1.0 Introduction

Current supply chain food safety practices typically involve the following, and may have downsides if applied as the appropriate methodology for Food Safety Modernization Act (FSMA) compliance.

  • Large receiving facilities direct their suppliers to input food safety Certificate of Analysis (COA) into their computerized systems.
  • Receiving facility employ audits on suppliers, which are snapshots in time
  • Independent certificate of analysis (COA) on product testing accompanying the product at receiving facility.

Are these methodologies appropriate to deliver FSMA’s legal requirements without additional costs, the risk of non-compliance or legal action between suppliers and receiving facilities? Supply chain management and supplier verification per FSMA’s management are examined in this white paper against a background of current practices, in order to consider if they are the best practices for FSMA’s application.

2.0 FSMA Supplier/Receiving Facility Requirements

2.1 FSMA states ‘Another entity in the supply chain, such as a broker or distributor, can conduct supplier verification activities, but the receiving facility must review and assess that entity’s documentation of the verification of control of the hazard’.

  • What are the mechanics for fulfilling this requirement? Mandatory distributor verification and then facility review and assessment – raises overheads costs, without any value-add – food prices increase likely.

2.2 FSMA states ‘Approved suppliers are those approved by the receiving facility after a consideration of factors that include a hazard analysis of the food, the entity that will be controlling that hazard, and supplier performance. Companies must have a written program to explain their supplier verification program, which includes what is being done to ensure the supplier follows the plan’.

2.2.1 How is the supplier performance over the period of delivery tracked and monitored by the receiving facility, with regard to the supplier’s written plan for controlling the hazard? The current practice of some receiving facilities requiring suppliers to input data into system, is not an assurance that all of the plan is being followed.

Future FSMA requirements in the context of current practices are considered as follows:

  • FSMA expects more that annual audits from the receiving facility on suppliers – there is no exemption status for any supplier audit for any qualifying ingredients – increased audits costs are increased overheads, which does not add value to the product.
  • The ‘type and extent of control’ on suppliers by different receiving facilities, which are required to approve the supplier food safety plan. An additional burden is placed on suppliers, who may have to adhere to varying ‘types and extent of control’ from different receiving facilities. In addition to enabling the stream of receiving facility visits to conduct audits, as it is understood to be the means for supplier verification and supply chain management.
  • There is the likelihood that a receiving facility can fail to meet its legal obligation because of a supplier delinquency. The interface is a grey area for the receiving facility ’s responsibility and subject to interpretation leading to potential litigation.
  • Different receiving facility formats are a problem for suppliers, who now have to supply data to satisfy a multitude of formats for different receiving facilities when they themselves have their own existing formats, which has to be re-configured for each individual receiving facility.
  • The voluntary commercial standards ISO 22000, GRC, SQF, GFSI may be challenged to convert to FSMA, since their formats are not preventive control driven per the FSMA requirements.

Seemingly, the current practices or methodologies if transferred into FSMA wholesale, on account of their historical practices; can lead to legal and economic issues. Given the likelihood of implementation and operating issues at the interface, perhaps ways should be found to minimize the threat of potential legal actions and increased costs.

3.0 Examining the FSMA Supplier/Receiving facility Relationship

The receiving facility / supplier is not a straight one to one relationship, but a complex cross link of receiving facilities served by many suppliers, usually through brokers or distributors, who in turn direct product to receiving facilities – not directly known to the supplier. The permutation of suppliers and receiving facilities FSMA requirements consists of audits, data entry and tracking trends by many different auditors to be dovetailed to serve the supplier / receiving facility cross links. Audits may appear to be just audits – they require review, corrective actions to which the supplier has to react to many different findings, from different interpretations by different auditors in timely fashion. These management tasks lead to management risks that are unaccounted for, further jeopardizing the intent of FSMA to manage the food chain.

The FSMA legal requirements under the current practices -will need to consider the availability of additional skill resources of persons beyond the operations to fulfill the requirements – further increasing overhead costs. The extent, to which overheads need to be added, may be challenging for some suppliers.

The outcome of FSMA may not be its robustness of the food safety plan completion. It may be due to the overheads for meeting the legal requirements. When companies are competing on overhead costs, in order to maintain an advantage, short cuts or ways are found to look for an ‘edge’. This may mean selective compliance. This will most certainly lead to a degradation in the performance of the FSMA requirements, with corrections/ corrective actions issued by the receiving facility or FDA’s 483s, where applicable.

The ‘type and extent of control’ by different receiving facilities in order fulfill the requirements can be complicated for suppliers, with receiving facilities arguing it is their responsibility to see the approved plan is carried out. The supplier, on the other hand, is seeking to limit the extent to which control is applied as increased controls cost more to manage.

While Hazard Analysis and Process control from HACCP is still relevant to FSMA, it is the FSMA management requirements between suppliers and the receiving facility that raises likely operational challenges. One may conclude that the management methods and practices for supplier / receiving facility in the pre-FSMA era are not suitable to sustain the legal requirements of FSMA, without additional resource allocation.

4.0 Standardization

Standardization is the key for maintaining the FSMA requirements on an on-going basis. Standardization of documentation and methodology for internal supplier use considers the elimination of two steps processes (reconfiguring internal reports for external use) when one will suffice; e.g. replacing different formats to serve the many receiving facilities. Standardization provides users with a format that is familiar to everyone industry wide. Standardization provides a format for users to be guided through the process intuitively, without having to retain organizational knowledge especially where there is staff turnover.

