Sunday, April 29, 2018

Food Defense - IV


Food Defense and Food Safety
In the context of food safety and food defense, both systems drive the efficiency of food sustainability efforts; they are the means to align consumer requirements for safe food with confidence for consumption. Food security concentrates on sustainable supply and distribution of food products and how does that affect the actions of a farmer, or food distributor or manufacturer, or food service outlet as well as how does it impact the food system? Food security guides the efficiency and effectiveness of food safety, which in return strengthens food security. The food defense and food safety informs the practical ways of inspiring confidence in the foods consumed, while lowering or eliminating foodborne illness. There is close interplay between the physical aspects of producing food and the financial realities of business. Nonetheless, there are political and cultural (even religious) realities of food production and consumption, along with the impact that producing food has on the environment. Most importantly, there are the very genuine personal physiological and psychological impacts on food that are consumed.

Hence, development of food defense program will be more effective and efficient with a food safety program. As such, following food defense procedure has developed to upgrade an existing food safety system with few additional documents while adapting to existing protocols with amendments wherever necessary. The given program is a generic example, which is not very comprehensive where individual plants can adjust according to their requirements where necessary. The procedure was developed for the educational proposes where customization are mandatory if any person wants to use it as a company own procedure.      




FOOD DEFENSE PROCEDURE
Standard Operating Procedure for Food Defense Program





Distribution:

1.         Chairman
2.         General Manager
3.         Quality Assurance Manager
4.         Factory Manager – XYZ Factory
5.         Production Manager – QUV Factory
6.         Sales Manager
7.         Purchasing Manager
8.         Security Officer
9.         Administration Officer  

1.0       Objective
To quickly and accurately identify, respond to, and contain threats or acts of intentional contamination are strictly controlled through planned arrangements, requirements with the existing food safety management system, and is being effectively implemented and updated continuously.

2.0       Scope
This procedure covers all the security measures applied including, risk assessments, annual evaluations, employee screening, access control and inspection related to food defense and food safety.

3.0       Responsibilities
            Overall                                                           – General Manager
            Direct                                                             – Factory Manager
            Security requirements                                 – Security Officer/Consultant 
            Maintain data collection                             – Factory Manager
            Maintain food defense system                   – Quality Assurance Manager
            Maintaining/Updating/Documenting    – Food defense team/food safety team
            Preparation of relevant documents         

4.0       Activities

4.1       General   
4.1.1   The XYZ Pvt. Ltd., who manufacture, process and pack orthodox black tea shall have following food defense procedure to deter and prevent intentional contamination and will have protocols in place to quickly and accurately identify, respond to, and contain threats or acts of intentional contamination. Nonetheless, company registered green leaf collectors and individual suppliers will ensure their suppliers adopted to given protocols and implement appropriate controls which will be audited annually.
  
4.1.2    The laws and legislation requirements governing food defense vary from country to country. Hence, company has defined a minimum set of food defense standards to help company meets legal and consumer expectations, where selected standards may exceed the requirements of a specific country or area.

4.1.3    The management has selected food safety team as the plant food defense team where additional consultants on the specific requirement will be hired from the outside.

4.1.4    The food defense plan shall be developed along with the food safety plan, covering areas which are not covered during the hazard analysis in-line with intentional adulterations on the company’s products.

4.1.5   The company’s written food defense plan includes vulnerability assessment, including required explanations, to identify significant vulnerabilities and actionable process steps. The process has defined mitigation strategies, including required explanations for food defense monitoring procedures and corrective actions verification plans for the complete assessment of food defense program.

4.1.6 Statutory and regulatory authorities and other organizations including clients/ distributors/supermarket chains that may have an interest or impact on food defense shall be informed as appropriate on issues concerning them. Such communication shall be done by or under the approval of General Manager.

4.1.7   Any inquiries, customer feedback or any other information from supermarket chains, including customers, suppliers and statutory and regulatory authorities regarding food defense shall be communicated to Quality Assurance Manager. Customer complaints and related activities on food defense also shall be communicated to Quality Assurance Manager. All above information and issues shall be documented and communicated.
  
4.1.8    The food defense team has selected mitigation strategies for actionable process steps, which identify and implement mitigation strategies at each actionable process step to significantly minimize vulnerabilities, including a written explanation of how the strategy can minimize the vulnerability.

