workers can benefit from refresher training to correct bad habits and build efficiencies.
• Develop a relationship with someone you trust to do things in your best interest. Use them to assess your operations, help you understand what regulations apply, identify gaps in your programs, and implement solutions to eliminate risks. Rely on them as a part of your team.
• Employ information technology (IT) solutions to create compliance efficiencies. A well-designed and executed compliance information management system brings IT and management systems together to coordinate, organize, control, analyze, and visualize information in such a way that helps organizations remain in compliance and operate efficiently. 
• Build a better food safety culture starting at the top and focusing on the details (see below).

Food Traceability

Without a doubt, food traceability is a hot topic with the Food and Drug Administration (FDA) publishing the Final Food Traceability Rule in November 2022. While the agency has had previous food traceability requirements, the new rule under FSMA Section 204(d) is intended to enhance traceability recordkeeping for certain identified foods beyond a limited “one-up, one-back” traceback approach—creating standardization, stronger linkages throughout the supply chain, improved communication and recordkeeping, and faster response. The compliance date for all entities subject to the updated recordkeeping requirements is January 21, 2025.

Guidance:

• The rule is complicated with unanswered questions about recordkeeping and FDA enforcement. Do what you can to understand your requirements. Review the Food Traceability List (FTL) and start building systems and processes now that address requirements for traceability lot codes, critical tracking events (CTEs), key data elements (KDEs), and recordkeeping.
• Having a good document/records management system will be essential for maintaining the vast number of documents required by the Food Traceability Rule. Such a system can help ensure process and document standardization; central and secure storage, organization, and access to documents and records; enhanced workflows for approving and completing tasks involving documents; and easy access to documents for audits and clear audit trail.

Food Safety Culture

Food safety culture continues to garner attention and visibility across the food industry, as it is being integrated more completely and significantly into many of the GFSI-benchmarked food safety certification standards. For example, BRCGS Issue 9, which was launched on August 1, 2022, emphasizes two core themes: building core competencies and developing food safety culture.  These actions are creating defined requirements, timelines, and measurements to create a culture that embraces food safety.

Guidance:

• Get senior leadership commitment in prioritizing food safety and quality.
• Assess current food safety program elements, identify improvements that are internally desirable and required, and implement those updates that will create a strong food safety culture.
• Put robust systems in place to ensure consistent commitment, communication, procedures, training, performance measurement, and trust.  

Environmental Focus

Food companies continue to see regulatory bodies—beyond FDA and USDA—taking much more interest in them. U.S. Environmental Protection Agency (EPA) multi-media inspections, enforcement actions, and large penalties for violations persist. EPA’s proposed Safer Communities by Chemical Accident Prevention (SCCAP) rule, which is intended to strengthen current Risk Management Plan (RMP) regulations, has the potential to create significant industry requirements in the future. Facilities that use anhydrous ammonia as refrigerant may be particularly vulnerable. In addition, EPA is investing resources in addressing per- and polyfluoroalkyl substances (PFAS) contamination. Many manufacturers, especially those in the food and beverage industry, are facing new concerns about whether and how to test for and remediate PFAS contamination.

Guidance:

• Evaluate your current environmental risk level and develop strategies to minimize risks to the extent possible. Proper usage strategies, a comprehensive environmental management system (EMS), and a forward-thinking Emergency Response Plan will remain vital tools for companies to effectively manage the associated risks
• Outline steps to improve performance and safe operations, including defining organizational roles and responsibilities.
• Streamline compliance methods and improve operational efficiencies by implementing IT solutions and compliance management systems that coordinate, organize, control, analyze, and visualize information.

Food Recalls

FDA took another step toward reducing the public’s exposure to the risks of foodborne illness on March 3, 2022, issuing its final guidance for voluntary recalls: Initiation of Voluntary Recalls Under 21 CFR Part 7, Subpart C. FDA’s guidance outlines the steps companies should take before a recall is mandated, including developing policies and procedures, establishing training, maintaining records, and initiating communications.

Guidance:

• Establish recall initiation procedures. Prepare, maintain, and document written procedures for initiating a recall to minimize delays and uncertainty when/if a voluntary recall becomes necessary.
• Identify and train appropriate personnel (and alternates) on recall-related responsibilities. The recall team should have a thorough understanding of recall procedures and their respective roles in carrying out a recall plan. Regular training, including mock recalls, helps ensure competency.
• Establish a recall communications plan to address communications with employees, FDA, supply chain, direct accounts, and the public, as necessary. Identify key contacts and develop draft templates that can be easily customized and distributed when needed.

Food Investments

We continue to see private equity firms investing heavily in food companies and, subsequently, in their food safety infrastructure. Any merger and acquisition (M&A) transaction, no matter the size or structure, can have a significant impact on the acquiring company—and food safety is a critical factor. Undertaking adequate due diligence is vital. It can lead to the discovery of regulatory inconsistencies that may lessen the value of an entire product line or business—and opportunities to make improvements. It can provide better insights into the risks and potential benefits of a transaction that will ensure a smoother, more effective, and sustainable business integration.

Guidance:

An assessment of the operations, production processes, equipment conditions, food safety management, quality, regulatory compliance, and all related documentation needs to be completed as part of any food-related acquisition. Prior to any acquisition, it is important to determine:

• Condition of operations (i.e., personnel, equipment, processes, facility) necessary to effectively meet existing performance standards.
• Level of food safety compliance to regulatory requirements and applicable voluntary industry certifications.
• Any potential high-level risks that would impact the transaction.

