Food Defense - III

Food Defense Planning

The world is a global village due to globalization where food is considered as the most dynamically traded commodity on its global market, which increases the risk of spreading contaminated and adulterated food. Other potential factors of risk are national, political, economic, business and personal differences whereas food industry has been facing many risks in recent years. Intentional contamination of food products and food fraud are some of the possible risks where implications are not limited only to food producers but also more widely. They can have negative influence on product safety and, eventually, on the business activities of a company. Therefore, one of the basic steps is to raise awareness of food defense through the whole food chain, from the food sector to government institutions while incorporating food defense education in to existing systems, training programs, and to the basic food safety curricular. There are critical factors at all levels of the food chain so one cannot prevent intentional contamination and food fraud without regulated legal provisions and effectively written procedures.

What is a Food Defense Plan?

The USDA’s Food Safety and Inspection Service defines a food defense plan as follows: “A food defense plan is a document that sets out control measures developed by an establishment to prevent intentional adulteration of product. A food defense plan should be developed, written, implemented, tested, assessed, and maintained if it is to be functional. All establishments are encouraged to operate with a food defense plan”. The elements of such a food defense plan include the following:

Assessment

As part of the assessment the establishment: looks for vulnerable points at the establishment, determines what the risk factor is for each point, develops defense measures at each point that it has identified as high risk, and creates a written plan to implement defense measures.

Implement

The food defense plan is implemented when the defense measures identified in the plan are in place and used as intended.

Test

The establishment tests the written plan by monitoring periodically to evaluate the effectiveness of its defense measures.

Assess

The establishment assesses the plan by reviewing the plan and revising it as necessary whenever new risks are discovered.

Maintain

The establishment maintains its plan by ensuring that the defense measures it implements continue to be effective.

In November 2007, the FDA introduced the Food Protection Plan as a complement to the interagency Import Safety Action Plan. The Food Protection Plan emphasizes three core elements:

Prevention

Promotion of improved food safety and defense capabilities throughout the product lifecycle.

Intervention

Coordinate risk-based interventions among federal, state, local and foreign agencies.

Response

Develop rapid and comprehensive methods to communicate with consumers and other agencies before, during and after an event.

The FDA proposes a group of activities to be included in the food defense plan. First is the Identification of actionable process steps and the implementation of Focused mitigation strategies, i.e. measures that are necessary to reduce the likelihood of intentional contamination caused by an act of terrorism. This measure is based on the risk-assessment tool CARVER + Shock and a further variable to measure is Monitoring. Nonetheless, there are Corrective actions of the food safety system that ensures the performance of the entire system. The same principles apply to food defense. Verification activities for food safety can also be used for food defense. The final step is Training which requires the employees and supervisors working in the field of food defense to become aware of food defense and their responsibilities. The last mentioned measure refers to keeping records about food protection confidential and safe from intentional adulteration caused by acts of terrorism.

Based on above developments, FDA and USDA adapted a tool called CARVER, originally used for military purposes, for vulnerability assessment in the food sector. CARVER is an acronym for the following six attributes used to evaluate the attractiveness of a target for an attack:

Criticality—refers to the impact of an attack on public health and the economy.

Accessibility—refers to the ability to physically access and egress from the target.

Recuperability—refers to the ability of a system to recover from an attack.

Vulnerability—refers to the ease of accomplishing an attack.

Effect—refers to the amount of direct loss from an attack as measured by loss in production.

Recognizability—refers to the ease of identifying a target.

The 7th attribute is shock, which assesses health, economic, and psychological impacts of an attack on the food industry. These adapted methodologies improved vulnerability assessment and allowed for the identification and estimation of economic and psychological impacts throughout the food system. Risk management according to ISO 31000 was applied in safety risk assessments ahead of food defense assessment. It has been recognized that, compared to risk, vulnerability is more a state of being that could lead to an incident.

