8 replies to this topic

[George @ Safefood 360°]

Hi All, 

 

Members might be interested in reading my latest blog on the subject of control measures in food safety and my perspective on how we need to give this area some serious thought and hopefully discussion. Would love to hear members insights on the subject. 

 

Regards, 

 

George

 

http://safefood360.c...es-food-safety/

[jel]

That was an excellente paper. In the case of the metal detector, I had always argued that could managed as a PCC as a oPPR.

 

Best regards

[Charles.C]

Hi George,

 

Re - Blog,

 

I was mentally agreeing with lots of yr comments up to RAACP but there you lost me.

 

I guess some definitions and examples might have illuminated the idea a bit.

 

I can offer a few somewhat scrambled impressions on the overall scene.

 

Offhand, i would suggest that the methodology in the now antique Dutch Haccp offered an equally  coherent/simple approach than that attempted in  ISO22000 while still enabling a pseudo-oprp type philosophy. Not that it doesn't also have some dubiousnesses but then what doesn't in a subjective baseline?

 

Might also comment that the "vector" concepts currently in some vogue offer some further thought on oprp directions albeit from perhaps partly commercial motivations (eg selling books) as well as purist logics.

 

Some people have interpreted  ISO22000 into CCP/OPRP straight from the risk matrix. It seems to me that one cannot get much simpler than that. Obviously by-passes some iso core thinking though.

 

Other people have tried to be true to the ISO vision and interpret OPRP based more on conceptual modifications of the traditional Codex tree.  IMO this demands a fusion of heavy thinking into a simple calculative procedure. Unfortunately three into five won't go, at least in the ISO22000 framework. The result was the ambiguous iso definitions/decision rules. And very shortly iso22004.

 

But I applaud your putting the issues out there since discussions are rare these days. Maybe due to auditor capitulation ?

 

And some expansion of yr RAACP, ie applications might be informative.

 

Rgds / Charles

[Charles.C]

Hi George,

 

Bit 

(Hopefully of some iso relevance) -

 

Just as an example of the possible confusion over oprps, I have enclosed a (partial) “oprp” extract from a generally excellent  document on haccp validation to enable a little extended analysis on iso control measures -

 

oPRPs are identified by the hazard analysis. If a loss of control occurs, actions need to take place to bring the process back into control. However, controlling an oPRP does not prevent or eliminate a food safety hazard or reduce it to an acceptable level. Controlling an oPRP does reduce the likelihood of introducing a food safety hazard or the proliferation of an existing food safety hazard in the products or the processing environment. oPRPs must be validated, verified and monitored to ensure effectiveness of the food safety system.

 

http://www.foodsafet...afety-controls/

 

One might criticize the terminological use in above extract, eg (referring to the red portion), as per iso22004 - 7.1[a], one does not control an oprp, it is more the oprp which “manages” a control measure so as to control a [significant] hazard to an acceptable level. In the minimal limit, an oprp is a single control measure (or a PRP in iso def. )

 

 IMO it is a fact that the concept of “Validation” is used in various ways in both  iso22000/22004. As illustrations  –

 

iso22000

(i) 3.15 validation

(food safety) obtaining evidence that the control measures (3.7) managed by the HACCP plan and by the operational PRPs (3.9) are capable of being effective

(ii) [8.2] Prior to implementation of control measures to be included in operational PRP(s) and the HACCP plan and after any change therein (see 8.5.2), the organization shall validate (see 3.15 [!!]) that a)the selected control measures are capable of achieving the intended control of the food safety hazard(s) for which they are designated, and b) the control measures are effective [!!] and capable of, in combination, ensuring control of the identified food safety hazard(s) to obtain end products that meet the defined acceptable levels.

 

iso22004

(a)[7.4.4] Subclause 8.2  of  ISO 22000:2005  requires  that  validation  demonstrates  that  the  combination  of  control measures  is capable  of achieving the intended  level  of control.

(b)[7.8] Validation  is  an  assessment  prior  to  operation,  the  role  of  which  is  to  demonstrate  that  individual  (or  a combination of) control measures are capable of achieving the intended level of control.

©[8.2] The  validation  process  provides  assurance  that  the  combination  will  deliver  products  that  meet  identified acceptable levels

 

Comments

 

Regarding extracts (i – c) above,  there are possible ambiguities due to terms like  “effective”, “intended level of control”, “acceptable level of control”, “in combination”. More precisely –

 

 (i) is rather meaningless unless “effective” is itself defined, eg explained / quantitated. IMO Ambiguous.

(ii) is IMO a clear statement of intent.

(a) is incompatible with (ii) unless “intended” >> “acceptable”. IMO Ambiguous.

(b) is also incompatible with (ii) unless, for a combination, “intended” >> “acceptable”. IMO Ambiguous.

© is compatible with the relevant part of (ii). Probably the most definitive comment in iso22004.

 

IMO the above implies –

 

(1) an oprp can consist of a single of multiple control measures.

(2) an oprp consisting of a  single control measure may/may not achieve control of a significant hazard to a defined  acceptable level, ie it may achieve an “intended” control. However in the latter case the further specification of an appropriate combination of  associated control measures so to enable achievance of  a  defined “acceptable level” for the hazard would presumably be mandatory.

