It is terrifying to think about some of the things that happen to our food supply. It is hard to wrap your head around the idea that a piece of undercooked food can take someone’s life. When we talk about dangerous foods, most of us quickly jump to conclusions of bacteria, such as E. coli or Salmonella; but what about acts of deliberate contamination? It’s pretty scary stuff, and I’m not talking about an upset employee spitting on your meal at a restaurant. This scenario has its place and concerns, but its not what I am referring too. What I want to discuss today are deliberate attacks on our food supply. Attacks that cause public health concern. Attacks that make consumers terrified to consume certain products. Just a few weeks ago, complaints were received from various sources in relation to a pizza dough. As families all over the East Coast sat down to enjoy a pizza together, some low life decides to put razorblades in the dough. A young child bites into their pepperoni pizza and the razor blades cause catastrophic damage to the gums, teeth, tongue and throat. How about that time in Australia when an upset employee shoved needles inside thousands of strawberries? Or when a Chinese milk formula producer started substituting the powder with ground-up plastic resulting in numerous ill and dying children. Intentional adulteration is very much alive in today’s world. Our food supply is threatened by terrorists seeking to destabilize our economy and crush the food industry. Food Safety Plans are well known in the food industry, but Food Defense Plans are not as popular. I am going to share with you the components necessary for a functional Food Defense Plan.

What is Food Defense?

Food defense is different than food safety. When talking about food safety, generally speaking, these are unintentional acts of contamination. Such as not cooking a product long enough or loosing control of a CCP. These acts of contamination, most of the time, are done unintentionally. Food Defenses’ focus is to prevent intentional acts of contamination, such as needles in the strawberries, or razors in the dough. We have food defense to protect companies from these kinds of attacks. Sometimes companies intentionally adulterate their products to make more money. These acts are referred to as economically motivated adulteration. An example for you; a farmer sells product as organic when it is conventional so they can get a higher price. Or a Chinese formula producer substitutes the formula powder with ground up melamine to save on costs. The goal of a food defense plan is to assess your vulnerabilities, establish controls, monitor those controls, and reevaluate your plan for effectiveness.

Is Food Defense Required?

Previously, the Federal Food Drug and Cosmetics Act addressed some aspects of Food Defense, such as requiring certain facilities to register to a national database maintained by the FDA, or for high-risk food products to be produced under a food defense plan. In May of 2016, the FDA added to the Food Safety Modernization Act, the Mitigation Strategies to Protect Food Against Intentional Adulteration. Now any facility, except the exempt, that manufactures, processes, packs or holds food are required to develop and implement a Food Defense Plan.

What do I need to do before developing a Food Defense Plan?

To successfully construct a sound Food Defense Plan there are a few preliminary tasks that need to be accomplished.

  • Assemble The Food Defense Team – Your team should include members from maintenance, production, sanitation, purchasing, laboratory, and security.
  • Construct a Process Flow Diagram – The steps within each process should be clearly identified. This will help you when you get to your Vulnerability Assessment.
  • Describe your products – Certain products are more prone to attacks than others. It helps to have all the products your company produces clearly laid out.
  • Read the FDA’s guidance on Mitigation Strategies to Protect Food Against Intentional Adulteration.

Some of these steps may be completed as they are preliminary in the development of HACCP Plans and Food Safety Plans. Once the foundation is formed, you can begin building your plan.

Components of a Food Defense Plan

There are critical elements that need to be a part of your plan. These critical pieces are:

  • Vulnerability Assessment
  • Mitigation Strategies
  • Monitoring Controls
  • Corrective Actions
  • Verification
  • Reanalysis

Vulnerability Assessments

The goal of the assessment is to identify steps in the process that require control. A good vulnerability assessment will identify, prioritize, and focus resources on preventing significant vulnerabilities. A significant vulnerability is one that, if exploited, could be expected to cause wide scale public health harm. In short, the success of your Food Defense Plan is dependent upon your vulnerability assessment. The assessment will be used as a basis for implementing controls. An assessment needs to be conducted for each product you produce. You can group like materials as long as you can provide justification as to why you grouped the food products. There are two recognized methods you can apply to build your Vulnerability Assessment. The KAT (Key Activity Types) method, or the Three Fundamental Elements method.


