The lack of knowledge regarding the Food Safety Modernization Act (FSMA) and ISO 21469 is truly astounding, especially considering that violations of this important legislation not only can lead to fines but also jail time for those involved and the boardroom-level leadership.
Most individuals who work in the food and pharmaceutical industries are aware of the FSMA requirements and the consequences of violations. The reach of this piece of legislation is very broad in its scope. Organizations that normally would not be expected to require “food-grade” lubricants are now subject to these food safety requirements.
One of the FSMA requirements stipulates that plants must have a food safety plan and that this plan be documented and developed with a preventive controls qualified individual (PCQI), who must be trained by a Food and Drug Administration (FDA) training partner. Someone in your organization should be designated as the responsible party at your plant and serve as a liaison when the FDA arrives for an inspection.
There are seven critical items or steps that are essential for the success of a lubrication program with regards to the FSMA. To help you remember these steps and to limit the liability for both you and your company, remember the following:
List the steps in the manufacturing process.
Identify the hazards associated with each step of the process.
Assess the severity of the hazards.
Balance the risk versus the benefit.
Limit the risk with appropriate controls.
Ensure the controls are sufficient.
Finally, make sure the entire process has been documented and that those records are available to be produced on demand for an FDA inspector. This is a merger of the seven points identified for a Hazard Analysis Critical Control Points (HACCP) survey and the Operational Risk Management (ORM) process from the U.S. Navy.
An unspoken prerequisite is to gather your team. This works much better if the team is cross-functional and made up of operators, maintenance, reliability, management, procurement and all others who have even the most remote knowledge of the system. Once this is done, use a plant diagram to show the major steps in the production process and to break each machine or step into smaller pieces.
For example, while baking might be considered one step, there are the smaller steps of putting the pie into the oven, baking it and taking the pie out of the oven before it goes to packaging or cutting, etc. When thinking about the oven, look deeper. Is there a blower or a conveyor? The process flow diagram should be as granular and detailed as possible, so you are better equipped to identify the hazards when you reach the next step.
This is the complete picture of what is expected to happen; it assures all elements of the process or step are evaluated for potential sources of risk. From this, construct a chronological or sequential list of the major events and tasks in the process, breaking it down into manageable phases.
A hazard is any condition with the potential to negatively impact the manufacturing process or cause “adulteration” of the food product. Hazard identification is the foundation of the entire risk mitigation process. If a hazard is not identified, it cannot be controlled. The effort expended in identifying hazards will have a multiplier effect. Therefore, this step should be allotted a larger portion of the available time.
There are a few basic actions to be completed in this step. First, list the hazards. With the mission or task mapped out, each event in the sequence is reviewed for hazards. Hazards can be identified in many ways and from many sources. It is important to involve the operators and those with applicable experience.
Review any appropriate reports, lessons learned and policies. If time permits, solicit additional expertise. Brainstorming is useful in this preliminary hazard analysis (PHA) to identify hazards. Asking “what if” as a means of thinking about what could go wrong can help build on the PHA or uncover additional hazards.
Second, determine the hazard root cause. Make a list of the causes associated with each identified hazard. Often, a hazard may have multiple causes, but it is important to identify the root cause. The root cause is the first link in the chain of events leading to mission or task degradation. One technique to help determine a root cause is to keep asking why. With the causes identified, risk controls can be applied to mitigate the risk.
For this paper, we will limit the hazards to those that might result in chemical adulteration of the product, specifically those that would lead to lubricants getting into the process. Using the previous example of the oven, we determined that there is an in-feed conveyor. What are the components of that conveyor that may be lubricated? The drive motor, gearbox, pulley bearings, carriage rolls, etc.? For the oven, is there a conveyor, fan or several fans that may have a motor or bearings that require lubrication? The obvious hazard here is the product adulteration by lubricants.