 

Referring to the initial extract / red text, it is unclear whether a “single” or “multiple” oprp is under consideration. IMO, if a finalized multiple case, the text is incorrect, if a single case it may/may not be correct depending on the stated “intended" control.

 

Some Decision Trees do use the ability of a control measure to individually achieve control of a significant hazard to a defined acceptable level as a primary criterion to separate a CCP from an  oprp (eg “total power” concept). This may have been the implicit intent behind the red text as stated. Or it may simply have been by analogy to the use of the CP terminology. Other trees maybe use a wider blend of parameters from the set in  iso22000 / 7.4.4 (a-g) to make  conclusions.

 

Rgds / Charles

[George @ Safefood 360°]

Hi Charles,

Many thanks for this which is really excellent work. The references provide a great deal more insight into oPRP's and where the ISO may be coming from. However, I think it also brings out the fact that the oPRP still remains something of an unknown quantity. The quote you provide is excellent. It states oPRP are identified by hazard analysis. If we take CODEX as the methodology for this then part of this HA includes a risk assessment. This is fine however if we look at GFSI standards such as the BRC, it requires PRP's (which I presume would include operational types) to be risk assessed. This brings us to a point where we need to risk assess, identify a PRP as a measure of control and then risk assess it again?

 

When we look at the red segment of the quote However, controlling an oPRP does not prevent or eliminate a food safety hazard or reduce it to an acceptable level. 

 

Again here we need to scratch our heads a little. This implies that a CCP does in fact prevent or eliminate a food safety hazard to an acceptable level which as we all know is not always the case. Certain CCP's  like irradiation and UHT processes fall neatly into this definition but many CCP's I have seen do not provide this absolute level of control. So what does mean for the CCP. Does is being to fall under the oPRP definition and does it really matter? Charles this is my core point, we simply need to create a model which reflects what we do 1. Risk Assess 2) Install an appropriate control measure 3) Validate 4) Verify  

 

The issue of acceptable levels is compelling. If you look at how scientific bodies determine Acceptable Levels e.g. ALOP they do so using risk assessment (WHO, CODEX, EU) and do not concern themselves with labels when producing risk management (control) measures. Why? because they dont need to. They feed the data into regulations and ultimately HACCP where they are applied, once the industry gets beyond the pointless CCP not a CCP debate.

 

Charles I always look forward to your analysis on subjects like these. In advance of Food Safety Live I intend to develop a more detail working model on RAACP which i will put up on the forum. It is something I would like to validate against existing Hazard and risk models currently being used to see can be achieve the same or better FSM without the complex models in use.

 

George 

[Charles.C]

Hi George,

 

Thks for comments. I've had limited involvement with serious RA techniques recently as hardly utilised on this forum/GFSI common inhabitants AFAIK. Presumably same reason as absence of things like FMEA, not simple enough.

 

No argument that some sophisticated risk assessment/modelling has done wonders in the QMRA microbiological field. And, although less publicised, in some qualitative arenas also (eg in ANZFA publications).

 

 

This is fine however if we look at GFSI standards such as the BRC, it requires PRP's (which I presume would include operational types) to be risk assessed. This brings us to a point where we need to risk assess, identify a PRP as a measure of control and then risk assess it again?

 

 

AFAIK, BRC has (so far) no interest in ISO’s concept of OPRPs ?. The ISO approach avoids RA for PRPs of course, via  documents like ISO22002 family.

 

Again here we need to scratch our heads a little. This implies that a CCP does in fact prevent or eliminate a food safety hazard to an acceptable level which as we all know is not always the case.

Well, if not validatable as achieving PERHAL*, the control measure could not be associated with a CCP from an ISO POV ? (a necessary but maybe not ISO-sufficient criterion).  it may of course also depend on  the interpretation of “acceptable level”. ?  A lack of  stateable/validatable critical limits is one criterion sometimes used to (easily) define OPRPS. Many once-debated CCPs (and OPRPs) are now typically being regarded as classic PRPs, eg receiving raw materials. RA by evolution.

 

! do agree with you that the “acceptable level” aspect of iso22000 is an unsatisfactory concept  although iso22004 attempted to clarify the matter a little via para. 7.4.2 (albeit nearly 10 years ago).

I investigated the area of  FSOs/ALOPs in respect to HACCP/iso22000 a few years back. The text Micro-organisms in Foods Vol 7 (?) goes into the (haccp) related aspects in some detail. But I ultimately got the impression that for haccp these concepts had/have somewhat reached the status of a dead end. Examples of a FSO-type analysis have been published for is022000 but they are rare.

 

Whatever, if you can assemble a RA system which is reasonably intelligible to the average user (ie unlike current ISO-haccp) and delivers equally proactive but perhaps more coherent results than traditional haccp IMO you will definitely be onto something. I look forward to seeing the details you mention.

 

* PERHAL = prevent, eliminate, or reduce a hazard to an acceptable level

 

Rgds / Charles

 

PS – Some of my comments, eg FSO, were assisted by this 2011 document –

 FS Risk Management.pdf   378.42KB   173 downloads

 

PPS - added later - Maybe one more (extended) comment  to yr 4-stage RA summary. The logic IMO is impeccable, but the implementation likely to be a jungle.

