Comments: No Comments
Food Safety Certification: Top Non-Conformances
In July, the Safe Quality Food (SQF) Institute published an article citing the most common non-conformances encountered during certification audits. Interestingly, the transition to SQF edition 9 has changed the number and types (i.e., critical, major, minor) of non-conformances SQF is seeing, with non-conformances related to pest prevention, Food Safety Plan, cleaning and sanitation, and management review and internal audits topping the list.
KTL’s food safety experts break down SQF’s top non-conformances and what you can do to address them.
Prioritizing Pest Prevention
According to SQF, pest prevention is the leading non-conformance under edition 9, with both critical and major findings. Exposure to pests—and the diseases they carry—creates the risk of food contamination and the spread of infectious diseases. Companies need a pest prevention program, whether managed internally or by a third-party contractor, that integrates sufficient measures to minimize pest populations. This may include mechanical preventions and controls, waste minimization, or controlled use of pesticides.
KTL Recommendations:
- Review any findings with your food safety team and the pest control contractor, if used. Include frequent review of the approved chemicals or chemicals used for any treatment and ensure the site has access to copies of their safety data sheets (SDSs). Corrective and preventive actions (CAPAs) should be applied to act right away on any open observations. CAPAs should be regularly monitored and tracked to closure. If a third-party contractor is used, open observations should be discussed with the contractor; they may have helpful information on how to handle a pest issue.
- Review pest control trending data at monthly management review meetings. This will help ensure pest prevention data is tracked and monitored. It can also help identify larger, more systemic issues that might necessitate additional CAPAs to resolve the problems.
- Incorporate evaluation of pest prevention performance into the validation and verification schedule.
- Validation should include review of inspection records (at each visit), an annual assessment by the food safety team or pest control provider, and review of trends at the annual management review meeting.
- Verification should include a monthly visual inspection during internal good management practices (GMP) inspections. A simple check to ensure these inspections are thorough enough can involve putting a business card in a tin can for pest control to find and identify on the report.
SQF Tip Sheet: Pest Prevention
Strengthening the Food Safety Plan
The Hazard Analysis and Critical Control Points (HACCP) Food Safety Plan is the foundation of the SQF System. Given this, it makes sense that non-conformances related to the Food Safety Plan always top the list. SQF indicates that many of these findings are now being marked as critical with edition 9. The most common non-conformances include missing hazard analysis, incomplete ingredient hazard analysis, and misidentification of critical control points (CCPs).
KTL Recommendations:
- Review and update the HACCP Plan at least annually or whenever there is a change to operations (e.g., ingredients, processes, equipment, etc.) to ensure all inputs and outputs are identified and appropriately managed.
- Use a risk ranking chart to identify risks; determine their severity and likelihood; and document when a hazard is controlled by a GMP, CCP, or other preventive control (PC).
- Use specification sheets and known information about ingredients to facilitate the identification of hazards during the hazard analysis. Ensure copies of any studies or guidance documents are available to the HACCP team and any applicable updated scientific consensus is reviewed. Hazards should be specifically identified rather than just listed as general categories (e.g., biological, chemical, etc.).
- Document everything in a food safety management system (FSMS). Recordkeeping proves that all requirements of the Plan are met.
SQF Tip Sheet: HACCP Food Safety Plan
Emphasizing Cleaning and Sanitation
Cleaning and sanitation methods vary based on the nature of operations, as well as the microbiological and allergen risks. Regardless, every facility needs to develop, implement, and document a cleaning and sanitation program that fits their production processes. According to SQF, this area remains second on the list of major findings in edition 9.
KTL Recommendations:
- Understand all the areas and equipment that need to be cleaned and sanitized in the facility. Pay attention to the condition of floors, ceilings, walls, doors, etc. to ensure you are maintaining a hygienic and safe environment.
- Create a robust cleaning and sanitation, preventive maintenance, and maintenance schedule. Regular maintenance of equipment, utensils, and building materials is crucial to prevent non-conformances.
- Incorporate monitoring of the cleaning and sanitation program into the validation and verification process:
- Validation: Review sanitation records and logs, environmental monitoring records, and trending data to identify areas of concern.
- Verification: Conduct visual inspections and records review. Consider swab testing to monitor compliance and trends, especially if using a contracted company for cleaning and sanitation. Review GMP inspection findings and CAPAs at monthly management meetings and track to closure.
SQF Tip Sheet: Cleaning and Sanitation
Management Review and Internal Audits
SQF includes management review (2.1.2.1) as minor nonconformance, highlighting the importance of incorporating food safety culture into the review process. Internal audits remain a crucial way to identify areas of improvement, though they are now on the minor non-conformance list.
KTL Recommendations:
- Set objectives/goals for the year and monitor the performance of these objectives at monthly and annual management review meeting. Resources should be allocated appropriately based on trends identified in these meetings to reach goals and ensure the overall effectiveness of the food safety culture.
- Conduct regular GMP inspections, trend results, review them during management meetings, and identify CAPAs, as necessary.
- Distribute food safety questionnaires to personnel to gather input. Review results during management review meetings and use the data collected to create action plans for maintaining or improving scores.
- Conduct a comprehensive internal audit at least annually and address any identified gaps in compliance. Internal audit findings should be reviewed at monthly and annual management review meetings. CAPAs should be assigned for findings, and data can be used to refine food safety objectives/goals.
SQF Tip Sheets: Management Commitment / Internal Audit Plan
Knowing and truly understanding the requirements of the SQF Code—or any of the Global Food Safety Initiative (GFSI) certification standards—is essential to avoiding non-conformances. Paying particular attention to the identified top non-conformances can help facilities to proactively mitigate these risks, strengthen food safety culture, and improve overall compliance.
