FSPCA Lead Instructor Christopher Snabes from TAG will review changes to the FDA Intentional Adulteration (IA) regulation, suggest several sure-fire ways to conduct your vulnerability assessments, discuss the 3 Elements approach, prepare you for Quick Checks.
IA Inspections & Quick-Checks Resuming ... Are You Ready?
1. Beyond Compliance Webinar Series
Preparing for Intentional Adulteration
Inspections & Quick Checks
on Your Written FSMA Food Defense Plan
with Christopher Snabes
3. Casual but Professional Format
✔ Ask questions! (Q&A at end)
✔ Only panelists are displayed
✔ Recording link will be shared
✔ Audio issues: use call-in number
Before We Get Started
BEYOND COMPLIANCE
Helpful tips
4. Featured Panelist & Host
BEYOND COMPLIANCE
Christopher Snabes, BS, MS, CFS
Director, Food Safety
● 18+ years food industry experience
● Certified food scientist, food microbiologist
● One of very few authorized Lead Instructors
for the Vulnerability Analysis component of
food defense plans
Aaron Bolshaw
VP Marketing
5. BEYOND COMPLIANCE
Today’s Discussion
• FDA Expectations on Training
• Options on Writing a Food Defense Plan
Preparing for Intentional Adulteration Inspections & Quick Checks
on your Written FSMA Food Defense Plan
7. BEYOND COMPLIANCE
The IA Rule Basics
• Recognizes that the greatest threat to our Food Supply is from an “Inside Attacker,” someone
with legitimate access to the production floor.
• Covers domestic and overseas facilities that manufacture, process, pack or hold human food
• Includes Food and Beverage Manufacturers not impacted by FSMA previously:
• Low Acid Canned Food
• Seafood HACCP
• Juice HACCP
• Dietary Supplements
• Bottled Water
• Food Defense Plans were required to be written by July 26, 2019 for the largest facilities and by
July 27, 2020 for “Small Businesses”
• “Very Small Businesses” have until July 26, 2021 to write their plans
• The Food Defense Plan is site/facility specific
9. BEYOND COMPLIANCE
Types of Food Defense Training via FSPCA and becoming a “Qualified Individual” per Topic
• Overview of the Intentional Adulteration Rule. Free on-line course available.
• Food Defense Awareness Training. Requirement, meaning this is mandated
by the rule, for all employees at an Actionable Process Step and their
immediate supervisors (satisfies 121.4 (b)(2)). Free on-line course is
available. This training is also APS specific, meaning the worker and their
immediate supervisor must know what to do in the event an unauthorized
person has entered the area.
• Conducting Vulnerability Assessments using “Key Activity Types” (KAT)
only. This course is on-line with a fee and comes with a Certificate of
Training. Slides are available to view, no interaction, without a fee, and no
certificate.
10. BEYOND COMPLIANCE
Types of Food Defense Training via FSPCAand becoming a “Qualified Individual”, continued:
• Identification and Explanation of Mitigation Strategies. On-line with a fee, comes with a Certificate of
Training. Slides available to view, no interaction, without a fee, no certificate.
• Conducting Vulnerability Assessments. Can only be taught by Lead Instructors approved by the FSPCA &
AFDO (TAG has two VA LI’s on staff). Fee-based, comes with a certificate of training. KAT and Mitigation
training is STRONGLY encouraged prior to taking this course. Currently, due to the Covid-19 pandemic, LI’s can
instruct this course virtually until August 31, 2021. Unless extended, in-person training ONLY will resume. Several
virtual restrictions are enforced while instructing the rule virtually.
• Food Defense Plan Preparation and Reanalysis. On-line with a fee, comes with a Certificate of Training.
Slides are available to view, no interaction, without a fee, and no certificate.
• Can establish you are trained without FSPCA courses via education and/or on the job training as
long as it is documented.
11. BEYOND COMPLIANCE
Steps Before the Food Defense Plan is Written
• Assemble a Food Defense Team with multiple backgrounds
• Write a Process Flow Chart
• Determine who needs to become a Food Defense Qualified Individual per Topic
• Conduct Initial Written Vulnerability Assessment – determine your KATs:
• Bulk Liquid Receiving and Loading
• Liquid Storage and Handling
• Secondary Ingredient Handling
• Mixing and Similar Activities
12. BEYOND COMPLIANCE
Option 1: Conduct Vulnerability Assessment Based on KATs only
Write plan based on the KATs identified during initial vulnerability assessment
• Pros: Easy to identify, quick to do, FDA recognized as acceptable
• The FDA included in the assumption that the KAT, if attacked, would create a wide scale public
health harm, that it is easily accessible, and the attacker would go unnoticed by others.