 

i suggest a fundamental difficulty will always reside in that the decision step in (1) will be subjective and hence debatable.

And in many cases the decision in step (2) regarding an "appropriate" control measure will be equally subjective. And debatable.

And then we come to validation ....

 

No wish to be pessimistic but I suspect that a generic, probabilty-based approach to hazards as are typically linked to food safety is often going to generate, as you mention, a mixture of determinate (eg cooking) and indeterminate  (eg fresh produce) control measures. This equally blurs the validation aspect.

So to present any kind of  unified solution will need to cover a very wide scope. IMO this is where iso22000 floundered ca. 2005. I have considerable respect for the original FS logic behind iso22000 but IMO the current version is a bootstrapped mess as far as the haccp portion goes. Should have been revised 5 years ago.

[MCIAN]

Hi George!

 

Granting that we use your RAACP system, is there already a scoring matrix so we can arrive at a PRP, OPRP, CCP label?

 

I totally agree with you that this is going to make our lives simpler.

Actually, i already did this with our recent HACCP Study revision using the following guide:

      Risk = 0-3 = PRP

                 4-6 = OPRP

                 7-9 = CCP

 

The BRC IOP auditor had no negative comment on this.

 

Regards

 

  

[Charles.C]

Hi George!

 

Granting that we use your RAACP system, is there already a scoring matrix so we can arrive at a PRP, OPRP, CCP label?

 

I totally agree with you that this is going to make our lives simpler.

Actually, i already did this with our recent HACCP Study revision using the following guide:

      Risk = 0-3 = PRP

                 4-6 = OPRP

                 7-9 = CCP

 

The BRC IOP auditor had no negative comment on this.

 

Regards

 

  

 

Dear MCIAN,

 

Congratulations on yr simplified version of ISO-HACCP. 

 

In fact it has similarities to an extension of Dutch HACCP, ie GMP+,  -

 

 GMP plus.pdf   709.11KB   166 downloads

 

However you might be slightly criticised by ISO for "transferring" their copyrighted control measure.

 

One trusts  that the upcoming revision of ISO22000 will take due note of  the "simplicity" concept.

 

Rgds / Charles.C

[Charles.C]

Hi George

 

I read through yr white paper and viewed yr webinar with much pleasure.

 

i have a slightly involved query which hopefully will be understandable from the following. I realise this post reiterates parts of the previous posts but i hope i have slightly expanded the, IMO, conundrums involved.

 

As implicitly stated in both presentations,  there are a variety of  fuzzinesses in the iso22000 standard  regarding the specific nature of an oprp, eg -

(1) The intention of  the definition text  “control the likelihood of introducing .....” as compared to the  more explicit wording for a CCP. (“Likelihood” could theoretically be 0.01 to 100%?)

(2) The validation of an oprp as required by the standard, (which must presumably overlap (1)).

 

It appears to me that in the context of achieving a safe product, any control measure (CM) (or combination of CMs) chosen subsequent to the hazard analysis must be validatable as achieving better than or equal to the initially stated “acceptable level” of a relevant significant hazard. (strictly the standard only offers  CCPs / oprps as CMs generatable for this purpose).

 

i deduced from yr white paper/video** that in yr opinion a single CM can  sometimes  be regarded as an oprp when achieving a control of the hazard somewhat less than the initially specified “acceptable level” (eg via reducing the so-called “likelihood” /  more equating to a  US - CP). If so, I then wondered how one selects  an equivalent  “reduced” validation to allow for this decreased capability and yet remain compliant  with the (validation-related) text in the iso22000/22004 documents. ( added - I guess one route to avoid a conflict would be if the oprp were part of a combination of CMs so as to control a specific hazard but I have not noticed mention of such a restriction in published documents)

 

** eg the blog discussion on oprp/metal detector (as compared to, say, the oprp staging in decision tree), and the sliding scale depiction of relative CM capability in video

 

Any thoughts ?

 

Rgds / Charles

 

PS - regarding yr BRC/oprp point earlier, i rather doubt that BRC have much interest in oprps in the iso sense. FWIW one of the original iso22000 designers clearly states (in his iso22000 book) that the oprp is definitely not a prp anyway.

 

PPS –  I accept that many people prefer using decision trees since they quickly home in on an answer and i can also see the attraction for PC-purposes. But i keep finding myself reverting to the direct numerical approaches so as to replace all the semantic ins-and-outs with the, unarguably,  equally subjective but (IMO) more "pleasing"  numbers.

And meantime, most people are probably using straight Codex Trees anyway with no ISO auditorial problems !.

 

(added later) 3PS - It is amazing to me that in nearly 10 years, ISO / standard's design team has AFAIK never offered a single (accessible) process example to illustrate the visualized implementation of the oprp concept (the draft standard prior to final format did contain a  diagrammatic decision tree contemplated for inclusion/assistance  within the issued standard but this was  eventually omitted, possibly due to being over-precise as compared to the ambiguity of the chosen text.