U.S. flag An official website of the United States government
  1. Home
  2. Regulatory Information
  3. Search for FDA Guidance Documents
  4. Guidance for Industry: Food Security Preventive Measures Guidance for Retail Food Stores and Food Service Establishments
  1. Search for FDA Guidance Documents

GUIDANCE DOCUMENT

Guidance for Industry: Food Security Preventive Measures Guidance for Retail Food Stores and Food Service Establishments October 2007

Final
Docket Number:
FDA-2020-D-1927
Issued by:
Guidance Issuing Office
Center for Food Safety and Applied Nutrition

This guidance represents the Food and Drug Administration's (FDA's) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. You can use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations.

Table of Contents

  1. INTRODUCTION
  2. BACKGROUND
  3. DISCUSSION
    1. Related Guidance
    2. Additional Resources
  4. RECOMMENDED ACTIONS
    1. Management
      1. Preparing for the possibility of tampering or other malicious, criminal, or terrorist actions.
      2. Investigation of Suspicious Activity
      3. Evaluation Program
    2. Human Element - Staff
      1. Screening (pre-hiring, at hiring, post-hiring)
      2. Daily Work Assignments
      3. Identification
      4. Restricted Access
      5. Personal Items
      6. Training in Food Security Procedures
      7. Unusual Behavior
      8. Staff Health
    3. Human Element - Public
      1. Customers
      2. Visitors (for example, contractors, supplier representatives, delivery drivers, customers, couriers, pest control representatives, third party auditors, regulators, reporters, tours)
    4. Facility
      1. Physical Security
      2. Storage and Use of Poisonous and Toxic Chemicals (for example cleaning and sanitizing agents, pesticides)
    5. Operations
      1. Incoming Products
      2. Storage
      3. Food Service and Retail Display
      4. Security of Water and Utilities
      5. Mail Packages
      6. Access to Computer Systems
  5. Appendix: Food Defense Self Assessment Tool for Retail Food Stores and Food Service Establishments
    Please note that the Food Defense Self Assessment Tool is derived from the above referenced guidance and we have deleted examples and references to other agencies and their regulations. We encourage users to become familiar with the guidance document before using this tool.

I. INTRODUCTION

This guidance is designed as an aid to operators of retail food stores and food service establishments (for example, bakeries, bars, bed-and-breakfast operations, cafeterias, camps, child and adult day care providers, church kitchens, commissaries, community fund raisers, convenience stores, fairs, food banks, grocery stores, interstate conveyances, meal services for home-bound persons, mobile food carts, restaurants, and vending machine operators). This is a very diverse set of establishments, which includes both very large and very small entities.

This guidance identifies the kinds of preventive measures they may take to minimize the risk that food under their control will be subject to tampering or other malicious, criminal, or terrorist actions.

FDA's guidance documents, including this guidance, do not establish legally enforceable responsibilities. Instead, guidances describe the Agency's current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required.

II. BACKGROUND

Operators of food retail food stores and food service establishments are encouraged to review their current procedures and controls in light of the potential for tampering or other malicious, criminal, or terrorist actions and make appropriate improvements. This guidance is designed to focus operators' attention sequentially on each segment of the food delivery system that is within their control, to minimize the risk of tampering or other malicious, criminal, or terrorist action at each segment. To be successful, implementing enhanced preventive measures requires the commitment of management and staff. Accordingly, FDA recommends that both management and staff participate in the development and review of such measures.

Not all of the guidance contained in this document may be appropriate or practical for every retail food store or food service establishment, particularly smaller facilities. FDA recommends that operators review the guidance in each section that relates to a component of their operation, and assess which preventive measures are suitable. Example approaches are provided for many of the preventive measures listed in this document. These examples should not be regarded as minimum standards. Nor should the examples provided be considered an inclusive list of all potential approaches to achieving the goal of the preventive measure. FDA recommends that operators consider the goal of the preventive measure, assess whether the goal is relevant to their operation, and, if it is, design an approach that is both efficient and effective to accomplish the goal under their conditions of operation.

III. DISCUSSION

This guidance is divided into five sections that relate to individual components of a retail food store or food service establishment operation: management; human element - staff; human element - public; facility; and operations.

