Food Defense Audits

Although facilities follow food safety and quality measures, including Good Manufacturing Practices, to minimize hazards, safety can also be compromised by intentional and malicious tampering. While most food processors, packagers, and distributors don’t think of themselves as targets of terrorism, many are implementing food defense controls in their operations to combat food tampering. Food defense plans are increasingly required for food safety certification and vendor qualification, as well as by the Food Safety Modernization Act (FSMA).

Food defense, or food security, is the prevention of purposeful contamination by malicious and intentional tampering of food by people outside the system. Cases of food tampering may be rare, but the consequences—on public health, the economy, and consumer confidence—are high. Food defense is also one of the top five areas of non-compliances NSF International encounters in food safety audits. That’s why many companies are creating food defense plans and incorporating elements of food defense into their existing safety management system. A solid security plan can help companies achieve compliance in food safety audits as well as preserve their property from vandalism, control access to the grounds and buildings, keep track of visitors, and secure valuable and hazardous items.

Food companies at all levels of the supply chain can assess their level of food defense safety through a third-party food defense audit. A skilled auditor performs a comprehensive review of a facility’s food defense systems including its efficiency in managing several critical areas, such as documentation, traceability, crisis management, staff training, and building security. Third-party audits, like those of NSF International, evaluate the adequacy of documentation, compliance to documented procedures, the effectiveness of the procedures to control the process, and the ability to implement corrective and preventive action plans.

Food processors, packagers, and distributors pursue food defense audits for several reasons: to assess or improve their level of food defense safety, to demonstrate compliance with food safety regulations, or client-defined standards, and to gain certification to a food safety standard.

Certification vs. Consultative Audits

Audits can be required for certification or to do business with a client, and will include feedback on a company’s current food defense system. Audits not related to certification can be based on published standards that apply to any facility in a sector or on custom standards created by a particular client to address specific concerns like ethical sourcing, metal detection, and country of origin labeling.

Non-certification audits are consultative, where the auditor can comment on findings and suggest improvements, such as recommending a location for a card swipe entry. Consulting helps the food processor improve its food defense policy.

Certification audits are also based on standards, but can be carried out only by companies accredited to ISO/IEC Guide 65. The most well-known certification standards are those benchmarked through the internationally recognized Global Food Safety Initiative (GFSI), such as SQF, BRC, FSSC 22000 and IFS, all of which contain criteria for food defense. Many companies, including Walmart, Daymon, McDonald’s, Campbell’s, Kroger, and ConAgra Foods, require food suppliers to be certified to GFSI benchmarked standards. Many also require suppliers to demonstrate compliance with company-specific requirements.

Certification audits are not consultative; the auditor records observances but cannot provide advice. An independent third-party audit is critical to preserving the value of certification. If the audit finds any non-conformances, the supplier must provide evidence that it is taking corrective actions to resolve them and the certification body must approve these actions before certification can be issued.

Third-party certifiers may provide consulting, independent of a certification audit and with different staff, to address high-level issues like supply chain management, traceability, risk assessments, analysis of food safety failure, behavior-based compliance, and crisis/recall assistance.