From The Editor | May 25, 2017

Food For Thought: FSMA's Food Defense Rule (Part One Of Three)

Sam Lewis

By Sam Lewis

Be sure to view the entire web chat

On Tuesday, May 23, the Grocery Manufacturers Association (GMA) and the National Milk Producers Federation (NMPF) partnered with Food Online for a live web chat, Food For Thought: FSMA’s Food Defense Rule. In this 45-minute live Q&A, Warren Stone, senior director of science policy, compliance, and inspection at GMA, and Clay Detlefsen, VP of regulatory affairs and counsel at NMPF joined Food Online’s editor, Sam Lewis, to answer the food industry’s questions on the topic.

Sam: Hello, everyone, and thank you for attending today's web chat. I'd like to thank the Grocery Manufacturers Association (GMA) and the National Milk Producers Federation (NMPF) for partnering with Food Online and providing us with excellent subject-matter experts on this important and timely topic. Thank you, attendees, for joining us.

It’s my pleasure to introduce to you our subject-matter experts: Clay Detlefsen, he's the SVP of regulatory and environmental affairs & staff counsel at NMPF; and Warren Stone, senior director of science policy, compliance, and inspection at GMA.

Clay holds a JD from the University of Baltimore, an MBA from the University of Maryland, as well as a Bachelor’s of Science from the University of Maryland. Clay's work in the dairy industry includes work with the International Dairy Foods Association, where he used a unique blend of scientific, legal, and business skills on initiatives spanning nearly three decades. In August of 2014, he shifted his focus and joined NMPF to help cooperatives and farmers with the challenges and opportunities that they face, especially with respect to nutrient management and related environmental issues. Clay is frequently asked to lead and/or facilitate food-industry-related activities on a wide range of matters. Clay also has an exceptional rapport with senior personnel in the Department of Homeland Security, the FDA, the USDA, as well as the EPA. Clay, thanks for taking the time to join us on Food For Thought.

ClayClay: Thank you, Sam. It's a pleasure to be here. I'm definitely looking forward to hearing what's on folk's minds, and hopefully giving them some good answers to their questions and helping them get comfortable with the Intentional Adulteration Rule.

Sam: Excellent. We also have GMA's senior director of science policy, compliance, and inspection in the organization's science policy division, Warren Stone. Warren holds an MBA from Canisius College of Buffalo, NY and a Bachelor’s of science from UC Davis. Warren's background includes 30 years of in-plant experience in both manufacturing and quality assurance in a variety of operations, including low-acid canned foods, frozen foods, meat and poultry, seafood, juice, dairy items, salsa, dips, and spreads. He has written numerous HACCP quality systems, sanitations, and microbiological control programs for various food companies. In his current role at GMA, Warren works with a broad audience, including member and potential member companies, GMA's scientific and technical staff, regulatory agents, as well as universities. He is also an instructor for GMA's various course offerings, including Preventive Controls Qualified Individual, Foreign Supplier Verification, Food Defense, HACCP, and Better Process Control School. He serves as a staff liaison for GMA's Food Defense Committee and Sanitation Share Group. Warren, welcome, and thanks for joining us today.

Warren: Thank you, Sam. It’s my pleasure to be here.

Sam: It's great to have you both with us. Here's what we have in store for you today. Our goal is to provide you with knowledge and industry-leading practices food and beverage manufacturers should employ to comply with FSMA's Food Defense Rule. Most importantly, we will spend much of our time addressing and answering your questions. Again, feel free to submit them at any point during our chat.

Let's get started. Warren, can you give us a broad view of today's topic, its importance, and some of the challenges the industry is facing within it?

WarrenWarren: Sure, Sam. I think the biggest thing about this rule is that it's the first truly codified requirements for food defense worldwide. There have been a number of guidances out in both the FDA and the USDA. But, this is the first time that a government has actually promulgated a rule, a requirement, that food processors have food defense plans. It's, shall we say, other countries will be watching.

The rule applies to domestic and foreign companies. Those wishing to import foods to the U.S. are going to need to be in compliance with this rule as well. Each covered facility is going to be required to implement a food defense plan, and this has to be written. It needs to identify vulnerabilities, what the FDA terms as actionable process steps. From those vulnerabilities, you're going to assign mitigation strategies, as well as corrective actions, and verification. You're going to have to monitor that.

All this is going to have to be in records that will be available to the FDA upon verbal request. Compliance dates are staggered, but probably most of the listeners on the line right now are looking at September of 2019. Small businesses did get another year on top of that. The FDA has added to their flexibility that they've increased the time for all of us to get ready. The original proposed rule had a one-year compliance period in it.

Like all rules, there are some exemptions. They are located in part 121.5. I would highly, highly recommend if you think you are eligible for one of these exemptions, you sit down a read it very, very carefully. In some cases, you might want to have your lawyer with you when you read it because they're not all cut and dry, but there are several exemptions. Among these are very-small businesses, which average less than $10 million in sales, adjusted for inflation, holding of food, simple warehouses, with the exception of liquid storage tanks. Packing, re-packing, labeling, re-labeling, things of that nature — breaking down larger pallets into variety packs, those are exempt. Animal food is exempt. Activities on farm mixed facilities, and this one, especially, I would pay very close attention to when you read it. And most alcoholic beverage operations are also exempt.

