Signed into law in 2011, the Food Safety Modernization Act (FSMA) represents the most sweeping reform in food safety laws in several decades. With the aim of preventing food safety incidents, the law lays out multiple requirements to ensure that good food safety controls and measures are established at every step of the food chain from farm to fork. It also gives the FDA new powers to prevent, detect, and respond to food safety issues.
Several key elements of the FSMA are likely to be finalized this year. In September 2014, the FDA announced several changes and revisions to some of the proposed rules based on feedback and comments from the industry. Here’s a glimpse into some of the key changes:
Preventive Controls for Human Food
- Farms: The FDA will not differentiate between activities conducted by a farm on its own products vs. activities conducted by the same farm on another farm’s products. Any farm that holds or packs covered raw agricultural commodities grown on another farm will be governed by the produce safety rule, and will not need to register under or be governed by the preventive controls rule.
- Significant Hazards: The phrase “Hazard that Is Reasonable Likely to Occur (RLTO)” has been replaced with the term “Significant Hazard,” although the meaning remains the same.
- Hazard analysis: Food facilities need to start thinking about radiological food hazards (classified as a subset of chemical hazards).
- Types of preventive controls: In addition to the earlier preventive controls -- i.e. process controls, allergen controls, and sanitation controls – the FDA has added supplier controls.
- Supplier controls: If a facility is relying on a supplier to control a significant hazard, then they need to have a risk-based supplier verification program. It’s up to the facility to determine the appropriate verification activity (e.g. raw material testing, review of supplier’s food safety plans). Yet, an annual onsite audit is the default requirement when exposure to a hazard controlled by the supplier could result in serious adverse health consequences or death.
- Economically Motivated Adulteration (EMA): There are multiple instances of EMA such as watering down of milk or substitution of a superior species of fish with an inferior species – which may affect product quality, but doesn’t impact consumer health. The FDA is only focused on those cases of EMA such as melamine-contaminated wheat gluten which could pose a public health hazard. These risks need to be evaluated by companies based on past occurrence (e.g. if their facility sources a product or ingredient from a country with high records of adulteration).
- Environmental monitoring: The FDA insists that environmental monitoring be appropriate to the facility, food, and nature of preventive controls. It is certainly required when a ready-to-eat product is exposed such that there is the potential for post-process contamination. In such cases, the facility in question has the flexibility to set up their own environmental monitoring program in the way they best see fit. However, they need to have written procedures and records, well-defined testing processes, and proper corrective action.
- Product testing: When implemented appropriately, product testing could be used to verify that preventive controls are effectively minimizing or preventing the occurrence of identified hazards. In other words, the testing may not always be required – for instance, when facilities have a kill-step that already eliminates identified hazards.
Preventive Controls for Animal Food
Most of the changes made to the rule on preventive controls for human food apply to animal food – particularly with regards to finished product testing, environmental monitoring, and supplier controls. But there are also some differences:
- Good Manufacturing Practices (GMPs): The FDA has made some changes to the animal food GMPs, primarily in terms of language. For instance, they’ve omitted a few statements that only apply to human food processing. They’ve also removed certain prescriptive requirements such as those in §507.17 which mandate that a plant’s floors, walls, and ceilings be constructed in a way as to be adequately cleaned and kept in good repair. Instead, the rule now states that buildings be “constructed in a manner such that drip or condensate from fixtures, ducts, or pipes does not serve as a source of contamination.”
- Food by-products: If a human food facility creates byproducts that are distributed as animal food, then these byproducts should be segregated and diverted properly - i.e. they shouldn’t be mingled with garbage, and should be protected from chemical and physical hazards. Generally, facilities that are already complying with human food safety requirements do not need to implement additional preventive controls when supplying by-products for animal food.
The FDA is also seeking comments on whether or not feed mills should be required to register as a food facility.
Produce Safety Rule
- Definition revisions: Changes have been made to the definitions of certain terms – covered activity, harvesting, holding, and packing. Also, farms that conduct activities on other farm’s products (e.g. holding and packing) are now governed under the produce safety rule.
- Water quality standard: To enhance consistency with EPA standards, the FDA has updated the microbial quality standard for water that is used to grow produce (except sprouts) using a direct application method.
- Water testing: Farms have the flexibility to conduct agricultural water tests using their own testing processes or third-party tests. They don’t have to use an FDA approved testing lab.
- Raw manure: The FDA has removed the 9-month minimal application interval for the use of raw manure.
Foreign Supplier Verification Rule
Many of the changes made to this rule are consistent with the other rules (e.g. need to control supply chain hazards even if it means going upstream, terminology change from RLTO to significant hazard, importance of supplier verification and approval, and evaluation of EMA). The other changes to this rule include:
- Verification activities: Supplier verification should be based not only on hazards, but also on supplier risks; gathered from regulatory history, test results, audits, and records of correcting issues.