A. Related Guidance

FDA has published two companion guidance documents on food security, entitled, "Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance" and "Importers and Filers: Food Security Preventive Measures Guidance" to cover the farm-to-table spectrum of food production. Both documents are available at: http://www.cfsan.fda.gov/~dms/guidance.html.

B. Additional Resources: (2)

A process called Operational Risk Management (ORM) may help prioritize the preventive measures that are most likely to have the greatest impact on reducing the risk of tampering or other malicious, criminal, or terrorist actions against food. Information on ORM is available in the Federal Aviation Administration (FAA) System Safety Handbook, U.S. Department of Transportation, FAA, December 30, 2000, Chapter 15, Operational Risk Management. The handbook is available at: http://www.asy.faa.gov/Risk/SSHandbook/Chap15_1200.PDF.

The U.S. Department of Transportation, Research and Special Programs Administration has published an advisory notice of voluntary measures to enhance the security of hazardous materials shipments. It is available at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2002_register&docid=02-3636-filed.pdf. The notice provides guidance to shippers and carriers on personnel, facility and en route security issues.

The U.S. Postal Service has prepared guidance for identifying and handling suspicious mail. It is available at: http://www.usps.com/news/2001/press/mailsecurity/postcard.htm.

The Federal Anti-Tampering Act (18 USC 1365) makes it a federal crime to tamper with or taint a consumer product, or to attempt, threaten or conspire to tamper with or taint a consumer product, or make a false statement about having tampered with or tainted a consumer product. Conviction can lead to penalties of up to $100,000 in fines and up to life imprisonment. The Act is available at: Federal Anti-Tampering Act (PDF).

Finally, some trade associations have developed food security guidance that is appropriately focused for that specific industry. For example, the International Dairy Food Association has developed a food security guidance document as an aid to the dairy industry.

FDA encourages other trade associations to evaluate the preventive measures contained in this FDA guidance document and adapt them to their specific products and operations and to supplement this guidance with additional preventive measures when appropriate. FDA welcomes dialogue on the content of sector specific guidance with appropriate trade associations.

IV. Recommended Actions

A. Management

1. Preparing for the possibility of tampering or other malicious, criminal, or terrorist actions.

  • assigning responsibility for security to knowledgeable individual(s)
  • conducting an initial assessment of food security procedures and operations, which we recommend be kept confidential
  • having a crisis management strategy to prepare for and respond to tampering and other malicious, criminal, or terrorist actions, both threats and actual events, including identifying, segregating and securing affected product
  • planning for emergency evacuation, including preventing security breaches during evacuation
  • becoming familiar with the emergency response system in the community
  • making management aware of 24-hour contact information for local, state, and federal police/fire/rescue/health/homeland security agencies
  • making staff aware of whom in management they should alert about potential security problems (24-hour contacts)
  • promoting food security awareness to encourage all staff to be alert to any signs of tampering or other malicious, criminal, or terrorist actions or areas that may be vulnerable to such actions, and reporting any findings to identified management (for example, providing training, instituting a system of rewards, building security into job performance standards)
  • having an internal communication system to inform and update staff about relevant security issues
  • having a strategy for communicating with the public (for example, identifying a media spokesperson, preparing generic press statements and background information, and coordinating press statements with appropriate authorities)

2. Supervision

  • providing an appropriate level of supervision to all staff, including cleaning and maintenance staff, contract workers, data entry and computer support staff, and especially, new staff (for example, supervisor on duty, periodic unannounced visits by supervisor, daily visits by supervisor, two staff on duty at same time, monitored video cameras, off-line review of video tapes, one-way and two-way windows, customer feedback to supervisor of unusual or suspicious behavior by staff)
  • conducting routine security checks of the premises, including utilities and critical computer data systems (at a frequency appropriate to the operation) for signs of tampering or malicious, criminal, or terrorist actions or areas that may be vulnerable to such actions

3. Investigation of Suspicious Activity

  • investigating threats or information about signs of tampering or other malicious, criminal, or terrorist actions
  • alerting appropriate law enforcement and public health authorities about any threats of or suspected tampering or other malicious, criminal, or terrorist actions

4. Evaluation Program

  • evaluating the lessons learned from past tampering or other malicious, criminal, or terrorist actions and threats
  • reviewing and verifying, at least annually, the effectiveness of the security management program (for example, using knowledgeable in-house or third party staff to conduct tampering or other malicious, criminal, or terrorist action exercises and mock recalls and to challenge computer security systems), revising the program accordingly, and keeping this information confidential
  • performing random food security inspections of all appropriate areas of the facility (including receiving and warehousing, where applicable) using knowledgeable in-house or third party staff, and keeping this information confidential
  • verifying that security contractors are doing an appropriate job, when applicable

