Mitigation Strategies To Protect Food Against Intentional Adulteration, 34165-34223 [2016-12373]
Download as PDF
Vol. 81
Friday,
No. 103
May 27, 2016
Part IV
Department of Health and Human Services
mstockstill on DSK3G9T082PROD with RULES4
Food and Drug Administration
21 CFR Parts 11 and 121
Mitigation Strategies To Protect Food Against Intentional Adulteration; Final
Rule
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
PO 00000
Frm 00001
Fmt 4717
Sfmt 4717
E:\FR\FM\27MYR4.SGM
27MYR4
34166
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 11 and 121
[Docket No. FDA–2013–N–1425]
RIN 0910–AG63
Mitigation Strategies To Protect Food
Against Intentional Adulteration
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Final rule.
The Food and Drug
Administration (FDA or we) is issuing
this final rule to require domestic and
foreign food facilities that are required
to register under the Federal Food, Drug,
and Cosmetic Act (the FD&C Act) to
address hazards that may be introduced
with the intention to cause wide scale
public health harm. These food facilities
are required to conduct a vulnerability
assessment to identify significant
vulnerabilities and actionable process
steps and implement mitigation
strategies to significantly minimize or
prevent significant vulnerabilities
identified at actionable process steps in
a food operation. FDA is issuing these
requirements as part of our
implementation of the FDA Food Safety
Modernization Act (FSMA).
DATES: This rule is effective July 26,
2016. See section VIII for compliance
dates.
SUMMARY:
FOR FURTHER INFORMATION CONTACT:
Ryan Newkirk, Center for Food Safety
and Applied Nutrition (HFS–005), Food
and Drug Administration, 5100 Paint
Branch Pkwy., College Park, MD 20740,
240–402–3712, email: Ryan.Newkirk@
fda.hhs.gov.
SUPPLEMENTARY INFORMATION:
mstockstill on DSK3G9T082PROD with RULES4
Table of Contents
Executive Summary
Purpose and Coverage of the Rule
Summary of the Major Provisions of the
Rule
Costs and Benefits
I. Background
A. FDA Food Safety Modernization Act
B. Proposed Rule on Intentional
Adulteration
C. Appendix 4 to Draft Risk Assessment
D. Public Comments
II. Legal Authority
A. Section 103 of FSMA
B. Section 106 of FSMA
C. Intrastate Activities
III. General Comments on the Proposed Rule
A. Comments on Overall Framework for
the Regulatory Approach
B. One Set of Requirements Under Sections
418 and 420 of the FD&C Act
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
C. Require Measures Only in the Event of
a Credible Threat
D. General Comments on Implementation
and Compliance
E. Comments on Requests for Additional
Exemptions
F. Other General Comments
G. Other Issues Discussed in the Proposed
Rule
IV. Subpart A: Comments on Specific
Provisions
A. Revisions to Definitions Also Used in
Section 415 Registration Regulations (21
CFR Part 1, Subpart H) and Section 414
Recordkeeping Regulations (21 CFR Part
1, Subpart J)
B. Other Definitions That We Proposed To
Establish in Part 121
C. Additional Definitions to Clarify Terms
Not Defined in the Proposed Rule
D. Comments Asking FDA to Establish
Additional Definitions or Otherwise
Clarify Terms Not Defined in the Rule
E. Proposed § 121.5—Exemptions
V. Subpart C: Comments on Food Defense
Measures
A. Proposed § 121.126—Requirement for a
Food Defense Plan
B. Proposed § 121.130—Identification of
Actionable Process Steps
C. Proposed § 121.135—Focused Mitigation
Strategies for Actionable Process Steps
D. Final § 121.138—Mitigation Strategies
Management Components
E. Proposed § 121.140—Monitoring
F. Proposed § 121.145—Corrective Actions
G. Proposed § 121.150—Verification
H. Proposed § 121.160—Training (Final
§ 121.4)
VI. Subpart D: Comments on Requirements
Applying to Records That Must Be
Established and Maintained
A. Proposed § 121.301—Records Subject to
the Requirements of This Subpart D
B. Proposed § 121.305—General
Requirements Applying to Records
C. Proposed § 121.310—Additional
Requirements Applying to the Food
Defense Plan
D. Proposed § 121.315—Requirements for
Record Retention
E. Proposed § 121.320—Requirements for
Official Review
F. Proposed § 121.325—Public Disclosure
G. Proposed § 121.330—Use of Existing
Records
VII. Subpart E: Comments on Compliance—
Proposed § 121.401
VIII. Effective and Compliance Dates
IX. Executive Order 13175
X. Final Regulatory Impact Analysis
XI. Paperwork Reduction Act of 1995
XII. Analysis of Environmental Impact
XIII. Federalism
XIV. References
Executive Summary
Purpose and Coverage of the Rule
This regulation implements three
provisions of the FD&C Act, as amended
by FSMA, that relate to the intentional
adulteration of food. Section 418 of the
FD&C Act (21 U.S.C. 350g) addresses
intentional adulteration in the context
of facilities that manufacture, process,
PO 00000
Frm 00002
Fmt 4701
Sfmt 4700
pack, or hold food and are required to
register under section 415 of the FD&C
Act (21 U.S.C. 350d). Section 419 of the
FD&C Act (21 U.S.C. 350h) addresses
intentional adulteration in the context
of fruits and vegetables that are raw
agricultural commodities. Section 420 of
the FD&C Act (21 U.S.C. 350i) addresses
intentional adulteration in the context
of high-risk foods and exempts farms
except for farms that produce milk. FDA
is implementing the intentional
adulteration provisions in sections 418,
419, and 420 of the FD&C Act in this
rulemaking.
The purpose of this rule is to protect
food from intentional acts of
adulteration where there is an intent to
cause wide scale public health harm.
This rule applies to both domestic and
foreign facilities that are required to
register under section 415 of the FD&C
Act. This rule establishes several
exemptions as follows:
• The rule does not apply to a very
small business (i.e., a business,
including any subsidiaries or affiliates,
averaging less than $10,000,000,
adjusted for inflation, per year, during
the 3-year period preceding the
applicable calendar year in both sales of
human food plus the market value of
human food manufactured, processed,
packed, or held without sale, e.g., held
for a fee), except that the facility is
required to provide for official review,
upon request, documentation sufficient
to show that the facility qualifies for this
exemption.
• This rule does not apply to the
holding of food, except the holding of
food in liquid storage tanks.
• This rule does not apply to the
packing, re-packing, labeling, or relabeling of food where the container that
directly contacts the food remains
intact.
• This rule does not apply to
activities of a farm that are subject to
section 419 of the Federal Food, Drug,
and Cosmetic Act (Standards for
Produce Safety).
• This rule does not apply with
respect to alcoholic beverages at a
facility that meets certain conditions.
• This rule does not apply to the
manufacturing, processing, packing, or
holding of food for animals other than
man.
• This rule does not apply to on-farm
manufacturing, processing, packing, or
holding by a small or very small
business of certain foods identified as
having low-risk production practices if
such activities are the only activities
conducted by the business subject to
section 418 of the FD&C Act.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
Summary of the Major Provisions of the
Final Rule
This rule establishes various food
defense measures that an owner,
operator, or agent in charge of a facility
is required to implement to protect
against the intentional adulteration of
food. Specifically:
• Prepare and implement a written
food defense plan that includes a
vulnerability assessment to identify
significant vulnerabilities and
actionable process steps, mitigation
strategies, and procedures for food
defense monitoring, corrective actions,
and verification (§ 121.126).
• Identify any significant
vulnerabilities and actionable process
steps by conducting a vulnerability
assessment for each type of food
manufactured, processed, packed, or
held at the facility using appropriate
methods to evaluate each point, step, or
procedure in a food operation
(§ 121.130).
• Identify and implement mitigation
strategies at each actionable process step
to provide assurances that the
significant vulnerability at each step
will be significantly minimized or
prevented and the food manufactured,
processed, packed, or held by the
facility will not be adulterated. For each
mitigation strategy implemented at each
actionable process step, include a
written explanation of how the
mitigation strategy sufficiently
minimizes or prevents the significant
vulnerability associated with the
actionable process step (§ 121.135).
• Establish and implement mitigation
strategies management components, as
appropriate to ensure the proper
implementation of each such mitigation
strategy, taking into account the nature
of the mitigation strategy and its role in
the facility’s food defense system
(§ 121.138).
• Establish and implement food
defense monitoring procedures, for
monitoring the mitigation strategies, as
appropriate to the nature of the
mitigation strategy and its role in the
facility’s food defense system
(§ 121.140).
• Establish and implement food
defense corrective action procedures
that must be taken if mitigation
strategies are not properly implemented,
as appropriate to the nature of the
actionable process step and the nature
of the mitigation strategy (§ 121.145).
• Establish and implement specified
food defense verification activities, as
appropriate to the nature of the
mitigation strategy and its role in the
facility’s food defense system
(§ 121.150).
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
• Conduct a reanalysis of the food
defense plan (§ 121.157).
• Ensure that all individuals who
perform required food defense activities
are qualified to perform their assigned
duties (§ 121.4).
• Establish and maintain certain
records, including the written food
defense plan (vulnerability assessment,
mitigation strategies and procedures for
food defense monitoring, corrective
actions, and verification) and
documentation related to training of
personnel. All records are subject to
certain general recordkeeping and
record retention requirements
(§§ 121.301 to 121.330).
• The effective date is 60 days after
this final rule is published. However,
we are providing for a longer timeline
for facilities to come into compliance.
Facilities, other than small and very
small businesses, have 3 years after the
effective date to comply with part 121.
Small businesses (i.e., those employing
fewer than 500 full-time equivalent
employees) have 4 years after the
effective date to comply with part 121.
Very small businesses (i.e., businesses
that have less than $10,000,000,
adjusted for inflation, per year, during
the 3-year period preceding the
applicable calendar year in both sales of
human food plus the market value of
human food manufactured, processed,
packed, or held without sale, e.g., held
for a fee) have 5 years after the effective
date to comply with § 121.5(a).
As discussed in detail in later sections
of the rule, we made several major
revisions to the provisions of this rule,
mainly in response to comments, to
provide for greater flexibility and
clarity. These major revisions to the
regulatory text include the following:
• We removed the key activity types
(KATs); however, the use of the KATs
is still permissible to conduct a
vulnerability assessment and will be
further discussed in guidance.
• We specified three elements that
must be evaluated when conducting a
vulnerability assessment: (1) The
potential public health impact (e.g.,
severity and scale) if a contaminant
were added; (2) the degree of physical
access to the product; and (3) the ability
of an attacker to successfully
contaminate the product.
• We specified that the vulnerability
assessment must consider the
possibility of an inside attacker.
• We removed the distinction
between ‘‘broad’’ and ‘‘focused’’
mitigation strategies.
• We made the mitigation strategy
management components (food defense
monitoring, corrective actions, and
verification) more flexible by providing
PO 00000
Frm 00003
Fmt 4701
Sfmt 4700
34167
that they are required ‘‘as appropriate to
ensure the proper implementation of the
mitigation strategies, taking into account
the nature of each such mitigation
strategy and its role in the facility’s food
defense system.’’
• We revised the terminology used for
the food defense management
components such that monitoring,
corrective actions, and verification are
now food defense monitoring, food
defense corrective actions, and food
defense verification.
• We made the requirement to
document food defense monitoring
more flexible by providing for use of
exception records.
• We made the food defense
corrective actions requirement more
flexible by providing that it is required
‘‘as appropriate to the nature of the
actionable process step and the nature
of the mitigation strategy.’’
• We made the requirement for
verifying proper implementation of
mitigation strategies more flexible by
providing for ‘‘other activities
appropriate for verification of proper
implementation of mitigation
strategies.’’
• We exempted records required by
this rule from the requirements of 21
Code of Federal Regulations, part 11.
• We provided for the use of existing
records if certain conditions are met.
• We removed the term ‘‘qualified
facility’’ and instead refer to ‘‘very small
business’’ in the exemption under
121.5(a).
• We established an exemption for
certain on-farm manufacturing,
processing, packing, or holding by small
and very small businesses of certain
foods identified as having low-risk
production processes.
• We added a new definition for
‘‘qualified individual’’ and included
new requirements to ensure that all
individuals who perform activities
required under subpart C are qualified
to perform their assigned activities.
• We provided longer timelines for
facilities to come into compliance with
the rule.
Costs and Benefits
The total cost of the rule, annualized
over 10 years at a 7 percent discount
rate, is between $280 and $490 million.
With a 3 percent discount rate, the
annualized cost is between $270 and
$480 million. The first-year cost is
between $680 and $930 million.
Counting only domestic firms, the total
annualized costs are between $90 and
$150 million, with initial costs of
between $220 and $300 million. The
average annualized cost per covered
facility is between $9,000 and $16,000,
E:\FR\FM\27MYR4.SGM
27MYR4
34168
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
and the average annualized cost per
covered firm is between $27,000 and
$47,000.
The benefits of the actions required by
the rule are a reduction in the
possibility of illness and death resulting
from intentional adulteration of food.
We monetize the damage that various
intentional adulteration scenarios might
cause, and present a breakeven analysis
showing the number of prevented
attacks at which the benefits are larger
than the costs. For attacks that are
similar in impact to acts of intentional
adulteration that have happened in the
United States in the past, the breakeven
threshold, counting only producer costs,
is 28 to 48 attacks prevented every year.
For attacks causing similar casualties as
major historical outbreaks of food-
related illness, the breakeven threshold
is one or two attacks every year. For
catastrophic terrorist attacks causing
thousands of fatalities, the breakeven
threshold is one attack prevented every
270 to 460 years.
The table shows the approximate,
rounded, mean values for various cost
components of the rule:
ANNUALIZED COST AND BENEFIT OVERVIEW
All Numbers are USD 2014 (millions), annualized over 10 years
3% Discount
Costs:
Learning about Rule .........................................................................................................................................
Creating Food Defense Plans ..........................................................................................................................
Mitigation Costs ................................................................................................................................................
Monitoring, Corrective Action, Verification .......................................................................................................
Employee Training ............................................................................................................................................
Documentation ..................................................................................................................................................
Subtotal (Domestic cost) ..................................................................................................................................
Cost to Foreign Firms .......................................................................................................................................
Total ..............................................................................................................................................................
Benefits:
Lower Chance of Intentional Adulteration ........................................................................................................
I. Background
A. FDA Food Safety Modernization Act
The FDA Food Safety Modernization
Act (FSMA) (Pub. L. 111–353), signed
into law by President Obama on January
4, 2011, is intended to allow FDA to
better protect public health by helping
to ensure the safety and security of the
food supply. FSMA enables us to focus
more on preventing food safety
problems rather than relying primarily
on reacting to problems after they occur.
The law also provides new enforcement
authorities to help achieve higher rates
of compliance with risk-based,
prevention-oriented safety standards
and to better respond to and contain
problems when they do occur. In
addition, the law contains important
new tools to better ensure the safety of
imported foods and encourages
partnerships with State, local, tribal,
7% Discount
$3
10
26
62
5
9
115
247
$4
11
28
62
6
9
119
256
362
375
Unquantified
and territorial authorities. A top priority
for FDA are those FSMA-required
regulations that provide the framework
for industry’s implementation of
preventive controls and enhance our
ability to oversee their implementation
for both domestic and imported food. To
that end, we proposed the seven
foundational rules listed in table 1 and
requested comments on all aspects of
these proposed rules.
TABLE 1—PUBLISHED FOUNDATIONAL RULES FOR IMPLEMENTATION OF FSMA
Abbreviation
Current Good Manufacturing Practice and Hazard Analysis and RiskBased Preventive Controls for Human Food.
Standards for the Growing, Harvesting, Packing, and Holding of
Produce for Human Consumption.
Current Good Manufacturing Practice and Hazard Analysis and RiskBased Preventive Controls for Food for Animals.
Foreign Supplier Verification Programs (FSVP) for Importers of Food
for Humans and Animals.
Accreditation of Third-Party Auditors/Certification Bodies to Conduct
Food Safety Audits and to Issue Certifications.
Focused Mitigation Strategies To Protect Food Against Intentional
Adulteration.
Sanitary Transportation of Human and Animal Food .............................
mstockstill on DSK3G9T082PROD with RULES4
Title
2013 proposed human preventive
controls rule.
2013 proposed produce safety rule
We also issued a supplemental notice
of proposed rulemaking for the rules
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
2013 proposed animal preventive
controls rule.
2013 proposed FSVP rule .............
2013 proposed third-party certification rule.
2013 proposed intentional adulteration rule.
2014 proposed sanitary transportation rule.
listed in table 2 and requested
comments on specific issues identified
PO 00000
Frm 00004
Fmt 4701
Publication
Sfmt 4700
78 FR 3646, January 16, 2013.
78 FR 3504, January 16, 2013.
78 FR 64736, October 29, 2013.
78 FR 45730, July 29, 2013.
78 FR 45782, July 29, 2013.
78 FR 78014, December 24, 2013.
79 FR 7006, February 5, 2014.
in each supplemental notice of
proposed rulemaking.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
34169
TABLE 2—PUBLISHED SUPPLEMENTAL NOTICES OF PROPOSED RULEMAKING FOR THE FOUNDATIONAL RULES FOR
IMPLEMENTATION OF FSMA
Title
Abbreviation
Publication
Current Good Manufacturing Practice and Hazard Analysis and RiskBased Preventive Controls for Human Food.
Standards for the Growing, Harvesting, Packing, and Holding of
Produce for Human Consumption.
Current Good Manufacturing Practice and Hazard Analysis and RiskBased Preventive Controls for Food for Animals.
Foreign Supplier Verification Programs (FSVP) for Importers of Food
for Humans and Animals.
2014 supplemental human preventive controls notice.
2014 supplemental produce safety
notice.
2014 supplemental animal preventive controls notice.
2014 supplemental FSVP notice ...
79 FR
2014.
79 FR
2014.
79 FR
2014.
79 FR
2014.
58524, September 29,
58434, September 29,
58476, September 29,
58574, September 29,
We have finalized six of the
foundational rulemakings, as listed in
table 3.
TABLE 3—PUBLISHED FOUNDATIONAL FINAL RULES FOR IMPLEMENTATION OF FSMA
Abbreviation
Publication
Current Good Manufacturing Practice, Hazard Analysis and RiskBased Preventive Controls for Human Food.
Current Good Manufacturing Practice, Hazard Analysis and RiskBased Preventive Controls for Food for Animals.
Standards for the Growing, Harvesting, Packing, and Holding of
Produce for Human Consumption.
Foreign Supplier Verification Programs (FSVP) for Importers of Food
for Humans and Animals.
Accreditation of Third-Party Certification Bodies to Conduct Food
Safety Audits and to Issue Certifications.
Sanitary Transportation of Human and Animal Food .............................
mstockstill on DSK3G9T082PROD with RULES4
Title
PCHF final rule ..............................
Produce final rule ..........................
80 FR 55908, September 17,
2015.
80 FR 56170, September 17,
2015.
80 FR 74354, November 27, 2015.
FSVP final rule ..............................
80 FR 74226, November 27, 2015.
Third-party final rule ......................
80 FR 74570, November 27, 2015.
Transport final rule ........................
81 FR 20092, April 6, 2016.
As FDA finalizes these seven
foundational rulemakings, we are
putting in place a framework for food
safety that is modern and brings to bear
the most recent science on provisions to
enhance food safety and food defense,
that is risk-based and focuses effort
where the hazards are most significant,
and that is flexible and practical given
our current knowledge of food safety
and food defense practices. To achieve
this, FDA has engaged in a great deal of
outreach to the stakeholder community
to find the right balance in these
regulations of flexibility and
accountability.
Since FSMA was enacted in 2011, we
have been involved in approximately
600 engagements on FSMA and the
proposed rules, including public
meetings, Webinars, listening sessions,
farm tours, and extensive presentations
and meetings with various stakeholder
groups (Ref. 1) (Ref. 2). As a result of
this stakeholder dialogue, FDA decided
to issue the four supplemental notices of
proposed rulemaking to share our
current thinking on key issues and get
additional stakeholder input on those
issues. As we move forward into the
next phase of FSMA implementation,
we intend to continue this dialogue and
collaboration with our stakeholders,
through guidance, education, training,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
PCAF final rule ..............................
and assistance, to ensure that
stakeholders understand and engage in
their roles in food safety and food
defense. FDA believes these seven
foundational final rules, when
implemented, will fulfill the paradigm
shift toward prevention that was
envisioned in FSMA and be a major step
forward for food safety and food defense
that will protect consumers into the
future.
B. Proposed Rule on Intentional
Adulteration
In the Federal Register of December
24, 2013 (78 FR 78014), we issued a
proposed rule to implement the
intentional adulteration provisions in
sections 103, 105, and 106 of FSMA
(proposed rule). We initially requested
public comments on the proposed rule
by March 31, 2014. We extended the
comment period for the proposed rule
until June 30, 2014, in response to
several requests for an extension.
The proposed rule proposed to
require various food defense measures
that an owner, operator, or agent in
charge of a facility would be required to
implement to protect against the
intentional adulteration of food, and can
be summarized as follows:
• Prepare and implement a written
food defense plan that includes
PO 00000
Frm 00005
Fmt 4701
Sfmt 4700
actionable process steps, focused
mitigation strategies, and procedures for
monitoring, corrective actions, and
verification (proposed § 121.126).
• Identify any actionable process
steps, using one of two procedures. In
the proposed rule, we explained that
FDA has analyzed vulnerability
assessments conducted using the
CARVER+Shock methodology and
identified four key activity types: Bulk
liquid receiving and loading; Liquid
storage and handling; Secondary
ingredient handling; and Mixing and
similar activities. We further explained
that FDA has determined that the
presence of one or more of these key
activity types at a process step (e.g.,
manufacturing, processing, packing, or
holding of food) indicates a significant
vulnerability under section 418 of the
FD&C Act and that the food is at high
risk of intentional adulteration caused
by acts of terrorism under section 420 of
the FD&C Act. We proposed that
facilities may identify actionable
process steps using the FDA-identified
key activity types as described in
proposed § 121.130(a) or conduct their
own facility-specific vulnerability
assessments as provided in proposed
§ 121.130(b).
• Identify and implement focused
mitigation strategies at each actionable
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34170
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
process step to provide assurances that
the significant vulnerability at each step
will be significantly minimized or
prevented and the food manufactured,
processed, packed, or held by the
facility will not be adulterated
(proposed § 121.135).
• Establish and implement
procedures, including the frequency
with which they are to be performed, for
monitoring the focused mitigation
strategies (proposed § 121.140)
• Establish and implement corrective
action procedures that must be taken if
focused mitigation strategies are not
properly implemented (proposed
§ 121.145).
• Verify that monitoring is being
conducted and appropriate decisions
about corrective actions are being made;
verify that the focused mitigation
strategies are consistently implemented
and are effectively and significantly
minimizing or preventing the significant
vulnerabilities; and conduct a reanalysis
of the food defense plan (proposed
§ 121.150).
• Ensure that personnel and
supervisors assigned to actionable
process steps receive appropriate
training in food defense awareness and
their respective responsibilities in
implementing focused mitigation
strategies (proposed § 121.160).
• Establish and maintain certain
records, including the written food
defense plan; written identification of
actionable process steps and the
assessment leading to that
identification; written focused
mitigation strategies; written procedures
for monitoring, corrective actions, and
verification; and documentation related
to training of personnel. All such
records are subject to certain
recordkeeping requirements, record
retention requirements, requirements for
official review and public disclosure
requirements (proposed §§ 121.301 to
121.325).
• Proposed the effective date as 60
days after this final rule is published.
However, we proposed for a longer
timeline for facilities to come into
compliance. Facilities, other than small
and very small businesses, would have
1 year after the effective date to comply
with part 121. Small businesses (i.e.,
those employing fewer than 500
persons) would have 2 years after the
effective date to comply with part 121.
Very small businesses (i.e., businesses
that have less than $10,000,000 in total
annual sales of food, adjusted for
inflation) would be considered a
qualified facility and have 3 years after
the effective date to comply with
§ 121.5(a).
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
We requested comment on all aspects
of the proposed requirements. In
addition, we described our thinking and
sought comment on other issues,
including the framework of the rule;
activities that occur on produce farms;
transportation carriers; food for animals;
acts of disgruntled employees,
consumers, or competitors;
economically motivated adulteration;
low-risk activities at farm mixed-type
facilities; activities that occur on dairy
farms; and other ways to focus on foods
with a high risk of intentional
adulteration caused by terrorism.
C. Appendix 4 to Draft Risk Assessment
We issued for public comment an
‘‘Appendix 4 to Draft Qualitative Risk
Assessment of Risk of Activity/Food
Combinations for Activities (Outside the
Farm Definition) Conducted in a
Facility Co-Located on a Farm’’ (the
draft RA Appendix) (78 FR 78064,
December 24, 2013). The purpose of the
draft RA Appendix was to provide a
science-based risk analysis of those
foods whose production processes
would be considered low risk with
respect to the risk of intentional
adulteration caused by acts of terrorism.
We used the tentative conclusions of the
section 103(c)(1)(C) draft RA Appendix
to seek comment in the proposed rule
on possible exemptions or modified
requirements for this final rule (78 FR
78014 at 78029). We are including the
final appendix to the risk assessment in
the docket established for this document
(Ref. 3).
D. Public Comments
We received more than 200 public
submissions on the proposed rule, each
containing one or more comments. We
received submissions from diverse
members of the public, including food
facilities (including facilities co-located
on a farm); farms; cooperatives;
coalitions; trade organizations;
consulting firms; law firms; academia;
public health organizations; public
advocacy groups; consumers; consumer
groups; Congress, Federal, State, local,
and tribal Governments; and other
organizations. Some submissions
included signatures and statements from
multiple individuals. Comments
addressed virtually every provision of
the proposed rule, including our
requests for comment on including
additional provisions that we did not
include in the proposed regulatory text.
In the remainder of this document, we
describe these comments, respond to
them, and explain any revisions we
made to the proposed rule.
Some comments address issues that
are outside the scope of this rule. For
PO 00000
Frm 00006
Fmt 4701
Sfmt 4700
example, some comments express
concern about overregulation in general.
Some comments believe the Department
of Homeland Security is the Federal
Agency that should protect the food
supply. Some comments express
concern about ‘‘genetically modified
organisms’’, while other comments
express concern about the amount of
chemicals in food. Some comments
express concern that extreme
consolidation of our food system is the
main reason that it could be a target for
terrorism or other intentional acts aimed
at causing widespread human
casualties. These comments state that
decentralization is the most resilient
defense against those who wish to
contaminate the food supply. We do not
discuss such comments in this
document.
II. Legal Authority
The proposed rule contained an
explanation of its legal basis under
authorities in the FDA Food Safety
Modernization Act and section 701 of
the FD&C Act. After considering the
comments received in response to the
proposed rule, FDA made changes in
the final rule. The legal authorities
relied on in the final rule are the same
as those in the proposed rule unless
otherwise described in the sections that
follow.
A. Section 103 of FSMA
Section 103 of FSMA, Hazard
Analysis and Risk-Based Preventive
Controls, amends the FD&C Act to
create a new section 418, which
mandates rulemaking. Section
418(n)(1)(A) of the FD&C Act requires
that the Secretary issue regulations ‘‘to
establish science-based minimum
standards for conducting a hazard
analysis, documenting hazards,
implementing preventive controls, and
documenting the implementation of the
preventive controls. . . .’’ Section
418(n)(1)(B) of the FD&C Act requires
that the regulations define the terms
‘‘small business’’ and ‘‘very small
business,’’ taking into consideration the
study of the food processing sector
required by section 418(l)(5) of the
FD&C Act. Further, section 103(e) of
FSMA creates a new section 301(uu) in
the FD&C Act (21 U.S.C. 331(uu)) to
prohibit ‘‘[t]he operation of a facility
that manufactures, processes, packs, or
holds food for sale in the United States
if the owner, operator, or agent in charge
of such facility is not in compliance
with section 418 [of the FD&C Act].’’
In addition to rulemaking
requirements, section 418 contains
requirements applicable to the owner,
operator, or agent in charge of a facility
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
required to register under section 415.
Section 418(a) is a general provision
that requires the owner, operator, or
agent in charge of a facility to evaluate
the hazards that could affect food
manufactured, processed, packed, or
held by the facility, identify and
implement preventive controls, monitor
the performance of those controls, and
maintain records of the monitoring. In
addition to the general requirements in
section 418(a) of the FD&C Act, sections
418(b)–(i) contain more specific
requirements applicable to facilities,
including several provisions explicitly
directed at intentional adulteration. For
example, section 418(b)(2) of the FD&C
Act specifies that the owner, operator,
or agent in charge of a facility shall
identify and evaluate hazards that may
be intentionally introduced, including
by acts of terrorism. Section 418(c)(2) of
the FD&C Act specifies that the owner,
operator, or agent in charge of a facility
shall identify and implement preventive
controls to provide assurances that any
hazards that relate to intentional
adulteration will be significantly
minimized or prevented and addressed,
consistent with section 420 of the FD&C
Act.
Sections 418(j)–(m) of the FD&C Act
and sections 103(c)(1)(D) and (g) of
FSMA provide authority for certain
exemptions and modifications to the
requirements of section 418 of the FD&C
Act. These include provisions related to
seafood and juice hazard analysis
critical control point (HACCP), and lowacid canned food (section 418(j));
activities of facilities subject to section
419 of the FD&C Act (Standards for
Produce Safety) (section 418(k));
qualified facilities (section 418(l));
facilities that are solely engaged in the
production of food for animals other
than man, the storage of raw agricultural
commodities (other than fruits and
vegetables) intended for further
distribution or processing, or the storage
of packaged foods that are not exposed
to the environment (section 418(m));
facilities engaged only in certain low
risk on-farm activities on certain foods
conducted by small or very small
businesses (section 103(c)(1)(D) of
FSMA), and dietary supplements
(section 103(g) of FSMA). We are
issuing all of the provisions of the rule
under section 418 of the FD&C Act,
except with respect to facilities that are
exempt from its coverage.
B. Section 106 of FSMA
Section 106 of FSMA, Protection
Against Intentional Adulteration,
amends the FD&C Act to create a new
section 420, which mandates
rulemaking. Section 420 of the FD&C
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
Act requires FDA to issue regulations to
protect against the intentional
adulteration of food. Section 420(b)(1) of
the FD&C Act requires that such
regulations are to specify how a person
is to assess whether the person is
required to implement mitigation
strategies or measures intended to
protect against the intentional
adulteration of food. Section 420(b)(2) of
the FD&C Act requires that the
regulations specify appropriate sciencebased mitigation strategies or measures
to prepare and protect the food supply
chain at specific vulnerable points, as
appropriate. Section 420(c) of the FD&C
Act provides that such regulations are to
apply only to food for which there is a
high risk of intentional adulteration and
for which such intentional adulteration
could cause serious adverse health
consequences or death to humans or
animals. Section 420(c)(1) provides that
such foods are to include those for
which FDA has identified clear
vulnerabilities. Section 420(d) of the
FD&C Act limits applicability on farms
to farms that produce milk. Further,
section 106(d) of FSMA creates a new
section 301(ww) in the FD&C Act to
prohibit ‘‘[t]he failure to comply with
section 420 [of the FD&C Act].’’ We are
issuing all of the provisions of the rule
under section 420 of the FD&C Act.
C. Intrastate Activities
FDA concludes that the rule should
apply to activities that are intrastate in
character. Facilities are required to
register under section 415 of the FD&C
Act regardless of whether the food from
the facility enters interstate commerce
(§ 1.225(b)). The plain language of
section 418 of the FD&C Act applies to
facilities that are required to register
under section 415 of the FD&C Act
(section 418(o)(2)) and does not exclude
a facility because food from such a
facility is not in interstate commerce.
Similarly, the plain language of section
420 of the FD&C Act requires FDA to
issue regulations to protect against the
intentional adulteration of food and
does not include a limitation to
interstate commerce. Further, the
prohibited act provisions in sections
301(uu) and (ww) of the FD&C Act (21
U.S.C. 331(uu) and (ww)) do not require
an interstate commerce nexus. Notably,
other subsections in section 301 of the
FD&C Act, and section 304 of the FD&C
Act (21 U.S.C. 334) demonstrate that
Congress has included a specific
interstate commerce nexus in the
provisions of the FD&C Act when that
is its intent. Accordingly, it is
reasonable to interpret sections 418,
420, 301(uu), and 301(ww) of the FD&C
Act as not limited to those facilities
PO 00000
Frm 00007
Fmt 4701
Sfmt 4700
34171
with a direct connection to interstate
commerce.
III. General Comments on the Proposed
Rule
A. Comments on Overall Framework for
the Regulatory Approach
We proposed a HACCP-type
approach, like the one proposed for the
systematic control of food safety hazards
in the PCHF proposed rule, as the most
effective means of ensuring that
mitigation strategies are consistently
applied once the significant
vulnerabilities are identified and
appropriate mitigation strategies are
developed. We requested comment on
the appropriateness of a HACCP-type
system to ensure that mitigation
strategies designed to significantly
minimize or prevent intentional
adulteration related to terrorism are
effective and implemented as intended.
We also requested comment about
whether there are other approaches that
would be more suitable to address
intentional adulteration related to
terrorism.
In the following paragraphs, we
discuss the comments that disagree
with, or request changes to, the
proposed approach. After considering
these comments, we are continuing to
require an approach based on an
analysis of hazards/vulnerabilities and
the implementation of measures to
mitigate the identified hazards/
vulnerabilities (a HACCP-type
approach); however, we are providing
for additional flexibility, as requested.
(Comment 1) Some comments state
food defense and food safety require
different approaches because they are
different disciplines. The comments
explain that the science is different, that
food safety deals with known and
identifiable risks whereas food defense
deals with unknown, often
unidentifiable, and ever changing
threats and that food safety risks can be
prevented or reduced to an acceptable
level but food defense threats only can
be mitigated. The comments conclude
that regulatory requirements addressing
food defense must reflect these key
differences between food defense and
food safety and use different
terminology. Some comments state that
FSMA does not require a preventive
controls approach for food defense, and
a traditional HACCP approach is too
rigorous and prescriptive for food
defense. Conversely, other comments
support regulatory requirements for
food defense that are based on the
proactive approach found in HACCP,
specifically HACCP concepts related to
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34172
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
analyzing problems and devising
appropriate solutions.
(Response 1) We disagree that food
safety and food defense require entirely
different approaches to ensure that food
is not adulterated. We agree that there
are important, specific differences
between food safety and food defense,
and these differences require different
requirements for particular components
of the approaches. However, we believe
that food safety and food defense are
more similar than they are different. For
both food safety and food defense, the
framework for preventing adulteration,
whether it is intentional or
unintentional, is the same: (1) An
analysis is needed to identify the
hazards for which measures should be
taken to mitigate the hazard; (2)
appropriate measures must be identified
and implemented; and (3) management
components are needed to ensure
systematically that the measures are
functioning as intended. This is the
foundation of the HACCP approach, and
we continue to believe this approach is
appropriate for food defense as well as
food safety. In food defense terms, the
three elements are as follows: (1) A
vulnerability assessment is needed to
identify significant vulnerabilities; (2)
mitigation strategies must be identified
and implemented; and (3) mitigation
strategy management components are
needed to ensure systematically that the
mitigation strategies are functioning as
intended. See the proposed rule (78 FR
78014 at 78025) for a discussion of how
the hazard analysis/preventive control
model is consistent with a vulnerability
assessment/mitigation strategy model.
We agree that the nature of the
hazards being analyzed for food safety
and food defense purposes are different,
but we disagree that this means they
need a different analytical approach. As
discussed more in the responses to
Comment 71 and Comment 72, the
vulnerabilities considered for food
defense, while not as predictable as
some food safety hazards, lend
themselves to analytical assessment
because they have commonalities that
would make them attractive to an
attacker, particularly an inside attacker.
In this rule, we are focusing on
preventing the actions of an inside
attacker. Our interactions with the
intelligence community, as well as the
conclusions reached during
vulnerability assessments conducted in
collaboration with industry, have
identified the inside attacker as the
highest threat. Though FDA is not aware
of any information that points to an
imminent, credible threat to the food
supply, achieving public health harm
through an attack via food remains an
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
advocated option for terrorist groups
(Ref. 4). Additionally, recent events
have shown a general evolution in
terrorist activity away from large,
centrally planned attacks to attacks that
are locally planned and implemented.
These locally planned attacks may be
conducted by assailants inspired by
terrorist groups but who otherwise have
no formal connection to, or regular
contact with, a terrorist organization
(Ref. 5, 6, 7). Moreover, recent attacks
indicate that terrorist groups are adept
at responding to protections put in place
to harden certain targets and will evolve
their thinking toward less-protected
targets. Given the potential for wide
scale public health harm from
intentional adulteration of the food
supply, we believe that a
comprehensive, systematic approach,
such as a HACCP-type approach, is the
most appropriate one and is not too
rigorous. Further, as an example of what
can happen when someone intending
harm has inside access, in December
2013 a contract employee at Aqlifoods
(a subsidiary of Naruha Nichiro
Holdings, Japan’s largest seafood
company), intentionally adulterated
several frozen foods with the pesticide
malathion. Japanese authorities believe
the assailant brought malathion to the
plant and injected it into frozen foods
during the manufacturing process (Ref.
8). The employee exploited his access to
the food prior to packaging to introduce
the agent. The adulteration resulted in
at least 2,843 mild foodborne illnesses
and a recall of 6.4 million packages of
frozen seafood (Ref. 9). Though this
assailant was most likely trying to harm
the company and not trying to cause
massive public health harm, this
example indicates the damage that can
be done by an inside attacker.
Section 103 of FSMA reflects a
Congressional determination that the
‘‘hazard analysis and risk-based
preventive controls’’ approach is
appropriate for food defense. Section
103 directs us to promulgate a
framework for intentional adulteration
that includes concepts that are similar
to those in HACCP. Section 103 of
FSMA contains requirements applicable
to the owner, operator, or agent in
charge of a facility required to register
under section 415 of the FD&C Act.
Section 103(a) of FSMA is a general
provision that requires the owner,
operator, or agent in charge of a facility
to evaluate the hazards that could affect
food manufactured, processed, packed,
or held by the facility, identify and
implement preventive controls, monitor
the performance of those controls, and
maintain records of the monitoring.
PO 00000
Frm 00008
Fmt 4701
Sfmt 4700
Section 103(a) specifies that the purpose
of the preventive controls is to ‘‘prevent
the occurrence of such hazards and
provide assurances that such food is not
adulterated under section 402 [of the
FD&C Act] or misbranded under section
403(w) [of the FD&C Act]. . . .’’ In
addition to the general requirements in
section 418(a) of the FD&C Act, sections
418(b)–(i) contain more specific
requirements applicable to facilities.
These include hazard analyses for both
unintentionally and intentionally
introduced hazards (section
418(b)(1)(2)), preventive controls for
both unintentionally and intentionally
introduced hazards (section 418(c)
(1)(2)), monitoring (section 418(d)),
corrective actions (section 418(e)),
verification (section 418(f)),
recordkeeping (section 418(g)), a written
plan and documentation (section
418(h)), and reanalysis of hazards
(section 418(i)). Therefore, we believe
that FSMA directs us to take a
‘‘preventive controls approach’’ for food
defense, as well as food safety.
We agree that, while the regulatory
approaches for food defense and food
safety fundamentally should be similar,
there need to be differences in how the
approach is implemented for food
defense. We do not agree that a HACCPtype approach is too prescriptive in
general for food defense, but additional
flexibility is needed in the application
of the approach for food defense given
the difference in the nature of the
potential adulteration and the
implementation of mitigation strategies
that are not likely to be process-oriented
or readily lend themselves to validation.
We also agree that differences in
terminology are appropriate. (See
responses to Comment 2, Comment 45,
and Comment 47.)
(Comment 2) While some comments
acknowledge that section 103 of FSMA
directs us to promulgate a framework for
intentional adulteration that includes
concepts that are similar to those in
HACCP, these comments also request
that we provide more flexibility than a
traditional HACCP framework, with
specific requests for flexibility in the
management components of monitoring,
corrective actions, and verification.
(Response 2) We agree that the
intentional adulteration regulatory
framework should provide more
flexibility than that of a traditional
HACCP approach. We believe there are
key disciplinary differences between
food safety and food defense that argue
for additional flexibility in the
intentional adulteration framework.
Most significantly, improper
implementation of preventive controls
is more likely to result in adulterated
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
food than is improper implementation
of mitigation strategies. Preventive
controls are more likely to be processoriented and lend themselves to being
scientifically validated. Mitigation
strategies are more likely to be
implemented to reduce physical access
to a point, step, or procedure, and/or
reduce the opportunity for an attacker to
successfully contaminate the food and,
in most instances, do not lend
themselves to scientific validation.
These differences indicate a need to
apply the concepts of the HACCP
approach in a more flexible manner for
food defense.
Recognizing the differences in the
likelihood of adulteration and the
differences in mitigation strategies
compared to the process-oriented
preventive controls, the intentional
adulteration corrective actions
requirements contain neither provisions
for the evaluation of all affected food for
safety in the event a corrective action is
required nor provisions for
unanticipated corrective actions (see
§ 121.145). Further, the intentional
adulteration verification requirement
does not contain provisions for
validation, calibration, product testing,
environmental monitoring, review of
records for calibration, testing, or
supplier verification (see § 121.150). We
believe this more flexible approach for
food defense is appropriate and adds
flexibility compared to the provisions of
the PCHF final rule.
We also have added flexibility to the
identification of mitigation strategies
similar to the flexibility added to the
identification of preventive controls in
the PCHF final rule (80 FR 55908 at
56020). Although each facility subject to
this rule must prepare and implement a
food defense plan, the mitigation
strategies that the facility would
establish and implement would depend
on the facility, the food, and the
outcome of the facility’s vulnerability
assessment to identify actionable
process steps (§§ 121.130 and 121.135).
For examples of this added flexibility
related to mitigation strategies, see the
discussion in section V.C.
As requested in comments, we also
have changed regulatory text to reflect
the inclusion of more flexibility in
monitoring, corrective actions, and
verification (see §§ 121.138, 121.140,
121.145, and 121.150 and discussed in
more detail in the relevant sections later
in this document). These changes are
similar to those made in the regulatory
text for preventive controls management
components.
As we have concluded that similar
regulatory approaches are appropriate
for both food safety and food defense,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
we have adopted the flexibility included
in the PCHF final rule management
components regulatory text, as
appropriate for these intentional
adulteration requirements. The
intentional adulteration provisions for
mitigation strategies management
components make clear that mitigation
strategies management components are
required as appropriate to ensure the
proper implementation of each such
mitigation strategy, taking into account
the nature of the mitigation strategy and
its role in the facility’s food defense
system, and we have added § 121.138 to
reflect this change. Likewise, the
provisions for each of the individual
mitigation strategies management
components (i.e., food defense
monitoring, food defense corrective
actions and food defense verification)
individually provide flexibility, either
by specifying that the provisions apply
as appropriate to the nature of the
mitigation strategy and its role in the
facility’s food defense system (i.e., for
food defense monitoring and food
defense verification) or as appropriate to
both the nature of the mitigation
strategy and the nature of the significant
vulnerability (i.e., for food defense
corrective actions) (see §§ 121.140,
121.145, and 121.150). For additional
discussion of the flexibility added for
the mitigation strategies management
components, see sections V.E, V.F, and
V.G and in particular the responses to
Comment 88, Comment 89, Comment
90, Comment 92, Comment 93, and
Comment 95.
