From The Editor | June 19, 2017

Building Food Defense Plans: Why HACCP Isn't Enough

Source: Food Online
Sam Lewis

By Sam Lewis, associate editor
Follow Me On Twitter @SamIAmOnFood

Building Food Defense Plans: Why HACCP Isn’t Enough

Be sure to view the entire web chat or check out Part One and Part Two of this series

On Tuesday, May 23, the Grocery Manufacturers Association (GMA) and the National Milk Producers Federation (NMPF) partnered with Food Online for a live web chat, Food For Thought: FSMA’s Food Defense Rule. In this 45-minute live Q&A, Warren Stone, senior director of science policy, compliance, and inspection at GMA, and Clay Detlefsen, VP of regulatory affairs and counsel at NMPF joined Food Online’s editor, Sam Lewis, to answer the food industry’s questions on the topic, including why HACCP isn't enough to ensure you comply with FSMA's Food Defense Rule.

Sam: Regarding assessments and bridging gaps: why the Food Defense Rule? Why is HACCP not enough?

Warren: Well, the first step is kind of what I talked about earlier: food safety versus food defense. HACCP is a food safety rule. It deals with known or typically-known hazards. These call for corrective control measures based on known, calculable science. Food defense is not like that. The threats are continuously changing. If there is a serious attacker out there, you employ one mitigation strategy and chances are they're trying to figure out a way around that.

Food defense is much more fluid and much more open. As I said earlier, the sciences are more behavioral sciences than they are chemistry, physics, toxicology, and microbiology. That's the big starter: HACCP is protection against unintentional adulteration. People do not purposefully go and put microbial contaminants into their food and then go through a very expensive, multi-million dollar recall. Things happen. There are glitches in the system, but usually those are from either human error or errors in the system.

Food defense, again, we don't know what the contaminant is. We don't know who the attacker is. We can make a pretty good estimate, but we don't know who that is. We don't know how they're going to come at us or what we're going to have to implement as a corrective action entirely until we have to do it and see if it was effective. Food defense and HACCP are dealing with two entirely different levels of adulteration. That's why one alone is not good enough. David Acheson, Former FDA Commissioner, used to use the term food protection, which he said was a combination of food safety and food defense. That's what FSMA is all about — enhancing overall food protection.

Clay Clay: I think you summed that up very nicely, Warren. It is definitely a horse of a different color. It's something that can make us all pretty uncomfortable as we delve through it. But, yes, it's a very, very different situation. As you indicated in your introductory remarks here, this was the first country on the planet that has ever gone down this road with a regulatory scheme to stop this type of thing from happening. We're in somewhat uncharted territory right now.

Sam: We definitely are. We have a lot of questions coming in about building your food defense plan. Clay, you touched on this earlier, so maybe you could address this one. This question reads, "I based my food defense plan using CARVER+Shock Food Defense Plan Builder. Will this be enough to cover everything requested by FSMA's food defense rule? If not, what else do you think I might have to do?

Clay: For the most part, I think that's going to take you there. Except I'd have to point out, did you use the various tools properly? Have you identified the right vulnerabilities? Have you chosen the right mitigation strategies? Are you monitoring them properly? Are you taking corrective actions? It's more than just putting that plan together, it's a living, breathing plan, much like the food safety plans are. You don't put it together once, throw it up on a bookshelf, and then you're done with it. It's going to be something that you'll be living with each day.

Warren Warren: I would agree with that. However, any of these tools are only as good as the inputs. Just because you've used these tools and you've gotten a certain output, doesn’t mean you shouldn’t read it again and think about it. Does it pass the smell test? Does it make sense? I can't tell you how many HACCP plans I have looked at that I can tell right away were generated by a software program and obviously weren't proofread by the people that generated it because there's some pretty ridiculous stuff in there.