B. Human Element - Staff

Under Federal law, retail food store and food service establishment operators are required to verify the employment eligibility of all new hires, in accordance with the requirements of the Immigration and Nationality Act, by completing the INS Employment Eligibility Verification Form (INS Form I-9). Completion of Form I-9 for new hires is required by 8 USC 1324a and nondiscrimination provisions governing the verification process are set forth at 8 USC 1324b.

1. Screening (pre-hiring, at hiring, post-hiring)

  • examining the background of all staff (including seasonal, temporary, contract, and volunteer staff, whether hired directly or through a recruitment firm) as appropriate to their position, considering candidates' access to sensitive areas of the facility and the degree to which they will be supervised and other relevant factors (for example, obtaining and verifying work references, addresses, and phone numbers, participating in one of the pilot programs managed by the Immigration and Naturalization Service and the Social Security Administration [These programs provide electronic confirmation of employment eligibility for newly hired employees. For more information call the INS SAVE Program toll free at 1-888-464-4218, fax a request for information to (202) 514-9981, or write to US/INS, SAVE Program, 425 I Street, NW, ULLICO-4th Floor, Washington, DC 20536. These pilot programs may not be available in all states], having a criminal background check performed by local law enforcement or by a contract service provider [Remember to first consult any state or local laws that may apply to the performance of such checks])

Note: screening procedures should be applied equally to all staff, regardless of race, national origin, religion, and citizenship or immigration status.

2. Daily Work Assignments

  • knowing who is and who should be on premises, and where they should be located, for each shift
  • keeping information updated

3. Identification

  • establishing a system of positive identification and recognition that is appropriate to the nature of the workforce (for example, issuing uniforms, name tags, or photo identification badges with individual control numbers, color coded by area of authorized access), when appropriate
  • collecting the uniforms, name tag, or identification badge when a staff member is no longer associated with the establishment

4. Restricted Access

  • identifying staff that require unlimited access to all areas of the facility
  • reassessing levels of access for all staff periodically
  • limiting staff access to non-public areas so staff enter only those areas necessary for their job functions and only during appropriate work hours (for example, using key cards or keyed or cipher locks for entry to sensitive areas, color coded uniforms [remember to consult any relevant federal, state, or local fire or occupational safety codes before making any changes])
  • changing combinations, rekeying locks and/or collecting the retired key card when a staff member who is in possession of these is no longer associated with the establishment, and additionally as needed to maintain security

5. Personal Items

  • restricting the type of personal items allowed in non-public areas of the establishment
  • allowing in the establishment only those personal use medicines that are necessary for the health of staff and ensuring that these personal use medicines are properly labeled and stored away from stored food and food preparation areas
  • preventing staff from bringing personal items (for example, lunch containers, purses) into nonpublic food preparation or storage areas
  • providing for regular inspection of contents of staff lockers (for example, providing metal mesh lockers, company issued locks), bags, packages, and vehicles when on company property (Remember to first consult any federal, state, or local laws that may relate to such inspections)

6. Training in Food Security Procedures

  • incorporating food security awareness, including information on how to prevent, detect, and respond to tampering or other malicious, criminal, or terrorist actions or threats, into training programs for staff, including seasonal, temporary, contract, and volunteer staff
  • providing periodic reminders of the importance of security procedures (for example, scheduling meetings, providing brochures or payroll stuffers)
  • encouraging staff support (for example, involving staff in food security planning and the food security awareness program, demonstrating the importance of security procedures to the staff)

7. Unusual Behavior

  • watching for unusual or suspicious behavior by staff (for example, staff who, without an identifiable purpose, stay unusually late after the end of their shift, arrive unusually early, access files/information/areas of the facility outside of the areas of their responsibility; remove documents from the facility; ask questions on sensitive subjects; bring cameras to work)

8. Staff Health

  • being alert for atypical staff health conditions that staff may voluntarily report and absences that could be an early indicator of tampering or other malicious, criminal, or terrorist actions (for example, an unusual number of staff who work in the same part of the facility reporting similar symptoms within a short time frame), and reporting such conditions to local health authorities

