The FSMA proposed rule on intentional contamination provides two ways to determine what are called "actionable process steps." This is a facility and process-specific "point, step or procedure" in a food process where there could be a significant vulnerability to intentional contamination. This "actionable process step" is the point where you would choose and apply focused mitigation strategies to reduce that vulnerability.
The first approach is to rely upon four "key activity types" determined by the FDA to have greater vulnerability. The second approach is to perform your own vulnerability assessment. Each approach has its pros and cons to consider. You will have to determine which approach to use in your food defense plan.
Four Key Activity Types
The four key activity types are listed below. There are examples included in the proposed rule that suggest you should consider your processes fairly broadly when determining if they fall within any of these activity types. For example, secondary ingredient handling could include storage, weighing or addition of secondary ingredients, where a contaminant intentionally added to the ingredient is dispersed into your finished product. Mixing and similar activities could include grinding, coating or rework activities, where a contaminant added to the product is uniformly mixed with or coated onto your finished product.
- Bulk liquid receiving and loading;
- Liquid storage and handling;
- Secondary ingredient handling; and
- Mixing and similar activities.
These activity types were not selected arbitrarily. They are the result of dozens, perhaps hundreds of vulnerability assessments conducted by the FDA or on their behalf. Rigorous methods like CARVER Plus Shock were used. Aggregate results were analyzed for common factors that contributed to activities ranking high on those vulnerability assessments. These four activity types floated to the top in those analysis. These have been published previously by the FDA and are incorporated into several training and presentation materials. These are activities the FDA understands could be used to cause "massive public health harm."
The main advantage for an owner selecting this approach is the apparent simplicity. No special training or rigorous method is required. Diagram your process, list all your process steps, and flag those that fall into any of the four key activity types. Specifically, you don't need the help of an employee or consultant that is knowledgeable about food defense. You are expected to know your process well enough to recognize if you have bulk liquid receiving, liquid storage, secondary ingredients, mixing and so on.
There are potential disadvantages for both very complex and very simple operations. A complex operation, such as a large beverage facility, might have dozens of liquid storage and handling processes. Every storage tank, every surge tank, the filler-bowl in packaging, indeed, every point where the liquid is open to atmosphere may be considered a liquid storage and handling activity.
It is not clear in my initial reading of the proposed rule that there is any qualifier for volume. If you use the four key activity types, both a contamination at a 30 gallon filler bowl and a contamination at a 300,000 gallon bulk storage tank appear to become actionable process steps. Only one of these locations might "cause massive public health harm."
At the other end of the spectrum, a very simple operation may erroneously believe they have no actionable process steps. For example, a bulk rice milling operation has no liquid handling or secondary ingredient handling. Yet you could consider the milling operation as a mixing and similar activity, if defined broadly enough. In my conversations with regulators, I understand that they anticipate every operation that isn't already exempted from the rule to have at least one actionable process step.
In the end, this apparently "simple" approach may not be so simple.
Our next blog article will continue with Part 2, discussing the second alternative to determine actionable process steps by performing a vulnerability assessment. Subscribe to our FSMA blog series to be notified automatically when this blog is posted.