Intentional contamination could be defined as a deliberate action to introduce something into a food product, frequently with the intention to induce damage to the consumer, the company or both. This type of crime can be committed during food processing, food storage, food service and food retail operations by a wide variety of people for different reasons. For example, in September 2017, the Germany police hunted and arrested a man suspected of poisoning five jars of baby food to extort millions of euros from supermarkets and pharmacies. He used ethylene glycol, a sweet-tasting chemical that can be lethal to adults and babies. In 2016, the owner of a sweet shop mixed pesticides in the sweets being baked at the time, killing at least 30 people in Pakistan. He confessed that he wanted to teach a lesson to his brother, who co-owns the shop, in an act of anger and revenge. Back in 2008, Lidl employees poisoned the discarded foodwith cleaning liquids at a store near Stockholm because they were “tired” of homeless people picking through their trash bins. Though they had put up a warning sign near the bins, contaminated food still disappeared.
The examples above clearly show that despite different motivations people can intentionally use food products as a vehicle to prejudice organizations or other people and therefore food defense should be a topic on the table of any food products organization.
PAS 96 has been recently updated to the 2017 version
In 2014, the British Standards Institution (BSI) published ‘‘The guide to protecting and defending food and drink from deliberate attack’’ (PAS 96), updated in 2017 and where food defense is defined as “procedures adopted to assure the security of food and drink and their supply chains from malicious and ideologically motivated attack leading to contamination or supply disruption”. Based on this guide, 4 main steps can be put together and should be part of a food defense plan:
1. Form a team
The first step is to put together a team to deal with this type of problems, which could include individuals from different areas, like security, human resources, food technology, production and operations. In small companies is likely that one person has to assure all these roles or that external assistance is required.
2. Identify and assess threats
The team must identify individuals and/or groups which may be a threat to the company, premises or a product and assess their motivation, capability and determination. For example, it should be considered dissatisfied employees and former employees, suppliers under financial stress, commercial competitors, terrorist organizations, criminals and local pressure groups.
3. Identify vulnerable points
The next step is to identify the organization vulnerabilities where an attacker can act, what are the most important areas, products or documents, for example. The organization should have special attention to areas or machines that have direct impact on food safety or facilities like energy or water.
4. Implement necessary controls
After the identification of vulnerable points, the team must implement proportionate preventative actions (critical controls) and keep confidential reports and procedures that allow management action on decisions. For example, in the access to the premises the company can install a perimeter alarm system, install a fence or use a Closed-Circuit Television (CCTV) to increase safety. To control the access of people to certain spaces, it can be used an electronic card or an PIN’s introduction system.
Although the increasing importance given to food defense, as is the case of the food safety standards described below, it is not yet generalized addressed in legislation. For example, the EU legislation has not defined the concept of food defense yet or established clear requirements for its implementation.
It is generally mentioned in Food Safety Standards that organization shall put in place appropriate control measures to reduce or eliminate the identified threats/potential risks.
BRC, SQF, IFS and FSSC 22000 address food defense procedures on their food safety standards in a dedicated clause. IFS new version (6.1) published in November 2017, keeps the same content as the version 6 clause, only the title changed slightly, from Food defense and external inspections to Food defense plan and external inspections. FSSC 22000 version 4.1 includes food defense as an additional requirement. BRC (version 7) does not use the expression food defense but address the subject in a similar way. A table including the clauses about food defense in each standard will be sent to all Food Safety Books Connected members together with the article PDF.
BRC, IFS and FSSC 22000 mention that the organization shall have a documented and implemented threat/potential risks assessment procedure. To identify the threats/potential risks, the organization must assess the susceptibility of its products to potential acts of sabotage. Based on the assessment, critical areas to secure shall be identified and controlled to prevent unauthorised access. For BRC and IFS, food defense hazard analysis and assessment of associated risks shall be conducted annually.
It is generally mentioned that organizations shall put in place appropriate control measures to reduce or eliminate the identified threats/potential risks. SQF specifies measures taken to ensure the secure storage of raw materials, packaging, equipment and hazardous chemicals.
All standards’ procedures include access restriction. FSSC 22000 describes that access should be physically restricted by use of locks, electronic card key or alternative systems. BRC, IFS and SQF refer that measures shall be implemented to ensure only authorized personnel have access to production and storage areas. A visitor reporting system shall be in place for both BRC and IFS. Also for these standards, staff shall be trained in food defense/site security procedures. IFS adds that employee hiring and employment termination practices shall consider security aspects as permitted by law.
SQF and IFS mention the importance of responsibilities’ definition for food defense and that the persons in charge shall be key staff and have access to the top management team. FSSC 22000 states that the organizations Food Safety Management System shall include and support the food defense plan and its policies, procedures and records.