C. Human Element - Public

1. Customers

  • preventing access to food preparation and storage and dishwashing areas in the non-public areas of the establishment, including loading docks
  • monitoring public areas, including entrances to public restrooms (for example, using security guards, monitored video cameras, one-way and two-way windows, placement of employee workstations for optimum visibility) for unusual or suspicious activity (for example, a customer returning a product to the shelf that he/she brought into the store, spending an unusual amount of time in one area of the store)
  • monitoring the serving or display of foods in self-service areas (for example, salad bars, condiments, open bulk containers, produce display areas, doughnut/bagel cases)

2. Visitors (for example, contractors, sales representatives, delivery drivers, couriers, pest control representatives, third-party auditors, regulators, reporters, tours)

  • restricting entry to the non-public areas of the establishment (for example, checking visitors in and out before entering the non-public areas, requiring proof of identity, issuing visitors badges that are collected upon departure, accompanying visitors)
  • ensuring that there is a valid reason for all visits to the non-public areas of the establishment before providing access to the facility - beware of unsolicited visitors
  • verifying the identity of unknown visitors to the non-public areas of the establishment
  • inspecting incoming and outgoing packages and briefcases in the non-public areas of the establishment for suspicious, inappropriate or unusual items, to the extent practical

D. Facility

1. Physical Security

  • protecting non-public perimeter access with fencing or other deterrent, when appropriate
  • securing doors (including freight loading doors, when not in use and not being monitored, and emergency exits), windows, roof openings/hatches, vent openings, ventilation systems, utility rooms, ice manufacturing and storage rooms, loft areas, trailer bodies, and bulk storage tanks for liquids, solids, and compressed gases, to the extent possible (for example, using locks, "jimmy plates," seals, alarms, intrusion detection sensors, guards, monitored video surveillance [remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes])
  • using metal or metal-clad exterior doors to the extent possible when the facility is not in operation, except where visibility from public thoroughfares is an intended deterrent (remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes)
  • minimizing the number of entrances to non-public areas (remember to consult any relevant federal, state or local fire or occupational safety codes before making any changes)
  • accounting for all keys to establishment (for example, assigning responsibility for issuing, tracking, and retrieving keys)
  • monitoring the security of the premises using appropriate methods (for example, using security patrols [uniformed and/or plain-clothed], monitored video surveillance)
  • minimizing, to the extent practical, places in public areas that an intruder could remain unseen after work hours
  • minimizing, to the extent practical, places in non-public areas that can be used to temporarily hide intentional contaminants (for example, minimizing nooks and crannies, false ceilings)
  • providing adequate interior and exterior lighting, including emergency lighting, where appropriate, to facilitate detection of suspicious or unusual activities
  • implementing a system of controlling vehicles authorized to park in the non-public parking areas (for example, using placards, decals, key cards, keyed or cipher locks, issuing passes for specific areas and times to visitors' vehicles)
  • keeping customer, employee, and visitor parking areas separated from entrances to non-public areas, where practical

2. Storage and Use of Poisonous and Toxic Chemicals (for example, cleaning and sanitizing agents, pesticides) in non-public areas

  • limiting poisonous and toxic chemicals in the establishment to those that are required for the operation and maintenance of the facility and those that are being stored or displayed for retail sale
  • storing poisonous and toxic chemicals as far away from food handling and storage areas as practical
  • limiting access to and securing storage areas for poisonous or toxic chemicals that are not being held for retail sale (for example, using keyed or cipher locks, key cards, seals, alarms, intrusion detection sensors, guards, monitored video surveillance [remember to consult any relevant federal, state, or local fire codes before making any changes])
  • ensuring that poisonous and toxic chemicals are properly labeled
  • using pesticides in accordance with the Federal Insecticide, Fungicide, and Rodenticide Act (for example, maintaining rodent bait that is in use in covered, tamper-resistant bait stations)
  • knowing what poisonous and toxic chemicals should be on the premises and keeping track of them
  • investigating missing stock or other irregularities outside a normal range of variation and alerting appropriate law enforcement and public health authorities about unresolved problems, when appropriate