Cannabis

FDA is watching! The agency issued a number of warning letters in 2022 to companies that sell CBD-infused food and beverages and seems particularly concerned about food products that may appeal to children (e.g., cookies, gummies, etc.). While the regulatory framework for managing cannabis production is still unclear, this is a rapidly growing market, and we anticipate progress—whether at the state level or federal level—in the development and implementation of regulations and controls (e.g., Good Manufacturing Practices (GMPs), labeling requirements, etc.).

Guidance:

Several organizations have launched cannabis standards and certifications—often based on GFSI and GMPs—to improve the overall safety and quality of cannabis and cannabis-infused products in the market. Those getting involved in this rapidly growing industry need to assess operations, determine what standards might be appropriate, identify gaps in existing programs, prepare for potential regulatory action and/or certification opportunities, and implement solutions to eliminate risks.

Sustainable Food Management

According to a January 2023 article in Food Logistics Magazine, “By 2050, the Food and Agriculture Organization (FAO) estimates we will need to produce 60% more food to feed a world population reaching nearly 10 billion. Even if we hit that mark, 300 million people will still be grappling with food scarcity.” The regulatory community has identified a real need for addressing food waste and the lack of circularity in the food industry. Sustainable management of food involves “a systematic approach that seeks to reduce wasted food and its associated impacts over the entire lifecycle, starting with the use of natural resources, manufacturing, sales, and consumption, and ending with decisions on recovery of final disposal” (EPA). Watch for efforts to promote sustainable food management to expand to meet demand.

Guidance:

A thorough food and packaging assessment can help identify appropriate strategies to avoid waste, cut down on disposal costs, reduce over-purchasing and labor costs, reduce water and energy use and greenhouse gas (GHG) emissions associated with food production.

Food Safety Verification Program (FSVP)

While not a new rule, FSVP remains a key focus as the surge in food demand and lack of supply has created an environment ripe for food fraud. FDA recently sent a number of warning letters to companies across the U.S. putting them on notice for not having FSVPs for a number of imported food products, a significant violation of compliance with FSVP regulations. On January 10, 2023, FDA issued its final FSVP guidance document to help importers comply with the FSVP regulation. It offers clarification on what foods/entities the FSVP regulation applies to, what information must be included in the FSVP, and who must develop and perform FSVP activities.

Guidance:

• Assess your supplier approval/management program, focusing on the fundamental aspects of FSVP—those requirements that must be verified, recorded, and evident in documents supporting foreign shipments of food product(s) under the rule.
• Evaluate potential foreign suppliers’ performance and the risks posed by the food. Use FDA’s guidance document to determine and conduct appropriate foreign supplier verification activities.
• Implement a supplier approval and management system to improve coordination with and communication of approved suppliers; manage supplier requirements and supplier evaluations/approvals; and maintain all required documentation.
• Train your staff to have the knowledge needed to implement a successful FSVP that meets compliance requirements.

Set Your Goals for 2023

With these challenges simultaneously competing for attention—and with fewer resources to manage it all—companies need to assess priorities, needs, and requirements and create a plan for how to meet them. KTL suggests completing the following early in 2023:

• Get senior leadership commitment and invest in creating a food safety culture that prioritizes food safety and quality.
• Conduct a comprehensive food safety and quality gap assessment. This should be the starting point for understanding your regulatory and certification obligations and current compliance status—and for ensuring you are prepared to meet pending regulatory developments.
• Get your documentation in place. Update and/or develop the procedures, programs, and records you need to demonstrate compliance, and implement a reliable system to keep them organized and readily accessible.
• Leverage IT solutions to streamline compliance, manage certification requirements, and create business efficiencies.
• Seek third-party oversight. Having external experts periodically look inside your company provides an objective view of what is really going on, helps you to prepare for audits, and allows you to implement corrective/preventive actions that ensure compliance.

On January 10, 2023, the U.S. Food and Drug Administration (FDA) issued its final guidance for the Foreign Supplier Verification Programs (FSVP) for Importers of Food for Humans and Animals.

Part of the Food Safety Modernization Act (FSMA), FSVP establishes risk-based foreign supplier verification activities that importers of human and animal foods must follow to ensure their imports are not adulterated or misbranded and are produced in compliance with section 418 or 419 of the Food, Drug, and Cosmetic (FD&C) Act, as appropriate. The intent of FSVP is to hold importers accountable for verifying foreign suppliers are meeting U.S. food safety standards.

The new industry guidance document provides information to help importers comply with the FSVP regulation. It offers clarification on what foods/entities the FSVP regulation applies to, what information must be included in the FSVP, and who must develop and perform FSVP activities. It also includes recommendations on the requirements to:

• Analyze the hazards in food.
• Evaluate a potential foreign supplier’s performance and the risk posed by the food.
• Determine and conduct appropriate foreign supplier verification activities.
• Meet modified FSVP requirements in a variety of categories, such as requirements for importers of dietary supplements or very small importers.

The final guidance document is available online.

KTL is pleased to welcome the newest member of our food safety team!

Anna Sauls, Senior Consultant

Anna Sauls is a food safety and quality professional with more than ten years of experience. Prior to joining KTL, she served as an industry trainer for food, beverage, and natural products. Anna has in-depth knowledge of FDA food safety regulations and a strong ability to effectively communicate and train others on meeting food safety and quality requirements. Her areas of expertise include 21 CFR, food safety hazards, Hazard Analysis and Critical Control Points (HACCP), current Good Manufacturing Practices (cGMPs), Preventive Controls for Human Foods, food defense, environmental monitoring, sanitation, auditing, and documentation. Anna is based in Candler, NC. Read her full bio…

asauls@goktl.com | 252.339.7583