Create a free account to continue

Strengthening Farm-to-Fork Food Safety Through an Effective Supplier Risk Management Program

Incidents of salmonella-contaminated peanut butter, listeria-tainted cheese, e-coli in salads, and meat adulteration have exposed the vulnerabilities in today’s food supply chains where a single instance of carelessness or a lack of food safety controls can snowball into a major food safety issue.

Incidents of salmonella-contaminated peanut butter, listeria-tainted cheese, e-coli in salads, and meat adulteration have exposed the vulnerabilities in today’s food supply chains where a single instance of carelessness or a lack of food safety controls can snowball into a major food safety issue. The Centers for Disease Control and Prevention (CDC) estimate[1] that each year, roughly 1 in 6 Americans or 48 million people get sick, 128,000 are hospitalized, and 3,000 die of foodborne illnesses.

As food companies strive to get these issues under control, they have to contend with increasingly complex supply chains that involve hundreds of products, suppliers, sub-suppliers, farmers, and other entities scattered across the globe. Within this chain, multiple leak holes could arise, including allergens and labeling issues, and post-processing contamination.

Food companies have their task cut out for them as they try to maintain consistent levels of food safety from farm to fork. Many have realized that the need of the hour is to look deep into their supply chains, proactively identify areas of risk, and mitigate them before they spiral out of control.

The FSMA, which was signed into law in 2011, is mostly focused on preventing food safety issues – part of which involves controlling supply chain risks. Under the FSMA, the FDA has proposed the Foreign Supply Verification Program (FSVP) which puts the responsibility of controlling supply chain risks onto importers of food products.  Importers now have to maintain a comprehensive list of foreign suppliers, and determine if they are compliant with FDA regulations. They also have to perform a hazard analysis on all imported food products, understand the risks associated with their suppliers, and ensure that those risks are being effectively managed and mitigated through onsite audits at supplier facilities, testing programs (e.g. COAs, ingredient testing), and reviews of supplier food safety programs.

Essentially, supply chain risk management is now a regulatory obligation. But it’s also about reducing the likelihood of recalls, and protecting your brand.

Best Practices to Ensure Farm-to-Fork Food Safety

Know Your Suppliers - Key Questions to Ask

While analyzing food safety in the supply chain, some of the key questions that arise are – who is in your supply chain? How do you figure that out? How far back should you go?

Most companies know who their immediate suppliers are. But very few have the resources to go all the way down the supply chain, and determine the original source of an ingredient or product. The rest usually rely on their immediate suppliers to do the required due diligence. But sometimes, it’s important to determine, for instance, if a supplier or sub-supplier somewhere is responsible for a critical kill step. If so, you should ideally go back a few steps beyond your immediate supplier, and ensure that sufficient controls are in place for those kill steps.

Other questions to ask -- Do you use brokers? If so, how do you assess and control the risks associated with them? Many brokers don’t share information about whom they source from. How do you deal with this?

Do you conduct food safety audits? If, so what types of audits and why? Some companies use their own internal auditors, while others hire third-party auditors. There are advantages and disadvantages to both methods. For instance, having internal auditors is necessary when a key ingredient or product is involved. But maintaining internal auditors can be expensive.

Ultimately, each company has to be judicious about their own audits. It’s also important to remember that audits aren’t the be-all and end-all of product quality and safety. They are just a snapshot in time. So use them, but as one component of a multi-faceted approach to supply chain risk management.

The same goes for Certificates of Analysis (COAs). Companies insist on COAs as evidence that suppliers have adequately tested a product or ingredient against pre-defined specifications. But how much do you actually know about the COA? Are you aware of the sampling strategy that was used? Was it just a scoop off the top of a product, or was it truly an N60 or N120 sample that was tested with diligence? What is the statistical validity of that result? Was the test done by a competent laboratory? 

Do you test ingredients/ products at the point of receipt?  What is your strategy? You want to make sure that you have a 95% assurance on the results of the test. But what do you test and how?

How do you assess risks in your supplier chain? Not all suppliers have the same risk.

These are important questions to think about regarding the supply chain. The answers don’t always come easy, but they can help you identify where your weak points are and what needs to be focused on.

Assess & Manage Your Supply Chain Risks

Measuring supply chain risks involves assessing supplier risks as well as product risks. A simple approach to risk measurement is to determine the inherent risk of a product or ingredient coming down the supply chain. For instance, if your product is a leafy green vegetable that has grown in the dirt but has not passed through a kill step, it is an inherently risky product. And if the farmers growing your vegetables don’t have good agricultural practices, they are inherently risky suppliers.

While analyzing product risk, here are some questions to think through:

  • Do your products have a history of problems (microbiological or chemical)?
  • Is there inherent geographic risk from where the products are being sourced? For instance, you may be sourcing a rare ingredient from an area of the world that is known for high levels of cadmium or lead in the soil.
  • Do you or your supplier have mitigations to control the identified risks? For instance, if you are cooking a product, you can mitigate the microbiological risks yourself. But if you are relying on a supplier to do it, then you need to check that their controls are effective.
  • Is the target consumer a high risk individual (e.g. children, elderly, immune-compromised)?