E. Operations

1. Incoming Products

  • using only known and appropriately licensed or permitted (where applicable) sources for all incoming products
  • informing suppliers, distributors, and transporters about FDA's food security guidance, "Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance" and "Importers and Filers: Food Security Preventive Measures Guidance," available at: http://www.cfsan.fda.gov/~dms/guidance.html.
  • taking steps to ensure that delivery vehicles are appropriately secured
  • requesting that transporters have the capability to verify the location of the load at any time, when practical
  • establishing delivery schedules, not accepting unexplained, unscheduled deliveries or drivers, and investigating delayed or missed shipments
  • supervising off-loading of incoming materials, including off hour deliveries
  • reconciling the product and amount received with the product and amount ordered and the product and amount listed on the invoice and shipping documents, taking into account any sampling performed prior to receipt
  • investigating shipping documents with suspicious alterations
  • inspecting incoming products and product returns for signs of tampering, contamination, or damage (for example, abnormal powders, liquids, stains, or odors, evidence of resealing, compromised tamper-evident packaging) or "counterfeiting" (for example, inappropriate or mismatched product identity, labeling, product lot coding or specifications, absence of tamper-evident packaging when the label contains a tamper-evident notice), when appropriate
  • rejecting suspect food
  • alerting appropriate law enforcement and public health authorities about evidence of tampering, "counterfeiting," or other malicious, criminal, or terrorist action

3. Storage

  • having a system for receiving, storing, and handling distressed, damaged, and returned products, and products left at checkout counters, that minimizes their potential for being compromised (for example, obtaining the reason for return and requiring proof of identity of the individual returning the product, examining returned or abandoned items for signs of tampering, not reselling returned or abandoned products)
  • keeping track of incoming products, materials in use, salvage products, and returned products
  • investigating missing or extra stock or other irregularities outside a normal range of variability and reporting unresolved problems to appropriate law enforcement and public health authorities, when appropriate
  • minimizing reuse of containers, shipping packages, cartons, etc., where practical

4. Food Service and Retail Display

  • displaying poisonous and toxic chemicals for retail sale in a location where they can be easily monitored (for example, visible by staff at their work stations, windows, video monitoring)
  • periodically checking products displayed for retail sale for evidence of tampering or other malicious, criminal, or terrorist action (for example, checking for off-condition appearance [for example, stained, leaking, damaged packages, missing or mismatched labels], proper stock rotation, evidence of resealing, condition of tamper-evident packaging, where applicable, presence of empty food packaging or other debris on the shelving), to the extent practical
  • monitoring self-service areas (for example, salad bars, condiments, open bulk containers, produce display areas, doughnut/bagel cases) for evidence of tampering or other malicious, criminal, or terrorist action

5. Security of Water and Utilities

  • limiting, to the extent practical, access to controls for airflow, water, electricity, and refrigeration
  • securing non-municipal water wells, hydrants, storage, and handling facilities
  • ensuring that water systems and trucks are equipped with backflow prevention
  • chlorinating non-municipal water systems and monitoring chlorination equipment and chlorine levels
  • testing non-municipal sources for potability regularly, as well as randomly, and being alert to changes in the profile of the results
  • staying attentive to the potential for media alerts about public water provider problems, when applicable
  • identifying alternate sources of potable water for use during emergency situations where normal water systems have been compromised (for example, trucking from an approved source, treating on-site or maintaining on-site storage)

6. Mail/Packages

  • implementing procedures to ensure the security of incoming mail and packages

7. Access to Computer Systems

  • restricting access to critical computer data systems to those with appropriate clearance (for example, using passwords, firewalls)
  • eliminating computer access when a staff member is no longer associated with the establishment
  • establishing a system of traceability of computer transactions
  • reviewing the adequacy of virus protection systems and procedures for backing up critical computer based data systems
  • validating the computer security system

Emergency Point of Contact

U.S. Food and Drug Administration
5600 Fishers Lane
Rockville, MD 20857
Updated contact number: 1-866-300-4374 or 301-796-8240)

If a retail food store or food service establishment operator suspects that any of his/her products that are regulated by the FDA have been subject to tampering, "counterfeiting," or other malicious, criminal, or terrorist action, FDA recommends that he/she notify the FDA 24-hour emergency number at (Updated contact number: 1-866-300-4374 or 301-796-8240) or call their local FDA District Office. FDA recommends that the operator also notify local law enforcement and public health authorities.