Comments: No Comments
Protecting Food Against Security Threats
The threat of terrorism against our food supply is as real today as it ever has been. Whether it’s an attack on the products themselves, such as product tampering or sabotage, or a cyberattack against a company’s internet infrastructure, it can be harmful and costly if not recognized in advance. Plans should be in place to not only respond to such an attack but also to prevent it. ~ Rod Wheeler, NSF.org
National Security Memorandum
On November 10, 2022, President Joe Biden signed National Security Memorandum-16 (NSM-16) to strengthen the security and resilience of U.S. food and agriculture. This critical sector has continued to face increasing deliberate and naturally occurring threats to security and resilience, including intentional adulteration (IA), catastrophic events (e.g., pandemics that impact critical infrastructure), consequences of climate change, and cyber- and technology-related vulnerabilities.
NSM-16 replaces Homeland Security Presidential Directive 9 (Defense of United States Agriculture and Food – HSPD-9) and outlines the Administration’s guidance to:
- Identify and assess the threats of greatest consequence. This includes redefining how chemical, biological, radiological, and nuclear threats are defined; focusing on increased cyber threats and climate change impacts; and enhancing threat and risk assessments by mandating a continuous process to assess and mitigate risks and vulnerabilities.
- Strengthen partnerships to enhance the resilience of the workforce, who are typically the first line of response, and coordinate our government to act more efficiently and effectively. Essential critical infrastructure workers need guidance to work safely, while supporting operations during high-consequence incidents.
- Enhance preparedness and response by training partners on how to prepare for and respond to threats, increasing testing and diagnostic surge capacity, and standardizing diagnostic and reporting tools to facilitate timely information sharing.
Ongoing Security Actions
NSM-16 builds upon ongoing actions by the Administration to strengthen the resilience of the U.S. food and agriculture supply chains.
- U.S. Department of Agriculture (USDA) considers defense of the food and agriculture sector critical. USDA’s Food Safety and Inspection Service (FSIS), Animal and Plant Health Inspection Service (APHIS), and National Institute of Food and Agriculture (NIFA) have launched numerous programs to protect these sectors, including FSIS working to help industry partners develop effective food defense plans.
- U.S. Department of Homeland Security (DHS) Office of Health Security Health, Food, and Agriculture Resilience (OHS/HFAR) directorate is also working to help safeguard the American food supply against catastrophic incidents by bringing a national security perspective to the food and agriculture sector. In recent years, OHS/HFAR has engaged directly with partners to perform risk assessments, develop strategic guidance, and design and deliver tailored exercises to better prepare for, respond to, and recover from catastrophic events.
- U.S. Food and Drug Administration (FDA) is engaging with federal; state, local, tribal, and territorial (SLTT) governments; the private sector; and academia on the following activities:
- Conduct of vulnerability assessments
- Risk mitigation analysis
- Federal risk mitigation strategy
- Strengthening existing efforts for information sharing procedures
- Research and development
Roles of Food Safety and Food Defense
According to USDA-FSIS, to prevent, protect against, mitigate, respond to, and recover from threats and hazards of greatest risk to the food supply, preparedness efforts must encompass food safety and food defense.
Food safety provides for the protection of food products from unintentional contamination. Food defense involves the protection of food products from intentional contamination or adulteration (e.g., biological, chemical, physical, or radiological) that causes harm to public health or disrupts the economy in other ways.
The anticipated outcome of combined food safety and food defense efforts is food security. Food security exists when all people, at all times, have physical, social and economic access to sufficient, safe and nutritious food which meets their dietary needs and food preferences for an active and healthy life (United Nations Food and Agriculture Organization (FAO)).
Your Role: Food Defense Plan
Food defense involves putting security measures in place to reduce the chances of someone intentionally contaminating the food supply. FDA’s Food Safety Modernization Act (FSMA) rule on Mitigation Strategies to Protect Food Against Intentional Adulteration (IA) establishes requirements for industry to play an active role in improving the nation’s food security and resilience. This rule requires covered facilities to prepare and implement food defense plans.
The food defense plan incorporates four major elements:
- The vulnerability assessment identifies those areas in the process that pose the greatest IA risks. Each step in the facility’s process should be evaluated for the following:
- Potential severity and scale of the impact on the public.
- Physical access to the product.
- Ability to successfully alter/contaminate the product.
- Facilities must develop and implement mitigation/preventive strategies at each step in the process to address vulnerabilities and minimize the risks of IA.
- A system must be put in place to ensure implementation of mitigation strategies and to effectively manage the following:
- Monitoring mitigation strategies, including frequency.
- Corrective action response.
- Verification activities.
- Appropriate recordkeeping must be maintained for food defense monitoring, corrective actions, and verification, and key personnel must receive appropriate training.
The safety and security of our country’s food products requires developing, implementing, and enforcing policies and programs to support strong food defense. And it requires continually involving all employees in these food defense and security efforts to create a robust food safety culture. The threats to our nation’s food supply—and to those companies who work in the food supply chain—will continue. Taking an active role in controlling what you can and proactively managing your organization’s food defense efforts can play a significant role in securing the food supply chain.
Comments: No Comments
International Focus on Food Safety
According to the World Health Organization (WHO), foodborne diseases affect 1 in 10 people worldwide each year. Safe food is a key contributor to reducing these foodborne illnesses and other poor health conditions, including impaired development, micronutrient deficiencies, noncommunicable and communicable diseases, and mental illnesses. Only when food is safe can we fully benefit from its nutritional value.
FAO Strategic Priorities for Food Safety
In March 2023, the Food and Agriculture Organization of the United Nations (FAO) published its Strategic Priorities for Food Safety 2022-2031 to “support members in continuing to improve food safety at all levels by providing scientific advice and strengthening their food safety capacities for efficient, inclusive, resilient and sustainable agrifood systems.”
The Strategic Priorities document is structured around four strategic outcomes:
- Governance (intergovernmental and intersectoral) is coordinated and reinforced at all levels.
- Scientific advice and evidence provide the foundation for decisions made about food safety.
- National food control systems are continually strengthened and improved by supporting members in:
- Evaluating food control systems, identifying needs, and designing programs.
