THREAT MITIGATION FOR YOUR QMS
21/09/21
21/09/21
“Systems shall protect products, premises and brands from malicious actions while under the control of the site.”
The statement of intent at section 4.2 of the BRCGS Food Standard version 8 makes it very clear that food manufacturers have a duty to safeguard against malicious actions; but controlling against intentional malice is no small task. Traditionally, food safety concerns have focussed on unintentional hazards and the subject of malicious behaviour was largely untouched.
The requirement to carry out a documented threat assessment, covering both internal and external threats necessitates a different style of approach. Far from being modelled against process steps, the threat assessment has to evaluate risks across every function of the business, it’s suppliers and partners.
To explore the problem from a slightly different perspective, one might wonder what possibilities are available to food manufacturers to control against malicious threats. Once threats have been identified, how can management systems be adapted to control those risks? This article is intended to provide practical suggestions for the incorporation of threat mitigation throughout your QMS for auditable compliance.
Objective
Try to identify every instance of an employee carrying out any kind of activity that could be an opportunity to mitigate against food fraud and integrate instructions into your policies and procedures.
In no particular order, food businesses may consider the following suggestions for threat mitigation:
Challenge policy/stranger danger
Write a policy that states your company’s intention to challenge any individuals on site if they aren’t recognised. Incorporate this expectation into the induction training for all employees and detail the actions to be taken if they encounter anyone they don’t recognise.
Goods intake procedure
Incorporate inspection of vehicles, seals, and packaging integrity into your goods intake procedure and -if appropriate- include documented checks on your intake records. Make sure the procedure details actions to be taken in the event that evidence of tampering is discovered.
Storage and handling
Similar to intake controls, any raw materials, WIP, or products should be stored covered and ideally in such a way as to prevent tampering. Procedures should detail actions to be taken in the event that evidence of tampering is discovered.
Supplier approval and performance monitoring
Include instructions for carrying out a vulnerability assessment at raw material approval. Make sure to include regular review of developing risks and horizon scanning. As a matter of policy, preferentially source raw materials from suppliers with favourable risk profiles over higher-risk sources.
Analytical surveillance
As an outcome from your raw material risk assessment, any raw materials found to be at elevated risk should be subject to analytical testing for authenticity verification. This can be documented by way of your sampling schedule and testing procedures.
Security and movement of people procedure
Make it policy to lock all security entrances and exits at all times when not in use. Include this in your procedure for people traffic and retain training records.
IT and cyber security
In general, it’s a good idea to have dedicated training on recognition of suspicious emails and dangerous attachments. There are various ways electronic security can be compromised – ranging from malicious software through phishing scams.
Confidential reporting
Make it company policy that if any employee witnesses suspicious or malicious activity, they are expected to escalate using your confidential reporting system.
Dispatch and transport
Write a policy to determine whether tamper-evident tape (or similar control) is appropriate for packaged product and incorporate the outcome into manufacturing instructions and include inspection at dispatch. Make sure to include vehicle security in dispatch procedures.
Manufacturing and recipe control
Identify all recipes that could be subject to substitution of raw materials and produce work instructions detailing permissible substitutions. For example, free-range egg may be used in place of caged egg, but caged egg may not be used in place of free-range egg.
Visitor and contractor controls
Risk-assess site access for visitors and contractors (including drivers, pest control, consultants, etc) to identify the potential for these people to access food materials. Introduce policies requiring visitors to be accompanied while on site and train out your own workforce with procedures to be followed when visitors and contractors are present.
Culture and morale
Disgruntled employees are arguably the greatest threat to the integrity of your products. Almost by definition, for someone to commit a malicious action, there needs to have been some kind of motivation – and the best defence against disgruntled employees is to keep staff as happy and content as you can. Pay generously, offer opportunities for progression, and respond appropriately to employee feedback.
In summary
Malicious actions are inherently difficult to control against, compared to unintended food safety hazards. A piece of metal wont deliberately fight to circumvent a metal detector, but malicious actors will deliberately attempt to undermine your threat mitigation efforts.