V. Appendix: Food Defense Self Assessment Tool for Retail Food Stores and Food Service Establishments

(Fillable print version is available in PDF, 1.3 MB)

Please note that the Food Defense Self Assessment Tool is derived from the above referenced guidance and we have deleted examples and references to other agencies and their regulations. We encourage users to become familiar with the guidance document before using this tool. 

Retail Food Store and Food Service Establishment Operations

Mark each item either Y (Yes), N (No), N/A (Not Applicable), or Don't Know.

Management

  • Y, N, N/A, or Don't Know -  Prepare for the possibility of tampering or other malicious, criminal, or terrorist events
  • Y, N, N/A, or Don't Know -  Assign responsibility for security to knowledgeable individual(s)
  • Y, N, N/A, or Don't Know -  Conduct an initial assessment of food security procedures and operations
  • Y, N, N/A, or Don't Know -  Have a crisis management strategy to prepare for and respond to tampering and other malicious, criminal, or terrorist actions, both threats and actual events, including identifying, segregating, and securing affected products
  • Y, N, N/A, or Don't Know -  Plan for emergency evacuation, including preventing security breaches during evacuation
  • Y, N, N/A, or Don't Know -  Become familiar with the emergency response system in the community
  • Y, N, N/A, or Don't Know -  Make management aware of 24-hour contact information for local, state, and federal police/fire/rescue/health/homeland security agencies
  • Y, N, N/A, or Don't Know -  Make staff aware of who in management they should alert about potential security problems (24-hour contacts)
  • Y, N, N/A, or Don't Know -  Promote food security awareness to encourage all staff to be alert to any signs of tampering or malicious, criminal, or terrorist actions or areas that may be vulnerable to such actions, and to report any findings to identified management
  • Y, N, N/A, or Don't Know -  Have an internal communication system to inform and update staff about relevant security issues
  • Y, N, N/A, or Don't Know -  Have a strategy for communicating with the public

Investigation of suspicious activity

  • Y, N, N/A, or Don't Know -  Investigate threats or information about signs of tampering or other malicious, criminal, or terrorist actions
  • Y, N, N/A, or Don't Know -  Alert appropriate law enforcement and public health authorities about any threats of or suspected tampering or other malicious, criminal, or terrorist actions

Evaluation program

  • Y, N, N/A, or Don't Know -  Evaluate the lessons learned from past tampering or other malicious, criminal, or terrorist actions and threats
  • Y, N, N/A, or Don't Know -  Review and verify, at least annually, the effectiveness of the security management program, revise accordingly
  • Y, N, N/A, or Don't Know -  Perform random food security inspections of all appropriate areas of the facility (including receiving and storage areas, where applicable) using knowledgeable in-house or third-party staff
  • Y, N, N/A, or Don't Know -  Verify that security contractors are doing an appropriate job, when applicable
Human element -- staff

Daily work assignments

  • Y, N, N/A, or Don't Know -  Know who is and who should be on premises, and where they should be located, for each shift
  • Y, N, N/A, or Don't Know -  Keep information updated

Identification

  • Y, N, N/A, or Don't Know -  Establish a system of positive identification and recognition, when appropriate
  • Y, N, N/A, or Don't Know -  Collect the uniforms, name tag, or identification badge when a staff member is no longer associated with the establishment

Restricted access

  • Y, N, N/A, or Don't Know -  Identify staff that require unlimited access to all areas of the facility
  • Y, N, N/A, or Don't Know -  Reassess levels of access for all staff periodically
  • Y, N, N/A, or Don't Know -  Limit staff access to non-public areas so staff enter only those areas necessary for their job functions and only during appropriate work hours
  • Y, N, N/A, or Don't Know -  Change combinations, rekeying locks, and/or collect the retired key card when a staff member who is in possession of these is no longer associated with the establishment, and additionally as needed to maintain security

Personal items

  • Y, N, N/A, or Don't Know -  Restrict the type of personal items allowed in non-public areas of the establishment
  • Y, N, N/A, or Don't Know -  Allow in the non-public areas of the establishment only those personal use medicines that are necessary for the health of staff (other than those being stored or displayed for retail sale) and ensure that these personal use medicines are properly labeled and stored away from stored food and food preparation areas
  • Y, N, N/A, or Don't Know -  Prevent staff from bringing personal items into nonpublic food preparation or storage areas
  • Y, N, N/A, or Don't Know -  Provide for regular inspection of contents of staff lockers, bags, packages, and vehicles when on company property