For each identified hazard, determine the associated degree of risk in terms of probability and severity. Although not required, the use of a matrix may be helpful in assessing hazards. For this step, identify both the probability of the hazard creating a problem and the severity of the issue that may be created. The matrix shown below was employed by the U.S. Navy to determine a risk assessment code (RAC):
Obviously, the catastrophic and critical risks are not likely to apply to lubricant-related chemical adulteration; however, this model could be useful across the plant for all risk mitigation opportunities.
The severity is an assessment of the potential consequence that can occur due to an identified hazard. In the example above, it is defined by the degree of injury, illness, property damage, loss of assets or effect on the manufacturing process. The probability is an assessment of the likelihood that a potential consequence may occur due to a hazard.
Some biases must be identified and addressed, as outlined in the Navy’s ORM instructions:
Over Optimism – Not being totally honest or not thoroughly looking for root causes.
Misrepresentation – Individual perspective may distort the data.
Alarmism – “Worst case” estimates are used regardless of their possibility. (This does need to be balanced with the “reasonably foreseeable” criteria as identified in the FSMA.
Indiscrimination – All data is given equal weight.
Prejudice – Subjective or hidden agendas are used as facts.
Inaccuracy – Bad or misunderstood data nullify accurate risk assessment.
Enumeration – Difficulty in assigning numerical value to human behavior
Accept no unnecessary risk. Naval Doctrine Publication 1 states, “We should clearly understand that the acceptance of the risk does not equate to the imprudent willingness to gamble. Only take risks that are necessary to accomplish the mission.”
It’s been said that risk is related to gain. Normally, greater potential gain requires greater risk. Many companies are built upon principles of seizing the initiative and taking decisive action. The goal of this process is not to eliminate risk that is not an attainable or even realistic goal, but to manage risk so that the continued production can be accomplished with the minimum amount of risk possible.
If the risk outweighs the benefit or if assistance is required to implement controls, communicate with a higher authority in the chain of command. It is important to make the risk versus benefit decisions at the right level. The Navy’s ORM decisions are “made by the leader directly responsible for the operation.” Prudence, experience, judgement, intuition and situational awareness of leaders directly involved in the planning and execution of the mission are critical elements in making effective ORM decisions. This would include the plant manager, as well as the individual department heads or supervisors. The three critical parts to this step are to identify the control options, determine the effect of these controls on the hazard and decide how to proceed.
To determine appropriate controls, the Navy has identified the following examples of the criteria:
|Suitability||Control removes the threat or mitigates (reduces) the risk to an acceptable level.|
|Feasibility||Has the capability to implement the control.|
|Acceptability||Benefit or value gained by implementing the control justifies the cost in resources and time.|
|Explicitness||Clearly specifies who, what, where, when, why and how each control is to be used.|
|Support||Adequate personnel, equipment, supplies and facilities necessary to implement a suitable control are available.|
|Standards||Guidance and procedures for implementing a control are clear, practical and specific.|
|Training||Knowledge and skills are adequate to implement a control.|
|Leadership||Leaders are ready, willing and able to enforce standards required to implement a control.|
|Individual||Individual personnel are sufficiently self-disciplined to implement a control.|
Numerous control options can be used to avoid or reduce risk. These include:
Reject the Risk. If overall risks exceed benefits or value, do not take the risk. Without the authority to apply the proper or necessary controls, rejecting the risk is a valid option and a way to elevate the risk to the proper level.
Avoid the Risk. It may be possible to avoid specific risks by “going around” them or doing the mission or task in a different way. This might present other hazards that need to be identified and assessed.
Delay an Action. If there is no deadline or value to speedily accomplish a mission or task, it may be possible to reduce the risk by delaying the task. Over time, the situation may change, and the risk may be eliminated, or additional risk control options may become available (additional resources, new technology, etc.), reducing the overall risk.
Transfer the Risk. Risk may be reduced by transferring all or some portion of the process to another individual, department or plant that is better positioned, equipped or staffed. Transference decreases the probability or severity of the risk to the total force.
