The Role of Monitoring in a Food Defense Plan

Your entire facility FDP must be reanalyzed at least every three years (21 CFR 121.157(a)). The following circumstances also necessitate reanalysis, perhaps even sooner than three years:

1. A significant change to activities creates a reasonable potential for a new vulnerability or a significant increase in an existing vulnerability.
2. Your facility learns that there’s new information about potential vulnerabilities associated with the food operations within your facility.
3. An assigned mitigation strategy or FDP isn’t properly implemented and may allow a food defense gap to exist.
4. The FDA, or other industry facility, learns of the discovery of new vulnerabilities, credible threats to the food supply, and/or developments in scientific understanding (21 CFR 121.157(b)).

Document, Document, Document

Monitoring activities must be documented and are subject to food defense verification (21 CFR 121.140(c)). Your facility’s food defense monitoring procedures should answer the following four questions:

1. What specific APSes and their mitigation strategies will be monitored?
2. How will monitoring be conducted?
3. How often will monitoring be conducted?
4. Who will do the monitoring?

Regardless of how a mitigation strategy is monitored, monitoring activities must be documented (21 CFR 121.140(c)). The frequency of monitoring depends on the nature of the mitigation strategy and the facility’s food defense system. Your facility can determine the frequency of monitoring needed so long as the frequency is adequate to provide assurances that the mitigation strategies are consistently performed (21 CFR 121.140(b)).

A monitoring procedure occurring on periodic, but irregular, intervals can be beneficial for the facility in two ways:

1. It’s more difficult for an inside attacker to anticipate a monitoring failure, and
2. It requires less human and other resources than more frequent monitoring.

For mitigation strategies that are monitored concurrently with their implementation, the monitoring frequency would depend on the intended mitigation strategy frequency. For example, the use of tamper-evident seals on transport conveyances may be determined by the frequency and sampling of received deliveries. The monitoring procedure would be to check the original seals for integrity or indications of tampering and match seal or documentation numbers upon arrival of the load at the receiving dock, before off-loading materials from the transport vehicle.

How Should You Monitor?

In some cases, it may be necessary to develop a new procedure to adequately monitor a mitigation strategy. In many instances, facilities may elect to have an employee observe whether the mitigation strategy is operating as intended. However, the flexibility to monitor mitigation strategies in other ways, such as electronic monitoring of an access control device—for example, automated monitoring and alarming of electronic locks on a door or gate that prevents access to an APS. Effective monitoring procedures can involve human observation, machine (electronic) observation, or a combination of both.

Where mitigation strategies may lend themselves to constant monitoring, exception records to document monitoring may be appropriate. This can be done through an automated system that’s put in place to monitor whether the mitigation strategy is operating as intended. For example, a mitigation strategy may be to restrict access using a locking door that’s opened only by a specially coded access card. If the door is left ajar and does not self-close for any period beyond the time it takes to enter and re-secure the door, an automated monitoring system alarm indicates that the door isn’t secured. Whenever the system alarms, an automatically generated exception record documents the instance where and when the mitigation strategy wasn’t operating as intended.

In addition to technology-based mitigation strategies, there also may be personnel-based mitigation strategies that lend themselves to constant monitoring. Personnel-based mitigation strategies (e.g., a two-person rule) are monitoring methods that restrict unauthorized access to designated sensitive areas to help ensure the strategy is operating as intended.