• Cons: Each KAT automatically become an Actionable Process Step (APS). May increase
the number of APS’s unnecessarily, which would increase your mitigation step(s) … can
lead to increased capital expenditure, additional personnel, and increased management
components.
13. BEYOND COMPLIANCE
Option 2: Conduct Vulnerability Assessment at Each Process Step Using the 3 Elements
Using the Process Flow Chart, apply metrics to determine which Point,
Step, or Procedure can be identified as a KAT and become an APS.
Specifically addresses the “inside attacker”.
• The three fundamental elements are considered and scored using a predetermined
scale (can use an internal scale with written justification)
14. BEYOND COMPLIANCE
The Three Elements
Element 1
Criticality
Potential public health
impact (e.g., severity &
scale) if contaminant
was added
Element 1 Options:
• Volume of Food at Risk [Simple to Complex]
• Representative Contaminant: Uses the FDA default dose multiplication factor [Simple]
• Contaminant-Specific Analysis: Assesses every known potential contaminant dose at each
step [Complex] (may be preferred by in-house toxicologists)
Element 2
Accessibility
Element 3
Vulnerability
Degree of physical
access to the product
Ability of an attacker to
successfully
contaminate the
product
15. BEYOND COMPLIANCE
Pros:
Scale for each element is pre-determined by the FDA.
Flexibility allowed in using Element 1. When using the Representative Contaminant
approach, the FDA recognizes the default factor in Element 1 for you.
Use of Inherent Characteristics can affect a score that could exclude a KAT from
becoming an APS.
TAG has seen first hand where the use of the three element approach has saved
companies from direct costs and indirect costs such as investing in capital
expenditures, time, training, and document maintenance.
Pros of Three Elements Approach
16. BEYOND COMPLIANCE
Cons:
Taking the IA VA Course allows for better understanding of how to apply this option,
and there is a minor fee for this. Only an IA VA Lead Instructor can teach the course.
Must have detailed written explanation (options exist) of why or why not it is an APS
based on score per element and overall. (You must justify in writing if you use a
different scoring scale.)
FDA will scrutinize your own dose factor if using Contaminant-Specific Analysis in
Element 1, and you may not realize all potential modes of contamination that are
classified by Homeland Security and the FDA, leading to potentially inadequate
scores, thus inadequate Vulnerability Assessment and Food Defense Plan as a whole.
Cons of Three Elements Approach
17. BEYOND COMPLIANCE
Option 3: Hybrid Vulnerability Assessment
Using just the KATs identified, you can apply the three elements to determine a metric to establish an APS
Pros:
• Easy to identify, quick to do, FDA recognized as acceptable, allows for thorough explanation to FDA your decision
process, excellent use to defend spending or not spending capital investment for a mitigation strategy
• You have an option to apply the three-element approach to each KAT identified to determine what your APS are.
Or, look at specific KATs only, and thus have a VA based on KATs equalling an APS and three-element derived APS
combined.
Cons:
• Hard to perform without taking the IA VA instruction course. If using Contaminant-Specific Analysis of Element 1,
you may not realize all potential modes of contamination that are classified by Homeland Security and the FDA,
leading to potentially inadequate scores, thus inadequate Vulnerability Assessment and Food Defense Plan as a
whole
18. BEYOND COMPLIANCE
Client Example #1: Many KATs vs 4 APS
Using the KAT method only, a client who produced several drink products identified 17
KATs (out of 85 processing steps) in the VA. The client was ready to implement 17
Mitigation Strategies and associated Management components. Several of the
proposed mitigation strategies involved relocation of processing equipment which
would involve down time, and a large amount of monetary expenditure. TAG was
approached to review the VA.
Although using the KAT method only is acceptable, TAG suggested applying the
three-element approach to the KATs as several KATs contained inherent
characteristics that the KAT method only does not account for. After applying the
three-element approach, only 4 KATs could be justified as an APS, thus saving
enormous amounts of money and time.
