FDA Issues New Food Defense Guide, Food Safety Software

FDA released two useful tools last month to advise and assist companies in complying with new FSMA rules.

The agency issued a Small Entity Compliance Guide(SECG) to help small food businesses comply with the FSMA final rule on Mitigation Strategies to Protect Food Against Intentional Adulteration.

“We encourage you to comply with the [intentional adulteration] rule as soon as possible,” the agency said. The mandatory compliance dates depend on the size of the business. Businesses that do not qualify for exemptions must comply by July 26, 2019. Small businesses – with fewer than 500 full time equivalent employees — have until July 27, 2020 to comply. Very small businesses are exempt from the rule, except for a documentation requirement which has a compliance date of July 26, 2021. A very small business is defined as a business (including any subsidiaries and affiliates) averaging less than $10 million, adjusted for inflation, per year, during the 3-year period preceding the applicable calendar year in sales of human food, plus the market value of human food manufactured, processed, packed, or held without sales.

The intentional adulteration rule requires a written food defense plan that must include:

  • A vulnerability assessment to identify significant vulnerabilities and actionable process steps, and associated explanations;
  • Mitigation strategies and associated explanations;
  • Procedures for food defense monitoring;
  • Procedures for food defense corrective actions; and
  • Procedures for food defense verification.

The rule applies to all food facilities, foreign or domestic, that are required to register because they manufacture, process, pack, or hold human food for consumption in the U.S.

Although this new FDA guidance is for small entities, it includes useful advice for any size of business thinking about ways to minimize the risk of intentional adulteration — such as how to prepare a food defense plan, the required contents, who must sign the document, what ongoing records are required, who is qualified to create the plan, where and for how long records must be held, and so on. Perhaps equally useful is the guide reflects current FDA thinking, and offers some reason for confidence that following the guidance will probably be acceptable to FDA.

As a FSMA consultant, I should note that the qualified individual who creates the food defense plan may be, but is not required to be, an employee of the facility.

The agency also unveiled a new software program called the Food Safety Plan Builderto help owners and operators develop food safety plans. The program was modeled after the Food Defense Plan Builder, created to help food facilities create food defense plans.

The new tool asks a series of questions to help identify potential hazards and the preventive controls needed to address the hazards. The FSP Builder, much like the SECG for Mitigation Strategies, is current agency thinking. Using the tool correctly to design a facility specific FSP should satisfy FDA, at least initially, that a good faith effort is being made by a regulated firm to follow food good manufacturing practices, and identify hazards in need of controls(s). It may also help firms distinguish between safety hazards that FDA will review, and quality characteristics unrelated to food safety that are present in many operating SOPs.

The agency won’t have access to any documents developed using the software, Jenny Scott, senior advisor in FDA’s Office of Food Safety, emphasized in an agency blog. However, during an inspection, FDA will review the FSP.

Tips for Auditing a Contract Laboratory

Contract laboratories provide an extremely valuable and necessary service to the dietary supplement industry. The own-label distributor or manufacturer rarely has an in-house laboratory equipped with the appropriate scientific expertise to conduct all the testing required in 21 CFR 111, Current Good Manufacturing Practices (cGMP) in Manufacturing, Packaging, Labeling, or Holding Operations for Dietary Supplements.However, a contract laboratory must be thoroughly scrutinized by the own-label distributor or manufacturer to ensure the laboratory complies with the applicable subparts of 21 CFR 111.

All personnel must possess the education, training, or experience needed to perform their job function in accordance with 21 CFR 111.12(c). Responsibilities and activities for each job function should be described in a formal job description. A comparison of the job description to on-the-job training provided in a personal training record as well as a resume or biography of several selected individuals should be examined during the audit to verify compliance with the regulatory requirements, but also ensure the laboratory has the scientific expertise to competently perform the desired tests.

The laboratory facility used to perform testing must be adequate per 21 CFR 111.310 and in accordance with 21 CFR 111.27, all equipment must be of appropriate design, construction, and workmanship to enable them to be suitable for their intended use. The latter is generally accomplished using an equipment qualification program. Documentation supporting the qualification of several different types of equipment should be reviewed during the audit. Part of the review must include an assessment of any software or electronic operations being performed by the instrumentation.

All electronic equipment and records must comply with the requirements dictated in 21 CFR 11, Electronic Records, Electronic Signatures. Equipment must then be calibrated and maintained at a frequency dictated by the manufacturer to maintain accuracy and precision and these activities must be documented in equipment log books as governed by 21 CFR 111.35(b)(3).

All laboratory controlled processes, including written procedures for test methods, must be developed and implemented in the laboratory as required by 21 CFR 111.325. There must be evidence that these test methods are being conducted, as written, by laboratory personnel and that this is documented at the time of performance. The documentation must be thorough and detailed and include the performance of each step of the method. Test methods employed must be scientifically valid as required by 21 CFR 111.75(h)(1) and 111.320(b).

The FDA described a scientifically valid test method as one that is accurate, precise, specific for its intended purpose, and consistently does what it is intended to do (rugged). Documentation that a method meets these criteria is accomplished from method validation studies for the sample matrix via experimentation, peer-reviewed literature, or compendial sources. Several examples of such documentation should be reviewed by the auditor.

Other critical laboratory controlled processes to examine during a contract laboratory audit include those for out of specification (OOS) investigations, deviations, and corrective and preventative actions. These situations are inevitable and a strong quality system must be in place for handling them.

There are many important aspects to choosing a contract laboratory, from assessing testing and record-keeping to confirming it is equipped and suitable for its intended use. A pre-audit of a contract laboratory helps to ensure that their procedures match those required by FDA as well as your own internal requirements. This up-front work will go a long way towards finding the right partnership to enable distributors and manufacturers to market safe products.