4.1.9    Food defense monitoring plan shall monitor the mitigation strategies with adequate frequency to provide assurances that they are consistently performed. Verify that mitigation strategies are properly implemented and appropriate decisions about food defense corrective actions are being made, and implemented while conducting validation of the food defense plan as appropriate.


4.2       Gap Analysis/Self-assessment
4.2.1  A gap analysis/self-assessment shall be conducted prior to new food defense program, and every year there will be an annual review to the existing system to identify gaps, new treats, adaptability, suitability and continuity. Thus, company can maintain its food defense program by actually fixing gaps identified in assessments and modifying the plans and programs as conditions change. The key activities are;
a)Identify the most vulnerable components of the site’s operations and, determine how to use resources, procedures and protocols most effectively to reduce risks;

b)Identify potential areas of exposure, or “gaps” in the site’s security measures; and,

c)Once the gaps are identified, countermeasures (such as program or process improvements or physical security hardware upgrades) can be used to bridge or fix the gaps.

4.2.2    The system shall be audited under the ongoing internal audit plans based on this procedure, however company will hire an external food defense auditor bi-annually with internal audit team to make sure system is runs at its optimum conditions. The internal audits shall focus on the plans and procedures developed while assessing the site’s implementation of the plan which will show any gaps that need to be fixed.

4.2.3    The food defense system of the company shall be adapted to the PAS 96: 2014 as the main food defense standard that will be used to develop company’s food defense plan and will use the PAS 96’s Risk Assessment methods to evaluate its food defense system requirements together with Hazard Analysis of ISO 22000 FSMS.

4.2.4    The company has developed a comprehensive risk assessment checklist for the evaluation of risks together with PSA 96:2014.

4.2.5   Company has established employee hiring manual, which includes a minimum level of background checks for all the employees.   

4.3       Access Control and Visitor Management
4.3.1    Effective access control is the foundation of a successful food defense plan where company has implemented an automated access control system for the office areas and production with identification colours for each sections, ID cards for employees with their credentials and limited access visitor passes.


4.3.2    Security shall identify and document all individuals gaining access to the facility, limit access to those who have a legitimate reason to be there, control pedestrian and vehicle traffic at the site and properly report and respond to incidents challenging this policy.

4.3.3    The visitors and general employees shall be controlled for gaining access to processing and manufacturing, raw material, ingredient, packaging storage areas, hazardous and chemical storage areas as well as shipping and receiving areas. The access to these areas are limited to the individuals who require access in order to complete their assigned tasks and their uniforms are specifically colour coded relevant to the working area.

4.3.4    The vehicles coming in and out going of the facility shall be inspected, recorded and verified before gaining access or leaving whether they are belong to the company, employees, visitors or suppliers. The parked vehicles shall display a placard or decal issued by the facility.

4.3.5    The visitors are advised to check in and check out when entering and leavening the facility. A visitor log book is maintained and security will scrutinize any visitor before entering the facility and connected to the specific person in charge of the visit.


4.3.6    The visitors are screened and verify the visitation before granting the access to the facility as well as areas where visitor will have specific access to.

4.3.7    The visitors are accepted though general office and accompanied by a company executive during entire visit. The visitor is not left alone for any circumstances other than use of washroom or inside the visitor’s resting area.

4.3.8    The company shall provide passes for all the registered suppliers while security has been advised to scrutinize suppliers entering to the facility with specific persons registered.

4.3.9    If allergens are handled by the facility for any specific activity, they shall be segregated from the products or raw materials to avoid any cross contamination.

4.4       Secure Facility Controls
4.4.1    All the perimeter areas are demarcated, high fenced, with specific in and out gates which are strictly controlled by the security personnel and surveillance camera (CCTV) system. Fencing, surveillance cameras and security personnel shall be deployed as to the requirements and risks identified.


4.4.2    The facility shall be kept enclosed all the times, the entrance gates are controlled through a security personnel.

4.4.3    All the buildings or facilities shall be under lock and key when they are not in use. Storages, vehicles, containers, trailers or any other temporary holding units which are not being used are kept locked.

