Risk analysis is a process that helps manufacturers identify and manage potential problems in their process or facility. A food defense risk analysis model has three components: risk assessment, risk management, and risk communication. Risk assessment refers to rating the severity and likelihood of a certain hazard or threat. Risk management refers to making decisions on how to control hazards and implement mitigation strategies.
Remember, no two facilities are identical. Different pieces of processing equipment, different policies and procedures, and different workforces, all mean that organizations conceive of risk, parse out risk factors, and assess risk factors differently. Every organization should determine the method it deems best to meet the Intentional Adulteration Rule’s (IA rule) requirements.
Food Defense Threat vs Food Safety Hazard
A key difference between a food defense threat assessment and a food safety hazard analysis is how one goes about assessing risk. While the Preventive Controls rule requires hazard analysis, the Food Defense Rule discusses vulnerability assessment. Thus, the Food Defense Rule is concerned with where an intelligent adversary might introduce a contaminant into the supply chain.
Learn more about the difference between food safety and food defense here.
What is a Food Defense Threat Assessment?
A food defense threat assessment (risk assessment) consists of three parts: context assessment, criticality assessment, and vulnerability assessment. While context and criticality assessments are not required by the IA rule, they help to provide key insights into the health and possible weak points of your facility's food defense system.
A context assessment looks at the kind of product being produced in terms of realm and role in the food system. Again, a context assessment is not required by the IA rule but is encouraged as a best practice as it helps manufacturers consider factors that affect the incentive and opportunity of an intelligent adversary to cause a food defense incident.
A criticality assessment encourages food producers to consider critical points in your supply chain that affect its resilience in the event of a food defense incident upstream, internally, or downstream at your facility. A criticality assessment includes supply chain mapping and documentation, a criticality assessment of supply chain components, and targeted further risk assessments. The goal of this assessment is to ensure that when something is received into your plant, you know that IA rule compliance from the previous supplier is in place, and you do not inadvertently bring an adulterant into the plant.
A vulnerability assessment is required by the IA rule. It requires assessing public health impact (e.g. severity and scale), degree of physical access to the product, and the ability of an inside attacker to successfully adulterate the product. The easiest method to conduct the vulnerability assessment is by key activity types. Key activity types are FDA-identified categories of food manufacturing processes that are most vulnerable to adulteration.
To learn more about food defense vulnerability assessments and key activity types, click here.
Food defense risk analysis is critical to maintaining the integrity of your food defense plan. For a more in depth walkthrough of conducting a food defense risk analysis, and to learn. more about food defense risk management and food defense risk management best practices, consider Zosi and FPDI’s Food Defense Manager online course.