Both the CARVER+Shock and Food Defense Plan Builder, version two are very noteworthy plan builders. Again, please, please, please read the output. Does it make sense to you? If it doesn't make sense to you, go back and look at your inputs and see if you skipped something or you entered something that was contradictory. Did you put a “not” somewhere where it wasn't supposed to be? Things like that. Odder things have happened. Read the final output and see that it passes the smell test.

Sam: We had a question come in regarding the plan builder. Will putting the controls in for intentional adulteration lead to additional controls at the end of a process? Does that mean you'll have to install an X-ray machine? Are there additional processes to stop intentional adulteration at the end of the process? Have you seen that in your experience?

Warren: Without looking at the specific vulnerability assessment and having some idea of the factory we're discussing, I can't really answer that in specifics. Anytime you enter a new protection scheme, chances are there are going to be some tasks that are new.

The same is true in food safety. The same is true in personnel protection, complying with OSHA requirements. The same is true with inventory controls and financial controls. Any time you implement something new, you're probably going to have something that you're not already doing. I can't really give specifics on a hypothetical with that limited description.

Clay: I think, at the end of the day, a lot of people will be doing things differently. The FDA has spoken a lot to visual monitoring. That could be done either by additional personnel or it can be done by cameras. That might be something new that you're not doing right now. And there can be other benefits. Cameras might be there to pick up the bad guy dumping a deleterious substance into a vat or a vessel, but it might also be able to curb inappropriate employee behavior, whether it's roughhousing, theft, et cetera.

There may be ways to sort of spread the cost if you start going down those roads. But also, when I was doing a lot of vulnerability assessments, there are a lot of very simple, basic things that you can do. If you've got a vat or a vessel, which somebody during the course of the night or at any point of time tossed something into it. It might be a transfer hose. It might be a silo. It might be a vat or a vessel.

One of the things we came up with as a mitigation strategy: when in doubt, rinse it out. Do a visual inspection. Make sure whatever that piece of equipment is, it’s pristine, as it should be. Take a look at it. When in doubt, rinse it out. It could be something that basic. You'll see, if you go into the software tool that I've referenced multiple times, look at the mitigation strategies. There are tons of them there. The work's been largely done for you by industry professionals over an extended period of time, and I'm sure it will be supplemented as we move forward.

Warren: I would add to that, the FDA has an existing mitigation strategies database on their website. As Clay said, there are hundreds of mitigation strategies. You may find one is better for you than the others. You may also find that a procedure you've implemented for another reason, say, personnel safety, would qualify as a food defense measure as well, as a food defense mitigation strategy.

I once worked in an operation where we had an area we thought was a little hazardous to personnel due to slips, trips, and falls, and we made a rule that you couldn't go in there by yourself. You always had to have somebody else with you. This was before 9/11. But low and behold, we had implemented a buddy system, which today would be a food mitigation strategy. So keep an open mind about it.

Sam: Great. Thank you both. This one is more along the lines of the FDA's stance to educate before regulate. This one asked, "Do you think the FDA will leverage or address questions submitted through the Technical Assistance Network (TAN) in the guidance on the IA Rule that is currently being developed?"

Warren: Both Clay and I are working with an independent committee to develop educational materials through the Food Safety Preventive Controls Alliance that will be used for food defense training. The reason I bring that up is we're working with a number of FDA people who have told us that they're looking for the development of those materials to parallel guidance. We would expect that guidance to be available probably in about a year.

Educate while you regulate. The FDA has talked about a tiered approach, where their first inspection would be more of: do you have a plan? Does it cover the main components I mentioned earlier? And then the second level when they come back would be a more detailed evaluation. Assuming they carry out with that plan, which I have no doubts that they won't, that would be more of the educate while you regulate approach, the philosophy. Regarding the TAN, I can't speak for FDA, but I know on the food safety side, the FDA has used information submitted to that TAN to develop further guidances and make adjustments to the educational materials that are out there. I have no reason to doubt that they're not going to do the same thing on food defense, on intentional adulteration. I will tell you that on the food safety side, the TAN, if you use it right now, it's probably going to take a little while to get the answer. That's simply because it's just overloaded with questions.

