I recently took the AIBI Food Defense Coordinator training. This went in depth into the law (21 CFR 121 Mitigation strategies to protect food against intentional adulteration) and industry best practice in food defense. It was a good class and I recommend it.
However, has anyone noticed the incongruity between the FDA's suggested mitigation strategies and the requirements of the regulation? If you look at the suggested mitigation strategies, most of them do not seem to consider the possibility of an inside attacker.
Anyway, my main reason for posting is that I work in the process industry and we have a facility that produces spray-dried dextrose that is run 24/7 in three shifts with only one operator per shift. How can I implement mitigation strategies to actionable process steps when I have to consider that the one operator will be the attacker? Alarms, key control, peer monitoring, authorized personnel areas, etc. do not work when there is only one person running the process. And no, we cannot hire more people.
Any input is appreciated.