The FSMA Intentional Adulteration Rule Is Here: Are Processors Ready?
By Bob Ferguson
Three years ago, as part of their rulemaking under the Food Safety Modernization Act (FSMA), the U.S. Food and Drug Administration (FDA) published their final rule requiring food processors to address hazards that they may be facing from threats caused by acts intended to cause wide-scale public health harm. The rule, titled “Mitigation Strategies to Protect Food Against Intentional Adulteration,” otherwise known as the FDA Intentional Adulteration rule (IA rule), was designed to address and prevent intentional attacks on food, as would be the case in a terrorist attack, which are solely intended to cause widespread illness and death and erode confidence in the safety of our food supply.
Food facilities will need to conduct a vulnerability assessment and develop plans to prevent or minimize the risk from threats to their food operations. The first compliance date (for the largest facilities with more than 500 employees) was July 26, 2019. FDA has said that they will begin enforcement inspections starting in March 2020. Additional compliance dates for smaller facilities will follow in July 2020 and July 2021.
As the first compliance date is now here and with others approaching, we wanted to find out more about the state of readiness of food processors for this new FSMA requirement and what difficulties and challenges they are seeing with implementation. So, Food Safety Insights asked more than 300 processors—235 in the U.S. and Canada and 80 international companies—about their state of readiness for the IA rule and heard about what they have done, what they may have left to do, and what they see as their biggest challenges.
We first asked whether the processors felt they were generally ready for IA rule implementation. In general, we saw a high percentage of companies reporting a high level of confidence that they are in compliance with the rule. As can be seen in Figure 1, 88 percent of those companies in the largest category in the U.S. and Canada report that they are ready. Processors in our sample of international companies reported a somewhat lower number of companies confident in their readiness, but nonetheless, more than two-thirds of those affected by the July 2019 date reported being in compliance.
Interestingly, more than one-half of all the larger processors (both U.S./Canadian and international processors) who say that they are in compliance indicated that they have been ready “for some time now.” Also, when we only look at smaller companies with a compliance date not coming until 2020 or 2021, 71 percent of these in the U.S. and Canada and 57 percent of the international processors indicated that they are also ready now. These data indicate that many processors have been preparing for these compliance efforts and are not panicking at the deadline.
Based on the comments we heard, however, this indication of a high level of readiness may prove to be deceptive, and some companies may be in for a surprise. More than a few respondents mentioned that since they maintain a third-party certification—with several mentioning Safe Quality Food, British Retail Consortium, or International Organization for Standardization—they had confidence that their programs will be in compliance. Others mentioned that they are dual-regulated facilities (FDA/U.S. Department of Agriculture), Canadian Food Inspection Agency–regulated facilities in Canada, or other national regulatory bodies cited by the international processors, and the inspections that they receive from these other agencies will suffice to test their programs for IA compliance. Compliance with these requirements, of course, does not equate to compliance with the FSMA IA rule, and the companies holding these opinions will quite likely find out that they have work to do.
So, companies in our survey are generally reporting that they think they are indeed ready for their upcoming compliance dates. But what did it take for them to get there? What have they seen as their most difficult challenges? We asked those questions.
For processors in the U.S. and Canada, the number one issue that they reported was related to the details of compliance with the rule and the corresponding documentation (Figure 2). As with our previous surveys about other aspects of FSMA, many companies believe that they have compliant programs, but they will not know until they have their first inspection and hear the results and interpretations from FDA. One processor had a comment that was typical of many: “We have our program in place and we think we are in compliance, but we are waiting to make sure that we have what they want.” Others commented that without the still-anticipated FDA guidance documents, Food Defense Plan Builder software, and the availability of final compliance training programs, they are put in a position to guess what specifically is needed, and they may find on the day of their first inspection that they have more work to do. All of this concern is also wrapped into a general uneasiness about whether they have the proper documentation needed. As we’ve heard in the past with other FSMA issues, processors separate the actions they are taking to comply directly from the documentation of those actions. And, while they are confident that they are taking the right actions, they will not know for sure about the compliance of their documentation until they have an official inspection and the regulators confirm that they have “dotted all of the i’s and crossed all of the t’s.”
Their second-most-mentioned concern was related to how far they need to go to address each risk scenario. Processors are looking for guidance on which risks are most likely and need to be prioritized versus those where risk scenarios are sufficiently unlikely that they need not be addressed in their programs. Several processors mentioned that they were very aware of the risks presented by the potential actions of a company insider. These people have the most access to food and food processing operations, and this access gives them the most opportunity to create an incident. Many processors especially highlighted their concerns over the presence of temporary workers. One processor commented, “With 500 hands handling the product, how can you watch all of them?” Most of the respondents to our survey felt the most likely risks were manageable, but that there were many more possibilities and scenarios than they could reasonably address.
It is these numerous but unlikely scenarios that seem to most vex processors. Many commented that it is easy to think of more possibilities than they could ever address. One processor mentioned that “we are trying to ‘think like a criminal’ to ensure we are considering all of the risks involved…” But how far do processors need to go? How many unlikely scenarios do they need to consider and how improbable does a scenario have to be until it no longer needs to be considered in their IA program? Or, as one processor described the situation, “Do we need to consider every crazy Ph.D. MacGyver-type scheme…or mainly keep the focus on the more likely possibilities from people bent on creating trouble?”
And confirming what we mentioned earlier about some processors perhaps being overly optimistic about their compliance readiness, 17 percent of the U.S. and Canadian processors and 26 percent of the international processors indicated that they have no concerns about compliance with the IA rule. While the possibility that nearly one in five processors has been able to create and implement a compliant IA program with no issues at all is encouraging, the comments that we have received from others on the IA rule, as well as on other issues related to FSMA from previous surveys, indicate that compliance issues are always highly complex and initially present many unanswered questions. Being able to get this right well ahead of compliance and inspection dates with limited guidance may be optimistic. But once the formal inspections start in March 2020, we’ll find out for sure.
In the next issue of Food Safety Insights, we will address issues related to another type of intentional food adulteration, food fraud—or as known officially—economically motivated adulteration. We have all seen the reports and incidents related to unscrupulous actors misrepresenting one species of fish as another, substituting horse meat for beef, and diluting and coloring various oils to sell as high-quality virgin olive oil—all for the purpose of illegally making money. We wanted to find out more about food processors’ experiences with these threats and what they are doing to protect their products, their markets, and their profits. Look for that report in October.
Bob Ferguson is president of Strategic Consulting Inc. and can be reached at firstname.lastname@example.org or on Twitter at @SCI_Ferguson.