Each product can be classified into high risk, medium risk, and low risk. Generally, high risk products include animal, sea food, or fresh produce items, as well as raw agricultural products with no kill steps. Medium risk products are those that may be inherently risky (e.g. raw agricultural ingredients), but have never been associated with illness. And finally, low risk products are foods that have been effectively processed with a kill step, and do not support the growth of pathogens.

Based on this classification of products, you can develop a scoring metric. For instance, a high risk product may get a score of 10, a medium risk product may get a score of 5, and a low risk product may get a score of 1. As you work your way through a series of questions like those highlighted above, you can begin to build up a product risk score based on the answers.

The same approach can be applied to supplier risk. Here are some questions to think through while analyzing supplier risk:

  • What is the country of origin of the suppliers - do they have a robust regulatory/ food safety infrastructure?
  • What is the supplier audit status - who did it, when was it done, what type of audit was it, and do you trust the results?
  • How robust are the supplier’s preventive controls around their facilities, allergens, environmental issues, HACCP, and GMPs?
  • Have they had prior regulatory action against them?
  • How strong are their testing strategies? Do they use an accredited lab and appropriate testing methodologies?
  • Do they have a food defense program?
  • Do they have a well-defined food safety corporate culture?

Like product risks, supplier risks can also be classified into high, medium, and low based on various scenarios. For example, when it comes to third-party audits, high risk suppliers are those which have had no audits conducted. A medium risk supplier is one that had an audit conducted, but the audit was more than 12 months ago, or it didn’t show up good results, or it was conducted using questionable standards by questionable auditors. A low risk supplier usually has good score on a third-party audit which was performed to adequate standards by a reputable auditor within the last 12 months.

In this systematic way, it’s possible to develop a risk ranking for products and suppliers, and focus on those that are high risk.

When it comes to managing supplier and product risk, there is no one-size-fits-all approach. Audits, of course are important – be it internal or third-party audits. But they need to be supplemented with other things like COAs, tighter product specifications, greater supplier accountability, and supplier training and education (especially for key suppliers in high-risk regions).

It’s also essential to monitor suppliers on an on-going basis. Check if they are meeting pre-defined specs. If they are out of line, determine by how much. Analyzing such trends will help you better allocate resources for controlling risk.

Role of Technology

Centrally Manage Your Supplier & Product Information

A good practice is to maintain all supplier information in one database. This way, at the click of a button, you can find all the required data on your suppliers and sub-suppliers, as well as their testing labs, third-party auditors, facility details, logistics, locations, and certifications.

Similarly, centralize your product information – this will help you accelerate the search for specifications around raw materials, ingredients, allergens, country of origin, details of transit, and other key data.

Another best practice is to create linkages between suppliers, products, materials, attributes, and compliance requirements. This integrated approach strengthens traceability and visibility.

Supplier Risk Management

Streamline your supplier and product risk management workflows – right from risk identification, to risk assessment, risk mitigation, defining of KRIs and risk-scoring methodologies, and reporting. Use heat maps, dashboards, and charts wherever possible to enhance reporting.

Reduce Risk Exposure through Preventive Controls

There are multiple preventive controls that can be implemented, including process controls, food allergen controls, sanitation controls, recall plans, environment monitoring, cGMPs, and supplier verification. Identify which controls are relevant to your business. Then define critical control points or thresholds, and link those controls to the identified hazards.

Improve Supplier Compliance 

In a central database, consolidate all compliance documentation such as policies, manuals, Standard Operating Procedures, (SOPs), and compliance assessment certifications. This way, there is no ambiguity about who is responsible for doing what with which supplier.

Also, streamline supplier compliance reviews for maximum efficiency. And implement systems that can automatically integrate with external sources such as regulatory feeds and supplier databases to aggregate relevant information such as regulatory updates or lists of high-risk suppliers.

Enhance Supplier Audits

An effective supplier audit program is one that is systematically planned, executed, and reported. Try to automate your audit and survey processes. Also, use an integrated audit management system to centrally manage a wide range of audit activities, data, and processes.

Identify & Manage Supplier Issues

Enable a closed-loop approach to the entire process of capturing, managing, and investigating supplier issues and customer complaints. Collaborate with suppliers to implement the required corrective action.

Reporting is also important – look at the volume of issues generated from each supplier, identify root causes and trends, distill best practices, and apply them across all suppliers.

Monitor Supplier Performance

Use supplier scorecards to evaluate supplier performance. Also, leverage executive dashboards and reports that can consolidate performance data across the entire supply chain. This is really the cornerstone of effective supplier governance.

To effectively monitor supplier performance, compliance, and risks, you need powerful dashboards and reports that provide comprehensive, real-time information. By getting a centralized view of supplier risks, you can make informed decisions. 

In a Nutshell

It’s not impossible to ensure consistent food safety across the supply chain. The key is to detect and mitigate risks early and proactively. It’s also important to have real-time risk visibility to identify issues in a timely manner. And overall, measure all your risks because what gets measured gets managed, gets improved. You can then enhance supplier productivity, and improve food quality and safety right from farm to fork.

About the authors
David Acheson is the President and CEO at The Acheson Group. Sonal Sinha is the Associate Vice President of Industry Solutions at MetricStream.


More in Operations