• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

Food

  • Print
  • Share
  • E-mail

Guidance for Industry: Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance

Contains Nonbinding Recommendations

March 2003; Revised October 2007

This document also available in Nederlandse (Dutch) , Deutsch (German), Français (French), لعربية  (Arabic PDF, 280KB), 한국ì�˜ ( Korean PDF, 267KB), 中国 (Simplified Chinese PDF, 271KB)中國 (Traditional - Chinese PDF, 244KB), ไทย ( Thai PDF, 300KB)
 

Additional copies are available from:
Office of Food Defense, Communication and Emergency Response
Food Defense Oversight Team HFS-007
Center for Food Safety and Applied Nutrition
Food and Drug Administration
5100 Paint Branch Parkway
College Park, MD 20740
(Tel) 301-436-1622 (Updated phone: 240-402-1622)
http://www.cfsan.fda.gov/guidance.html

U.S. Department of Health and Human Services
Food and Drug Administration
Center for Food Safety and Applied Nutrition
[March 2003; Updated October 2007]


Contains Nonbinding Recommendations

Table of Contents

  1. INTRODUCTION
  2. BACKGROUND
  3. DISCUSSION
    1. Related Guidance
    2. Additional Resources
  4. RECOMMENDED ACTIONS
    1. Management
      1. Preparing for the possibility of tampering or other malicious, criminal, or terrorist actions.
      2. Supervision
      3. Recall Strategy
      4. Investigation of Suspicious Activity
      5. Evaluation Program
    2. Human Element - Staff
      1. Screening (pre-hiring, at hiring, post-hiring)
      2. Daily Work Assignments
      3. Identification
      4. Restricted Access
      5. Personal Items
      6. Training in Food Security Procedures
      7. Unusual Behavior
      8. Staff Health
    3. Human Element - Public
      1. Visitors (for example, contractors, supplier representatives, delivery drivers, customers, couriers, pest control representatives, third party auditors, regulators, reporters, tours)
    4. Facility
      1. Physical Security
      2. Laboratory Safety
      3. Storage and Use of Poisonous and Toxic Chemicals (for example cleaning and sanitizing agents, pesticides)
    5. Operations
      1. Incoming Materials and Contract Operations
      2. Storage
      3. Security of Water and Utilities
      4. Finished Products
      5. Mail Packages
      6. Access to Computer Systems
  5. Appendix: Food Defense Self Assessment Tool for Food Producers, Processors, and Transporters
    Please note that the Food Defense Self Assessment Tool is derived from the above referenced guidance and we have deleted examples and references to other agencies and their regulations. We encourage users to become familiar with the guidance document before using this tool.

Contains Nonbinding Recommendations

Guidance for Industry(1)
Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance

This guidance represents the Food and Drug Administration's (FDA's) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. You can use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations. If you want to discuss an alternative approach, contact the FDA staff responsible for implementing this guidance. If you cannot identify the appropriate FDA staff, call the appropriate telephone number listed on the title page of this guidance.

 I. INTRODUCTION

This guidance is designed as an aid to operators of food establishments (firms that produce, process, store, repack, relabel, distribute, or transport food or food ingredients). This is a very diverse set of establishments, which includes both very large and very small entities.

This guidance identifies the kinds of preventive measures operators of food establishments may take to minimize the risk that food under their control will be subject to tampering or other malicious, criminal, or terrorist actions. It is relevant to all sectors of the food system, including farms, aquaculture facilities, fishing vessels, producers, transportation operations, processing facilities, packing facilities, and warehouses. It is not intended as guidance for retail food stores or food service establishments.

FDA's guidance documents, including this guidance, do not establish legally enforceable responsibilities. Instead, guidances describe the Agency's current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required.

 II. BACKGROUND

Operators of food establishments are encouraged to review their current procedures and controls in light of the potential for tampering or other malicious, criminal, or terrorist actions and make appropriate improvements. FDA recommends that the review include consideration of the role that unit and distribution packaging might have in a food security program. This guidance is designed to focus operator's attention sequentially on each segment of the farm-to-table system that is within their control, to minimize the risk of tampering or other malicious, criminal, or terrorist action at each segment. To be successful, implementing enhanced preventive measures requires the commitment of management and staff. Accordingly, FDA recommends that both management and staff participate in the development and review of such measures.

Not all of the guidance contained in this document may be appropriate or practical for every food establishment, particularly smaller facilities and distributors. FDA recommends that operators review the guidance in each section that relates to a component of their operation, and assess which preventive measures are suitable. Example approaches are provided for many of the preventive measures listed in this document. These examples should not be regarded as minimum standards. Nor should the examples provided be considered an inclusive list of all potential approaches to achieving the goal of the preventive measure. FDA recommends that operators consider the goal of the preventive measure, assess whether the goal is relevant to their operation, and, if it is, design an approach that is both efficient and effective to accomplish the goal under their conditions of operation.