4.4.4    Secure all the agricultural chemicals and verify inventory on a schedule basis with restricted access keys.

4.4.5    All the specific keys to the doors shall be kept strictly controlled, there is a specific key registry which identifies the specific key holders for each access door in the facility. The areas specifically restricted for general employees, visitors, and untrained employees will be demarcated, informed and sign boards are posted. If any employee given a specific access to a restricted area where is not his/her duty station, they have to record, sign and receive the specific access keys which will be strictly regulated and controlled on the basis of case by case.

4.4.6    When the employees are terminated or resigned uniforms, name tags, identification badges shall be collected from them prior termination/resignation.

4.4.7    The company mails are collected at the security point, verified, recorded and delivered to the office; the mails are distributed through administration officer, asking individually collect it from the office.


4.4.8    Personnel items are not allowed out of the rest room, all the belongings of employees are kept away from the production and storage areas.

4.4.9    Computer and network access shall be granted to the specific personal according to their job functions once it is a necessity, other personnel are restricted to the access.

4.4.10  All the transactions are recorded and the company has established a traceability system, which includes computer based transactions and all the manual transactions.
4.4.11  The security personnel are advised to conduct routine security inspections of the premises for signs of tampering, criminal or terrorist activities or any noticeable incidents.


4.4.12  Security has been instructed to verify security of doors and windows, while maintaining a given log book and a checklist.

4.4.13  The facility has been equipped with an emergency lighting system and backup generator which is automatically self-start and connected to the facility at power failure.

4.4.14  Floor plans, product flow plans, or any segregation charts that are relevant to the facility, its production or any other operations are up-to-date and available with responsible persons.

4.5       Secure Supply Controls
4.5.1    The company has established procedure for supplier evaluation and acceptance as well as policy for rejecting deliveries or materials that are not comply with quality/safety inspections or suspected for any sort of contamination or treat. Unauthorized deliveries are rejected and returned to the sending party.


4.5.2    The company has established a food safety procedure for withdrawal and recall, which is capable enough to manage an incident of withdrawal or recall where relevant persons are appointed with given responsibilities and proof tested with a recorded mock recall event every year.

4.5.3    The transportation department has authorized for pre-notification and scheduling of all shipments and empty trailers. “Holding” shipments that have not been pre-scheduled shall be kept at a predetermined location until the load can be verified.

4.5.4    Delivery schedules shall be established, unloading crews are supervised and product or raw materials are being inspected before acceptance and send samples to the safety/quality checks if necessary. The materials suppliers and drivers are required to check in prior to offloading to verify shipping documentation and driver’s identity.

4.5.5    The company has established procedures for inspection of incoming shipments for damage and signs of tampering. The specific notices are issued requiring all doors and hatches on incoming shipments to be sealed with a numbered seal that corresponds with a seal number on the accompanying shipping documentation. The company has also advice the relevant personnel on sealing outgoing shipments and annotating the seal number on accompanying documents.


4.5.6    The company will not accept any returned/refused containers or reusable packing materials unless they are sanitized and certified for reuse. However, case by case approval shall be granted on such individual case.

4.5.7    Products that are returned due to the tampering issues are properly inspected, evaluated, reported and recorded for any treats.

4.5.8   The company has established system to recognize and report discrepancies in finished products, raw materials, packaging/labels and chemical materials.

4.5.9    Domestic products and imported products or items shall be stored separately.

4.6       Background Screening  
4.6.1    The background screening shall be conducted through: comprehensive reference checks with previous employers (prior 2 employers), which should include validation of employment dates and compensation details in addition to qualitative information.

4.6.2    All provided educational qualifications, including degrees, diplomas or certificates will be independently checked for white-collar employees. If employment dates have not been validated by the reference checks, they need to be separately or independently validated where gaps in employment should be thoroughly investigated.

4.6.3   A police certificate shall be included in the personnel file, criminal records should be independently checked as the final step of the employment selection process. If it is not legally possible to obtain access to criminal records, a Certificate of Good Conduct from the police department or court jurisdiction will be pursued where it is possible and available.

4.6.4    Credit checks shall be conducted for specific roles that, by their nature, provide easy access to the funds of the Company or its employees, i.e., certain Finance/Payroll/HR/Senior management positions. Driving records shall be verified for those positions involved with driving automobiles, trucks, tractors, forklifts, etc.