The KAT Method

KAT stands for Key Activity Types. The FDA conducted over 50 vulnerability assessments in situations that lead to attacks that cause wide scale public health concern. The result was they identified ”Key Activities” that result in a vulnerability. These activities are bulk liquid receiving and loading, liquid storage and handling, secondary ingredient handling and mixing/similar activities. Basically, if a step in the process is a Key Activity Type it is an actionable step that requires control. This means you will need to establish mitigation strategies to assure that step in the process will not be compromised. FDA really tried to keep this method simple. The problem is definitions for words like “mixing” can be quite complex. It is a good idea to have a firm understanding of what these words mean before categorizing each process step. For more information, click here to read the guidance document.


Three Fundamental Elements Method

There are three fundamental elements that need to be assessed to determine your vulnerability. Each element will be graded on a scale of 1 to 10, with 10 being the worst-case scenario. The first element to consider is the impact on public health. Basically, you are expected to understand to what degree of impact an introduced contaminant would have on public health. To simplify this, the FDA put a nice calculation together that you can use to determine the impact of an attack on public health.

The second element to be considered is accessibility. How accessible is each step in the process? For example, a facility that conducts large mixing activities has the mixing tank outside in an uncontrolled area. In this example, the accessibility is high versus a facility that has a mixing tank inside a secure room of the facility with locks on the tank. Limiting access to vulnerable processes is an excellent way to reduce risk.
Lastly, we want to assess the ability of an attacker to successfully contaminate the products. You will want to consider your ability to identify the contaminated products and how you know an attack occurred. For example, razor blades in pizza could easily be observed, but cutting olive oil with vegetable oil would be more difficult to notice.

Based on your consideration of these three elements, you should be able to determine which steps in your process are actionable. Remember, an actionable step means the step is vulnerable to an attack and mitigation strategies should be incorporated into the process to reduce vulnerability.

Mitigation Strategies

Now we get into the fun part, establishing mitigation strategies to reduce the possibility of intentional contamination. Actionable steps in the process should have one or more mitigation strategies to reduce vulnerability. Personally, I think the best way to explain mitigation strategies is to give examples. There are many ways a company can reduce its’ vulnerability, a few are listed below for your understanding.

Mitigation Strategies to reduce accessibility

  • Facility Wide Security such as:

    • Fencing
    • Employee Key Carded Entry
    • Delivery Schedule showing arriving and departing orders
  • Color Coded Departments
  • Employee Authorization
  • Tamper-Proof Seals
  • Locking Gates and Doors

Mitigation Strategies to reduce vulnerability

  • Product Testing

  • Supplier Approval Programs
  • Employee Training

Mitigation Strategies to prevent insider attacks

  • Clear Lighting and Line-Of-Sight

  • Team-based Working
  • Peer Monitoring

Monitoring, Corrective Actions and Verification

For each of the mitigation strategies, the FDA expects them to be monitored with established corrective actions and verification activities. Monitoring can be conducted in various ways. Employee interviews, mock exercises, inspecting seals or locked gates, are all great ways to accomplish success in your plan. Whatever methods of monitoring are used, it will be important to document them. Remember to include the who, what, when, where and how monitoring will occur.

Corrective actions are a little different when talking about food defense. Corrective actions in food safety could mean the products are compromised and need to be segregated. When monitoring your food defense mitigation strategies, the products may not be compromised. Let me give you an example. If you are monitoring a locked gate and see that the gate was unlocked because it was broken, no product has been compromised. Instead, the gate must be fixed, and the lock replaced. This corrective action would be acceptable since no product was involved.

Verification is similar to the requirements laid out in HACCP. Verification is assuring everything is operating as planned. Activities to verify the plan is being followed includes record review, internal audits, security assessments, etc. There are many ways to verify the plan is being followed correctly, just remember these activities need to be documented.

Lastly, the Food Defense Plan must be reviewed for its effectiveness periodically. Specifically, FDA requires a review every 3 years, and when significant changes occur, new information arises, improper implementation of the plan or ineffectiveness of the plan.

Food defense gets less attention than food safety, but it is so particularly important to the food industry. Food Safety Plans primarily focus on preventing unintentional contamination while Food Defense Plans focus on preventing intentional contamination. Together, food safety and food defense are the supporting framework for Food Protection.

Global Food Safety Consultants is a group of expert food safety advisors with experience in all sectors of the food supply-chain. We are seasoned professionals that have helped hundreds of companies achieve food safety success. GFSC can help you achieve your food safety objectives. GFSC, your partner for all thing’s food safety.