Compensate for the Risk. To ensure the success of critical missions or tasks and to compensate for potential losses, assign redundant capabilities. For example, tasking a unit to deploy two aircraft to attack a single high-value target increases the probability of mission success, just like having spare parts in the case of an equipment malfunction.
Among the types of controls include engineering, administrative and physical controls. Engineering controls use engineering methods to reduce risks by design, material selection or substitution when technically or economically feasible.
Administrative controls reduce risks through specific administrative actions, such as providing suitable warnings, markings, placards, signs and notices; establishing written policies, programs, instructions and SOPs; conducting job and risk mitigation training; and limiting the exposure to a hazard (either by reducing the number of assets or personnel, or the length of time personnel are exposed). Physical controls take the form of barriers to and guards against a hazard, such as personal protective equipment (PPE), fences or special oversight personnel.
With the controls identified, the hazard should be re-assessed, taking into consideration the effect the control will have on the severity and/or probability. This refined risk assessment determines the residual risk for the hazard, assuming the implementation of selected controls. At this point, it is also appropriate to consider the cost (personnel, equipment, money, time, etc.) of the control and the possible interaction between controls. Do they work together?
Once the risk control decisions are made, the next step is implementation. This requires that the plan is clearly communicated to all involved personnel, accountability is established, and necessary support is provided. Careful documentation of each step in the HACCP process facilitates risk communication and the rational processes behind the HACCP decisions.
To make the implementation directive clear, consider using examples, providing pictures or charts, including job aids, etc. Provide a roadmap for implementation, a vision of the end state, and description of expectations. Controls should be presented so they will be received positively by the intended audience. This can best be achieved by promoting user ownership.
Accountability is important for effective HACCP. Ultimately, the accountable person is the decision-maker or the individual responsible for accomplishing the mission or task. However, successful implementation requires delegation of risk control actions. Those assigned should acknowledge the responsibility and be held accountable for the implementation.
A properly applied control has the best chance for successful implementation. In addition to ongoing participation of leadership, this requires providing the personnel and resources necessary to implement the control measures, designing sustainability into the controls from the beginning, and employing the control with a feedback mechanism that will provide information on whether the control is achieving the intended purpose.
Determine the effectiveness of risk controls throughout the process or step. This involves three actions: monitoring the effectiveness of risk controls; determining the need for further assessment of all or a portion of the mission or task due to an unanticipated change; and capturing lessons learned, both positive and negative.
Monitor the operation to ensure controls are implemented correctly, are effective and remain in place. Action should be taken to correct ineffective risk controls and re-initiate the HACCP process in response to new hazards. Risks and controls must be re-evaluated any time personnel, equipment or mission tasks change, or new events are anticipated in an environment not identified in the initial HACCP.
When controls are applied and during the manufacturing process, a continuous systematic review must be accomplished to see if the risks versus the benefits and value are balanced. To determine if appropriate HAACP controls were applied, compare the earlier risk assessment to the present risk assessment.
To accomplish an effective review, those responsible for the process or step should identify whether the actual cost is in line with expectations and determine what effect the risk control had on mission or task performance. It is difficult to evaluate the risk control by itself; therefore, the focus should be on the risk mitigation relative to the process or step.
Measurements are necessary to ensure accurate evaluations of how effectively controls reduce risks. Measurement can be done by simple observation, talking with personnel or through more formal after-action reports, surveys and in-progress reviews.
A review by itself is not enough. A process or step feedback system should be established to ensure that the corrective or preventive action taken was effective and that any newly discovered hazards identified during the process or step are analyzed and corrective action taken.
It is essential that the feedback system be designed to inform all involved personnel, provide input back into the HACCP process during execution of the process or step, offer input into a “lessons learned” database for use by others or for the next event, and provide for formal or unit level training updates or revisions.
To summarize, make a list of the manufacturing process. Identify the hazards associated with each step. Assess the severity of the hazards. Balance the risk versus the benefit. Limit the risk with appropriate controls. Ensure the controls are sufficient. Follow these six steps and document every step of the process. This will greatly reduce the risk of not meeting the FSMA requirements.