Training in food security procedures

  • Y, N, N/A, or Don't Know -  Incorporate food security awareness, including information on how to prevent, detect, and respond to tampering or other malicious, criminal, or terrorist actions or threats, into training programs for staff, including seasonal, temporary, contract, and volunteer staff
  • Y, N, N/A, or Don't Know -  Provide periodic reminders of the importance of security procedures
  • Y, N, N/A, or Don't Know -  Encourage staff participation in security procedures

Unusual behavior

  • Y, N, N/A, or Don't Know -  Watch for unusual or suspicious behavior by staff

Staff health

  • Y, N, N/A, or Don't Know -  Be alert for atypical staff health conditions that staff may voluntarily report and absences that could be an early indicator of tampering or other malicious, criminal, or terrorist actions, and report such conditions to local health authorities
Human element -- public

Customers

  • Y, N, N/A, or Don't Know -  Prevent access to food preparation and storage and dishwashing areas in the non-public areas of the establishment, including loading docks
  • Y, N, N/A, or Don't Know -  Monitor public areas, including entrances to public restrooms for unusual or suspicious
  • Y, N, N/A, or Don't Know -  Monitor the serving or display of foods in self-service areas

Other (Non-Employee, Non-customer) visitors

  • Y, N, N/A, or Don't Know -  Restrict entry to the non-public areas of the establishment
  • Y, N, N/A, or Don't Know -  Ensure that there is a valid reason for all visits to the non-public areas of the establishment before providing access to the facility - beware of unsolicited visitors
  • Y, N, N/A, or Don't Know -  Verify the identity of unknown visitors to the non-public areas of the establishment
  • Y, N, N/A, or Don't Know -  Inspect incoming and outgoing packages and briefcases in the non-public areas of the establishment for suspicious, inappropriate or unusual items, to the extent practical
Facility

Physical security

  • Y, N, N/A, or Don't Know -  Protect non-public perimeter access with fencing or other deterrent, when appropriate
  • Y, N, N/A, or Don't Know -  Secure all doors, windows, roof openings/hatches, vent openings, ventilation systems, utility rooms, ice manufacturing and storage rooms, loft areas and trailer bodies, and bulk storage tanks for liquids, solids and compressed gases to the extent possible
  • Y, N, N/A, or Don't Know -  Use metal or metal-clad exterior doors to the extent possible when the facility is not in operation, except where visibility from public thoroughfares is an intended deterrent
  • Y, N, N/A, or Don't Know -  Minimize the number of entrances to non-public areas
  • Y, N, N/A, or Don't Know -  Account for all keys to establishment
  • Y, N, N/A, or Don't Know -  Monitor the security of the premises using appropriate methods
  • Y, N, N/A, or Don't Know -  Minimize, to the extent practical, places in public areas that an intruder could remain unseen after work hours
  • Y, N, N/A, or Don't Know -  Minimize, to the extent practical, places in non-public areas that can be used to temporarily hide intentional contaminants
  • Y, N, N/A, or Don't Know -  Provide adequate interior and exterior lighting, include emergency lighting, where appropriate, to facilitate detection of suspicious or unusual activity
  • Y, N, N/A, or Don't Know -  Implement a system of control vehicles authorized to park in the non-public parking areas
  • Y, N, N/A, or Don't Know -  Keep customer, employee, and visitor parking areas separated from entrances to non-public areas, where practical

Storage and use of poisonous and toxic chemicals (for example, cleaning and sanitizing agents, pesticides) in non-public areas

  • Y, N, N/A, or Don't Know -  Limit poisonous and toxic chemicals in the establishment to those that are required for the operation and maintenance of the facility and those that are being stored or displayed for retail sale
  • Y, N, N/A, or Don't Know -  Store poisonous and toxic chemicals as far away from food handling and food storage areas as practical
  • Y, N, N/A, or Don't Know -  Limit access to and securing storage areas for poisonous or toxic chemicals that are not being held for retail sale
  • Y, N, N/A, or Don't Know -  Ensure that poisonous and toxic chemicals are properly labeled
  • Y, N, N/A, or Don't Know -  Use pesticides in accordance with the Federal Insecticide, Fungicide, and Rodenticide Act
  • Y, N, N/A, or Don't Know -  Know what poisonous and toxic chemicals should be on the premises and keeping track of them
  • Y, N, N/A, or Don't Know -  Investigate missing stock or other irregularities outside a normal range of variation and alert local enforcement and public health agencies about unresolved problems, when appropriate
Operations