 III. DISCUSSION

This guidance is divided into five sections that relate to individual components of a food establishment operation: management; human element - staff; human element - public; facility; and operations.

 A. Related Guidance

FDA has published a companion guidance document on food security entitled, "Importers and filers: Food security preventive measures guidance" to cover the farm-to-table spectrum of food production. This document is available at: http://www.access.gpo.gov/su_docs/aces/aces140.html.

 B. Additional Resources (2)

A process called Operational Risk Management (ORM) may help prioritize the preventive measures that are most likely to have the greatest impact on reducing the risk of tampering or other malicious, criminal, or terrorist actions against food. Information on ORM is available in the Federal Aviation Administration (FAA) System Safety Handbook, U.S. Department of Transportation, FAA, December 30, 2000, Chapter 15, Operational Risk Management. The handbook is available at: http://www.asy.faa.gov/Risk/SSHandbook/Chap15_1200.PDF.

The U.S. Department of Transportation, Research and Special Programs Administration has published an advisory notice of voluntary measures to enhance the security of hazardous materials shipments. It is available at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2002_register&docid=02-3636-filed.pdf. The notice provides guidance to shippers and carriers on personnel, facility and en route security issues.

The U.S. Postal Service has prepared guidance for identifying and handling suspicious mail. It is available at: http://www.usps.com/news/2001/press/mailsecurity/postcard.htm.

The Federal Anti-Tampering Act (18 USC 1365) makes it a federal crime to tamper with or taint a consumer product, or to attempt, threaten or conspire to tamper with or taint a consumer product, or make a false statement about having tampered with or tainted a consumer product. Conviction can lead to penalties of up to $100,000 in fines and up to life imprisonment. The Act is available at: http://www.fda.gov/opacom/laws/fedatact.htm.

The National Infrastructure Protection Center (NIPC) serves as the federal government's focal point for threat assessment, warning, investigation, and response for threats or attacks against U.S. critical infrastructure. The NIPC has identified the food system as one of the eight critical infrastructures, and has established a public-private partnership with the food industry, called the Food Industry Information and Analysis Center (Food Industry ISAC). The NIPC provides the Food Industry ISAC with access, information and analysis, enabling the food industry to report, identify, and reduce its vulnerabilities to malicious attacks, and to recover from such attacks as quickly as possible. In particular, the NIPC identifies credible threats and crafts specific warning messages to the food industry. Further information is available at http://www.nipc.gov and http://www.foodisac.org/.

Finally, some trade associations have developed food security guidance that is appropriately focused for that specific industry. For example, the International Dairy Food Association has developed a food security guidance document as an aid to the dairy industry.

FDA encourages other trade associations to evaluate the preventive measures contained in this FDA guidance document and adapt them to their specific products and operations and to supplement this guidance with additional preventive measures when appropriate. FDA welcomes dialogue on the content of sector specific guidance with appropriate trade associations.

IV.  Recommended Actions

A.  Management

1. Preparing for the possibility of tampering or other malicious, criminal, or terrorist actions.

  • assigning responsibility for security to knowledgeable individual(s)
  • conducting an initial assessment of food security procedures and operations, which we recommend be kept confidential
  • having a security management strategy to prepare for and respond to tampering and other malicious, criminal, or terrorist actions, both threats and actual events, including identifying, segregating and securing affected product
  • planning for emergency evacuation, including preventing security breaches during evacuation
  • maintaining any floor or flow plan in a secure, off-site location
  • becoming familiar with the emergency response system in the community
  • making management aware of 24-hour contact information for local, state, and federal police/fire/rescue/health/homeland security agencies
  • making staff aware of whom in management they should alert about potential security problems (24-hour contacts)
  • promoting food security awareness to encourage all staff to be alert to any signs of tampering or other malicious, criminal, or terrorist actions or areas that may be vulnerable to such actions, and reporting any findings to identified management (for example, providing training, instituting a system of rewards, building security into job performance standards)
  • having an internal communication system to inform and update staff about relevant security issues
  • having a strategy for communicating with the public (for example, identifying a media spokesperson, preparing generic press statements and background information, and coordinating press statements with appropriate authorities)

2. Supervision

  • providing an appropriate level of supervision to all staff, including cleaning and maintenance staff, contract workers, data entry and computer support staff, and especially, new staff
  • conducting routine security checks of the premises, including automated manufacturing lines, utilities and critical computer data systems (at a frequency appropriate to the operation) for signs of tampering or malicious, criminal, or terrorist actions or areas that may be vulnerable to such actions

3. Recall Strategy

  • identifying the person responsible, and a backup person.
  • providing for proper handling and disposition of recalled product
  • identifying customer contacts, addresses and phone numbers