- Developing and transitioning economy countries to participate in Codex Alimentarius work.
- Developing and updating food safety standards, legal frameworks, government policies, and operational procedures and guidelines.
- Generating relevant food safety data to reflect the national situation.
- Implementing technology developments in food control and food safety management.
- Public-private partnerships along the food chain are being fostered to ensure food safety management and controls.
World Food Safety Day
On June 7, countries around the globe celebrated World Food Safety Day, focusing this year on “Food Standards Save Lives” as the theme. Established by the United Nations General Assembly in 2018, World Food Safety Day is an annual observation intended to mobilize action to prevent, detect, and manage foodborne risks and improve human health. The WHO and the FAO jointly facilitate the observance of World Food Safety Day.
This year’s theme coincides with the 60th anniversary of Codex Alimentarius, a collection of food standards, guidelines, and codes of practice that encourage governments and food safety advocates around the world to focus on the importance of applying safety standards.
Along with WHO and FAO, the U.S. Food and Drug Administration (FDA) is calling on everyone to join in the efforts to ensure safe food for all. Check out FDA’s information on ways to reduce foodborne illnesses and the Guide to World Food Safety Day 2023 for ideas on how you can participate in World Food Safety Day every day.
Comments: No Comments
Bioengineered Foods: New Plant Varieties
The National Bioengineered Food Disclosure Standard defines bioengineered foods (a/k/a genetically modified organisms (GMOs)) as “foods that contain detectable genetic material that has been modified through certain laboratory techniques and for which the modification could not be obtained through conventional breeding or found in nature.”
Genetic engineering allows scientists to take a beneficial gene (e.g., insect resistance or drought tolerance) and transfer it to a plant. Genetic modifications can create many desirable results, including higher crop yields, less crop loss, longer storage life, better appearance, enhanced nutritional value, or some combination thereof.
Genetic engineering can also be used to create a plant-based protein. The Food and Drug Administration (FDA) is aware that some developers are now exploring transferring genes for proteins that are known food allergens (including the “Big 9”) into new plant varieties for foods. Managing this introduction of food allergens into bioengineered food is a significant concern.
Regulatory Framework
The FDA, Environmental Protection Agency (EPA), and U.S. Department of Agriculture (USDA) work together to ensure bioengineered foods are as safe and healthful for humans, plants, and animals—or even more so—as their non-GMO counterparts.
- FDA ensures those who produce, process, store, ship, or sell bioengineered foods or foods with bioengineered ingredients meet the same food safety standards as all other foods. FDA’s voluntary Plant Biotechnology Consultation Program allows developers to work with FDA on a product-by-product basis to evaluate the safety of bioengineered foods before they enter the market.
- EPA regulates the safety of the substances that protect bioengineered plants to make them resistant to insects and disease and monitors all types of pesticides used on crops.
- USDA Animal and Plant Health Inspection Service (APHIS) establishes regulations to ensure bioengineered plants do not harm other plants.
Warning Letter
In April 2023, FDA issued a letter to developers and manufacturers who intend to transfer genes for proteins that are known food allergens into new plant varieties for foods. The letter serves as an important reminder that developers of these new plant varieties are obligated to make sure the products they market are safe for consumers and implement all measures needed to comply with the Food, Drug, and Cosmetic (FD&C) Act.
If not appropriately managed, the development of these plants could result in the presence of an unexpected allergen in the bioengineered food product. And if an unexpected allergen enters the food supply, there is real risk of a severe or even life-threatening allergic reaction and, subsequently, needing to recall affected products.
Early Actions
The FDA implores, “We are specifically reminding those developers who are now exploring development of these types of plant varieties of their responsibility for food safety. In particular, we are reminding them to consider the allergenicity issues related to their products, and how they would be stewarded from production to manufacturing to consumption so that they do not inadvertently or unexpectedly enter the food supply.”
The FDA is asking developers to consider the food safety risks posed by such allergens and to plan early in development to manage those risks. Developers who intend to create these plant varieties using proteins that are food allergens need to:
- Take advantage of the Plant Biotechnology Consultation Program early in the development process to ensure new varieties meet FD&C Act requirements and consumers are protected.
- Develop a robust risk management plan that includes significantly stronger mitigation strategies and practices (e.g., crop segregation) to provide assurance that foods containing the transferred allergen are not mixed with other foods.
- Consider whether the entire supply chain can maintain appropriate conditions to prevent allergens from inadvertently entering the food supply.
- Properly label bioengineered foods by declaring the presence of an allergen on the food label.
Integrated Emergency Response Plans
The most effective way to respond to an emergency is to properly plan for it before it happens. That’s precisely why so many federal, state, and municipal laws and regulations require many facilities to develop and implement some sort of Emergency Response Plan (ERP).
Effective Emergency Response
An ERP is intended to outline the steps an organization needs to take in an emergency—and after—to protect workers’ health and safety, the environment, the surrounding community, and the business itself. The requirements developed by various agencies are important, as they establish the components that must be included in an ERP to comply with regulations and respond effectively.
Most ERPs contain the same basic information. However, it can get complicated when a facility is subject to more than one regulation requiring an ERP, because even though the various regulations share many similarities, they also contain important differences (e.g., command structures, training requirements, equipment needs, operating protocols). Often, facilities end up creating a different ERP to respond to the different regulatory requirements. In an actual emergency, this can create inconsistencies or, worse yet, an implementation nightmare trying to figure out which ERP to follow.
Importance of Integration
The solution lies in integration. For example, consider an integrated management system that allows organizations to align standards, find common management system components (e.g., terminology, policies, objectives, processes, resources), and add measurable and recognizable business value. The same can be done with the various ERPs required within a facility.
