Food defense: lock it down!

Nuno F. Soares

Nuno F. Soares

Intentional contamination could be defined as a deliberate action to introduce something into a food product, frequently with the intention to induce damage to the consumer, the company or both. This type of crime can be committed during food processing, food storage, food service and food retail operations by a wide variety of people for different reasons. For example, in September 2017, the Germany police hunted and arrested a man suspected of poisoning five jars of baby food to extort millions of euros from supermarkets and pharmacies. He used ethylene glycol, a sweet-tasting chemical that can be lethal to adults and babies. In 2016, the owner of a sweet shop mixed pesticides in the sweets being baked at the time, killing at least 30 people in Pakistan. He confessed that he wanted to teach a lesson to his brother, who co-owns the shop, in an act of anger and revenge. Back in 2008, Lidl employees poisoned the discarded foodwith cleaning liquids at a store near Stockholm because they were “tired” of homeless people picking through their trash bins. Though they had put up a warning sign near the bins, contaminated food still disappeared.

The examples above clearly show that despite different motivations people can intentionally use food products as a vehicle to prejudice organizations or other people and therefore food defense should be a topic on the table of any food products organization.

PAS 96 has been recently updated to the 2017 version

In 2014, the British Standards Institution (BSI) published ‘‘The guide to protecting and defending food and drink from deliberate attack’’ (PAS 96), updated in 2017 and where food defense is defined as “procedures adopted to assure the security of food and drink and their supply chains from malicious and ideologically motivated attack leading to contamination or supply disruption”. Based on this guide, 4 main steps can be put together and should be part of a food defense plan:

1. Form a team

The first step is to put together a team to deal with this type of problems, which could include individuals from different areas, like security, human resources, food technology, production and operations. In small companies is likely that one person has to assure all these roles or that external assistance is required.

2. Identify and assess threats

The team must identify individuals and/or groups which may be a threat to the company, premises or a product and assess their motivation, capability and determination. For example, it should be considered dissatisfied employees and former employees, suppliers under financial stress, commercial competitors, terrorist organizations, criminals and local pressure groups.

3. Identify vulnerable points

The next step is to identify the organization vulnerabilities where an attacker can act, what are the most important areas, products or documents, for example. The organization should have special attention to areas or machines that have direct impact on food safety or facilities like energy or water.

4. Implement necessary controls

After the identification of vulnerable points, the team must implement proportionate preventative actions (critical controls) and keep confidential reports and procedures that allow management action on decisions. For example, in the access to the premises the company can install a perimeter alarm system, install a fence or use a Closed-Circuit Television (CCTV) to increase safety. To control the access of people to certain spaces, it can be used an electronic card or an PIN’s introduction system.

Although the increasing importance given to food defense, as is the case of the food safety standards described below, it is not yet generalized addressed in legislation. For example, the EU legislation has not defined the concept of food defense yet or established clear requirements for its implementation.

It is generally mentioned in Food Safety Standards that organization shall put in place appropriate control measures to reduce or eliminate the identified threats/potential risks.

BRC, SQF, IFS and FSSC 22000 address food defense procedures on their food safety standards in a dedicated clause. IFS new version (6.1) published in November 2017, keeps the same content as the version 6 clause, only the title changed slightly, from Food defense and external inspections to Food defense plan and external inspections. FSSC 22000 version 4.1 includes food defense as an additional requirement. BRC (version 7) does not use the expression food defense but address the subject in a similar way. A table including the clauses about food defense in each standard will be sent to all Food Safety Books Connected members together with the article PDF.

BRC, IFS and FSSC 22000 mention that the organization shall have a documented and implemented threat/potential risks assessment procedure. To identify the threats/potential risks, the organization must assess the susceptibility of its products to potential acts of sabotage. Based on the assessment, critical areas to secure shall be identified and controlled to prevent unauthorised access. For BRC and IFS, food defense hazard analysis and assessment of associated risks shall be conducted annually.

It is generally mentioned that organizations shall put in place appropriate control measures to reduce or eliminate the identified threats/potential risks. SQF specifies measures taken to ensure the secure storage of raw materials, packaging, equipment and hazardous chemicals.

All standards’ procedures include access restriction. FSSC 22000 describes that access should be physically restricted by use of locks, electronic card key or alternative systems. BRC, IFS and SQF refer that measures shall be implemented to ensure only authorized personnel have access to production and storage areas. A visitor reporting system shall be in place for both BRC and IFS. Also for these standards, staff shall be trained in food defense/site security procedures. IFS adds that employee hiring and employment termination practices shall consider security aspects as permitted by law.