4. Investigation of Suspicious Activity

  • investigating threats or information about signs of tampering or other malicious, criminal, or terrorist actions
  • alerting appropriate law enforcement and public health authorities about any threats of or suspected tampering or other malicious, criminal, or terrorist actions

5. Evaluation Program

  • evaluating the lessons learned from past tampering or other malicious, criminal, or terrorist actions and threats
  • reviewing and verifying, at least annually, the effectiveness of the security management program (for example, using knowledgeable in-house or third party staff to conduct tampering or other malicious, criminal, or terrorist action exercises and mock recalls and to challenge computer security systems), revising the program accordingly, and keeping this information confidential
  • performing random food security inspections of all appropriate areas of the facility (including receiving and warehousing, where applicable) using knowledgeable in-house or third party staff, and keeping this information confidential
  • verifying that security contractors are doing an appropriate job, when applicable

 B. Human Element - Staff

Under Federal law, food establishment operators are required to verify the employment eligibility of all new hires, in accordance with the requirements of the Immigration and Nationality Act, by completing the INS Employment Eligibility Verification Form (INS Form I-9). Completion of Form I-9 for new hires is required by 8 USC 1324a and nondiscrimination provisions governing the verification process are set forth at 8 USC 1324b.

1. Screening (pre-hiring, at hiring, post-hiring)

  • examining the background of all staff (including seasonal, temporary, contract, and volunteer staff, whether hired directly or through a recruitment firm) as appropriate to their position, considering candidates' access to sensitive areas of the facility and the degree to which they will be supervised and other relevant factors (for example, obtaining and verifying work references, addresses, and phone numbers, participating in one of the pilot programs managed by the Immigration and Naturalization Service and the Social Security Administration [These programs provide electronic confirmation of employment eligibility for newly hired employees. For more information call the INS SAVE Program toll free at 1-888-464-4218, fax a request for information to (202) 514-9981, or write to US/INS, SAVE Program, 425 I Street, NW, ULLICO-4th Floor, Washington, DC 20536. These pilot programs may not be available in all states], having a criminal background check performed by local law enforcement or by a contract service provider [Remember to first consult any state or local laws that may apply to the performance of such checks])

Note: screening procedures should be applied equally to all staff, regardless of race, national origin, religion, and citizenship or immigration status.

2. Daily Work Assignments

  • knowing who is and who should be on premises, and where they should be located, for each shift
  • keeping information updated

3. Identification

  • establishing a system of positive identification and recognition that is appropriate to the nature of the workforce (for example, issuing uniforms, name tags, or photo identification badges with individual control numbers, color coded by area of authorized access), when appropriate
  • collecting the uniforms, name tag, or identification badge when a staff member is no longer associated with the establishment

4. Restricted Access

  • identifying staff that require unlimited access to all areas of the facility
  • reassessing levels of access for all staff periodically
  • limiting access so staff enter only those areas necessary for their job functions and only during appropriate work hours (for example, using key cards or keyed or cipher locks for entry to sensitive areas, color coded uniforms [remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes])
  • changing combinations, rekeying locks and/or collecting the retired key card when a staff member who is in possession of these is no longer associated with the establishment, and additionally as needed to maintain security

5. Personal Items

  • restricting the type of personal items allowed in establishment
  • allowing in the establishment only those personal use medicines that are necessary for the health of staff and ensuring that these personal use medicines are properly labeled and stored away from food handling or storage areas
  • preventing staff from bringing personal items (for example, lunch containers, purses) into food handling or storage areas
  • providing for regular inspection of contents of staff lockers (for example, providing metal mesh lockers, company issued locks), bags, packages, and vehicles when on company property (Remember to first consult any federal, state, or local laws that may relate to such inspections)

6. Training in Food Security Procedures

  • incorporating food security awareness, including information on how to prevent, detect, and respond to tampering or other malicious, criminal, or terrorist actions or threats, into training programs for staff, including seasonal, temporary, contract, and volunteer staff
  • providing periodic reminders of the importance of security procedures (for example, scheduling meetings, providing brochures or payroll stuffers)
  • encouraging staff support (for example, involving staff in food security planning and the food security awareness program, demonstrating the importance of security procedures to the staff)

7. Unusual Behavior

  • watching for unusual or suspicious behavior by staff (for example, staff who, without an identifiable purpose, stay unusually late after the end of their shift, arrive unusually early, access files/information/areas of the facility outside of the areas of their responsibility; remove documents from the facility; ask questions on sensitive subjects; bring cameras to work)

8. Staff Health

  • being alert for atypical staff health conditions that staff may voluntarily report and absences that could be an early indicator of tampering or other malicious, criminal, or terrorist actions (for example, an unusual number of staff who work in the same part of the facility reporting similar symptoms within a short time frame), and reporting such conditions to local health authorities

