8 replies to this topic

[Jesus A.]

Hello,

 

I'm currently trying to update our files and one thing the auditor brought up that we currently do not have is Food Fraud within the Food Defense Plan. We are a 3PL in Storage and Distribution only. We do not own the product and it's the customer that decides what to bring in. I understand that the product will be under our control, however, I'm not sure how to exactly add food fraud from a 3PL standpoint. I've searched this forum and tried other methods and cannot come up with any answers. Any help will be greatly appreciated.

 

Thanks,
Jesus

[LostMyMind]

Sometimes I've ended up doing negative analyses for an audit and/or auditor.  We looked at this and were unable to determine any means by which this impacts us.  In this case, I think that they are wanting you to consider what could happen and document what steps you are taking to lower that risk.

 

For storage, substitution, theft/diversion and mislabeling would be the more likely possibilities to me (that I can think of).  I would just do an analysis and explain why the different food fraud categories couldn't occur and/or what steps you have in place to help prevent them from occurring.  Things like pre-screening of employees, cameras, security systems, rabid chihuahuas, inventory audits, limited access, etc.  There are a number of food fraud templates available on this forum that you could use to get started.  Depending upon the complexity involved, it's a couple of hours probably.  

 

Basically, the auditor wants to make sure that you've thought about this and have steps in place to reduce the risk.  Odds are you are already doing what you need to; just get it down on paper for them (and come up with an easy way to inspect it).

 

Anyway, my 2-cents....

 

Good luck,

Todd

 

 

[Fred73]

Hi Jesus this is a very good point to discuss, because I have seeing auditors decide that Food Fraud was not applicable for storage and distribution, since all the products are in boxes, or double boxes and sealed, and others auditors wanted to review the policies and how we cover the code requirements.

I will recommend conduct a vulnerability assessment of the product that you site handle, divide the products by risk level and analyze who handle this product, if it is coming direct from the supplier or not, etc. then create a food fraud mitigation plan to mention how you will control this vulnerabilities if any was found. Use the website foodfraud.com for statistics.

 

At the end you have to consider that food fraud is possible in different steps of the chain and you have to explain how do you cover that when the product is under your control and if it is there any potential risk.

[arahman]

Hi Jesus,

 

We are a distributor/importer and haven't come across Food Fraud questions yet. We only do have AIB audits for now and are considered 'low' risk.

 

I have though done a risk assessment and have the following  added to my Risk Assessment Matrix.

 

Supplier trace-ability system

Allergen

Country of Origin

Intended End User

 

Vulnerability Assessment(Based on Product Form, End User and Country of Origin)-Low/medium/high

Historical Evidence(media, for Canada CFIA recalls, for US FDA recalls and so on)

 

Finally have Risk Level(low/medium/high)

 

 

 

 

 

I agree with Todd's post although I think that is related more to Food Defense rather than Food Fraud as in for economic gain. As our mitigation steps, i added our supplier approval and monitoring process, audits, third party audit reports and so on.

Edited by arahman, 24 October 2019 - 08:12 PM.

[mgourley]

You certainly have to include rabid chihuahuas in any vulnerability assessments.

Seriously though, since you are in the US, you simply need to follow the guidance set forth by the FDA for their Intentional Adulteration rule.

 

If any of your operations are not a "Key Activity Type" under the rule, you simply have to have a documented plan that shows that none of the process steps in your facility are KAT's and justify why they are not.

 

Could an internal or external attacker enter your facility, open a box of the product you have stored there and contaminate that product. Sure. But since it's not a KAT, you don't have to have mitigation strategies, record keeping, monitoring, etc.

Don't make it difficult.
 

Marshall

 

[Charles.C]

Hello,

 

I'm currently trying to update our files and one thing the auditor brought up that we currently do not have is Food Fraud within the Food Defense Plan. We are a 3PL in Storage and Distribution only. We do not own the product and it's the customer that decides what to bring in. I understand that the product will be under our control, however, I'm not sure how to exactly add food fraud from a 3PL standpoint. I've searched this forum and tried other methods and cannot come up with any answers. Any help will be greatly appreciated.

 

Thanks,
Jesus

 

Did you look at the SQF Guidance ?

 

Just as a (small) example portion -

 

‘Vulnerabilities’ need to be identified in incoming materials and products, and within the site.  Not all materials and products are subject to risk, and the highest risks may be from minor or infrequent products that originate from sensitive geopolitical areas, or suppliers with poor past histories.  Products and materials can be prioritised based on perceived risk.
Within the site, vulnerabilities may include the potential for intentional or accidental substitution, dilution, or adulteration.  The question that needs to be asked is “who benefits financially from internal food fraud?”
Mitigation strategies will be developed based on the identified vulnerabilities. 

 

 

TBH, the entry/requirements look much the same as that given for food manufacturers.

To me, the "within" part seems yr logical responsibility.

How much this connects to previous Post no idea (not in USA).

[Fred73]

Just to clarify, since Jesus's site is only storage and distribution in relation to FDA requirements for 21 CFR 121 his site is exempt of a "Food Fraud plan" as detailed in 21 CFR 121 Subpart A 121.5 (b).

 

https://www.accessda...ch.cfm?fr=121.5

 

Anyway you still have to create your Food Fraud plan to cover GFSI standards requirements. 

Edited by Fred73, 29 October 2019 - 06:37 PM.

[Charles.C]

Just to clarify, since Jesus's site is only storage and distribution in relation to FDA requirements for 21 CFR 121 his site is exempt of a "Food Fraud plan" as detailed in 21 CFR 121 Subpart A 121.5 (b).

 

https://www.accessda...ch.cfm?fr=121.5

 

Anyway you still have to create your Food Fraud plan to cover GFSI standards requirements. 

 

Yes, the OP referenced SQF.

 

Out of curiosity, does the OP automatically have to abide by FDA's requirements also ? (Perhaps this is not a simple question, eg relates to foods handled?)

[JBright11]

Good Day,

I am struggling a bit with documenting a vulnerability assessment for food Fraud for SQF 8.  We are a 3PL that operates under the following conditions: 

1. We have no ownership interest in the products received, stored, and shipped on behalf of our customers.
2. Product requirements and specifications are solely in the control of our customers and the only specifications United must ensure is the proper receipt, storage, and shipment of their products.
3. Products are only received, stored, and shipped for properly qualified customers.
4. Products are packaged and labeled when received and no product is exposed to the environment or further processed.
5. No economic motivation for adulteration exists within United Warehouse operations as our compensation is based upon the movement of goods, not the contents of the final products distributed or the value derived or profit generated to the customer owning the product

We only handle dry ambient stored ingredients and finished product and packaging.  We also are exempted by FDA as listed above.  Is it possible to be exempted from this specific element of the SQF storage and distribution standard?

 

Regards,

Jamie