While conducting threat analysis and assessing vulnerability with the purpose of the implementation, maintenance and improvement of food defense, one can use risk assessment methods based on the ISO standards Risk Management ISO 31000:2009 and ICH Q9 Quality Risk Management. The majority of food companies are familiar with these methods because they are used for conducting risk assessment in food safety management systems. These are methods such as Risk matrix, Checklists, Failure Mode and Effect Analysis—FMEA, etc. Risk assessment techniques are described in the supporting standard ISO 31010:2011 Risk Management—Risk assessment techniques, which provides the guidelines for the selection and application of systematic techniques in risk assessment.

Threat Assessment Critical Control Point (TACCP)

(Adapted from PAS 96:2014)

TACCP should be used by food businesses as part of their broader risk management processes, or as a way of starting to assess risks systematically.

Thus, TACCP aims to:

Reduce the likelihood (chance) of a deliberate attack;

Reduce the consequences (impact) of an attack;

Protect organizational reputation;

Reassure customers, press and the public that proportionate steps are in place to protect food;

Satisfy international expectations and support the work of trading partners; and

Demonstrate that reasonable precautions are taken and due diligence is exercised in protecting food.

By:

Identifying specific threats to the company’s business;

Assessing the likelihood of an attack by considering the motivation of the prospective attacker, the vulnerability of the process, the opportunity and the capability they have of carrying out the attack;

Assessing the potential impact by considering the consequences of a successful attack;

Judging the priority to be given to different threats by comparing their likelihood and impact;

Deciding upon proportionate controls needed to discourage the attacker and give early notification of an attack; and

Maintaining information and intelligence systems to enable revision of priorities.

Food sector professionals want to minimize the chances of loss of life, ill health, financial loss and damage to business reputation that an attack could cause. Thus, TACCP cannot stop individuals or organizations claiming that they have contaminated food, but it can help judge whether that claim is likely to be true. Any such claim, if judged to be credible, and any actual incident should be treated as a crisis. The organization needs to take steps to keep operations running and inform those involved.

Process of TACCP

In most cases TACCP should be a team activity, as that is the best way to bring skills, especially people management skills, together. For many small businesses the team approach is not practicable and it may be the job of one person. The TACCP team can and should modify the TACCP process to best meet its needs and adapt it to other threats as necessary to deal with four underlining questions:

a)  Who might want to attack us?

b)  How might they do it?

c)  Where are we vulnerable?

d)  How can we stop them?

A standing TACCP team should be formed, which could include individuals with the following expertise:

Security;

Human resources;

Food technology;

Process engineering;

Production and operations;

Purchasing and supply;

Distribution;

Communications; and

Commercial/marketing.

The team may include representatives of key suppliers and customers. However, for a small organization, one person may have to cover all of these roles. Hence, the HACCP team might provide a suitable starting point, the Business Continuity team might be a better model. The TACCP team is typically an established and permanent group able to continually review its decisions. Since the TACCP process may cover sensitive material and could be of assistance to a prospective attacker, all team members should not only be knowledgeable of actual processes, but also trustworthy, discreet and aware of the implications of the process. Nevertheless, the TACCP team should, evaluate all new information which has come to its attention while   identifying individuals and/or groups which may be a threat to the organization and assess their motivation, capability and determination; it also identify individuals and/or groups which may be a threat to the specific operation (e.g. premises, factory, site) and select a product which is representative of a particular process. For example, a suitable product would be typical of a particular production line and could be one which is more vulnerable. The process also identify individuals and/or groups that may want to target the specific product.

