Incident Management: Food Safety Requires Competence
By Bizhan Pourkomailian, Ph.D.
With food safety-related recalls becoming more commonplace, it is essential for incident response teams to understand and implement processes that will help manage these events in the most transparent and effective ways possible. How your company chooses to function in the middle of a crisis, especially during the early stages when communication is most critical, will undoubtedly affect your entire business going forward.
Incident management may mean different things to different people. As with all discussion points, it is always best to clarify the meaning of the subject under scrutiny. Therefore, before diving into this subject, here are definitions of the keywords in this discussion:
Risk — The potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable outcome)
Incident — An occurrence of seemingly minor importance that can lead to serious consequences
Crisis — Any event that is, or is expected to lead to, an unstable and dangerous situation affecting an individual, group, community or whole society
Management — The act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively
These words themselves are self-explanatory; however, their combination would define why different management practices would be required in different circumstances. To clarify which management practice suits which circumstance, one must consider the various management needs:
Risk Management — In simple terms, this would relate to practices designed to prevent a situation from occurring
Incident Management — The situation in this case has occurred and it is time to limit the damage by stopping the incident from becoming a crisis
Crisis Management — At this point, the damage has occurred or is continuing and the response has to be swift to clean it up and in some cases limit it (a heightened incident)
One may look at this list and select a management practice based on the situation at hand. In reality, businesses need all three to function efficiently. Logically, the design of the program begins with risk management, followed by incident management and ending with crisis management. However, since the processes of risk, incident and crisis management are very similar, all may be prepared at the same time. In all three, the issues of concern and their management are the same; just the degree of urgency and escalation differ.
It must be understood that the implementation of a risk management program does not always prevent an incident or crisis. The value that a well-designed program brings is in the preparedness of the organization for any inevitability. When an incident does occur, success is evident when the organization prevents panic and chaos, and stops the incident from becoming a crisis. All too often, an organization is faced with an incident that occurred elsewhere but not due to failure in its own programs. Yet, the organization must respond and prevent the incident from becoming a crisis for its own business. Naturally, there also are cases where the incident is the direct result of action taken by the organization. In either case, whether the organization is directly or indirectly involved, the incident must be managed.
Causes of Incidents
Incidents occur every single day, and since they are often prevented from becoming crises, most are invisible to all but a few. In some cases, however, they lead to a crisis, and at that point, based on the severity and scale, the news travels across the world. The types of incidents may be separated into two groups, food related and non-food related. A few examples are given below:
• Contamination of raw food or feed
• Consumer illness
• Chemical residues
• Foreign objects
• Supply chain interruption
• Natural disasters
° Power plant accident
° Political unrest
° Resource depletion
Although these are separated here, in reality, many are interrelated. The non-food related incidents will eventually affect the food supply chain and vice versa. Two examples demonstrate this interrelationship: The case of the tsunami in Japan in 2011 and the 2011 Shiga toxin-producing Escherichia coli (STEC) outbreak in Germany.
Japan Tsunami. The natural movement of the Pacific tectonic plates near Japan caused a powerful earthquake with a magnitude of 9.0 that triggered a tsunami. Both the earthquake and tsunami had devastating effects on the food supply chain—roads damaged, production sites destroyed and people uprooted. The crisis further developed as the loss of electrical power and then a subsequent failure of emergency systems at a nuclear power plant caused a core meltdown, causing widespread radioactive contamination. Food manufacturers faced raw material contamination as well as potential contamination of products due to damaged manufacturing sites.
German STEC Outbreak. The STEC outbreak in Europe that began in Germany in 2011 was responsible for over 2,000 cases of foodborne illness and over 20 deaths. The culprit was eventually identified as freshly sprouted seed, yet originally, cucumbers from Spain were identified as the source. These mistakes led to supply chain interruption and political unrest between the countries.
These examples illustrate the effects of non-food related crises on food-related issues and vice versa. Nevertheless, preparedness comes by conducting a risk assessment and implementing management protocols to stop a potential incident occurrence.
The Incident Management Process
For a food manufacturer to be in a secure position, the organization would need to assess all possible causes of a potential incident and its risk of occurrence. Generally, this would not be practical, so only reasonably possible causes would be evaluated. However, before this information can be gathered, an incident management team would need to be formed. This team would look at the risks of potential incidents and how crises may be avoided. The formation and composition of the risk management team (RMT) is very similar to those of Hazard Analysis and Critical Control Points (HACCP) systems. The RMT must be multidisciplinary, comprising staff from key departments. In some circumstances, it may be deemed necessary to include members external to the company.