It shouldn’t come as a surprise that in 1996, the U.S. National Response Team (NRT) published initial guidance for consolidating multiple ERPs into one core document. The Integrated Contingency Plan (ICP or One Plan) is a single, unified ERP intended to help organizations comply with the various emergency response requirements of the Environmental Protection Agency (EPA), U.S. Coast Guard, Occupational Safety and Health Administration (OSHA), Department of Transportation (DOT), and Department of Interior (DOI). The ICP Guidance does not change any of the existing requirements of the regulations it covers; rather, it provides a format for consolidating, organizing, and presenting the required emergency response information.
While the ICP does not currently incorporate all federal regulations addressing emergency response, it does establish a basic framework for organizations to pull in ERPs for any applicable regulations. And the benefits of doing so are many:
- Streamlined planning process. A single document simplifies the planning, development, and maintenance process. When plans are integrated, it minimizes duplication of effort, eliminates discrepancies and inconsistencies, and helps the organization identify and fill in gaps.
- Improved emergency response. It is much easier—and faster—for emergency responders and employees to navigate one plan rather than multiple separate ones. One plan allows for a single command structure with defined roles rather than potentially conflicting responsibilities. This all allows responders to act quickly and decisively to minimize potential disruption to the organization and public.
- Greater compliance. An integrated ERP provides improved visibility to all parts of the organization’s emergency response and helps reveal gaps that could prove costly and/or dangerous. This is especially important for organizations that must comply with several regulations.
- Potential cost savings. Streamlined and simplified planning reduces the resources required to build the plan. An integrated ERP may also help eliminate regulatory fines and minimize the need for and associated costs of emergency response/cleanup efforts.
Find Your Format
The goal of an integrated ERP is not to create new requirements but to consolidate existing concepts into a single functional plan structure. Regardless of what the plan looks like, it should start with:
- An assessment of the facility’s vulnerabilities to various emergency situations.
- An understanding of the various applicable emergency planning laws and regulations to determine which specific requirements must be incorporated. For example, food emergency response has different implications that must be integrated, particularly when it comes to recovery. A food production facility that is ordered or otherwise required to cease operations during an emergency may not reopen until authorization has been granted by the regulatory authority. Food facilities also have strict guidelines to follow for salvaging, reconditioning, and/or discarding product.
With this understanding, the ERP should then comprise step-by-step guidelines for addressing the most significant emergency situations. The core plan should be straightforward and concise and outline fundamental response procedures. More detailed information can be included in the annex. Most ERPs should include the following basic elements:
- Facility information. Consolidate common elements required in various plans, including site description, statement of purpose, scope, drawings, maps, roster of emergency response personnel, emergency response equipment, key contacts for plan development and maintenance, etc.
- Steps to initiate, conduct, and terminate a response. Outline essential response actions and notification procedures, with references to the annex for more detailed information. Provide concise and specific information that is time-critical in the earliest stages of the response and a framework to guide responders through key steps to deliver an effective response.
- Designated emergency responders. Develop a single command structure for all types of emergencies. Assign qualified, high-level individuals who are familiar with emergency procedures to fill emergency roles. In addition, list the appropriate authorities for specific emergencies, as well as their contact information.
- Evacuation plan/routes and rally points. Clearly mark evacuation routes and identify rally points where employees should meet upon exiting. Do not allow employees to leave designated rally points until it has been documented they have safely left the building.
- Data and information backup technology. Develop provisions for data backup to secondary/off-site systems, as well as alternate options for communications and power.
- Designated plan for communication. Outline who is communicating what, when they are communicating it, and how it is being communicated. This includes internal communication, as well as communication to customers/clients/suppliers/vendors that may be impacted, the media, and the appropriate regulatory authorities.
- Supporting materials. The annex should provide detailed support information based on the procedures outlined in the core plan and required regulatory compliance documentation. Importantly, facilities should create a table that cross-references individual regulatory requirements with the plan to ensure there are no gaps and to demonstrate compliance.
Ensuring Success
The goal of emergency response planning is to minimize impacts to the environment and workers’ health and safety, as well as disruptions to operations. An integrated ERP has the potential to significantly reduce the number of decisions required to respond in an emergency, eliminate confusion and disagreement regarding roles and responsibilities, and enable a timelier, more coordinated response.
That all being said, an integrated ERP will only be effective if it is thoroughly and consistently communicated to all employees. These best practices will help ensure that the integrated ERP functions not only on paper, but also in practice:
- Periodic training is vital to ensure employees understand the ERP and are fully aware of emergency response procedures. It is especially important in an integrated ERP that first responders are trained to handle all potential emergencies rather than more narrowly trained on response for a single regulation.
- Routine drills significantly improve understanding of the ERP, clarify employee roles, test procedures to ensure they work, and diminish confusion during an emergency.
- Posting an abbreviated version of the ERP throughout the plant provides easy access to all employees if an emergency occurs. This summary version of the ERP should highlight the most vital information for quick response: recognized hazards, high-level emergency procedures, evacuation routes, and key contacts.
Comments: No Comments
The Park Doctrine: Holding Individuals Legally Accountable
Since corporations do not act independently, the only way to hold them accountable for a violation and to enforce the law is to hold corporate directors who are responsible for the violations accountable. They may be held to the same standard as the corporation in terms of accountability (United States v. Park, 421 U.S. 658 (1975)).
The Park Doctrine—also known as the Responsible Corporate Officer (RCO) Doctrine—imposes strict, vicarious criminal liability upon RCOs for misdemeanor Food, Drug, and Cosmetic (FD&C) Act violations. The word vicarious is important, because it means RCOs can be penalized without having personally participated in the violation, having been an accessory to it, or even being aware of it. And recently, there have been increasing cases of holding corporate leaders accountable for food safety issues that negatively impact public health.
Setting Precedent
A legal doctrine is a set of rules or principles typically established through legal precedent that courts widely follow. The following two landmark cases set the precedent for the Park Doctrine.
The Park Doctrine has its roots in a 1943 Supreme Court case—United States v. Dotterweich. In this case, the jury determined that Dotterweich, as President of the company, was guilty of FD&C Act violations because he shared in the responsibilities related to the transaction of mislabeled product, even though he had no knowledge of the violation. With this decision, the Court held that individuals could be held criminally liable for the company’s FD&C Act violations.
