Third-party audits and food safety - Part I: What can go wrong will go wrong

The global food supply chain has become increasingly complex. Raw materials are grown on one continent, processed on another, packaged on yet another and then shipped and sold all over the world. This has led to new logistical challenges and an increase in risks to both consumers and global brands. An incident in any part of the supply chain can have legal, brand and even criminal repercussions for the food brand names.

To help mitigate such risks and to have better product traceability and control over their supply chain, many manufacturers and retailers have implemented a range of food safety management systems standards and schemes, many of which have been independently certified. For most of the world, this has driven continual improvement, helped mitigate risks, led to increased efficiencies across the supply chain and helped suppliers reduce costs. However, in the US, two food safety crises over the past three years have led certain interested parties to question the role and even complicity of both the second- and third-party certification industry in managing risks in the food supply chain.

To help put into context where we are today, we should revisit a particular incident that occurred on 13 January 2009. On that date, the Peanut Corporation of America issued a recall for products it had made over the past six months, after five people had died and more than 400 had fallen ill with Salmonella poisoning as a result of contamination. Two weeks later, the recall was extended to more than 400 consumer products made since 1 January 2007, while the toll from the contamination had reached eight dead and more than 500 sickened in 43 states, half of them children. The company’s factory in Blakely, Georgia, which was the source of the contamination, supplied some of the largest food makers in the US. The outbreak illustrated the complexities of the industrial food chain and left consumers scrambling to figure out if the food in their cabinets posed a danger. The Peanut Factory Salmonella crisis led to a fundamental review of the approach to food safety in the US.

The crisis was directly linked to the US Government’s Food and Drug Agency (FDA) and its impossible task of inspecting the plethora of US food organisations. Media articles, including an in-depth one in The New York Times, highlighted the failures in the auditing process, the lack of relevant experience of the auditor and auditing company as well as the lack of a robust standard against which the audit was carried out. The article was accompanied by a range of supporting material that included insight from key food safety stakeholders, each stating what they thought was wrong with the inspection approach to auditing in the US food supply chain and outlining possible solutions.

Out of this crisis came a new FDA plan, one which recognised the need for best practice and more knowledgeable, better skilled auditors. Addressing best practice, the FDA studied the approach to food safety taken by Australia, Holland and other nations that were considered to be more successful in mitigating food supply chain risks. To address the limited resource issue, the FDA installed a system that gave preferential treatment to organisations that could demonstrate a voluntary commitment to third-party inspection through independent audits and reports.

Note the word inspection here, as that was the part of the approach that remained unchanged after the FDA review post Peanut Factory crisis. This fact would come back to haunt the food sector less than three years later.

Fast forward almost three years and, once again, third-party auditing was at the centre of a food safety crisis in the US.

Between September and December of 2011, a cantaloupe-borne Listeria outbreak killed 30 people, the deadliest foodborne illness outbreak in the US in over 25 years. As well as the deaths, 146 people became ill and a pregnant woman miscarried.

A US federal investigation into the cantaloupe Listeria outbreak found that the farm that produced them had ignored government safety guidelines.

FDA officials who visited the Jensen Farms facility stated that the outbreak could have been prevented if Jensen Farms had maintained its facilities in accordance with existing FDA guidance. They found 13 samples of Listeria monocytogenes obtained from processing equipment and cantaloupes and cited several deficiencies in the Jensen Farms facility, such as dirty water pooling around the food processing equipment, inappropriate food processing equipment which was difficult to clean and no antimicrobial solution in the water used to wash the cantaloupes.

The congressional investigation report notes that Bio Food Safety, a subcontractor for Primus Labs, a third-party food safety auditor, which was hired by Jensen Farms, gave the facility a 96% rating, “despite finding several major and minor deficiencies”. Bio Food said the audits only deducted from the score if a method or technique was inconsistent with FDA regulations, but not if FDA guidance was not being followed - hence the rationale behind the high ratings.

What is apparent is that the Jensen Farms audit was a ‘checklist approach’ and not a process-based audit, which looks at the whole series of interacting processes that form a management system. In parallel, and from widely available reports, it appears that the auditor from the subcontracted firm to Primus had little or no food sector experience, which only added to the problem, raising even more questions about the 96% rating awarded to the site.

If you are starting to think “wait a minute, haven’t we been here before?”, you are not alone. Both of these seismic events have highlighted weaknesses in the US approach to food safety. These incidents demonstrate how much is still left to do in order to mitigate food supply chain risks; how important experienced, competent, qualified auditors are in the assessment and certification process and the importance of moving away from snapshot-in-time style audits towards a process-based management systems approach that looks at the systems and processes that organisations have in place.

What steps should the FDA, as the government organisation that can single-handedly influence the behaviour of organisations across the food supply chain, now take? A start could be the acceptance and even insistence on industry-developed, globally accepted standards and schemes. Following the Global Food Safety Initiative (GFSI) lead, FSSC 22000 and ISO 22000 could be a very good starting point. The FDA has hinted at an accreditor-type role (in other words, they would be the gatekeeper for auditing bodies, ensuring that only competent auditors with relevant sector-specific experience are performing audits). Further, this would hold certification bodies and registrars to a higher level of scrutiny and transparency than is currently the case. That, in turn, would help build confidence in the assessment process and in the resulting certificate.

Ensuring the effectiveness of the systems and processes that govern an organisation and making sure that risks are properly assessed and managed, that is the true value of independent assessment.

Read Part II and Part III to conclude this article.