The same thing is probably going to be true on food defense intentional adulteration at the very beginning. Those of us that lived through the development of Ask FSIS on the meat and poultry side, we experienced the same thing when that was originally put into place. Now, if you submit a question to Ask FSIS, you get an answer in about 48 hours. I would think we're going to live through a similar evolution with the TAN.

Clay: I think there is going to be absolutely copious amount of materials provided to the regulated community that will be helping them. I would also point out that the Food Safety Preventative Controls Alliance will start a number of intentional adulteration webinars this summer. The first one is on June 20, 2017 at 11:00 Central, and that's going to be discussing vulnerability assessment requirements of the IA Rule. There'll be a second webinar on August 22 and a third one scheduled for October 24. Literally two years in advance of the first compliance date for that rule, the government through its contractor and the Alliance is already pushing out materials to help people understand what's going to be required of them and help them through it.

Sam: Great. Thank you. Thank you both. Last question: similar to building food safety plans, are there resources available to review food defense plans? If so, what are they?

Clay: I am not aware at this time of anyone that has offered to start reviewing food defense plans. I can say with virtually every government regulation that comes out, a cottage industry sprouts up. I would fully anticipate, as we approach closer and closer to the compliance dates, there will be an abundant number of entities that will jump into that fray. I think, in time, what the market needs materializes. Again, I think if you're using the software tool, you're probably going to largely be able to do it yourself. But, some may choose for whatever reason not to. Yeah, I wouldn't be overly concerned that you won't have the ability for some third party to give it a look.

Warren: We, the Grocery Manufacturers Association (GMA), will do that as a service for GMA members, but we don't do it open to the public. We do that right now for food safety plans, as I said, we've probably collectively got over a hundred years of experience on that.

Remember, we're learning, too. I mean, Clay and I may have spent a lot more time digging into the dotted i's and crossed t's of the rule and the preamble and know how we eventually got to where we are today, but I will be first to say, while I'm very well read on the rule, I certainly wouldn't call myself an expert at this time because we do have to see how some of this is going to play out. And we may not know the answers for several years. But we can, if you are a GMA member, we could at least tell you if you are in compliance with the rule right now. As we see it, I should say.

Sam: Well, it's great to hear that GMA offers that service for its members and that there will be other third-party sources out there to have the plan reviewed for compliance.

Unfortunately, we've run out of time. We had a lot of questions come in, but fear not. If we didn't have an answer to your question or we didn't have a chance to get to it, we'll certainly do our best to address it in follow-up content to this session. Warren and Clay both have agreed to do a follow-up Q&A that'll be published on FoodOnline.com in the near future.

For more information on the Grocery Manufacturers Association, becoming part of its membership, and resources on food defense you can go to GMAonline.org.

NMPF had some great content and can be found at nmpf.org, nmpf.org/latest-news, and nmpf.org/issues-watch.

Be sure to join us for the next edition of Food For Thought, where we will be answering your questions on establishing, maintaining, and improving food safety culture.

With that, Clay, did you have any closing thoughts?

Clay: Be patient. Don't be afraid. This, too, will come into fruition. I don't think it's going to be as bad as many people have feared. I think it's a great thing for us to do that will, ultimately, reap a multitude of benefits. And certainly, we don't want anyone to be successful with an intentional adulteration activity. We definitely have to be diligent and work through the process.

Warren: Remember, we're all learning about this, including the FDA, as we go along. They have a lot of expertise at their disposal, but the market basket regulated by the FDA is extremely diverse. It's probably going to call on some creative solutions from all of us to be able to cover all of the variables that are out there. As Clay said, be patient, and we're all learning about this at the same time. It'll be a good journey.

Sam: With that, our time has come to an end. Again, thank you both for your willingness to educate the industry and share your knowledge with us. Thank you, attendees for taking the time to join us. Plenty of knowledge was shared. We hope you enjoy the rest of your day.

Clay: Thank you, all.

Warren: Thanks, everyone.