(Comment 3) Some comments state
that the intentional adulteration
proposed HACCP approach is ‘‘one size
fits all.’’
(Response 3) We disagree. The
intentional adulteration requirements to
conduct a vulnerability assessment to
identify actionable process steps,
identify and implement mitigation
strategies, and use mitigation strategies
management components provide
significant flexibility, are tailored to the
facility and its processes, and are
therefore not ‘‘one-size-fits-all.’’
Although each facility with significant
vulnerabilities is required to identify
and implement mitigation strategies, the
mitigation strategies that the facility
would establish and implement would
depend on the facility, the food, and the
outcome of the facility’s vulnerability
assessment (§§ 121.130 and 121.135). In
addition, the mitigation strategies
management components (i.e., food
defense monitoring, food defense
corrective actions, and food defense
verification) that a facility would
establish and implement for its
mitigation strategies would be
PO 00000
Frm 00009
Fmt 4701
Sfmt 4700
34173
established as appropriate to ensure the
proper implementation of the mitigation
strategies, taking into account the nature
of each such mitigation strategy and its
role in the facility’s food safety system
(§ 121.138).
(Comment 4) Some comments state
that management and oversight
activities of mitigation strategies should
occur if they are ‘‘appropriate’’ (suitable
for a particular purpose or capable of
being applied) and ‘‘necessary’’ (taking
into account the nature of both the
significance of the vulnerability and the
particular mitigation strategy) for food
defense.
(Response 4) We agree that mitigation
strategies management components of
the HACCP-type framework should
occur if they are appropriate and
necessary. As we have concluded that
similar regulatory approaches are
appropriate for food safety and food
defense, we have adopted the flexibility
included in the PCHF final rule
management components regulatory text
(§ 117.140(a)), as appropriate for these
intentional adulteration requirements.
The intentional adulteration provisions
for mitigation strategies management
components make clear that mitigation
strategies management components are
required as appropriate to ensure the
proper implementation of the mitigation
strategies, taking into account the nature
of each such mitigation strategy and its
role in the facility’s food defense
system, and we have revised proposed
requirements for monitoring, corrective
actions, and verification to reflect these
changes (see §§ 121.138, 121.140,
121.145, and 121.150).
(Comment 5) Some comments state
that the requirement for the amount of
paperwork associated with a HACCPtype approach, and the information
contained therein, may be
counterproductive to the goal of
mitigating or preventing vulnerabilities
because individuals or groups interested
in conducting these types of attacks may
try to access this information.
(Response 5) We disagree. A written
food defense plan and its required
contents, which include the
vulnerability assessment, the
identification and implementation of
mitigation strategies, and mitigation
strategies management components, are
essential to significantly minimizing or
preventing significant vulnerabilities
related to intentional adulteration of
food, where the intent of the
adulteration is to cause wide scale
public health harm. The required
documentation of the plan and
implementation of the plan are
necessary so that both the facility and
FDA can ensure that the significant
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34174
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
vulnerabilities are being addressed
properly. We encourage facilities
covered by this rule to adequately
protect food defense plans and
associated information and records. For
a more detailed discussion related to
protecting food defense plan
information, see section VI.F.
(Comment 6) One comment disagrees
with the HACCP framework, and
requests we use a current good
manufacturing practice (CGMP)
approach. This comment states that
such an approach provides facilities
with sufficient flexibility to address
intentional adulteration. Another
comment supports using a HACCP
approach in the context of allowing
facilities to utilize prerequisite
programs.
(Response 6) We disagree that a
CGMP approach is the most appropriate
approach. We address the
appropriateness and flexibility of the
HACCP-type approach in responses to
Comment 1 and Comment 2. We address
the potential to consider pre-existing
activities while conducting a
vulnerability assessment and identifying
and implementing mitigation strategies
in Response 72 and Response 83.
We are requiring a HACCP-type
approach rather than a CGMP-type
approach for several reasons. First, the
management components in a HACCPtype approach are the most effective
means, as discussed in the response to
Comment 1, of ensuring that the
mitigation strategies are consistently
applied. Second, as with food safety,
there are hazards (or in food defense
terms, vulnerabilities) that warrant
requirements that are more rigorous
than general, non-targeted CGMP
provisions. The vulnerabilities that
warrant such requirements are those
that we have concluded are the highest
risk, namely intentional adulteration
conducted at actionable process steps,
including those vulnerabilities
associated with an inside attacker,
intended to cause wide scale public
health harm. It is precisely these attacks
at these points that require the most
robust and rigorous system to ensure
that vulnerabilities are assessed,
significant vulnerabilities are identified,
and mitigation strategies are properly
implemented to reduce these significant
vulnerabilities. General, non-targeted
CGMP requirements (e.g., restricting
access to outsiders) would not
necessarily focus on the significant
vulnerabilities or ensure that mitigation
strategies are implemented to harden
the potential targets. Finally, section
418 of the FD&C Act requires that
hazards intentionally introduced be
addressed in a HACCP-type framework.
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
(Comment 7) One comment asserts
that because we already have required
food safety plans for facilities under a
separate rulemaking, and because an act
of intentional adulteration of food that
would cause wide scale public health
harm is not likely to occur, a separate
food defense plan, and thus this rule, is
not necessary.
(Response 7) We disagree. Although it
is true that most facilities covered by
this rule will also have a food safety or
HACCP plan, the focus of those plans is
on preventing the contamination of food
from hazards that are unintentionally
introduced and, therefore, the control
points and the measures implemented
in those plans differ from those in a
food defense plan. It is unlikely that a
facility would choose preventive
controls under the PCHF final rule that
would be sufficient to address
vulnerabilities to intentional
adulteration. For example, it is unlikely
that a facility conducting a hazard
analysis would identify the step of
holding a liquid, such as a syrup, in a
tank in a facility as a hazard requiring
a preventive control. In conducting a
hazard analysis, the facility would
likely be considering whether there are
hazards associated with the incoming
syrup or ingredients for the syrup or the
syrup production process (inadequate
heating), but would not likely identify
the step of holding the syrup as
requiring a preventive control. However,
in a vulnerability assessment, the step of
holding liquid syrup may be identified
as a significant vulnerability if (1) there
would be significant public health
consequences if a contaminant were
added, (2) there is access to the product
while being held, and (3) an attacker
would be able to successfully
contaminate the product.
With regard to the statement that an
act of intentional adulteration is not
likely to occur, we agree that the
likelihood of an incident is low.
However, given the potential for a
successful intentional adulteration of
food to cause wide scale public health
harm, it is prudent for the largest
facilities to take preventive measures,
and it is required by sections 418 and
420 of the FD&C Act that they do so.
B. One Set of Requirements Under
Sections 418 and 420 of the FD&C Act
(Comment 8) One comment asserts
that the proposed rule blends sections
103 and 106 of FSMA into one set of
requirements and disagrees with that
approach. The comment states that
section 103 requires basic foundational
food defense activities, including food
defense plans at all registered food
facilities. The comment contrasts this
PO 00000
Frm 00010
Fmt 4701
Sfmt 4700
with section 106, which it states
provides FDA with the authority to
designate certain foods as ‘‘high risk,’’
and to require certain escalated food
defense activities for those foods. The
comment asserts that FDA should
designate foods as ‘‘high risk’’ based on
real-time actionable intelligence of a
credible threat. The comment
acknowledges that section 103 of FSMA
does not apply to facilities required to
comply with the seafood HACCP
program, the juice HACCP program, or
the dietary supplement CGMPs, but
because none of these regulations
address food defense programs, the
comment asserts the Agency can use
other legal authority to require these
food facilities to have food defense
programs.
(Response 8) The final rule requires
‘‘basic foundation[al] food defense
activities’’ as well as providing for
‘‘escalated food defensive activities’’
where warranted. To provide for
foundational food defense, the rule
requires a food defense plan (i.e., a
vulnerability assessment, mitigation
strategies, and procedures for food
defense monitoring, corrective actions,
and verification) and associated actions.
These requirements are the minimum
measures necessary to provide
assurances that hazards that relate to
intentional adulteration intended to
cause wide scale public health harm
will be significantly minimized or
prevented. Weakening these provisions,
such as by eliminating the requirement
to implement mitigation strategies to
address significant vulnerabilities at
each actionable process step, would
result in food defense measures
inadequate to address the threat of an
inside attacker. As discussed in
response to Comment 1, our interactions
with the intelligence community, as
well as the conclusions reached during
vulnerability assessments conducted in
collaboration with industry, have
identified an inside attacker as the
highest threat.
Further, the suggested approach
would place too much reliance on FDA
having real-time actionable intelligence
of a credible threat. As discussed in the
responses to Comment 11 and Comment
12, there are a number of limitations to
this approach. FDA may not receive
specific, real-time, credible threat
intelligence. Further, rapidly
communicating even specific,
actionable information to the food
industry so that it is received by all of
the relevant facilities would present
challenges. Although some facilities
may be able to identify some or all
actionable process steps and implement
mitigation strategies within a short
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
timeframe, many other facilities would
not be able to identify and implement
the necessary mitigation strategies and
the mitigation strategies management
components (e.g., food defense
monitoring, corrective actions,
verification) within the short time
period that could be required in the
event of a credible threat. In addition,
taking action only in the event of a
credible threat may not be sufficient to
prevent wide scale public health harm.
Measures taken after the threat is known
may not be sufficient to prevent an
attack if the intelligence does not
provide enough specific information,
such as the food product, contaminant,
point of attack in a facility, and
geographic location of an attack.
Because the vulnerability assessment
identifies the specific foods at specific
process steps at greatest risk, it also
serves to identify those foods that must
be protected against intentional
adulteration under section 420. Having
one set of requirements for food defense
measures helps ensure that the
significant vulnerabilities will be
significantly minimized or prevented
and addressed consistently across
sections 418 and 420 (see section
418(c)(2)). Further, as suggested by the
comment, the rule provides for
escalated food defense activities when
necessary. Specifically, § 121.157(b)(4)
requires reanalysis of a food defense
plan (which could lead to the
identification of additional needed
mitigation strategies) whenever FDA
requires it to respond to new
vulnerabilities or credible threats to the
food supply.
(Comment 9) One comment asserts
that the proposed combination of
provisions under sections 418 and 420
of the FD&C Act has created complexity
that could be eliminated by removing
acts intended to cause massive public
health harm from section 418 and
covering them solely under section 420.
The comment further asserts that
although section 418 includes ‘‘acts of
terrorism’’ within the hazard analysis,
Congress did not intend to add this level
of complexity to the rule and create new
work that is inconsistent with materials
previously created to address food
defense. Further, the comment states
that it appears these new requirements
were included in the rule as a
consequence of the statutory language
rather than to reduce risk.
The comment states that one key
difference between sections 418 and 420
is that section 418 requires the facility
to identify hazards related to intentional
adulteration while section 420 requires
FDA to identify vulnerabilities that
could result in serious adverse health
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
consequences. The comment asserts that
due to the confidentiality of information
that serves as the basis for the FDA
vulnerability assessments, it would be
more appropriate for FDA to perform
the assessment for acts that could cause
massive public health harm and for the
facility to perform a vulnerability
assessment for other types of intentional
adulteration that may be specific to a
facility and are outside of the FDA’s
vulnerability assessment.
(Response 9) FDA believes that a
single unified set of requirements (i.e.,
this rule) is more clear and less complex
than dividing the types of intentional
adulteration covered by this rule into
two categories with two sets of
requirements, as suggested by the
comment. It is not clear what would be
covered under section 418 if it applied
only to ‘‘other types of intentional
adulteration that may be specific to a
facility,’’ as suggested by the comment.
Further, we do not believe the
provisions of the rule are inconsistent
with our current guidance; rather, they
are more comprehensive and robust.
FDA believes that these new
requirements will reduce risk beyond
what is contained in our current
guidance documents. Our guidance
documents mainly focus on assessing
vulnerabilities and identifying
mitigation strategies, but do not include
recommendations for mitigation strategy
management components. We believe
the management components (part of a
HACCP-type framework) are critical to
ensuring that any hazards that relate to
intentional adulteration intended to
cause wide scale public health harm
will be significantly minimized or
prevented. Further, the confidentiality
of vulnerability assessments that FDA
conducted is not a barrier to a facility
conducting a vulnerability assessment
under this rule. The key activity types
that FDA has identified were derived
from FDA’s vulnerability assessments
and using key activity types to conduct
a vulnerability assessment remains a
permissible option under the final rule.
In addition, as recognized by the
comment, section 418 explicitly applies
to ‘‘acts of terrorism.’’ Specifically,
418(b)(2) requires that a hazard analysis
identify and evaluate hazards that may
be intentionally introduced, including
by acts of terrorism. Further, section
418(i) authorizes FDA to require a
reanalysis to respond to new hazards
including, as appropriate, results from
terrorism risk assessments. Generally,
acts of terrorism involving the food
supply would be committed with the
intention to cause wide scale public
health harm. Therefore, they are clearly
covered by section 418.
PO 00000
Frm 00011
Fmt 4701
Sfmt 4700
34175
(Comment 10) Some comments
suggest that FDA require a hybrid
approach where all facilities subject to
section 103 are required to conduct a
vulnerability assessment and develop
and implement a basic food defense
plan. Under the hybrid approach, if a
credible threat is identified, then section
106 would serve as an escalation
provision and allow FDA to designate
specific food(s) associated with the
credible threat as ‘‘high risk.’’
Comments suggest that FDA could then
require facilities with these high risk
foods to reassess their food defense
plans and implement appropriate
mitigation strategies that FDA may
specify to address the threat. Comments
argue that if all potential mitigation
strategies need to be identified through
the vulnerability assessment and are
managed in the absence of actionable
intelligence of a credible threat, then
there is no ability to escalate the plan
with respect to certain mitigation
strategies when needed.
(Response 10) FDA agrees with the
comment in part. As discussed in
response to Comment 8, this rule
requires facilities to conduct a
vulnerability assessment and develop
and implement foundational food
defense activities. Further, the rule
provides a mechanism which serves a
similar function to the ‘‘escalation
provision’’ described in the comment.
Specifically, under § 121.157(b)(4), FDA
can require facilities to reassess their
food defense plans, which could trigger
a requirement to implement additional
mitigation strategies.
FDA disagrees that the rule requires
‘‘all potential mitigation strategies’’ to
be identified and managed. We believe
we have appropriately balanced the
need to provide assurances that hazards
associated with intentional adulteration
are being prevented with the low
likelihood of a successful attack on the
food supply. The rule does not mandate
specific mitigation strategies be
implemented at actionable process steps
but rather allows strategies to be tailored
to the facility and its procedures. We
also disagree that there is ‘‘no ability to
escalate the plan with respect to certain
mitigation strategies.’’ In response to a
credible threat involving a specific
agent, a covered facility could reanalyze
its food defense plan with specific focus
on the relevant agent. The facility then
could implement specific mitigation
strategies to counter this threat (such as
processing changes, product testing, or
other appropriate measures) that are not
currently required by the rule.
E:\FR\FM\27MYR4.SGM
27MYR4
34176
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
C. Require Measures Only in the Event
of a Credible Threat
In the proposed rule, we sought
comment on whether it would be
feasible to require measures to protect
against intentional adulteration only in
the event of a credible threat. We also
sought comment on whether such an
approach would be consistent with the
intentional adulteration provisions of
FSMA and how such requirements
would be communicated to industry in
a timely and actionable manner.
Many comments agree with the
requirements as proposed that measures
to protect food against intentional
adulteration be required even in the
absence of a credible threat but some
comments support requirements only in
the event of a credible threat. Some
comments assert that FDA has the tools
available in the Registration of Food
Facility database to establish a
communications protocol to notify
industry if there is a credible threat. A
few comments express concern over the
difficulty of developing and
implementing food defense plans in a
timely manner in the event of a credible
threat.
In the following paragraphs, we
discuss these comments and our
responses. After considering the
comments, we have revised the
regulatory text in § 121.157(b)(4) to
include specific language that provides
for FDA to require facilities to conduct
a reanalysis of their food defense plans
to, among other things, respond to
credible threats to the food supply.
(Comment 11) Some comments state
that this rule should only go into effect
in the event of a credible threat. One of
these comments argues that the oilseed
processing industry that they represent
has never been the target of attacks or
threats and therefore they are unlikely
targets for intentional adulteration and
should be exempted from the rule
unless there is a credible threat against
a facility or industry as a whole.
(Response 11) We disagree with these
comments. The fact that the oilseed
processing industry and other food
industry sectors have not been attacked
in the past does not mean that these
industry sectors will never be attacked.
Nor does it mean that preventive
mitigation strategies are unnecessary. As
discussed in response to Comment 8,
taking action only in the event of a
credible threat may not be sufficient to
prevent wide scale public health harm.
(Comment 12) Some comments
encourage FDA to collaborate with the
U.S. Department of Homeland Security
(DHS), the Federal Bureau of
Investigation (FBI), and other Federal
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
and State Agencies to ensure that the
relevant stakeholders of the food
industry are notified in a timely manner
upon discovery of a credible threat.
These comments discuss that alerting
the food industry to known credible
threat information would be valuable
because there may be additional
mitigation strategies that could be put
into place when there is a threat. The
comments further explain that having
such knowledge would allow for
industry stakeholders with specific,
technical knowledge of their products,
equipment and plant security to better
collaborate and support the efforts of
law enforcement. Some comments
recommend that we establish and
formalize a mechanism and process to
communicate credible threat
information to relevant stakeholders in
industry and that the Food Facility
Registration database could help
facilitate this. The comments also
recommend that we conduct exercises
to test this mechanism so that all
stakeholders are aware of the
established communications process
and can make adjustments and
improvements as necessary. Several
comments recommended that we
convene a panel of industry
stakeholders annually to discuss threat
intelligence at the ‘‘Secret’’ level.
(Response 12) We concur with the
recommendation that we should
collaborate with our Federal and State
Agency partners on the discovery and
communication of credible threats in a
timely manner. Currently, FDA
regularly meets and communicates with
DHS, FBI, the U.S. Department of
Agriculture (USDA), and State and local
Agency partners through the Food and
Agriculture Sector Government
Coordinating Council (GCC) to discuss
food defense issues and research
activities and introduce new initiatives
for mutual evaluation, implementation,
and education. FDA’s Office of Criminal
Investigations (OCI) works closely with
the FBI and other Agencies on a regular
basis on threats against FDA-regulated
products, including food. We also agree
that notifying relevant stakeholders
within industry of credible threats is
essential to protecting the food supply.
The Food and Agriculture Sector GCC
and Sector Coordinating Council
(consisting of private sector members)
hold in-person joint meetings twice a
year and, when needed, classified
meetings at the ‘‘Secret’’ level are held
to exchange information. As we move
towards implementing this rule, we will
continue to work with our partners—
both in government and the private
sector—to include them in discussions
PO 00000
Frm 00012
Fmt 4701
Sfmt 4700
regarding communicating credible
threat information.
(Comment 13) One comment states
that the term ‘‘credible threat’’ is not
adequately defined in the proposed rule,
nor is the relationship between a
‘‘credible threat’’ and a ‘‘reasonably
foreseeable hazard’’ adequately
described. The same comment also
notes that because the term ‘‘credible
threat’’ is commonly used to discuss
sensitive or classified information, the
use of the term may place an unrealistic
expectation for sharing of sensitive or
classified threat information between
government agencies and the private
sector. The comment suggests either
removing the term ‘‘credible threat’’
from the rule or including a definition
with an explanation of the mechanism
for sharing information about credible
threats with the food industry.
(Response 13) We disagree with this
comment and decline the request to
include a definition for credible threat.
It is not possible to identify with
precision what constitutes a credible
threat. There are many factors to
consider in regards to how, what, when,
or why those who intend to cause harm
may take action. As such, it is not
possible to write a definition for
credible threat that is neither so broad
that it covers potentially any piece of
intelligence, nor so narrow that it is
unnecessarily limiting. FDA routinely
works with other agencies to maintain
situational awareness of potential
threats to the food supply and will
consider that information in
determining whether intelligence rises
to the level of a credible threat.
Within the context of protecting food
against intentional adulteration with the
intent to cause wide scale public health
harm, we see no direct relationship
between a ‘‘credible threat’’ and a
‘‘reasonably foreseeable hazard.’’
‘‘Known or reasonably foreseeable
hazard’’ is defined in the PCHF final
rule to mean a biological, chemical
(including radiological), or physical
hazard that is known to be, or has the
potential to be, associated with the
facility or the food. We do not use the
phrase ‘‘reasonably foreseeable’’ within
the context of intentional adulteration
because it does not apply.
We acknowledge that there will be
challenges to sharing sensitive or
classified threat information between
government agencies and the private
sector. That is one of several reasons
that we are not making the requirement
for mitigation strategies dependent on a
particular credible threat. In the event
such information was to become known,
FDA intends to work with its
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
government partners to determine the
appropriate course of action.
(Comment 14) Some comments
recommend that in the event of a
credible threat, a facility could conduct
a reassessment or reanalysis of its food
defense plan so that it could better tailor
its mitigation strategies to the threat.
Some comments recommend that FDA
revise the regulatory text within
proposed § 121.150 for reanalysis to
require facilities to reassess their food
defense plans when the Agency has
actionable intelligence of a credible
threat of intentional adulteration.
(Response 14) In the proposed rule,
we describe that we may require a
reanalysis of the food defense plan in
the event of a credible threat. However,
this was not specifically stated within
the regulatory text. Therefore, we have
revised § 121.157(b)(4) to provide that
reanalysis may be required by FDA to
respond to credible threats to the food
supply. We did not see the need to
include ‘‘actionable intelligence’’ in the
regulatory text because we believe that
‘‘credible threat to the food supply’’
implies a threat that also requires
actionable intelligence.
mstockstill on DSK3G9T082PROD with RULES4
D. General Comments on
Implementation and Compliance
We received a substantial number of
comments with regard to how the
Agency will implement this rule. Many
comments focused specifically on the
need for inspectors to be provided food
defense training to enable them to make
informed decisions during inspections
and compliance activities. Another
issue raised by many comments is that
the Agency should make available
guidance resources, tools, training, and
other information to help facilities
comply with the final rule. In the
section that follows, comments related
to implementation and compliance are
discussed.
(Comment 15) Some comments state
that existing regulatory inspections
should include evaluation of the
intentional adulteration rule
requirements for the best use of time
and resources.
(Response 15) FDA is currently
considering the best approach for
structuring and conducting food defense
inspections. We recognize that
inspections require resources from
facilities and recognize that some
facilities may prefer that food defense
inspections be conducted as part of an
inspection for other regulatory
programs, such as preventive controls
for human food. We will consider this
when developing our enforcement
strategy.
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
(Comment 16) Some comments
express concern about the level of
training that will be needed for
inspectors. These comments state that
the inspectors must be trained
specifically on food defense and that
FDA should be transparent about the
training that we provide the inspectors.
Comments emphasize the importance
that FDA provide specialized training to
ensure consistent compliance and
enforcement activity by the Agency.
(Response 16) FDA understands and
agrees with comments that state that
training for inspectors conducting food
defense inspections is critical to a
consistent and adequate inspection,
compliance, and enforcement system.
We agree with the comment that
specialized training in food defense will
be required for inspection and
compliance staff to evaluate a facility’s
compliance with this rule. FDA has
begun the process of assessing its
training needs for inspectors on food
defense. It is our intention that training
provided to our inspection and
compliance staff will be consistent with
that training for industry that will be
provided by the Intentional
Adulteration subcommittee organized
within the Food Safety Preventive
Controls Alliance (see Comment 105) to
facilitate consistent implementation of
this rule. This strategy is consistent with
the other FSMA food safety regulations
and training strategies.
(Comment 17) Some comments state
that inspections should have a ‘‘big
picture’’ focus, and focus on the
evaluation of the facility’s vulnerability
assessment. Additionally, comments
state that this inspection should not
compare the mitigation strategies used
at other facilities to the facility being
inspected.
(Response 17) We agree. The rule is
designed to provide flexibility such that
facilities can select appropriate
mitigation strategies that are best suited
for their operations. FDA investigators
will consider a facility’s written
explanations regarding identification of
actionable process steps and selection of
mitigation strategies when evaluating a
food defense plan to understand a
facility’s rationale. In addition, we will
work to educate industry before and
while we regulate to assist industry to
gain and maintain compliance with the
rule.
(Comment 18) Some comments
request that FDA not cite food defenserelated items on FDA’s Form 483 until
the facilities and inspectors learn about
compliance with the intentional
adulteration rule. Additionally, some
comments state concerns about FDA
including potentially sensitive
PO 00000
Frm 00013
Fmt 4701
Sfmt 4700
34177
information from food defense plans
when citing food defense-related items
on Form 483.
(Response 18) FDA is currently in the
process of developing its inspection and
compliance strategy for the intentional
adulteration rule and an important part
of this strategy development will
include methods and processes for
information exchange with regulated
industry. We recognize that food
defense inspections could include
evaluation of sensitive information,
including vulnerability assessments and
mitigation strategies. For a more
detailed discussion on how FDA will
protect food defense-related
information, see section VI.F, Public
disclosure.
(Comment 19) Some comments
request that FDA include State
departments of agriculture in the
process to develop and implement
inspection and compliance programs.
(Response 19) As mentioned
previously, FDA is currently in the
process of developing its inspection and
compliance strategy for the intentional
adulteration rule. FDA’s
implementation working group for this
rule includes representation from State
partners, and State partners will
continue to play an essential and
collaborative role throughout the
process.
(Comment 20) Several comments state
that an alliance would be beneficial for
the implementation of the intentional
adulteration rule.
(Response 20) Training alliances have
played an important role in facilitating
industry compliance with many
regulations in the past. We agree with
the comment and are in the initial stages
of organizing and establishing the
Intentional Adulteration subcommittee
within the Food Safety Preventive
Controls Alliance operated out of the
Institute for Food Safety and Health at
the Illinois Institute of Technology. We
anticipate the Intentional Adulteration
training subcommittee will assist
industry compliance with this final rule
by supporting the development and
dissemination of training resources. We
further anticipate that the curriculum
developed through the Intentional
Adulteration subcommittee will form
the basis of training for regulators as
well.
(Comment 21) Some comments state
that equal enforcement of this rule
across companies domestically and
globally may require FDA to adopt
different enforcement mechanisms.
(Response 21) We intend to enforce
this rule in a consistent manner with
regard to imported and domestically
produced foods. FDA is currently in the
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34178
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
process of developing its inspection and
compliance strategy, including how
facilities will be selected for inspections
and how inspections will be conducted
for both domestic and foreign facilities.
Further, we intend to engage in
significant outreach activities—both
domestically and internationally—to
facilitate industry compliance with this
rule and to communicate the Agency’s
current thinking on inspection,
compliance, and enforcement strategies.
Additionally, we intend to develop fact
sheets, FAQ documents, guidance
documents, and other informational
materials as needed to support domestic
and foreign industry compliance with
the rule.
(Comment 22) Several comments
recommend that food defense activities
conducted under programs, such as the
Department of Homeland Security’s
(DHS) Customs-Trade Partnership
Against Terrorism (C–TPAT) and
mutually recognized international
programs, the Chemical Facility AntiTerrorism Standards (CFATS), the
USDA Food Safety and Inspection
Services (FSIS) food defense plan
template, should be recognized as
meeting the requirements of this rule.
Several comments state that there are
global food safety schemes that include
food defense requirements which could
be leveraged in inspections and
implementation. Comments suggest that
audits and private certifications done
under these food safety schemes should
be sufficient for meeting the
requirements of this rule.
(Response 22) We disagree. The
programs identified by comments are
not sufficient to substitute for
compliance with this rule. For example,
they do not require mitigation strategies
at all actionable process steps and
therefore are not sufficient to
significantly minimize or prevent
intentional adulteration intended to
cause wide scale public health harm.
Further, even if currently they were
sufficient for compliance for this rule,
they could change at any time.
C–TPAT is a voluntary supply-chain
security certification program led by
U.S. Customs and Border Protection
(CBP) that focuses on private companies
(including food companies)
implementing anti-terrorism measures
to protect their supply chains. When
companies join C–TPAT, they sign an
agreement to work with CBP to identify
supply chain security gaps and
implement specific security measures
and best practices. CBP has found that
the security standards of some foreign
industry partnership programs are
similar to those of the C–TPAT program.
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
CFATS is a DHS program which
regulates high-risk chemical facilities to
ensure they have anti-terrorism
measures in place to reduce risks
associated with the storage and use of
these high-risk chemicals. Any facility
that possesses ‘‘chemicals of interest,’’
as identified by DHS, in certain
quantities is considered a covered
facility that must meet some or all of the
requirements under CFATS. Some
agriculture and food facilities are
subject to CFATS requirements. Covered
chemical facilities are required to
prepare Security Vulnerability
Assessments that identify facility
security vulnerabilities and to develop
and implement Site Security Plans that
identify measures that satisfy risk-based
performance standards. These riskbased performance standards focus on
physical security of the chemicals.
Although both CFATS and C–TPAT
programs address some of the security
concerns related to some food facilities,
neither program addresses the unique
vulnerabilities associated with the food
being manufactured, processed, packed
or held at the facility. In general,
voluntary security programs such as C–
TPAT focus on global supply chain
security measures involved in the
transportation of goods from location to
location. The CFATS program focuses
on reducing risks related to chemicals,
even in facilities that are mainly geared
toward food production. In contrast,
vulnerability assessments required by
this rule require identification of
significant vulnerabilities at discrete
processing steps within a facility, where
the intent of the attack is to cause wide
scale public health harm by
contaminating the food supply. Further,
a vulnerability assessment must
consider the threat stemming from an
inside attacker. Once these significant
vulnerabilities are identified, mitigation
strategies are implemented at or near
those most vulnerable processing steps.
Given these differences, it is unlikely
that facilities would be compliant with
this rule were they to rely wholly on
assessments and mitigation strategies
conducted as part of other programs.
The food defense plan template from
USDA FSIS is voluntary for FSISregulated facilities, and is organized in
four sections: (1) Outside Security
Measures, (2) Inside Security Measures,
(3) Personnel Security Measures, and (4)
Incident Response Security Measures.
The template focuses on a facility’s
physical security measures, which are
analogous to recommended, but not
required, facility wide security
measures in this rule. FSIS-regulated
facilities are encouraged to read and
sign the template, adopt it as their food
PO 00000
Frm 00014
Fmt 4701
Sfmt 4700
defense plan, and then implement, test,
and maintain the plan.
There are important similarities
between the plan template and some
requirements in this rule. For example,
some security measures listed in the
template are similar to some mitigation
strategies included in the FDA
Mitigation Strategies Database. The
testing of the plan is somewhat similar
to food defense monitoring. The plan
template also suggests awareness
training for employees, which is similar
to a food defense awareness training
requirement in this rule. The
similarities reflect FDA and USDA
collaboration on food defense activities
for many years as discussed in the
proposed rule (78 FR 78014 at 78021).
However, food defense plans
developed using the FSIS template
would not meet all requirements of this
final rule. Specifically, FSIS’s food
defense plan template does not include
a vulnerability assessment of the points,
steps, or procedures in a food process,
nor does it include implementation of
mitigation strategies specific to the
vulnerable points. Additionally, the
plan template does not include food
defense monitoring, food defense
corrective action, food defense
verification, and some training required
by this rule.
In addition, we recognize that there
are existing global food safety schemes
that include food defense requirements
and that many in the food industry have
already adopted and implemented these
requirements. For example, the Global
Food Safety Initiative’s (GFSI) Guidance
Document Sixth Edition (Ref. 10)
addresses food defense. Subsequently,
many of the GFSI-recognized schemes
include more specific food defense
requirements. The Safe Quality Foods
(SQF) Code, edition 7.1 is a process and
product certification standard that
specifies various food defense elements,
including that the methods,
responsibility, and criteria for
preventing food adulteration caused by
a deliberate act of sabotage or terroristlike incident shall be documented,
implemented and maintained (Ref. 11).
Another example of industry standards
that incorporate food defense elements
is the International Featured Standards
(IFS) Food Version 6 Standard, which
specifies that areas critical to security be
identified, food defense hazard analysis
and assessment of associated risks be
conducted annually or upon changes
that affect food integrity, and an
appropriate alert system be defined and
periodically tested for effectiveness (Ref.
12). We recognize that some in the food
industry have already voluntarily taken
steps to incorporate and implement food
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
defense measures; however, they are not
adequate to substitute for meeting the
requirements of this rule.
Although participation with global
food safety schemes and other programs
administered by our Federal partners
are not substitutes for compliance with
this rule, we believe that participation
in programs such as C–TPAT, CFATS,
the use of the FSIS food defense plan
template, or international programs
granted mutual recognition status as
that of C–TPAT, for example, decreases
a facility’s vulnerability to intentional
adulteration and can work in concert
with the requirements of the final rule.
Additionally, a facility’s participation in
such programs may be considered by
FDA as we prioritize risk-based
inspections of facilities subject to the
final rule. Further, we note that a
facility may use existing records (e.g.,
records that are kept as part of these
other programs) to meet the
requirements of this rule, if they contain
all of the required information and,
facilities may supplement existing
records as necessary to include all of the
information required by this rule
(§ 121.330).
(Comment 23) Some comments state
that laws in the European Union
currently require food facilities to take
necessary measures to prevent
intentional adulteration, and it is
therefore not justified to request
additional safety or security
requirements for facilities subject to
these laws.
(Response 23) We disagree. This rule
contains those measures FDA has
determined are necessary to protect food
against intentional adulteration. To the
extent a facility is already taking actions
that are required by this rule, a facility
will have to make fewer changes to its
operations. These security measures
should be evaluated on a case-by-case
basis to determine if they qualify as a
mitigation strategy under this rule.
(Comment 24) Some comments
request that FDA focus on education
over enforcement and use discretion
during inspections.
(Response 24) As FSMA as a whole is
a substantial change in how FDA
approaches regulating the food and
agriculture sector, we recognize that
significant outreach, education, and
training will be required to facilitate
industry compliance with all FSMA
rules. As previously stated by the
Agency, one of the guiding principles
for implementing FSMA is that the
Agency will educate before and while
we regulate. This includes a focus on
sector-specific guidance, education,
outreach, and technical assistance for
industry. The intentional adulteration
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
rule implementation will include these
efforts to ensure facilities gain
understanding and awareness to comply
with the rule. In addition, we are
providing for a longer timeline for
facilities to come into compliance,
allowing for more outreach and dialogue
with industry. Facilities, other than
small and very small businesses, have 3
years after the effective date to comply
with part 121. Small businesses (i.e.,
those employing fewer than 500 fulltime equivalent employees) have 4 years
after the effective date to comply with
part 121. Very small businesses (i.e.,
businesses that have less than
$10,000,000, adjusted for inflation, per
year, during the 3-year period preceding
the applicable calendar year in both
sales of human food plus the market
value of human food manufactured,
processed, packed, or held without sale,
e.g., held for a fee) have 5 years after the
effective date to comply with § 121.5(a).
(Comment 25) Some comments
recommend that FDA update the Food
Defense Plan Builder software tool to
capture the elements of a food defense
plan required by the final rule, such as
monitoring, corrective actions, and
verification.
(Response 25) FDA plans to update
existing tools and resources, including
the Food Defense Plan Builder software,
to assist industry with meeting the
requirements for the final rule.
(Comment 26) Several comments
request that FDA periodically update its
online tools and resources for
companies to have access to information
about broad mitigation strategies,
although they are not required under the
rule.
(Response 26) FDA intends to publish
guidance to support industry
compliance with the final rule. This
guidance will include information
relevant to the required provisions of
the final rule and also will likely
include helpful information on facilitywide security measures as well as other
best practices and recommendations to
assist facilities in their development of
a comprehensive food defense program.
In addition, FDA has a number of tools
and resources currently available on our
Web site (https://www.fda.gov/
fooddefense) that were developed for
our voluntary food defense program that
can assist industry.
E. Comments on Requests for Additional
Exemptions
In the proposed rule we specifically
requested comments on whether there
are other ways in which the coverage of
this regulation can be further focused on
foods that present a high risk of
intentional adulteration caused by acts
PO 00000
Frm 00015
Fmt 4701
Sfmt 4700
34179
of terrorism. In this document we
discuss comments we received with
specific recommendations on foods or
activities to exempt from the rule.
(Comment 27) Some comments assert
that facilities engaged solely in cooling,
holding, handling, packing, repacking,
packaging and shipping of raw, intact
fresh produce, similar to activities that
may be performed on farms, are unlikely
to be engaged in any of the key activity
types and should be exempt from this
rule. The comments describe activities
conducted by these facilities, including
application of fungicide, food grade wax
coating, sorting and placing whole
intact produce into boxes for shipping.
The comments further state that whole
intact produce would not be an
attractive or feasible target for an act of
intentional adulteration with the intent
to cause wide scale public health harm,
regardless of where the activities occur.
(Response 27) We decline the
requested exemption for facilities
engaged solely in cooling, holding,
handling, packing, repacking, packaging
and shipping of raw, intact fresh
produce. We recognize that some of
these facilities may not have any
significant vulnerabilities; however,
some may. For example, packaging may
be a significant vulnerability, depending
on the degree of access to the food and
the characteristics of the packaging area
(e.g., in a minimally trafficked area
where individuals are working alone for
extended periods of time, or if the
product is being sprayed with fumigant
or fungicide applications that may serve
to apply a contaminant onto the food).
Therefore, to determine whether any
mitigation strategies are needed, each
facility must conduct a facility specific
vulnerability assessment that considers,
at a minimum: (1) The potential public
health impact if a contaminant were
added (e.g., severity and scale); (2) the
degree of physical access to product;
and (3) the ability of an attacker to
successfully contaminate the product.
Any of the activities described in the
comments that are otherwise covered by
existing exemptions do not need to be
considered in the vulnerability
assessment. For example, holding of
foods other than in liquid storage tanks
is exempt from the rule (§ 121.5(b)).
Also, packing or re-packing of food
where the container that directly
contacts the food remains intact is
exempt (§ 121.5(c)).
If after conducting a vulnerability
assessment, a facility appropriately
concludes that it has no actionable
process steps, the facility would not be
required to implement mitigation
strategies. The facility’s food defense
plan would include the vulnerability
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34180
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
assessment, the conclusion that no
actionable process steps are present, and
an explanation for this conclusion at
each step. In contrast, facilities with
actionable process steps are required to
implement mitigation strategies and the
appropriate mitigation strategies
management components.
(Comment 28) One comment suggests
that we exempt food additives used in
low dosages. The comment asserts that
‘‘the dosage of food additives are
approximately 0.01—1 percent of the
total food, and the final amount of the
food additive absorbed into the human
body should be very small, roughly 1/
100—1/10,000 of the total food
consumed.’’ The comment further
asserts that if a contaminant is added to
a food additive used in low dosages, the
risk to public health is very small.
(Response 28) We decline this
request. Our vulnerability assessments
considered a number of factors when
evaluating a product’s vulnerability to
acts of intentional adulteration and the
potential public health consequences of
such an act, including a wide variety of
threat agents. Our vulnerability
assessments concluded that there were
situations where an act of intentional
adulteration could still result in wide
scale public health harm even if the
dose of the adulterant were at or below
the levels highlighted in this comment.
Moreover, the concentration of a food
additive in the finished product may
vary depending on the nature of the
product (e.g., citric acid can be added to
a food as a flavor enhancer in relatively
low concentrations, or to other foods in
higher concentrations as a color
retention agent).
(Comment 29) One comment
recommends that we exempt production
and packaging of food ingredients from
the rule. The comment asserts that
terrorist groups are more likely to attack
finished food production than food
ingredient production because they
want the publicity associated with
seeing the harm that their act causes.
The comment further asserts that it may
be months or years before a
contaminated ingredient reaches
consumers, and therefore it would not
be a likely or attractive target for
terrorists who want to make a more
immediate impact. The comment also
states that a contaminant can be
degraded, inactivated, or destroyed in
further processing or prolonged storage
if it is added to an ingredient. The
comment maintains that it is far easier
to select an appropriate contaminant
with some knowledge of what types of
processing it will have to survive. The
comment requests that, at a minimum,
we exempt the production and
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
packaging of food ingredients from
requirements for focused mitigation
strategies and make them subject only to
requirements for broad mitigation
strategies.
(Response 29) We decline this
request. As discussed in section IV.B.3,
the rule now refers to ‘‘mitigation
strategy’’ rather than ‘‘focused
mitigation strategy.’’ Further, our
vulnerability assessments concluded
that an act of intentional adulteration
could still result in wide scale public
health harm even if the adulteration
occurred during the production of an
ingredient. Ingredients have many
different distribution paths. Many
ingredients can be sold in bulk to
manufacturing facilities for inclusion in
processed finished foods or be sold in
consumer sized packaging for home use.
Some ingredients can be used in later
processing as a primary ingredient or as
a secondary ingredient added in much
lower volumes. In either case, the
ingredient manufacturer could be an
effective point for an attacker to achieve
wide scale public health harm.
(Comment 30) One comment supports
our proposed exemption § 121.5(c)
applicable to packing, repacking,
labeling, or re-labeling of food where the
container that directly contacts the food
remains intact. The comment would like
us to further exempt the transportation
and holding of foods in retail packaged
form from coverage under this rule.
(Response 30) The holding of food,
except for holding of food in liquid
storage tanks, is exempt under
§ 121.5(b). Therefore, the holding of
foods in retail packaged form is exempt
from this rule. Furthermore, as
explained in section III.G.1,
transportation carriers are not included
in the scope of this rule.
(Comment 31) One comment requests
that food gases be considered for an
exemption for several reasons. The
comment states that food gas containers
are extremely difficult to breach.
Further, the comment states that food
gases may be stored in bulk storage
tanks either during manufacture, or
prior to containerization (i.e.,
pressurized cylinders) or transport (i.e.,
cryogenic tankers) but a person
intentionally trying to contaminate the
product during storage or transportation
would require use and knowledge of
specialized equipment that is not
readily available. The comment argues
therefore that food gases are not at high
risk for intentional adulteration. In
addition, the comment notes that there
are several uses for food gases, such as
processing aids (e.g., freezing, chilling,
pressure transfer) that will have
minimal contact with the food provided
PO 00000
Frm 00016
Fmt 4701
Sfmt 4700
to consumers, and whether used as a
food additive or an ingredient the gas
comprises a very small percentage of the
final food product.
(Response 31) We decline the request.