 C. Human Element - Public

1. Visitors (for example, contractors, supplier representatives, delivery drivers, customers, couriers, pest control representatives, third-party auditors, regulators, reporters, tours)

  • inspecting incoming and outgoing vehicles, packages and briefcases for suspicious, inappropriate or unusual items or activity, to the extent practical
  • restricting entry to the establishment (for example, checking visitors in and out at security or reception, requiring proof of identity, issuing visitors badges that are collected upon departure, accompanying visitors)
  • ensuring that there is a valid reason for the visit before providing access to the facility - beware of unsolicited visitors
  • verifying the identity of unknown visitors
  • restricting access to food handling and storage areas (for example, accompanying visitors, unless they are otherwise specifically authorized)
  • restricting access to locker room

 D. Facility

1. Physical Security

  • protecting perimeter access with fencing or other deterrent, when appropriate
  • securing doors (including freight loading doors, when not in use and not being monitored, and emergency exits), windows, roof openings/hatches, vent openings, ventilation systems, utility rooms, ice manufacturing and storage rooms, loft areas, trailer bodies, tanker trucks, railcars, and bulk storage tanks for liquids, solids, and compressed gases, to the extent possible (for example, using locks, "jimmy plates," seals, alarms, intrusion detection sensors, guards, monitored video surveillance [remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes])
  • using metal or metal-clad exterior doors to the extent possible when the facility is not in operation, except where visibility from public thoroughfares is an intended deterrent (remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes)
  • minimizing the number of entrances to restricted areas (remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes)
  • securing bulk unloading equipment (for example, augers, pipes, conveyor belts, and hoses) when not in use and inspecting the equipment before use
  • accounting for all keys to establishment (for example, assigning responsibility for issuing, tracking, and retrieving keys)
  • monitoring the security of the premises using appropriate methods (for example, using security patrols [uniformed and/or plain-clothed], video surveillance)
  • minimizing, to the extent practical, places that can be used to temporarily hide intentional contaminants (for example, minimizing nooks and crannies, false ceilings)
  • providing adequate interior and exterior lighting, including emergency lighting, where appropriate, to facilitate detection of suspicious or unusual activities
  • implementing a system of controlling vehicles authorized to park on the premises (for example, using placards, decals, key cards, keyed or cipher locks, issuing passes for specific areas and times to visitors' vehicles)
  • keeping parking areas separated from entrances to food storage and processing areas and utilities, where practical

2. Laboratory Safety

  • restricting access to the laboratory (for example, using key cards or keyed or cipher locks [remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes])
  • restricting laboratory materials to the laboratory, except as needed for sampling or other appropriate activities
  • restricting access (for example, using locks, seals, alarms, key cards, keyed or cipher locks) to sensitive materials (for example, reagents and bacterial, drug, and toxin positive controls)
  • assigning responsibility for integrity of positive controls to a qualified individual
  • knowing what reagents and positive controls should be on the premises and keeping track of them
  • investigating missing reagents or positive controls or other irregularities outside a normal range of variability immediately, and alerting appropriate law enforcement and public health authorities about unresolved problems, when appropriate
  • disposing of unneeded reagents and positive controls in a manner that minimizes the risk that they can be used as a contaminant

3. Storage and Use of Poisonous and Toxic Chemicals (for example, cleaning and sanitizing agents, pesticides)

  • limiting poisonous and toxic chemicals in the establishment to those that are required for the operation and maintenance of the facility and those that are being held for sale
  • storing poisonous and toxic chemicals as far away from food handling and storage areas as practical
  • limiting access to and securing storage areas for poisonous and toxic chemicals that are not being held for sale (for example, using keyed or cipher locks, key cards, seals, alarms, intrusion detection sensors, guards, monitored video surveillance [remember to consult any relevant federal, state or local fire codes that may apply before making any changes])
  • ensuring that poisonous and toxic chemicals are properly labeled
  • using pesticides in accordance with the Federal Insecticide, Fungicide, and Rodenticide Act (for example, maintaining rodent bait that is in use in covered, tamper-resistant bait stations)
  • knowing what poisonous and toxic chemicals should be on the premises and keeping track of them
  • investigating missing stock or other irregularities outside a normal range of variation and alerting appropriate law enforcement and public health authorities about unresolved problems, when appropriate