4.6.5    The suppliers who can demonstrate their ability to carry out effective screening measures will be preferred over those who cannot. In accordance with local laws, company expects suppliers to carry out a reasonable level of reference checking on their individual suppliers.

5.0       References
5.1       Company data base on product recalls, complaints and market returns
5.2       Company employee personnel files  
5.3       Product identification and traceability procedure – Doc reference no
5.4       Gap analysis/annual self-assessment checklist – Doc reference no
5.5       HR manual – Doc reference no
5.6       Hazard Assessment
5.7       Emergency preparedness and response procedure – Doc reference no
5.8       Supplier evaluation and selection – Doc reference no
      

6.0       Records
6.1       Background screening reports
6.2       Externally available data on similar treats to the production
6.3       Visitor and employee access control records
6.4       Product or security complains, analysis and actions taken records
6.5       Self-assessment and annual evaluation records
6.6       System update records and new risk assessment conducted



Monday, April 16, 2018

Food Defense - III


Food Defense Planning
The world is a global village due to globalization where food is considered as the most dynamically traded commodity on its global market, which increases the risk of spreading contaminated and adulterated food. Other potential factors of risk are national, political, economic, business and personal differences whereas food industry has been facing many risks in recent years. Intentional contamination of food products and food fraud are some of the possible risks where implications are not limited only to food producers but also more widely. They can have negative influence on product safety and, eventually, on the business activities of a company. Therefore, one of the basic steps is to raise awareness of food defense through the whole food chain, from the food sector to government institutions while incorporating food defense education in to existing systems, training programs, and to the basic food safety curricular. There are critical factors at all levels of the food chain so one cannot prevent intentional contamination and food fraud without regulated legal provisions and effectively written procedures.

What is a Food Defense Plan?
The USDA’s Food Safety and Inspection Service defines a food defense plan as follows: “A food defense plan is a document that sets out control measures developed by an establishment to prevent intentional adulteration of product. A food defense plan should be developed, written, implemented, tested, assessed, and maintained if it is to be functional. All establishments are encouraged to operate with a food defense plan”. The elements of such a food defense plan include the following:

Assessment
As part of the assessment the establishment: looks for vulnerable points at the establishment, determines what the risk factor is for each point, develops defense measures at each point that it has identified as high risk, and creates a written plan to implement defense measures.

Implement
The food defense plan is implemented when the defense measures identified in the plan are in place and used as intended.

Test
The establishment tests the written plan by monitoring periodically to evaluate the effectiveness of its defense measures.

Assess
The establishment assesses the plan by reviewing the plan and revising it as necessary whenever new risks are discovered.

Maintain
The establishment maintains its plan by ensuring that the defense measures it implements continue to be effective.

In November 2007, the FDA introduced the Food Protection Plan as a complement to the interagency Import Safety Action Plan. The Food Protection Plan emphasizes three core elements:

Prevention
Promotion of improved food safety and defense capabilities throughout the product lifecycle.

Intervention
Coordinate risk-based interventions among federal, state, local and foreign agencies.

Response
Develop rapid and comprehensive methods to communicate with consumers and other agencies before, during and after an event.

The FDA proposes a group of activities to be included in the food defense plan. First is the Identification of actionable process steps and the implementation of Focused mitigation strategies, i.e. measures that are necessary to reduce the likelihood of intentional contamination caused by an act of terrorism. This measure is based on the risk-assessment tool CARVER + Shock and a further variable to measure is Monitoring. Nonetheless, there are Corrective actions of the food safety system that ensures the performance of the entire system. The same principles apply to food defense. Verification activities for food safety can also be used for food defense. The final step is Training which requires the employees and supervisors working in the field of food defense to become aware of food defense and their responsibilities. The last mentioned measure refers to keeping records about food protection confidential and safe from intentional adulteration caused by acts of terrorism.

Based on above developments, FDA and USDA adapted a tool called CARVER, originally used for military purposes, for vulnerability assessment in the food sector. CARVER is an acronym for the following six attributes used to evaluate the attractiveness of a target for an attack:
Criticality—refers to the impact of an attack on public health and the economy.
Accessibility—refers to the ability to physically access and egress from the target.
Recuperability—refers to the ability of a system to recover from an attack.
Vulnerability—refers to the ease of accomplishing an attack.
Effect—refers to the amount of direct loss from an attack as measured by loss in production.
Recognizability—refers to the ease of identifying a target.