1975 marks the Supreme Court decision on the United States v. Park. In this case, Park (the President and CEO of a national retail food chain) knew about a rat infestation issue but delegated responsibility to employees to resolve the issue. When it was not resolved by the FDA’s inspection, Park and the company were both charged with FD&C Act violations for introducing adulterated food into interstate commerce. Again, the Court maintained that RCOs are held to strict accountability standards, and—very importantly—liability does not require proof of negligence, intent, involvement, or even awareness of wrongdoing. Rather, liability is based solely on the RCO’s role and responsibilities. Park had a duty to remedy the violations and to implement measures to prevent them—he did neither.
Park Doctrine Criteria
In January 2011, the Food and Drug Administration (FDA) published criteria for recommending Park Doctrine prosecutions that factor in the individual’s position in the company, his/her relationship to the violation, and whether the RCO had the authority to correct or prevent the violation. Specific factors under consideration also include the following:
- Whether the violation involves actual or potential harm to the public.
- Whether the violation is obvious.
- Whether the violation reflects a pattern of illegal behavior and/or failure to heed prior warnings.
- Whether the violation is widespread.
- Whether the violation is serious.
- The quality of the legal and factual support for the proposed prosecution.
- Whether the proposed prosecution is a prudent use of Agency resources.
Holding Individuals Accountable
A broad theme in law enforcement these days is holding individuals accountable, said Mary El Riordan, Senior Counsel in the Administrative & Civil Remedies Branch of the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG). Million-dollar settlements do not change behavior, but holding individuals accountable does.
On September 15, 2022, the Department of Justice (DOJ) released the Monaco Memo, affirming its focus on holding individuals accountable. Deputy Attorney General Lisa O. Monaco stated in her address that the DOJ’s top priority for corporate criminal enforcement is going after individuals who commit and profit from corporate crime. The Monaco Memo is fundamentally about individual accountability and corporate responsibility and represents a desire on the part of the DOJ and FDA to use the Park Doctrine to increase the numbers of criminal convictions of RCOs.
Proactively Mitigating Risks
It is clear the DOJ and FDA are taking an increasingly aggressive stance and prosecuting more RCOs, even without knowledge or intent to commit a violation. In the case of the Price Doctrine, it is a crime to do nothing. It is ultimately the RCO’s duty to be aware of, prevent, and address potential violations.
To do so, there are several best practices companies can take to proactively mitigate risk:
- Implement and maintain an integrated management system (i.e., quality, food safety) to help identify compliance obligations and manage risks through an organized set of policies, procedures, practices, and resources.
- Conduct internal audits. Audits provide an essential tool for continually improving and verifying compliance performance. Routine audits should ensure policies and procedures are being followed and identify concerns before they become major violations.
- Engage in regular monitoring activities. Regular environmental monitoring that focuses heavily Zones 1 and 2 (i.e., food contact surfaces and surfaces directly adjacent to food contact surfaces, respectively) is vital to preventing foodborne illnesses.
- Establish clear roles and responsibilities for all employees, including leadership. Provide training for RCOs on the Park Doctrine so they clearly understand their duties and obligations.
- Resolve corrective and preventive actions (CAPAs) immediately. CAPAs are those actions an organization takes to make improvements and/or eliminate causes of non-conformities. Failure to conduct a CAPA may be considered a major non-conformance.
- Create a culture that encourages employees to speak freely when there are issues. Food safety culture is being integrated more completely and significantly into many of the Global Food Safety Initiative (GFSI)-benchmarked food safety certification standards to encourage widespread adoption.
- Be responsive and work with the FDA. The FDA sends warning letters to companies in violation of the FD&C Act (see example 2022 Warning Letter). The letter specifically outlines the required response and related consequences: You are responsible for investigating and determining the causes of the violations identified above and for preventing their recurrence or the occurrence of other violations. It is your responsibility to ensure your facility complies with all requirements of federal law, including FDA regulations. You should take prompt action to correct or implement corrections to the violations cited in this letter. Failure to do so may result in legal action without further notice, including, without limitation, seizure, injunction, or administrative action for suspension of food facility registration if criteria and conditions warrant.
Comments: No Comments
Transitioning to FSSC 22000 Version 6.0
Food Safety System Certification (FSSC) 22000 is a complete Global Food Safety Initiative (GFSI)-benchmarked certification scheme that is aligned with the ISO management system approach and harmonized structure. The first version of FSSC 22000 was published in 2009, and more than 16,000 sites have been certified under the scheme since.
On March 31, 2023, the Foundation FSSC published the most recent version of the FSSC 22000 scheme (FSSC V6.0) to:
- Integrate the requirements of ISO 22003-1:2022.
- Strengthen the requirements to support organizations in their contributions to meeting the United Nations’ Sustainable Development Goals.
- Incorporate feedback from the FSSC 22000 V6.0 development survey.
Overview of Changes
Foundation FSSC has set a 12-month period—between April 1, 2023 and March 31, 2024— for companies to transition from V5.1 to V6.0. In addition to changes in some of the requirements (as outlined below), V6.0 includes a realignment of the Food Chain Categories in accordance with ISO 22003-1:2022 and GFSI requirements (i.e., including Trading and Brokering (FII) and removing Farming (A)). Among others, some of the significant changes to the requirements include the following:
Food safety and quality culture. As we are seeing with other GFSI certification schemes, ISO management systems, and the FDA New Era of Smarter Food Safety, culture requirements are becoming more prominent. FSSC 22000 V6.0 requires senior management to “establish, implement, and maintain a food safety and quality culture objective as part of the management system,” addressing the following elements at a minimum: communication, training, employee feedback and engagement, and performance measurement of defined activities.
In addition, organizations must develop and implement a a documented food safety and quality culture plan that outlines objectives and timelines and follows the management system process of continuous improvement (i.e., plan-do-check-act (PDCA)).