The comment identifies that food gases
may be stored in bulk storage tanks
either during manufacture, or prior to
containerization or transport. We
recognize at some facilities
manufacturing food gas may not have
any significant vulnerabilities; however,
each covered facility must conduct a
facility specific vulnerability
assessment, and that assessment must
consider, at a minimum: (1) The
potential public health impact if a
contaminant were added (e.g., severity
and scale); (2) the degree of physical
access to product; (3) the ability of an
aggressor to successfully contaminate
the product. The comment mentions
that breaching food gas containers
would require use and knowledge of
specialized equipment that is not
readily available. However, the
vulnerability assessment must include
consideration of an inside attacker, so
this information may be available to
such an individual. The comment also
mentions that gases can be stored or
transported in liquid form. Based on our
vulnerability assessments, liquids
storage and handling has been identified
as potentially significantly vulnerable.
Therefore, facilities manufacturing food
gas would need to evaluate their
manufacturing process through a
vulnerability assessment. If after
conducting a vulnerability assessment,
the facility appropriately concludes that
there are no actionable process steps in
the facility, the facility would not be
required to implement mitigation
strategies. The food defense plan at this
facility would include the vulnerability
assessment, the conclusion that no
actionable process steps are present, and
an explanation for this conclusion at
each step.
(Comment 32) Some comments
request that FDA exempt research and
development (R&D) and pilot plants
from the rule. These comments argue
that a vulnerability assessment
conducted at such a facility would in all
likelihood conclude that there are no
significant vulnerabilities due to the low
volume of product produced, because
such products are not typically for retail
sale, and because of the narrow scope of
consuming individuals, if any.
(Response 32) We decline the request.
We note that if food at an R&D facility
is not for consumption, the facility is
not required to register and would not
be subject to this rule. Food processed
at R&D facilities may be consumed as
samples, distributed at special events, or
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
may take other routes to public
consumption. As with other facilities
covered by the rule, it is possible, based
on a facility specific vulnerability
assessment, that an R&D facility may
conclude that it does not contain any
significant vulnerabilities. If, after
conducting a vulnerability assessment,
the facility appropriately concludes that
it has no actionable process steps, the
facility would not be required to
implement mitigation strategies. The
facility’s food defense plan would
include the vulnerability assessment,
the conclusion that no actionable
process steps are present, and an
explanation for this determination at
each step. In contrast, an R&D facility
with actionable process steps is required
to implement mitigation strategies and
the appropriate mitigation strategies
management components.
F. Other General Comments
(Comment 33) Some comments ask us
to publish a revised proposed rule or an
interim rule before proceeding to a final
rule because of anticipated, significant
changes resulting from comments that
we received in response to the proposed
rule. Some comments state that food
defense is a new and evolving area
without existing regulatory
requirements or a long history of
broadly accepted practices and that
further substantive dialogue with
industry is needed. Some comments
state that a reproposal would serve the
same purpose as an Advance Notice of
Proposed Rulemaking which was FDA’s
stated intent prior to the imposition of
judicial deadlines. Some comments
state that because FSMA rules are
dependent on one another, some
proposed FSMA rules should be issued
concurrently so that a concurrent
evaluation and comment period may be
conducted. Some comments state that
industry must first get used to the new
food safety regulations and then
concentrate on new food defense
regulations and believe reproposing at a
later date will give industry a chance to
comply with all the new regulations.
(Response 33) We decline these
requests. These revisions in the final
rule more closely align the rule with
many current food defense best
practices and increase flexibility for
facilities to comply. With regard to the
suggestion that we should issue the
FSMA foundational proposed rules
simultaneously for comment, this was
not feasible given our judicial deadlines
for the seven rules (Ref. 13). We believe
that stakeholders were given adequate
opportunity to comment on the
proposed rules, and we extended many
comment periods. With regard to the
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
comments that suggest we repropose
this rule to give industry more time to
comply, we have addressed this issue by
extending the compliance dates by an
additional 2 years (see section VIII).
(Comment 34) One comment
disagrees with the exemption for
holding non-liquid bulk food. The
comment asserts that most bulk foods,
irrespective of their physical form, are
likely to be mixed or blended at some
point after receipt by the end-user (i.e.,
the manufacturer or packager that will
convert the bulk food into retail
packaged food), and are likely to be
processed into a much larger volume of
finished food. Thus, the comment
maintains that any contamination
introduced into a bulk food during
storage prior to its use in the
preparation of a retail packaged food
may affect a large volume of finished
food and may thereby cause massive
public health harm.
(Response 34) As discussed in the
proposed rule, based on an analysis of
the vulnerability assessments that FDA
has conducted using the
CARVER+Shock methodology, we
identified four key activity types (Bulk
liquid receiving and loading; Liquid
storage and handling; Secondary
ingredient handling; and Mixing and
similar activities) as production
processes that require focused
mitigation strategies. With the exception
of the holding of food in liquid storage
tanks, which is not included in the
exemption, we are not aware of
activities performed during the holding
of food that fit within any of these four
key activity types (see 78 FR 78014 at
78036). There is no likely way that a
contaminant can be homogeneously
mixed throughout a non-liquid bulk
food during storage. We found in our
vulnerability assessments that the
potential for uniform distribution of a
contaminant into the food is a major
factor in elevating vulnerability. Since it
is highly unlikely that an inside attacker
would be able to evenly distribute a
contaminant into a dry bulk ingredient
during storage, the vulnerability
associated with these steps did not rise
to the level associated with the
vulnerability associated with the key
activity types.
G. Other Issues Discussed in the
Proposed Rule
1. Transportation Carriers
In the proposed rule, we tentatively
determined that there is a significant
vulnerability to intentional adulteration
during bulk liquid receiving and
loading, one of the four key activity
types included in the proposal as an
PO 00000
Frm 00017
Fmt 4701
Sfmt 4700
34181
option to identify actionable process
steps. We did not identify receiving and
loading of other types of foods (e.g.,
non-bulk liquid, solid, gaseous) as key
activity types because we determined
through our vulnerability assessments
that they do not present the same level
of risk. Further, we tentatively
concluded that requiring receivers and
shippers of bulk liquids to implement
mitigation strategies at actionable
process steps involving loading and
receiving of bulk liquid foods would
significantly minimize or prevent the
potential for intentional adulteration of
these foods during transportation.
Based on our vulnerability
assessments, we proposed to require
that mitigation strategies to ensure the
integrity of food during transport would
be implemented by facilities, rather than
carriers. Where such measures are
implemented by the shippers and
receivers of bulk liquids, we tentatively
concluded that the food would be
sufficiently protected, and that no
further actions by a carrier would be
needed. For this reason, we did not
propose to cover transportation carriers
in the proposed rule. We requested
comment on our analysis and tentative
conclusion.
Some comments agree with the
tentative conclusion in the proposed
rule to exclude transportation carriers.
Some comments oppose this approach.
In the following paragraphs, we discuss
comments that disagree with the
proposed approach. After considering
the comments, we are finalizing the rule
as proposed with regard to
transportation carriers.
(Comment 35) Some comments
disagree with our conclusion that
implementing mitigation strategies at
the receiving and loading steps for bulk
liquids will adequately protect food
during transportation. Some comments
argue that transport of food is one of the
most vulnerable stages in a process, as
food is not protected by a secure facility
and may often be parked at a truck stop
or other unsecure locations for extended
periods of time which provides the
opportunity for an attacker to gain
access. One comment states that food
shipments have consistently been
documented as either the first or second
most stolen truckloads on U.S.
highways, and if terrorists were to use
this mode of attack on the food supply,
the result could be a major event for
which we were not only unprepared,
but for which we could have foreseen
the risk.
(Response 35) We disagree with these
comments. Based on our vulnerability
assessments, we determined that the
most practical mitigation strategies to
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34182
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
ensure the integrity of food during
transport would be implemented by
facilities, rather than by carriers. For
example, to significantly minimize or
prevent the product from being
intentionally adulterated during
transport, a shipper may elect to use
seals to secure access points, such as
doors or hatches, on the transport
conveyance. The shipper seals the load
prior to departure from its facility by
using seals with unique identification
numbers. The shipper includes the seal
numbers on shipping documentation
and transmits the seal numbers to the
receiving facility. Once the shipment
arrives at the receiving facility, the
receiver would verify the seals are in
place and that the identification
numbers match. This mitigation strategy
ensures the food was not accessible
during transport. To ensure that the
driver cannot exploit his position to
gain access and intentionally adulterate
the food during transport, the carrier has
no role in the seal mitigation strategy. If
seals are missing or the identification
numbers do not match the shipping
documentation, the receiving facility
would reject the load and notify the
shipper.
Facilities are required to implement
mitigation strategies that significantly
minimize or prevent significant
vulnerabilities associated with
actionable process steps. Therefore, if a
food operation has a significant
vulnerability associated with
transportation, the facility must choose
a mitigation strategy or combination of
strategies to significantly reduce the
vulnerability at the receiving or loading
step. Mitigation strategies implemented
at inbound receiving and outbound
shipping would work complementary to
each other to protect the food during
transport. For example, if the
vulnerability assessment concludes that
loading is an actionable process step
because of a vulnerability during
transportation, the facility would
implement mitigation strategies to
protect its outbound food from
intentional adulteration (e.g., sealing the
bulk liquid tanker truck access points).
Likewise, if the facility receiving the
food identifies receiving as an
actionable process step because of a
vulnerability during transportation, it
would implement mitigation strategies
to reduce the vulnerability of the food
to intentional adulteration during
shipping. The mitigations employed at
the receiving/unloading step may
include procedures to accept only
scheduled shipments, verification of
shipping documentation, procedures to
investigate delayed or missing
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
shipments, inspecting loads prior to
receipt, and rejecting damaged or
suspect items. These steps together will
then work to significantly reduce the
significant vulnerabilities associated
with the transport of food. With respect
to the prevalence of theft of food during
transport, such theft is economically
motivated; the scope of this rule is
limited to acts of intentional
adulteration where the intent is to cause
wide scale public health harm.
(Comment 36) One comment states
that the use of seals or tamper-evident
containers is insufficient to protect bulk
foods during transportation and/or
holding because tamper-evident seals
can be defeated and cannot be expected
to prevent a determined attacker. The
comment further states that tamperevident containers or seals should be
used in combination with other
measures.
(Response 36) Mitigation strategies are
‘‘risk-based,’’ ‘‘reasonably appropriate
measures’’ employed to ‘‘significantly
minimize or prevent’’ significant
vulnerabilities. They cannot always
eliminate entirely any possibility of
intentional adulteration. Furthermore,
each facility has some degree of
discretion in determining how, and
whether, each mitigation strategy is
properly implemented, as part of the
facility’s written explanation of how the
mitigation strategy sufficiently
minimizes or prevents the significant
vulnerability associated with the
actionable process step. Facilities are
required to implement mitigation
strategies that significantly minimize or
prevent the significant vulnerability;
therefore, if a significant vulnerability is
identified, the mitigation strategy or
combination of strategies chosen by the
facility must be sufficient to reduce the
vulnerability to an acceptable level at
these steps.
In many cases the use of tamper
evident seals may be an appropriate
mitigation strategy for limiting access to
the product. Additionally, if a tamper
evident seal had been circumvented by
an attacker, a close inspection of the
seal at receiving may reveal suspicious
activity or tampering which reduces the
likelihood of a successful attack.
However if the facility concludes that
tamper evident seals are not by
themselves sufficient to significantly
reduce the vulnerability, they should
employ other or additional measures
(such as directing carriers to travel
directly to the end destination without
stop-overs, or requiring teamed drivers
to prevent the load from being
unsupervised during transport).
(Comment 37) One comment requests
clarification of expectations in
PO 00000
Frm 00018
Fmt 4701
Sfmt 4700
situations where only one of the entities
involved is covered by the intentional
adulteration rule (e.g., the shipper is
covered, but the receiver is exempt due
to size or vice versa) and states that FDA
may need to take a closer look into
exemption of carriers.
(Response 37) A covered facility may
ship food to or receive food from a
facility that is not covered by the rule
(e.g., it is a very small business). The
covered facility is responsible for
implementing mitigation strategies to
address transportation if it has a
significant vulnerability associated with
transportation at the receiving or
shipping steps. The mitigation strategies
used by the covered facility must
significantly minimize or eliminate the
significant vulnerability at this step.
Mitigation strategies are available to
protect the food during transport
regardless of whether the shipper or
receiver is exempt from the rule. If the
receiving facility is exempt, the
shipping facility can address the
vulnerability by implementing
mitigation strategies such as those
discussed in Response 36. If the
shipping facility is exempt, the
receiving facility can address the
vulnerability by implementing
mitigation strategies such as visually
inspecting seals and cargo to identify
any suspicious activity or tampering,
verifying shipping documents are
accurate, ensuring only scheduled
deliveries are accepted, and
investigating delayed or inaccurate
shipments. Additionally, we do not
believe a shipping and/or receiving
facility that qualifies for the very small
business exemption is an attractive
target for attackers intending to cause
wide scale public health harm, as
detailed in section IV.B.11.
(Comment 38) Some comments state
that covering carriers under this rule
may not be the best approach and this
component of the food sector may be
better addressed in guidance. Some
comments ask us to continue to develop
materials, guidelines and other tools to
promote voluntary compliance of food
defense measures by the transportation
component of the food sector.
(Response 38) We agree with these
comments. As resources allow, we will
continue to develop best practices for
the transportation industry to assist
with voluntary compliance with food
defense measures.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
2. Other Types of Intentional
Adulteration: Disgruntled Employees,
Consumers, and Competitors; and
Economically Motivated Adulteration
a. Disgruntled Employees, Consumers,
and Competitors
In the proposed rule, we explained
that when we considered the spectrum
of risk associated with intentional
adulteration of food, attacks conducted
with the intent of causing massive
casualties and to a lesser extent,
economic disruption, would be ranked
as relatively high risk. (Note that to
further clarify the rule’s focus we have
removed the reference to economic
disruption from the definition of ‘‘food
defense.’’) We further explained that
attacks by disgruntled employees,
consumers, or competitors would be
consistently ranked as relatively low
risk mainly because their public health
and economic impact would be
generally quite small. We further stated
that disgruntled employees are generally
understood to be interested primarily in
attacking the reputation of the company
and otherwise have little interest in
public health harm. Typically, acts of
disgruntled employees, consumers, or
competitors target food and the point(s)
in its production that are convenient
(i.e., a point at which they can easily
access the food and contaminate it). To
minimize or prevent this type of
adulteration would require restricting
access to nearly all points in the food
system. Instead, we proposed to focus
on those points in the food system
where an attack would be expected to
cause massive adverse public health
impact.
We received comments supporting the
proposed approach; comments stating
that measures should be required to
protect against acts of terrorism and
disgruntled employees; and a comment
stating that disgruntled employees can
be recruited by terrorist organizations.
The final rule is focused on protecting
food against intentional adulteration
where the intent of the adulteration is
to cause wide scale public health harm.
In the circumstance described by the
comment where a disgruntled employee
is recruited by a terrorist organization,
the motivation of the employee has
changed from harming the reputation of
the company to that of the terrorist
organization intending to cause widescale public health harm. The rule is
designed to reduce the likelihood that
such an attack would be successful.
Further, the protections required by the
rule would be effective in minimizing
the likelihood of success of a
disgruntled employee, consumer, or
competitor who attempts an act of
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
intentional adulteration at an actionable
process step—even if that act of
intentional adulteration is not intended
to cause wide-scale public health harm.
We continue to believe that an approach
that does not focus on preventing widescale public health harm, but rather
attempts to address intentional acts
regardless of their potential severity,
would require restricting access to
nearly all points in the food system
because these types of attacks are
typically conducted at areas of
convenience and could occur at any
point in the food system.
b. Economically Motivated Adulteration
In the proposed rule, we stated that
the goal of the perpetrator of
economically motivated adulteration is
for the adulteration to go undetected so
the perpetrator can continue to obtain
the desired economic benefit. Unlike
with intentional adulteration, where the
intent is to cause wide scale public
health harm through instances such as
acts of terrorism focused on the food
supply, occurrences of economically
motivated adulteration are expected to
be long term, and would not be
appropriately viewed as a rare
occurrence, but rather as reasonably
likely to occur. Because of these
reasons, we concluded that the
approaches in the PCHF and PCAF final
rules are better suited to address
economically motivated adulteration.
We sought comment on our
conclusions.
We received numerous comments
related to economically motivated
adulteration, including comments
suggesting economically motivated
adulteration is best addressed in this
rule, comments suggesting it is best
addressed in the PCHF and PCAF final
rules, comments recommending
different hazard identification
methodologies, comments related to
terminology and definitions, and
comments requesting postponement of
any economically motivated
adulteration-associated requirements.
We continue to believe that the
approaches in the PCHF and PCAF final
rules are better suited to address
economically motivated adulteration,
and have finalized this rule with no
requirements related to economically
motivated adulteration for facilities
covered by those rules. For further
discussion see the PCHF final rule (80
FR 55908 at 56028–56029) and the
PCAF final rule (80 FR 56170 at 56243–
56246).
In the proposed rule, we also
tentatively decided not to require
produce farms subject to section 419 of
the FD&C Act and farms that produce
PO 00000
Frm 00019
Fmt 4701
Sfmt 4700
34183
milk (also referred to in this document
as ‘‘dairy farms’’) subject to section 420
of the FD&C Act to take measures to
address economically motivated
adulteration. With regard to produce
farms, we tentatively concluded that
there are not procedures, processes, or
practices that are reasonably necessary
to be implemented by these entities to
prevent the introduction of known or
reasonably foreseeable biological,
chemical, or physical hazards that can
cause serious adverse health
consequences or death as a result of
economically motivated adulteration.
With regard to farms that produce milk,
we tentatively concluded that there are
not appropriate science-based strategies
or measures intended to protect against
economically motivated adulteration
that can be applied at the farm. Those
tentative conclusions were based on our
assessment that preventive controls are
suitable to address economically
motivated adulteration when it is
perpetrated by the entity’s supplier, but
not when it is perpetrated by the entity
itself, and supplier controls are not
warranted in this context because of the
lack of inputs into the growing,
harvesting, packing, or holding of
produce or milk (i.e., activities within
our farm definition) that could be
subject to economically motivated
adulteration that could cause serious
adverse health consequences or death
under sections 419 and 420 of the FD&C
Act.
We received one comment suggesting
we include requirements related to
economically motivated adulteration on
produce farms and stating that
economically motivated adulteration
(e.g., illegal use of dyes and ripening
agents) has occurred on foreign produce
farms. We continue to believe that
preventive controls are suitable to
address economically motivated
adulteration when it is perpetrated by
an entity’s supplier, but not by the
entity itself. Preventive controls for
economically motivated adulteration are
not suitable to address the situation
where the same farm that would be
economically adulterating the food
(which is already prohibited) would
also be responsible for implementing
preventive controls to prevent the
adulteration. After considering this
comment, we have finalized this rule
with no requirements related to
economically motivated adulteration on
produce and dairy farms.
3. Dairy Farms
In the proposed rule, we stated that
FDA-led vulnerability assessments and
associated data analyses identified
certain categories of points, steps, or
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34184
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
procedures in the food system which
scored high on vulnerability scales
related to intentional adulteration of
food, regardless of the food being
assessed. Two of these key activity
types, liquid storage and handling, and
bulk liquid receiving and loading, are
present on dairy farms in areas such as
the bulk liquid storage tank. We
requested comment on several
questions, including whether and how
access to the bulk milk storage tank and
milk house could be limited; the
presence and types of any mitigation
strategies currently used on farms; and
whether and what mitigation strategies
would be appropriate and feasible given
current dairy farming practices.
Some comments acknowledge that
limiting access to the bulk milk tank
and milk house is an important
objective; however, these comments
describe significant challenges regarding
limiting access to milk. These comments
state that some State laws require
unannounced access to the bulk tank
and/or the milk house for food safety
inspections. Additionally, comments
state that locking only the bulk tank
would be ineffective because this would
still leave the milk accessible via the
milk house. These comments also state
that it is common for many dairy farms
to leave the bulk tank and the milk
house unlocked to facilitate normal dayto-day operations and that any
regulation requiring strictly limiting
access, such as locking the milk house,
would be impractical due to the
multiple entry points and the number of
personnel needed for these measures to
function effectively. Some comments
suggest that FDA engage in substantial
dialogue with industry to gain a better
understanding of current practices and
better ascertain the food defense
measures that would be effective and
appropriate before issuing regulations.
Some comments state that FDA should
utilize existing programs to identify
potential activities to reduce the
vulnerability to intentional adulteration
on dairy farms because these programs
have demonstrated efficacy and have
the structures in place to successfully
implement new food defense measures.
Some comments state that FDA
should not issue requirements for dairy
farms because they are not at high risk
for intentional adulteration. Some
comments describe the willingness of
stakeholders to adopt voluntary food
defense measures, with specific
examples including State-led education
efforts and adoption of some elements of
existing FDA guidance relating to food
defense measures on dairy farms. Some
comments state that any requirements
should be limited to food defense
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
awareness training while other
comments state that such training may
be beneficial and is provided on some
farms, but more information is needed
to identify effective training programs.
Additionally, several comments
address procedural matters, with many
comments stating that FDA must either
allow a full and separate comment
period for any potential requirements
for dairy farms because there were no
requirements related to dairy farms in
the proposed rule, or issue a fully
separate proposal for dairy farms which
will cover the requirements in their
entirety independent of the intentional
adulteration regulations for facilities
that are not farms. Some comments also
request that dairy processing facilities
be exempt from the requirements of this
rule.
Although we believe requiring
mitigation strategies that restrict access
to milk on dairy farms is warranted
based on risk, at this time there are not
strategies that limit access to milk that
are appropriate and practical to require
for all farms. We believe it is important
that any mitigation strategies we
consider imposing include restricting
access to milk while it is on farms. We
agree with comments that state that
potential mitigation strategies, such as
locking the milk tank and milk house,
are not currently workable given the
realities of milking schedules and the
access to the bulk tank needed for food
safety inspections and milk collection.
We need further dialogue with key
stakeholders and collaborative research
to develop and identify strategies that
are protective and practical; we are
aware of technology-mediated
advancements that are under
development, and are potentially
promising for the future in this area.
Given the current lack of mitigation
strategies that would practically limit
access to milk, we agree that working
with the Federal-State collaborative
program for milk safety, the National
Conference on Interstate Milk
Shipments (NCIMS), is the most
appropriate way to address concerns
regarding intentional adulteration on
dairy farms in the near term as strategies
that can limit access to milk while on
farm are developed. We believe NCIMS
offers an effective platform for FDA to
advance the development and
implementation of mitigation strategies
for dairy farms because the cooperative
program includes key partners, such as
the U.S. Public Health Service/FDA, the
States, and the dairy industry, and has
a central role in helping to ensure the
safety of milk and milk products.
We are not exempting Pasteurized
Milk Ordinance (PMO) facilities that are
PO 00000
Frm 00020
Fmt 4701
Sfmt 4700
not farms (e.g., dairy processing
facilities) from complying with this rule.
Unlike farms, such facilities have
identified effective mitigation strategies
available to them. In addition, PMO
requirements do not currently address
intentional adulteration. Further, unlike
farms, these facilities are not exempt
from the PCHF rule. We note that the
earliest compliance date for this rule (3
years) is the same as the extended
compliance date in the PCHF rule,
which was chosen to give the NCIMS
time to modify the PMO to include the
requirements of the PCHF rule.
IV. Subpart A: Comments on Specific
Provisions
A. Revisions to Definitions Also Used in
Section 415 Registration Regulations (21
CFR Part 1, Subpart H) and Section 414
Recordkeeping Regulations (21 CFR Part
1, Subpart J)
As discussed in the proposed rule (78
FR 78014 at 78030), several terms we
proposed have the same definitions as
proposed in 21 CFR part 117 (the PCHF
proposed rule) and therefore we did not
include an extensive discussion in the
proposed rule of the following terms:
facility, farm, holding, manufacturing/
processing, mixed-type facility, and
packing. We did not receive specific
comments on any of our proposed
definitions for these terms, except that
many comments state that it is critical
for FDA to cross-reference and be
consistent with the same terms as
finalized in the PCHF final rule. We
agree and we have amended each of
these terms to be consistent with the
definitions as finalized in the PCHF
final rule. See section IV. of the PCHF
final rule for extensive discussion of the
comments received and changes made
to these definitions.
1. Facility
We proposed to define the term
‘‘facility’’ to mean a domestic facility or
a foreign facility that is required to
register under section 415 of the FD&C
Act (21 U.S.C. 350d), in accordance
with the requirements of 21 CFR part 1,
subpart H. We have finalized this term
as proposed, except that we have made
editorial changes by removing the U.S.
Code citation and amended the Code of
Federal Regulations citation.
2. Farm
We proposed to define the term
‘‘farm’’ by reference to the definition of
that term in § 1.227 of this chapter. We
have finalized this term as proposed.
For a detailed discussion of the
definition of ‘‘farm,’’ see sections IV.A
and IV.B of the PCHF final rule.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
3. Holding
5. Mixed-Type Facility
We proposed to define the term
‘‘holding’’ to mean storage of food. In
addition, we proposed that holding
facilities include warehouses, cold
storage facilities, storage silos, grain
elevators, and liquid storage tanks.
Further, we proposed that for farms and
farm mixed-type facilities, holding also
includes activities traditionally
performed by farms for the safe or
effective storage of raw agricultural
commodities grown or raised on the
same farm or another farm under the
same ownership, but does not include
activities that transform a raw
agricultural commodity (RAC), as
defined in section 201(r) of the Federal
Food, Drug, and Cosmetic Act (21 U.S.C.
321), into a processed food as defined in
section 201(gg). In this final rule,
consistent with the PCHF final rule, we
have revised the definition for
‘‘holding’’ by removing the distinction
for farms and farm mixed-type facilities
and added that holding also includes
activities performed incidental to
storage of a food, but does not include
activities that transform a RAC into a
processed food and included additional
examples of holding activities. For a
detailed discussion of the definition of
‘‘holding,’’ see section IV.D of the PCHF
final rule.
We proposed to define mixed-type
facility to mean an establishment that
engages in both activities that are
exempt from registration under section
415 of the FD&C Act and activities that
require the establishment to be
registered. The proposed definition also
stated that an example of such a facility
is a ‘‘farm mixed-type facility,’’ which is
an establishment that grows and
harvests crops or raises animals and
may conduct other activities within the
farm definition, but also conducts
activities that require the establishment
to be registered. In this final rule,
consistent with PCHF final rule and as
a conforming change associated with the
revisions to the ‘‘farm’’ definition, we
have revised the example of a ‘‘farm
mixed-type facility’’ to specify that it is
an establishment that is a farm, but also
conducts activities outside the farm
definition that require the establishment
to be registered. For a detailed
discussion of the definition of ‘‘mixedtype facility,’’ see section IV.F of the
PCHF final rule.
mstockstill on DSK3G9T082PROD with RULES4
4. Manufacturing/Processing
We proposed to define
manufacturing/processing to mean
making food from one or more
ingredients, or synthesizing, preparing,
treating, modifying or manipulating
food, including food crops or
ingredients. Further, the proposed
definition provided that examples of
manufacturing/processing activities are
cutting, peeling, trimming, washing,
waxing, eviscerating, rendering,
cooking, baking, freezing, cooling,
pasteurizing, homogenizing, mixing,
formulating, bottling, milling, grinding,
extracting juice, distilling, labeling, or
packaging. In addition, the proposed
definition provided that for farms and
farm mixed-type facilities,
manufacturing/processing does not
include activities that are part of
harvesting, packing, or holding. In this
final rule, consistent with PCHF final
rule, we have revised the definition of
‘‘manufacturing/processing’’ by adding
to the list of examples and we have
reorganized the listed examples to
present them in alphabetical order. For
a detailed discussion of the definition of
‘‘manufacturing/processing,’’ see section
IV.E of the PCHF final rule.
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
6. Packing
We proposed to define packing to
mean placing food into a container other
than packaging the food. Further, the
proposed rule provided that for farms
and farm mixed-type facilities, packing
also includes activities traditionally
performed by farms to prepare RACs
grown or raised on the same farm or
another farm under the same ownership
for storage and transport, but does not
include activities that transform a RAC,
as defined in section 201(r) of the FD&C
Act, into a processed food as defined in
section 201(gg). In this final rule,
consistent with the PCHF final rule, we
have revised the definition for
‘‘packing’’ by removing the distinction
for farms and farm mixed-type facilities
and adding that packing includes
activities performed incidental to
packing a food, but does not include
activities that transform a RAC into a
processed food. We have also revised
the definition to clarify that packing
includes ‘‘re-packing.’’ For a detailed
discussion of the definition of
‘‘packing,’’ see section IV.G of the PCHF
final rule.
B. Other Definitions That We Proposed
To Establish in Part 121
To establish the scope of facilities,
activities and food covered by this
regulation, we proposed to define key
terms. We also proposed to establish
that the definitions in section 201 of the
FD&C Act apply when used in part 121.
We received no comments regarding the
PO 00000
Frm 00021
Fmt 4701
Sfmt 4700
34185
use of statutory definitions in section
201 of the FD&C Act, and we are
finalizing that provision without
change. In this section, we discuss each
definition as proposed, related
comments, and our responses.
1. Actionable Process Step
We proposed to define the term
‘‘actionable process step’’ to mean a
point, step, or procedure in a food
process at which food defense measures
can be applied and are essential to
prevent or eliminate a significant
vulnerability or reduce such
vulnerability to an acceptable level.
Although we did not receive comments
on the proposed definition for
actionable process step, we have revised
the definition to improve understanding
of the regulatory requirements in
§ 121.130 (Vulnerability assessment to
identify significant vulnerabilities and
actionable process steps) and to be
consistent with the definition of
mitigation strategies. In this final rule,
actionable process step is defined to
mean a point, step, or procedure in a
food process where a significant
vulnerability exists and at which
mitigation strategies can be applied and
are essential to significantly minimize
or prevent the significant vulnerability.
2. Contaminant
We proposed to define the term
‘‘contaminant’’ to mean any biological,
chemical, physical or radiological agent
that may be intentionally added to food
and that may cause illness, injury or
death.
(Comment 39) Some comments assert
the proposed language defining
‘‘contaminant’’ could be interpreted to
include ingredients intentionally added
to food that resulted in harm, even if
unintentional, such as an unintended
allergic or other adverse health
response. The comments urge FDA to
clarify the meaning to be an
‘‘intentional’’ contaminant, for the
purpose of this rule, by amending the
proposed definition as follows:
‘‘Contaminant means any biological,
chemical, physical or radiological agent
added to food to intentionally cause
illness, injury or death.’’
(Response 39) We agree with the
possible confusion as pointed out by the
comments and have amended the
proposed definition. The term
‘‘contaminant’’ is used in the context of
intentional acts of adulteration with
intent to cause wide scale public health
harm. We agree that amending the
proposed definition for contaminant to
make clear that the harm must be
intended better reflects how the term is
used in this rule.
E:\FR\FM\27MYR4.SGM
27MYR4
34186
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
(Comment 40) One comment asserts
the term ‘‘contaminant,’’ is used widely
in the food and dietary supplement
industries and that if FDA were to
include a definition for this term, it
must employ a definition that is
consistent throughout all regulations
pertaining to food and dietary
supplements. Further, one comment
notes that this term is defined
differently in the proposed rule (i.e., a
contaminant is any agent that may be
added to food) than it is in the Codex
Alimentarius guidelines (i.e.,
contaminants are substances that are
‘‘not intentionally added to food or
feed’’). The comment suggests that FDA
take note of this difference and consider
revisions with the goal of promoting
consistency and common understanding
of terminology.
(Response 40) As discussed in the
proposed rule (78 FR 78014 at 78031),
we based the proposed definition, in
part, on the definition of ‘‘contaminant’’
used in Codex Alimentarius guidelines,
but made modifications to reflect the
narrower context that the term is used
within this rule. Further, as discussed in
response to Comment 39, we are
amending the definition of
‘‘contaminant’’ to better reflect its
limited use in this rule.
3. Focused Mitigation Strategies
We proposed to define the term
‘‘focused mitigation strategies’’ to mean
those risk-based, reasonably appropriate
measures that a person knowledgeable
about food defense would employ to
significantly minimize or prevent
significant vulnerabilities identified at
actionable process steps, and that are
consistent with the current scientific
understanding of food defense at the
time of the analysis.
We explained in the proposed rule
that a ‘‘mitigation strategy’’ is a measure
taken by a facility to reduce the
potential for intentional adulteration of
food. We further explained that FDA
divides mitigation strategies into two
types, ‘‘broad mitigation strategies’’ and
‘‘focused mitigation strategies.’’ We
explained that broad mitigation
strategies are general facility-level
measures that are intended to minimize
a facility’s vulnerability, as a whole, to
potential acts of intentional
adulteration. We provided some
examples of broad mitigation strategies,
such as (1) physical security, such as
perimeter security fencing, locking
exterior doors, penetration alarms; (2)
personnel security, such as pre-hire
background and reference checks,
identification badges, and controlled
visitor access; (3) securing hazardous
materials, such as cleaning products,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
laboratory materials, and pesticides; (4)
management practices, such as
ingredient storage inventory procedures;
key security procedures, PINs or
passwords; procedures to restrict
personal items from all food production
areas; procedures requiring IDs and
uniforms to be returned when a person’s
employment ends; and supplier
verification or certification procedures;
and (5) crisis management planning,
such as maintenance of updated
emergency contact information,
procedures for responding to reported
threats, and establishment of a
designated food defense leadership
team. We further explained that broad
mitigation strategies, by nature, are
generally applicable to a facility,
regardless of the type of food being
processed, and, as such, are not targeted
to a specific processing step in a food
operation.
In contrast, focused mitigation
strategies are specific to an actionable
process step in a food operation where
a significant vulnerability is identified.
They represent reasonably appropriate
measures that are necessary to reduce
the likelihood of intentional
adulteration intended to cause wide
scale public health harm. Focused
mitigation strategies are customized to
the processing step at which they are
applied, tailored to existing facility
practices and procedures, and depend
on an evaluation of the significant
vulnerability associated with the
actionable process step at which they
are applied. In the proposal we
tentatively concluded, based on our
vulnerability assessments, that the
implementation of focused mitigation
strategies at actionable process steps in
a food operation is necessary to
minimize or prevent the significant
vulnerabilities that are identified in a
vulnerability assessment, regardless of
the existence of broad mitigation
strategies.
We further explained, in contrast to
broad mitigation strategies, focused
mitigation strategies are targeted to
actionable process steps and, therefore,
are more effective at countering an
attacker who has legitimate access to the
facility. Our conclusion was based upon
our interactions with the intelligence
community and the many vulnerability
assessments we conducted with
industry, which showed that an act of
intentional adulteration by an insider
presents significant risk for that
adulteration to result in wide scale
public health harm and that broad
mitigation strategies are not specific
enough, for example, to counter the
actions of an attacker who has legitimate
access to the facility (i.e., insider attack)
PO 00000
Frm 00022
Fmt 4701
Sfmt 4700
or an attacker who circumvents
perimeter protections (e.g., scaling a
fence), with the goal of intentionally
contaminating the food.
Although the regulatory text now only
refers to ‘‘mitigation strategies,’’ we
continue to believe that facilities must
protect vulnerable points in their
operation from acts of intentional
adulteration intended to cause wide
scale public health harm and that a
facility’s vulnerability to acts of
intentional adulteration by attackers
who have achieved access to the facility
must be significantly reduced or
prevented to protect the food from
intentional adulteration intended to
cause wide scale public health harm.
General, facility-level protections do not
sufficiently address the significant
vulnerabilities within a facility because
they do not address an inside attacker
who has obtained access to the facility.
(Comment 41) Some comments state
that the distinction between ‘‘broad’’
and ‘‘focused’’ mitigation strategies is
confusing, and request that the
distinction be removed. One comment
states the line between broad and
focused mitigation strategies is often
blurry. The comment asks how close
ingredient handling needs to be to a gate
for the gate to be considered a focused
mitigation strategy and not a broad one.
The comment further asserts that a
mandate for focused mitigation
strategies will result in endless debates
between facility management and FDA
investigators as to whether a particular
mitigation strategy is broad or focused
and that this potential for difference of
opinion between facilities and FDA
investigators is of significant concern for
industry stakeholders.
(Response 41) The question asked by
the comment highlights the nuance and
gradation that exists within mitigation
strategies. After considering the
comments, we agree that many
mitigation strategies may not lend
themselves to clear categorizations as
either ‘‘broad’’ or ‘‘focused,’’ and we
agree that the delineation between broad
and focused mitigation strategies, as
described in the proposed rule, may be
confusing because of the wide diversity
of potential mitigations as well as
variation as to how a facility chooses to
implement a particular strategy. As a
result, we have modified the regulatory
text throughout the final rule to refer to
‘‘mitigation strategy’’ rather than
‘‘focused mitigation strategy.’’ For
example, § 121.135 now requires
‘‘mitigation strategies for actionable
process steps.’’ Also, the title of the rule
has been modified to reflect this change.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
4. Food
We proposed to define the term
‘‘food’’ to mean food as defined in
section 201(f) of the FD&C Act and
include raw materials and ingredients.
(Comment 42) Some comments urged
us to clarify that the definition of food
does not include food contact
substances as defined in section
409(h)(6) of the FD&C Act (21 U.S.C.
348(h)(6)). One comment recommends
FDA amend the definition of food to
exempt EPA registered antimicrobials/
pesticides and food contact substances
which have no ongoing intended
technical effect in the final finished
food.
(Response 42) This rule only applies
to facilities required to register with
FDA. The registration rule does not
include food contact substances and
pesticides (21 CFR 1.227(a)(4)(i)). No
change to the definition of food in this
rule is necessary.
mstockstill on DSK3G9T082PROD with RULES4
5. Food Defense
We proposed to define the term ‘‘food
defense’’ to mean the effort to protect
food from intentional acts of
adulteration where there is an intent to
cause public health harm and economic
disruption.
(Comment 43) One comment states
that references to ‘‘terrorism’’ in the
preamble to the proposed rule were
unnecessarily limiting and confusing
and recommends that instead of
attempting to narrow the scope of
intentional adulteration to ‘‘terrorism,’’
FDA should use the definition of ‘‘food
defense’’ to explain and further clarify
the focus of activities covered by the
rule.
(Response 43) We agree with this
comment and have modified the
definition of ‘‘food defense’’ in the final
rule as follows: ‘‘Food defense means,
for purposes of this part, the effort to
protect food from intentional acts of
adulteration where there is intent to
cause wide scale public health harm.’’
As discussed in the preamble to the
proposed rule, although we referred to
the protection of the food supply from
‘‘acts of terrorism’’ throughout the
proposed rule, we expect our approach
would generally address acts intended
to cause wide scale public health harm,
whether committed by terrorists,
terrorist organizations, individuals or
groups of individuals. The purpose of
this rule is to protect the food supply
against individuals or organizations
with the intent to cause wide scale
public health harm. Further, although
economic disruption is likely to occur
in any such instance of wide scale
public health harm, because the focus of
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
the rule is not the protection against
economic disruption we have removed
that language from the definition of
‘‘food defense’’ for purposes of this rule.
In addition, as discussed in section
III.G.2, economically motivated
adulteration is not addressed in this
final rule.
(Comment 44) One comment states
that the proposed rule defines ‘‘food
defense’’ within the scope of the rule
and requests that FDA establish a
generalized definition of ‘‘food defense’’
that can be adopted for the purposes of
all FDA activities and subsequently the
scope of this rule can then be further
elaborated. The comment proposes the
following definition of food defense:
‘‘Actions and activities related to
prevention, protection, mitigation,
response, and recovery of the food
system from intentional acts of
adulteration. This includes intentional
adulteration from both terrorism and
criminal activities. Criminal activities
include economically motivated
adulteration, as well as acts by
disgruntled employees, consumers, or
competitors intending to cause public
health harm or business disruption.’’
(Response 44) We decline this
request. The purpose of § 121.3
(Definitions) is to define terminology
that is used within the regulatory text of
the rule. Therefore, the definitions of
terms need to be within the context and
scope of the rule, rather than a
definition to be used by FDA or industry
activities not related to the rule in
particular.
6. Monitor
We proposed to define the term
‘‘monitor’’ to mean to conduct a
planned sequence of observations or
measurements to assess whether
focused mitigation strategies are
consistently applied and to produce an
accurate record for use in verification.
(Comment 45) Some comments assert
that food safety and food defense
require different terminology and
suggest referring to the activities as
‘‘checking’’ instead of ‘‘monitoring.’’
These comments go on to suggest that
the definition of checking should be ‘‘to
observe or otherwise assess whether
mitigation strategies or measures are in
place and fully implemented.’’ The
comments also state that ‘‘a planned
sequence of observations and
measurements’’ may not be appropriate
for all or any mitigation strategies, and
questions what kind of measurements of
a mitigation strategy a facility would
take.
(Response 45) We agree that using
completely different terminology is
appropriate when components of a food
PO 00000
Frm 00023
Fmt 4701
Sfmt 4700
34187
safety and food defense HACCP-type
system differ in important, specific
ways. As noted in the Regulatory
Approach discussion in section III.A,
food safety uses the term ‘‘hazard
analysis’’ to identify hazards, while food
defense uses the term ‘‘vulnerability
assessment’’ to identify significant
vulnerabilities. These terms are
completely different because they
represent key disciplinary differences
which require different methodological
considerations related to whether the
adulteration is intentional. A hazard
analysis has very different
considerations than a vulnerability
assessment.
However, we disagree that completely
different terminology is appropriate for
a term that describes the performance of
similar activities for both food safety
and food defense. Monitoring is
conducted to perform a similar function
and in similar ways in both a food
defense and a food safety framework. In
both contexts monitoring is conducted
to assess whether control measures are
operating as intended, and in
accordance with the food safety or food
defense plan. However, constant
monitoring of some preventive controls
is necessary (e.g., time-temperature
monitoring for pasteurization), while
periodic monitoring is likely to be more
appropriate for many mitigation
strategies (e.g., checking the lock on an
access hatch to a liquid storage tank at
the end of the tank cleaning cycle).
Therefore, to recognize that the
management components for food safety
and food defense perform similar
activities, but also include some
differences, we are changing the term to
‘‘food defense monitoring’’ to make
clear that the expectations for
compliance are different. In additional
recognition that the management
components for food safety and food
defense perform similar activities, we
are finalizing the definition of food
defense monitoring to mean to conduct
a planned sequence of observations or
measurements to assess whether
mitigation strategies are operating as
intended. This definition is similar to
the definition of monitoring in the
PCHF final rule.
As we have concluded that, in some
instances, similar terminology is
appropriate for activities that are
conducted to perform similar functions
for food safety and food defense,
incorporation of elements from
definitions of internationally recognized
standards (e.g., Codex) is appropriate for
this rule. A ‘‘planned sequence’’ is
included in the definition because it is
important to thoughtfully and
systematically assess whether mitigation
E:\FR\FM\27MYR4.SGM
27MYR4
34188
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
strategies are operating as intended, and
the inclusion of ‘‘a planned sequence’’
in the definition conveys this
importance. For example, a facility may
establish and implement written
monitoring procedures to include a
planned sequence of observations to
monitor a lock on an access hatch to
occur at the end of every silo cleaning
cycle, when there is potential to add a
contaminant because the access hatch
can be opened without the contents of
the silo spilling out. Without planning
the sequence of observations of this
mitigation strategy, monitoring the
strategy may occur in the middle of the
cleaning cycle when the access hatch
must be open to complete the cleaning
process, and would therefore not be able
to assess if the mitigation strategy was
functioning as intended (i.e., properly
locking the access hatch at the end of
the cleaning cycle). Additionally, we
include the term ‘‘measurements’’ not
only to align more so with definitions
from international standards, but also to
reflect a facility’s flexibility to choose
the most appropriate mitigation strategy
and how to monitor that strategy. In
many cases, a facility will observe that
a mitigation strategy is functioning as
intended; however, there are some cases
where a facility may measure whether a
strategy is functioning as intended. For
example, a facility may choose to
implement a mitigation strategy that is
a thermal-kill step. It would then be
necessary for the facility to take
measurements of the time and
temperature to ensure the thermal-kill
step is functioning as intended.