The 7th attribute is shock, which assesses health, economic, and psychological impacts of an attack on the food industry. These adapted methodologies improved vulnerability assessment and allowed for the identification and estimation of economic and psychological impacts throughout the food system. Risk management according to ISO 31000 was applied in safety risk assessments ahead of food defense assessment. It has been recognized that, compared to risk, vulnerability is more a state of being that could lead to an incident.

While conducting threat analysis and assessing vulnerability with the purpose of the implementation, maintenance and improvement of food defense, one can use risk assessment methods based on the ISO standards Risk Management ISO 31000:2009 and ICH Q9 Quality Risk Management. The majority of food companies are familiar with these methods because they are used for conducting risk assessment in food safety management systems. These are methods such as Risk matrix, Checklists, Failure Mode and Effect Analysis—FMEA, etc. Risk assessment techniques are described in the supporting standard ISO 31010:2011 Risk Management—Risk assessment techniques, which provides the guidelines for the selection and application of systematic techniques in risk assessment.

Threat Assessment Critical Control Point (TACCP)
(Adapted from PAS 96:2014)

TACCP should be used by food businesses as part of their broader risk management processes, or as a way of starting to assess risks systematically.
Thus, TACCP aims to:
Reduce the likelihood (chance) of a deliberate attack;
Reduce the consequences (impact) of an attack;
Protect organizational reputation;
Reassure customers, press and the public that proportionate steps are in place to protect food;
Satisfy international expectations and support the work of trading partners; and
Demonstrate that reasonable precautions are taken and due diligence is exercised in protecting food.
By:
Identifying specific threats to the company’s business;
Assessing the likelihood of an attack by considering the motivation of the prospective attacker, the vulnerability of the process, the opportunity and the capability they have of carrying out the attack;
Assessing the potential impact by considering the consequences of a successful attack;
Judging the priority to be given to different threats by comparing their likelihood and impact;
Deciding upon proportionate controls needed to discourage the attacker and give early notification of an attack; and
Maintaining information and intelligence systems to enable revision of priorities.

Food sector professionals want to minimize the chances of loss of life, ill health, financial loss and damage to business reputation that an attack could cause. Thus, TACCP cannot stop individuals or organizations claiming that they have contaminated food, but it can help judge whether that claim is likely to be true. Any such claim, if judged to be credible, and any actual incident should be treated as a crisis. The organization needs to take steps to keep operations running and inform those involved.

Process of TACCP
In most cases TACCP should be a team activity, as that is the best way to bring skills, especially people management skills, together. For many small businesses the team approach is not practicable and it may be the job of one person. The TACCP team can and should modify the TACCP process to best meet its needs and adapt it to other threats as necessary to deal with four underlining questions:
a)  Who might want to attack us?
b)  How might they do it?
c)  Where are we vulnerable?
d)  How can we stop them?

A standing TACCP team should be formed, which could include individuals with the following expertise:
Security;
Human resources;
Food technology;
Process engineering;
Production and operations;
Purchasing and supply;
Distribution;
Communications; and
Commercial/marketing.

The team may include representatives of key suppliers and customers. However, for a small organization, one person may have to cover all of these roles. Hence, the HACCP team might provide a suitable starting point, the Business Continuity team might be a better model. The TACCP team is typically an established and permanent group able to continually review its decisions. Since the TACCP process may cover sensitive material and could be of assistance to a prospective attacker, all team members should not only be knowledgeable of actual processes, but also trustworthy, discreet and aware of the implications of the process. Nevertheless, the TACCP team should, evaluate all new information which has come to its attention while   identifying individuals and/or groups which may be a threat to the organization and assess their motivation, capability and determination; it also identify individuals and/or groups which may be a threat to the specific operation (e.g. premises, factory, site) and select a product which is representative of a particular process. For example, a suitable product would be typical of a particular production line and could be one which is more vulnerable. The process also identify individuals and/or groups that may want to target the specific product.

