Preparing for a FSMA Audit from FoodOnline

A recent article in FoodOnline (an informative online journal you should subscribe to if you haven't already) discusses how Kraft Heinz prepares for FDA FSMA inspections. A few key points brought up in this article are similar to what we have been hearing about from our industry friends about their recent audits.

A summary of what this company's regulatory affairs manager discussed about their company's experiences:

• 'Inspectors are calling these ‘routine FSMA inspections' and are not distinguishing between Preventive Controls and modernized GMP inspections' 
• These audits are generally more focused on high-risk products.
• Auditors had visited 7 of these audits - one full Preventive Controls inspection and six modernized GMP audits.
• Generally there are three inspectors.
• Audits have lasted 1 to 5 days, mostly 4 to 5 days.
• Four of the seven audits included swabathons (100 to 150 swabs), which included Zone 1 (30%), Zone 2 (20%) and Zone 3 (50%).  No zone 4.
• There is a focus on the company's environmental monitoring program including the records and corrective actions on positvie results.
• With regard to verification activities, they are focusing on records including corrective action logs, production schedules, sanitation records, and calibrating inspection equipment records.
• With regard to the Preventive Control plan, inspectors are reviewing the hazard analysis with questions on the justification behind each of the identified hazards.
• There is also a review of the written recall plan.
• Recently there is attention on the supply chain program.
• Review of handling of byproducts used for animal feed, consumer complaint handling, and FSPCA training looking for certificates of completion.

An interesting item in the article is that FDA will want to take photos in the facility, so a company needs to have a policy to address this.  The same goes with photocopying records.

Source: Food Online 
Inside Kraft Heinz's FSMA Inspection Readiness 
Link
By Sam Lewis, associate editor
Follow Me On Twitter @SamIAmOnFood

FDA Releases FSMA Rules on Produce, Foreign Suppliers, and Third Party Auditors

FDA released three new rules as past of the Food Safety Modernization Act. 

• The Produce Safety Final Rule focuses on requirements for farm activities associated with growing and harvesting produce.
• The Foreign Supplier Verification Program (FSVP) rules sets requirements for those importing food into the US to ensure that those suppliers are following the same requirements as US food manufacturers.
• Associated with FSVP, there is the Accredited Third Party Audit Certification Rule which sets up a program for certifying third party auditors who will evaluate foreign suppliers.

FDA Website

http://www.fda.gov/Food/NewsEvents/ConstituentUpdates/ucm472505.htm

FDA Releases Groundbreaking Rules on Produce and Imported Foods to Modernize and Strengthen Food Safety System

Constituent Update

November 13, 2015

 

The U.S. Food and Drug Administration today took major steps to prevent foodborne illness by finalizing rules that establish enforceable safety standards for produce farms, and make importers accountable for verifying that imported food meets U.S. safety standards. The agency also issued a rule establishing a program for the accreditation of third-party certification bodies, also known as auditors, to conduct food safety audits of foreign food facilities.

 

Using the Smartphone for Stealth Auditing

Is that person checking the score of the Steeler game....or I am getting audited? 


Penn State News
http://news.psu.edu/story/372963/2015/10/01/research/phone-app-allows-researchers-conduct-concealed-food-safety
Phone app allows researchers to conduct concealed food safety observations
By Jeff Mulhollem
October 1, 2015

UNIVERSITY PARK, Pa. -- Smartphones are so ubiquitous, and text messaging and social media activities so common in public places, that no one questions what anyone does with their phone. That pervasiveness allows a phone application to be used in direct, concealed observations without alerting the people being observed.

That is the conclusion of food science researchers in Penn State's College of Agricultural Sciences, who studied whether phones could be used in place of the traditional clipboards to improve the quality of data collection related to food safety observations.

Increasing Demand for Organic Food Challenges Certifying Inspector Capacity

USDA estimates that the double digit growth in organic food will reach $35 Billion in sales this year.

According to a report in the WSJ,  this has created challenges for the inspectors who certify those farms as organic.  There are 81 accredited agencies who certify farms and according to the report:

40% of these 81 certifiers have been flagged by the USDA for conducting incomplete inspections; 16% of certifiers failed to cite organic farms’ potential use of banned pesticides and antibiotics; and 5% failed to prevent potential commingling of organic and nonorganic products

It is  not an easy task....farms must keep accurate records in order to show compliance with numerous restrictions.  And these records must be maintained over a number of years to demonstrate that the food can be called organic.

But for the consumer, they are willing to pay more than double for organic foods.




Wall Street Journal - Business
http://www.wsj.com/articles/organic-farming-boom-stretches-certification-system-1418147586?mod=WSJ_hpp_MIDDLENexttoWhatsNewsThird

Organic-Farming Boom Stretches Certification System
USDA Farms Out Inspections, but Thoroughness Is Questioned
By
Caelainn Barr Dec. 9, 2014 12:53 p.m. ET


The $35 billion organic-food industry has nearly tripled in size in the past decade, challenging the Agriculture Department’s ability to monitor the more than 25,000 farms and other organizations that sell organic crops and livestock.

Revisiting Third Party Food Safety Audits

Once again third party audits take heat for an outbreak, in this case, the Listeria outbreak in Jenson Farms Cantaloupes.. In the USA Today, two viewpoints are presented. Both present valid points, but there is more that can be said. Third party food safety audits provide a snapshot evaluation of the food safety system of an organization and give an assessment of whether that facility is following that food safety system. One important limitation is that audits, as currently completed, are not as good at determining the validity of that system, in other words, how well that system is actually working to make safe food. An astute auditor can see signs that the plan is valid through results of pathogen testing, through the process parameters that are set up, but there are factors that limit this.