 E. Operations

1. Incoming Materials and Contract Operations

  • using only known, appropriately licensed or permitted (where applicable) contract manufacturing and packaging operators and sources for all incoming materials, including ingredients, compressed gas, packaging, labels, and materials for research and development
  • taking reasonable steps to ensure that suppliers, contract operators and transporters practice appropriate food security measures (for example, auditing, where practical, for compliance with food security measures that are contained in purchase and shipping contracts or letters of credit, or using a vendor approval program)
  • authenticating labeling and packaging configuration and product coding/expiration dating systems (where applicable) for incoming materials in advance of receipt of shipment, especially for new products
  • requesting locked and/or sealed vehicles/containers/railcars, and, if sealed, obtaining the seal number from the supplier and verifying upon receipt, making arrangements to maintain the chain of custody when a seal is broken for inspection by a governmental agency or as a result of multiple deliveries
  • requesting that the transporter have the capability to verify the location of the load at any time, when practical
  • establishing delivery schedules, not accepting unexplained, unscheduled deliveries or drivers, and investigating delayed or missed shipments
  • supervising off-loading of incoming materials, including off hour deliveries
  • reconciling the product and amount received with the product and amount ordered and the product and amount listed on the invoice and shipping documents, taking into account any sampling performed prior to receipt
  • investigating shipping documents with suspicious alterations
  • inspecting incoming materials, including ingredients, compressed gas, packaging, labels, product returns, and materials for research and development, for signs of tampering, contamination or damage (for example, abnormal powders, liquids, stains, or odors, evidence of resealing, compromised tamper-evident packaging) or "counterfeiting" (for example, inappropriate or mismatched product identity, labeling, product lot coding or specifications, absence of tamper-evident packaging when the label contains a tamper-evident notice), when appropriate
  • evaluating the utility of testing incoming ingredients, compressed gas, packaging, labels, product returns, and materials for research and development for detecting tampering or other malicious, criminal, or terrorist action
  • rejecting suspect food
  • alerting appropriate law enforcement and public health authorities about evidence of tampering, "counterfeiting" or other malicious, criminal, or terrorist action

2. Storage

  • having a system for receiving, storing, and handling distressed, damaged, returned, and rework products that minimizes their potential for being compromised or to compromise the security of other products (for example, destroying products that are unfit for human or animal consumption, products with illegible codes, products of questionable origin, and products returned by consumers to retail stores)
  • keeping track of incoming materials and materials in use, including ingredients, compressed gas, packaging, labels, salvage products, rework products, and product returns
  • investigating missing or extra stock or other irregularities outside a normal range of variability and reporting unresolved problems to appropriate law enforcement and public health authorities, when appropriate
  • storing product labels in a secure location and destroying outdated or discarded product labels
  • minimizing reuse of containers, shipping packages, cartons, etc., where practical

3. Security of Water and Utilities

  • limiting, to the extent practical, access to controls for airflow, water, electricity, and refrigeration
  • securing non-municipal water wells, hydrants, storage, and handling facilities
  • ensuring that water systems and trucks are equipped with backflow prevention
  • chlorinating water systems and monitoring chlorination equipment, where practical, and especially for non-municipal water systems
  • testing non-municipal sources for potability regularly, as well as randomly, and being alert to changes in the profile of the results
  • staying attentive to the potential for media alerts about public water provider problems, when applicable
  • identifying alternate sources of potable water for use during emergency situations where normal water systems have been compromised (for example, trucking from an approved source, treating on-site or maintaining on-site storage)

4. Finished Products

  • ensuring that public storage warehousing and shipping operations (vehicles and vessels) practice appropriate security measures (for example, auditing, where practical, for compliance with food security measures that are contained in contracts or letters of guarantee)
  • performing random inspection of storage facilities, vehicles, and vessels
  • evaluating the utility of finished product testing for detecting tampering or other malicious, criminal, or terrorist actions
  • requesting locked and/or sealed vehicles/containers/railcars and providing the seal number to the consignee
  • requesting that the transporter have the capability to verify the location of the load at any time
  • establishing scheduled pickups, and not accepting unexplained, unscheduled pickups
  • keeping track of finished products
  • investigating missing or extra stock or other irregularities outside a normal range of variation and alerting appropriate law enforcement and public health authorities about unresolved problems, when appropriate
  • advising sales staff to be on the lookout for counterfeit products and to alert management if any problems are detected

5. Mail Packages

  • implementing procedures to ensure the security of incoming mail and packages (for example, locating the mailroom away from food processing and storage areas, securing mailroom, visual or x-ray mail/package screening, following U.S. Postal Service guidance)

6. Access to Computer Systems

  • restricting access to computer process control systems and critical data systems to those with appropriate clearance (for example, using passwords, firewalls)
  • eliminating computer access when a staff member is no longer associated with the establishment
  • establishing a system of traceability of computer transactions
  • reviewing the adequacy of virus protection systems and procedures for backing up critical computer based data systems
  • validating the computer security system

Emergency Point of Contact:

U.S. Food and Drug Administration
5600 Fishers Lane
Rockville, MD 20857
301-443-1240 (Updated contact number: 1-866-300-4374 or 301-796-8240)

If a food establishment operator suspects that any of his/her products that are regulated by the FDA have been subject to tampering, "counterfeiting," or other malicious, criminal, or terrorist action, FDA recommends that he/she notify the FDA 24-hour emergency number at 301-443-1240 (Updated contact number: 1-866-300-4374 or 301-796-8240) or call their local FDA District Office. FDA District Office telephone numbers are listed at: http://www.fda.gov/ora/inspect_ref/iom/iomoradir.html†. FDA recommends that the operator also notify appropriate law enforcement and public health authorities.

