A few weeks ago, I shared that the U.S. Food and Drug Administration had published a report titled Analysis of Results for FDA Food Defense Vulnerability Assessments and Identification of Activity Types. This report compiled findings from vulnerability assessments FDA has conducted on more than 50 products or processes, leading to the identification of processing steps of highest concern and to potential mitigation strategies to reduce vulnerabilities.

More recently, FDA released a new tool to help bolster the food industry’s defense measures against an act of intentional food contamination. The Food Defense Plan Builder is a software program designed to help owners and operators of food facilities—ranging from primary production and manufacturing to retail and transportation—develop customized plans to minimize the risk of intentional contamination at their individual food facilities.

The Food Defense Plan Builder guides users through a series of substantive questions about the user’s food facility and the food manufactured, processed, packed or held there to develop a comprehensive food defense plan for the facility, which includes a vulnerability assessment, broad and focused mitigation strategies, and an action plan.

The FDA does not require food facilities to implement food defense plans, but many facilities (including those in the fresh produce industry) have voluntarily put such plans into place as a result of the provisions of the Bioterrorism Act of 2002.

Should you wish to consider this new resource into your food defense plan strategy, visit the FDA website.

On Tuesday, the U.S. Food and Drug Administration released a new report titled Analysis of Results for FDA Food Defense Vulnerability Assessments and Identification of Activity Types. This report was required under Section 106 of the Food Safety Modernization Act, which I am briefly mentioning it here.

The report compiles findings from vulnerability assessments FDA has conducted on more than 50 products or processes, leading to the identification of processing steps of highest concern and to potential mitigation strategies to reduce vulnerabilities. The study utilized the results from 25 vulnerability assessments to determine if a potential “threshold” score for the implementation of mitigation strategies could be identified.

I participated in one of these vulnerability assessments through the Strategic Partnership Program Agroterrorism in 2006. For the better part of a week, FDA, DHS, USDA, and FBI representatives led industry invitees through the CARVER-Shock methodology to identify vulnerabilities in the fresh-cut produce processing environment.

Though it’s very likely many PMA members already have strong food defense/security measures in place as a result of the provisions of the Bioterrorism Act of 2002, we have linked to this new FDA report from our FSMA Resource Center should you wish to consider or incorporate its findings into any operational food defense plans.

Sometimes you can be hurt by what you believe to be true that is not, said Rick Funston, of Funston Advisory Service, LLC, at an agroterrorism meeting in late April. He cited events such as the Japan earthquake/tsunami, the Gulf oil disaster, the Icelandic volcano, and the Wall Street crash. “Shift happens” was his mantra as he noted that accelerating changes are inevitable but unpredictable.

Rick said that we all have mental models of how we see the world, and just because we haven’t seen something doesn’t mean it doesn’t exist. If you’ve been doing something for a long time, you’re more inclined to keep doing it, he said, even if the environment is telling you otherwise. He offered some tips for risk intelligence:

• Check your assumptions about the “knowns” and assume the opposite to see what would be true if something cataclysmic happened. Or look at the “opposites” as potential opportunities. Think the unthinkable.
• Maintain vigilance on signal detection and pattern recognition.
• Manage key connections: suppliers, systems, etc. How critical is each? How long can you go without it? What is the recovery time?
• Factor in velocity and momentum: How bad can it get and how fast?
• Anticipate causes of failure – company-specific and process-specific.
• Verify sources and corroborate your information.
• Maintain a margin of safety.
• Spend time looking farther out.
• Take enough of the right risks – the United States is becoming a more risk-averse place.
• Develop and sustain operational discipline.

Rick told many stories, two of which I’ll mention here. Speaking about operational discipline, he noted the DuPont company had to build confidence in the public when it decided to build a gunpowder factory in the community. They built their family home within the “kill zone” of the factory, and they would not let a factory operate until it had been operated first by a family member and then by a senior executive.

The other was a story of how complacency kills. In Aneyoshi, Japan, he noted, there are 600-year-old markers that say: “Remember the calamities of the great tsunamis. Do not build any homes below this point.”

Of course, below that point was the disaster area, disguised as great beachfront property.

Is your company ready for an uncertain future? Are you reading the tea leaves correctly? And if the worst happens, how will you recover?

At a late-April International Symposium on Agroterrorism, speaker Rick Funston of Funston Advisory Service, LLC, addressed 600 law enforcement, government, academia, and industry from more than 20 countries on identifying potential threats and preparing your company for them.

Rick noted that the 21st Century will be volatile and unpredictable, and that agriculture will be on the front lines of emerging shifts and shocks. Whether it’s extreme weather, growing demand on resources (especially water), or technology changes (e.g. GMOs), interdependent infrastructures will be affected by disruptions that cascade across networks, sectors, and borders.

He noted that there is no perfect prevention, complex systems are bound to fail, and terrorists will succeed despite our best efforts because they are adaptable. He spoke of pre-emption rather than prevention. He said resilience is the capacity to anticipate and adapt pre-emptively to shocks and shifts, preventing disruption or minimizing its impact and duration – to bounce back after a hit. Resilience, he said, is about managing outcomes, not just causes.

In tomorrow’s post, I’ll review some of the tips Rick offered the group. He urged a different way of thinking about the future, of looking at assumptions in a different way. It was a fascinating approach.

There’s no evidence of a terror attack to our food supply, but terrorists have said they want to use nontraditional weapons in their attacks, according to an FBI speaker at the late-April International Symposium on Agroterrorism. The meeting gathered 600 law enforcement, government, academia, and industry from more than 20 countries to talk about food defense.

