3 minutes reading time (679 words)

FSMA proposed rule: Implications for the Food Defense Plan Builder

The Food Defense Plan Builder (FDPB) is free software, provided by the FDA, to create a robust food defense plan.  It came out before the proposed rule on intentional contamination, so what are the implications?


Disclaimer:  The blog author created the original Food Defense Plan Builder tool, which was the model and prototype for the software.  This may create a bias in favor of the tool, but also represents significant insight into both its strengths and weaknesses.

While the Food Defense Plan Builder software pre-dated the publication of the proposed rule, it was finalized after the Food Safety Modernization Act itself was enacted.  Further, the same team of technical experts at FDA worked on both the software project and the proposed rule.  So you would correctly anticipate significant overlap.

Indeed, the Food Defense Plan Builder introduced terms like Actionable Process Step and Focused Mitigation Strategies.  These are used and defined in the proposed rule.

Vulnerability Assessments

The vulnerability assessment component and related focused mitigation strategies fit very well into the requirements of the proposed rule.  There is a difference, however, in that the proposed rule does not require a vulnerability assessment as the only method to determine your “actionable process steps.”  The vulnerability assessment is one of two alternatives.

2 ways to look at vulnerability assessments (Part 1)

2 ways to look at vulnerability assessments (Part 2)

Volume or criticality of a potential contamination event is only lightly addressed in the current tool.  The proposed rule however, discusses the impact of the volume of product contaminated as a factor in determining the actionable process steps.

Broad Mitigation Measures

The FDPB has a robust section on “broad mitigation measures.”  These are important as general preventive measures, and to provide multiple layers of defense.  The proposed rule does not require them, however, because the rule’s focus is on a terrorist or other perpetrator who may already have secured access to your facility.  Many (though not all) broad mitigation measures have limited benefit against someone that has already “gotten inside.”

The FDA still recommends that broad mitigation measures be used in your Food Defense Plan.  It isn’t required.

The proposed rule gives several examples of focused mitigation strategies.  In some cases those are what we previously would have called broad mitigation measures, though they are described with a bit more focus in their scope.  For example, you might implement background checks for everyone with access to an actionable process step, rather than background checks for everyone.  Or you might implement background checks for everyone, but exempting office employees with no access to the plant.

Monitoring, Verification, and Record Keeping

The FDPB does little in the way of monitoring, verification and record-keeping.  These concepts were not part of legacy guidance documents, and didn’t make it into version 1 of the FDPB.

There is a capability to link documents, which can be used to link the form(s) used for monitoring, verification, and record-keeping.  It could even be used to link historical records, though this could be more cumbersome than other record-keeping systems you may use.

There is an “action plan” component to the FDPB.  It was designed to capture and track the actions needed for putting your mitigation measure in place.  It could be pressed into service to track corrective actions as described in the proposed rule.  Again, this could be more cumbersome than alternatives.

There is no method in the FDPB to capture training documentation, other than linked documents.  Many organizations already have training documentation records that could be used for Food Defense.

Monitoring for the FSMA proposed rule on intentional contamination


The FDPB is only in version 1, but is recognized as a very useful (and frequently downloaded) tool.  It was built in a way that it could be updated as requirements and methods change.

It is reasonable to anticipate that the FDA will update the tool to reflect the regulations.  Since proposed rules can change considerably based on comments received, it is not reasonable to expect any development of the update to begin until the final rule is published.

Preparing for FSMA by Leveraging what is Familiar
Monitoring for the FSMA proposed rule on intention...


Already Registered? Login Here
No comments made yet. Be the first to submit a comment

Most Popular Blogs

The proposed FSMA rule for intentional contamination uses the phrase "a person knowledgeable about food defense" in several places. What it doesn't tell you is how to choose a consultant (internal or ...
18008 Hits
Missing from the proposed FSMA (Food Safety Modernization Act) rule on intentional contamination is any requirement for "broad mitigation strategies."  In this article we will explore the implica...
17975 Hits
The FSMA proposed rule on intentional contamination provides two ways to determine what are called "actionable process steps."  This is a facility and process-specific "point, step or procedure" ...
17427 Hits
In Part 1 of this blog we discussed the first of two approaches for determining "actionable process steps."  This is a facility-specific "point, step, or procedure" in a food process where there ...
16462 Hits
People that have been working with Food Defense will notice some things that they have previously focused on that are missing from the proposed rule for intentional contamination. In this post we will...
15944 Hits