Clay: I will add one thing. I've worked with the FDA food defense team since, actually, shortly after 9/11, before they even were a team. I think they're absolutely wonderful individuals. They're very knowledgeable. They're very dedicated. If they had had their preference, we wouldn't have a final Intentional Adulteration Rule at this point in time. Their preferred course of action would have been to engage with industry and stakeholders a lot more through an advanced notice of proposed rulemaking, where they would have put forth questions and solicited feedback, and basically moved a lot slower and tailored, probably, ultimately, a better rule, if you will.

Unfortunately, this and many of the other FSMA rules, got caught up in federal litigation, and they were pushed down this direction, probably a little more quickly than they want it to be. If it's not perfect, I think we all need to give the FDA some understanding. I have every faith the FDA is going to do everything possible to make this rule applied to us as palatable as possible. They are really good folks, well-intentioned, and generally easy to work with. We've got, still, about two years before any of us are going to be feeling compliance pains, so I think there's a lot of opportunities ahead for us.

Sam: Thank you both for your insights and getting our chat started.

Questions have been pouring in from the audience and we'd like to begin addressing them. We will try to answer as many questions as possible in the time we have remaining. I'm going to get the ball rolling with a question for Warren. In your bullet points, you mentioned that food companies are going to be required to have a Food Defense Plan. Could you give a few bullet points of what that might look like? Clay can follow up with any additional thoughts.

Warren: The basis and the backbone of your Food Defense Plan is going to be your vulnerability assessment. And that vulnerability assessment is going to dictate what you're going to do from there. The vulnerability assessment has three main components and a fourth side issue that I'll cover.

The three things you have to cover in this vulnerability assessment are 1) the potential public health impact — both the severity and scale — if a contaminant were added to your product. There are some details around that in the rule and in the preamble. 2) You also need to take a look at the degree of physical access to the product. This would be considering things like the presence of physical barriers — gates, railings, doors, things of that nature. 3) You need to look at the ability of an attacker to successfully contaminate the product. These could be the things like the ease of introducing an agent to the product. Would that agent be uniformly mixed if it was introduced? And would an attacker be able to get there unnoticed and complete all this?

Finally, you need to consider the possibility of an inside attacker, so someone who has legitimate access to be in your building. This could be one of your employees. It could be a regular employee, it could be a temporary employee, it could be a routine service man — somebody that, say, services your boiler, or your sanitation system, or your refrigeration system — something like that. That is going to be the first step.

From that, assuming that you identified what the FDA terms a significant vulnerability and that you have an actual process step — which means a point, a step, or a procedure in the process where the significant vulnerability exists — you're going to have to identify how you're going to stop that potential attacker. We call these “mitigation strategies.” Anything you identify in your vulnerability assessment as an actionable process step, you'll need one or more mitigation strategies for those actionable process steps.

After doing that, you're going to have to have some management components around that. Those are going to include monitoring your mitigation strategies to ensure that they are, in fact, being implemented as you intended. If they're not, you're going to have to have an appropriate food defense corrective action.

 “What am I going to do when things aren't going the way I planned them?” You need to have verification procedures that monitoring is being conducted and appropriate decisions are being made about food defense corrective actions, and that the mitigation strategies are properly implemented and they're doing what you think you're need to be doing. At a minimum, the rule needs to be reassessed, reanalyzed every three years. You're going to have to have verification that you've done that. All of this is going to have to be in writing. You're going to have lots of records to support all this. Those records are going to be available to the FDA for inspection and review upon a verbal request.

That, in a nutshell, is going to be your Food Defense Plan. Obviously it's got a lot more details to it than I just covered, but that will be your basic skeleton covering of the Food Defense Plan.

Clay: I imagine a lot of folks are feeling a little overwhelmed by the information Warren just shared. Again, I want to put you at ease to a degree. Warren and I have, on a number of occasions, worked with the FDA on their Food Defense Plan Builder Tool, which is a software program.

A number of years ago they released version one of that tool. If you have an opportunity to make use of it, I would highly encourage it. I think version one is still available on the FDA's website. If not, you're going to have to wait for version two. This software tool really makes it easy to create a Food Defense Plan that is highly customizable. It gives you basic information, which you can definitely fine tune to the particular aspects of your process, your operation, et cetera. It truly is a magnificent tool that's been warmly received by the regulated community.

Warren and I, as I said, we worked with FDA on version two, which is obviously going to be an improvement over version one. That should be available probably in early 2018. They want to give it to us well in advance of the compliance date, which Warren told you earlier was at least September 29 for the largest facilities and even further down the road for other sized facilities. So look forward to that tool. I think it's going to make a lot of people's lives a lot simpler.