Team should draw a process flow chart for the product from but not limited by, ‘farm to fork’ including, for example, domestic preparation. The whole flow chart should be visible at one time. Particular attention should be paid to less transparent parts of the supply chain which might merit a subsidiary chart. Identify the vulnerable points from examination of each step of the process where an attacker might hope for success and the people who would have access. Identify possible threats appropriate to the product at each step and assess the impact that the process may have in mitigating the threats. Model adulterants include low-cost alternative ingredients to premium components; model contaminants could include highly toxic agents, toxic industrial chemicals, readily available noxious materials and inappropriate substances like allergens or ethnically unwholesome foodstuffs. For example, cleaning may remove the contaminant, heat treatment may destroy it, and other food components may neutralize it. Select the points in the process where the threat would have the most effect, and where they might best be detected while assessing the likelihood of routine control procedures detecting such a threat; i.e. routine laboratory analysis could detect added water or unusual fats and oils; effective management of buying would challenge unusual purchase orders. Score the likelihood of the threat happening, score the impact it would have, and chart the results to show the priority it should be given, and revise if this risk assessment seems wrong.

The TACCP team might ask, “If we were trying to undermine our business, what would be the best way?” It may consider how an attacker selects attack materials:

Availability;

Cost;

Toxicity;

Physical form; and/or

Safety in use, for example pesticides on farms and aggressive flavour materials in factories may be convenient contaminants.

Wherever the priority is high, identify who has unsupervised access to the product or process and whether they are trustworthy, and if that trust can be justified. Categorize, record confidentially, agree and implement proportionate preventative action (critical controls) where TACCP team should have a confidential reporting and recording procedure that allows management action on decisions but does not expose weaknesses to those without a need to know. Determine the review and revise arrangements for the TACCP evaluation. Review of the TACCP evaluation should take place after any alert or annually, and at points where new threats emerge or when there are changes in good practice. Maintain a routine watch of official and industry publications which give an early warning of changes that may become new threats or change the priority of existing threats, including more local issues as they develop.

Assessment of Treats

The following questions may include but not limited to, while assessing threats. The product, the premises and the organization can be the target of an attack from a range of groups and individuals and each element should be assessed separately. The TACCP team should consider suppliers under financial stress, alienated employees and former employees, single issue groups, commercial competitors, media organizations, terrorist organizations, criminals and local pressure groups. Commonly, a short supply chain involving fewer people may be less risky than a longer supply chain. The TACCP team could ask the following questions to assess a threat.

For the product:

Have there been significant cost increases which have affected this product?

Does this product have particular religious, ethical or moral significance for some people?

Could this product be used as an ingredient in a wide range of popular foods?

Does the product contain ingredients or other material sourced from overseas?

For the premises:

Are the premises located in a politically or socially sensitive area?

Do the premises share access or key services with controversial neighbours?

Are new recruits, especially agency and seasonal staff, appropriately screened?

Are services to the premises adequately protected?

Are external utilities adequately protected?

Are hazardous materials, which could be valuable to hostile groups, stored on site?

Are large numbers of people (including the general public) using the location?

Do any employees have reason to feel disgruntled or show signs of dissatisfaction?

Are internal audit arrangements independent?

Have key roles been occupied by staff for many years with little supervision?

For the organization:

Are we under foreign ownership by nations involved in international conflict?

Do we have a celebrity or high profile chief executive or proprietor?

Do we have a reputation for having significant links, customers, suppliers, etc. with unstable regions of the world?

Are our brands regarded as controversial by some?

Do we or our customers supply high profile customers or events?

Consideration of responses to these questions can give an understanding of the impact of a successful attack and the likelihood of it taking place. This informs a judgment on the proportionate level of protection required.

Assessment of Vulnerabilities

General Individual organizations have different business needs and operate in different contexts. The TACCP team can judge which approach and questions are appropriate and proportionate to the threats they identify.

Assessment of Economically Motivated Adulteration 

A typical feature of EMA is the substitution of a low cost item in place of a relatively high cost component/ingredient. The TACCP team needs to be alert to the availability of such alternatives. An example where this may happen is when added value is claimed, (e.g. organic, non-gm, locally grown, free range or with protected designations of origin). The attacker is likely to have ready access to lower value equivalents, which are almost indistinguishable.