10 replies to this topic

[Jesus A.]

Hello,

 

I'm currently trying to update our files and one thing the auditor brought up that we currently do not have is Food Fraud within the Food Defense Plan. We are a 3PL in Storage and Distribution only. We do not own the product and it's the customer that decides what to bring in. I understand that the product will be under our control, however, I'm not sure how to exactly add food fraud from a 3PL standpoint. I've searched this forum and tried other methods and cannot come up with any answers. Any help will be greatly appreciated.

 

Thanks,
Jesus

[LostMyMind]

Sometimes I've ended up doing negative analyses for an audit and/or auditor.  We looked at this and were unable to determine any means by which this impacts us.  In this case, I think that they are wanting you to consider what could happen and document what steps you are taking to lower that risk.

 

For storage, substitution, theft/diversion and mislabeling would be the more likely possibilities to me (that I can think of).  I would just do an analysis and explain why the different food fraud categories couldn't occur and/or what steps you have in place to help prevent them from occurring.  Things like pre-screening of employees, cameras, security systems, rabid chihuahuas, inventory audits, limited access, etc.  There are a number of food fraud templates available on this forum that you could use to get started.  Depending upon the complexity involved, it's a couple of hours probably.  

 

Basically, the auditor wants to make sure that you've thought about this and have steps in place to reduce the risk.  Odds are you are already doing what you need to; just get it down on paper for them (and come up with an easy way to inspect it).

 

Anyway, my 2-cents....

 

Good luck,

Todd

 

 

[Fred73]

Hi Jesus this is a very good point to discuss, because I have seeing auditors decide that Food Fraud was not applicable for storage and distribution, since all the products are in boxes, or double boxes and sealed, and others auditors wanted to review the policies and how we cover the code requirements.

I will recommend conduct a vulnerability assessment of the product that you site handle, divide the products by risk level and analyze who handle this product, if it is coming direct from the supplier or not, etc. then create a food fraud mitigation plan to mention how you will control this vulnerabilities if any was found. Use the website foodfraud.com for statistics.

 

At the end you have to consider that food fraud is possible in different steps of the chain and you have to explain how do you cover that when the product is under your control and if it is there any potential risk.

[arahman]

Hi Jesus,

 

We are a distributor/importer and haven't come across Food Fraud questions yet. We only do have AIB audits for now and are considered 'low' risk.

 

I have though done a risk assessment and have the following  added to my Risk Assessment Matrix.

 

Supplier trace-ability system

Allergen

Country of Origin

Intended End User

 

Vulnerability Assessment(Based on Product Form, End User and Country of Origin)-Low/medium/high

Historical Evidence(media, for Canada CFIA recalls, for US FDA recalls and so on)

 

Finally have Risk Level(low/medium/high)

 

 

 

 

 

I agree with Todd's post although I think that is related more to Food Defense rather than Food Fraud as in for economic gain. As our mitigation steps, i added our supplier approval and monitoring process, audits, third party audit reports and so on.

Edited by arahman, 24 October 2019 - 08:12 PM.

[mgourley]

You certainly have to include rabid chihuahuas in any vulnerability assessments.

Seriously though, since you are in the US, you simply need to follow the guidance set forth by the FDA for their Intentional Adulteration rule.

 

If any of your operations are not a "Key Activity Type" under the rule, you simply have to have a documented plan that shows that none of the process steps in your facility are KAT's and justify why they are not.

 

Could an internal or external attacker enter your facility, open a box of the product you have stored there and contaminate that product. Sure. But since it's not a KAT, you don't have to have mitigation strategies, record keeping, monitoring, etc.

Don't make it difficult.
 

Marshall

 

[Charles.C]

Hello,

 

I'm currently trying to update our files and one thing the auditor brought up that we currently do not have is Food Fraud within the Food Defense Plan. We are a 3PL in Storage and Distribution only. We do not own the product and it's the customer that decides what to bring in. I understand that the product will be under our control, however, I'm not sure how to exactly add food fraud from a 3PL standpoint. I've searched this forum and tried other methods and cannot come up with any answers. Any help will be greatly appreciated.

 

Thanks,
Jesus

 

Did you look at the SQF Guidance ?

 

Just as a (small) example portion -

 

‘Vulnerabilities’ need to be identified in incoming materials and products, and within the site.  Not all materials and products are subject to risk, and the highest risks may be from minor or infrequent products that originate from sensitive geopolitical areas, or suppliers with poor past histories.  Products and materials can be prioritised based on perceived risk.
Within the site, vulnerabilities may include the potential for intentional or accidental substitution, dilution, or adulteration.  The question that needs to be asked is “who benefits financially from internal food fraud?”
Mitigation strategies will be developed based on the identified vulnerabilities. 

 

 

TBH, the entry/requirements look much the same as that given for food manufacturers.

To me, the "within" part seems yr logical responsibility.

How much this connects to previous Post no idea (not in USA).

[Fred73]

Just to clarify, since Jesus's site is only storage and distribution in relation to FDA requirements for 21 CFR 121 his site is exempt of a "Food Fraud plan" as detailed in 21 CFR 121 Subpart A 121.5 (b).