Additionally, we have deleted
‘‘consistently applied’’ in the proposed
definition and added ‘‘operating as
intended’’ as this more closely aligns
with the ISO 22000:2005 and with a
similar change made in the PCHF final
rule. Finally, we have removed ‘‘and to
produce an accurate record for use in
verification’’ from the proposed
definition because the requirement for
documenting monitoring records is
established by the requirement for
monitoring, and not by the definition of
monitor. As discussed in Response 89,
we have made several revisions to the
regulatory text, with associated editorial
changes, to clarify that monitoring
records may not always be necessary.
mstockstill on DSK3G9T082PROD with RULES4
7. Significant Vulnerability
We proposed to define the term
‘‘significant vulnerability’’ to mean a
vulnerability for which a prudent
person knowledgeable about food
defense would employ food defense
measures because of the potential for
serious adverse health consequences or
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
death and the degree of accessibility to
that point in the food process.
Although we did not receive
comments on the proposed definition
for significant vulnerability, we have
revised the definition to improve
understanding of the regulatory
requirements in § 121.130 (Vulnerability
assessment to identify significant
vulnerabilities and actionable process
steps). In this final rule, significant
vulnerability is defined to mean a
vulnerability that, if exploited, could
reasonably be expected to cause wide
scale public health harm. A significant
vulnerability is identified by a
vulnerability assessment, conducted by
a qualified individual, that includes
consideration of the following: (1)
Potential public health impact (e.g.,
severity and scale) if a contaminant
were added, (2) degree of physical
access to the product, and (3) ability of
an attacker to successfully contaminate
the product. The assessment must
consider the possibility of an inside
attacker. For further discussion of the
related changes made to the requirement
in § 121.130 for a vulnerability
assessment to identify significant
vulnerabilities and actionable process
steps, see section V.B.
8. Significantly Minimize
We proposed to define the term
‘‘significantly minimize’’ to mean to
reduce to an acceptable level, including
to eliminate.
We did not receive comments on the
proposed definition for significantly
minimize and we are finalizing the
definition as proposed.
9. Small Business
We proposed to define the term
‘‘small business’’ to mean a business
employing fewer than 500 persons. We
proposed to establish the same
definition for small businesses as that
which has been established by the U.S.
Small Business Administration under
13 CFR part 121 for most food
manufacturers. We did not receive any
comments on this definition. We are
finalizing the definition as proposed,
with several changes for clarity. We are
using the term ‘‘500 full-time equivalent
employees’’ rather than ‘‘500 persons.’’
In addition, we are adding a definition
of ‘‘full-time equivalent employee’’ to
the definition section (§ 121.3). We have
made these changes because we will
base the calculation on ‘‘full-time
equivalent employees’’ and use the
same approach to calculating full-time
equivalent employees for the purpose of
this rule as we used to calculate fulltime equivalent employees in the
section 414 recordkeeping regulations
PO 00000
Frm 00024
Fmt 4701
Sfmt 4700
(see § 1.328). Under this approach, the
number of full-time equivalent
employees is determined by dividing
the total number of hours of salary or
wages paid directly to employees of the
business entity claiming the exemption
and of all of its affiliates and
subsidiaries by the number of hours of
work in 1 year, 2,080 hours (i.e., 40
hours × 52 weeks).
In addition, we are adding ‘‘including
any subsidiaries and affiliates’’ to the
definition to provide clarity on how to
calculate ‘‘500 full-time equivalent
employees’’ for purposes of this rule.
10. Verification
We proposed to define the term
‘‘verification’’ to mean those activities,
other than monitoring, that establish
that the system is operating according to
the food defense plan.
(Comment 46) One comment suggests
‘‘verification’’ be defined as ‘‘the
application of methods, procedures,
tests and other evaluations, in addition
to monitoring, to determine whether a
focused mitigation strategy is or has
been operating as intended.’’
(Response 46) We have revised the
definition of food defense verification to
more closely align with the Codex
definition of verification. The term is
now defined as the application of
methods, procedures, and other
evaluations, in addition to food defense
monitoring, to determine whether a
mitigation strategy or combination of
mitigation strategies is or has been
operating as intended according to the
food defense plan. ‘‘Methods,
procedures, and other evaluations’’
better describes the scope of verification
than ‘‘activities’’ used in the proposal.
Although the Codex definition includes
‘‘test’’ as a form of verification, we have
not included it because the rule does
not require verification testing. We
believe changing ‘‘that establish the
system is operating’’ to ‘‘to determine
whether a mitigation strategy is or has
been operating’’ more accurately
describes the purpose of food defense
verification. We have added ‘‘a
combination of mitigation strategies’’ to
recognize that facilities may use more
than one mitigation strategy to
significantly minimize or prevent a
significant vulnerability. The definition
proposed by the comment limits
verification to mitigation strategies; it
does not require verification of the food
defense plan. Verification of the food
defense plan reflects the fact that
verification is broader than just
mitigation strategies; it includes, for
example, verification of food defense
monitoring and corrective actions.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
(Comment 47) Some comments
suggest using the term ‘‘evaluation’’
instead of verification. These comments
suggest that evaluation be defined as
‘‘those activities, in addition to
checking, that establish that the facility
is implementing a food defense plan.’’
(Response 47) We deny this request.
As discussed in response to Comment
46, we have revised the definition of
food defense verification to include
‘‘evaluation’’ because evaluation is an
appropriate verification activity.
However, we disagree that completely
different terminology (in this case,
‘‘evaluation’’ rather than ‘‘verification’’)
is appropriate for a term that describes
the performance of similar activities for
both food safety and food defense (see
Responses 45 and 46). Verification is
conducted to perform a similar function
and in similar ways in both a food
defense and a food safety framework. In
both frameworks verification is
conducted to determine whether control
measures are operating as intended
according to the food safety or food
defense plan, and these verification
activities are in addition to monitoring.
At the same time, by using the term
‘‘food defense verification,’’ we make
clear that verification as required by this
rule is not identical to verification
required in the preventive controls
context.
11. Very Small Business
We proposed to define the term ‘‘very
small business’’ to mean a business that
has less than $10,000,000 in total
annual sales for food, adjusted for
inflation. In the preamble of the
proposed rule we explained our
rationale for defining ‘‘very small
businesses’’ at the $10,000,000
threshold because the purpose of this
rule is to protect the food supply against
individuals or organizations with the
intent to cause wide scale public health
harm. We tentatively conclude these
individuals or groups would likely
target the product of relatively large
facilities, especially firms whose brand
is nationally or internationally
recognizable. Some comments agree
with our proposed definition while
others disagree. Among the comments
that disagree with the definition, some
state that the $10,000,000 amount is too
high or too low, and several comments
suggest alternatives to using dollar
amount as the threshold. We further
discuss these comments and our
response to them in this document.
Some comments submitted to the
PCHF proposed rule request that we
specify that the monetary threshold for
the definition be based on average sales
during a 3-year period on a rolling basis
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
because otherwise firms may be subject
to significant changes in status from
year to year. Those comments also ask
us to clarify that the sales are to be
evaluated retrospectively, not
prospectively. Although we did not
receive similar comments to this rule, in
an effort to be consistent with the PCHF
final rule, we have revised the
definition of very small business to
specify that it is based on average sales
during the 3-year period preceding the
applicable calendar year. The applicable
calendar year is the year after the 3
calendar years used to determine
whether a facility is a very small
business.
We also revised the definition to
include the market value of human food
manufactured, processed, packed, or
held without sale (e.g., held for a fee).
When there are no sales of human food,
market value of the human food
manufactured, processed, packed, or
held without sale is a reasonable
approach to calculating the dollar
threshold for a very small business.
(Comment 48) One comment requests
that FDA change the definition of ‘‘very
small business’’ to only apply to
$10,000,000 in annual sales of food that
is covered under the rule, and not to
total annual food sales. The comment
asserts that basing the threshold on the
sale of food covered by the intentional
adulteration rule, rather than all food,
would be necessary to be consistent
with the fact that covered produce is
regulated under the produce rule.
Specifically, the comment requests that
we exclude the sale of animal foods
from the calculation of annual food
sales because this rule exempts the
manufacturing, processing, packing, or
holding of animal foods. The comment
further argues that this approach is
consistent with the statutory mandate
that FDA regulations be flexible in scale
and supply chain appropriate and
provide special considerations for small
and very small businesses.
(Response 48) We have revised the
definition of very small businesses to
include only the sale of human food
plus the market value of human food
manufactured, processed, packed, or
held without sale (e.g., held for a fee).
Under this revised definition, firms that
process both human and animal foods
will not be required to include sale of
animal food in their calculation to
determine whether they fall under the
$10,000,000 threshold.
(Comment 49) Several comments
expressed confusion with the varying
business size thresholds across the
seven FSMA rules and stated that it will
be a significant challenge for the food
industry to interpret and decide which
PO 00000
Frm 00025
Fmt 4701
Sfmt 4700
34189
rules under FSMA they are required to
comply with if the definitions of the
size of business are not consistent
throughout all FSMA rules. Some
comments encourage us to establish a
tiered system that clearly outlines
coverage under all FSMA rules by
business size, while others request that
we provide clear guidance to assist
firms, especially small and very small
businesses, to identify which of the
seven FSMA rules are applicable to
them.
(Response 49) We recognize that the
varying business size thresholds across
the FSMA rules may be cause for
confusion. However, each of the rules
differs in scope and intent, which
compels us to establish requirements
and exemptions that are specific to and
appropriate for each rule. To help small
and very small businesses comply with
each rule, we plan to issue Small Entity
Compliance Guides.
(Comment 50) One comment objected
to exempting any facilities from the
rule, arguing that this would give
terrorists a ‘‘road map’’ to those
facilities not covered and make them
targets for intentional adulteration. The
comment recommends that FDA remove
the exemptions for very small
businesses and qualified facilities
completely.
(Response 50) We disagree with this
comment. Section 418(l)(2) of the FD&C
Act specifies that qualified facilities,
which include very small businesses,
are not subject to the requirements in
sections 418(a) through (i) and (n). We
note that section 418(l)(2) requires
qualified facilities to submit one of two
types of documentation to the Secretary.
The PCHF and PCAF rules have
requirements reflecting this provision
but this rule does not. Section
418(l)(2)(B)(i)(I) requires documentation
that demonstrates that the facility has
identified potential hazards and is
implementing and monitoring the
preventive controls. We have concluded
that very small businesses are at
reduced risk and therefore do not have
significant vulnerabilities that require
mitigation strategies. Therefore, there is
nothing for very small businesses to
document under this option. In contrast,
a human or animal food facility is not
at lesser risk of a food safety problem
solely because it is relatively small.
Section 418(l)(i)(II) is similarly
inapplicable for several reasons. That
section requires documentation that a
facility is in compliance with State,
local, county, or other applicable nonFederal food safety law. First, food
safety is traditionally viewed as separate
from food defense. Second, no States
currently require food defense
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34190
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
measures, and States are unlikely to
impose measures different from those in
this rule. Therefore, compliance with
‘‘food safety law’’ as described in the
provision would be irrelevant. In
contrast, all States have food safety
laws. Further, regulations issued under
section 420 of the FD&C Act are to apply
to food for which there is a high risk of
intentional contamination (section
420(c)). Individuals or groups intending
to cause wide scale public health harm
are more likely to target the product of
relatively large facilities, especially for
facilities whose brands are nationally or
internationally recognizable, than to
target very small businesses. Covering
all facilities would be inconsistent with
the statutory requirement to limit
coverage to foods at high risk. The
$10,000,000 threshold for very small
businesses still covers 97–98 percent of
the market share of manufactured
packaged foods (Ref. 14). In addition,
section 420(a)(1)(B) of the FD&C Act
directs FDA to consider the risks, costs,
and benefits associated with protecting
food against intentional adulteration.
Imposing the full requirements of the
rule on all facilities, regardless of size,
would almost triple the current cost of
the rule while only covering an
additional 2–3 percent of the market
share of manufactured foods.
(Comment 51) One comment
recommends we apply the lower dollar
amount used to define ‘‘very small
businesses’’ in the PCHF proposed rule.
Another comment recommends that the
threshold be lowered to $3,000,000
because smaller companies are less
likely to implement food defense
measures unless mandated.
(Response 51) The higher threshold
for very small businesses in this rule as
compared to the PCHF rule reflects the
difference in the nature of risk of
intentional adulteration as compared to
unintentional adulteration (i.e.,
traditional food safety). This rule
protects food against intentional
adulteration caused by individuals or
organizations whose goal is to maximize
public health harm. An attacker would
more likely target the product of
relatively large facilities, especially
firms whose brand is nationally or
internationally recognizable. An attack
on such a target would potentially
provide the desired wide scale public
health consequences and the significant
public attention that would accompany
an attack on a recognizable brand. Such
facilities are likely to have larger batch
sizes, potentially resulting in greater
human morbidity and mortality.
Further, an attack on a well-recognized,
trusted brand is likely to result in
greater loss of consumer confidence in
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
the food supply and in the government’s
ability to ensure its safety and,
consequently, cause greater economic
disruption than a relatively unknown
brand that is distributed regionally.
(Comment 52) Several comments
argue that the $10,000,000 threshold is
too high, is arbitrary and not risk-based,
and excludes many suppliers and comanufacturers to large food companies.
The comments state that suppliers who
provide ingredients to larger firms
would not be covered under the rule
and therefore would pose a significant
vulnerability to these large, nationally
branded food manufacturers that have
large consumer exposure. They argue
that this high threshold creates a major
hole in the industry that may be
exploited, and they point out that we
identified ‘‘ingredient handling’’ as a
key activity type having significant
vulnerabilities and therefore all
ingredient manufacturers need to be
covered.
(Response 52) The full name of the
key activity type referenced is
‘‘secondary ingredient handling.’’
Secondary ingredient handling refers to
activity occurring in the production
facility where the ingredient is being
added; it does not refer to a facility’s
ingredient supply chain. The potential
for incoming ingredients to be
intentionally adulterated is addressed
by the rule’s applicability to ingredient
suppliers. As with finished food, not all
ingredient suppliers are covered. The
rule focuses on those foods at highest
risk of intentional adulteration; it does
not eliminate all risk.
(Comment 53) Several comments
argue that the $10,000,000 threshold is
too low and recommend that we
increase it to $50,000,000 or
$1,000,000,000 in annual sales. One
comment states that for an intentional
adulteration event to happen, the brand
or food must be one that a terrorist or
a similarly ill-intentioned person is
likely to target, which would encompass
only the largest and most well-known
food brands. The comment goes on to
argue that, ‘‘the top roughly 250 food
brands in the Western world are owned
by only a handful companies having
annual human food revenues from tens
of billions of dollars to over 100 billion
dollars,’’ and therefore, if we are
focusing the rule on those at ‘‘high
risk,’’ as specified under section 420 of
the FD&C Act, then there is little benefit
to be gained by imposing the
requirements of this rule on hundreds of
thousands of companies whose products
are not likely to be targeted. The
comment points out that because we are
‘‘unable to identify any previous act of
intentional adulteration intended to
PO 00000
Frm 00026
Fmt 4701
Sfmt 4700
cause public health harm that was
perpetrated in a setting that would be
covered by this rule (i.e., all such
previous attacks have involved
restaurant or donated food), it would
appear that the risk of any such attack
occurring is overall quite low, and that
only the most attractive targets can
conceivably be considered ‘‘high’’ risk.’’
(Response 53) We decline this
request. Although we agree that those
intending to cause wide scale public
health harm would more likely target
the larger well known food brands, we
disagree that there is little benefit to be
gained by imposing the requirements of
this rule on companies under a
$50,000,000 or $1,000,000,000
threshold. To identify which facilities to
cover under this rule, we assessed risk
based on both the likelihood of being a
target and the potential impact to public
health. If we were to increase the
threshold for a very small business to
$50,000,000 or $1,000,000,000, a large
number of facilities producing large
quantities of food, including some wellknown brands, would not be covered.
(Comment 54) Several comments state
that using annual sales is not indicative
of risk and offer alternative ways to
define which facilities are covered
under the rule. The comments argue
that annual sales do not determine the
potential consumer exposure as it
relates to preventing wide scale public
health harm because more expensive
products could have higher annual sales
but lower consumer exposure. The
comments point out that a manufacturer
of a premium chocolate bar would sell
fewer chocolate bars than a commodity
chocolate manufacturer with sales of the
same dollar amount. Some comments
suggest alternatives to using annual
sales, including units of a product sold
(e.g., 100,000 retail units), number of
servings, volume manufactured, and
distribution patterns of the product.
Other comments recommend using the
shelf life of products or the shelf
stableness of product as alternatives.
(Response 54) We use sales and the
market value of food manufactured,
processed, packed, or held without sale
as a proxy for volume. We are aware
that dollar amounts can be skewed by
product values and, thus, sales are an
imperfect proxy for volume. However,
we are not aware of a more practical
way to identify a threshold based on
volume or amount of product that could
be applied across all product sectors,
and the comments provide no
suggestions for how their
recommendations could be carried out.
Shelf life and shelf stability are not
necessarily good indicators of the speed
at which a particular product moves
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
through the distribution system because
many products are sold and consumed
months, and even years, before their
shelf life expires. The risk of a product
for intentional adulteration does not
increase based solely on a short shelf
life. Similarly, a product that has a
longer shelf life is not necessarily at
lower risk for intentional adulteration; it
could be an attractive target based on
the potential to cause wide scale public
health harm.
(Comment 55) One comment suggests
that we base the very small business
definition on the number of full-time
employees, similar to how we define
‘‘small business.’’ The comment
recommends that we define ‘‘very small
business’’ at 50 full-time employees.
(Response 55) We deny this request.
The purpose of the definition of ‘‘very
small business’’ is to exempt the
smallest businesses from the
requirements of the rule because they
are less likely to be targeted by
individuals or organizations intending
to cause wide scale public health harm.
The consideration of sales is consistent
with the other option for being a
qualified facility under section 418 of
the FD&C Act, which also considers
sales (section 418(l)(1)(C)). (As
discussed in IV.E.1 of this rule, we have
removed the term ‘‘qualified facility’’
from the exemption provided in
§ 121.5(a) for simplicity because any
facility that would be a ‘‘qualified
facility’’ as proposed in § 121.5(a) will
also meet the definition for a ‘‘very
small business.’’)
In contrast, section 418(l) of the FD&C
Act does not specify any particular
criterion (whether sales or number of
employees) for the definition of ‘‘small
business,’’ other than directing us to
consider the results of the Food
Processing Sector Study. Basing the
definition of ‘‘small business’’ on the
number of employees is consistent with
our approach to defining ‘‘small
business’’ in many other regulations
(see, e.g., the PCHF final rule, Produce
final rule, HACCP regulation for juice
(§ 120.1(b)(1)), the section 414
recordkeeping regulations (69 FR 71562,
December 9, 2004), and our CGMP
regulation for manufacturing, packaging,
labeling, or holding operations for
dietary supplements (72 FR 34752, June
25, 2007)).
(Comment 56) Some comments
request that we change the definition of
‘‘very small business’’ to only include
the total annual sales of food in the
United States, adjusted for inflation, for
foreign facilities that export food to the
United States.
(Response 56) A foreign business that
sells more than the threshold dollar
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
34191
amount of food has more resources than
the businesses being excluded, even if
less than that threshold dollar amount
reflects sales to the United States.
Likewise, a domestic business that sells
more than the threshold dollar amount
of food has more resources than the
businesses being excluded, even if that
domestic business exports some of its
food and, as a result, less than that
threshold dollar amount reflects sales
within the United States. Further, this is
consistent with the PCHF final rule.
year, 2,080 hours (i.e., 40 hours × 52
weeks). If the result is not a whole
number, round down to the next lowest
whole number. Because the calculation
for the number of employees affects the
small business definition and extended
compliance dates, we are establishing
the definition of ‘‘full-time equivalent
employees’’ in the definitions for this
rule and modifying the definition of
‘‘small business’’ to use the term ‘‘500
full-time equivalent employees’’ rather
than ‘‘500 persons.’’
12. Vulnerability
We proposed to define the term
‘‘vulnerability’’ to mean the
susceptibility of a point, step, or
procedure in a facility’s food process to
intentional adulteration.
We did not receive comments on the
proposed definition of vulnerability and
we are finalizing the definition as
proposed.
4. Qualified Individual
In this final rule, we have defined the
term ‘‘qualified individual’’ to mean a
person who has the education, training,
or experience (or a combination thereof)
necessary to perform an activity
required under subpart C, as appropriate
to the individual’s assigned duties. A
qualified individual may be, but is not
required to be, an employee of the
establishment. See section V.H. for a
detailed discussion of the new
requirements in § 121.4—Qualifications
of Individuals Who Perform Activities
Under Subpart C.
C. Additional Definitions To Clarify
Terms Not Defined in the Proposed Rule
1. Adequate
We have defined the term ‘‘adequate’’
to mean that which is needed to
accomplish the intended purpose in
keeping with good public health
practices. See section V.E for a detailed
discussion of the changes to the
requirement for food defense monitoring
in § 121.140, including the requirement
to monitor the mitigation strategies with
‘‘adequate’’ frequency to provide
assurances that they are consistently
performed.
2. Affiliate and Subsidiary
We have defined the term ‘‘affiliate’’
to mean any facility that controls, is
controlled by, or is under common
control with another facility. We have
defined the term ‘‘subsidiary’’ to mean
any company which is owned or
controlled directly or indirectly by
another company. These definitions
incorporate the definitions in sections
418(l)(4)(A) and (D) of the FD&C Act
and would make the meanings of these
terms clear when used in the definition
of ‘‘very small business.’’
3. Full-Time Equivalent Employee
We have established a definition for
‘‘full-time equivalent employee’’ as a
term used to represent the number of
employees of a business entity for the
purpose of determining whether the
business qualifies as a small business.
The number of full-time equivalent
employees is determined by dividing
the total number of hours of salary or
wages paid directly to employees of the
business entity and of all of its affiliates
by the number of hours of work in 1
PO 00000
Frm 00027
Fmt 4701
Sfmt 4700
5. You
In this final rule, we have defined the
term ‘‘you’’ for purposes of this part, to
mean the owner, operator, or agent in
charge of a facility. We have made
conforming changes throughout the
regulatory text to replace ‘‘owner,
operator, or agent in charge’’ with ‘‘you’’
for simplicity and consistency with the
PCHF and PCAF regulations.
D. Comments Asking FDA To Establish
Additional Definitions or Otherwise
Clarify Terms Not Defined in the Rule
1. Correction
(Comment 57) Some comments that
request the addition of corrections to the
requirement related to corrective actions
request we define ‘‘correction’’ to mean
the action to eliminate a nonconformity.
(Response 57) We decline this
request. Because we are not providing
for corrections and the term
‘‘corrections’’ is not in the regulatory
text, there is no need to define the term.
2. Defensive Controls or Defensive
Control Point
(Comment 58) One comment requests
that FDA consider adoption of food
defense terminology that is
complementary to food safety
terminology used in the PCHF final rule,
such as ‘‘defensive controls’’ or
‘‘defense control point.’’
(Response 58) We decline the request
to adopt the specific terms of ‘‘defense
controls’’ or ‘‘defense control point.’’
E:\FR\FM\27MYR4.SGM
27MYR4
34192
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
Although the comment did not further
explain what terms ‘‘defense controls’’
or ‘‘defense control point’’ would
replace, we believe ‘‘actionable process
steps’’ and ‘‘mitigation strategies’’
appropriately differentiate these terms,
related to intentional adulteration, from
analogous food safety terms used in the
PCHF final rule.
3. Reasonably Foreseeable
(Comment 59) Some comments state
FDA should clearly define what
constitutes a ‘‘reasonably foreseeable’’
threat as it relates to the risk of
intentional adulteration.
(Response 59) We decline this
request. The term ‘‘reasonably
foreseeable’’ is not used in the
regulatory text of this rule.
4. Supply Chain
(Comment 60) One comment requests
that FDA define ‘‘supply chain’’ as it
relates to food and provides a
recommended definition to be included
in the rule.
(Response 60) We decline this
request. The term ‘‘supply chain’’ is not
used in the regulatory text of this rule.
mstockstill on DSK3G9T082PROD with RULES4
5. Validation
(Comment 61) One comment suggests
we define ‘‘validation’’ as obtaining
evidence that a control measure or
combination of control measures, if
properly implemented, is capable of
controlling the hazard to a specified
outcome.
(Response 61) We decline this
request. The term ‘‘validation’’ is not
used in the regulatory text of this rule.
6. Miscellaneous
(Comment 62) One comment requests
that FDA define certain terms or phrases
that are used in some definitions and
that the comment suggests will have a
wide range of interpretations. The
comment cites ‘‘acceptable level’’ (used
in the definitions of ‘‘actionable process
step’’ and ‘‘significantly minimize’’),
‘‘reasonably appropriate measures’’ and
‘‘person knowledgeable about food
defense’’ (both used in the definition of
‘‘focused mitigation strategies’’), and
‘‘prudent person knowledgeable about
food defense’’ (used in the definition of
‘‘significant vulnerability’’).
(Response 62) The terms ‘‘acceptable
level’’ and ‘‘reasonably appropriate
measures’’ are meant to be flexible
standards. We do not need to define
every term used in the definitions. By
specifying that a point, step, or
procedure in a food process at which
food defense measures can be applied
and are essential to prevent or eliminate
a significant vulnerability or reduce
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
such vulnerability to an acceptable
level, the definition for actionable
process step provides flexibility for a
facility to determine what that level
would be in a particular circumstance.
We now use ‘‘person knowledgeable
about food defense’’ without reference
to ‘‘prudent’’ in the definitions of
‘‘significant vulnerability’’ and
‘‘mitigation strategies.’’ A person
knowledgeable about food defense
would meet the requirements of being a
Qualified Individual (§ 121.4).
E. Proposed § 121.5—Exemptions
We proposed to establish a series of
exemptions from the intentional
adulteration requirements. We also
sought comments on whether we should
exempt on-farm manufacturing,
processing, packing, or holding of the
food identified as having low-risk
production practices identified in
Appendix 4 to the Draft Risk
Assessment (further discussed in
section I.C). We discuss these in the
following sections.
1. Proposed § 121.5(a)—Exemption
Applicable to a Qualified Facility
We proposed to exempt a qualified
facility, except that qualified facilities
must, upon request, provide for official
review documentation that was relied
upon to demonstrate that the facility
meets this exemption. We also proposed
that such documentation must be
retained for 2 years. We proposed to
define qualified facility, in part, as a
facility that is (1) a very small business;
or (2) a facility to which certain
circumstances must apply.
We have removed the exemption
applicable to a qualified facility and
replaced it with a very small business
exemption. Revised § 121.5(a) provides
that this part does not apply to a very
small business, except that a very small
business must, upon request, provide
for official review documentation
sufficient to show that the facility meets
the exemption and that such
documentation must be retained for 2
years. We have removed the term
‘‘qualified facility’’ from the exemption
provided in § 121.5(a) to simplify the
provision and provide clarity as to the
applicability of the exemption. For
purposes of this rule, any facility that
would be a ‘‘qualified facility’’ as
proposed in § 121.5(a) will also meet the
definition for a ‘‘very small business.’’
Further, section 418(l)(3) of the FD&C
Act, which provides for withdrawal of
an exemption from a ‘‘qualified
facility,’’ is not relevant because we are
also issuing these requirements under
section 420 of the FD&C Act.
PO 00000
Frm 00028
Fmt 4701
Sfmt 4700
2. Proposed § 121.5(b)—Exemption
Applicable to Holding of Food
We proposed to exempt holding of
food, except the holding of food in
liquid storage tanks. We received one
comment that disagrees with the
holding exemption, and have addressed
the comment in Response 34. After
considering this comment, we are
finalizing the exemption as proposed.
3. Proposed § 121.5(c)—Exemption
Applicable To Packing, Re-Packing,
Labeling, or Re-Labeling of Food Where
the Container That Directly Contacts the
Food Remains Intact
We proposed to exempt packing, repacking, labeling, or re-labeling of food
where the container that directly
contacts the food remains intact. We did
not receive comments on the proposed
exemption and we are finalizing the
exemption as proposed.
4. Proposed § 121.5(d)—Exemption
Applicable to Activities of a Facility
That Are Subject to Section 419 of the
FD&C Act
We proposed to exempt activities of a
facility that are subject to section 419 of
the FD&C Act (Standards for Produce
Safety). We did not receive comments
on the proposed exemption and we are
finalizing the exemption as proposed.
5. Proposed § 121.5(e)—Exemption With
Respect to Alcoholic Beverages
Section 116 of FSMA (21 U.S.C. 2206)
(Alcohol-Related Facilities) provides a
rule of construction for certain facilities
engaged in the manufacturing,
processing, packing, or holding of
alcoholic beverages and other food. In
the proposed rule, we discussed our
interpretation of section 116 of FSMA
and requested comment on our
interpretation. Based on our
interpretation, we proposed that part
121 would not apply with respect to
alcoholic beverages at facilities meeting
two specified conditions (78 FR 78014
at 78037). We also proposed that part
121 would not apply with respect to
food other than alcoholic beverages at
facilities described in the exemption,
provided such food is in prepackaged
form that prevents direct human contact
with the food and constitutes not more
than 5 percent of the overall sales of the
facility. No comments disagreed with
the exemption of alcoholic beverages,
but some comments requested changes
or clarifications to the proposed
activities covered in the exemption.
After reviewing the comments, we are
finalizing this exemption as proposed.
(Comment 63) Two comments
supported the exemption for alcoholic
beverages and FDA’s interpretation of
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
section 116 of FSMA, but one comment
requests changing the language from just
‘‘alcoholic beverages’’ to
‘‘manufacturing, processing, packing
and holding of alcoholic beverages,’’
stating that in reducing the words FDA
may unintentionally limit the scope of
the exemption to facilities holding
finished beverage alcohol products.
(Response 63) We agree with the
comments that support the exemption
as written. We do not believe it is
necessary to list the activities in the
codified as requested by one comment.
Under section 415 of the FD&C Act a
facility is required to register as a
facility because it is engaged in
manufacturing, processing, packing, or
holding of one or more alcoholic
beverages. Therefore, the language
stating ‘‘alcoholic beverages at a
facility’’ encompasses facilities engaged
in the activities listed previously and
the regulatory text in § 121.5(e) clearly
covers the intended exemption for the
‘‘manufacturing, processing, packing
and holding of alcoholic beverages.’’
(Comment 64) One comment supports
the exemption for alcoholic beverages
but requests that we further exempt craft
breweries from drying and packaging
requirements for disposal of spent
grains as cattle feed to small farmers.
(Response 64) The exemption
established under the rule of
construction in section 116 of FSMA
applies to alcoholic beverages, not to
any other food (see section 116(c) of
FSMA (21 U.S.C. 2206(c)). The byproducts described in this comment
appear to be products that would be
used in food for animals rather than in
human food, and we exempt these foods
in section § 121.5(f). Since this rule
exempts both alcoholic beverages at a
facility, provided certain conditions are
met, and food for animals, we believe
this comment misunderstands the
exemptions.
6. Proposed § 121.5(f)—Exemption
Applicable To Manufacturing,
Processing, Packing, or Holding of Food
for Animals Other Than Man
We proposed to exempt
manufacturing, processing, packing, or
holding of food for animals other than
man. Section 418(m) of the FD&C Act
authorizes FDA to exempt or modify the
requirements for compliance with
section 418 with regard to facilities that
engage solely in the production of
animal food. Further, section 420(c) of
the FD&C Act requires that regulations
that FDA issues under that section
apply only to food for which there is a
high risk of intentional contamination.
FDA tentatively concluded in the
proposed rule that animal food is not at
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
a high risk for intentional contamination
because our analysis shows that
adulteration of animal food has minimal
potential for human morbidity and
mortality which would lead to wide
scale public health harm. In considering
whether to provide an exemption
related to animal food, we evaluated
three types of possible attack scenarios:
(1) Incorporation of a contaminant into
feed to be used for muscle meatproducing animals; (2) incorporation of
a contaminant into feed to be used for
egg-producing or milk producing
animals; and (3) incorporation of a
contaminant into pet food. With regard
to the two former scenarios, we did not
identify any contaminants that could be
incorporated into feed at levels that
would lead to human morbidity or
mortality among consumers that
subsequently eat the meat, eggs or milk
without first showing noticeable clinical
signs and/or mortality in the animals.
While some contaminants can increase
the risk of chronic disease, such as
cancer, among consumers, such an
outcome is not consistent with our
understanding of the goals of terrorist
organizations, which include a more
immediate impact. Regarding the third
attack scenario, adulterants could be
incorporated into feed or pet food that
result in significant animal morbidity
and mortality as well as lead to
secondary infections of humans through
cross contamination, but this type of
intentional adulteration of animal food
poses a lower risk because secondary
human illness or death is not the
primary goal of an attacker with the
intent to cause wide scale public health
harm. As such, the proposed rule would
not apply to the manufacturing,
processing, packing, or holding of food
for animals other than man. We
requested comment on our tentative
conclusions. Some comments agreed
with our conclusions and support the
exemption as proposed. One comment
supported the exemption but requested
a clarification of exempted activities.
Some comments disagreed with our
conclusions and assert that animal food
is at high risk for intentional
adulteration because it has been
intentionally contaminated in the past.
Some comments state that FDA should
protect against intentional adulteration
that leads to serious health
consequences or death to humans or
animals. After reviewing the comments,
we are finalizing the exemption as
proposed.
(Comment 65) Some comments
support our tentative conclusions and
agree that animal food would not be at
high risk for intentional contamination
PO 00000
Frm 00029
Fmt 4701
Sfmt 4700
34193
and lacks a significant potential for
human morbidity and mortality. One
comment supports the exemption but
requests clarification that the exemption
of animal feed includes the byproduct of
manufactured human food regardless of
the small business exemption.
(Response 65) We conclude that
animal food, regardless of whether it is
produced at a facility solely engaged in
the production of animal food or at a
facility engaged in the production of
both animal and human food, does not
involve significant vulnerabilities that
require mitigation strategies under
section 418 of the FD&C Act, and is not
high risk under section 420 of the FD&C
Act. Therefore, we are not requiring a
vulnerability assessment to determine
that there are no actionable process
steps present and no mitigation
strategies needed. Regarding the
requested clarification, the exemption
applies to animal food regardless of
whether a facility is part of a small
business.
(Comment 66) Some comments
disagree with our conclusion that
animal feed would not be at high risk
for intentional contamination for several
reasons. Some comments cite the 2007
incident of melamine in animal food
that sickened and killed many animals
as an example of previous intentional
contamination suggesting that animal
food is at high risk for intentional
contamination. Some comments state
that in section 420(c) of the FD&C Act
the intent of Congress was for
regulations to be issued that addressed
hazards that would cause ‘‘serious
health consequences or death to humans
or animals.’’ One comment asserts that
pet food and human food supply chains
are interconnected, and therefore should
be covered by this rule. One comment
believes that animal food comes into our
homes as pet food therefore can harm
families via cross-contamination. One
comment asserts that the risk of Foot
and Mouth Disease has been the focus
of many exercises and discussions with
respect to intentional adulteration and
asserts that terrorists have attacked
livestock in the past.
(Response 66) We disagree with these
comments and continue to believe that
animal food is not at high risk for
intentional adulteration within the
context of this rule. While we agree that
some animal feed could be intentionally
contaminated, our analysis shows only
minimal potential for human morbidity
and mortality as a result of an attack
during, or associated with, animal food
production. We analyzed both human
and animal food using CARVER+Shock
methodology. For human food, our
analyses show the potential for
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34194
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
significant human morbidity and
mortality should intentional
adulteration occur at certain points in a
food operation. In contrast, for animal
food, our analysis shows only minimal
potential for human morbidity or
mortality as a result of attacks at points
in an animal food operation.
Significantly, our CARVER+Shock
vulnerability assessments of animal
food have had to focus entirely on
economic consequences because of the
lack of potential for human morbidity
and mortality. As stated in the preamble
to the proposed rule (78 FR 78014 at
78037), in considering whether to
provide an exemption related to animal
food, we evaluated three types of
possible attack scenarios: (1)
Incorporation of a contaminant into feed
to be used for muscle meat-producing
animals; (2) incorporation of a
contaminant into feed to be used for
egg-producing or milk producing
animals; and (3) incorporation of a
contaminant into pet food. With regard
to the two former scenarios, we are not
aware of contaminants that could be
incorporated into feed at levels that
would not produce noticeable clinical
signs and/or mortality in animals but
would result in significant human
morbidity or mortality among
consumers that subsequently eat the
meat, eggs or milk. While such
contaminants can increase the long-term
risk of chronic disease, such as cancer,
among consumers, such an outcome is
not consistent with our understanding
of the more-immediate goals of
individuals or groups intending to cause
wide scale public health harm.
Regarding the third attack scenario,
incorporation of a contaminant into pet
food, we are aware of contaminants that
could be incorporated into feed or pet
food that could result in significant
animal (including pet) morbidity and
mortality, including some which could
result in secondary infectious spread of
disease (because some infectious agents
can be transmitted orally as well as
through aerosol). Such attacks could be
significant from an economic and
societal standpoint. However, the risk
that they pose with regard to targeting
by individuals or groups intending to
cause wide scale public health harm
appears to be significantly lower than
those involving human morbidity and
mortality.
Foot and mouth disease, mentioned in
one comment, can lead to animal death
and economic consequences, but does
not affect human morbidity or mortality.
Because foot and mouth disease would
not cause wide scale public health
harm, it does not change our conclusion
that animal food is a less attractive
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
target than human food, when the intent
of the adulteration is to cause wide scale
public health harm for humans. The
event in 2007 involving contamination
of wheat flour and wheat gluten with
melamine that resulted in pet illnesses
and deaths did not affect human health
and was motivated by economic gain.
That form of intentional adulteration
(i.e., economically motivated
adulteration) is addressed by the PCHF
and PCAF final rules.
7. Exemption for Low-Risk Activities at
Farm Mixed-Type Facilities
As discussed in section I.D, we issued
for public comment an ‘‘Appendix to
Draft Qualitative Risk Assessment of
Risk of Activity/Food Combinations for
Activities (Outside the Farm Definition)
Conducted in a Facility Co-Located on
a Farm’’ (the draft RA Appendix) (78 FR
78064, December 24, 2013). The draft
RA Appendix was conducted to provide
a science-based risk analysis to
determine which foods’ production
processes would be considered low risk
with respect to the risk of intentional
adulteration. Based on the tentative
conclusions of the draft RA Appendix,
we asked for comment in the proposed
rule on possible exemptions or modified
requirements for this final rule. In the
draft RA Appendix we tentatively
concluded that the production processes
for the following finished foods are lowrisk: Eggs (in-shell); fruits and
vegetables other than pods, seeds for
direct consumption, and hesperidia
(fresh, intact); game meats (whole or cut,
not ground or shredded, without
secondary ingredients); peanuts and tree
nuts (raw, in-shell); and sugarcane and
sugar beets (fresh, intact). We sought
comment on whether we should exempt
on-farm manufacturing, processing,
packing, or holding of the foods
identified as having low-risk production
practices when conducted by a small or
very small business if such activities are
the only activities conducted by the
business that are subject to section 418
of the FD&C Act.
(Comment 67) Several comments
agree with the conclusions of the draft
RA Appendix and state we should
provide exemptions in the regulatory
text for those on-farm manufacturing,
processing, packing, or holding
activities identified as having low-risk
production practices when conducted
by a small or very small business if such
activities are the only activities
conducted by the business subject to
section 418 of the FD&C Act.
(Response 67) We agree with these
comments. In addition, we have
conducted a reanalysis of the risk
assessment and have identified some
PO 00000
Frm 00030
Fmt 4701
Sfmt 4700
foods included in the draft RA
Appendix as being out of scope of the
final appendix because of the changes to
the definition of ‘‘farm’’ made by the
PCHF rule, including some foods
determined to have low risk production
practices in the draft appendix.
Finished foods that are produced using
only activities that fall within the farm
definition (e.g., RACs such as fruits and
vegetables, grains, and unpasteurized
milk) are out of scope for the purposes
of this final appendix because this
evaluation focuses on the production
processes used to produce a finished
food and applies only to activities
outside the farm definition performed
by facilities co-located on farms.
Accordingly, we have provided a new
exemption in the regulatory text in
§ 121.5(g) that exempts on-farm
manufacturing, processing, packing, or
holding of eggs (in-shell, other than
RACs, e.g., pasteurized), and game
meats (whole or cut, not ground or
shredded, without secondary
ingredients) when conducted by a small
or very small business if such activities
are the only activities conducted by the
business subject to section 418 of the
FD&C Act. This exemption is also
appropriate under section 420 of the
FD&C Act because such activities are
not high risk under that provision.
The draft RA, considered fruits and
vegetables other than pods, seeds for
direct consumption, and hesperidia, and
determined them to be low risk. Because
these foods are produced using only
activities that fall within the modified
farm definition, these finished foods are
now out of scope of the RA.
Additionally, peanuts, tree nuts (raw, in
shell), sugarcane, and sugar beets were
also considered and determined to be
low risk in the draft RA. These foods
similarly are out of scope of the
evaluation of risk because these foods
are produced using only activities that
fall within the modified farm definition.
The finished foods mentioned in this
paragraph, when produced on farms, are
exempt under § 121.5(d).
V. Subpart C: Comments on Food
Defense Measures
A. Proposed § 121.126—Requirement for
a Food Defense Plan
We proposed that the owner, operator,
or agent in charge of a facility must
prepare, or have prepared, and
implement a written food defense plan
which must include: (1) Written
identification of actionable process
steps; (2) written focused mitigation
strategies; (3) written procedures for
monitoring; (4) written corrective action
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
procedures; and (5) written verification
procedures.
Some comments agree with the
requirements for a food defense plan as
proposed. In general, comments support
the proposed requirement that facilities
develop and maintain food defense
plans to protect food against intentional
adulteration. In the following
paragraphs, we discuss comments that
disagree with, or suggest one or more
changes to, the proposed requirements.
After considering these comments, we
are finalizing the provisions as
proposed, with editorial and conforming
changes as discussed in the other
applicable sections of this document.
(Comment 68) Some comments state
that facilities should be allowed to
develop food defense plans that are
tailored to and best meet the needs and
unique characteristics of the
establishment. Other comments state
that the requirements should be
adequately broad and provide flexibility
so that companies can build on their
plans over time based on emerging
threats and new mitigation strategies.