Membership should be drawn from the following departments:
• Supply chain
• Quality assurance (QA)
• Human resources
• Information technology
The core of the RMT is often drawn from the supply chain and QA departments. The selection of team members would need to be determined by relevant skill sets. The group would have many tasks to perform but would need to begin by establishing the ground rules such as clarifying various definitions:
Food Safety Risk — The potential for food to be affected—or be perceived to be affected—and leading to the possibility of putting at risk the health and safety of customers, consumers or employees. This may be, for example, actual or perceived contamination of raw product/feed (chemical, radiological or microbiological), customer illness, food allergens, animal/other residues in food or foreign bodies in food or packaging.
Legislation — Since January 1, 2005, EU Food Safety Law (Regulation 178/2002) has been in effect. This regulation specifies EU-wide procedures in matters of food safety and places a specific obligation on food business operators to immediately inform regulatory authorities if food is assessed to be “injurious to human health” or “unfit for human consumption.” European and/or local regulations may apply in the event of product contamination and/or product recall. Any incidents are then reported in the EU Rapid System Alert for Food and Feed.
Risk Management Policy — The organization would need to have a policy in place to define its priorities, which the RMT would look to safeguard through the process.
Defining Roles and Responsibilities — The RMT has ultimate responsibility for categorizing and managing the food safety risk, delegating to other company staff as appropriate. All communications, whether for notification, withdrawal or recall, must be approved by the RMT to ensure, among other things, that messages are consistent.
Ownership — The RMT chair or a designated member would need to be responsible for the documentation that defines the program.
Alert System — It is vital that a robust alert system is established to allow the RMT members to connect with each other in cases of incidents and/or crises.
Training — As the RMT designed and put the program together, they would be the ideal candidates to train or establish training programs for other company staff.
Having established these basic requirements, the RMT would need to develop the process for managing any potential incident. As such, various logical steps may be followed:
1. Food Risk or Incident Identification. As previously described, incidents have many possible causes. In setting up the program, the RMT would need to identify as many causes as it can. Items such as allergen contamination or earthquake from the noncomprehensive list presented earlier in this discussion would need to be identified.
2. Identification of Information Sources. It is vital to know where information about an incident may come from. The information sources could be many:
• Local authority
• Nongovernmental organizations
3. Setup of Information-Gathering Protocol. Having identified where the information might come from, tools must be in place to efficiently capture it. At this point, it is necessary to ensure that the protocol established is fast, accurate and from a reliable source. The information has to be confirmed and verified before any action is taken.
4. Alert System. Once information has been received, an alert system must be established that would notify the relevant personnel. The notification would need to cascade to the activation of the RMT.
5. Initial Briefing. The RMT would need to meet/connect to evaluate the situation and identify resources needed. The composition of the team would be based on the subject matter, personnel availability and expertise required. Key responsibilities need to be assigned to gather the full team, schedule the next briefing and most importantly, to notify senior management on the status quo.
6. Full-Team Briefings. When the full team has been gathered, a strict, formalized approach is essential for clarity and efficiency. A possible format would entail:
a. RMT leader (established in initial briefing) self-introduction
b. Roll call
c. RMT checklist: Develop and use the checklist to ensure capture of all relevant information.
i. Incident description
• What has happened?
• Is there a direct, indirect or no direct link with the organization?
• What is the external awareness level?
• What is the extent of customer/personnel effect?
• Is there a short- or long-term duration?
• Is any additional work in progress or needed?
ii. Incident status
• What are the RMT objectives?
• What communication is needed?
• What resources are needed?
• Response timelines
• Response effectiveness
• How this could have happened?
d. Administrator: Key information from the calls and meetings must be captured, approved and distributed after the calls/meeting. Creation of a central data information file would allow all members of the team to access relevant data during and after the incident.
e. Team actions: The team would need to discuss items on the team checklist as well as further points:
• Identifying additional resources and support
• Identifying major stakeholders and potential issues
• Identify communication strategies—select a good communicator who can relate to the audience. Also, there is a need to set a strategy to ensure the appropriate information is communicated at the correct time in an appropriate manner. The information presented should satisfy the following criteria:
° Concern: There is genuine understanding of the situation of those affected
° Control: Provide confidence that the situation is well in hand
° Commitment: Show that the organization will not stop until the situation has been resolved
• Identify triggers that would assist in the proactive recognition of escalation toward a worst-case scenario
f. End of call/meeting: The discussions must be summarized, actions assigned to members and the next call or meeting time set up.