•  Auditors often cover a broad range of facilities and process types (even within the same commodity) and so it is difficult to have an in depth understanding of every process in every facility an auditor visits. They will not have the vast knowledge of a given pathogen as compared to a PhD who has studied that pathogen for years.
• Audits are often one day in duration, so there is little time to get into the nuts and bolts of the process. Audits will look at the broad systems that are in place and make sure they are being followed (such as GMP’s, supplier control, pest control, HACCP), but to look at the validity of a process can take days, especially when there is the lack of support documentation such as pathogen testing.
•  In most cases, auditors are not conducting microbiological analysis of the environment or of the finished product. They may look at results that are on file, but they themselves are not swabbing surfaces or pulling product from the end of the line and sending to a qualified laboratory. As was seen in the PCA case, a company may only show select results from a less reputable laboratory. So to what degree can an auditor, in a day or so, evaluate the laboratory being used, the methods that laboratory is using, and the sampling scheme used by the plant?
•  Auditors will count, in part, that the facility actually knows what it is doing. If a facility has been processing cantaloupes for years, it is easy to make the assumption they must have some clue of what they are doing. They can question why a change was made, in this case the change in process, but to make a call on the safety of that change is more difficult.
•  Companies being audited do want to pass the audit. Their business depends on it. When they hire an auditor, it is less likely they will put themselves in a position to fail….and that may mean hiring someone they know who will not put them through the ringer. Indeed, this a conflict of interest. But this practice of having the supplier pay for their own audit was started years ago by the purchasing companies requiring the audits. To get out of paying for audits of every supplier, they had the idea to make the supplier pay for the audit. Sure, the customer company provides a list of audit firms or auditors from which the supplier can choose, but still, the supplier still hires that person.

  

Because of these limitations associated with third party audits, they are not a guarantee of product safety. Rather, they are just a part of the entire food safety system that a company uses to ensure safe food. If a company uses the fact that they passed an audit as sole reason for why they believe their food is safe, then that company probably does not have true food safety systems in place. The goal of the audit for the food company is to assess their systems and provide feedback on where improvement is needed. Each aspect of the audit is there for a reason, so food companies need to embrace the intent of the requirement, not just to throw something in place to pass the audit.

  

While there has been a ratcheting up of requirements through GFSI (SQF and BRC) on both what is required in audits and what is required for someone to be a qualified auditor, some of these issues still exist. Even with government based inspection, there are similar shortcomings. Audits are an important part of our food safety system, whether internal, second party, third party , or government, but the responsibility for food safety ultimately falls on the company producing the food. Food companies must use these audits as guideposts for continual improvement. Employees, managers, and just as importantly, executive management must thoroughly understand their process and product. They must challenge themselves, with the help of auditors, to ensure their food safety system has addressed all possible food safety hazards.

  

by Martin Bucknavage 12/1/12

Auditing and the Food Safety System - Post Listeria-in-Cantaloupe

In the post-analysis of the Listeria outbreak related to cantaloupes, many have questioned how an auditor could have given passing scores to a facility responsible for so many illnesses, especially in light of the FDA audit of that facility during the outbreak investigation.   Face it, when an issue occurs in a facility, those auditors are going to find a lot of issues.

http://www.denverpost.com/news/ci_19225591

The recent outbreak of Listeria from cantaloupes should become one of those significant events with regard to food safety in the United States.  While this was the first for this pathogen in the produce related item, it certainly was not an issue that defied logic.   In the FDA investigation report, there appears to be a reasonable explanation behind the contamination scenario – product produced in an environment that allowed for the growth of listeria, a system that did not prevent contamination of the food item, and conditions that allowed it to grow on the product.   But its significance was that it is yet another tragedy that demonstrates the problems in our food chain.

As we have seen in other outbreaks, the companies that produced the food had recently passed a food safety audit.  They not only passed it, but passed with high scores.  Cleary, this is an issue.  However, is it right to put a beat-down on this auditor, and put all responsibility on them?

Clearly, it is the responsibility of the company management to ensure the safety of the product.  Companies should know their process better than anyone.  How can you expect an outside auditor, who is unlikely to know everything about every process they encounter, to hold full burden on passing judgment for the safety of a process during a one day audit? 

The problem is that some company decision makers do not know their own processes as well as they should, and often time, they are not willing to spend the time or money to do so.

·        Training – Are people trained in HACCP?  Do they understand the true risks associated with the process and the product?  Do these companies have people on staff trained in food science and technology, or if not, are they willing to hire a consultant with the proper training and experience to perform a real risk assessment? 

·        Verification testing – Do companies do ample testing to ensure the products they make are safe?  Are they testing their equipment to make sure that it is operating as it should?  Are they testing their environment for the presence for hazards that can be associated with the product or process?

·        Validation – Do companies properly validate their processes when they put them in place or make changes?  Do they have scientifically based research to support what they are doing?  Has in-plant testing been done when they commission the process?

Third-party audits are part of the food safety system, but they are by no means the entire system, especially when it comes to verification of food safety of the process.  Currently, third-party audits should provide a snapshot of how well a company is meeting the auditing standard, and hopefully will be able to catch glaring food safety issues.    Granted, with additional training, they will be better able to identify if validation documentation is present for the process and if it appears to make sense, but until these companies are willing to make the effort to truly understanding their process, there will be those companies who experience the ‘unexpected food contamination issue’.

So it is easy to pile-on the food safety auditor or even a government inspector after the fact.  Perhaps we can give them some extra training so they can identify issue better, or have them paid by someone besides the company they are auditing.  But it is important to remember that the company who makes the product is responsible for the safety.  And until that message is received by owners and company presidents who make final decisions for the products and processes, we will continue to face these same issues regardless of who pays for the audit.