(Response 68) We agree with these
comments and recognize that there
needs to be flexibility within the
requirements for a facility to develop a
food defense plan that meets its needs
and unique characteristics. In the final
rule we have added flexibility for
management components (see Comment
88, Comment 92, Comment 93, and
Comment 95 for a detailed discussion).
Additionally, we agree that food defense
plans should change over time based on
emerging threats and identification of
new mitigation strategies. The rule
(§ 121.157) requires a reanalysis of the
food defense plan as a whole or to the
applicable portion of the plan when any
of the following circumstances occur: a
significant change made in the activities
conducted at the facility creates a
reasonable potential for a new
vulnerability or a significant increase in
a previously identified vulnerability; a
facility becomes aware of new
information about potential
vulnerabilities; a mitigation strategy, a
combination of mitigation strategies, or
the food defense plan as a whole is not
properly implemented; or whenever
FDA requires reanalysis to respond to
new vulnerabilities, credible threats to
the food supply, or developments in
scientific understanding. See section
V.G.2 for more detailed discussion of
the reanalysis section.
(Comment 69) Some comments state
that many food facilities have already
voluntarily developed and implemented
food defense plans. The comments
express concern that FDA would require
companies to completely overhaul their
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
existing food defense plans that are
already in place and working properly.
These comments argue that existing
food defense plans should be adequate
to meet the requirements of this rule so
long as they were thoughtfully
developed.
(Response 69) We recognize that some
facilities have already voluntarily
developed and implemented food
defense plans. These facilities likely
have a head start on compliance with
this rule. To the extent a food defense
plan satisfies elements of this rule, a
facility has less to do to meet these
requirements. Further, in the final rule
we have specified that existing records
do not need to be duplicated if they
contain all of the required information
and satisfy the requirements of part 121,
subpart D (§ 121.330).
(Comment 70) Some comments
express concern that it is too premature
to require that all foreign facilities
prepare and implement a food defense
plan.
(Response 70) All foreign facilities do
not have to prepare and implement a
food defense plan. For example, foreign
facilities that are not required to register
are not subject to this rule. This
includes a foreign facility, if food from
such a facility undergoes further
manufacturing/processing (including
packaging) by another facility outside
the United States (21 CFR 1.226(a)). In
addition, the rule contains exemptions
applicable to domestic and foreign
facilities (§ 121.5). For example, very
small businesses are only required to
keep records documenting their status.
B. Proposed § 121.130—Identification of
Actionable Process Steps
We proposed to require that the
owner, operator, or agent in charge of a
facility identify any actionable process
steps by either conducting a facilityspecific vulnerability assessment or by
using the four key activity types we
identified. Recognizing that various
methodologies may exist to conduct a
facility-specific vulnerability
assessment, and not wishing to preclude
the benefits of future science in this
area, we did not propose to require a
specific methodology for the facilityspecific vulnerability assessment.
Further, we proposed that regardless of
the method chosen, the identification of
actionable process steps and the
assessment leading to that identification
must be written.
Some comments agree with the
requirements as proposed. In the
following paragraphs, we discuss
comments that suggest one or more
changes to, and/or disagree with the
proposed requirements. After
PO 00000
Frm 00031
Fmt 4701
Sfmt 4700
34195
considering the comments, we have
revised this section as follows: (1)
Removing from the regulatory text the
option to identify actionable process
steps by utilizing the four FDAidentified key activity types, (2) adding
to the regulatory text the factors that
must be considered when conducting a
vulnerability assessment, (3) adding to
the regulatory text a requirement to
explain why each process step was or
was not identified as an actionable
process step, (4) adding to the regulatory
text a requirement that the vulnerability
assessment must consider the
possibility of an inside attacker, and (5)
changing the title of this section to
‘‘Vulnerability Assessment to Identify
Significant Vulnerabilities and
Actionable Process Steps.’’
(Comment 71) Some comments
recommend removing from the
regulatory text the option for facilities to
use the key activity types as a method
for identifying actionable process steps,
and instead, requiring all facilities to
conduct facility-specific vulnerability
assessments. Some comments
recommend continuing to provide the
option to use key activity types but not
specifically providing for it in the
regulatory text. Under this approach,
key activity types would be considered
an ‘‘appropriate method’’ for identifying
actionable process steps with the
specific key activity types identified in
guidance. These comments express
concern that identifying a particular
methodology (i.e., key activity types) in
the codified indicates there is one
‘‘right’’ way to conduct vulnerability
assessments. Furthermore, some
comments express concern that the key
activity types may become the de facto
standard for the regulatory inspection of
actionable process steps, even if
facilities conduct facility-specific
vulnerability assessments. Some
comments express concerns that
including key activity types in the
codified would result in mitigation
strategies being required at key activity
types regardless of the outcome of a
facility-specific vulnerability
assessment.
(Response 71) The key activity types
are based upon the results of over 50
vulnerability assessments which reflect
the activities and associated
vulnerabilities present in a wide array of
manufacturing settings. The
vulnerability assessments included
consideration of the three elements now
required by § 121.130 to be evaluated in
any vulnerability assessment: (1) The
potential public health impact if a
contaminant were added (e.g., severity
and scale); (2) the degree of physical
access to product; and (3) the ability of
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34196
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
an attacker to successfully contaminate
the food. The four identified key activity
types are processes, steps, or procedures
that consistently ranked as the most
vulnerable, regardless of the commodity
being assessed, and reflect significant
vulnerabilities to intentional
adulteration caused by acts intended to
cause wide scale public health harm.
Therefore, using the key activity types is
an appropriate method to conduct a
vulnerability assessment. In addition,
using key activity types has the benefit
of allowing facilities with less technical
expertise in conducting food defense
vulnerability assessments to leverage
their expertise in food processing to
identify actionable process steps.
However, in response to comments,
we are no longer singling out key
activity types in the regulatory text.
Importantly, using key activity types
remains as one appropriate vulnerability
assessment method. We intend to place
the key activity types in guidance,
which will provide us with greater
flexibility to update them in the future,
if necessary. The final rule provides
firms the flexibility to choose a
vulnerability assessment methodology
appropriate to their operations,
provided that methodology includes the
three fundamental elements required by
§ 121.130(a). We expect that some firms
will use key activity types, and some
firms will use other methods.
(Comment 72) Some comments
recommend that vulnerability
assessments should consider the
contribution of existing practices,
procedures, and programs that may
already function to reduce vulnerability.
(Response 72) When conducting
facility-specific vulnerability
assessments, the role of existing
measures (e.g., security practices,
procedures, or programs) should be
determined on a case-by-case basis. In
general, existing measures that are
applied to the process (e.g., locks, area
access controls, peer or supervisory
monitoring) and are not inherent
characteristics of a particular process
step, should be considered after the
vulnerability assessment is completed
and actionable process steps have been
identified, and should not be considered
during the identification of significant
vulnerabilities. For example, when
evaluating the vulnerability of a mixing
tank, a facility would not conclude the
tank does not represent a significant
vulnerability because the mixing tank
lid and sampling ports are routinely
locked. Instead, the vulnerability of the
mixing tank would be evaluated as if the
existing measure (in this case the locks)
were not in place. If, in the absence of
properly implemented locks, the mixing
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
tank would be significantly vulnerable,
then the facility would identify the
mixing tank as an actionable process
step. The facility may then decide that
the existing locks could serve as a
mitigation strategy that reduces the
significant vulnerability of the mixing
tank and evaluate if any other mitigation
strategies are necessary. The food
defense plan would then capture the
mixing tank step as an actionable
process step and the locks as the
mitigation strategy. As a mitigation
strategy, the locks would be subject to
mitigation strategy management
components (i.e., food defense
monitoring, corrective actions, and
verification).
There are some instances where it is
appropriate to consider existing food
defense measures before the
vulnerability assessment is completed.
For example, the owner of the same
facility may assess a second mixing tank
that is part of an entirely closed system,
with no direct access points into the
system, such that an individual
attempting to access this mixing tank
likely would cause a major disruption to
the line, foiling any attempted
intentional adulteration. Because this
second mixing tank has specific closed
properties designed into the system, that
are inherent characteristics of the
mixing tank, it would be appropriate for
the facility to consider these inherent
characteristics in the vulnerability
assessment. Based on this assessment,
the facility may conclude that the
inherent characteristics of this mixing
tank, in this case its enclosed nature,
renders the product inaccessible at this
step and, therefore would not identify
an actionable process step associated
with this mixing tank (in which case,
there would also be no requirement to
implement a mitigation strategy at this
step).
Permanent equipment changes may
reduce a significant vulnerability to
such an extent that a processing step
would no longer be considered an
actionable process step. For example, a
facility might identify a rotating air
dryer as an actionable process step and
in the supporting rationale discuss the
high degree of accessibility at the point
where product is fed from a pneumatic
conveyor into the top of the dryer. The
facility later installs a permanent, clear
plastic shield affixed to, and extending
from, the discharge of the pneumatic
conveyor to the opening of the dryer.
The clear plastic shield enables workers
to supervise the product flow into the
dryer while serving as an effective
barrier to an attacker wishing to
introduce a contaminant into the
product at the dryer. This engineering
PO 00000
Frm 00032
Fmt 4701
Sfmt 4700
improvement would significantly
minimize or eliminate access to product
in the dryer and thereby significantly
minimize or prevent a significant
vulnerability at this process step. The
implementation of this engineering
improvement would be detailed in the
facility’s food defense plan and, upon
reanalysis, the facility may determine
that this processing step is no longer an
actionable process step.
(Comment 73) Some comments
recommend that vulnerability
assessments should consider
downstream processing steps, the
volume of product, shelf life,
marketplace turnover, and consumption
patterns and that additional details
regarding vulnerability assessments
should be in the regulatory text. The
comments did not provide specifics or
recommendations regarding what
additional details about vulnerability
assessments should be included.
(Response 73) As previously stated,
we are not prescribing a specific
methodology that facilities must use to
conduct vulnerability assessments to
identify actionable process steps. In the
preamble to the proposed rule, we listed
a number of elements to consider when
conducting vulnerability assessments
(78 FR 78014 at 78042) and did not
require particular elements in the
regulatory text. However, in light of
comments requesting further
vulnerability assessment details in the
regulatory text, and the removal of key
activity types as a separately identified
option, we are specifying that three
elements must be considered in any
vulnerability assessment. These three
elements are based on our extensive
experience conducting vulnerability
assessments and collaborating with
stakeholders to refine vulnerability
assessment methodology and are critical
elements of an acceptable vulnerability
assessment methodology. Specifically,
we have revised § 121.130 to require
that for each processing step under
evaluation, the facility must consider, at
a minimum: (1) The potential public
health impact if a contaminant were
added (e.g., severity and scale); (2) the
degree of physical access to product;
and (3) the ability of an attacker to
successfully contaminate the product.
a. Element 1: The potential public
health impact if a contaminant were
added (e.g., severity and scale). This
factor includes, for each processing step,
consideration of the volume of product
impacted, the number of at risk servings
generated, and the number of potential
exposures. As appropriate, and with
sufficient scientific rigor, the facility
may also consider other factors such as
food velocity (i.e., the speed at which a
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
particular product moves through the
distribution system); potential agents of
concern; the infectious or lethal dose of
agents of concern; and the morbidity/
mortality rate if the intentional
adulteration were successful. This
element is required in the vulnerability
assessment because it enables facilities
to focus resources on processing steps
with the highest degree of public health
impact if the intentional adulteration
were successful.
We recognize that some facilities may
not have the scientific knowledge to
critically identify and evaluate
individual agents of concern across their
production process. The potential
public health impact can also be
determined through the consideration of
the volume of food at risk should an act
of intentional adulteration be successful
at each process step. This approach
would serve to extrapolate the potential
public health impact without the
scientifically rigorous examination of
specific agents (e.g., consideration of
infectious or lethal dose). For example,
using this approach, a facility
considering the potential public health
impact of the intentional adulteration of
its primary ingredient storage tank
would consider the volume of food in
the tank and the servings generated from
this volume. If the facility has a 50,000
gallon primary ingredient liquid storage
tank that would generate 800,000 one
cup servings (50,000*16), the facility
would consider all of these 800,000
servings as being at risk. Note that
potential servings at risk is not limited
to the amount of food being processed
at an actionable process step. This is
illustrated by a process step that applies
a minor ingredient, such as a vitamin
mixture applied over toasted cereal as it
passes underneath spray nozzles. The
facility’s metering tank for application
to the cereal is 10 gallons. However,
these 10 gallons will be sprayed over
100,000 servings of cereal. The facility
would conclude that 100,000 servings
are at risk if the intentional adulteration
were successful at this point.
A number of other factors may also go
into the calculations a facility uses to
determine the potential public health
impact. For example, if a facility has
conducted market research and
concludes that each distribution unit of
20 servings is typically consumed by
four persons, the potential public health
impact of that distribution unit could be
considered four persons rather than 20.
b. Element 2: The degree of physical
access to product. This element
includes consideration of, at a
minimum, the ability of an attacker to
conduct the attack at the particular
processing step under evaluation; and
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
the openness of the processing step to
intentional adulteration, based on the
presence of physical barriers such as
gates, railings, doors, lids, seals, shields,
and other barriers. This element is
required in the vulnerability assessment
because it enables facilities to prioritize
how easy or difficult it is to access
product at each processing step, based
on the inherent characteristics of the
physical environment surrounding the
step.
c. Element 3: The ability of an
attacker to successfully contaminate the
product. This element includes, for each
processing step, consideration of, at a
minimum, the ease of introducing an
agent to the product; the ability for an
agent to be uniformly mixed or evenly
applied; and the ability of an attacker to
work unobserved and have sufficient
time to introduce the agent. As
appropriate, and with sufficient
scientific rigor, the facility may also
consider: The amount of specific agent
required; whether downstream dilution
or concentration steps would affect the
volume of agent required; whether
downstream processing would or would
not neutralize the agent(s) under
evaluation; and the ability of the
attacker to successfully introduce a
sufficient volume of agent to the food
without being detected or interdicted.
This element is required in the
vulnerability assessment because it
enables facilities to understand whether
the amount of agent required at each
processing step is feasible and if
subsequent processing steps would
successfully remove an agent if present.
Taken together, these three required
vulnerability assessment elements
provide facilities appropriate tools to
adequately identify which
vulnerabilities should be identified as
significant vulnerabilities (i.e., those
vulnerabilities, if attacked, could
reasonably be expected to cause wide
scale public health harm). If the step
under evaluation has significant
vulnerabilities associated with it and
requires the application of mitigation
strategies to prevent or eliminate a
significant vulnerability or reduce such
vulnerability to an acceptable level, the
step would be categorized as an
actionable process step.
By utilizing these three required
elements when conducting a
vulnerability assessment, regardless of
the vulnerability assessment
methodology utilized, facilities are
provided with a systematic approach
that enables them to move in a logical,
step-wise manner to identify actionable
process steps. First, a facility would
develop a list or flow diagram of each
point, step, or procedure in the food
PO 00000
Frm 00033
Fmt 4701
Sfmt 4700
34197
process under evaluation, recognizing
that each processing step has some
associated vulnerability (i.e., the
susceptibility of a point, step, or
procedure in a facility’s food process to
intentional adulteration). Second, the
facility would identify which
vulnerabilities are significant
vulnerabilities (by using the three
required elements), and third, the
facility would identify actionable
process steps where significant
vulnerabilities are present. We intend to
provide further guidance on conducting
vulnerability assessments to satisfy
these requirements.
As noted previously, some comments
suggested that vulnerability assessments
should consider downstream processing
steps, the volume of product, shelf life,
marketplace turnover, and consumption
patterns. We have found that shelf life
is not necessarily a good indicator of the
speed at which a particular product
moves through the distribution system
(i.e., food velocity), because many
products are sold and consumed
months, if not years, before their shelf
life expires. Marketplace turnover and
consumption patterns are captured
within the concept of food velocity,
which may be considered in a
vulnerability assessment as a
component of Element 1, detailed
previously in this document. Likewise,
the potential effect of downstream
processing can be considered as a
component of Element 3, detailed
previously in this document.
(Comment 74) One comment suggests
adding laboratory professionals to the
list of possible vulnerability assessment
team members.
(Response 74) The list of potential
members of the vulnerability assessment
team discussed in the preamble to the
proposed rule is not exhaustive (78 FR
78014 at 78042). The original list
included ‘‘personnel working in the
areas of security, food safety/quality
assurance or control, human resources,
operations, maintenance, and other
individuals deemed necessary to
facilitate the formation of the
vulnerability assessment.’’ We agree that
laboratory professionals can provide
important contributions to the
vulnerability assessment and can be
included as potential team members.
(Comment 75) A few comments seek
clarification on what type of
justification would be required in the
instance where no significant
vulnerabilities are identified through a
vulnerability assessment.
(Response 75) It has been our
experience that most facilities will
identify one or more significant
vulnerabilities. For a facility to
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34198
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
conclude that it has no significant
vulnerabilities and therefore no
actionable process steps, the facility
would need to determine that none of
its production steps present a significant
vulnerability for wide scale public
health harm from intentional
adulteration. In conducting its
vulnerability assessment, the facility
would need to consider at each step of
its process: (1) The potential public
health impact if a contaminant were
added (e.g., severity and scale); (2) the
degree of physical access to the product;
and (3) the ability of an attacker to
successfully contaminate the product.
The written vulnerability assessment,
including the accompanying rationale
supporting the decision not to identify
any significant vulnerabilities would be
important for determining if such a
facility had complied with § 121.130.
(Comment 76) One comment suggests
the term ‘‘vulnerability assessment’’
should be clearly defined in the rule.
(Response 76) We deny this request.
As discussed in Response 73, § 121.130
has been revised to provide required
elements the facility would need to
consider at each step of its process
when conducting vulnerability
assessments: (1) The potential public
health impact if a contaminant were
added (e.g., severity and scale); (2) the
degree of physical access to the product;
and (3) the ability of an attacker to
successfully contaminate the product.
Additionally, the definition for
significant vulnerability has been
revised to include these three required
elements, which underscores the
importance of the evaluation that leads
to the identification of significant
vulnerabilities, which in turn leads to
the identification of actionable process
steps.
We believe the combination of
required vulnerability assessment
elements in § 121.130 and a revised
definition for significant vulnerability
provides a high degree of specificity
regarding what constitutes a
vulnerability assessment and will
provide direction to facilities as they
select an appropriate vulnerability
assessment methodology.
(Comment 77) One comment suggests
that the term ‘‘secondary ingredient
handling’’ used in a key activity type is
confusing because it is not obvious
whether ‘‘secondary’’ describes
‘‘ingredient’’ or ‘‘handling,’’ nor what is
meant by ‘‘secondary.’’
(Response 77) We are removing the
key activity types from the regulatory
text, although the key activity types are
one appropriate method to conduct
vulnerability assessments to identify
actionable process steps. Consequently,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
we will consider these comments when
developing guidance to support the use
of key activity types as an appropriate
method to conduct a vulnerability
assessment.
(Comment 78) One comment suggests
that the definition for ‘‘holding’’ used in
two key activity types should be
modified to account for activities that
involve the safe and effective storage of
raw agricultural commodities, other
than fruits and vegetables, intended for
further distribution or processing, but
does not include activities that
transform a raw agricultural commodity
into a processed food. The specific
example of mineral oil applied to raw
grains and oilseeds for dust control was
provided.
(Response 78) In response to the
comment, we have conducted an
analysis of this activity and believe that
the storage of mineral oil and its
application onto raw, whole grains or
oilseeds in accordance with 21 CFR
172.878 is not a significant vulnerability
and facilities engaged in these specific
practices are not required to evaluate
these processing steps when conducting
vulnerability assessments (Ref. 15).
Facilities storing and using mineral oil
on other food products, such as baked
goods, condiments, spices, or
confectionery products, are required to
evaluate mineral oil storage and use
when conducting vulnerability
assessments.
Additionally, we are removing the key
activity types from the regulatory text,
as discussed previously, although the
key activity types are one appropriate
method to conduct vulnerability
assessments to identify actionable
process steps. Further, we are revising
the definition of ‘‘holding’’ in this final
rule, as discussed in section IV.A.3, by
removing the distinction for farms and
farm mixed-type facilities and adding
that holding also includes activities
performed incidental to storage of a
food, but does not include activities that
transform a RAC into a processed food
and we include additional examples of
holding activities. However, the holding
of food in liquid storage tanks remains
an activity subject to the rule under
§ 121.5(b).
(Comment 79) Some comments state
that when conducting vulnerability
assessments, facilities should take
different processing steps into
consideration, but facilities should not
be expected to conduct vulnerability
assessments based on product type.
Rather, they should be able to conduct
a tailored vulnerability assessment
based on the best methodology for each
facility, either in its entirety or by any
appropriate, locally determined
PO 00000
Frm 00034
Fmt 4701
Sfmt 4700
methodological approach, such as
grouping different production areas or
processing steps.
(Response 79) Facilities have the
flexibility to choose a vulnerability
assessment methodology appropriate to
their operations, provided that
methodology includes consideration of
three fundamental elements (i.e., the
evaluation of the potential public health
impact if a contaminant were added
(e.g., severity and scale), the degree of
physical access to the product, and the
ability of an attacker to successfully
contaminate the product) and is
performed by an individual qualified by
training and/or experience to conduct
vulnerability assessments. A facility
must conduct written vulnerability
assessments for all of the foods that it
manufactures/processes, packs, or
holds. We recognize there are instances
where facilities are manufacturing very
similar products using either the same
equipment and/or very similar
processes. In such instances, it is
appropriate for the facility to conduct
vulnerability assessments of like
products by grouping these products
into one or more processes and
conducting vulnerability assessments on
these process groupings. However, any
product or process-specific differences
must be carefully delineated and noted
in the vulnerability assessment, and the
facility must clearly identify the specific
products included in each vulnerability
assessment. In some facilities with
limited types of products, the written
vulnerability assessment may contain a
single set of process steps that addresses
all of the products produced. For
example, a facility making fruit-flavored
beverages may be able to conduct a
single vulnerability assessment for all of
its beverages using a single set of
processing steps.
In other facilities, there may not be a
practical way to group all products into
a single set of process steps, and
vulnerability assessments may be
needed for multiple groups of products.
For example, a facility that makes both
ready-to-eat (RTE) entrees and entrees
that are not RTE may need to conduct
a vulnerability assessment of the RTE
entrees and conduct a separate
vulnerability assessment for the entrees
that are not RTE.
d. Qualified Individual
(Comment 80) Several comments
requested more information regarding
the requirement that vulnerability
assessments must be conducted by
individual(s) qualified by experience
and/or training using appropriate
methods. Specifically, additional
clarification was requested regarding
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
training such individuals must receive
(particularly in the absence of FDA
standardized curriculum); the process
and criteria by which relevant work
experience may supplement or
substitute for training; and the criteria
by which FDA will determine if the
individual is adequately qualified to
conduct vulnerability assessments.
Additionally, several comments believe
there is confusion with the use of
qualified individuals in this rule
compared to other rules and believe the
term should be defined.
(Response 80) We agree that further
clarification is needed regarding a
definition for a qualified individual in
the context of this rule and in particular,
how it relates to the qualifications
necessary to conduct vulnerability
assessments. Consequently, in § 121.3
we have defined a qualified individual
to mean ‘‘a person who has the
education, training, or experience (or a
combination thereof) necessary to
perform an activity required under
subpart C, as appropriate to the
individual’s assigned duties. A qualified
individual may be, but is not required
to be, an employee of the
establishment.’’ We have further
clarified the qualifications necessary for
the conduct of a vulnerability
assessment by creating a new section
(§ 121.4, Qualifications of Individuals
Who Perform Activities Under Subpart
C). In § 121.4 we state ‘‘each individual
responsible for . . . conducting or
overseeing a vulnerability assessment as
required in § 121.130’’ must (1) have the
appropriate education, training, or
experience (or a combination thereof)
necessary to properly perform the
activities; and (2) have successfully
completed training for the specific
function at least equivalent to that
received under a standardized
curriculum recognized as adequate by
FDA or be otherwise qualified through
job experience to conduct the activities.
Job experience may qualify an
individual to perform these functions if
such experience has provided an
individual with knowledge at least
equivalent to that provided through the
standardized curriculum. This new
definition and qualifications section has
provided more information on what
would qualify an individual to perform
a vulnerability assessment. We believe
that our definition of ‘‘qualified
individual’’ as well as the qualifications
required of those individuals have
addressed this need and fulfill the
request of the comments. This new
approach is consistent with other FSMA
rules, including the PCHF final rule,
which we believe allows for easier
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
understanding and implementation for
the regulated industry.
As stated in the preamble to the
proposed rule, we recognize that the
task of performing a vulnerability
assessment requires an individual with
a specific skill set to properly assess and
prioritize the various points, steps, or
procedures in a food process to
characterize their susceptibility to
intentional adulteration, to identify
significant vulnerabilities and to
identify actionable process steps where
mitigation strategies are essential to
significantly minimize or eliminate the
significant vulnerabilities. We also
believe that various activities required
by this rule may require higher levels of
training based on the difficulty and
intensity of the task. We believe that a
standardized curriculum will be
required to ensure clear and consistent
training is provided for this activity.
The training developed for the purpose
of conducting or overseeing a
vulnerability assessment will require an
in-depth analysis of the functional and
thought processes required to properly
characterize significant vulnerabilities
associated with a facility’s points, steps
or procedures and the identification of
actionable process steps. The process of
conducting a vulnerability assessment
may be new to much of the industry and
the training must take this into
consideration. The standardized
curriculum for conducting a
vulnerability assessment will need to be
a comprehensive training that teaches
an individual the required components
of a vulnerability assessment and
provides enough information for an
individual to calibrate their decision
making based on the scientific analysis
required by a vulnerability assessment.
We believe that the curriculum designed
for this activity will require multiple
days and may best be offered in person.
(Comment 81) A few comments
believe the key activity type option for
identifying actionable process steps
should include a requirement that the
evaluation be performed by an
individual(s) qualified by experience
and/or training using appropriate
methods.
(Response 81) We agree with the
comments and this is reflected in the
revised requirements. As explained in
Response 71, key activity types have
been removed from the regulatory text,
but are still considered an appropriate
method to conduct a vulnerability
assessment. The rule requires that a
vulnerability assessment, no matter
which methodology is used, must be
conducted or overseen by a qualified
individual. We note that the
requirements to conduct or oversee a
PO 00000
Frm 00035
Fmt 4701
Sfmt 4700
34199
vulnerability assessment will differ
depending on the type of vulnerability
assessment conducted. Using key
activity types requires less technical
expertise and experience than other
methodologies and this would be
reflected in the necessary qualifications.
C. Proposed § 121.135—Focused
Mitigation Strategies for Actionable
Process Steps
We proposed that the owner, operator,
or agent in charge of a facility must
identify and implement focused
mitigation strategies at each actionable
process step to provide assurances that
the significant vulnerability at each step
will be significantly minimized or
prevented and the food manufactured,
processed, packed, or held by such
facility will not be adulterated under
section 402 of the FD&C Act (21 U.S.C.
342). As discussed in section IV.B.3, in
the final rule we use the term
‘‘mitigation strategies’’ and no longer
reference focused and broad mitigation
strategies.
In addition, we have modified this
provision to provide that for each
mitigation strategy or combination of
strategies implemented at each
actionable process step, the facility must
include a written explanation of how
the mitigation strategy(ies) sufficiently
minimizes or prevents the significant
vulnerability associated with the
actionable process step. In the preamble
to the proposed rule, we stated that a
justification for how the strategy
significantly reduces or eliminates the
risk of intentional adulteration at that
actionable process step(s) must be
documented (see 78 FR 78014 at 78048);
however, this was not explicitly
included in the regulatory text. We
believe that providing additional
flexibility in the nature of the mitigation
strategies facilities may employ makes it
critical that facilities explain their
rationale as to how the strategy(ies) are,
in fact, protective of the actionable
process step. This explanation will
include a facility’s rationale for
selecting its mitigation strategies. This
explanation can provide additional
benefits to the facility by assisting them
in the decision-making process for
identifying mitigation strategies as well
as identifying the most appropriate
mitigation strategies management
components for the mitigation
strategy(ies).
Based on our vulnerability
assessments, we believe that adequate
mitigation strategies are designed to
minimize or eliminate the chances an
attacker would be successful if an act of
intentional adulteration were attempted
at the actionable process step by either
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34200
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
(1) minimizing the accessibility of the
product to an attacker (e.g., physically
reducing access to the product by
locking storage tanks) or (2) reducing
the opportunity for an attacker to
successfully contaminate the product
(e.g., increasing observation of the area
through supervision or use of the buddy
system), or a combination of both.
Mitigation strategies found within
FDA’s Mitigation Strategies Database,
generally, are designed to address one or
both of these concepts. The content of
the Mitigation Strategies Database is
derived from our experience conducting
vulnerability assessments with industry
and can serve as a resource for facilities
to identify adequate and appropriate
mitigation strategies. The explanation of
how the mitigation strategy sufficiently
minimizes or prevents the significant
vulnerability associated with the
actionable process step would,
generally, address the mitigation
strategy’s impact on one or both of these
outcomes.
For example, a facility seeking to
protect its liquid storage tank’s access
hatch with a lock may conclude that the
lock significantly reduces access to the
liquid food stored in the tank by
rendering the hatch inaccessible and
include this explanation in its food
defense plan. As another example, a
facility may elect to protect its liquid
storage tank actionable process step
with a policy to require two or more
employees to be in the area at all times.
The facility’s explanation would
include the rationale that this ‘‘buddy
system’’ reduces the opportunity and
ability of an attacker to bring a
contaminant into the vulnerable
production area and introduce the
contaminant into the food without being
detected by his or her co-workers. These
two examples show that the same
actionable process step can be protected
in a variety of ways. The explanation
will clarify the facility’s thinking and
rationale as to how a mitigation strategy
significantly minimizes or prevents a
significant vulnerability.
We believe that the explanation
accompanying the mitigation
strategy(ies) will be highly beneficial to
the facility in gauging the proper
implementation of the mitigation
strategy during required verification
activities. In identifying and
implementing appropriate mitigation
strategies, the facility will need to
reason through how and why the
mitigation strategy(ies) will be
protective of the respective actionable
process step in question. This
explanation and the monitoring of the
mitigation strategy play key roles in
enabling the facility to determine if the
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
mitigation strategy is achieving its
intended aim and, therefore, is properly
implemented.
For example, for a facility that secures
its liquid storage tank with a lock, a
review of monitoring records may show
that the lock is consistently in place and
locked, therefore reducing accessibility
and significantly reducing the
vulnerability associated with the liquid
storage tank. By being consistently
implemented as intended, the lock is
achieving the aim as explained in the
food defense plan to reduce access to
the liquid food held in the liquid storage
tank. In this case, the facility can
conclude that this mitigation strategy is
properly implemented and is reducing a
significant vulnerability.
In contrast, consider a lock on a mixer
that is not achieving its intended aim.
In this example, the worker at the mixer
must routinely open the mixer’s lid to
determine if the product is being
sufficiently mixed. The worker finds the
lock to be interfering with his or her
responsibilities and frequently does not
engage the lock after checking on the
product, repeatedly leaving the mixer
unsecured. This deviation is
documented in monitoring records by
the production supervisor. In this case,
the facility’s explanation as to how the
mitigation strategy would be protective
of the mixer included the rationale that
the lock would reduce access to the
product. A component of the facility’s
corrective action procedure for this
mitigation strategy was to retrain the
employee on the importance of locking
the mixer, but the employee continues
to repeatedly leave the mixer unlocked
due to its interference with his or her
responsibilities. Since the mitigation
strategy, as determined through a review
of monitoring and corrective action
records, was not consistently
implemented, it is not achieving the aim
as specified in the mitigation strategy’s
explanation. Therefore, the mitigation
strategy cannot be determined to be
properly implemented and is not
reducing significant vulnerabilities
associated with the mixer. Since the
facility has found that the mitigation
strategy is not properly implemented,
the facility must reanalyze this portion
of the food defense plan under the
requirements of § 121.157(b)(3) and then
identify and implement a different
mitigation strategy, or combination of
strategies, for the mixer that would
reduce the likelihood that an act of
intentional adulteration would be
successful.
Additionally, we believe that the
explanation for how the mitigation
strategy(ies) are suitable and intended to
reduce the significant vulnerability will
PO 00000
Frm 00036
Fmt 4701
Sfmt 4700
also be highly beneficial in establishing
common understanding and
communication between the facility and
inspectors during inspections.
(Comment 82) Many comments
support our proposed requirement that
mitigation strategies be targeted at high
vulnerability process steps instead of
setting requirements for general facilitylevel protections. Further, some
comments assert that significant
vulnerabilities by nature present
themselves at particular points in a
process and that these individual
points, steps, or procedures must be
protected. These comments also state
that broad mitigation strategies would
be far reaching and require significantly
more capital investment from industry,
while not directly protecting the most
vulnerable processes.
(Response 82) We agree with
comments supporting the direction of
mitigation strategies to those areas
where vulnerability is highest. As
discussed previously, we now refer to
mitigation strategies, rather than broad
and focused mitigation strategies.
However, we continue to believe that to
be sufficient and appropriate mitigation
strategies must be specifically tailored
to the significant vulnerability and
customized to the actionable process
step where they are applied rather than
applied to the entire facility (e.g.,
locking exterior doors, or ensuring
employees and visitors have
identification badges). We would not
consider these two examples to be
adequate to significantly reduce or
prevent a significant vulnerability
because they do not address an inside
attacker.
However, we believe that many
policies or procedures that a facility
currently has in place can be modified
or altered to provide protection against
acts of intentional adulteration without
the facility incurring significant costs, or
requiring additional capital investment.
For example, consider a liquid food
storage tank with an inward opening
hatch. When the tank is full, the
pressure of the liquid prevents the hatch
from being opened, rendering the tank
inaccessible. However, when the tank is
empty, the hatch may be opened and a
contaminant added. It may be part of
normal facility practice for a supervisor
to conduct a visual check of storage
tanks after a cleaning cycle to ensure the
cleaning has been conducted properly.
Rather than incur the cost of installing
a lock or other access control on the
hatch, the facility may elect to
implement a food defense mitigation
strategy by altering its visual check
procedure so that the visual check by
the supervisor is conducted
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
immediately prior to food being added
to the storage tank so that the tank is
observed after the tank has been empty
and accessible for an extended period of
time. Alternatively, the facility could
elect to secure the tank’s hatch with a
tamper-evident seal or tape after the
visual inspection. This slight
modification of an existing facility
practice could be implemented with
little, if any, cost to the facility and
serve to protect the actionable process
step—in this case the storage tank—
from an attacker adding a contaminant
to the tank while it is empty and
accessible after it been cleaned and
visually inspected.
(Comment 83) Some comments state
that those strategies previously termed
as broad mitigation strategies should be
considered as being among appropriate
mitigation strategies for compliance
with the requirements, with the majority
of those comments indicating that FDA
should not distinguish between focused
and broad mitigation strategies in the
final rule. Some comments disagree
with FDA’s statement in the proposed
rule that the implementation of focused
mitigation strategies at actionable
process steps in a food operation is
necessary to minimize or prevent the
significant vulnerabilities that are
identified in a vulnerability assessment
regardless of the existence of broad
mitigation strategies. These comments
contend that mitigation strategies
(whether broad or focused) can work in
concert with one another and play an
important role in a facility’s food
defense approach. Additionally, some
comments state that broad mitigation
strategies can sometimes achieve the
same results as focused mitigation
strategies and some comments state that
the differentiation between the two
types of strategies is confusing and
subjective.
(Response 83) We believe this
comment is largely addressed by
changing the regulatory text to refer to
only mitigation strategies in this final
rule. We agree with comments that
mitigation strategies exist across a
spectrum from those that are very broad
and facility-wide in nature to those that
are very specific and tailored to unique
processing steps and areas. If
implemented in a directed manner, a
strategy that may tend to be thought of
as ‘‘broad’’ can be effective at reducing
vulnerability associated with a specific
actionable process step and could
sufficiently minimize the likelihood of a
successful act of intentional
adulteration at the actionable process
step.
Based on the results of our
vulnerability assessments, we believe
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
that mitigation strategies implemented
at actionable process steps that are
customized to the processing step at
which they are applied, tailored to
existing facility practices and
procedures, and consider the actionable
process step’s vulnerability to an insider
attack are sufficient to protect the
actionable process step. An insider
attack must be considered because an
attacker who has achieved access to the
facility will have already circumvented
the facility’s general facility-level
protections. During the course of our
vulnerability assessments, we
determined that if an actionable process
step was sufficiently protected against
an attack perpetrated by an insider with
legitimate access to the facility, it would
be similarly protected against the
actions of an outside attacker who has
circumvented perimeter protections.
Facility-wide security measures can
support or compliment the mitigation
strategy(ies) the facility implements;
however the significant vulnerability
associated with the actionable process
step must be significantly reduced or
prevented.
For example, if a facility implements
a strategy to restrict access at an
actionable process step to only those
authorized individuals who work in the
area, and the facility leverages
identification badges to enforce this
strategy, then the strategy becomes
much more targeted. In this case, the
strategy is simply not about identifying
personnel who work anywhere in the
facility, but rather, restricting access to
a specifically vulnerable area. In this
case, the pre-existing badging process
the facility had in place to positively
identify employees and visitors serves
as the foundation upon which the more
tailored mitigation strategy is built.
However, the badging process itself is
not a mitigation strategy sufficient to
significantly reduce or prevent a
significant vulnerability at the
actionable process step because the
badging process alone does not restrict
access to the actionable process step.
Another example to illustrate how
different practices can work in concert
with each other to achieve protection is
that of vetting employees. In the
proposal we described a hypothetical
scenario where a facility’s secondary
ingredient handling area was identified
as significantly vulnerable and was,
therefore, identified as an actionable
process step. In the scenario, the facility
elected to mitigate this vulnerability by
(1) reducing the time ingredients were
open and accessible, (2) entrusting the
handling of secondary ingredients to
one of the most trusted employees, and
(3) increasing observation over the
PO 00000
Frm 00037
Fmt 4701
Sfmt 4700
34201
secondary ingredient handling area. To
implement the second mitigation
strategy (use of most trusted employees),
the facility could utilize either senior
and/or long-term employees who had
earned their trust over time, or the
facility could conduct a more detailed
background check on specific
employees.
Much the same way the Federal
government assigns more sensitive tasks
to Federal workers based on a multilayered classification and security
clearance process, the facility could
require basic level pre-employment
screening for most employees, but for
those employees working at actionable
process steps, a mitigation strategy
could be to require a more detailed level
of background check. The facility would
also conduct periodic review of the
background check, as appropriate. By
applying a more targeted approach to
establishing trust for the employee
working in the secondary ingredient
handing area, the facility leveraged what
was previously described in the
proposal as a ‘‘broad’’ mitigation
strategy in a much more directed and
targeted way such that it was
specifically addressing the significant
vulnerability associated with the
secondary ingredient staging area. This
example shows how what were ‘‘broad’’
and ‘‘focused’’ mitigation strategies can
work together to protect an actionable
process step.
We caution against using background
checks as the sole mitigation strategy to
reduce significant vulnerabilities at an
actionable process step because a
background check may not identify all
indicators of an insider threat.
Additionally, information within a
background check may be outdated or
missing more recent key information
that could be indicators of an insider
threat. Background checks should be
used in concert with other mitigation
strategies to counter the risk of an
insider attack. In this example, the
facility also mitigated vulnerability at
the secondary ingredient staging area by
reducing the staging time of ingredients
and increasing observation of the area.
Similarly, some other mitigation
strategies may not be adequate when
used in isolation. For example, ensuring
adequate lighting around an actionable
process step would generally be a
mitigation strategy that must be used in
concert with other strategies to
significantly reduce the likelihood of, or
prevent, successful acts of intentional
adulteration at an actionable process
step. The increased lighting can support
other mitigation strategies (i.e.,
increased supervision of an actionable
process step) but, generally, increased
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34202
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
lighting would not by itself be sufficient
to address the significant vulnerability
associated with the actionable process
step.
(Comment 84) Some comments state
that existing facility practices and
facility-level measures should be
considered when a facility is identifying
appropriate mitigation strategies.
(Response 84) We agree. As discussed
previously, mitigation strategies should
be tailored to existing facility practices
and procedures, and take into account
the nature of the actionable process
step’s significant vulnerability.
Mitigation strategies can be
complemented by or built on top of
existing practices or facility-level
measures. For example, a facility might
prepare secondary ingredients in an area
near the process step where they will be
added to the product line. The facility
weighs and measures ingredients the
night before use so they are ready for
introduction into the product line in the
morning. To identify a suitable and
appropriate mitigation strategy, the
facility would consider its normal
practice of staging ingredients the night
before and any other relevant practices
the facility engages in regarding its
handling of secondary ingredients in
this area. The facility might conclude
that staging ingredients the night before
is unnecessary and elect to implement
the mitigation strategy that ingredients
will only be handled immediately
before their introduction into the
product line to prevent them from being
open and accessible for extended
periods of time. Alternatively, if the
facility concludes that their operating
practices prevent this approach, it could
implement the mitigation strategy to
place the ingredients in tamper evident
storage containers overnight to prevent
an attacker from being able to introduce
an agent without indications of
tampering with the ingredients. The
facility would implement the most
appropriate mitigation strategy taking
into consideration its existing practices
and procedures.
(Comment 85) One comment asserts
broad mitigation strategies offer
significant protections to the food
supply and that focused mitigation
strategies are of questionable or at least
unproved efficacy. This comment goes
on to request that FDA focus
requirements only on broad mitigation
strategies that limit access to bulk foods
prior to and at process steps that may
disperse contamination in a large
volume of finished food.
(Response 85) During the course of
our vulnerability assessments, we found
that appropriate mitigation strategies
must be specifically tailored to the
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
significant vulnerability they are
addressing and customized to the
actionable process step where they are
applied, while taking into account
existing facility practices and
procedures. We disagree with the
comment’s assertion that strategies
previously termed as ‘‘focused
mitigation strategies’’ are questionable
or of unproven efficacy. Indeed, we
conclude as determined through our
vulnerability assessments that
mitigation strategies specifically
designed to protect the most vulnerable
points in a food operation are the most
effective at reducing the likelihood that
an act of intentional adulteration would
be successful. General facility-level
security measures have questionable
value in protecting actionable
processing steps from significant
vulnerabilities, especially those
significant vulnerabilities associated
with attackers with legitimate access to
the facility. However, this comment
illustrates why we are changing the
codified to refer to only ‘‘mitigation
strategies.’’ We would consider the
efforts described by this comment to be
focused mitigation strategies as we used
that term in the proposed rule. We agree
that ‘‘bulk foods prior to and at process
steps that may disperse contamination
in a large volume of finished food’’
would most likely be significantly
vulnerable and thus require appropriate
mitigation strategies.
(Comment 86) Some comments state
that some of the mitigation strategies
identified in the preamble of the
proposed rule may not be appropriate or
suitable in certain circumstances. For
example, some comments mention that
one-way sample ports as a mitigation
strategy may not be appropriate for
products that require aseptic sampling.