- Unapproved suppliers: If a facility conducts a spot purchase or one-time purchase from a supplier who hasn’t gone through the initial approval process, there must be an “unapproved suppliers” process which details how the supplier will be verified if needed (e.g. testing).
- Audit records: While the FDA does not insist on an audit report being submitted to them, they require facilities to maintain an audit record with details of the audit procedure, dates of the audit, conclusions, corrective actions taken, and auditor qualifications.
- Foreign supplier verification vs. preventive controls: To reduce redundancies in compliance, the FDA has said that when food manufacturers are also importers, and are therefore subject to both the foreign supplier verification rule and the supplier preventive controls requirements, then compliance with the latter is adequate.
Preparing for FSMA Compliance
While these FSMA-driven rules might only be finalized towards the end of 2015, it is unlikely that other major changes will be made to the rules. So, food companies should start preparing for compliance right away. Here are a few tips:
- Determine which rules will apply to which area in your organization. Then, find the gaps and fill them -- be it in terms of implementing a new compliance management system, or establishing new compliance controls, or improving documentation.
- Train employees and suppliers on the FSMA and general food safety requirements. Establish comprehensive policies and procedures, so that everyone knows what they should and shouldn’t do. Also, set up a team with clearly defined roles and responsibilities for overseeing food safety.
- Conduct an initial hazard analysis to understand the types of physical, biological, chemical, and unintentional and intentional hazards associated with each facility and supplier. Then establish preventive controls at each point to ensure that the hazards are prevented or minimized.
- Monitor the effectiveness of the preventive controls through regular audits and inspections. Implement timely corrective action for all non-conformances. Also, remember to keep all records and documentation updated, so that they can be easily presented as evidence of compliance.
How Technology Can Enhance Compliance
Compliance with the FSMA rule can be quite challenging, considering that there are multiple activities involved. In many organizations, these activities are managed across multiple spreadsheets, emails, word documents, and systems. This siloed and manual approach often results in errors, duplication of effort, and inefficiencies.
Proactive organizations have adopted an integrated approach to compliance, enabled and supported by technology. They have consolidated their compliance data on a common platform which allows them to easily identify areas of risk across the supply chain, and also facilitate cross-functional collaboration and information exchange. All risks, controls, processes, and supplier information are mapped together in a cohesive data model that improves visibility into compliance and food safety, and helps organizations derive valuable insights for improvement.
Below is a quick look at how technology can enable and support various aspects of FSMA compliance and food safety:
Supplier and product information: Storing supplier and product information in a central repository makes it easier to identify the interdependencies between various elements (e.g. between suppliers, associated raw materials, and country of origin). It also enhances traceability – a product issue can be quickly traced back to the responsible supplier.
Regulatory information: With a common regulatory database, you can centrally manage FSMA and other food safety regulations, and map them to the associated business units, locations, products, and suppliers. This simplifies compliance monitoring, and accelerates the adoption of regulatory changes.
Hazard analysis: Many organizations are automating and streamlining hazard identification and evaluation, as well as hazard management. As a result, they save considerable time and effort, while also strengthening their ability to understand and mitigate risks in a timely manner.
Preventive controls: Storing control data in a central repository makes it simpler to manage and monitor all controls. Some companies go a step further and link the controls to risks, hazards, processes, and compliance requirements. This offers a more structured and efficient way of assessing controls.
Supplier and facility audits: Auditing multiple suppliers and facilities across the globe becomes difficult if data and communications are scattered across emails and documents. An integrated audit system consolidates data in one place for complete visibility. Some systems include portals for suppliers to upload their data which is then automatically routed to auditors for analysis.
Non-conformances and corrective actions: With the help of technology, non-conformance (e.g. lack of FSMA controls) can be routed through a closed-loop and automated process of investigation and resolution. In some cases, these non-conformances are managed centrally, as that minimizes duplication of effort, and also helps address trends and patterns in quality and safety issues across the enterprise.
Customer complaints and product recalls: Integrating non-conformance management with customer complaints and product recall management helps in proactively understanding and resolving the underlying issues that would otherwise go unnoticed. Some organizations also automate the complaints and recall management lifecycle for optimal efficiency.
Reporting: Tools such as dashboards, reports, risk heat maps, and supplier performance scorecards enable real-time tracking of FSMA compliance and food safety. Combined with rich analytics, these tools provide timely risk insights that help stakeholders make informed decisions about their food processes.
The key to effective compliance with the FSMA is to plan ahead. Build towards the basics during 2015, and then make the final adjustments in 2016. But start now. Getting ahead of the game will not only strengthen regulatory compliance, but also help protect your brand and reputation.
Dr. Jennifer McEntire, VP and Chief Science Officer, The Acheson Group and Manu Gopeendran, Associate Director, MetricStream.