The speaker noted that it takes everyone working together to protect the food supply. When there is a problem with a food product, it’s not clear at first whether the incident is intentional or accidental, and both have to be considered. Another speaker explained that the threat to the food supply is among the largest. Terrorists don’t have to sicken many people to have a devastating psychological impact: fear.

Other speakers noted every company needs to have a food protection strategy that encompasses both food safety (against unintentional problems) and food defense (against intentional attacks). Such protection is critical when you consider the potential for contamination, fraud, threats to your brand, and financial losses. And as one speaker pointed out, be sure you have internal controls. As he said: Gates, guns, and guards won’t work against an inside threat.

So as you build your food safety culture, which PMA’s Dr. Bob Whitaker addresses frequently, be sure you’re also building food defense. Speakers talked about the importance of risk assessment (again, a mantra from Dr. Bob) and targeting your food defense resources at risk points.

An ounce of prevention…

If we could preview the future, we’d plan a lot better, wouldn’t we? After something happens, a lot of experts pop out talking about warning signs that might have caused course corrections to avoid disaster. What can we learn about those incidents to better prepare for the future?

These are some of the issues that were addressed at the late-April International Symposium on Agroterrorism, a gathering of 600 law enforcement, government, academia, and industry from more than 20 countries. You know you’re at a security type of event when one of the speakers carries a sidearm and the snippets of overheard cell phone conversations aren’t about markets or weather but about indictments and incarceration. I’ll cover some of the learnings and questions over several posts, as the event was ripe with information.

Why is this important? We pay a lot of attention to food safety, but we don’t talk about food defense as much. Speakers noted that some of the traditional protections against adverse incidents such as guards, fencing, badges, and alarms aren’t sufficient. We need also to be alert to insider threats, cyber security, and nontraditional weapons. Speakers talked about how any incident – intentional or not – can affect the global economy, shut down a nation’s exports, and, most importantly, endanger consumers and businesses.

As noted in yesterday’s edition of Headline News and widely reported Tuesday and Wednesday by major media outlets, U.S. Department of Homeland Security officials uncovered a plot by those seeking to harm U.S. citizens through purposefully contaminating salad bars and buffets in restaurants and hotels with poison.

While many businesses in the produce industry have food security measures in place (whether as part of a food safety plan or as a separate plan), I’d like to remind our members of the various food security resources we have on our website. In addition to summaries of the bioterrorism regulations, we also have guidance for:

• Food importers and filers
• Retail stores and foodservice operators
• Producers, processors, and transporters
• Warehouse and distribution centers

To learn more, visit the Food Security section of the PMA website.

Recently, FDA and APHIS launched an online tool to help farmers and producers assess and mitigate vulnerabilities in their production processes. Called Agriculture CARVER + Shock, the tool is designed to help the food industry at the farm level implement food production security methods. The software is free and available here.

While originally developed for U.S. military use, CARVER has been adapted for the food and agriculture sector. The software currently evaluates potential vulnerabilities in the supply chains of different foods and food processes. The tool’s special agriculture module is designed primarily for harvest and pre-harvest food production operations.

In addition to providing members with information about CARVER + Shock, PMA also offers extensive food security resources via our Web site. We have information about the various components of the Bioterrorism Act as well as guidance for many links in the supply chain. For more details, visit PMA.com.

On September 8, FDA launched the Reportable Food Registry (RFR), which food industry officials – including produce companies – must use to alert the FDA when they find their products might sicken or kill people or animals. FDA sees the registry as a way to head off potential cases of foodborne illness quickly through an electronic portal. The requirement to use the registry took effect with the launch of the portal.

PMA participated in a stakeholders conference call with FDA when the portal was launched. You can get the latest information about the registry and FDA’s guidance at PMA’s Food Safety page.

Anyone who has to submit registration information to the FDA now must also tell the FDA within 24 hours if they find a reasonable probability that an article of food will cause severe health problems or death to a person or an animal. This requirement applies to all fresh produce. Examples include bacterial contamination, allergen mislabeling or elevated levels of certain chemical components.

When reporting, a responsible party must investigate the cause of the adulteration if the adulteration of food may have originated with the responsible party; must submit initial information followed by supplemental reports; and must work with the FDA authorities to follow up as needed. Companies are not required to report if they found the problem before the food was shipped and corrected the problem or destroyed the food.

The agency issued draft guidance on the RFR in June and sought comment; PMA offered comments to improve the registry for industry use and worked with a member to test the system at FDA.

Should you need to use the registry and find there are problems, please notify us at PMA so we can work with FDA to further improve the system.

Today our friends at FDA let us know that proposed guidance implementing a Reportable Food Registry will be published in the Federal Register June 11. The guidance will help food companies understand how to report food products that could make consumers ill at a new online portal that will open September 8.

The proposed guidance will apply to all firms that currently are required to register with FDA under the Bioterrorism Act rules – including non-U.S. firms through their U.S.-based contacts. The guidance will explain who must submit these reports and how, when and where to submit them. And it will explain when you don’t have to file a report (e.g., if the product never left your control or if you were able to correct the problem). It will also outline information about notifying others in the supply chain about these reports.

There will be a 45-day comment period; comments are due July 27.

Prompted by Congress in 2007 legislation, this expands on FDA’s efforts to enhance food safety, which as you know from this blog and our other activities is one of PMA’s top priorities.