 

 V. Appendix: Food Defense Self Assessment Tool for Food Producers, Processors, and Transporters

(Fillable print version is available in PDF, 824 KB)

Please note that the Food Defense Self Assessment Tool is derived from the above referenced guidance and we have deleted examples and references to other agencies and their regulations. We encourage users to become familiar with the guidance document before using this tool.

Mark each item either Y (Yes), N (No), N/A (Not Applicable), or Don't Know.

Food Establishment Operations:

Management

  • Yes No N/A Don't Know Prepare for the possibility of tampering or other malicious, criminal, or terrorist actions
  • Yes No N/A Don't Know Assign responsibility for security to knowledgeable individual(s)
  • Yes No N/A Don't Know Conduct an initial assessment of food security procedures and operations
  • Yes No N/A Don't Know Have a security management strategy to prepare for and respond to tampering and other malicious, criminal, or terrorist actions, both threats and actual events, including identifying, segregating and securing affected product
  • Yes No N/A Don't Know Plan for emergency evacuation, including preventing security breaches during evacuation
  • Yes No N/A Don't Know Maintain any floor or flow plan in a secure, off-site location
  • Yes No N/A Don't Know Become familiar with the emergency response system in the community
  • Yes No N/A Don't Know Make management aware of 24-hour contact information for local, state, and federal police/fire/rescue/health/homeland security agencies
  • Yes No N/A Don't Know Make staff aware of who in management they should alert about potential security problems (24-hour contacts)
  • Yes No N/A Don't Know Promote food security awareness to encourage all staff to be alert to any signs of tampering or other malicious, criminal, or terrorist actions or areas that may be vulnerable to such actions, and reporting any findings to identified management
  • Yes No N/A Don't Know Have an internal communication system to inform and update staff about relevant security issues
  • Yes No N/A Don't Know Have a strategy for communicating with the public

Supervision

  • Yes No N/A Don't Know Provide an appropriate level of supervision to all staff, including cleaning and maintenance staff, contract workers, data entry and computer support staff, and especially new staff.
  • Yes No N/A Don't Know Conduct routine security checks of the premises, including automated manufacturing lines, utilities and critical computer data systems (at a frequency appropriate to the operation) for signs of tampering or malicious, criminal, or terrorist actions or areas the may be vulnerable to such actions.

Recall strategy

  • Yes No N/A Don't Know Identify the person responsible, and a backup person
  • Yes No N/A Don't Know Provide for proper handling & disposition of product
  • Yes No N/A Don't Know Identify customer contacts, addresses and phone numbers

Investigation of suspicious activity

  • Yes No N/A Don't Know Investigate threats or information about signs of tampering or other malicious, criminal, or terrorist actions
  • Yes No N/A Don't Know Alert appropriate law enforcement and public health authorities about any threats of or suspected tampering or other malicious, criminal, or terrorist actions

Evaluation program

  • Yes No N/A Don't Know Evaluate the lessons learned from past tampering or other malicious, criminal, or terrorist actions and threats
  • Yes No N/A Don't Know Review and verify, at least annually, the effectiveness of the security management program, revise the program accordingly
  • Yes No N/A Don't Know Perform random food security inspections of all appropriate areas of the facility (including receiving and warehousing, where applicable) using knowledgeable in-house or third party staff
  • Yes No N/A Don't Know Verify that security contractors are doing an appropriate job, when applicable

Human element - staff

Screening (pre-hiring, at hiring, post hiring)

  • Yes No N/A Don't Know Examine the background of all staff as appropriate to their position, considering candidates' access to sensitive areas of the facility and the degree to which they will be supervised.