7. Handover. Some issues will persist for a long time. This may require a change in team makeup. In that case, a handover protocol would be needed. A logical and informative format would be the best option, which should involve:
• The new member being presented to the administrator
• The administrator introducing the new member to the RMT
• For a short period, both new and outgoing members participating in the engagement. When all members of the RMT are satisfied with the handover, it will be finalized.
• Logging of the process
8. Stand-Down Checklist. The RMT will need to decide at some point that stand-down is necessary. Before doing so, various agreements would be needed:
• Do all members agree on the stand-down?
• Does senior management agree on the stand-down?
• Have relevant stakeholders acknowledged that normal activities may commence?
When these points have been agreed on, these checkpoints should be followed:
• RMT leader to lead team debrief on stand-down to establish key learning
• RMT leader to ensure additional response teams (e.g., media) are informed of stand-down if necessary
• Administrator to ensure all log sheets, e-mails and notes are collected and filed
• RMT to monitor situation to assess whether the issue could reoccur and, if required, discuss any necessary corrective actions
• RMT leader/human resources to consider whether employees could be suffering from managing the issue and consider appropriate strategies
• RMT to consider whether follow-up engagement is required with any of the identified stakeholders and, if so, develop an engagement plan
• The RMT should consider sending thank-you notes to those who have provided support both internally and externally
With the process in place, a false sense of security will often arise. The document encompassing the process may be a glossy corporate book, but few people in the organization would know of it. To make the process live, it needs to be communicated, acknowledged, trained and implemented.
The authors of the incident management process are often the most suited to design the best training courses. However, external courses have advantages too. External trainers with input from the authors of the incident management process would be the ideal combination. Before the customized training courses could be established and deployed, the idea, reasons, content and governance of the incident management process must be communicated to all employees. Employee education would be the first step in this area and it would take the shape of internal information transfer.
A customized training course is best for deployment in every part of the organization. Where possible, every employee at some point should go through the training so that when incidents occur, everyone will be involved.
Course success is measured when incidents are managed with seamless efficiency and calm. To achieve this goal, when an incident occurs, the scenario should not be a surprise. The avoidance of surprise can be managed by correct training scenarios around applicable root causes of incidents. Therefore, when trainees know what incidents may occur, scenarios may be built to test the “what if” cases.
Verification and Review
At a later date, the effectiveness of the training and the suitability of the scenarios should be tested. Unannounced tests serve best to make the staff reaction and actions in managing the incident more robust. Verification may be triggered internally or externally; both have their advantages and disadvantages. Whichever approach is taken, the more challenging the verification, the stronger the system over time.
After a verification process or after an actual incident, which itself is a verification of the system, a review is recommended for learning and improvement. Improvements may be in better training and communication, or perhaps in tougher and more complex scenarios to challenge the staff. Changes based on the review should be logged to allow tracking and avoiding reversal to older versions of the verification process.
Risks of an incident will always exist, whether it is food or non-food related, or from a natural disaster or man-made one. It is the preparedness for incidents that defines the success of an organization in its incident management. To achieve success, the appropriate process would need to be developed and communicated, and training provided and verified. Gathering the correct team members and setting correct protocols is vital for clear, effective and efficient management. This team would have a clear task to logically ascertain the necessary information, alert all relevant stakeholders, analyze the data and finally act upon the situation. The actions would need to be designed to stop the incident from evolving into a crisis. Communication to the stakeholders would need to be focused and directed to address concerns, show that the situation is under control and demonstrate the commitment that the organization has to solving the issue. Everything would need to be documented to enable the RMT to track and learn from actions taken. From time to time, the system would need to be verified and reviewed for continuous improvement.
The content of this article reflects the points of view of the author and does not necessarily represent those of McDonald’s.
Bizhan Pourkomailian, Ph.D., is director, food safety & supplier workplace accountability, for McDonald’s Europe. He is responsible for providing direction and developing management systems for food safety. He holds a Ph.D. in biochemistry from Aberdeen University and an M.B.A. from Warwick University.