Quality control. Quality control is a new clause of FSSC 22000 V6.0 that aligns with clauses 5.2 and 6.2 of ISO 22000:2018. Under this clause, organizations must establish, implement, and maintain a quality policy, objectives, and parameters in line with finished product specifications for all products within the scope of certification. As part of the quality program, organizations also need to establish and implement quality control and line startup and changeover procedures to ensure products meet customer and legal requirements.
Food loss and waste. The regulatory community has identified the lack of circularity in the food industry and a real need for addressing food waste. FSSC V6.0 now requires organizations to develop a documented policy with objectives and detailed strategy to reduce food loss and waste within the organization and the related supply chain.
Equipment management. Organizations must establish and implement a risk-based change management process for new equipment and/or any changes to existing equipment. This includes having documented purchase specifications to address such things as hygienic design, legal and customer requirements, and intended use of the equipment.
Allergen management. The requirement to have a documented allergen management plan is not new to V6.0. However, in addition to a including a risk assessment of all potential sources of allergen cross-contamination and related control measures, V6.0 now requires validation and verification of control measures; precautionary or warning labels as an outcome of the risk assessment to identify allergen cross-contamination risks (warning labels do not exempt the organization from implementing allergen control measures/verification testing); allergen awareness and control measures training; and annual review of the allergen management plan.
Environmental monitoring. V6.0 expands on the previous requirements for organizations to have a risk-based environmental monitoring program (EMP) for relevant pathogens, spoilage, and indicator organisms and documented procedures for evaluating the effectiveness of all controls in preventing contamination. V6.0 requires that the EMP must be reviewed for continued effectiveness at least annually, including when specific triggers occur (e.g., significant changes related to products, processes, legislation; when no positive test results have been obtained over an extended period; and when there is a repeat detection of pathogens during routine environmental monitoring).
Validation/verification of packaging claims. When a claim is made on the product label or packaging, the organization must maintain evidence of validation to support the claim and must have verification systems in place to ensure product integrity.
Food defense. V6.0 clarifies and strengthens requirements related to food defense. Organizations now must conduct and document a food defense threat assessment based on defined methodology to identify and evaluate potential threats linked to processes and products. In addition, the food defense plan must be based on the threat assessment, specify mitigation measures and verification procedures, and be implemented and supported by the food safety management system (FSMS).
Food fraud mitigation. Again, V6.0 clarifies and strengthens food fraud mitigation requirements by requiring organizations to conduct and document the food fraud vulnerability assessment to identify potential vulnerabilities and develop and implement appropriate mitigation measures. The food fraud mitigation plan must be based on the vulnerability assessment, specify mitigation measures and verification procedures, and be implemented and supported by the FSMS.
Other requirements. V6.0 also includes clarifications on the requirements for the certification process and implements the addition of a QR Code on FSSC 22000 certificates for improved traceability. It updates Communication Requirements (2.5.17) so organizations must 1) inform the certification body within three days of serious events/situations that may impact the FSMS and/or the integrity of the certification, and then 2) implement corrective measures as part of the emergency response and preparedness process. In addition, the standard requires that major nonconformities must be closed by the certification body within 28 calendar days from the last day of the audit. If this is not possible, the Corrective Action Plan must include temporary measures and controls necessary to mitigate the risk until permanent corrective action can be implemented.
Next Steps
Sites currently certified to FSSC 22000 have a transition period of 12 months to prepare their FSMS to be audited against the V6.0 requirements. The next year affords these organizations the time to assess current FSSC 22000 elements; identify improvements that are internally desirable and/or required by the new V6.0; and implement those updates to reduce nonconformances with FSSC 22000 V6.0. This can be done through a series of phases to ensure adoption throughout the organization:
Phase 1: Internal Assessment. Review existing FSSC 22000 food programs, processes, and procedures; document management systems; and employee training tools and programs to identify those areas in need of updates, development, and/or implementation to meet the requirements of V6.0.
Phase 2: FSMS Updates. Based on the assessment, develop a plan for updating your FSSC 22000 FSMS, including major activities, key milestones, and expected outcomes. This may include updating/developing programs, processes, procedures, and training with missing V6.0 requirements.
Phase 3: Training. To ensure staff are prepared to implement and sustain the updated FSSC 22000 V6.0 program, they must be trained on applicable requirements; specific plans, procedures, and good manufacturing practices (GMPs) developed to achieve compliance; and the certification roadmap to prepare for future assessments.
Visit KTL at the 2023 Food Safety Summit
As one of the premier events in the food industry, the Food Safety Summit provides a comprehensive conference and expo for attendees to learn from subject matter experts, exchange ideas, and find solutions to current industry challenges.
- When: May 8-11, 2023
- Where: Donald Stephens Convention Center, Rosemont, Illinois
- Who: Retailers, food processors, distributors, food manufacturers, growers, foodservice, testing laboratories, importing/exporting, law firms, and other food safety professionals
- Find KTL: Stop by our booth (#534) in the exhibit hall!
KTL Solutions Stage Presentation
Be sure to also update your agenda to attend KTL’s Solutions Stage presentation on Thursday, May 11 at 2:00 pm CT:
The Big Secret: You already have the software you need to build your FSMS.
Having a simple, centralized FSMS to manage, track, communicate, and report compliance program information can enable staff to complete required tasks, improve compliance performance, and support operational decision-making. It sounds expensive, but it doesn’t have to be—not when most companies already have the software and just need the right combination of food safety and IT expertise to customize it. KTL will present several examples that demonstrate how various food companies are leveraging Microsoft 365® with SharePoint and the Power Platform to elevate their FSMS and effectively manage food safety compliance documentation, data, and certification requirements.
Comments: No Comments
Q&A: Environmental Monitoring for Food Safety
When preparing for compliance and certification audits, environmental monitoring is an area where there are often questions: What are my requirements? How much do I need to do? What happens if I have a deviation? There are many intricacies associated with environmental monitoring that can depend largely on operational processes and compliance and certification requirements—many of which are not always clearly defined. KTL’s food safety experts offer their high-level perspective on some common questions regarding environmental monitoring.