SQF and IFS mention the importance of responsibilities’ definition for food defense and that the persons in charge shall be key staff and have access to the top management team. FSSC 22000 states that the organizations Food Safety Management System shall include and support the food defense plan and its policies, procedures and records.

Draft BRC Version 8 Consultation

Draft BRC Version 8 Consultation

By Kassy Marsh23rd January 2018BRC Compliance

Since the draft BRC V8 was released for consultation, I thought you might like to see my thoughts on the changes to the standard and my feedback that I submitted to the BRC. We can then use this post, to compare the changes in the actual standard, when V8 is issued. So here is my feedback to BRC as part of the consultation process for the draft BRC V8 – word for word, as it was actually submitted…

Food safety culture

Does the addition of the clause 1.1.2 to the management commitment section, which states the site must have a food safety culture plan, mean that the food safety culture additional module is being incorporated into the main standard? Or will it still be an additional and optional module? Could you please can you clarify in the interpretation guide.

Integrity

1.1.5 also now refers to integrity. Will ‘integrity’ be defined in the definitions section?

HACCP

The HACCP section has been amended in line with FSMA, however it still refers to CCPs (which are not a requirement of FSMA) and does not refer to PCs (which are a requirement to FSMA). I presume that either PCs or CCPs or a combination of both are acceptable. If this is the case, could this be clarified.

Supplier approval

Clause 3.5.1.2 has been amended to state that a 2nd or 3rd party audit is acceptable, but only if the stated elements can be evidenced. Following the publication of version 7; the 2nd and 3rd party audit was clarified (on the BRC website or through a position statement), to state that any non GFSI audit was acceptable as long as the audit report was available, along with the evidence of close out of any non-conformances raised during the audit. This included SALSA. Given that we now need to provide evidence of the competency of the auditor, would an auditor that has been vetted by SALSA or any others certification body be sufficient, or would we need actual evidence such as training certificates? In which case, this would eliminate the application of 3rd party audits, where such evidence wouldn’t be available. Please could you clarify in the interpretation guide.

Also, when approving farm level suppliers, where certificates such as red tractor are applicable, the scope of the audit would be different from the elements stated (e.g. HACCP review would not be completed). Can the standard make reference to this type of approval and what the requirements would be?

Traceability

I really like the addition to clause 3.9.3; the trace test should include a summary of the documents used during the test and clearly show the links between them. This will help sites to make sure that each document is clearly linked. In addition to this, it would be good, if you could clarify that this includes where traceability information changes. i.e. where one trace code changes to another – at a point of the process; that the documentation must show both the old and the new lot code (on the same document) and the link between them.

Incidents

3.11.1 now has cybercrime included. It would be beneficial to include loss of IT infrastructure (not due to crime).

Customer focus

Would it be possible for you clarify in the introduction to the standard, why this section has been removed again; to aid our understanding of the development of the standard.

Food defence

Really pleased to see that food defence has been added to the standard, in line with GFSI. Clause 4.2.1 states that both internal and external threats shall be included in the assessment. My interpretation of ‘internal’ is on site threats which would include both outsiders gaining access to materials (e.g. unlocked silos) and also, site personnel causing contamination or damage maliciously. If this is the case, then I don’t think ‘internal’ clarifies both of these types of internal threats. Could this be further clarified please?

Metal detection

Could clause 4.10.3.4 be amended, as a memory/reset function test requires clear packs to be placed in between the 3 packs. 3 consecutive (successive) packs is not a memory test. Therefore, the clause is confusing.

High care & high risk

Given that you’ve now moved all the high care and high risk elements to its own new section, section 8, I would like to request that we take this opportunity to simplify the zones and eliminate the need for high care. I understand the current definitions of high risk (cooked) and high care (treated but not cooked), but they don’t really make sense when you look at them closely. Where both sets of products have a use by, require chilled storage and have the potential to allow pathogenic growth – why do we say that it’s ‘acceptable’ to ‘contaminate’ high care products, whereas it’s not acceptable to ‘contaminate’ high risk products? Take the examples provided on the decision tree; a “prepared meal without a garnish” is a high risk product, because it’s been cooked. So, we’re saying it has a higher potential to cause food poisoning. But, a “prepared meal with garnishes” is a high care product. So, we’ve taken potentially the same high risk product, and added something that is not as ‘clean’ to it and now it has less potential to cause food poisoning, so we don’t have to protect it as much from contamination.

High care and high risk cause so much confusion in industry and essentially anything entering a high level zone should have gone through sufficient decontamination to make it safe to eat within its given life and not contaminate the high level zone. Why confuse matters any more than that?