Some comments contend that making
engineering enhancements to equipment
or repositioning equipment to increase
visual observation may be prohibitively
costly.
(Response 86) We agree that certain
mitigation strategies may not be
appropriate or suitable in some
situations. Therefore, we are not
requiring any specific mitigation
strategies in this rule. A facility may
identify the most appropriate and
suitable mitigation strategies for its
facility, the food being processed, the
actionable process step being protected,
and the nature of the significant
vulnerability being mitigated.
(Comment 87) Some comments urge
FDA to permit requirements that are
already in place by other government
agencies to count as mitigation
strategies, when appropriate based on a
thoughtful vulnerability assessment. In
PO 00000
Frm 00038
Fmt 4701
Sfmt 4700
particular, these comments suggest the
C–TPAT program has proved successful
in requiring that broad mitigation
strategies be implemented, including
physical security, personnel security,
ingredient storage and inventory
procedures, and crisis management
planning.
(Response 87) As discussed in section
III.D, we believe that participation in
other security programs, such as C–
TPAT or CFATS for example, raises the
overall security posture for a facility and
can be beneficial along with the
requirements of the final rule. In certain
circumstances, security measures
implemented under other security
programs may also prove to be effective
mitigation strategies once actionable
process steps are identified. These
security measures should be evaluated
on a case-by-case basis to determine if
they significantly reduce or prevent
significant vulnerabilities at actionable
process steps. If so, the facility may
consider these protections as mitigation
strategies under § 121.135 and
document them in the food defense
plan. However, FDA will not consider a
facility’s participation with other
security programs as de facto
compliance with this rule.
D. Final § 121.138—Mitigation
Strategies Management Components
We have added a new § 121.138
(Mitigation Strategies Management
Components) to establish that mitigation
strategies required under § 121.135 are
subject to the following mitigation
strategies management components as
appropriate to ensure the proper
implementation of the mitigation
strategies, taking into account the nature
of each such mitigation strategy and its
role in the facility’s food defense
system: (1) Food defense monitoring in
accordance with § 121.140; (2) Food
defense corrective actions in accordance
with § 121.145; and (3) Food defense
verification in accordance with
§ 121.150. We have created this new
section to provide clarity and
understanding regarding the application
of the three management components to
the mitigation strategies as required by
§ 121.135.
E. Proposed § 121.140—Monitoring
1. Proposed § 121.140(a)–(b)
Requirement for Written Procedures for
and Frequency of Monitoring
We proposed that you must establish
and implement written procedures,
including the frequency with which
they are to be performed, for monitoring
the mitigation strategies, and you must
monitor the mitigation strategies with
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
sufficient frequency to provide
assurance that they are consistently
applied.
Some comments support the proposed
requirements. In the following
paragraphs, we discuss comments that
disagree with the proposed
requirements, ask us to clarify the
proposed requirements, or suggest one
or more changes to the proposed
requirements. Some comments request
that we provide more flexibility than a
traditional HACCP framework, with
specific requests for flexibility in the
management components, including
monitoring.
After considering these comments, we
are making three revisions to the
requirements for monitoring in
§ 121.140. First, we are adding the
qualification ‘‘as appropriate to the
nature of the mitigation strategy and its
role in the facility’s food defense
system,’’ to the beginning of the
provision. Second, we are changing
‘‘sufficient’’ to ‘‘adequate’’ in
§ 121.140(b), which now states that
‘‘you must monitor the mitigation
strategies with adequate frequency to
provide assurances that they are
consistently performed.’’ We are
substituting the term ‘‘adequate’’ for the
term ‘‘sufficient’’ to be consistent with
the PCHF final rule definition for
monitoring. We conclude that there is
no meaningful difference between
‘‘adequate’’ and ‘‘sufficient’’ for the
purposes of part 121. We have also
added a definition for the term
‘‘adequate’’ in the regulatory text to
mean that which is needed to
accomplish the intended purpose in
keeping with good public health
practice. We also conclude that the
regulations will be clearer if we use the
single term ‘‘adequate’’ throughout the
regulations. Third, we are changing
‘‘applied’’ to ‘‘performed’’ to address
comments that state the language was
unclear. Section 121.140(b) now states
that ‘‘you must monitor the mitigation
strategies with adequate frequency to
provide assurances that they are
consistently performed.’’
(Comment 88) Some comments argue
that the language of section 418(d) of the
FD&C Act is ambiguous, and state that
monitoring in section 418(d) does not
require that facilities conduct
monitoring as described in the National
Advisory Committee on Microbiological
Criteria for Foods’ HACCP Principles
and Application Guidelines. These
comments state that the statute sets a
standard for facilities to ‘‘monitor the
effectiveness of the preventive
controls.’’ The comments state that the
statute does not indicate how facilities
are to monitor the effectiveness of the
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
mitigation strategies; it does not indicate
that each mitigation strategy must be
monitored, and it does not specify the
frequency at which monitoring must
occur. However, the comments agree
that facilities should assess whether
mitigation strategies are in place and are
fully implemented. The comments agree
that facilities should have written
procedures regarding how, and the
frequency at which, observations take
place, but also indicate that these
procedures and frequencies should be
less rigorous than procedures and
frequencies for preventive controls.
(Response 88) We agree that facilities
must assess whether mitigation
strategies are in place. We also agree
that facilities must provide written
procedures regarding how, and the
frequency at which, monitoring occurs.
This rule implements section 103 of
FSMA, and therefore includes
components for monitoring (section
418(d) of the FD&C Act). We agree that
monitoring in the intentional
adulteration regulatory framework
should be more flexible than monitoring
as described in the National Advisory
Committee on Microbiological Criteria
for Foods’ HACCP Principles and
Application Guidelines. Therefore, we
have modified the requirement for
monitoring in the regulatory text to
include ‘‘as appropriate to ensure the
proper implementation of the mitigation
strategies, taking into account the nature
of each such mitigation strategy and its
role in the facility’s food defense
system’’ (see §§ 121.138, 121.140) and to
provide for the use of exception records
(see § 121.140(c)(2)). These changes
allow a facility to select the appropriate
rigor and frequency of its monitoring
based on its particular circumstances
and are similar to those made in the
PCHF final rule regulatory text for
monitoring in the preventive controls
management components.
For example, a facility stages
ingredients overnight so the first shift
can immediately begin adding
ingredients to a hopper. The facility
identifies staged ingredient containers
as an actionable process step because
the overnight staging makes the
ingredient containers significantly
vulnerable. The facility then identifies a
mitigation strategy of reducing
ingredient staging time. The facility
establishes and implements food
defense monitoring procedures to
include observations of the staging area
to ensure the ingredients are staged
immediately prior to addition into the
hopper rather than overnight. This
monitoring procedure is tailored to the
facility’s circumstances and is
appropriate to the mitigation strategy
PO 00000
Frm 00039
Fmt 4701
Sfmt 4700
34203
(i.e., suitable for a particular purpose
and capable of being applied) because it
allows for the assessment or observation
that the ingredient staging time is being
reduced. When establishing the
monitoring procedure, the facility
considered the nature of the mitigation
strategy (i.e., an observation would
determine if reducing the staging time
was being consistently performed) and
its role in the facility’s food defense
system (i.e., the facility deemed it
necessary to conduct the monitoring for
the mitigation strategy because the
reducing the staging time significantly
minimized the significant vulnerability
associated with the ingredient
containers). Additionally, the facility
reasoned that monitoring the staging
area immediately prior to the addition
of the ingredients to the hopper met the
requirement for monitoring to be
conducted on an adequate frequency
because this frequency meets the
definition of adequate (i.e., that which is
needed to accomplish the intended
purpose in keeping with good public
health practice) in that monitoring prior
to ingredient addition to the hopper
ensures that employees will properly
implement the reduced staging time and
reduce the significant vulnerability.
2. Proposed § 121.140(c)—Requirement
for Records
We proposed that all monitoring of
focused mitigation strategies in
accordance with this section must be
documented in records that are subject
to verification in accordance with
proposed § 121.150(a) and records
review in accordance with proposed
§ 121.150(c).
In the following paragraphs, we
discuss comments that disagree with the
proposed requirements, ask us to clarify
the proposed requirements, or suggest
one or more changes to the proposed
requirements. After considering these
comments, we have revised the
regulatory text to provide that exception
records may be adequate in some
circumstances (see § 121.140(c)(2)).
(Comment 89) Some comments state
that a facility will be much more likely
to document a deviation from an
established mitigation strategy (i.e., a
light is broken or turned off) rather than
a confirmation that the light was
working properly each day. These
comments seem to indicate that this
could be a potential area where greater
flexibility is needed regarding how
monitoring is documented.
(Response 89) New § 121.140(c)(2)
provides for exception records and
states records may be affirmative
records demonstrating the mitigation
strategy is functioning as intended and
E:\FR\FM\27MYR4.SGM
27MYR4
34204
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
that exception records demonstrating
the mitigation strategy is not
functioning as intended may be
adequate in some circumstances. This
revision to the regulatory text was made
to clarify that exception records, in
certain circumstances, are acceptable.
We understand exception reporting as a
structure where automated systems are
designed to alert operators and
management on an exception basis—i.e.,
only when a deviation from food safety
parameter limits are observed by the
system.
Exception reporting would be an
acceptable monitoring system in some
circumstances. A facility must be able to
verify that food defense monitoring is
being conducted (§ 121.150(a)(1)). This
is straightforward with affirmative
monitoring records but can be more
difficult or impossible with exception
records. The following example
provides an instance where a facility
may choose exception records when
monitoring a mitigation strategy. A
facility identifies an ingredient storage
area as an actionable process step, and
identifies and implements a restricted
access system that uses electronic
swipe/key cards to limit access to the
area. The restricted access system is
designed to allow authorized personnel
to open a door to the area, while also
alerting management when the door is
left unlocked. While the system would
not need to produce a record for every
authorized access to the area, the system
would produce a record for each
instance that the door is left unlocked
and alert operators to those instances. In
this example, the facility would
periodically verify that the restricted
access system is working properly, in
part, by leaving the door unlocked, and
ensuring the system alerts the operator
by generating a record that documents
the door being unlocked. Exception
records are not always appropriate. For
example, it would not be appropriate to
create a record that indicates adequate
lighting is not functioning as intended,
rather than documenting adequate
lighting is functioning as intended,
unless the facility devised an approach
that would allow it to verify that food
defense monitoring was being
conducted as required.
mstockstill on DSK3G9T082PROD with RULES4
F. Proposed § 121.145—Corrective
Actions
1. Proposed § 121.145(a)(1)–(2)
Requirement To Establish and
Implement Corrective Action
Procedures That Must Describe Steps To
Be Taken
We proposed that you must establish
and implement written corrective action
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
procedures that must be taken if the
mitigation strategy is not properly
implemented. The corrective action
procedures must describe the steps to be
taken to ensure that appropriate action
is taken to identify and correct a
problem with implementation of a
mitigation strategy to reduce the
likelihood that the problem will recur.
Some comments support the proposed
requirements. In the following
paragraphs, we discuss comments that
disagree with the proposed
requirements, ask us to clarify the
proposed requirements, or suggest one
or more changes to the proposed
requirements. Some comments request
that the intentional adulteration
requirements provide more flexibility
than a traditional HACCP framework,
with specific requests for flexibility in
the management components, including
corrective actions. After considering
these comments, we are making several
revisions to the proposed requirements
for corrective actions. First, we are
adding the qualification ‘‘as appropriate
to the nature of the actionable process
step and the nature of the mitigation
strategy’’ to the beginning of the
provision in § 121.145(a). Second, we
are separating the requirements to take
appropriate action to identify and
correct a problem that has occurred
from the requirement to take
appropriate action, when necessary, to
reduce the likelihood that the problem
will recur. The separated requirements
are now included in the regulatory text
as § 121.145(a)(2)(i) and
§ 121.145(a)(2)(ii), respectively. Similar
changes were made to the PCHF final
rule regulatory text for corrective
actions, as comments related to that rule
asserted the proposed corrective action
regulatory text could have been
misunderstood as a requirement to
establish a new preventive control after
implementing a corrective action
procedure. These comments also
asserted that it would be inappropriate
to assume that corrective action
procedures always correct a problem
with the implementation of a new or
additional preventive control. We have
addressed these comments to the
requirement to identify and correct a
problem by adding ‘‘that has occurred’’
after ‘‘correct a problem’’ in
§ 121.145(a)(2)(i). We have also
addressed these comments by qualifying
the requirement that the corrective
action procedures must describe the
steps to be taken to ensure that
appropriate action is taken to reduce the
likelihood that the problem will recur
by inserting ‘‘when necessary’’ after
PO 00000
Frm 00040
Fmt 4701
Sfmt 4700
‘‘appropriate action is taken’’ in
§ 121.145(a)(2)(ii).
(Comment 90) A few comments state
that greater flexibility is needed to
reflect the differences between
mitigation strategies and preventive
controls and that corrective actions is
one potential area in which to increase
flexibility. While comments agree that a
facility should take action when a
mitigation strategy is not properly or
fully implemented, these comments
further state that detailed, written
corrective action procedures should not
be required to address every possible
deviation for each mitigation strategy. In
addition, comments state that facility
employees should make corrections,
rather than take corrective actions, in
some circumstances. These comments
provide an example of corrections
where a door is simply closed, and the
action is not documented, in response to
a single, isolated event where a door is
propped open.
(Response 90) As described
previously, we have modified the
provision to provide that corrective
action procedures are established and
implemented based on the nature of the
actionable process step in addition to
the nature of the mitigation strategy (see
§ 121.145(a)). The rule allows for a
facility’s corrective action procedures to
reflect the extent of the deviation. For
example, a facility’s monitoring
indicates that a peer monitoring
mitigation strategy is not implemented
as intended because one of the
employees does not accompany the
other employee at the actionable process
step. A component of the facility’s
written corrective action is to retrain the
employee on the importance of
accompanying the other employee while
at the actionable process step. We
expect, in most cases, that food defense
corrective action procedures will be
simple and easy to undertake. Further,
we agree that written corrective action
procedures need not address every
possible deviation, and the rule does not
require this. Written corrective action
procedures should address
circumstances where deviations are
likely to occur. The reason to have
corrective action procedures is to
consider the likely scenarios in advance,
rather than react to these scenarios on
an ad hoc basis.
We do not agree that certain situations
are more appropriate for corrections
rather than corrective actions. A
‘‘correction’’ does not include, among
other things, actions to reduce the
likelihood that the problem will recur.
The comment describes a situation
where a facility is locking the door to
serve as the mitigation strategy, and the
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mstockstill on DSK3G9T082PROD with RULES4
monitoring of the mitigation strategy
indicates the strategy is not performing
as intended (i.e., the door is not locked,
and it is propped open). Because
monitoring has indicated the mitigation
strategy is not properly implemented, a
corrective action is required
(§ 121.145(a)(1)). While the example
includes a corrective action that is quite
simplistic and easy to undertake, it is
important that a corrective action, and
not a correction, be taken because the
corrective action includes actions to
reduce the likelihood that the problem
will recur, while the correction does
not. An unlocked door leaves the
significant vulnerability unmitigated,
and therefore, this seemingly isolated
problem directly impacts product
vulnerability.
Furthermore, corrections, such as
those discussed in the PCHF final rule
(e.g., facility observes food residue on
‘‘clean’’ equipment prior to production
of food, and then cleans the equipment),
are appropriate for minor and isolated
problems that do not directly impact
product safety. An analogous situation
does not exist in the context of
intentional adulteration where
requirements of this rule are designed to
reduce significant vulnerabilities
associated with an insider attack.
Additionally, food defense corrective
action requirements are less rigorous
and resource-intensive than corrective
actions for food safety purposes. Food
defense corrective actions do not
include requirements to evaluate all
affected food for safety, prevent affected
food from entering commerce, or
include requirements for unanticipated
problems.
2. Proposed § 121.145(a)(3)—
Documentation
We proposed that all corrective
actions taken in accordance with this
section must be documented in records
that are subject to verification in
accordance with proposed § 121.150(b)
and records review in accordance with
proposed § 121.150(c).
Some comments support the proposed
requirements without change. One
comment states that documentation
would not be needed in a single,
isolated event, such as where a door is
propped open, and the corrective action
would simply result in the door being
closed. While the example includes a
corrective action that is simple and easy
to undertake, it is necessary that it be
documented. Without such
documentation, verification of proper
implementation of the mitigation
strategy, as required in § 121.150(a)(3),
may not be possible because there are
no records to review which reflect
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
failure to implement the mitigation
strategy. Further, without
documentation, it may not be known
whether it was a one-time event or the
door was propped up more regularly.
Documentation of the corrective actions
and review of the documentation to
verify proper implementation of
mitigation strategies is necessary to
identify trends and patterns of
implementation of mitigation strategies
over time, and is also necessary to
ensure appropriate decisions about
corrective actions are being made. After
considering the comment, we are
finalizing these requirements as
proposed.
G. Proposed § 121.150—Verification
We proposed to require verification of
monitoring, verification of corrective
actions, verification of implementation
and effectiveness, reanalysis, and
documentation of all verification
activities. Specifically regarding
verification of implementation and
effectiveness, (proposed § 121.150(c)),
we proposed that you must verify that
the focused mitigation strategies are
consistently implemented and are
effectively and significantly minimizing
or preventing the significant
vulnerabilities. We proposed that this
must include, as appropriate to the
facility and the food, review of the
monitoring and corrective actions
records within appropriate timeframes
to ensure that the records are complete,
the activities reflected in the records
occurred in accordance with the food
defense plan, the focused mitigation
strategies are effective, and appropriate
decisions were made about corrective
actions. We also requested comment on
whether we should specify the
verification activities that must be
conducted for verification of monitoring
and for verification of corrective actions
and, if so, what verification activities
should be required.
1. Verification of Monitoring, Corrective
Actions and Implementation and
Effectiveness
Some comments support the proposed
requirements. In the following
paragraphs, we discuss comments that
disagree with the proposed
requirements, ask us to clarify the
proposed requirements, or suggest one
or more changes to the proposed
requirements. Some comments request
that the intentional adulteration
requirements provide more flexibility
than a traditional HACCP framework,
with specific requests for flexibility in
the management components, including
verification. Most of the comments
addressing verification activities request
PO 00000
Frm 00041
Fmt 4701
Sfmt 4700
34205
clarification specifically related to
implementation and effectiveness. One
comment requests that we provide for
other activities appropriate for
verification of implementation and
effectiveness. After considering these
comments, we are making several
changes to the requirements for
verification.
First, we are adding text to
§ 121.150(a) (Food defense verification)
to reflect that verification procedures
are established and implemented based
on the nature of the mitigation strategy
and its role in the facility’s food defense
system. Second, we made edits to reflect
new § 121.138. We have changed
proposed § 121.150(a) to final
§ 121.150(a)(1), which now states
‘‘Verification that food defense
monitoring is being conducted as
required by § 121.138 (and in
accordance with § 121.140).’’ We have
changed proposed § 121.150(b) to final
§ 121.150(a)(2), which now states
‘‘Verification that appropriate decisions
about food defense corrective actions
are being made as required by § 121.138
(and in accordance with § 121.145).’’ We
have changed proposed § 121.150(c) to
final § 121.150(a)(3) which requires
verification that mitigation strategies are
properly implemented and significantly
minimizing the significant
vulnerabilities.
Third, we have removed the
requirement to verify that mitigation
strategies are effectively significantly
minimizing or preventing significant
vulnerabilities in § 121.150(c) because it
is more appropriate to verify mitigation
strategies are being properly
implemented, in accordance with the
food defense plan, rather than verifying
these strategies are effective. In the food
safety context, verification of
effectiveness is mainly accomplished
via validation and testing, which are not
required in this final rule due to the
nature of mitigation strategies. Fourth,
we are adding a new section
§ 121.150(a)(3)(ii) to provide for ‘‘other
activities appropriate for verification of
proper implementation’’ to allow for
increased flexibility in verifying
mitigation strategies are properly
implemented beyond what is included
in § 121.150(a)(3)(i). Fifth, we added a
requirement (§ 121.150(b)), to establish
and implement written procedures,
including the frequency for which they
are performed, for verification activities.
This requirement was added because
the flexibility, provided in
§ 121.150(a)(3)(ii), is significant but not
unbounded. Written procedures are
essential to ensure these activities are
occurring in accordance with the food
defense plan. Sixth, we moved the more
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34206
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
extensive section for reanalysis
(proposed § 121.150(d)) to a new section
(final § 121.157) to improve readability
and clarity. As a result, we created a
new § 121.150(a)(4) (‘‘Verification of
Reanalysis in accordance with
§ 121.157’’) to include in § 121.150 the
requirement to verify that reanalysis has
been conducted. Some of these changes
are similar to those made in the PCHF
final rule regulatory text for verification
and preventive controls management
components.
(Comment 91) Some comments
request clarification and elaboration for
verification activities related to
implementation and effectiveness of
mitigation strategies (proposed
§ 121.150(c)).
(Response 91) As mentioned
previously, we have removed the
requirement to verify the effectiveness
of mitigation strategies. As part of food
defense verification, a facility must
determine if each mitigation strategy is
properly implemented and significantly
minimizing or preventing significant
vulnerabilities. To do this, a facility
would determine whether the mitigation
strategies are consistently implemented
and functioning as intended. Part of this
determination would be based on
review of monitoring and corrective
action records. In addition, as
mentioned in section V.D, facilities may
use, but are not limited to, two
important factors to determine the
proper implementation of mitigation
strategies to significantly minimize or
prevent significant vulnerabilities: (1)
The degree of physical access to the
product at the actionable process step
and (2) the ability of an attacker to
successfully contaminate the product at
the actionable process step.
For example, if a mitigation strategy is
significantly minimizing the degree of
physical access to the product at an
actionable process step, and the strategy
is consistently implemented as
determined by record review, the
strategy can be considered properly
implemented. Likewise, if the
mitigation strategy is significantly
minimizing the ability of an attacker to
successfully contaminate the product at
the actionable process step, and the
strategy is consistently implemented as
determined by record review, the
strategy can be considered properly
implemented. These factors are the
same as two of the factors required to be
evaluated in a vulnerability assessment
(§ 121.130(a)(2) and (3)).
We are not including the third factor
(the potential for public health impact
(§ 121.130(a)(1)) because it has been our
experience that mitigation strategies
either directly reduce access to a point,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
step, or procedure, or directly reduce
the ability of an attacker to contaminate
the food at a point, step, or procedure,
and in doing so, indirectly reduce the
potential public health impact if a
contaminant were added at a point,
step, or procedure.
As a facility reasons through its
explanation of how the mitigation
strategy significantly minimizes or
prevents the significant vulnerability
(§ 121.135(a)), the facility’s explanation
will most likely include the rationale for
how the mitigation strategy reduces, to
an acceptable level, either the degree of
unauthorized access to the actionable
process step or the ability of an attacker
to successfully contaminate the product
at the actionable process step. When the
facility reviews the monitoring and
corrective action records to ensure that
activities reflected in the records occur
as envisioned by the food defense plan
(§ 121.135(a)) and are consistently
implemented (§ 121.150(a)(3)), the
facility can then determine whether the
mitigation strategy is properly
implemented and is significantly
minimizing the significant vulnerability
at the actionable process step.
(Comment 92) One comment states
that verification methods other than
those required by proposed § 121.150(c)
may be appropriate, and provides
suggestions of such methods, including
direct observation of monitoring, such
as a supervisor observing monitoring
conducted by an employee, and review
of monitoring and corrective actions
activities during team meetings.
(Response 92) We agree that the rule
should provide flexibility for additional
activities related to verification of
properly implemented mitigation
strategies, and have revised the specific
requirements to provide for other
activities appropriate for verification of
proper implementation of mitigation
strategies in § 121.150(a)(3)(ii).
Providing specific requirements for
verification of implementation
(§ 121.150(a)(3)(i)), but allowing for
other activities appropriate for
verification of implementation
(§ 121.150(a)(3)(ii)), addresses, in part,
comment requests that mitigation
strategies management components
need to provide more flexibility.
(Comment 93) One comment
disagrees with the requirement that, as
part of verification, monitoring and
corrective action records must be
reviewed and further states that the
proposed requirement is too
prescriptive and not applicable to food
defense.
(Response 93) Review of monitoring
and corrective action records is a key
component of verification in a food
PO 00000
Frm 00042
Fmt 4701
Sfmt 4700
defense system. Review of monitoring
records is necessary to determine
whether mitigation strategies are
implemented as intended and are
therefore significantly minimizing
significant vulnerabilities. For example,
review of monitoring records for a
mitigation strategy of using a lock to
secure an access hatch on top of a silo
could indicate that the lock is
functioning as intended because the
securing mechanism is fully engaged,
and the hatch cannot be accessed
without a key to the lock. The
significant vulnerability has been
significantly minimized because the
food in the silo is no longer accessible.
The facility determines the mitigation
strategy is properly implemented
because it is functioning as intended
and minimizes the significant
vulnerability.
Review of corrective action records is
necessary to determine whether
appropriate decisions are being made to
identify and correct any problems with
the implementation of a mitigation
strategy and whether actions are being
taken to reduce the likelihood that a
problem would recur. To continue with
the example, if the review of monitoring
records indicated that the lock was not
properly implemented due to employee
error, the facility implements the
corrective action, which consists of
engaging the securing mechanism of the
lock on the access hatch, and retraining
the employee assigned to this step in
how to properly use the securing
mechanism. During the review of the
corrective action records, the facility
determines that appropriate decisions
about corrective actions were made
because the problem was identified that
the lock was not properly implemented
due to employee error, the problem was
corrected because the facility engaged
the securing mechanism of the lock to
lock the access hatch, and actions were
taken to reduce the likelihood the
problem would recur by training the
employee on how to successfully engage
the securing mechanism of the lock in
order to lock the access hatch.
Further, FDA has provided a flexible
time period for review, allowing review
of monitoring and corrective action
records to take place in an ‘‘appropriate
timeframe.’’ For example, a facility
chooses to use several mitigation
strategies, including adequate lighting,
at the bulk truck unloading bay to
protect the actionable process step, and
the lighting may be monitored each time
a shipment is received or on a weekly
basis depending on the facility’s
determination of the frequency of the
monitoring procedures. The review of
these monitoring records may occur on
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
a weekly or monthly basis, depending
on the frequency of the monitoring
procedures and the role this mitigation
strategy plays in a facility’s food defense
system. We disagree that this
requirement is too prescriptive.
(Comment 94) Some comments assert
that industry cannot be held to a
standard of absolute prevention of
intentional adulteration, and given this
assertion, one of these comments further
states that effectiveness of mitigation
strategies should be interpreted
reasonably by both FDA and industry.
The comment agrees that facilities
should be expected to take reasonably
appropriate measures to mitigate
vulnerabilities and also states that
facilities should have discretion to
determine how mitigation strategies are
effective. This comment goes on to state
that facilities should not be expected to
employ a certain measure just because
the measure is available, particularly
when the added benefit might be
minimal. Finally, the comment states
that, in the context of interpreting
effectiveness of mitigation strategies in
a reasonable manner, FDA should be
mindful of the extremely low likelihood
of an intentional adulteration event that
may cause massive public health harm
or economic disruption.
(Response 94) We acknowledged the
low probability of an intentional
adulteration event that may cause wide
scale public health harm in the
proposed rule (78 FR 78014 at 78024).
The rule does not create a standard of
absolute prevention at every identified
actionable process step. Mitigation
strategies are, among other things, ‘‘riskbased’’ and ‘‘reasonably appropriate
measures.’’ They are employed to
‘‘significantly minimize or prevent’’
significant vulnerabilities.
Furthermore, each facility has some
degree of discretion in determining
how, and whether, each mitigation
strategy is properly implemented, as
part of the facility’s written explanation
of how the mitigation strategy
sufficiently minimizes or prevents the
significant vulnerability associated with
the actionable process step.
Additionally, facilities are not
required to employ measures just
because they are available or
convenient. Rather, facilities are
required to identify and implement
mitigation strategies that reflect the
specific circumstances of the actionable
process step and the facility. Because
the facility considers these
circumstances when identifying and
implementing an appropriate mitigation
strategy, and provides a written
explanation of how the mitigation
strategy sufficiently minimizes or
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
prevents the significant vulnerability
associated with an actionable process
step, a facility may choose a mitigation
strategy that it believes provides
maximum benefit, regardless of
availability or convenience, if it
complies with the requirement to
significantly minimize, or prevent, the
significant vulnerability.
2. Proposed § 121.150(d)—Reanalysis
(Final § 121.157)
We proposed that you must conduct
a reanalysis of the food defense plan (1)
At least once every 3 years; (2)
Whenever a significant change in the
activities conducted at your facility
creates a reasonable potential for a new
vulnerability or a significant increase in
a previously identified vulnerability; (3)
Whenever you become aware of new
information about potential
vulnerabilities associated with the food
operation or facility; (4) Whenever you
find that a focused mitigation strategy is
ineffective; and (5) Whenever FDA
requires reanalysis to respond to new
vulnerabilities and developments in
scientific understanding including, as
appropriate, results from the
Department of Homeland Security
biological, chemical, radiological, or
other terrorism risk assessments. These
requirements for reanalysis of the food
defense plan were proposed within
§ 121.150 Verification.
Many comments responded to
§ 121.150 (Verification) as a whole,
without specifically referring to
reanalysis as an area needing edits.
However, some comments regarding
verification potentially apply to
reanalysis, and these are addressed in
this section. Some comments support
the proposed requirements without
change and some support the proposed
provisions but ask for more flexibility
and suggest alternative regulatory text.
After considering these comments, to
improve clarity and readability and to
be consistent with the PCHF final rule
with respect to the regulatory text for
reanalysis, we have removed reanalysis
from § 121.150 and created a new
section § 121.157 devoted entirely to
requirements for reanalysis. We have
revised the regulatory text within this
section to clarify which portions of the
food defense plan will need reanalysis
and how often (e.g., the whole plan
needs reanalysis at least every 3 years,
and the whole plan or the applicable
portions of the plan need reanalysis for
all other reasons required in the text), to
expand the scope of situations that
trigger a reanalysis (e.g., added a
reanalysis requirement when required
by FDA based on credible threats to the
food supply), and we increased clarity
PO 00000
Frm 00043
Fmt 4701
Sfmt 4700
34207
for when the reanalysis requires a
revision to the food defense plan (e.g.,
the proposed language stated a revision
to the food defense plan is required
when a significant change is made, and
the text was edited to state that a
revision to the food defense plan is
required when a significant change in
activities conducted at your facility
creates a reasonable potential for a new
significant vulnerability or a significant
increase in a previously identified
vulnerability). Also, the new reanalysis
section provides more flexibility in the
timeframe for when a reanalysis must be
completed, and clarifies when a
reanalysis requires a revision to the food
defense plan.
In the following paragraphs, we
discuss comments that suggest one or
more changes to the proposed
requirements.
(Comment 95) Some comments state
that greater flexibility is needed to
reflect the differences between
mitigation strategies and preventive
controls and that verification is one
potential area in which to increase
flexibility. These comments believe that
the oversight burden and the records
burden associated with verification
could be lessened by adding more
flexibility.
(Response 95) We interpreted these
comments to include reanalysis in the
verification activities mentioned. We
agree that the overall regulatory
framework for this rule should provide
more flexibility than that of a traditional
HACCP approach and have described
our general thinking in Comment 1 and
Comment 2 of this document. To align
with this thinking we have made
specific changes to the reanalysis
requirements. We removed reanalysis
from § 121.150 and created a new
section § 121.157 devoted entirely to
requirements for reanalysis to help
clarify activities for the purpose of
verification versus activities specific to
reanalysis. Within this section we
provide for reanalysis of an applicable
portion of the food defense plan (rather
than the complete food defense plan) in
specified circumstances. We have
revised the regulatory text to state that
when reanalysis is conducted for any
reason other than § 121.157(a) (every 3
years), the food defense plan as a whole
may need to be reanalyzed, or just the
applicable portion of the food defense
plan that may be affected by the
proposed change or the new information
(see § 121.157(a) and 121.157(b)). In the
proposed rule, the portions of the plan
that required reanalysis were not
detailed, and the implication was that
the entire plan must be reanalyzed in all
cases. Our clarification of this language
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34208
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
allows flexibility for the facility to
determine the extent of the required
reanalysis based on the nature of the
reanalysis trigger. In addition, we made
associated editorial changes for the
intentional adulteration reanalysis
requirements to improve the readability
of the requirement to conduct reanalysis
‘‘whenever a mitigation strategy, a
combination of mitigation strategies, or
the food defense plan as a whole, is not
properly implemented’’ (see
§ 121.157(b)(3)). In the proposed rule
this requirement applied only to the
ineffective nature of a mitigation
strategy and did not take into account
other areas of the food defense plan that
may be contributing to an ineffective
food defense plan. We also added new
text to the reanalysis requirement to
allow FDA to require a reanalysis
‘‘when credible threats are made to the
food supply’’, as discussed more fully in
section III.C.
Further, additional flexibility has
been provided with respect to
timeframes associated with completing
reanalysis. The proposed rule required
that reanalysis be completed ‘‘before the
change in activities at the facility were
operative’’ or ‘‘when necessary, during
the first 6 weeks of production.’’ The
new requirement states that the
reanalysis must be complete ‘‘before any
changes in activities (including any
change in mitigation strategy) at the
facility is operative,’’ or ‘‘when
necessary, within 90 days of
production’’ or ‘‘within a reasonable
timeframe, providing a written
justification is prepared for a timeframe
that exceeds 90 days after production of
the applicable food first begins.’’ This
flexibility in timeframes lessens the
burden on the facility. We believe the
90-day timeframe is sufficient for
completing the reanalysis but recognize
that there may be instances where the
90-day timeframe is exceeded and this
is allowed with sufficient written
justification.
We lessened the documentation
burden by only requiring a revision to
the food defense plan ‘‘if a significant
change in the activities conducted at
your facility creates a reasonable
potential for a new significant
vulnerability or a significant increase in
a previously identified vulnerability.’’
The proposed rule required a revision to
the food defense plan if ‘‘a significant
change was made.’’ By stating
specifically that revisions are only
required if a change is made in activities
that affect vulnerabilities, we eliminate
the revision requirements for changes
that are not directly related to the risk
of intentional adulteration. Both the
proposed and final rules provide for the
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
option to conclude that a revision to the
food defense plan is not needed as long
as the basis for that conclusion has been
documented.
Many of the changes we made to the
reanalysis provisions are similar to
changes made in the PCHF final rule,
and we believe this consistency will
assist with overall understanding and
implementation of these rules.
(Comment 96) Some comments ask us
to recognize other terminologies
suggesting reanalysis could be referred
to as ‘‘reassessment.’’
(Response 96) We decline this
request. We have acknowledged that the
terminology used in relation to the
concept of ‘‘reanalysis’’ varies in current
regulations and guidelines for systems
such as HACCP (78 FR 3646 at 3759).
A facility may choose to use a term such
as ‘‘reassessment’’ in its records—e.g., if
it relies on existing records that use the
term ‘‘reassessment’’ to satisfy some or
all of the requirements of this rule for
reanalysis. However, the rule will use a
single term to minimize the potential for
confusion about whether different terms
have a different meaning for the
purposes of the rule.
H. Proposed § 121.160—Training (Final
§ 121.4)
We proposed in § 121.160 to require
that (1) Personnel and supervisors
assigned to actionable process steps
must receive appropriate training in
food defense awareness and their
respective responsibilities in
implementing focused mitigation
strategies and (2) All required training
must be documented in records. We
asked for comment on several questions
related to training, including whether
we should require that basic food
defense awareness training be
completed by all employees and
whether we should require training to
be repeated periodically. We also
requested comment on the adequacy of
FDA’s Food Defense 101 training
materials and whether additional FDA
training materials are needed. Finally,
we requested comment on the feasibility
of the proposed training requirements,
in light of the current state of food
defense awareness in the industry and
available training resources.
No comments disagree with the need
for training for facilities to be able to
properly implement this rule, and many
comments acknowledge that training is
crucial to creating an effective food
defense environment in a facility. Some
comments agree with our proposed
training approach, and other comments
request changes. After considering the
comments, we have changed the
training requirements by creating a new
PO 00000
Frm 00044
Fmt 4701
Sfmt 4700
section, § 121.4 (Qualifications of
Individuals Who Perform Activities
Under Subpart C), which replaces
§ 121.160 and defining the term
‘‘qualified individual’’ in § 121.3. In
summary, the final rule requires all
individuals who perform activities
under Subpart C to be qualified through
training or job experience or a
combination thereof. Individuals and
their supervisors at actionable process
steps are required to take food defense
awareness training and individuals who
prepare the food defense plan, conduct
a vulnerability assessment, identify and
explain mitigation strategies and
perform reanalysis must have
successfully completed training for the
specific activity at least equivalent to
that received under a standardized
curriculum recognized as adequate by
FDA or be otherwise qualified through
job experience to conduct the activities.
Section 121.4 requires that
individuals performing activities under
Subpart C have certain qualifications
that vary based on the activity
performed. Section 121.4(a) requires
that you ensure that each individual
who performs activities required under
Subpart C is a qualified individual. A
qualified individual is ‘‘a person who
has the education, training, or
experience (or a combination thereof)
necessary to perform an activity
required under Subpart C, as
appropriate to the individual’s assigned
duties. A qualified individual may be,
but is not required to be, an employee
of the establishment’’ (§ 121.3). See
section IV.C.4 for further discussion of
this definition. Section 121.4(b) requires
that each individual assigned to an
actionable process step (including
temporary and seasonal personnel) or in
the supervision thereof must (1) be a
qualified individual and (2) receive
training in food defense awareness.
Section 121.4(c) requires that each
individual assigned to (1) the
preparation of the food defense plan, (2)
the conduct of a vulnerability
assessment, (3) the identification and
explanation of the mitigation strategies,
or (4) the reanalysis of the food defense
plan must be a qualified individual and
have successfully completed training for
the specific activity at least equivalent
to that received under a standardized
curriculum recognized as adequate by
FDA or be otherwise qualified through
job experience to conduct the activities.
Job experience may qualify an
individual to perform any of the
activities listed previously if such
experience has provided an individual
with knowledge at least equivalent to
that provided through the standardized
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
curriculum. Section 121.4(d) requires
that responsibility for ensuring
compliance by individuals with the
requirements be clearly assigned to
supervisory personnel with adequate
qualifications to supervise the activities.
Section 121.4(e) requires that the
training required by § 121.4(b) and (c)
must be documented in records that
include the date of the training, the type
of training, and the person trained, and
must be established and maintained in
accordance with the requirements of
subpart D.
In the following paragraphs, we
discuss comments that respond to our
request for comment regarding the
proposed training requirement and
comments that request changes to the
training requirement as proposed.
(Comment 97) Some comments assert
that FDA should require facilities to
conduct food defense awareness
training for all employees and not just
for employees and supervisors who
work at actionable process steps. Some
comments indicate that, since food
defense is a new area of regulation, that
training to increase general awareness
by all employees would be a useful
requirement in gaining familiarity with
the risk and mitigation of intentional
adulteration. Some comments state that
food defense awareness training for all
employees is fundamental for creating a
food defense culture at a facility and
may be the critical element for
preventing a successful attack.
Alternatively, some comments state that
expanding the food defense awareness
training requirement to all employees
will not advance food defense and could
create a generalized approach that may
diminish the ability of the facility to
effectively train personnel who have
significant roles in implementing food
defense requirements. Some comments
state that the cost of requiring training
of all employees would be overly
burdensome.
(Response 97) Although we agree that
food defense awareness training would
be useful for all employees, we believe
that the best use of training resources for
industry would be to focus the
requirement for food defense awareness
training on personnel who are assigned
to an actionable process step. We do not
believe it is necessary to require that
facilities provide all employees with
awareness training to significantly
minimize or prevent significant
vulnerabilities. Although we disagree
that training all employees could
diminish the ability of a facility to
effectively train personnel, we agree that
concentrating awareness training on
certain individuals is less burdensome
than a general training requirement. We
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
believe it is the best use of resources to
train individuals at actionable process
steps in food defense awareness because
that is where intentional adulteration,
when intended to cause wide scale
public health harm, is most likely to
occur. Our food defense guidance
includes options for increasing general
awareness of food defense throughout a
facility by incorporating the importance
of food defense procedures into routine
facility communications, such as
brochures, staff meetings, or payroll
stuffers. We recommend that facilities
encourage all employees to report
unusual or suspicious individuals or
activities to management.
In addition to requiring food defense
awareness training for certain
individuals, the rule requires that each
individual who performs activities
required by subpart C be a qualified
individual as that term is defined in
§ 121.3. In addition, the rule requires
individuals performing certain
activities, including the preparation of
the food defense plan or the conduct of
a vulnerability assessment, to have
successfully completed training for the
specific activity at least equivalent to
that received under a standardized
curriculum recognized as adequate by
FDA or be otherwise qualified through
job experience to conduct the activities.
(Comment 98) Some comments
express a need for advanced food
defense training requirements for
individuals conducting higher level
food defense activities such as food
defense coordinators, individuals who
prepare, monitor, verify, or conduct
corrective actions associated with food
defense plans, managers or quality
control personnel or personnel who
would be responsible for identification
of appropriate mitigation strategies.
Some comments assert that these food
defense activities require specialized
knowledge that would not be covered in
food safety training and that qualified
individuals should perform these higher
level functions.
(Response 98) We agree with these
comments and are requiring that each
individual engaged in activities in
subpart C must be a qualified individual
with the appropriate education,
training, or experience (or a
combination thereof) to perform the
activity. Further, the rule requires
increased qualifications for individuals
responsible for higher level activities,
such as preparation of the food defense
plan, conducting a vulnerability
assessment, identifying and explaining
mitigation strategies, and reanalysis
(§ 121.4(c)). These individuals must
have the appropriate education,
training, or experience (or a
PO 00000
Frm 00045
Fmt 4701
Sfmt 4700
34209
combination thereof) necessary to
properly perform their assigned
activities and have successfully
completed training at least equivalent to
that received under a standardized
curriculum recognized as adequate by
FDA or be otherwise qualified through
job experience to conduct the activities.
Job experience may qualify an
individual to perform these functions if
such experience has provided an
individual with knowledge at least
equivalent to that provided through the
standardized curriculum. We believe
the activities listed previously require
an additional level of expertise and
training than other activities required
under subpart C and, therefore, FDA is
establishing a standardized curriculum
for training which individuals
performing these activities must
successfully complete (or be otherwise
qualified through job experience). This
approach is consistent with the PCHF
final rule, where additional food safety
training is required for individuals who
prepare or oversee preparation of the
food safety plan, including conducting
the hazard analysis (21 CFR
117.126(a)(2)).
We anticipate that the standardized
curriculum for activities other than the
conduct of a vulnerability assessment
will be an approximately 4-hour
training that will cover food defense
awareness and food defense planning
components such as preparing,
implementing, and reanalysis of a food
defense plan and selecting and
explaining mitigation strategies. We
plan for the training to be available
online.
