As of last week, larger companies were to be compliant the Intentional Adulteration (IA) Rule and its required written Food Defense Plan (FDP). Come spring of 2020, FDA will begin inspecting to the rule, and within a year, small companies will need to be compliant. While most larger companies, and some small, have developed a basic FDP, there is a good chance that it is not as efficient or cost-effective as it could be. We say this because, in consulting with many food companies, we have found that some are actually making their FDPs more difficult or costly than they need to be, based on the method they’ve chosen to use for its development. One of the steps needed for the development of an FDP is that of conducting an initial vulnerability assessment to “identify, prioritize, and focus resources on preventing or significantly minimizing significant vulnerabilities at specific points, steps, or procedures,” as describe by FDA in its guidance document. A significant vulnerability means a vulnerability that, if exploited, could reasonably be expected to cause wide scale public health harm, thus those that are identified will require actionable process steps for risk mitigation. FDA recognizes four Key Activity Types (KAT) in food facilities as those which are consistently ranked as the most vulnerable, regardless of the food commodity assessed. Reflecting significant vulnerabilities to intentional adulteration caused by acts intended to cause wide scale public health harm, the four KATs are bulk liquid receiving and loading, liquid storage and handling, secondary ingredient handling, and mixing and similar activities. Thus, one method of writing your plan is to write a vulnerability assessment based directly and solely on identifying the KATs at a facility. As we discussed in a June newsletter, while this is a fairly quick and easy process, you have to remember that each identified KAT using this process automatically becomes an actionable process step (APS). So you may be creating unnecessary mitigation step(s) and their related resource costs. The second option is to conduct a vulnerability assessment at each process step using the Three Elements approach. In this method, metrics are applied to each point, step, or procedure of the process flow to determine which points, steps, or procedures of the process should be identified as KATs, requiring an actionable process step. Three fundamental elements (Potential public health impact, Degree of physical access to the product, Ability of an attacker to successfully contaminate the product) are considered and scored using a pre-determined scale or an internal scale with written justification. The third option is to use a Hybrid Vulnerability Assessment; using just the identified KATs in the first option, the three elements are applied to determine a metric to establish an APS. While this seems simpler than option 2, options 2 and 3 are actually quite difficult, but can readily be applied if a facility person/personnel have taken the IA Vulnerability Assessment Course (which can only be taught in person). From these descriptions, it would be natural for a facility to decide that the KAT method is easiest and cheapest. However, this is a case in which the method that appears to be easiest is not always the best for the facility. Let me provide an example: We were recently in a facility to assess the site and their FDP. Based on their operation, they had assumed that the easiest option for writing the FDP was to use the KAT method only. But because of the number of potential KATs in the facility, if they were to do this, they would have to implement numerous mitigation strategies that would require a large amount of capital. So, instead, we suggested they consider using the three-element approach as a way to apply the FDA-recognized metrics of the IA vulnerability assessment to ascertain if the KATs they had pre-determined to be Actionable Process Steps actually were. To determine if the three-element approach would be better, we worked with the facility on one of their pre-determined APSs. By approaching it from this perspective, we were able to show that the KAT would actually not need to be an APS because the physical amount of contaminant that would need to be inserted into the line was not feasible, therefore no mitigation strategy was needed. The costs and resources the facility saved by not having to implement the mitigation strategy at this single pre-determined APS point alone were enough to enable the company to increase its expertise and justify the cost of becoming trained through IA Vulnerability Assessment training. Not only does the course provide participants with the knowledge to conduct a vulnerability assessment according to the requirements of the IA Rule, participation also fulfills the rule’s mandate for a food defense qualified individual to successfully complete training in the conduct of a vulnerability assessment in order to perform certain activities. Although there are currently only 32 people in the world trained by the FDA and FSPCA as lead instructors for the “Intentional Adulteration Vulnerability Assessment Utilizing the Three Elements” course, TAG is proud to announce that our Senior Manager of Food Safety Christopher Snabes is one of those 32. Give us a call to find out if we can help you save money, time, and resources by through a more efficient – and effective – vulnerability assessment, and/or a vulnerability assessment training course. About The Acheson Group (TAG) Led by Former FDA Associate Commissioner for Foods Dr. David Acheson, TAG is a food safety consulting group that provides guidance and expertise worldwide for companies throughout the food supply chain. With in-depth industry knowledge combined with real-world experience, TAG’s team of food safety experts help companies more effectively mitigate risk, improve operational efficiencies, and ensure regulatory and standards compliance. www.AchesonGroup.com