 

https://www.accessda...ch.cfm?fr=121.5

 

Anyway you still have to create your Food Fraud plan to cover GFSI standards requirements. 

Edited by Fred73, 29 October 2019 - 06:37 PM.

[Charles.C]

Just to clarify, since Jesus's site is only storage and distribution in relation to FDA requirements for 21 CFR 121 his site is exempt of a "Food Fraud plan" as detailed in 21 CFR 121 Subpart A 121.5 (b).

 

https://www.accessda...ch.cfm?fr=121.5

 

Anyway you still have to create your Food Fraud plan to cover GFSI standards requirements. 

 

Yes, the OP referenced SQF.

 

Out of curiosity, does the OP automatically have to abide by FDA's requirements also ? (Perhaps this is not a simple question, eg relates to foods handled?)

[JBright11]

Good Day,

I am struggling a bit with documenting a vulnerability assessment for food Fraud for SQF 8.  We are a 3PL that operates under the following conditions: 

1. We have no ownership interest in the products received, stored, and shipped on behalf of our customers.
2. Product requirements and specifications are solely in the control of our customers and the only specifications United must ensure is the proper receipt, storage, and shipment of their products.
3. Products are only received, stored, and shipped for properly qualified customers.
4. Products are packaged and labeled when received and no product is exposed to the environment or further processed.
5. No economic motivation for adulteration exists within United Warehouse operations as our compensation is based upon the movement of goods, not the contents of the final products distributed or the value derived or profit generated to the customer owning the product

We only handle dry ambient stored ingredients and finished product and packaging.  We also are exempted by FDA as listed above.  Is it possible to be exempted from this specific element of the SQF storage and distribution standard?

 

Regards,

Jamie

[cw2299]

Jamie,

 

I'm in the same boat you are and I was wondering if you ever found an answer or got further updates?

 

Thank you
Chris

[Lynx42]

I think the auditors just want something to show that 3PL's understand it's a thing.  
We have a Food Fraud Mitigation Plan (mandatory for SQF although not for FDA) that starts with the John Spink definition: 

Food fraud is a collective term used to encompass the deliberate and intentional substitution, addition, tampering, or misrepresentation of food, food ingredients, or food packaging; or false or misleading statements made about a product for economic gain. (Spink and Moyer (2011))

A statement that while exempt from the FDA we will assist all customers to the extent we can and that we are low risk due to no ownership of the food, and it is all prepackaged with no food exposure.

 

A statement of items we store that have been susceptible to food fraud world-wide (though not at our facilities): grains, oils, organic products.

 

A statement that we do not manipulate any raw materials and customers we store for are required to perform supplier approvals.

 

A statement on all the ways to perform food fraud and how they can't happen at our facility.  

Dilution, substitution, concealment, unapproved enhancements, and counterfeiting: We don't manipulate or process any exposed foods that would allow any of these activities.

 

Mislabeling: we do not do any primary package labelling and rarely do any outer package labels.

 

Grey market, theft, diversion: our customers are responsible for all transportation but we closely watch and record trailer numbers and seals and report any discrepancies. 

 

Just to make it extra fancy, I also have how to report food fraud whether it's organic or non-organic.

1. Organic fraud must be reported to the National Organic Program (NOP) and QAI.
   1. NOP NOP.guidance@usda.gov or 202-720-3252
   2. QAI qai@qai-inc.com or 858-792-3531
2. Non-organic fraud must be reported to the FDA
   1. FDA submit FDA form 3500B (MedWatch Online Reporting Form) at https://www.accessdata.fda.gov/scripts/medwatch/index.cfm
      1. Or call: <the number for reporting in my state>

This is not listed on our plan because we don't want to commit to something we wouldn't be able to handle, but our food fraud training includes asking employees to report if they happen to notice misspelling or anything that looks weird on labels or packaging.  Not to dig, just report if they happen to notice it.  

 

As far as a vulnerability assessment, I took what the SSAFE site had and pared it down and reworded it to what was pertinent to our operations separated by ingredients we store for others, finished goods, and organic goods with a justification.  It's more detailed than this and I have 15 questions, but the gist of it is:

This should be a table but it won't format...

 

Question: Have products in your facilities been in involved in previous food fraud incidents Ingredients - storage only, not used or owned by the facility

Product type:

Ingredients - storage only, not used or owned by the facility

Finished Goods    

Organic products

Likelihood of occurrence:

Unlikely to occur, No, or N/A (risk level 1): 

May or may not occur (risk level 2)

Likely to occur or Yes (risk level 3)

Justification: While there have been world-side incidents regarding some of the types of products we store, there have been no food fraud incidents in any of our facilities.

 

Would food fraud benefit the company? No, because our customers own the product.

Has the company been involved in a food fraud investigation? No

Are products easy to adulterate in the facility?  No, all products are packaged in tamper-proof or tamper-evident packaging and we have cameras throughout the building.

Are products east to counterfeit? no exposed products.

 

Both the plan and my modified assessment have passed 3 SQF audits and the only feedback was they didn't like I had a question asking if any of the CB's we've used been involved in food fraud investigations (our organic CB was 20ish years ago), so I did take that part out.

Edited by Lynx42, 03 September 2025 - 06:58 PM.