What is environmental monitoring?
Environmental monitoring involves sampling and testing your facility’s environment for pathogens, spoilage and indicator organisms, and allergens to prevent foodborne illness. Environmental monitoring is typically done by swabbing various surfaces for pathogens and sending those samples to an accredited lab for analysis. This monitoring helps to 1) assess how effective the plant’s cleaning and sanitation programs are, and 2) determine whether any pathogens are living in the facility so it can respond accordingly (e.g., adjusting cleaning procedures, addressing personnel hygiene issues, etc.).
What is an Environmental Monitoring Program (EMP)?
An EMP refers to an entire program for organizing the monitoring process to prevent pathogens—and foodborne illness—in finished product. The EMP helps to identify those areas where harmful microorganisms could be harboring in the facility and to implement and verify the effectiveness of pathogen controls (e.g., cleaning and sanitation procedures, sampling frequency and methodology, employee hygiene practices). Ultimately, the purpose of an effective EMP is to help a facility identify and implement strategies to eliminate pathogens and prevent their recurrence.
Who needs an EMP?
Certain foods are considered high risks for harboring pathogens and growing bacteria. These include beef, poultry, dairy, seafood/shellfish, ready-to-eat (RTE) food, baby food, leafy greens, and tree nuts. According to U.S. Public Health Service, the organisms in the table below—and their sources—are the biggest culprits of foodborne illness:
Organism | Sources |
Campylobacter | Raw and undercooked poultry and other meat, raw milk, and untreated water |
Clostridium botulinum | Improperly prepared home-canned foods |
E. coli 0157:H7 | Beef, produce, raw milk, and unpasteurized juices and ciders |
Listeria monocytogenes | Unpasteurized dairy products, sliced deli meats, smoked fish, hot dogs, pate’, and deli-prepared salads |
Norovirus | Any food contaminated by someone who is infected with this virus |
Salmonella | Raw and undercooked eggs, undercooked poultry and meat, fresh fruits and vegetables, and unpasteurized dairy products |
Staphylococcus aureus | Cooked foods high in protein that are held too long at room temperature |
Shigella | Salads, unclean water, and any food handled by someone who is infected with the bacterium |
Toxoplasma gondii | Raw or undercooked pork |
Vibrio vulnificus | Raw or undercooked seafood, particularly shellfish |
The kill step is the point in food manufacturing when dangerous pathogens are removed from the product. This is often done by killing pathogens through processes such as cooking, pasteurization, irradiation, and freezing. It is one of the most important steps in keeping food safe. The following questions can help determine whether an EMP may be necessary for your facility:
- Does your process have a kill step that removes dangerous pathogens from the product?
- Is your product exposed to the environment after the kill step and before packaging?
- Does your product combine RTE products without including a kill step?
Why do I need an EMP?
From a compliance perspective, the Food and Drug Administration’s (FDA) Food Safety Modernization Act (FSMA) Final Rule for Preventive Controls for Human Food requires it: “A facility who has identified a potential environmental pathogen or indicator organism as a hazard to RTE foods is required to include an EMP in its Food Safety Plan. A trained Preventive Controls Qualified Individual (PCQI) needs to review EMP test results to ensure that the Food Safety Plan is being followed.”
From a certification perspective, most Global Food Safety Initiative (GFSI) food safety certification schemes also require an EMP, and failure to have an effective program will result in a major non-conformance.
From a consumer protection perspective, environmental monitoring is intended to protect consumers by keeping harmful bacteria from contaminating the food we eat. An EMP can help serve as an early warning system for identifying a potential contaminant before it spreads throughout the facility and into food that reaches the consumer.
What does an EMP include?
EMP requirements are set forth by FDA and GFSI certification programs, but retailers and consumers may also have their own requirements that impact the food supply chain. According to FDA, a FSMA-compliant EMP should include:
- Established, written, and scientifically valid procedures.
- Identified testing microorganisms, adequate locations, and number of collection sites.
- Identified timing and frequencies for collecting and testing samples.
- Identified corrective action procedures in compliance with CFR 21 section 117.150.
- Testing performed by an accredited laboratory.
An EMP should be tailored to the facility’s specific operations and food products; however, there are several steps that every program should include:
- Perform a risk assessment. Determine the risks associated with the plant’s operations, including identifying high-risk foods and potential pathogens that could be present. The frequency of environmental monitoring will be determined by the hazards and risks identified.
- Determine hygienic zones. An EMP should include sampling to assess activities, pathogens, associated risks, and mitigation options within the following zones (from highest to lowest risk):
- Zone 1: Direct food contact services (e.g., counters, conveyers, utensils).
- Zone 2: Indirect food contact surfaces that are close to food contact surfaces (e.g., crevices of equipment, drip shields).
- Zone 3: Indirect food contact surfaces that are not close to food contact surfaces (e.g., walls, floors, drains).
- Zone 4: Areas distant from food contact surfaces and processing areas (e.g., locker rooms, lunchrooms, offices).
- Implement and manage testing protocols. Testing and sampling protocols should identify the frequency of sampling required (depending on risks), number of samples (depending on the facility size), timing of sampling (before/during/after production), person responsible for conducting sampling, and an accredited lab (ISO 17025) to use for testing, as needed. Some facilities may opt to conduct internal “rapid tests” at interim phases of production by trained staff to provide more immediate and cost-effective results and leave third-party lab testing for the final product. Regardless of whether testing is done internally or by a lab, an effective EMP will swab different sites each time to reduce the likelihood of contamination going undetected.
- Develop corrective action procedures. Sampling is intended to identify high-risk areas. How an establishment responds to any findings—and how quickly—is critical. Potential corrective actions may include changing cleaning chemicals, increasing frequency of cleaning program, requiring uniforms, etc.
