For those of you who work in the food manufacturing business, you have my permission to skip this article. Most of you already have food defense quite in hand, or you are well on the way to having a fully functional defense plan. So for this column, I’m directing my comments to the retail side of our industry, particularly the small retail foodservice providers, including bakeries, bars, bed-and-breakfast operations, cafeterias, camps, child and adult daycare providers, church kitchens, commissaries, community fundraisers, convenience stores, fairs, food banks, grocery stores, meal services for home-bound persons, mobile food carts, restaurants, and vending machine operators.
Although there are numerous well-written food defense guidelines, for all intents and purposes, they target the larger operation. Even those from the U.S. Food and Durg Administration Center for Food Safety and Applied Nutrition’s (FDA CFSAN) “Retail Food Stores and Food Service Establishments” guidelines are not entirely sensitive to the vast majority of mom-and-pop or smaller institutional operations. They even make mention of this in the opening paragraphs. Taken in its entirety, the requirements outlined for a comprehensive, secure retail food establishment is somewhat daunting, confusing and sometimes quite illusive if applied to a smaller operation of limited financial and facility resources. So for those of you who fit into this category, please bear with me while I try to demystify and (I hope!) simplify this topic.
By way of introduction, long before the first real monstrous act of deliberate food contamination in 1984, where members of a religious cult in Oregon contaminated salad bars with Salmonella typhimurium in order to disrupt a local election and causing 751 cases of salmonellosis resulting in 45 hospitalizations, I started my career working with institutions, mostly prisons and psychiatric facilities. Awareness of possible acts of sabotage was already part of the institutional culture. Before we could begin working at these facilities, newly hired professional and support personnel, including myself, had to learn about defense and incorporate it into our craft. It was expected that any activity conducted within a secure environment was done with defense-minded constraints. It did not take long for this new concept to become second nature. I applied what I had learned to my report recommendations and added a defense component to other institutional environmental health-related programs for which I was responsible. To this day, I continue to do so. In short, food defense should become seamlessly integrated into every foodservice operation.
Early on, the sanitarian’s guideline for food service defense came largely from the Public Health Service’s 1967 and 1976 Food Service Sanitation Manuals (the precursors to today’s Food Code). It dawned on my professional colleagues that the prevention of cross-contamination and enforcement of personal hygiene practices were already part of the correctional and medical staffs’ post orders and the kitchens’ defense compliance mandate. Except for some idiomatic and occupation-specific language, food safety and food defense were, and continue to be, synonymous.
In the April/May 2005 issue of Food Safety Magazine, I wrote about “Street HACCP,” which is an abbreviated HACCP program ideal for small foodservice operations. I will try to present the basic concepts of food defense in much the same way: brief, concise and functional—and it is hoped, cost-effective.
Assessing Risk for Defense
First, here is the bad news. Unlike accidental foodborne illness, a breach in food defense or an act of terrorism in a small food service operation can result in at least two types of economic effects: Direct economic losses attributable to the costs of responding to the act; and, indirect multiplier effects from compensation paid to affected customers and the losses suffered by affiliated industries, such as suppliers, transporters and distributors.
However, here’s a bit of good news. Believe it or not, in the world of small foodservice operations, most policies for food safety (even if they are unwritten) and the practices of rudimentary defense systems are already in place. All facilities that are routinely inspected by the regulatory community meet the most critical defense components such as preventing cross contamination, maintaining proper temperatures and using time/temperature relationships to prevent foodborne illnesses, and, ensuring that foods come from approved sources. With a little attention to detail and a few enhancements, every small operation can significantly reduce its risk of intentional food-related misadventures such as tampering or other malicious, criminal or terrorist actions.
While it’s fairly easy to identify broken seals, bag closures and the like, it’s far more difficult to judge past temperature abuse or the opportunity for deliberate contamination with foods that do not have defense packaging. Therefore, let us explore simple ways to enhance the food defense practices already in place.
To begin putting a rational spin on food defense for the smaller operator, the FDA provided a good resource. Several years ago, the FDA developed a generally accepted framework for risk assessments that was endorsed by the Codex Alimentarius Commission and the U.S. National Academy of Sciences, among others. The framework divides risk assessment into four components: (1) hazard identification; (2) hazard characterization (or dose-response assessment); (3) exposure assessment; and (4) risk characterization—all basic to a HACCP program.
The actual definition of risk assessment is: “A report that shows assets, vulnerabilities, likelihood of damage, estimates of the costs of recovery, summaries of possible defensive measures and their costs and estimated probable savings from better protection.” The FDA model allows us approach risk assessment—within the confines of this definition—in much of the same way we would complete a menu review and a formal facilities plan review, but with a defense twist. Keep in mind that some of the biological and chemical agents of concern are more inclusive than the usual cast of foodborne misadventure characters, and that opportunities are a bit a bit more global than food preparation considerations. In short, our risk assessment goal is to prevent deliberate contamination. But while we cannot prevent all terrorism scenarios, we certainly can minimize them.
The Conference on Food Protection’s Plan Review Blue Book poses several questions for new and newly remodeled food service facilities. These questions are basic to any operation: Will the menu offer food that requires extensive preparation? What are the hours of operation and service? How often will food and supplies be delivered? What is the maximum number of employees working on one shift? And, has everyone been trained in food safety, defense and HACCP principles? From the answers we can not only evaluate the adequacy of the kitchen equipment, the flow of food through the facility, the sizes and type of cold-holding equipment and dry goods storage, the adequacy of personal hygiene facilities, and the potential for human error, we can also look for potential breeches in defense; both from a facility and personnel perspective.
Like a HACCP program, we can focus our attention sequentially on each segment of the food delivery and production system that is within our control and minimize the risk of tampering or other malicious, criminal, or terrorist action at each segment. To be successful, implementing enhanced preventive measures requires the commitment of both management and staff. Accordingly, it is prudent that both management and staff participate in the development and review the food defense measures within their facility.
So, now you have the logic to develop a food defense program using the food safety tools already in place. I have taken the liberty of highlighting, what I consider the most important FDA recommendations. There are five components to each foodservice operation: Management, staff, public, facilities and operations, each of which can be easily integrated into existing policy.
Management
• Prepare for the possibility of tampering or other malicious, criminal, or terrorist events and assign responsibility for defense to knowledgeable staff.
• Have a crisis management strategy to prepare for and respond to tampering and other malicious, criminal, or terrorist actions, both threats and actual events, including identifying, segregating and securing affected products.
• Plan for emergency evacuation, including preventing defense plan breaches during evacuation.
• Familiarize yourself with the emergency response system in the community and provide 24-hour contact information to the local authorities.
• Post all emergency phone numbers in a conspicuous area.
• Train yourself and staff about relevant defense issues and have a strategy for communicating with the public in the event of an emergency.