Incoming products

  • Y, N, N/A, or Don't Know -  Use only known and appropriately licensed or permitted (where applicable) sources for all incoming products
  • Y, N, N/A, or Don't Know -  Take steps to ensure that delivery vehicles are appropriately secured
  • Y, N, N/A, or Don't Know -  Request that transporters have the capability to verify the location of the load at any time, when practical
  • Y, N, N/A, or Don't Know -  Establish delivery schedules, not accepting unexplained, unscheduled deliveries or drivers, and investigate delayed or missed shipments
  • Y, N, N/A, or Don't Know -  Supervise off-loading of incoming materials, including off hour deliveries
  • Y, N, N/A, or Don't Know -  Reconcile the product and amount received with the product and amount ordered and the product and amount listed on the invoice and shipping documents, take into account any sampling performed prior to receipt
  • Y, N, N/A, or Don't Know -  Investigate shipping documents with suspicious alterations
  • Y, N, N/A, or Don't Know -  Inspect incoming products and product returns for signs of tampering, contamination, or damage or "counterfeiting", when appropriate
  • Y, N, N/A, or Don't Know -  Reject suspect food
  • Y, N, N/A, or Don't Know -  Alert appropriate law enforcement and public health authorities about evidence of tampering, "counterfeiting," or other malicious, criminal, or terrorist action

Storage

  • Y, N, N/A, or Don't Know -  Have a system for receiving, storing, and handling distressed, damaged, and returned products, and products left at checkout counters, that minimizes their potential for being compromised
  • Y, N, N/A, or Don't Know -  Keep track of incoming products, materials in use, salvage products, and returned products
  • Y, N, N/A, or Don't Know -  Investigate missing or extra stock or other irregularities outside a normal range of variability and reporting unresolved problems to appropriate law enforcement and public health authorities, when appropriate
  • Y, N, N/A, or Don't Know -  Minimize reuse of containers, shipping packages, cartons, etc., where practical

Food service and retail display

  • Y, N, N/A, or Don't Know -  Display poisonous and toxic chemicals for retail sale in a location where they can be easily monitored
  • Y, N, N/A, or Don't Know -  Periodically check products displayed for retail sale for evidence of tampering or other malicious, criminal, or terrorist action, to the extent practical
  • Y, N, N/A, or Don't Know -  Monitor self-service areas for evidence of tampering or other malicious, criminal, or terrorist action

Access to computer systems

  • Y, N, N/A, or Don't Know -  Restrict access to critical computer data systems to those with appropriate clearance
  • Y, N, N/A, or Don't Know -  Eliminate computer access when a staff member is no longer associated with the establishment
  • Y, N, N/A, or Don't Know -  Establish a system of traceability of computer transactions
  • Y, N, N/A, or Don't Know -  Review the adequacy of virus protection systems and procedures for backing up critical computer-based data systems
  • Y, N, N/A, or Don't Know -  Validate the computer security system

If a retail food store or food service establishment operator suspects that any of his/her products that are regulated by the FDA have been subject to tampering, "counterfeiting," or other malicious, criminal, or terrorist action, FDA recommends that he/she notify the FDA 24-hour emergency number at -866-300-4374 or 301-796-8240 or call their local FDA District Office. FDA District Office telephone numbers are listed at Investigations Operations Manual. FDA recommends that the operator also notify local law enforcement and public health authorities.


Related Information


Contact FDA

Outreach and Information Center
1-888-SAFEFOOD
1-888-723-3366
10 AM- 4 PM EST
Closed Thurs 12:30PM - 1:30PM EST

Inquiries: Submit Your Question

Center for Food Safety and Applied Nutrition
Food and Drug Administration
5001 Campus Drive
College Park, MD 20740

Industry and Consumer Assistance


Submit Comments

You can submit online or written comments on any guidance at any time (see 21 CFR 10.115(g)(5))

If unable to submit comments online, please mail written comments to:

Dockets Management
Food and Drug Administration
5630 Fishers Lane, Rm 1061
Rockville, MD 20852

All written comments should be identified with this document's docket number: FDA-2020-D-1927.

 
Back to Top