The training for conducting or
overseeing a vulnerability assessment
will require in-depth analysis of the
functional and thought processes
required to properly characterize
significant vulnerabilities associated
with a facility’s points, steps, or
procedures and the identification of
actionable process steps. The process of
conducting a vulnerability assessment
may be new to much of the industry and
the training will take this into
consideration. The standardized
curriculum for conducting a
vulnerability assessment will need to
cover each required component of the
vulnerability assessment and provide
enough information for an individual to
calibrate their decision making based on
the scientific analysis required by a
vulnerability assessment. We believe
that the curriculum designed for this
activity will require multiple days and
may be best offered in person. Based on
the vulnerability assessment method
chosen, the length of the standardized
curriculum may vary, for example if a
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34210
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
facility is using the key activity types
the training could be shorter.
Finally, with regard to comments that
suggest that individuals who prepare,
monitor, verify, or conduct corrective
actions associated with food defense
plans receive specialized training, we
agree that individuals responsible for
these activities should be qualified
individuals and may need training to
perform such activities. However, we
are not standardizing a curriculum for
such training and realize that
individuals may be qualified through
education or experience to do these
activities because these concepts are not
completely unique to food defense
planning and analogous food safety
concepts have been in routine practice
in many food facilities for the purpose
of food safety plans and/or HACCP
approaches.
(Comment 99) Some comments state
that food defense awareness training
should be recognized as a beneficial
mitigation strategy within food defense
plans to create heightened awareness
and that this training can be used to
address intentional contamination
including insider threats. Other
comments state that the only
requirement for food defense should be
training and that any requirements
beyond this approach are not necessary.
(Response 99) We agree that food
defense awareness training for
employees and supervisors assigned to
actionable process steps would increase
awareness and could assist with
recognizing or thwarting an insider
threat; however, the training alone will
not protect the food at that actionable
process step. It is the properly
implemented mitigation strategies,
which are designed to reduce the
significant vulnerability at that step,
which would protect the food against
intentional adulteration.
(Comment 100) Some comments
recommend that FDA set a requirement
for periodic retraining, and some
comments suggest the training
requirement should specify training
intervals such as during an employee
‘‘onboarding’’ process and periodically
thereafter or when significant changes
are made to the food defense plan. One
comment did not request a requirement
for retraining but stated that it should be
understood that education and training
are not a one-time occurrence. One
comment asked for flexibility for
training and retraining frequencies so a
facility can take into account facility
size, environment, seasonality of
employees, and other circumstances.
(Response 100) We agree that training
should not be a one-time occurrence
and believe that by defining ‘‘qualified
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
individual’’ in terms of an ability to
perform assigned responsibilities we
have provided the flexibility for firms to
consider relevant factors in determining
how often to perform training.
Individuals conducting activities under
subpart C must be qualified to
successfully implement the food
defense measures contained in the food
defense plan. If the food defense plan
changes, because of a production change
resulting in a mitigation strategy change,
for example, employees and supervisors
may need retraining if their
responsibilities under subpart C change.
Also, retraining may be needed as a
component of corrective action. For
example, if during the course of
monitoring a facility determines that
certain mitigations strategies are not
being implemented consistently or
appropriately, a component of the
corrective action may be to retrain the
responsible staff and their supervisors.
To ensure that employees remain
qualified to perform their duties under
subpart C, facilities will need to retrain
employees when the food defense plan
changes and when a problem has been
identified that training would address.
(Comment 101) Some comments
commend FDA on the development of a
broad range of free training materials
that will be efficient and useful to meet
training requirements. Some comments
suggest updating and expanding these
trainings to include options for free,
downloadable, and customizable
materials to reach a broad range of
cultural and language groups, and to
include information on how to protect
food defense-related documents. One
comment recommends that FDA update
all of its food defense resources to
reflect the requirements ultimately
included in this final rule. One
comment suggests that FDA develop a
‘‘train-the-trainer’’ course that could be
effectively utilized by industry to equip
management of food companies with the
training materials needed to comply
with the training requirements.
(Response 101) We agree that many of
our trainings and other resources will
assist industry in complying with this
rule. However, we recognize that many
of our existing materials will need to be
updated to reflect the provisions of the
rule and new training materials will
need to be developed. We intend to
update our training materials to provide
an option to comply with the food
defense awareness training requirement,
and we will be developing a
standardized curriculum for training in
accordance with the requirements of
§ 121.4(c). We anticipate the
standardized content of the training will
be modular, with certain modules
PO 00000
Frm 00046
Fmt 4701
Sfmt 4700
varying based on the difficulty and skill
level of the activity being performed,
with the vulnerability assessment
training module being the most in-depth
and lengthy (See Comment 80 and
Comment 81).
The training for individuals and
supervisors assigned to actionable
process steps may require facilityspecific information for proper
implementation of the mitigation
strategy or strategies and, therefore, will
need to be developed and administered
on the job and will not be developed by
FDA.
We will continue to provide food
defense training and other materials in
as many formats as resources allow,
such as online, DVD, and hard copy.
FDA currently has some food defense
materials in languages other than
English, but will work as we are able
towards translating more materials in
other languages to reach a broader
audience.
In response to the development of a
‘‘train the trainer’’ course to assist
management with meeting the training
requirements of this rule, we interpret
this comment to mean that we should
offer materials so that companies can
deliver their own food defense
awareness training. Since the
requirement for awareness training has
inherent flexibility, facilities can deliver
their own food defense awareness
trainings. We believe the training tools
and resources that we intend to update,
based on the requirements of this rule,
will assist facility management with
gaining knowledge necessary for
delivering food defense awareness
training, and we intend to explore the
development of a ‘‘train the trainer’’ in
consultation with the alliance to meet
the needs of the standardized
curriculum requirements.
(Comment 102) Some comments
request that FDA support the
development and distribution of
educational and training resources to
assist very small facilities exempt from
the rule with voluntary compliance.
Some comments request that FDA
clarify how it will work with retail
stakeholders to strengthen education
and training for retail facilities that want
to take voluntary food defense risk
reduction measures.
(Response 102) FDA offers free tools
and food defense awareness training, as
well as guidance, that we intend to
update based on the final requirements
which should assist non-covered
entities, such as those at the retail level,
who wish to voluntarily comply with
the final provisions of this rule.
(Comment 103) Some comments
support the food defense awareness
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
training requirement but ask that FDA
keep the requirement flexible and make
clear that online training or other nonFDA developed trainings are acceptable.
One comment asked us to state whether
the ‘‘Food Defense 101’’ training
released in 2013 by FDA is the preferred
resource for employee awareness
training. Some comments state that it
might not be possible to provide the
same type of training to all staff at
various levels, and that it should be up
to the facility to determine which
training to provide to which staff, based
on their food defense responsibilities.
(Response 103) We agree with the
need to avoid rigid requirements with
respect to training content for food
defense awareness. We recognize that
many food defense awareness trainings
exist and may already be utilized at
facilities, and mandating specific
content in trainings may lead to
redundancy and additional cost. We
intend to update our ‘‘Food Defense
101, Food Defense Awareness for the
Front-line Employee’’ training such that
it would satisfy the requirement for food
defense awareness training; however, it
is not the only acceptable training. In
addition, we believe that there are
several existing trainings that would be
acceptable for other activities that may
require training such as food defense
monitoring, food defense corrective
actions, and food defense verification.
(Comment 104) Some comments
recommend that, because food defense
is a new and evolving area, and because
this regulation will be the first of its
kind worldwide, training and education
need to occur at many levels to
effectively implement this rule. These
comments state that FDA must provide
significant outreach and education to
both industry and State regulatory
Agencies with jurisdiction over the
production of human food. These
comments emphasize that FDA and
State and local inspection personnel
will need significant training in
conducting food defense inspections
and that training developed for FDA
investigators should be extended to
State and local governments as well as
industry to help food facilities
understand what is expected and how
compliance will be determined.
(Response 104) We appreciate these
comments regarding consistency of
training between industry and Federal,
State, local and tribal regulators, and we
agree that this is a novel area of
regulation that could benefit from
alignment of training between the
regulated industry and its regulators.
We have addressed the issue of training
for the purposes of inspection and
compliance in section III.D, but in
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
general, FDA is still in the process of
assessing its training needs for
inspection and enforcement of this rule.
(Comment 105) Some comments state
that Alliances have been successfully
used to support implementation of other
national requirements, including other
FSMA rules, using a partnership model.
These comments recommend that FDA
consider formation of an Alliance
structure for the area of food defense as
well. Comments state that Alliances,
made up of State and local public health
professionals, State and local public
health associations, and industry can
play an important role in information
sharing and outreach and a formal
Alliance for food defense is the best way
to accomplish the development of
standardized food defense training
content and effective training tools and
resources.
(Response 105) We agree with these
comments and have funded the
establishment of an Intentional
Adulteration Subcommittee under the
existing Food Safety Preventive Controls
Alliance. We intend to leverage the
expertise of State and local public
health professionals, State and local
public health associations, and industry
associations to develop the standardized
curriculum needed to meet the training
requirement.
(Comment 106) Some comments
suggest that FDA establish a technical
assistance office based out of the Center
for Food Safety and Applied Nutrition
(CFSAN) that can answer queries,
provide guidance, and release
information consistently to both
regulators and the covered industry to
assist with educating industry and
regulators.
(Response 106) FDA has established a
FSMA Technical Assistance Network
(TAN) to provide technical assistance to
industry, regulators, academia,
consumers, and others regarding FSMA
implementation. Inquiries are answered
by FDA Information Specialists or
Subject Matter Experts, based on the
complexity of the question. To find out
more about the FSMA TAN please visit
https://www.fda.gov/food/guidance
regulation/fsma/ucm459719.htm.
(Comment 107) Some comments
request funding from FDA for the
training of State, local, tribal, and
territorial regulators.
(Response 107) Funding associated
with training State, local, tribal, and
territorial regulators is outside the scope
of this rule.
(Comment 108) One comment asserts
that training and compliance incentives
must be available at the same time the
final regulation is released to give
facilities time to learn about, build, and
PO 00000
Frm 00047
Fmt 4701
Sfmt 4700
34211
deploy an effective implementation
plan.
(Response 108) It is unclear what is
meant by training and compliance
incentives, but we have established
extended compliance dates to allow
facilities the time necessary to comply
with this training requirement. See
section VIII for information on
compliance dates.
(Comment 109) One comment
suggests that FDA should mandate
training on a ‘‘code of ethics’’ to prevent
economically motivated adulteration.
(Response 109) Acts of intentional
adulteration for the purpose of
economic gain, i.e., economically
motivated adulteration, are outside the
scope of the rule and are addressed in
the preventive controls for human food
rule (80 FR 55907 at 56028–56029) and
the preventive controls for animal food
final rule (80 FR 56170 at 56244–56246).
VI. Subpart D: Comments on
Requirements Applying to Records
That Must Be Established and
Maintained
We proposed to establish in subpart D
requirements that would apply to all
records that would be required by the
various provisions of proposed part 121,
including general requirements related
to the content and form of records,
additional requirements specific to the
food defense plan, requirements for
record retention, requirements for
official review of records by FDA, and
public disclosure.
Some comments generally support
requiring records to demonstrate that a
food defense plan has been created, is
functioning, and is being monitored.
However, many comments disagreed
with some of the specific requirements
that we proposed. In the following
paragraphs, we discuss comments that
ask us to clarify the proposed
requirements, disagree with, or suggest
one or more changes to the proposed
requirements.
A. Proposed § 121.301—Records Subject
to the Requirements of This Subpart D
We proposed that all records required
by proposed subpart C (Food Defense
Measures) are subject to all
requirements of this subpart except that
the requirements of § 121.310 apply
only to the written food defense plan.
We received no comments on this
section and are finalizing as proposed.
B. Proposed § 121.305—General
Requirements Applying to Records
We proposed that the records must (1)
be kept as original records, true copies,
or electronic records (and that electronic
records must be kept in accordance with
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34212
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
part 11 (21 CFR part 11)); (2) contain the
actual values and observations obtained
during monitoring; (3) be accurate,
indelible, and legible; (4) be created
concurrently with performance of the
activity documented; (5) be as detailed
as necessary to provide history of work
performed; and (6) include the name
and location of the plant or facility, the
date and time of the activity
documented, the signature or initials of
the person performing the activity, and,
where appropriate, the identity of the
product and the production code, if any.
In the following paragraphs, we discuss
comments that ask us to clarify the
proposed requirements or that disagree
with, or suggest one or more changes to,
the proposed requirements.
(Comment 110) Several comments
express concern over the proposed
requirement that all electronic records
be kept in accordance with part 11 and
request that FDA exempt electronic
records under part 121 from compliance
with part 11. Comments argue that
while some of the larger companies may
have the technologies in place to
comply with part 11, many of the
covered facilities do not. These
comments assert that compliance with
part 11 would create the need to
redesign and recreate existing systems,
thus leading to considerable cost, which
was not taken into account in the cost
analysis in the preliminary regulatory
analysis for the proposed rule. The
comments go on to point out that we do
not impose these requirements for
recordkeeping requirements imposed
under section 414 of the FD&C Act, and
that this requirement is an added
burden and expense that does not have
any added benefit to public health.
(Response 110) The final rule does not
require compliance with part 11
(§ 121.305 (a)). Similar to the PCHF final
rule, we are making a conforming
change in part 11 to specify in new
§ 11.1(o) that part 11 does not apply to
records required to be established or
maintained under part 121, and that
records that satisfy the requirements of
part 121, but that also are required
under other applicable statutory
provisions or regulations, remain
subject to part 11. Although we are not
specifying that part 11 applies, facilities
should take appropriate measures to
ensure that records are trustworthy,
reliable, and generally equivalent to
paper records and handwritten
signatures executed on paper.
(Comment 111) One comment asserts
that while it is common for certain
records to be created concurrently with
performance of the activity, some
records may require more time for
writing, reviewing, editing, or
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
approving. The comment requests that
we provide for the creation of records
‘‘in a timely manner following
performance of the activity,’’ rather than
‘‘concurrently with performance of the
activity.’’
(Response 111) We decline this
request. The comment did not provide
any specific examples of activities
where concurrent record creation would
prove difficult, and we are not aware of
any such circumstance. For example, we
are not aware of any difficulty
complying with longstanding similar
requirements associated with our
HACCP regulations for seafood and
juice (see §§ 123.9(a)(4) and
120.12(b)(4), respectively).
(Comment 112) Some comments
assert that for certain production and
associated activities documenting the
time of activity is not necessary.
Specific examples cited include
equipment setup, verification of
equipment setup, charging an ingredient
into a blender, and weighing material
for process yield and reconciliation
purposes. These comments ask us to
modify the proposed requirements so
that the records would only be required
to include the time of the activity where
appropriate for food defense.
(Response 112) The recordkeeping
requirements in the rule only apply to
records required by subpart C (Food
defense measures). It is not clear that all
of the activities specified by the
comments relate to food defense
measures and therefore are subject to
the recordkeeping requirements in the
rule. For records that are required, we
agree that documenting the time of the
activity is not always necessary. The
rule requires that records must contain
‘‘when appropriate, the time of the
activity documented’’ (§ 121.305(f)(2)).
Monitoring records are an example of
when documenting the time of the
activity is appropriate because
monitoring records are used to
determine if a particular mitigation
strategy is properly implemented.
Without documenting the time the
monitoring was conducted, a facility
cannot identify patterns over time as to
the mitigation strategy’s implementation
and whether appropriate corrective
actions were being made. For
mitigations strategies that are not timedependent (e.g., permanent equipment
changes to reduce access to the product,
such as permanently affixing a shield to
the rotating air drying to prevent access
to the food at the point where product
is introduced into the dryer from the
pneumatic conveyance), facilities are
not required to document the time the
activity was performed.
PO 00000
Frm 00048
Fmt 4701
Sfmt 4700
(Comment 113) Some comments
express concern that we will require
records to be kept in English. These
comments ask us to limit the documents
that must be written in English to
reduce translation and records
duplication. These comments ask that
records related to verification and
monitoring should be allowed to be
written in languages other than English.
(Response 113) The rule does not
require that any records be kept in
English.
(Comment 114) One comment seeks
clarification on whether the use of
checklist-type forms to document
monitoring observations would satisfy
the requirement in § 121.305(b) that
records contain actual values and
observations obtained during
monitoring. The comment argues that
properly developed checklists will
allow monitoring records to be accurate,
indelible, and legible as required in
§ 121.305(c) and will lessen the
recordkeeping burden. For example,
monitoring a mitigation strategy such as
adequate lighting at the truck unloading
bay could be recorded as a ‘‘yes’’ or
‘‘no’’ by checking the appropriate box
on a checklist.
(Response 114) Although monitoring
records must contain the actual values
and observations obtained during
monitoring, facilities have flexibility to
tailor the amount of detail to the nature
of the record (§ 121.305(e)). Monitoring
for adequate lighting at the truck
unloading bay could be recorded as
‘‘yes’’ or ‘‘no’’ in either a narrative or
checklist format. However, in the case of
an improperly implemented mitigation
strategy, we would recommend that the
facility also document the extent to
which the strategy was incorrectly
applied, because this information would
support the identification of previously
written corrective actions that could be
used to remedy the situation, as well as
provide context as to why the mitigation
strategy failed in this instance, which
would be beneficial information for
verification activities. For example, if
lighting in the bulk unloading bay was
insufficient, the monitoring document
may record this instance as ‘‘no’’ in a
checklist and also may note that half of
the lights were inoperative due to a
circuit-breaker that failed. This
information would be helpful to facility
management to determine whether the
mitigation strategy is consistently
applied and appropriate to the
actionable process step in question. In
this case, a faulty circuit breaker would
be replaced, thereby correcting the
deviation in the mitigation strategy. The
mitigation strategy could still be
determined to be achieving its aim with
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
this corrective action. Alternatively, if
monitoring records document that the
lighting was turned off by an employee,
a different corrective action may be
required, such as retraining of the
employee on the importance of
maintaining adequate lighting in the
area. We note in Response 83 that
ensuring adequate lighting around an
actionable process step would generally
be a mitigation strategy that must be
used in concert with other strategies to
significantly reduce the likelihood of, or
prevent, successful acts of intentional
adulteration at an actionable process
step.
mstockstill on DSK3G9T082PROD with RULES4
C. Proposed § 121.310—Additional
Requirements Applying to the Food
Defense Plan
We proposed that the food defense
plan must be signed and dated by the
owner, operator, or agent in charge of
the facility upon initial completion and
upon any modification. We did not
receive any comments related to this
section, and we are finalizing as
proposed.
D. Proposed § 121.315—Requirements
for Record Retention
We proposed that (1) All required
records must be retained at the facility
for at least 2 years after the date they
were prepared; (2) The food defense
plan must be retained at the facility for
at least 2 years after its use is
discontinued; (3) Except for the food
defense plan, offsite storage of records is
permitted after 6 months following the
date that the records were made if such
records can be retrieved and provided
onsite within 24 hours of request for
official review; and (4) If the facility is
closed for a prolonged period, the
records may be transferred to some
other reasonably accessible location but
must be returned to the plant or facility
within 24 hours for official review upon
request.
(Comment 115) One comment asserts
that a 2-year retention period for
monitoring, corrective actions, and
verification records for a product with a
short shelf life is unnecessary. The
comment argues that industry has been
following record retention requirements
in the Seafood HACCP regulation which
requires 1 year records retention for
refrigerated products and 2 years
records retention for frozen, preserved,
or shelf-stable products and requests
that we use the same requirements in
this rule.
(Response 115) We decline this
request. The 2-year record retention
period is explicitly provided for by
section 418(g) of the FD&C Act. Further,
shelf life is more relevant to record
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
retention requirements for the purpose
of tracking potentially contaminated
food than to record retention
requirements for the purpose of
evaluating compliance with this rule.
Finally, 2 years is the same retention
period as required by the PCHF final
rule.
(Comment 116) Some comments ask
us to exercise flexibility regarding the 2year record retention requirement
because the unique nature of food
defense activities and the technologies
used in protecting the food supply
against intentional adulteration do not
typically allow for record retention for
such a long period of time. For example,
several comments explain that records
related to video surveillance cannot be
kept for 2 years because it is
impractical; industry practice is
typically to keep video records for 30
days or less. Comments argue that
requiring 2-year retention of video
records would be very difficult and
costly, and that FDA likely did not
include calculations for those added
costs in our preliminary regulatory
impact analysis for the proposed rule.
(Response 116) The assertion that it is
impractical for food defense records
cannot be kept for 2 years seems to
reflect a misunderstanding of the rule.
The rule does not require maintaining
video surveillance footage for 2 years.
Video surveillance used as part of a
mitigation strategy is not a monitoring
record. If the video is being sent to a
security office for observation, the
monitoring record could be a log
affirming that a security officer
reviewed the video and detected no
abnormal activities. If the video is being
watched by a security officer in real
time, the monitoring record could be the
timesheets of the security officer
showing he was in the security office
performing his duties in observing the
video feed.
(Comment 117) Some comments ask
us to specify our expectations for record
availability and allow companies the
flexibility in using technology to meet
those expectations. The comments
explain that many companies keep
important records such as food defense
plans at their corporate headquarters or
other central locations and not at
individual facilities but that the
facilities can easily access those records
electronically if needed. The comments
also assert that 6-month onsite record
retention requirement is arbitrary and
that FDA should establish a workable
requirement that provides for the
efficient storage and retrieval of records
in a timely manner. Some comments ask
us to revise the requirement so that
records that can be retrieved and
PO 00000
Frm 00049
Fmt 4701
Sfmt 4700
34213
provided onsite within 24 hours would
be sufficient.
(Response 117) We have revised the
provisions to provide for offsite storage
of all records (except the food defense
plan), provided that the records can be
retrieved and made available to us
within 24 hours of a request for official
review. We expect that many records
will be electronic records that are
accessible from an onsite location and,
thus, would be classified as being onsite
(see § 121.315(c)). As a companion
change, we have revised the proposed
provision directed to the special
circumstance of storing records when a
facility is closed for prolonged periods
of time so that it only relates to the
offsite storage of the food defense plan
in such circumstances (see
§ 121.315(d)). Further, we require
records that a facility relies on during
the 3-year period preceding the
applicable calendar year to support its
status as exempt as a very small
business must be retained at the facility
as long as necessary to support the
status of a facility as a very small
business during the applicable calendar
year (see § 121.315(a)(2)).
(Comment 118) One comment states
that records and documentation should
not increase costs for farm-based
operations, most of whom operate as
small businesses. They argue that these
businesses already maintain a variety of
records but some do not have the
technical or financial resources
available to maintain an electronic
system for records. The comment
requests that FDA accept records in
formats that are not electronic.
(Response 118) To clarify, we did not
propose to require that any records must
be kept in electronic format. In addition,
this rule does not apply to farms.
E. Proposed § 121.320—Requirements
for Official Review
We proposed that all records required
by this part must be made promptly
available to a duly authorized
representative of the Secretary of Health
and Human Services upon oral or
written request. In the following
paragraphs, we discuss comments that
ask us to clarify the proposed
requirements or that disagree with, or
suggest one or more changes to, the
proposed requirements.
(Comment 119) Some comments
assert that FDA investigators should
only review food defense plans on site
and that we should not copy,
photograph, transmit, or take possession
of food defense plans. These comments
assert that onsite review of records
allows facility staff that is familiar with
the documents and recordkeeping
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34214
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
practices to answer any questions or
provide clarification to the investigator.
Some comments state that we should
make it clear that any State investigators
must follow the same policy and not
copy, photograph, transmit, or take
possession of food defense plans. Other
comments assert that we should only
take possession of food defense plans
for compliance reasons or in the event
of an emergency or a credible threat.
(Response 119) Some of the issues
raised by these comments are similar to
issues raised by comments on the PCHF
rule (see the discussion at 80 FR 55908
at 56091) and seafood HACCP rule (see
the discussion at 60 FR 65096 at 65137–
65140, December 18, 1995). During an
inspection, we expect that FDA
investigators will determine whether to
copy records on a case-by-case basis as
necessary and appropriate. It may be
necessary to copy records when, for
example, our investigators need
assistance in reviewing a certain record
from relevant experts in headquarters. If
we are unable to copy records, we
would have to rely solely on our
investigators’ notes and reports when
drawing conclusions. In addition,
copying records will facilitate follow-up
regulatory actions. The public
availability of any records that FDA
would possess as a result of copying
during an inspection would be governed
by section 301(j) of the FD&C Act and
by the Freedom of Information Act
(FOIA) and regulations issued pursuant
to it by the Department of Health and
Human Services (DHHS) and FDA.
Section 301(j) of the FD&C Act expressly
prohibits FDA from disclosing trade
secret information obtained during the
course of an inspection. FDA’s
disclosure regulations also provide that
FDA will not divulge either trade secret
or confidential commercial information.
See section VI.F. for a further discussion
of protecting food defense records from
disclosure.
(Comment 120) Some comments
assert that FDA investigators should not
include details of food defense plans in
the Establishment Inspection Reports
(EIR) Form 483 and that food defense
information should be kept separate
from food safety information on FDA
reports. The comments argue that if
investigators include food defenserelated noncompliance on an official
report, that report could become public
and could increase the risk to public
health by disclosing weak points in a
facility’s food defense plan.
(Response 120) As we do now, FDA
would redact any protected information
in an EIR or other document before
publically releasing the document. See
section VI.F for further discussion of
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
protecting food defense records from
disclosure.
(Comment 121) One comment asserts
that section 106 of FSMA does not give
FDA express access to review food
defense plans and that FSMA indicates
a Congressional intent to limit the
distribution of certain materials related
to food defense.
(Response 121) The provisions in
section 106 of FSMA concerning limited
distribution relate to the ability of the
Secretary of HHS (and by delegation,
FDA) to limit the distribution of certain
information already in the Agency’s
possession. Specifically, section
420(a)(2) of the FD&C Act authorizes
FDA to determine the time, manner, and
form in which a vulnerability
assessment is made publically available.
Further, section 420(b)(3) provides for
FDA to determine the time, manner, and
form in which certain guidance
documents are made public. The
provisions do not limit FDA’s authority
to access information in a facility’s
possession, such as a food defense plan.
Further, the ability of FDA to review
food defense plans is necessary for the
efficient enforcement of the FD&C Act.
The rule requires a food defense plan
consisting of a written vulnerability
assessment, mitigation strategies, and
procedures for food defense monitoring,
corrective actions, and verification.
Access to food defense plans is
necessary for FDA to assess the
adequacy of each of these documents
and determine compliance with the
rule. For example, to assess compliance
with § 121.130(a), FDA must review a
facility’s vulnerability assessment to
determine whether it includes an
evaluation of the potential public health
impact if a contaminant were added, the
degree of physical access to the product,
and the ability of an attacker to
successfully contaminated the product.
In addition to section 420 (added to
the FD&C Act by section 106 of FSMA),
FDA is issuing this rule under the
authority of section 418 of the FD&C
Act. Section 418 explicitly provides
authority for FDA access to certain
documents. Under section 418, the
required ‘‘written plan, together with
the documentation of [monitoring,
instances of nonconformance, the
results of testing and other appropriate
means of verification, instances where
corrective actions were implemented,
and the efficacy of preventive controls
and corrective actions] shall be made
promptly available to [FDA] upon oral
or written request.’’
(Comment 122) One comment asserts
that neither section 103 nor 106 of
FSMA expressly provide FDA with the
PO 00000
Frm 00050
Fmt 4701
Sfmt 4700
authority to copy food defense plans or
records.
(Response 122) As we described in
the seafood HACCP rule (60 FR 65096
at 65101, December 18, 1995), to
effectuate the broad purposes of the
FD&C Act, there may be some
circumstances in which access to the
records would be meaningless without
the opportunity to copy them, and
therefore copying records is necessary
for the efficient enforcement of the
FD&C Act. For further discussion of
copying records, see response to
Comment 121.
F. Proposed § 121.325—Public
Disclosure
We proposed that records required by
this part will be protected from public
disclosure to the extent allowable under
part 20 of this chapter. We received
numerous comments expressing
concern with protecting food defense
plans and records from public
disclosure, especially due to the
sensitive nature of the content within a
food defense plan. One comment fully
supports our proposal and believes
there is sufficient precedent and need to
protect the sensitive documents from
public disclosure. In the following
paragraphs, we discuss comments that
ask us to clarify the proposed
requirements or that disagree with, or
suggest one or more changes to, the
proposed requirements.
(Comment 123) Some comments
assert that food defense plans include
information that is commercial
confidential or trade secret and,
therefore, should be exempt from
disclosure under FOIA. The comments
argue that food defense plans may
include information on a facility’s food
defense-related measures and that
disclosure of one facility’s food defense
plan may adversely affect other facilities
and companies that may process similar
foods or have similar processing
procedures.
(Response 123) FDA protects records
from disclosure under Exemption 4 of
FOIA to the extent they contain ‘‘trade
secrets’’ or ‘‘commercial or financial
information obtained from a person and
privileged or confidential.’’ The
questions raised in these comments are
similar to some of the questions raised
during the rulemaking to establish our
HACCP regulation for seafood (see the
discussion at 60 FR 65096 at 65137–
65140). Our experience in conducting
CGMP inspections in processing plants,
our experience with enforcing our
HACCP regulations for seafood and
juice, and our understanding from the
Regulatory Impact Analysis for this rule
make it clear that food defense plans
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
will take each facility time and money
to develop.
There is value in a plan to a company
that produces it for no other reason than
that it took work to write. The equity in
such a product is not readily given away
to competitors. We expect that plant
configurations will be unique to
individual processors, or at least have
unique features, as was the case in the
seafood industry (Ref. 16). While
generic plans will have great utility in
many circumstances, they will serve
primarily as starting points for facilities
to develop their own plans. Facilities
will still need to expend time and
money to tailor a generic food defense
plan to their individual circumstances.
Thus, we conclude that food defense
plans generally will meet the definition
of trade secret, including the court’s
definition in Public Citizen Health
Research Group v. FDA, 704 F.2d 1280
(D.C. Cir. 1983).
(Comment 124) Some comments ask
us to provide assurances that food
defense plans and related records will
not be made public and assert that
protecting these documents from
disclosure to the extent allowable under
part 20 may not be sufficient. They
argue that food defense plans are more
sensitive than food safety plans because
food defense plans contain specifics on
a facility’s vulnerabilities and how they
protect those vulnerabilities, and as
such, could provide a ‘‘road map’’ for
individuals intending to cause harm.
These comments state that FDA should
be more protective of food defense plans
and argue that due to the sensitivity of
information contained in food defense
plans, it is too risky to rely on FOIA
exemptions alone.
(Response 124) We agree that food
defense plans contains information that
presents sensitivities not likely to be
present in food safety plans. Exemption
7(F) of FOIA allows Agencies to
withhold ‘‘records or information
compiled for law enforcement purposes
. . . to the extent that production of
such law enforcement records or
information . . . could reasonably be
expected to endanger the life or physical
safety of any individual.’’ Food defense
plans are likely to meet the criteria to
withhold them from disclosure under
exemption 7(F). Food defense plans in
FDA’s possession would be compiled
for law enforcement purposes because
they would be collected as part of
compliance efforts. Further, production
of such records could reasonably be
expected to endanger life or physical
safety. Specifically, a food defense plan
is likely to contain information that
could be used to identify weaknesses in
a facility’s security, to choose targets,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
and to help plan and execute an attack
involving intentional adulteration.
(Comment 125) Some comments state
that food defense plans could be
classified under Executive Order 13526
because their unauthorized disclosure
could reasonably be expected to cause
identifiable or describable damage to
national security and because food
defense plans pertain to ‘‘vulnerabilities
or capabilities of systems, installations,
infrastructures, projects, plans, or
protection services relating to national
security.’’ These comments
acknowledge that classifying food
defense plans would be cumbersome
and access to the classified documents
would be extremely restricted and
therefore, they recommend that FDA
implement a policy that FDA
investigators not copy, photograph, or
transmit any food defense plan records
or make detailed notes about the food
defense plans in the Establishment
Inspection Reports that could reveal
sensitive information.
(Response 125) See response to
Comment 124 for a discussion of FDA
handling of food defense plans. We note
that FDA cannot classify food defense
plans under Executive Order 13526.
That executive order provides that
information may be originally classified
only if several conditions are met,
including that the information is owned
by, produced by or for, or is under the
control of the U.S. Government. A food
defense plan that is developed by
industry for use by industry is not
owned by, produced by or for, or under
the control of, the U.S. Government.
(Comment 126) One comment
suggests that FDA only allow
investigators who have the appropriate
national security credentials (e.g.,
background checks, security clearances)
to review the content of a food defense
plan. The comment asserts that this will
help prevent the risk of a sophisticated
insider attack by a potential wrongdoer
who has infiltrated the Agency.
(Response 126) All FDA investigators
and contracted State investigators are
required to undergo background checks
by the Federal government prior to
employment and periodically thereafter.
Food defense plans are not classified,
and therefore FDA investigators would
not need national security clearances.
(Comment 127) Some comments state
that FDA should, at a minimum, be
aligned with and apply the same
protection for food defense plans and
records required under this part as
HACCP seafood and juice regulations
(see §§ 123.9(d) and 120.12(f),
respectively).
(Response 127) We disagree that the
proposed provisions governing public
PO 00000
Frm 00051
Fmt 4701
Sfmt 4700
34215
disclosure are not aligned with the
public disclosure provisions of our
HACCP regulations for seafood and
juice. Our regulations in part 20
regarding public information apply to
all Agency records, regardless of
whether a particular recordkeeping
requirement says so. In the public
disclosure provisions for our HACCP
regulations for seafood and juice, we
provided specific details about how
particular provisions in part 20 (i.e.,
§ 20.61 (Trade secrets and commercial
or financial information which is
privileged or confidential) and § 20.81
(Data and information previously
disclosed to the public)) would apply to
the applicable records, because we
recognized that such details were of
particular interest to the regulated
industries and such recordkeeping
requirements were relatively new. In
this rule, we framed the provisions
regarding public disclosure more
broadly by referring to all the
requirements of part 20, consistent with
our more recent approach to public
disclosure provisions in regulations (see
e.g., 21 CFR 112.167, 117.325).
(Comment 128) Some comments
assert that FDA should develop
guidance and training for industry on
how to protect food defense-related
documents because industry is
developing these documents to meet an
FDA requirement and has a potential to
increase the risk to public health.
(Response 128) Our implementation
of this rule will involve a broad,
collaborative effort to foster awareness
and compliance through guidance,
education, and technical assistance. We
agree that protection of food defense
plans—by FDA and by industry—is
important; we plan on including
information within guidance for
industry on best practices for how to
protect food defense plans.
G. Proposed § 121.330—Use of Existing
Records
We are adding new section § 121.330
(Use of Existing Records) to the final
rule to increase recordkeeping
flexibility. Section 121.330 specifies
that existing records (e.g., records that
are kept to comply with other Federal,
State, or local regulations) do not need
to be duplicated if they contain all of
the required information and satisfy the
requirements of subpart D. Section
121.330 also provides that existing
records may be supplemented as
necessary to include all of the required
information. Further, § 121.330 clarifies
that the information required does not
need to be kept in one set of records; if
existing records contain some of the
required information, any new
E:\FR\FM\27MYR4.SGM
27MYR4
34216
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
information required may be kept either
separately or combined with the
existing records.
VII. Subpart E: Comments on
Compliance—Proposed § 121.401
1. Proposed § 121.401(a)—Failure To
Comply With Section 418 of the FD&C
Act
We proposed that the operation of a
facility that manufactures, processes,
packs, or holds food for sale in the
United States if the owner, operator, or
agent in charge of such facility is
required to comply with, and is not in
compliance with, section 418 of the
FD&C Act or subparts C or D of this part
is a prohibited act under section 301(uu)
of the FD&C Act.
We did not receive any comments on
this provision, and we are finalizing as
proposed.
2. Proposed § 121.401(b)—Failure To
Comply With Section 420 of the FD&C
Act
We proposed that the failure to
comply with section 420 of the FD&C
Act or subparts C or D of this part is a
prohibited act under section 301(ww) of
the FD&C Act.
We did not receive any comments on
this provision, and we are finalizing as
proposed.
mstockstill on DSK3G9T082PROD with RULES4
VIII. Effective and Compliance Dates
We proposed the effective date would
be 60 days after this final rule is
published. However, we proposed for a
longer timeline for facilities to come
into compliance. As proposed, facilities,
other than small and very small
businesses, would have 1 year after the
effective date to comply with part 121.
Small businesses (i.e., those employing
fewer than 500 persons) would have 2
years after the effective date to comply
with part 121. Very small businesses
(i.e., businesses that have less than
$10,000,000 in total annual sales of
food, adjusted for inflation) would have
3 years after the effective date to comply
with § 121.5(a).
Some comments express concern that
facilities will not have the time or
resources to implement requirements for
the intentional adulteration rule at the
same time they must comply with other
FSMA rules. Some comments also state
that more time is necessary to comply
with this rule because food defense is
different from current requirements for
food safety. These comments request
additional time for compliance.
We agree with the comments and are
providing more time for facilities to
come into compliance. Facilities, other
than small and very small businesses,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
have 3 years after the effective date to
comply with part 121. Small businesses
(i.e., those employing fewer than 500
full-time equivalent employees) have 4
years after the effective date to comply
with part 121. Very small businesses
(i.e., businesses that have less than
$10,000,000, adjusted for inflation, per
year, during the 3-year period preceding
the applicable calendar year in both
sales of human food plus the market
value of human food manufactured,
processed, packed, or held without sale)
have 5 years after the effective date to
comply with § 121.5(a).
IX. Executive Order 13175
In accordance with Executive Order
13175, FDA has consulted with tribal
government officials. A Tribal Summary
Impact Statement has been prepared
that includes a summary of Tribal
officials’ concerns and how FDA has
addressed them (Ref. 17). Persons with
access to the Internet may obtain the
Tribal Summary Impact Statement at
https://www.fda.gov/Food/Guidance
Regulation/FSMA/ucm378628 or at
https://www.regulations.gov. Copies of
the Tribal Summary Impact Statement
also may be obtained by contacting the
person listed under FOR FURTHER
INFORMATION CONTACT.
X. Final Regulatory Impact Analysis
We have examined the impacts of the
final rule under Executive Order 12866,
Executive Order 13563, the Regulatory
Flexibility Act (5 U.S.C. 601–612), and
the Unfunded Mandates Reform Act of
1995 (Pub. L. 104–4). Executive Orders
12866 and 13563 direct Agencies to
assess all costs and benefits of available
regulatory alternatives and, when
regulation is necessary, to select
regulatory approaches that maximize
net benefits (including potential
economic, environmental, public health
and safety, and other advantages;
distributive impacts; and equity). We
have developed a comprehensive
Economic Analysis of Impacts that
assesses the impacts of the final rule.
We believe that this final rule is a
significant regulatory action under
Executive Order 12866.
The Regulatory Flexibility Act
requires us to analyze regulatory options
that would minimize any significant
impact of a rule on small entities. The
annualized costs per entity due to this
rule are about $13,000 for a one-facility
firm with 100 employees, and there are
about 4,100 small businesses that would
be affected by the rule, so we tentatively
conclude that the final rule could have
a significant economic impact on a
substantial number of small entities.
PO 00000
Frm 00052
Fmt 4701
Sfmt 4700
The Small Business Regulatory
Enforcement Fairness Act of 1996 (Pub.
L. 104–121) defines a major rule for the
purpose of congressional review as
having caused or being likely to cause
one or more of the following: An annual
effect on the economy of $100 million
or more; a major increase in costs or
prices; significant adverse effects on
competition, employment, productivity,
or innovation; or significant adverse
effects on the ability of U.S.-based
enterprises to compete with foreignbased enterprises in domestic or export
markets. In accordance with the Small
Business Regulatory Enforcement
Fairness Act, the Office of Management
and Budget (OMB) has determined that
this rule is a major rule for the purpose
of Congressional review.
The Unfunded Mandates Reform Act
of 1995 (section 202(a)) requires us to
prepare a written statement, which
includes an assessment of anticipated
costs and benefits, before proposing
‘‘any rule that includes any Federal
mandate that may result in the
expenditure by State, local, and tribal
governments, in the aggregate, or by the
private sector, of $100,000,000 or more
(adjusted annually for inflation) in any
one year.’’ The current threshold after
adjustment for inflation is $144 million,
using the most current (2014) Implicit
Price Deflator for the Gross Domestic
Product. This final rule may result in a
1-year expenditure that would meet or
exceed this amount.
XI. Paperwork Reduction Act of 1995
This rule contains information
collection requirements that are subject
to review by the OMB under the
Paperwork Reduction Act of 1995 (PRA)
(44 U.S.C. 3501–3521). A description of
these provisions is given in this section
with an estimate of the annual reporting
and recordkeeping burden; there is no
third-party disclosure burden associated
with the information collection.
Included in the estimate is the time for
reviewing instructions, searching
existing data sources, gathering and
maintaining the data needed, and
completing and reviewing each
collection of information.
Title: Mitigation Strategies to Protect
Food Against Intentional Adulteration
Description: The Food and Drug
Administration (FDA or we) is requiring
domestic and foreign food facilities that
are required to register under the
Federal Food, Drug, and Cosmetic Act to
address hazards that may be introduced
with the intention to cause wide scale
public health harm. These food facilities
are required to identify and implement
mitigation strategies that significantly
minimize or prevent significant
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
vulnerabilities identified at actionable
process steps in a food operation. FDA
is promulgating these requirements as
part of our implementation of the FDA
Food Safety Modernization Act (FSMA).
We expect the rule to help protect food
from acts of intentional adulteration
intended to cause wide scale public
health harm.
Description of Respondents:
Respondents to the collection are food
production facilities with more than $10
million in annual sales. We estimate
there are 9,759 such facilities owned by
3,247 firms. We estimate there are
18,080 facilities with less than $10
million in annual sales that will need to
34217
very small business’’ is required to
provide for official review, upon
request, documentation that was relied
upon to demonstrate that the facility
meets this exemption. At this time we
estimate there are 18,080 firms with less
than $10 million in annual sales,
exempting them from the rule. However,
these facilities must show
documentation upon request to verify
their exempt status under the
regulations (§ 121.5(a)). We estimate
preparing and updating relevant files
will require an average of 30 minutes
per respondent for a total annual burden
of 9,040 hours (30 minutes × 18,080), as
reflected in table 4.
show documentation of their exemption
status under the rule, upon request.
In the Federal Register of December
24, 2013, FDA published a proposed
rule including a PRA analysis of the
information collection provisions found
in the regulations. While FDA did not
receive specific comments in response
to the four information collection topics
solicited, comments in response to the
rule are addressed elsewhere in this
document. Comments filed in response
to the rulemaking are filed under Docket
No. FDA–2013–N–1425.
We estimate the burden for this
information collection as follows:
Reporting: The rule does not apply to
very small businesses, except that ‘‘a
TABLE 4—ESTIMATED ANNUAL REPORTING BURDEN 1
21 CFR Section; activity
Number of
respondents
Number of
responses per
respondent
Total annual
responses
Average burden per
response
Total hours
§ 121.5; Exemption for food from very small businesses
18,080
1
1
0.50 (30 minutes)
9,040
1 There
are no capital costs, or operating and maintenance costs associated with this collection.
