Like anyone who is involved in the food industry, I was very pleased to see Congress pass the Food Safety Modernization Act. We've certainly heard much about it in the past 18 months (or more), and it's a monumental step in the right direction towards achieving a national food safety program. That being said, it's still a long road ahead. It will take months, if not years to draft the regulations, train and develop the people to enforce those regulations, and most importantly, to pay for it all. The current price tag is looking at about $1.4 billion over the next 5 years.
Nevertheless, this is a great leap towards a better plan for how the government handles food safety. While we can expect a slow-as-government-goes implementation, I think it's important to note that many best in class organizations are already (and have been) taking steps to improve their food safety programs, many of which align with the new bill. So, while many organizations will wait till the final regulations hit their proverbial plate, there are a few key areas that make the most sense to start working on now.
1. Recall Management: Prior to this law, food regulators could only recommend a recall to an organizations. Much like their FDA brethren in Life Sciences, food organizations are now subject to a mandatory recall process. Like any process, recall management involves many roles and steps to ensure that the product is effectively removed, the affected parties notified and measures are taken to inform the FDA at every step of the recall process. Transparency and full disclosure become a key point, and without a proper system in place, you run the risk of a messy recall.
2. Risk-Based Approach to Food Safety: The FDA is planning to take a risk-based approach to food safety, focusing their attention on those food contaminants that represent the highest risk to the public. This is not only a great practice from a regulatory perspective, but it is a great approach for any organization when assessing their own products. Using risk-based tools, organizations can focus their attention on the products and processes that pose the highest risk, and take action on related events. It will be interesting to see how the FDA plans to incorporate risk tools into their process in the coming months (and years).
3. FDA Visibility into Company Records: FDA will be seeking better ways to require access to an organization's records prior to an inspection. This will not only give the FDA a "heads up" on any potential issues, but also allow them to gain a more comprehensive view of the organization's operation that they may not get on the inspection. It wil be critical that organizations have a centralized and controlled system for managing and maintaining records. Without a well-defined system in place, it can be a harrowing experience trying to collect all the necessary documents from all over the company.
4. Preventive Controls: Ah, my favorite one. Many companies already have HACCP plans in place, but the law goes a little beyond that now. It will require the Hazard Analysis and Critical Control Points, but it will also require a Preventive Control Plan. In this plan, not only with the HACCP elements be required, but also preventive controls. These include:
- Hazard prevention
- Sanitation and hygiene documentation and training
- Environmental monitoring
- Food allergen control
- Recall management plan
In addition to this, if a preventive control fails, the organization will need to have a corrective action plan in place. In my opinion, there is really no way to manage all this without an automated food safety management system. It provides all the key processes to help maintain a food safety system, it provides the record keeping components for visibility into your organization, and it allows you to be able to adapt to any changes in regulation.
As the FDA begins its journey towards implementing the most important food legislation in our history, organization should focus on the key areas which will help them adapt to any new changes that will come (eventually) - process automation, visibility, prevention, and responsiveness.