Daily work assignments

  • Yes No N/A Don't Know Know who is and who should be on premises, and where they should be located, for each shift
  • Yes No N/A Don't Know Keep information updated

Identification

  • Yes No N/A Don't Know Establish a system of positive identification and recognition that is appropriate to the nature of the workforce, when appropriate
  • Yes No N/A Don't Know Collect the uniforms, name tag, or identification badge when a staff member is no longer associated with the establishment

Restricted access

  • Yes No N/A Don't Know Identify staff that require unlimited access to all areas of the facility
  • Yes No N/A Don't Know Reassess levels of access for all staff periodically
  • Yes No N/A Don't Know Limit access so staff enter only those areas necessary for their job functions and only during appropriate work hours
  • Yes No N/A Don't Know Change combinations, rekey locks and/or collect the retired key card when a staff member who is in possession of these is no longer associated with the establishment, and additionally as needed to maintain security

Personal items

  • Yes No N/A Don't Know Restrict the type of personal items allowed in establishment
  • Yes No N/A Don't Know Allow in the establishment only those personal use medicines that are necessary for the health of staff and ensure that these personal use medicines are properly labeled and stored away from food handling or storage areas
  • Yes No N/A Don't Know Prevent staff from bringing personal items into food handling or storage areas
  • Yes No N/A Don't Know Provide for regular inspection of contents of staff lockers, bags, packages, and vehicles when on company property

Training in food security procedures

  • Yes No N/A Don't Know Incorporate food security awareness, including information on how to prevent, detect, and respond to tampering or other malicious, criminal, or terrorist actions or threats, into training programs for staff, including seasonal, temporary, contract, and volunteer staff
  • Yes No N/A Don't Know Provide periodic reminders of the importance of security procedures
  • Yes No N/A Don't Know Encourage staff participation in security procedures

Unusual behavior

  • Yes No N/A Don't Know Watch for unusual or suspicious behavior by staff

Staff health

  • Yes No N/A Don't Know Be alert for atypical staff health conditions that staff may voluntarily report and absences that could be an early indicator of tampering or other malicious, criminal, or terrorist actions, and reporting such conditions to local health authorities

Human element -- public

Visitors (Non-Employees)

  • Yes No N/A Don't Know Inspect incoming and outgoing vehicles, packages and briefcases for suspicious, inappropriate or unusual items or activity, to the extent practical
  • Yes No N/A Don't Know Restrict entry to the establishment
  • Yes No N/A Don't Know Ensure that there is a valid reason for the visit before providing access to the facility - beware of unsolicited visitors
  • Yes No N/A Don't Know Verify the identity of unknown visitors
  • Yes No N/A Don't Know Restrict access to food handling and storage areas
  • Yes No N/A Don't Know Restrict access to locker room

Facility

Physical security

  • Yes No N/A Don't Know Protect perimeter access with fencing or other deterrent, when appropriate
  • Yes No N/A Don't Know Secure all doors, windows, roof openings/hatches, vent openings, ventilation systems, utility rooms, ice manufacturing and storage rooms, loft areas, trailer bodies, tanker trucks, railcars, and bulk storage tanks for liquids, solids, and compressed gases, to the extent
  • Yes No N/A Don't Know Use metal or metal-clad exterior doors to the extent possible when the facility is not in operation, except where visibility from public thoroughfares is an intended deterrent
  • Yes No N/A Don't Know Minimize the number of entrances to restricted areas
  • Yes No N/A Don't Know Secure bulk unloading equipment when not in use and inspect the equipment before use
  • Yes No N/A Don't Know Account for all keys to establishment
  • Yes No N/A Don't Know Monitor the security of the premises using appropriate methods
  • Yes No N/A Don't Know Minimize, to the extent practical, places that can be used to temporarily hide intentional contaminants
  • Yes No N/A Don't Know Provide adequate interior and exterior lighting, include emergency lighting, where appropriate, to facilitate detection of suspicious or unusual activities
  • Yes No N/A Don't Know Implement a system of control vehicles authorized to park on the premises
  • Yes No N/A Don't Know Keep parking areas separated from entrances to food storage and process areas and utilities, where practical

Storage and use of poisonous and toxic chemicals (for example, cleaning and sanitizing agents, pesticides)

  • Yes No N/A Don't Know Limit poisonous and toxic chemicals in the establishment to those that are required for the operation and maintenance of the facility and those that are being held for sale
  • Yes No N/A Don't Know Store poisonous and toxic chemicals as far away from food handling and storage areas as practical
  • Yes No N/A Don't Know Limit access to and secure storage areas for poisonous and toxic chemicals that are not being held for sale
  • Yes No N/A Don't Know Ensure that poisonous and toxic chemicals are properly labeled
  • Yes No N/A Don't Know Use pesticides in accordance with the Federal Insecticide, Fungicide, and Rodenticide Act
  • Yes No N/A Don't Know Know what poisonous and toxic chemicals should be on the premises and keeping track of them
  • Yes No N/A Don't Know Investigate missing stock or other irregularities outside a normal range of variation and alert appropriate law enforcement and public health authorities about unresolved problems, when appropriate

Operations

Incoming materials and contract operations:

  • Yes No N/A Don't Know Use only known, appropriately licensed or permitted (where applicable) contract manufacturing and packaging operators and sources for all incoming materials, including ingredients, compressed gas, packaging, labels, and materials for research and development
  • Yes No N/A Don't Know Take reasonable steps to ensure that suppliers, contract operators and transporters practice appropriate food security measures
  • Yes No N/A Don't Know Authenticate labeling and packaging configuration and product coding/expiration dating systems (where applicable) for incoming materials in advance of receipt of shipment, especially for new products
  • Yes No N/A Don't Know Request locked and/or sealed vehicles/containers/railcars, and, if sealed, obtain the seal number from the supplier and verify upon receipt, making arrangements to maintain the chain of custody when a seal is broken for inspection by a governmental agency or as a result of multiple deliveries
  • Yes No N/A Don't Know Request that the transporter have the capability to verify the location of the load at any time, when practical
  • Yes No N/A Don't Know Establish delivery schedules, not accepting unexplained, unscheduled deliveries or drivers, and investigate delayed or missed shipments
  • Yes No N/A Don't Know Supervise off-loading of incoming materials, including off hour deliveries
  • Yes No N/A Don't Know Reconcile the product and amount received with the product and amount ordered and the product and amount listed on the invoice and shipping documents, taking into account any sampling performed prior to receipt
  • Yes No N/A Don't Know Investigate shipping documents with suspicious alterations
  • Yes No N/A Don't Know Inspect incoming materials, including ingredients, compressed gas, packaging, labels, product returns, and materials for research and development, for signs of tampering, contamination or damage or "counterfeiting", when appropriate
  • Yes No N/A Don't Know Evaluate the utility of testing incoming ingredients, compressed gas, packaging, labels, product returns, and materials for research and development for detecting tampering or other malicious, criminal, or terrorist action
  • Yes No N/A Don't Know Reject suspect food
  • Yes No N/A Don't Know Alert appropriate law enforcement and public health authorities about evidence of tampering, "counterfeiting" or other malicious, criminal, or terrorist action

Storage

  • Yes No N/A Don't Know Have a system for receiving, storing, and handling distressed, damaged, returned, and rework products that minimizes their potential for being compromised or to compromise the security of other products
  • Yes No N/A Don't Know Keep track of incoming materials and materials in use, including ingredients, compressed gas, packaging, labels, salvage products, rework products, and product returns
  • Yes No N/A Don't Know Investigate missing or extra stock or other irregularities outside a normal range of variability and report unresolved problems to appropriate law enforcement and public health authorities, when appropriate
  • Yes No N/A Don't Know Store product labels in a secure location and destroy outdated or discarded product labels
  • Yes No N/A Don't Know Minimize reuse of containers, shipping packages, cartons, etc., where practical

Finished products

  • Yes No N/A Don't Know Ensure that public storage warehouse and shipping operations (vehicles and vessels) practice appropriate security measures
  • Yes No N/A Don't Know Perform random inspection of storage facilities, vehicles, and vessels
  • Yes No N/A Don't Know Evaluate the utility of finished product testing for detecting tampering or other malicious, criminal, or terrorist actions
  • Yes No N/A Don't Know Request locked and/or sealed vehicles/containers/railcars and provide the seal number to the consignee
  • Yes No N/A Don't Know Request that the transporter have the capability to verify the location of the load at any time
  • Yes No N/A Don't Know Establish scheduled pickups, and not accepting unexplained, unscheduled pickups
  • Yes No N/A Don't Know Keep track of finished products
  • Yes No N/A Don't Know Investigate missing or extra stock or other irregularities outside a normal range of variation and alerting appropriate law enforcement and public health authorities about unresolved problems, when appropriate
  • Yes No N/A Don't Know Advise sales staff to be on the lookout for counterfeit products and to alert management if any problems are detected

Access to computer systems

  • Yes No N/A Don't Know Restrict access to computer process control systems and critical data systems to those with appropriate clearance
  • Yes No N/A Don't Know Eliminate computer access when a staff member is no longer associated with the establishment
  • Yes No N/A Don't Know Establish a system of traceability of computer transactions
  • Yes No N/A Don't Know Review the adequacy of virus protection systems and procedures for backing up critical computer based data systems
  • Yes No N/A Don't Know Validate the computer security system

If a food establishment operator suspects that any of his/her products that are regulated by the FDA have been subject to tampering, "counterfeiting," or other malicious, criminal, or terrorist action, FDA recommends that he/she notify the FDA 24-hour emergency number at 301-443-1240 (Updated contact number: 1-866-300-4374 or 301-796-8240) or call their local FDA District Office. FDA District Office telephone numbers are listed at: http://www.fda.gov/ora/inspect_ref/iom/iomoradir.html†. FDA recommends that the operator also notify local law enforcement and public health agencies.