With its June 19th publication of draft guidance for FSMA’s Intentional Adulteration (IA) rule, FDA is advancing its regulation for food defense. The final IA rule, released in 2016, marks the first time that FDA-regulated food facilities have been required by regulation to take measured steps to incorporate food defense and have a written plan to combat intentional adulteration. With the first of the IA rule compliance dates taking effect for large facilities in July 2019, FDA has published the first of three installments of draft guidance for the rule, which is designed to address hazards that may be intentionally introduced to foods, including acts of terrorism, with the intent to cause wide-spread harm to public health. The IA rule differs from the other FSMA rules in that it focuses on food facility processes rather than on specific foods or hazards. That is, it requires facilities to “implement risk-reducing strategies for processes that are significantly vulnerable to intentional adulteration.” Although FDA notes the likelihood of an incident at a particular facility as being low, intentional adulteration of the U.S. food supply does represent a serious threat that could have devastating public health consequences. As such, the intention of the rule and its guidance is to help the industry address process vulnerabilities to protect the food system while being cost-effective and not overly burdensome to food facilities. From my perspective, this rule is focused on prevention of deliberate actions that will result in large numbers of serious public health consequences – the emphasis being on intentional and wide scale public health impact. So, it is important to keep this in mind when developing your food defense plan. If you don’t keep this in mind you will potentially find yourself spending a lot of money to implement your food defense plan. With many facilities having already implemented some IA measures, the guidance is intended to provide greater clarity and predictability for complete compliance with the rule. Some activities and facilities are exempt from the rule, such as certain very small businesses, holding of food (except in liquid tanks), packing/labeling of intact food packages, farm activities covered by the Produce Safety Rule, alcoholic beverages, animal food, and low-risk activities at farm mixed-type facilities. (For full exemption information, see the guidance, page 15.) No exemption application is needed, but some documentation may be required. Due, apparently, to the extent of the rule, FDA has split the draft guidance into three installments, with the second and third intended to follow later this year: This first installment focuses on the components of the food defense plan; how to conduct vulnerability assessments using the key activity type method; and how to identify and implement mitigation strategies; and food defense monitoring requirements. The second will focus on a vulnerability assessment approach that can be more tailored to a facility and employee training requirements. The third will provide greater detail on corrective action; verification that a facility’s system is working; food defense plan reanalysis; and record-keeping. The Food Defense Plan (FDP). Food facilities covered by the IA rule will be required to develop and implement a food defense plan that identifies their significant vulnerabilities and mitigation strategies for those vulnerabilities and ensures that the mitigation strategies are working. A written FDP is essential to significantly minimize or prevent significant vulnerabilities related to intentional adulteration of food. Additionally, documentation and implementation of the plan are necessary so that both the facility and FDA can ensure that significant vulnerabilities are properly addressed. That said, having heard consistently from a variety of stakeholders that the rule needed to be practical and facilities needed flexibility when conducting vulnerability assessments, FDA wrote the draft guidance to reflect that approach. Thus, the guidance illustrates different ways that each facility can meet the rule requirements and provides a range of options for identifying and reducing vulnerabilities. As defined in the guidance, an FDP is “a set of written documents that is based upon food defense principles and incorporates a vulnerability assessment, includes mitigation strategies, and delineates food defense monitoring, corrective action, and verification procedures to be followed (21 CFR 121.126(b)).” Required components include: Vulnerability assessment to identify significant vulnerabilities and actionable process steps, including an explanation of why each point, step, or procedure was or was not identified as an actionable process step (21 CFR 121.130). Mitigation strategies for each actionable process step and written explanations of how each strategy sufficiently minimizes or prevents the associated vulnerability (21 CFR 121.135). Monitoring procedures for the implementation of the mitigation strategies (21 CFR 121.140). Corrective action procedures that must be taken if mitigation strategies are not properly implemented (21 CFR 121.145). Verification procedures for verification activities (21 CFR 121.150). In addition to the general overview of these components of the FDP, the guidance provides chapters with extensive detail on each. However, only the chapters on vulnerability assessments, mitigation strategies and monitoring are complete in this installment. The others, along with reanalysis; education, training, or experience; and records are listed as “coming soon,” to be released in the second and third installments. The appendix of the guidance also includes a number of sample worksheets to help facilities develop the written FDP. However, use of the worksheets is voluntary, there is no standardized or required format for an FDP. FDA will accept other formats as long as they include the required components. FDA also is working to create training and technical assistance, including work with the Intentional Adulteration Subcommittee of the Food Safety Preventive Controls Alliance to develop and provide a new food defense awareness training module for food manufacturers. The agency plans to hold a public meeting on the draft guidance after the second guidance is published. TAG has developed an extensive offering of help with implementation of the IA rule for food and beverage facilities. So if you are curious about whether your approach is the right one, or just have questions on what to do to comply with the IA rule, don’t hesitate to contact TAG! About The Acheson Group (TAG) Led by Former FDA Associate Commissioner for Foods Dr. David Acheson, TAG is a food safety consulting group that provides guidance and expertise worldwide for companies throughout the food supply chain. With in-depth industry knowledge combined with real-world experience, TAG’s team of food safety experts help companies more effectively mitigate risk, improve operational efficiencies, and ensure regulatory and standards compliance. www.AchesonGroup.com