Team should draw a process flow chart for the product from but not limited by, ‘farm to fork’ including, for example, domestic preparation. The whole flow chart should be visible at one time. Particular attention should be paid to less transparent parts of the supply chain which might merit a subsidiary chart. Identify the vulnerable points from examination of each step of the process where an attacker might hope for success and the people who would have access. Identify possible threats appropriate to the product at each step and assess the impact that the process may have in mitigating the threats. Model adulterants include low-cost alternative ingredients to premium components; model contaminants could include highly toxic agents, toxic industrial chemicals, readily available noxious materials and inappropriate substances like allergens or ethnically unwholesome foodstuffs. For example, cleaning may remove the contaminant, heat treatment may destroy it, and other food components may neutralize it. Select the points in the process where the threat would have the most effect, and where they might best be detected while assessing the likelihood of routine control procedures detecting such a threat; i.e. routine laboratory analysis could detect added water or unusual fats and oils; effective management of buying would challenge unusual purchase orders. Score the likelihood of the threat happening, score the impact it would have, and chart the results to show the priority it should be given, and revise if this risk assessment seems wrong.

The TACCP team might ask, “If we were trying to undermine our business, what would be the best way?” It may consider how an attacker selects attack materials:
Availability;
Cost;
Toxicity;
Physical form; and/or
Safety in use, for example pesticides on farms and aggressive flavour materials in factories may be convenient contaminants.

Wherever the priority is high, identify who has unsupervised access to the product or process and whether they are trustworthy, and if that trust can be justified. Categorize, record confidentially, agree and implement proportionate preventative action (critical controls) where TACCP team should have a confidential reporting and recording procedure that allows management action on decisions but does not expose weaknesses to those without a need to know. Determine the review and revise arrangements for the TACCP evaluation. Review of the TACCP evaluation should take place after any alert or annually, and at points where new threats emerge or when there are changes in good practice. Maintain a routine watch of official and industry publications which give an early warning of changes that may become new threats or change the priority of existing threats, including more local issues as they develop.

Assessment of Treats
The following questions may include but not limited to, while assessing threats. The product, the premises and the organization can be the target of an attack from a range of groups and individuals and each element should be assessed separately. The TACCP team should consider suppliers under financial stress, alienated employees and former employees, single issue groups, commercial competitors, media organizations, terrorist organizations, criminals and local pressure groups. Commonly, a short supply chain involving fewer people may be less risky than a longer supply chain. The TACCP team could ask the following questions to assess a threat.

For the product:
Have there been significant cost increases which have affected this product?
Does this product have particular religious, ethical or moral significance for some people?
Could this product be used as an ingredient in a wide range of popular foods?
Does the product contain ingredients or other material sourced from overseas?
For the premises:
Are the premises located in a politically or socially sensitive area?
Do the premises share access or key services with controversial neighbours?
Are new recruits, especially agency and seasonal staff, appropriately screened?
Are services to the premises adequately protected?
Are external utilities adequately protected?
Are hazardous materials, which could be valuable to hostile groups, stored on site?
Are large numbers of people (including the general public) using the location?
Do any employees have reason to feel disgruntled or show signs of dissatisfaction?
Are internal audit arrangements independent?
Have key roles been occupied by staff for many years with little supervision?
For the organization:
Are we under foreign ownership by nations involved in international conflict?
Do we have a celebrity or high profile chief executive or proprietor?
Do we have a reputation for having significant links, customers, suppliers, etc. with unstable regions of the world?
Are our brands regarded as controversial by some?
Do we or our customers supply high profile customers or events?

Consideration of responses to these questions can give an understanding of the impact of a successful attack and the likelihood of it taking place. This informs a judgment on the proportionate level of protection required.

Assessment of Vulnerabilities
General Individual organizations have different business needs and operate in different contexts. The TACCP team can judge which approach and questions are appropriate and proportionate to the threats they identify.

Assessment of Economically Motivated Adulteration 
A typical feature of EMA is the substitution of a low cost item in place of a relatively high cost component/ingredient. The TACCP team needs to be alert to the availability of such alternatives. An example where this may happen is when added value is claimed, (e.g. organic, non-gm, locally grown, free range or with protected designations of origin). The attacker is likely to have ready access to lower value equivalents, which are almost indistinguishable.