Standardization of formats, ‘type and extent of the controls’ ensures that both suppliers and the receiving facility are on the same page. More importantly, there will be less need for enforcement, except where the rules are deliberately left undone. In this regard, a measure of self-regulation is attained, with less need for layers of FDA inspectors’ oversight.

The concept of ‘Management by Exception’ with automated management technology will support standardization as a strategy for FSMA, when compared to the significant increase in audits required. ‘Management by Exception’ is the gathering of data with reporting only the exception to the rules or threshold to the relevant responsible persons, in real time. Compare to an audit, which must consider every legal requirement and is based on past records; past records are not compatible with preventive controls. An example of ‘Management By Exception’ is as follows; if a supplier deliberately enters the expected values, instead of the wrong values for a batch, the receiving facility can observe the trends throughout the process to review the following records:

  • Supplier process trends in real time
  • Comparing other performance trend graphs,
  • Reviewing the effectiveness of the system,
  • Comparison with other suppliers
  • Efficiency measures,
  • The impact of ‘late’ or undone controls on the process outcomes

These reports provide meaningful information, which an audit is unable to uncover at the time of the batch run. As a matter of fact, if the receiving facility is aware of the batch number and the date of the run, the receiving facility can see the process in real time. Thus standardization delivered via a portal or platform technology is an appropriate sector wide strategy, to create seamless supplier / receiving facility management of preventive controls. A supplier / receiving integrated platform is needed for the receiving facility to view the supplier operations records.

It is time to replace the standalone food safety data owned by each company that is not a fit for FSMA. The single company configuration is of another time when software was formatted as an electronic record as an alternative to paper for a single facility. The consideration is bridging the supplier /receiving facility chasm seamlessly through the convenience of the Cloud with ‘Management By Exception’.

5.0 The FSMA ‘Management By Exception’ Platform / Portal

The Standardization via ‘Management By Exception’ is delivered by cloud/iPad combination. The technology facilitates the receiving facility to the supplier records, which the supplier places in the cloud via the iPad for all receiving facilities in real time. With the platform the receiving facility does not have to own the records to verify them, they are always accessible via the platform. This action on the FSMA software platform, is offered to

  • Curb the embedded management risks,
  • Enhance efficiency and effectiveness,
  • Minimize overheads, and
  • Reduce the potential for legal conflicts
  • Provides FSMA management support for the food safety technical specialist by maintaining compliance to FSMA because the requirements are embedded in the software. E.g. Auto opening of corrective actions, when the requirements are not met or unless trained no access to work procedures.
  • Provide a cloud batch look-up of the entire process to the receiving facility. This serves as a real preventive control for the receiving facility: -each batch is verified. The point is, the supplier inputting data into the receiving facility system, is not supplier verification. The platform provides the supplier to verify the supplier food safety plan 24/7 for a specific batch, and conduct supplier verification on the supplier’s own records.
  • Allows the receiving facility to view the batch preventive controls compared to the food safety plan
  • Provides the receiving facility to view the process parameters on the product prior to or on reaching their facility
  • Ensures trained personnel
  • Is able to determine if corrective actions are effective
  • Compare similar supplier processes and review process outcomes.

A FSMA Platform / Portal provides a seamless interface between supplier records and the distributor / receiving facility with the bulleted features and literally satisfies the stated FSMA requirements of 2.1 and 2.2. The following benefits accrue:

  • Overhead audit costs become less demanding rather than the rule, because supplier verification provides live data for every batch.
  • Management by exception
  • The potential for case law is kept at a minimum for supplier / receiving facility issues.
  • Minimizes management operational risks such as those caused by differing formats and the transposing of data.

A receiving facility / supplier FSMA platform infrastructure is worthy of consideration, especially from a financial perspective. Reduction in overhead costs by both suppliers and receiving facilities – fewer resources for data entry and audits, lowers costs. More reliable data and traceability is possible because of batch trends. Ease of defining the type and extent of control. Establishing that the food safety plan is carried out precisely. With a standardized iPad format, there is less training on many different formats and the instructions are readily available in front of the supplier’s operator.

How does current practice compare? Which would be more supportive of FSMA in the industry: a low cost platform or overhead laden current practice masked as FSMA?

How The Platform Works

Supplier organization signs-up and register each customer via their email address and a password, customer clicks the received link and has access to the supplier’s operational records. A very simplified demo of the concept is explained via video.

The Platform is a system based on ISO Management Standards 2015 version and based on plan, do, check, act. Suppliers need only this program to provide their customer with an assurance that the food safety plan can be effectively carried out with the control required of GMP. The following are the features

  • Production quality controls
  • Maintenance management
  • Occupational safety – re incident and injury / DART calculation,
  • Lock out tag out, confined space, hot work
  • Environmental safety monitoring – Emergency preparedness
  • Embedded safety data sheets
  • Food safety – preventive controls and monitoring
  • Pre-requisite management
  • Corrective action generation and management
  • Training and training records
  • Document control
  • Graphical trends
  • Notifications
  • Efficiency histograms
  • Time and usage Scheduling
  • Personal un/pw and task recording
  • Role identification
  • Non-conformance recording

By Jeffrey Lewis

Fellow, Chartered Quality Institute

Safety In Your Hand, Inc