19. BEYOND COMPLIANCE
Client Example #2: APS vs No APS
Using the Hybrid Method, a flour mill initially identified 29 KATs (out of 122 processing
steps). Upon scoring each KAT using the three-element approach, no KAT scored high
enough with written justification to establish an APS. Therefore, the site did not need
a written Food Defense Plan, only the written Vulnerability Assessment.
No mitigation strategies were needed, no management components were needed, the
budget that was set aside for mitigation and management, which was significant,
could now be re-allocated to other areas of the facility.
20. BEYOND COMPLIANCE
Client Example #3: Processing Step vs KAT vs APS
• Using the Hybrid Method, an RTE facility initially did not identify a processing step
as a KAT. The KAT in question involved a mixing vat whereby a solid food item in
bulk quantity was exposed to a flush of oil for two minutes. The facility assumed
that since the oil flushed in and then out, that the solid food remaining could not be
adulterated. This processing step is indeed a KAT that falls under the “Mixing and
Similar Activities” definition as the oil is mixing with the solid food items. The
facility then went onto the scoring of the KAT to see if it truly was an APS.
• This example emphasizes the point that you must clearly identify all KATs on your
flow cart, and clearly describe the processing step regardless of what Vulnerability
Assessment approach you take, and that written justification is needed to support
your reasoning.
21. BEYOND COMPLIANCE
Reanalysis
Similar to a Food Safety Plan, The Food Defense Plan must be reanalyzed a minimum
of once every three years, or for the following reasons:
• Whenever there is a significant change that creates the potential for a new vulnerability or a
significant increase in one previously identified
• When there is new information about potential vulnerabilities associated with a food operation
or facility
• When a mitigation strategy is not properly implemented
• Whenever FDA requires reanalysis to respond to new vulnerabilities, credible threats, or
developments in scientific understanding
22. BEYOND COMPLIANCE
Next Steps
Option: Current Food Defense Plan Builder, v2.0 is fully aligned; allows uploading
information you have in v1.0 (most will be supporting documentation).
Don’t wait, the FDA is expecting you to have a written food defense plan in place. The
majority of facilities can expect a “Quick Check” at any time now, and very small
businesses can expect a “Quick Check” beginning in July 2021.
• “Quick Check” inspections, which is simple set of questions, will last for as long as
the FDA deems necessary for the industry to understand this concept. The “FDA will
educate before regulate”...
23. BEYOND COMPLIANCE
FDA Inspection Strategy
Two-Tiered Inspectional Approach*
o Food Defense Plan Quick-Check
• Conducted on all covered facilities
• Very low burden on agency and industry
• Very little required training for investigators
o Food Defense Comprehensive Inspection
• Conducted only on a limited number of prioritized facilities
• Focus inspectional resources on where IA concern is highest
• Specialized training for investigators
*beginning when relevant compliance dates pass
24. BEYOND COMPLIANCE
Potential Quick Check Questions
• Do you have a written Food Defense Plan?
• Was it written by a FDQI?
• Did you conduct a Vulnerability Assessment?
• Have you identified and KAT’s?
• Did you choose the option of using the three-element approach?
• Have you considered the possibility of inside attacker?
• Have you implemented any Mitigation Strategies?
• Has it been signed and dated by the FDQI?
• Do you have Corrective Actions in Place?
• How are you Verifying?
• Have you had a Food Defense Incident? If so, did you contact the FBI ?
Download infographic at:
safetychain.com/quick-checks
25. BEYOND COMPLIANCE
Closing Thoughts
• Facilities need a written Vulnerability Assessment (several options) to determine if
they need a written Food Defense Plan
• If an APS is identified, mandatory Food Defense Awareness training is required for
the worker and their immediate supervisor
• Based on the results of VA, a written Food Defense Plan can be created
• More than one individual can become a trained “Qualified Individual” as the rule has
several components that requires specialized training. These QI’s can then work as
a small team to help write the Food Defense Plan.
• ....“Food is the mightiest Weapon of them all…”
27. ✔ Prior Webinar Library (free)
✔ TAG Newsletter
✔ Global Food Safety Consultants
AchesonGroup.com
✔ FSMA Friday LinkedIn Group
✔ Q&A, Articles & Updates … Join FSMA FRIDAYS!
Resources & Future Events
✓ May 12 - Proactive Internal Auditing
✓ May 21 - Making Sense of the FDA’s Reportable Food Registry
✓ June 2 - The Staggering Cost of Poor Quality - and How to Fix It