Process Control and the Food Safety Modernization Act
By Richard F. Stier and John G. Surak, Ph.D.
We have now had about 6 months to study the Food Safety Modernization Act (FSMA). This time has allowed some of the dust to settle. There are several more interesting parts to the act. One part includes the use of the word “verification,” which is mentioned 16 times. The big question is: How will the U.S. Food and Drug Administration (FDA) define verification for interpretation of the regulations? Verification can be defined in several ways (see sidebar at bottom).[1-4] The new regulations will require verification that the food safety system is working effectively. Finished product testing and environmental testing will be included in the verification process. These verification activities must be recorded, and the records must be made available to FDA upon request.
A Review of Verification
There are four major ways to perform verification activities of a food safety system.
• Non-audit review of documents. An example is having a quality assurance professional review production documents to ensure that all of the Critical Control Points for a specific lot of product have been met.
• Conducting monitoring and measurement activities. These can include conducting environmental monitoring studies to ensure the effectiveness of the cleaning and sanitation program.
• Determining whether components of the food safety management system are operating correctly. For example, determining if an operator has achieved the desired competencies after completing a training program.
• Audits of the food safety management system.
Verification of control measures should be done using a two-step process. The first step is the evaluation of the individual verification results. This is basically a comparison of a measurement to some criterion such as a specification, that is, a picture of the effectiveness of the activity. This evaluation is used to determine whether there is a big change in the process or in a product characteristic. The second part is the analysis of the results of verification activities. In this part, a comparison is made to determine whether the verification activities are accomplishing the following:
• Meeting the planned arrangements
• Evaluating multiple verification activities to determine any need to update the food safety management system
• Identifying any trends in a verification activity
• Determining if corrective actions are effective over a period of time
• Providing input in internal audits
Essentially, the second step determines the effectiveness of the activity over time and whether there are gradual changes that will eventually bring trouble. Both steps are essential for ensuring an effective food safety management system.
Figure 1 shows how a simple control chart can be used to assist in the verification process. These data were from a meats class offered at Clemson University. The class was offered in both the fall and spring semesters. As part of the class, students were taught environmental sampling. The lab was swabbed after the cleaning process and before the sanitation process. The results were plotted on an individual control chart. The individual control chart shows that there was a difference in the aerobic plate count (APC) levels between the fall semester (August through December) and the spring semester (January through May). The second semester started at Row 69. In addition, there were warning signs that things may have been deteriorating. A small signal in the increase in APC levels is observed in Row 96 (Figure 1). Since no corrective actions were immediately taken, the actions in the meats lab led to the big spike in APC levels that occurred starting with Row 109.
Sampling and Finished Product Testing
The FSMA also mentions that finished product testing will be part of the food safety system. The first law of food safety is as follows: If a lot tests positive for a pathogen, then the lot must be classified as positive for the pathogen. The second law of food safety has an interesting caveat: If the lot tests negative for a pathogen, and a non-statistical sampling program was used to collect the sample, then we really do not know if the lot contains a pathogen.
This type of sampling plan is known as a lot acceptance sampling plan. When such a plan is used ito determine whether a specific lot of product contains a pathogen, one takes a sample of units from the product and tests the samples for the presence or absence of the pathogen. If a pathogen is found in any of the samples, the lot is classified as containing the pathogen. If the pathogen is not found in the samples, one can state with a certain level of confidence that the product is free of the pathogen.
One of the main issues in using a lot acceptance sampling plan is the proper selection of the sample size. The sample size is dependent on the proportion of units that are contaminated with the pathogen. As a result, the n=60 sampling scheme may or may not provide the proper level of confidence that a lot is free of a pathogen. For example, if 5% of the units in the lot are contaminated with a pathogen, then an n=60 sampling program, with a rejection of the entire lot when one sample tests positive, will provide 95% confidence that the lot is free of the pathogen. If the portion of samples contaminated drops to 1%, then the sample size must increase to 300 samples to have the same level of confidence. Additionally, if the contamination level drops to 0.1%, the number of samples must be increased to 3000. If the sample size is less than these amounts, then the confidence one has in the results is too low. If a food processor wants to use a lot acceptance plan, the authors recommend that an expert in product sampling statistics and food safety work with the food processor so that a proper sampling plan can be constructed. If a government regulatory agency sets a performance standard that is based on a lot acceptance sampling plan, the food processor should take a parallel sample, have the sample tested and hold the product until all of the test results are received and interpreted.