- Verify and validate the EMP. Data, programs, and procedures should be regularly reviewed to ensure the EMP is serving its intended purpose. Verification provides proof the EMP is working; validation provides proof it is effective.
What do I do if I have a deviation?
The FDA anticipates that facilities with EMPs will occasionally detect environmental pathogens. If this happens, the facility should immediately enact the corrective actions outlined in the facility’s EMP (see above). This may include modifying cleaning and sanitation procedures, recleaning areas, conducting retesting, holding product, or even issuing a product recall.
It is important for facilities to remember that any environment has the potential to become contaminated with a pathogen. Never having a positive result for a common environmental pathogen might not necessarily mean that the EMP is “perfect;” rather, it might be a sign that the right areas are not being swabbed adequately. Keep in mind that any positive result offers an opportunity to improve the EMP and related cleaning/sanitation/hygiene procedures.
How can I prevent environmental pathogens?
There are a number of key actions food processors can undertake to prevent environmental pathogens from contaminating their facilities and food products:
- Apply Good Manufacturing Practices (GMPs). GMPs apply to EMPs, as with every other aspect of a strong food safety program. GMPs that will impact environmental monitoring results include employee hygiene practices, sanitary facility and equipment design, and cleaning and sanitation processes.
- Evaluate, implement, and verify preventive controls. Identify your greatest risks for environmental pathogens, and proactively develop strategies to implement controls in your process flow. These may include controlling pedestrian walkways to avoid personnel contamination; using dedicated tools, equipment, and/or staff post-process; having special uniforms for staff, etc. Just as important, you must verify the performance of your preventive controls through environmental monitoring and take corrective action immediately if problems arise.
- Ensure employees and other resources are qualified. Employees responsible for sanitation, sampling, and overseeing the EMP must have the necessary training and/or experience for assigned duties. In addition, any outside labs used for environmental testing must be accredited under ISO 17025.
- Review and update the EMP. Products, operations, equipment, employees, processes, and other environmental factors change—and all of these can impact the EMP. Conducting periodic reviews to ensure processes and procedures reflect any new conditions is important in ensuring a facility’s overall hygiene and its products’ quality and safety.
Comments: No Comments
One to Watch: FDA and CBD
With a rapidly growing market, pending regulatory action related to marketing cannabidiol (CBD) products is certainly an issue to watch. And the Food and Drug Administration (FDA) set the tone for 2023, issuing a decision on January 26, 2023, concluding that existing regulatory frameworks for food and dietary supplements are not appropriate for regulating CBD. Rather, the FDA press release states, “A new regulatory pathway for CBD is needed that balances individuals’ desire for access to CBD products with the regulatory oversight needed to manage risks.”
Regulating CBD Products
Products containing cannabis or cannabis-derived compounds are subject to the same requirements as FDA-regulated products containing any other substance. FDA has currently approved only one cannabis-derived and three cannabis-related drug products, all of which are only available with a prescription from a licensed healthcare provider. There are no other FDA-approved drug products that contain CBD. In addition, there are currently three generally recognized as safe (GRAS) notices for the following hemp seed-derived food ingredients: hulled hemp seed, hemp seed protein powder, and hemp seed oil.
While the FDA recognizes the potential therapeutic benefits CBD could offer, the agency is committed to following the drug approval process to help ensure the safety and efficacy of any products derived from cannabis. The use of CBD in dietary supplements and food (both human and animal) raises a variety of safety concerns for the FDA—especially associated with long-term use and vulnerable populations (e.g., children, pregnant women)—that are not fully understood. As a result, the FDA’s internal working group concluded that “it is not apparent how CBD products could meet the safety standards for dietary supplements or food additives”:
- Dietary Supplements. CBD products are excluded from the dietary supplement definition under section 201(ff)(3)(B) of the Food, Drug & Cosmetic (FD&C) Act [21 U.S.C. § 321(ff)(3)(B)]. This exclusion applies unless the FDA issues a regulation finding that the product would be lawful under the FD&C Act. To date, no such regulation has been issued for any CBD substance. All products that are marketed as dietary supplements must then comply with the regulations governing dietary supplement products, including current Good Manufacturing Practices (cGMPs) and labeling.
- Human and Animal Food Additives. It is a prohibited act to introduce or deliver for introduction into interstate commerce any food (i.e., human or animal) to which CBD has been added under FD&C Act [21 U.S.C. § 331(ll)].
Warning Letters
The FDA is concerned with the growing number of products containing CBD that are being marketed for therapeutic or medical uses without FDA approval. The agency has sent warning letters to companies illegally selling CBD products that claim to “prevent, diagnose, treat, or cure serious diseases,” as well as to companies that sell CBD-infused food and beverages (e.g., cookies, gummies, etc.). Until a regulatory framework is established, FDA will continue to act against CBD and other cannabis-derived products to protect the public.
New Regulatory Pathway
The FDA believes there is currently not adequate evidence to determine how much CBD can be consumed and for how long before causing harm, and the agency’s existing foods and dietary supplement authorities provide only limited tools for managing the potential risks associated with CBD products. As such, a new regulatory pathway would “benefit consumers by providing safeguards and oversight to manage and minimize risks related to CBD products for humans and animals.”
Risk management tools could include:
- cGMPs
- Clear labeling on products
- Prevention of contaminants
- CBD content limits
- Measures to mitigate the risks of ingestion by children (e.g., minimum purchase age)
Many states are trying to close the gap the best they can by putting some regulations in place, but this is currently being done piecemeal. In addition, several organizations have launched cannabis standards and certifications—often based on the Global Food Safety Initiative (GFSI) and cGMPs—to improve the overall safety and quality of cannabis and cannabis-infused products in the market.
Companies getting involved in this growing industry need to stay on top of the rapidly changing regulatory environment. Take the time now to assess operations, determine what standards might be appropriate, identify gaps in existing programs, prepare for a new regulatory framework—state and/or federal—and begin implementing solutions to eliminate risks.