Implementing the above controls will provide a structure for threat mitigation compatible with existing business processes, protecting your brands and facilitating compliance evidence.
The statement of intent at section 4.2 of the BRCGS Food Standard version 8 makes it very clear that food manufacturers have a duty to safeguard against malicious actions; but controlling against intentional malice is no small task. Traditionally, food safety concerns have focussed on unintentional hazards and the subject of malicious behaviour was largely untouched.
The requirement to carry out a documented threat assessment, covering both internal and external threats necessitates a different style of approach. Far from being modelled against process steps, the threat assessment has to evaluate risks across every function of the business, it’s suppliers and partners.
To explore the problem from a slightly different perspective, one might wonder what possibilities are available to food manufacturers to control against malicious threats. Once threats have been identified, how can management systems be adapted to control those risks? This article is intended to provide practical suggestions for the incorporation of threat mitigation throughout your QMS for auditable compliance.
Objective
Try to identify every instance of an employee carrying out any kind of activity that could be an opportunity to mitigate against food fraud and integrate instructions into your policies and procedures.
In no particular order, food businesses may consider the following suggestions for threat mitigation:
Challenge policy/stranger danger
Write a policy that states your company’s intention to challenge any individuals on site if they aren’t recognised. Incorporate this expectation into the induction training for all employees and detail the actions to be taken if they encounter anyone they don’t recognise.
Goods intake procedure
Incorporate inspection of vehicles, seals, and packaging integrity into your goods intake procedure and -if appropriate- include documented checks on your intake records. Make sure the procedure details actions to be taken in the event that evidence of tampering is discovered.
Storage and handling
Similar to intake controls, any raw materials, WIP, or products should be stored covered and ideally in such a way as to prevent tampering. Procedures should detail actions to be taken in the event that evidence of tampering is discovered.
Supplier approval and performance monitoring
Include instructions for carrying out a vulnerability assessment at raw material approval. Make sure to include regular review of developing risks and horizon scanning. As a matter of policy, preferentially source raw materials from suppliers with favourable risk profiles over higher-risk sources.
Analytical surveillance
As an outcome from your raw material risk assessment, any raw materials found to be at elevated risk should be subject to analytical testing for authenticity verification. This can be documented by way of your sampling schedule and testing procedures.
Security and movement of people procedure
Make it policy to lock all security entrances and exits at all times when not in use. Include this in your procedure for people traffic and retain training records.
IT and cyber security
In general, it’s a good idea to have dedicated training on recognition of suspicious emails and dangerous attachments. There are various ways electronic security can be compromised – ranging from malicious software through phishing scams.
Confidential reporting
Make it company policy that if any employee witnesses suspicious or malicious activity, they are expected to escalate using your confidential reporting system.
Dispatch and transport
Write a policy to determine whether tamper-evident tape (or similar control) is appropriate for packaged product and incorporate the outcome into manufacturing instructions and include inspection at dispatch. Make sure to include vehicle security in dispatch procedures.
Manufacturing and recipe control
Identify all recipes that could be subject to substitution of raw materials and produce work instructions detailing permissible substitutions. For example, free-range egg may be used in place of caged egg, but caged egg may not be used in place of free-range egg.
Visitor and contractor controls
Risk-assess site access for visitors and contractors (including drivers, pest control, consultants, etc) to identify the potential for these people to access food materials. Introduce policies requiring visitors to be accompanied while on site and train out your own workforce with procedures to be followed when visitors and contractors are present.
Culture and morale
Disgruntled employees are arguably the greatest threat to the integrity of your products. Almost by definition, for someone to commit a malicious action, there needs to have been some kind of motivation – and the best defence against disgruntled employees is to keep staff as happy and content as you can. Pay generously, offer opportunities for progression, and respond appropriately to employee feedback.
In summary
Malicious actions are inherently difficult to control against, compared to unintended food safety hazards. A piece of metal wont deliberately fight to circumvent a metal detector, but malicious actors will deliberately attempt to undermine your threat mitigation efforts.
Implementing the above controls will provide a structure for threat mitigation compatible with existing business processes, protecting your brands and facilitating compliance evidence.