A big question remains. Can end-product testing provide meaningful results to assess the effectiveness of a company’s food safety system? The answer depends on how the food processor uses the data. A more effective way is based on properly designing a process to assure that pathogens are not present in the product and then monitoring the process to ensure that the process has not changed. Control charts can then be used to monitor the stability of the process. If the control charts produce a signal, indicating that the process has changed, the change may increase the risk for the presence of pathogens in the product. When a change is detected in the process, the food processor must do the following:
• Make corrections to the process to bring the process back into control
• Have a process authority examine process data to determine whether there is an increased risk that the lot contains pathogens
• Conduct a root cause analysis to determine the probable cause of the process deviation.
If the production lot does not contain an increased risk of pathogens, the lot can be shipped. Otherwise, the processor must make an appropriate disposition of the lot. This concept is not new. It is just a combination of HACCP and process control techniques that are defined in Statistical Process Control.
The National Academy of Sciences made two important statements in the “Green Book:”
HACCP provides a more specific and critical approach to the control of microbiological hazards than is achievable by traditional inspection and quality control.
Testing of finished products was not an effective means of protecting the consumer and assuring the foods were free of microorganisms of public health significance.
The U.S. Department of Agriculture, in a 1989 concept paper, stated the following:
If system is working, there should be little requirement for testing finished product other than monitoring purposes.
These statements are still relevant. We should develop our food safety systems with these concepts in mind.
Richard F. Stier is a consulting food scientist with international experience in food safety (HACCP), Good Manufacturing Practices compliance and food microbiology. He is a member of the Institute of Food Technologists and an editorial advisor to Food Safety Magazine. He can be reached at firstname.lastname@example.org.
John G. Surak, Ph.D., is the principal of Surak and Associates and provides consulting for food safety and quality management systems, auditing management systems and implementing Six Sigma. He serves as an editorial advisor to Food Safety Magazine. He can be reached at email@example.com; www.stratecon-intl.com/jsurak.html.
2. www.fda.gov/Food/FoodSafety/FSMA/ ucm247559.htm.
3. Codex. 2008. Coded guidelines for the validation of food safety control measures. CAC/GL 69 – 2008.
4. ISO. 2005. ISO 22000:2005 Food safety management systems - Requirements for any organization in the food chain. Geneva, Switzerland.
5. National Academy of Sciences. 2010. An evaluation of the food safety requirements of the federal ground beef program. Washington DC.
6. National Academy of Sciences. 1985. An evaluation of the role of microbiological criteria for foods and ingredients. Washington DC.
7. U.S. Department of Agriculture/Food Safety and Inspection Service. 1989. The Hazard Analysis and Critical Control Point System (HACCP) and Food Safety and Inspection Service: Concept Paper. FSIS Information Office, Washington DC, October.
Definitions for Verification
Regarding Hazard Analysis and Critical Control Points (HACCP): Those activities, other than monitoring, that determine the validity of the HACCP plan and that the system is operating according to the plan.
The Foreign Supplier Verification Program (FSVP) defines verification in the following way: The FSVP requires importers to conduct risk-based foreign supplier verification activities to verify that imported food is not, among other things, adulterated and that it was produced in compliance with FDA’s preventive controls requirements and produce safety standards, where applicable.
Codex has separated the concepts of validation and verification. They use the following working definition for verification: Verification is an ongoing activity used to determine that the control measures are effective through a variety of activities, including observations of monitoring activities and review of records to confirm that implementation of control measures is according to design.
ISO 22000 uses the following definition for verification: Confirmation through the provision of objective evidence that specified requirements have been met.