Recordkeeping: Under the rule, the
owner, operator, or agent in charge of a
facility must prepare, or have prepared,
and implement a written food defense
plan, including a written vulnerability
assessment; written mitigation
strategies; written procedures for
defense monitoring; written procedures
for food defense corrective actions; and
written procedures for food defense
verification. Table 5 shows the
estimated recordkeeping burden
associated with these activities, totaling
2,515,258 annual burden hours and
409,486 annual responses. This is a
revision from our previous estimate,
reflecting a slight decrease in burden
hours as a result of finalizing regulatory
requirements from the proposed rule
and revising the number of estimated
respondents.
TABLE 5—ESTIMATED ANNUAL RECORDKEEPING BURDEN 1
Number of
recordkeepers
21 CFR Section; activity
Number of
records per
recordkeeper
Total annual
records
Average
burden per
recordkeeping
Total hours
Food Defense Plan; § 121.126 ........................................
Vulnerability Assessment; § 121.130 ...............................
Mitigation Strategies; § 121.135(b) ..................................
Monitoring,
Corrective
Actions,
Verification;
§ 121.140(a), § 121.145(a)(1), § 121.150(b).
Training; § 121.4 ..............................................................
Records; § 121.305, § 121.310 ........................................
3,247
9,759
9,759
9,759
1
1
1
1
3,247
9,759
9,759
9,759
23 hrs ........................
20 hrs ........................
20 hrs ........................
175 hrs ......................
74,681
195,180
195,180
1,707,825
367,203
9,759
1
1
367,203
9,759
0.67 hrs. (40 minutes)
10 hrs ........................
244,802
97,590
Total ..........................................................................
........................
........................
409,486
....................................
2,515,258
mstockstill on DSK3G9T082PROD with RULES4
1 Costs
of compliance are discussed in the Final Regulatory Impact Analysis to this final rule.
We estimate 3,247 firms will need to
create a food defense plan under
§ 121.126, that a one-time burden of 50
hours will be needed to create such a
plan, and that a burden of 10 hours will
be required to update the plan. We
annualize this estimate by dividing the
total number of burden hours (70 hours)
over a 3-year period, as reflected in table
5, row 1.
Under § 121.130, each of the
estimated 9,759 food production
facilities will identify and specify
actionable process steps for its food
defense plan. We estimate that an
individual at the level of an operations
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
manager will need 20 hours for this
activity, as reflected in table 5, row 2.
At the same time we note that this is a
one-time burden we expect will have
been realized upon implementation of
the rule by the affected facilities. In our
subsequent evaluation of the burden
associated with this information
collection provision, we will adjust our
estimate accordingly.
Under § 121.135(b), each of the
estimated 9,759 facilities must identify
and implement mitigation strategies for
each actionable process step to provide
assurances that any significant
vulnerability at each step is significantly
PO 00000
Frm 00053
Fmt 4701
Sfmt 4700
minimized or prevented, ensuring that
the food manufactured, processed,
packed, or held by the facility will not
be adulterated. The rule does not
specify a specific number or set of
mitigation strategies to be implemented.
Some of the covered facilities are
already implementing mitigation
strategies. We estimate it will require an
average of 20 hours per facility to satisfy
the recordkeeping burden associated
with these activities for a total of
195,180 hours, as reflected in table 5,
row 3.
We estimate that the recordkeeping
activities associated with monitoring,
E:\FR\FM\27MYR4.SGM
27MYR4
34218
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
documenting mitigation strategies,
implementing necessary corrective
actions, and verification activities will
require first-line supervisors or others
responsible for quality control an
average of 175 hours for each
recordkeeper, and that these provisions
apply to each of the 9,759 facilities. This
results in a total of 1,707,825 annual
burden hours, as reflected in table 5,
row 4.
We estimate that recordkeeping
activities associated with training under
§ 121.4 total 244,802 annual burden
hours, as reflected in table 5, row 5.
This figure assumes that there are an
estimated 1.2 million employees
working at the regulated facilities and
that 30 percent of them (367,203) will
require training. This figure also
assumes that the average burden for the
associated recordkeeping activity is
approximately 40 minutes (or 0.67
hours) per record.
Finally, we expect each of the
estimated 9,759 firms will fulfill the
recordkeeping requirements under
§ 121.305 and § 121.310, and that it will
require the equivalent of an operations
manager and a legal analyst an average
of 5 hours each (10 hours) per record,
as reflected in table 5, row 6.
XII. Analysis of Environmental Impact
We previously considered the
environmental effects of this rule, as
stated in the proposed rule (78 FR
78014). We stated that we had
determined under 21 CFR 25.30(h) and
21 CFR 25.30(j) that this action is of a
type that does not individually or
cumulatively have a significant effect on
the human environment such that
neither an environmental assessment
nor an environmental impact statement
is required. We have not received any
new information or comments that
would affect our previous determination
(Ref. 18).
mstockstill on DSK3G9T082PROD with RULES4
XIII. Federalism
FDA has analyzed this final rule in
accordance with the principles set forth
in Executive Order 13132. FDA has
determined that the rule does not
contain policies that have substantial
direct effects on the States, on the
relationship between the National
Government and the States, or on the
distribution of power and
responsibilities among the various
levels of government. Accordingly, the
Agency has concluded that the rule does
not contain policies that have
federalism implications as defined in
the Executive order and, consequently,
a federalism summary impact statement
is not required.
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
XIV. References
The following references are on
display in the Division of Dockets
Management (HFA–305), Food and Drug
Administration, 5630 Fishers Lane, Rm.
1061, Rockville, MD 20852, and are
available for viewing by interested
persons between 9 a.m. and 4 p.m.,
Monday through Friday; they are also
available electronically at https://
www.regulations.gov. FDA has verified
the Web site addresses, as of the date
this document publishes in the Federal
Register, but Web sites are subject to
change over time.
1. FDA Memorandum. ‘‘FDA Memorandum
to Dockets on Records of Outreach. See
Reference 7 to the 2014 supplemental
human preventive controls notice,’’
2013.
2. FDA Memorandum. ‘‘Memoranda of
Outreach,’’ 2015.
3. FDA. ‘‘Appendix 3 to the Final Qualitative
Risk Assessment: Risk of Activity/Food
Combinations for Activities (Outside the
Farm Definition) Conducted in a Facility
Co-Located on a Farm,’’ 2016.
4. Avel, D., ‘‘ISIS Calls for Poisoning and
Running Down Westerners.’’ The
Algemeiner (https://www.algemeiner.
com/2014/11/28/isis-calls-for-poisoningand-running-down-westerners/#),
November 28, 2014. Accessed December
15, 2015.
5. Norton, R.A., ‘‘Food Defense in the Age of
Domestic Terrorism.’’ Food Safety
Magazine (https://www.foodsafety
magazine.com/enewsletter/food-defensein-the-age-of-domestic-terrorism/,
December 15, 2015. Accessed December
15, 2015.
6. Valdmanis, R., ‘‘Boston Bomb Suspect
Influenced by Al Qaeda: Expert
Witness.’’ Reuters (https://www.reuters.
com/article/us-boston-bombings-trialidUSKBN0MJ0Z620150323), March 23,
2015. Accessed December 15, 2015.
7. Faiola, A., and S. Mekhennet, ‘‘Paris
Attacks Were Carried Out by Three
Groups Tied to Islamic State, Official
Says.’’ The Washington Post (https://
www.washingtonpost.com/world/stringof-paris-terrorist-attacks-leaves-over-120dead/2015/11/14/066df55c-8a73-11e5bd91-d385b244482f_story.html),
November 15, 2015. Accessed December
15, 2015.
8. ‘‘Toxins Tie Suspect to Poisonings.’’ The
Japan Times (https://www.japantimes.co.
jp/news/2014/01/26/national/crimelegal/toxins-tie-suspect-to-poisonings/#.
VvBCLnn2ZD9) January 26, 2014.
Accessed December 14, 2015.
9. ‘‘Toshiki Abe Arrested for Poisoning
Frozen Food in Japan.’’ news.com.au
(https://www.news.com.au/world/toshikiabe-arrested-for-poisoning-frozen-injapan/story-fndir2ev-1226810502913)
January 25, 2014. Accessed December 15,
2015.
10. Global Food Safety Initiative. ‘‘GFSI
Guidance Document Version 6.3.’’
(https://www.mygfsi.com/images/mygfsi/
PO 00000
Frm 00054
Fmt 4701
Sfmt 4700
gfsifiles/information-kit/GFSI_Guidance_
Document.pdf), 2012.
11. Safe Quality Food Institute. ‘‘SQF Code:
A HACCP-Based Supplier Assurance
Code for the Food Industry, Edition 7.1’’
April 2013.
12. International Featured Standards. ‘‘IFS
Food: Standard for Auditing Quality and
Food Safety of Food Products, Version
6.’’ (https://www.ifscertification.com/
images/ifs_standards/ifs6/IFS_Food_V6_
en.pdf) January 2012. Accessed
November 10, 2015.
13. Hamilton, P.J., ‘‘Center for Food Safety,
et al. v. Margaret A. Hamburg, M.D.
Order Granting Injunctive Relief.’’
United States District Court Northern
District of California. https://www.center
forfoodsafety.org/files/fsma-remedyorder_52466.pdf, June 21, 2013.
14. FDA. ‘‘Mitigation Strategies to Protect
Food Against Intentional Adulteration:
Regulatory Impact Analysis, Regulatory
Flexibility Analysis, and Unfunded
Mandates Reform Act Analysis,’’ 2016.
15. FDA Memorandum. ‘‘Memo Detailing an
Evaluation of the Potential For WideScale Public Health Harm Resulting
From Intentional Adulteration Of
Mineral oil When Used as a Dust Control
Agent During Storage and Handling Raw
Grain,’’ November 16, 2015.
16. FDA. ‘‘CPG Sec. 555.300 Foods, Except
Dairy Products—Adulteration With
Salmonella,’’ March 1995.
17. FDA. ‘‘Tribal Summary Impact
Statement,’’ 2016.
18. FDA. ‘‘Memorandum to the File:
Environmental Analysis Related to the
Final Rule on Mitigation Strategies to
Protect Food Against Intentional
Adulteration.’’ February 2016.
List of Subjects
21 CFR Part 11
Administrative practice and
procedure, Computer technology,
Reporting and recordkeeping
requirements.
21 CFR Part 121
Food packaging, Foods.
Therefore, under the Federal Food,
Drug, and Cosmetic Act and under
authority delegated to the Commissioner
of Food and Drugs, 21 CFR Chapter 1 is
amended as follows:
PART 11—ELECTRONIC RECORDS;
ELECTRONIC SIGNATURES
1. The authority citation for part 11
continues to read as follows:
■
Authority: 21 U.S.C. 321–393; 42 U.S.C.
262.
2. In § 11.1, add paragraph (o) to read
as follows:
■
§ 11.1
Scope.
*
*
*
*
*
(o) This part does not apply to records
required to be established or maintained
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
by part 121 of this chapter. Records that
satisfy the requirements of part 121 of
this chapter, but that also are required
under other applicable statutory
provisions or regulations, remain
subject to this part.
■ 3. Add part 121 to read as follows:
PART 121—MITIGATION STRATEGIES
TO PROTECT FOOD AGAINST
INTENTIONAL ADULTERATION
Sec.
Subpart A—General Provisions
121.1 Applicability.
121.3 Definitions.
121.4 Qualifications of individuals who
perform activities under subpart C of this
part.
121.5 Exemptions.
Subpart B—Reserved
Subpart C—Food Defense Measures
121.126 Food defense plan.
121.130 Vulnerability assessment to
identify significant vulnerabilities and
actionable process steps.
121.135 Mitigation strategies for actionable
process steps.
121.138 Mitigation strategies management
components.
121.140 Food defense monitoring.
121.145 Food defense corrective actions.
121.150 Food defense verification.
121.157 Reanalysis.
Subpart D—Requirements Applying to
Records That Must Be Established and
Maintained
121.301 Records subject to the requirements
of this subpart.
121.305 General requirements applying to
records.
121.310 Additional requirements applying
to the food defense plan.
121.315 Requirements for record retention.
121.320 Requirements for official review.
121.325 Public disclosure.
121.330 Use of existing records.
Subpart E—Compliance
121.401 Compliance.
Authority: 21 U.S.C. 331, 342, 350g,
350(i), 371, 374.
Subpart A—General Provisions
mstockstill on DSK3G9T082PROD with RULES4
§ 121.1
Applicability.
This part applies to the owner,
operator or agent in charge of a domestic
or foreign food facility that
manufactures/processes, packs, or holds
food for consumption in the United
States and is required to register under
section 415 of the Federal Food, Drug,
and Cosmetic Act, unless one of the
exemptions in § 121.5 applies.
§ 121.3
Definitions.
The definitions and interpretations of
terms in section 201 of the Federal
Food, Drug, and Cosmetic Act are
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
applicable to such terms when used in
this part. The following definitions also
apply:
Actionable process step means a
point, step, or procedure in a food
process where a significant vulnerability
exists and at which mitigation strategies
can be applied and are essential to
significantly minimize or prevent the
significant vulnerability.
Adequate means that which is needed
to accomplish the intended purpose in
keeping with good public health
practices.
Affiliate means any facility that
controls, is controlled by, or is under
common control with another facility.
Calendar day means every day as
shown on the calendar.
Contaminant means, for purposes of
this part, any biological, chemical,
physical, or radiological agent that may
be added to food to intentionally cause
illness, injury, or death.
Facility means a domestic facility or
a foreign facility that is required to
register under section 415 of the Federal
Food, Drug, and Cosmetic Act, in
accordance with the requirements of
part 1, subpart H of this chapter.
Farm means farm as defined in
§ 1.227 of this chapter.
FDA means the Food and Drug
Administration.
Food means food as defined in section
201(f) of the Federal Food, Drug, and
Cosmetic Act and includes raw
materials and ingredients.
Food defense means, for purposes of
this part, the effort to protect food from
intentional acts of adulteration where
there is an intent to cause wide scale
public health harm.
Food defense monitoring means to
conduct a planned sequence of
observations or measurements to assess
whether mitigation strategies are
operating as intended.
Food defense verification means the
application of methods, procedures, and
other evaluations, in addition to food
defense monitoring, to determine
whether a mitigation strategy or
combination of mitigation strategies is
or has been operating as intended
according to the food defense plan.
Full-time equivalent employee is a
term used to represent the number of
employees of a business entity for the
purpose of determining whether the
business qualifies as a small business.
The number of full-time equivalent
employees is determined by dividing
the total number of hours of salary or
wages paid directly to employees of the
business entity and of all of its affiliates
and subsidiaries by the number of hours
of work in 1 year, 2,080 hours (i.e., 40
hours × 52 weeks). If the result is not a
PO 00000
Frm 00055
Fmt 4701
Sfmt 4700
34219
whole number, round down to the next
lowest whole number.
Holding means storage of food and
also includes activities performed
incidental to storage of food (e.g.,
activities performed for the safe or
effective storage of that food, such as
fumigating food during storage, and
drying/dehydrating raw agricultural
commodities when the drying/
dehydrating does not create a distinct
commodity (such as drying/dehydrating
hay or alfalfa)). Holding also includes
activities performed as a practical
necessity for the distribution of that
food (such as blending of the same raw
agricultural commodity and breaking
down pallets), but does not include
activities that transform a raw
agricultural commodity into a processed
food as defined in section 201(gg) of the
Federal Food, Drug, and Cosmetic Act.
Holding facilities could include
warehouses, cold storage facilities,
storage silos, grain elevators, and liquid
storage tanks.
Manufacturing/processing means
making food from one or more
ingredients, or synthesizing, preparing,
treating, modifying or manipulating
food, including food crops or
ingredients. Examples of
manufacturing/processing activities
include: Baking, boiling, bottling,
canning, cooking, cooling, cutting,
distilling, drying/dehydrating raw
agricultural commodities to create a
distinct commodity (such as drying/
dehydrating grapes to produce raisins),
evaporating, eviscerating, extracting
juice, formulating, freezing, grinding,
homogenizing, irradiating, labeling,
milling, mixing, packaging (including
modified atmosphere packaging),
pasteurizing, peeling, rendering, treating
to manipulate ripening, trimming,
washing, or waxing. For farms and farm
mixed-type facilities, manufacturing/
processing does not include activities
that are part of harvesting, packing, or
holding.
Mitigation strategies mean those riskbased, reasonably appropriate measures
that a person knowledgeable about food
defense would employ to significantly
minimize or prevent significant
vulnerabilities identified at actionable
process steps, and that are consistent
with the current scientific
understanding of food defense at the
time of the analysis.
Mixed-type facility means an
establishment that engages in both
activities that are exempt from
registration under section 415 of the
Federal Food, Drug, and Cosmetic Act
and activities that require the
establishment to be registered. An
example of such a facility is a ‘‘farm
E:\FR\FM\27MYR4.SGM
27MYR4
mstockstill on DSK3G9T082PROD with RULES4
34220
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
mixed-type facility,’’ which is an
establishment that is a farm, but also
conducts activities outside the farm
definition that require the establishment
to be registered.
Packing means placing food into a
container other than packaging the food
and also includes re-packing and
activities performed incidental to
packing or re-packing a food (e.g.,
activities performed for the safe or
effective packing or re-packing of that
food (such as sorting, culling, grading,
and weighing or conveying incidental to
packing or re-packing)), but does not
include activities that transform a raw
agricultural commodity into a processed
food as defined in section 201(gg) of the
Federal Food, Drug, and Cosmetic Act.
Qualified individual means a person
who has the education, training, or
experience (or a combination thereof)
necessary to perform an activity
required under subpart C of this part, as
appropriate to the individual’s assigned
duties. A qualified individual may be,
but is not required to be, an employee
of the establishment.
Significant vulnerability means a
vulnerability that, if exploited, could
reasonably be expected to cause wide
scale public health harm. A significant
vulnerability is identified by a
vulnerability assessment conducted by a
qualified individual, that includes
consideration of the following: (1)
Potential public health impact (e.g.,
severity and scale) if a contaminant
were added, (2) degree of physical
access to the product, and (3) ability of
an attacker to successfully contaminate
the product. The assessment must
consider the possibility of an inside
attacker.
Significantly minimize means to
reduce to an acceptable level, including
to eliminate.
Small business means, for purposes of
this part, a business (including any
subsidiaries and affiliates) employing
fewer than 500 full-time equivalent
employees.
Subsidiary means any company
which is owned or controlled directly or
indirectly by another company.
Very small business means, for
purposes of this part, a business
(including any subsidiaries and
affiliates) averaging less than
$10,000,000, adjusted for inflation, per
year, during the 3-year period preceding
the applicable calendar year in sales of
human food plus the market value of
human food manufactured, processed,
packed, or held without sale (e.g., held
for a fee).
Vulnerability means the susceptibility
of a point, step, or procedure in a
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
facility’s food process to intentional
adulteration.
You means, for purposes of this part,
the owner, operator, or agent in charge
of a facility.
§ 121.4 Qualifications of individuals who
perform activities under subpart C of this
part.
(a) Applicability. You must ensure
that each individual who performs
activities required under subpart C of
this part is a qualified individual as that
term is defined in § 121.3.
(b) Qualifications of individuals
assigned to an actionable process step.
Each individual assigned to an
actionable process step (including
temporary and seasonal personnel) or in
the supervision thereof must:
(1) Be a qualified individual as that
term is defined in § 121.3—i.e., have the
appropriate education, training, or
experience (or a combination thereof)
necessary to properly implement the
mitigation strategy or combination of
mitigation strategies at the actionable
process step; and
(2) Receive training in food defense
awareness.
(c) Qualifications of individuals for
certain activities described in paragraph
(c)(3) of this section. Each individual
assigned to certain activities described
in paragraph (c)(3) of this section must:
(1) Be a qualified individual as that
term is defined in § 121.3—i.e., have the
appropriate education, training, or
experience (or a combination thereof)
necessary to properly perform the
activities; and
(2) Have successfully completed
training for the specific function at least
equivalent to that received under a
standardized curriculum recognized as
adequate by FDA or be otherwise
qualified through job experience to
conduct the activities. Job experience
may qualify an individual to perform
these functions if such experience has
provided an individual with knowledge
at least equivalent to that provided
through the standardized curriculum.
This individual may be, but is not
required to be, an employee of the
facility.
(3) One or more qualified individuals
must do or oversee:
(i) The preparation of the food defense
plan as required in § 121.126;
(ii) The conduct of a vulnerability
assessment as required in § 121.130;
(iii) The identification and
explanation of the mitigation strategies
as required in § 121.135; and
(iv) Reanalysis as required in
§ 121.157.
(d) Additional qualifications of
supervisory personnel. Responsibility
PO 00000
Frm 00056
Fmt 4701
Sfmt 4700
for ensuring compliance by individuals
with the requirements of this part must
be clearly assigned to supervisory
personnel with a combination of
education, training, and experience
necessary to supervise the activities
under this subpart.
(e) Records. Training required by
paragraphs (b)(2) and (c)(2) of this
section must be documented in records,
and must:
(1) Include the date of training, the
type of training, and the persons
trained; and
(2) Be established and maintained in
accordance with the requirements of
subpart D of this part.
§ 121.5
Exemptions.
(a) This part does not apply to a very
small business, except that a very small
business must, upon request, provide
for official review documentation
sufficient to show that the facility meets
this exemption. Such documentation
must be retained for 2 years.
(b) This part does not apply to the
holding of food, except the holding of
food in liquid storage tanks.
(c) This part does not apply to the
packing, re-packing, labeling, or relabeling of food where the container that
directly contacts the food remains
intact.
(d) This part does not apply to
activities of a farm that are subject to
section 419 of the Federal Food, Drug,
and Cosmetic Act (Standards for
Produce Safety).
(e)(1) This part does not apply with
respect to alcoholic beverages at a
facility that meets the following two
conditions:
(i) Under the Federal Alcohol
Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the
Internal Revenue Code of 1986 (26
U.S.C. 5001 et seq.) the facility is
required to obtain a permit from,
register with, or obtain approval of a
notice or application from the Secretary
of the Treasury as a condition of doing
business in the United States, or is a
foreign facility of a type that would
require such a permit, registration, or
approval if it were a domestic facility;
and
(ii) Under section 415 of the Federal
Food, Drug, and Cosmetic Act the
facility is required to register as a
facility because it is engaged in
manufacturing, processing, packing, or
holding one or more alcoholic
beverages.
(2) This part does not apply with
respect to food that is not an alcoholic
beverage at a facility described in
paragraph (e)(1) of this section,
provided such food:
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
(i) Is in prepackaged form that
prevents any direct human contact with
such food; and
(ii) Constitutes not more than 5
percent of the overall sales of the
facility, as determined by the Secretary
of the Treasury.
(f) This part does not apply to the
manufacturing, processing, packing, or
holding of food for animals other than
man.
(g) This part does not apply to onfarm manufacturing, processing,
packing, or holding of the following
foods on a farm mixed-type facility,
when conducted by a small or very
small business if such activities are the
only activities conducted by the
business subject to section 418 of the
Federal Food, Drug, and Cosmetic Act.
(1) Eggs (in-shell, other than raw
agricultural commodities, e.g.,
pasteurized); and
(2) Game meats (whole or cut, not
ground or shredded, without secondary
ingredients).
processed, packed, or held at your
facility using appropriate methods to
evaluate each point, step, or procedure
in your food operation to identify
significant vulnerabilities and
actionable process steps. Appropriate
methods must include, at a minimum,
an evaluation of:
(1) The potential public health impact
(e.g., severity and scale) if a
contaminant were added;
(2) The degree of physical access to
the product; and
(3) The ability of an attacker to
successfully contaminate the product.
(b) Inside attacker. The assessment
must consider the possibility of an
inside attacker.
(c) Written vulnerability assessment.
Regardless of the outcome, the
vulnerability assessment must be
written and must include an
explanation as to why each point, step,
or procedure either was or was not
identified as an actionable process step.
Subpart B—Reserved
§ 121.135 Mitigation strategies for
actionable process steps.
Subpart C—Food Defense Measures
§ 121.126
Food defense plan.
mstockstill on DSK3G9T082PROD with RULES4
(a) Requirement for a food defense
plan. You must prepare, or have
prepared, and implement a written food
defense plan.
(b) Contents of a food defense plan.
The written food defense plan must
include:
(1) The written vulnerability
assessment, including required
explanations, to identify significant
vulnerabilities and actionable process
steps as required by § 121.130(c);
(2) The written mitigation strategies,
including required explanations, as
required by § 121.135(b);
(3) The written procedures for the
food defense monitoring of the
implementation of the mitigation
strategies as required by § 121.140(a);
(4) The written procedures for food
defense corrective actions as required by
§ 121.145(a)(1); and
(5) The written procedures for food
defense verification as required by
§ 121.150(b).
(c) Records. The food defense plan
required by this section is a record that
is subject to the requirements of subpart
D of this part.
§ 121.130 Vulnerability assessment to
identify significant vulnerabilities and
actionable process steps.
(a) Requirement for a vulnerability
assessment. You must conduct or have
conducted a vulnerability assessment
for each type of food manufactured,
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
(a) You must identify and implement
mitigation strategies at each actionable
process step to provide assurances that
the significant vulnerability at each step
will be significantly minimized or
prevented and the food manufactured,
processed, packed, or held by your
facility will not be adulterated under
section 402 of the Federal Food, Drug,
and Cosmetic Act. For each mitigation
strategy implemented at each actionable
process step, you must include a written
explanation of how the mitigation
strategy sufficiently minimizes or
prevents the significant vulnerability
associated with the actionable process
step.
(b) Mitigation strategies and
accompanying explanations must be
written.
§ 121.138 Mitigation strategies
management components.
Mitigation strategies required
under§ 121.135 are subject to the
following mitigation strategies
management components as appropriate
to ensure the proper implementation of
the mitigation strategies, taking into
account the nature of each such
mitigation strategy and its role in the
facility’s food defense system:
(a) Food defense monitoring in
accordance with § 121.140;
(b) Food defense corrective actions in
accordance with § 121.145; and
(c) Food defense verification in
accordance with § 121.150.
PO 00000
Frm 00057
Fmt 4701
Sfmt 4700
§ 121.140
34221
Food defense monitoring.
As appropriate to the nature of the
mitigation strategy and its role in the
facility’s food defense system:
(a) Written procedures. You must
establish and implement written
procedures, including the frequency
with which they are to be performed, for
food defense monitoring of the
mitigation strategies.
(b) Food defense monitoring. You
must monitor the mitigation strategies
with adequate frequency to provide
assurances that they are consistently
performed.
(c) Records—(1) Requirement to
document food defense monitoring. You
must document the monitoring of
mitigation strategies in accordance with
this section in records that are subject
to verification in accordance with
§ 121.150(a)(1) and records review in
accordance with § 121.150(a)(3)(i).
(2) Exception records. Records may be
affirmative records demonstrating the
mitigation strategy is functioning as
intended. Exception records
demonstrating the mitigation strategy is
not functioning as intended may be
adequate in some circumstances.
§ 121.145
Food defense corrective actions.
(a) Food defense corrective action
procedures. As appropriate to the nature
of the actionable process step and the
nature of the mitigation strategy:
(1) You must establish and implement
written food defense corrective action
procedures that must be taken if
mitigation strategies are not properly
implemented.
(2) The food defense corrective action
procedures must describe the steps to be
taken to ensure that:
(i) Appropriate action is taken to
identify and correct a problem that has
occurred with implementation of a
mitigation strategy; and
(ii) Appropriate action is taken, when
necessary, to reduce the likelihood that
the problem will recur.
(b) Records. All food defense
corrective actions taken in accordance
with this section must be documented
in records that are subject to food
defense verification in accordance with
§ 121.150(a)(2) and records review in
accordance with § 121.150(a)(3)(i).
§ 121.150
Food defense verification.
(a) Food defense verification
activities. Food defense verification
activities must include, as appropriate
to the nature of the mitigation strategy
and its role in the facility’s food defense
system:
(1) Verification that food defense
monitoring is being conducted as
required by § 121.138 (and in
accordance with § 121.140);
E:\FR\FM\27MYR4.SGM
27MYR4
34222
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
(2) Verification that appropriate
decisions about food defense corrective
actions are being made as required by
§ 121.138 (and in accordance with
§ 121.145);
(3) Verification that mitigation
strategies are properly implemented and
are significantly minimizing or
preventing the significant
vulnerabilities. To do so, you must
conduct activities that include the
following, as appropriate to the facility,
the food, and the nature of the
mitigation strategy and its role in the
facility’s food defense system:
(i) Review of the food defense
monitoring and food defense corrective
actions records within appropriate
timeframes to ensure that the records
are complete, the activities reflected in
the records occurred in accordance with
the food defense plan, the mitigation
strategies are properly implemented,
and appropriate decisions were made
about food defense corrective actions;
and
(ii) Other activities appropriate for
verification of proper implementation of
mitigation strategies; and
(4) Verification of reanalysis in
accordance with § 121.157.
(b) Written procedures. You must
establish and implement written
procedures, including the frequency for
which they are to be performed, for
verification activities conducted
according to § 121.150(a)(3)(ii).
(c) Documentation. All verification
activities conducted in accordance with
this section must be documented in
records.
mstockstill on DSK3G9T082PROD with RULES4
§ 121.157
Reanalysis.
(a) You must conduct a reanalysis of
the food defense plan, as a whole at
least once every 3 years;
(b) You must conduct a reanalysis of
the food defense plan as a whole, or the
applicable portion of the food defense
plan:
(1) Whenever a significant change
made in the activities conducted at your
facility creates a reasonable potential for
a new vulnerability or a significant
increase in a previously identified
vulnerability;
(2) Whenever you become aware of
new information about potential
vulnerabilities associated with the food
operation or facility;
(3) Whenever you find that a
mitigation strategy, a combination of
mitigation strategies, or the food defense
plan as a whole is not properly
implemented; and
(4) Whenever FDA requires reanalysis
to respond to new vulnerabilities,
credible threats to the food supply, and
developments in scientific
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
understanding including, as
appropriate, results from the
Department of Homeland Security
biological, chemical, radiological, or
other terrorism risk assessment.
(c) You must complete such
reanalysis required by paragraphs (a)
and (b) of this section and implement
any additional mitigation strategies
needed to address the significant
vulnerabilities identified, if any:
(1) Before any change in activities
(including any change in mitigation
strategy) at the facility is operative;
(2) When necessary within 90calendar days after production; and
(3) Within a reasonable timeframe,
providing a written justification is
prepared for a timeframe that exceeds
90 days after production of the
applicable food first begins.
(d) You must revise the written food
defense plan if a significant change in
the activities conducted at your facility
creates a reasonable potential for a new
vulnerability or a significant increase in
a previously identified vulnerability or
document the basis for the conclusion
that no revisions are needed.
Subpart D—Requirements Applying to
Records That Must Be Established and
Maintained
§ 121.301 Records subject to the
requirements of this subpart.
(a) Except as provided by paragraph
(b) of this section, all records required
by subpart C of this part are subject to
all requirements of this subpart.
(b) The requirements of § 121.310
apply only to the written food defense
plan.
§ 121.305 General requirements applying
to records.
Records must:
(a) Be kept as original records, true
copies (such as photocopies, pictures,
scanned copies, microfilm, microfiche,
or other accurate reproductions of the
original records), or electronic records;
(b) Contain the actual values and
observations obtained during food
defense monitoring;
(c) Be accurate, indelible, and legible;
(d) Be created concurrently with
performance of the activity documented;
(e) Be as detailed as necessary to
provide history of work performed; and
(f) Include:
(1) Information adequate to identify
the facility (e.g., the name, and when
necessary, the location of the facility);
(2) The date and, when appropriate,
the time of the activity documented;
(3) The signature or initials of the
person performing the activity; and
(4) Where appropriate, the identity of
the product and the lot code, if any.
PO 00000
Frm 00058
Fmt 4701
Sfmt 4700
(g) Records that are established or
maintained to satisfy the requirements
of this part and that meet the definition
of electronic records in § 11.3(b)(6) of
this chapter are exempt from the
requirements of part 11 of this chapter.
Records that satisfy the requirements of
this part, but that also are required
under other applicable statutory
provisions or regulations, remain
subject to part 11 of this chapter.
§ 121.310 Additional requirements
applying to the food defense plan.
The owner, operator, or agent in
charge of the facility must sign and date
the food defense plan:
(a) Upon initial completion; and
(b) Upon any modification.
§ 121.315 Requirements for record
retention.
(a)(1) All records required by this part
must be retained at the facility for at
least 2 years after the date they were
prepared.
(2) Records that a facility relies on
during the 3-year period preceding the
applicable calendar year to support its
status as exempt as a very small
business must be retained at the facility
as long as necessary to support the
status of a facility as a very small
business during the applicable calendar
year.
(b) The food defense plan must be
retained for at least 2 years after its use
is discontinued.
(c) Except for the food defense plan,
offsite storage of records is permitted if
such records can be retrieved and
provided onsite within 24 hours of
request for official review. The food
defense plan must remain onsite.
Electronic records are considered to be
onsite if they are accessible from an
onsite location.
(d) If the facility is closed for a
prolonged period, the food defense plan
may be transferred to some other
reasonably accessible location but must
be returned to the facility within 24
hours for official review upon request.
§ 121.320
Requirements for official review.
All records required by this part must
be made promptly available to a duly
authorized representative of the
Secretary of Health and Human Services
for official review and copying upon
oral or written request.
§ 121.325
Public disclosure.
Records required by this part will be
protected from public disclosure to the
extent allowable under part 20 of this
chapter.
E:\FR\FM\27MYR4.SGM
27MYR4
Federal Register / Vol. 81, No. 103 / Friday, May 27, 2016 / Rules and Regulations
§ 121.330
Use of existing records.
mstockstill on DSK3G9T082PROD with RULES4
(a) Existing records (e.g., records that
are kept to comply with other Federal,
State, or local regulations, or for any
other reason) do not need to be
duplicated if they contain all of the
required information and satisfy the
requirements of this subpart. Existing
records may be supplemented as
necessary to include all of the required
information and satisfy the
requirements of this subpart.
(b) The information required by this
part does not need to be kept in one set
of records. If existing records contain
VerDate Sep<11>2014
19:43 May 26, 2016
Jkt 238001
some of the required information, any
new information required by this part
may be kept either separately or
combined with the existing records.
Subpart E—Compliance
§ 121.401
Compliance.
(a) The operation of a facility that
manufactures, processes, packs, or holds
food for sale in the United States if the
owner, operator, or agent in charge of
such facility is required to comply with,
and is not in compliance with, section
418 of the Federal Food, Drug, and
Cosmetic Act or subparts C or D of this
PO 00000
Frm 00059
Fmt 4701
Sfmt 9990
34223
part is a prohibited act under section
301(uu) of the Federal Food, Drug, and
Cosmetic Act.
(b) The failure to comply with section
420 of the Federal Food, Drug, and
Cosmetic Act or subparts C or D of this
part is a prohibited act under section
301(ww) of the Federal Food, Drug, and
Cosmetic Act.
Dated: May 20, 2016.
Leslie Kux,
Associate Commissioner for Policy.
[FR Doc. 2016–12373 Filed 5–26–16; 8:45 am]
BILLING CODE 4164–01–P
E:\FR\FM\27MYR4.SGM
27MYR4
Agencies
[Federal Register Volume 81, Number 103 (Friday, May 27, 2016)]
[Rules and Regulations]
[Pages 34165-34223]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-12373]
[[Page 34165]]
Vol. 81
Friday,
No. 103
May 27, 2016
Part IV
Department of Health and Human Services
-----------------------------------------------------------------------
Food and Drug Administration
-----------------------------------------------------------------------
21 CFR Parts 11 and 121
Mitigation Strategies To Protect Food Against Intentional Adulteration;
Final Rule
Federal Register / Vol. 81 , No. 103 / Friday, May 27, 2016 / Rules
and Regulations
[[Page 34166]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 11 and 121
[Docket No. FDA-2013-N-1425]
RIN 0910-AG63
Mitigation Strategies To Protect Food Against Intentional
Adulteration
AGENCY: Food and Drug Administration, HHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Food and Drug Administration (FDA or we) is issuing this
final rule to require domestic and foreign food facilities that are
required to register under the Federal Food, Drug, and Cosmetic Act
(the FD&C Act) to address hazards that may be introduced with the
intention to cause wide scale public health harm. These food facilities
are required to conduct a vulnerability assessment to identify
significant vulnerabilities and actionable process steps and implement
mitigation strategies to significantly minimize or prevent significant
vulnerabilities identified at actionable process steps in a food
operation. FDA is issuing these requirements as part of our
implementation of the FDA Food Safety Modernization Act (FSMA).
DATES: This rule is effective July 26, 2016. See section VIII for
compliance dates.
FOR FURTHER INFORMATION CONTACT: Ryan Newkirk, Center for Food Safety
and Applied Nutrition (HFS-005), Food and Drug Administration, 5100
Paint Branch Pkwy., College Park, MD 20740, 240-402-3712, email:
Ryan.Newkirk@fda.hhs.gov.
SUPPLEMENTARY INFORMATION:
Table of Contents
Executive Summary
Purpose and Coverage of the Rule
Summary of the Major Provisions of the Rule
Costs and Benefits
I. Background
A. FDA Food Safety Modernization Act
B. Proposed Rule on Intentional Adulteration
C. Appendix 4 to Draft Risk Assessment
D. Public Comments
II. Legal Authority
A. Section 103 of FSMA
B. Section 106 of FSMA
C. Intrastate Activities
III. General Comments on the Proposed Rule
A. Comments on Overall Framework for the Regulatory Approach
B. One Set of Requirements Under Sections 418 and 420 of the
FD&C Act
C. Require Measures Only in the Event of a Credible Threat
D. General Comments on Implementation and Compliance
E. Comments on Requests for Additional Exemptions
F. Other General Comments
G. Other Issues Discussed in the Proposed Rule
IV. Subpart A: Comments on Specific Provisions
A. Revisions to Definitions Also Used in Section 415
Registration Regulations (21 CFR Part 1, Subpart H) and Section 414
Recordkeeping Regulations (21 CFR Part 1, Subpart J)
B. Other Definitions That We Proposed To Establish in Part 121
C. Additional Definitions to Clarify Terms Not Defined in the
Proposed Rule
D. Comments Asking FDA to Establish Additional Definitions or
Otherwise Clarify Terms Not Defined in the Rule
E. Proposed Sec. 121.5--Exemptions
V. Subpart C: Comments on Food Defense Measures
A. Proposed Sec. 121.126--Requirement for a Food Defense Plan
B. Proposed Sec. 121.130--Identification of Actionable Process
Steps
C. Proposed Sec. 121.135--Focused Mitigation Strategies for
Actionable Process Steps
D. Final Sec. 121.138--Mitigation Strategies Management
Components
E. Proposed Sec. 121.140--Monitoring
F. Proposed Sec. 121.145--Corrective Actions
G. Proposed Sec. 121.150--Verification
H. Proposed Sec. 121.160--Training (Final Sec. 121.4)
VI. Subpart D: Comments on Requirements Applying to Records That
Must Be Established and Maintained
A. Proposed Sec. 121.301--Records Subject to the Requirements
of This Subpart D
B. Proposed Sec. 121.305--General Requirements Applying to
Records
C. Proposed Sec. 121.310--Additional Requirements Applying to
the Food Defense Plan
D. Proposed Sec. 121.315--Requirements for Record Retention
E. Proposed Sec. 121.320--Requirements for Official Review
F. Proposed Sec. 121.325--Public Disclosure
G. Proposed Sec. 121.330--Use of Existing Records
VII. Subpart E: Comments on Compliance--Proposed Sec. 121.401
VIII. Effective and Compliance Dates
IX. Executive Order 13175
X. Final Regulatory Impact Analysis
XI. Paperwork Reduction Act of 1995
XII. Analysis of Environmental Impact
XIII. Federalism
XIV. References
Executive Summary
Purpose and Coverage of the Rule
This regulation implements three provisions of the FD&C Act, as
amended by FSMA, that relate to the intentional adulteration of food.
Section 418 of the FD&C Act (21 U.S.C. 350g) addresses intentional
adulteration in the context of facilities that manufacture, process,
pack, or hold food and are required to register under section 415 of
the FD&C Act (21 U.S.C. 350d). Section 419 of the FD&C Act (21 U.S.C.
350h) addresses intentional adulteration in the context of fruits and
vegetables that are raw agricultural commodities. Section 420 of the
FD&C Act (21 U.S.C. 350i) addresses intentional adulteration in the
context of high-risk foods and exempts farms except for farms that
produce milk. FDA is implementing the intentional adulteration
provisions in sections 418, 419, and 420 of the FD&C Act in this
rulemaking.
The purpose of this rule is to protect food from intentional acts
of adulteration where there is an intent to cause wide scale public
health harm. This rule applies to both domestic and foreign facilities
that are required to register under section 415 of the FD&C Act. This
rule establishes several exemptions as follows:
The rule does not apply to a very small business (i.e., a
business, including any subsidiaries or affiliates, averaging less than
$10,000,000, adjusted for inflation, per year, during the 3-year period
preceding the applicable calendar year in both sales of human food plus
the market value of human food manufactured, processed, packed, or held
without sale, e.g., held for a fee), except that the facility is
required to provide for official review, upon request, documentation
sufficient to show that the facility qualifies for this exemption.
This rule does not apply to the holding of food, except
the holding of food in liquid storage tanks.
This rule does not apply to the packing, re-packing,
labeling, or re-labeling of food where the container that directly
contacts the food remains intact.
This rule does not apply to activities of a farm that are
subject to section 419 of the Federal Food, Drug, and Cosmetic Act
(Standards for Produce Safety).
This rule does not apply with respect to alcoholic
beverages at a facility that meets certain conditions.
This rule does not apply to the manufacturing, processing,
packing, or holding of food for animals other than man.
This rule does not apply to on-farm manufacturing,
processing, packing, or holding by a small or very small business of
certain foods identified as having low-risk production practices if
such activities are the only activities conducted by the business
subject to section 418 of the FD&C Act.
[[Page 34167]]
Summary of the Major Provisions of the Final Rule
This rule establishes various food defense measures that an owner,
operator, or agent in charge of a facility is required to implement to
protect against the intentional adulteration of food. Specifically:
Prepare and implement a written food defense plan that
includes a vulnerability assessment to identify significant
vulnerabilities and actionable process steps, mitigation strategies,
and procedures for food defense monitoring, corrective actions, and
verification (Sec. 121.126).
Identify any significant vulnerabilities and actionable
process steps by conducting a vulnerability assessment for each type of
food manufactured, processed, packed, or held at the facility using
appropriate methods to evaluate each point, step, or procedure in a
food operation (Sec. 121.130).
Identify and implement mitigation strategies at each
actionable process step to provide assurances that the significant
vulnerability at each step will be significantly minimized or prevented
and the food manufactured, processed, packed, or held by the facility
will not be adulterated. For each mitigation strategy implemented at
each actionable process step, include a written explanation of how the
mitigation strategy sufficiently minimizes or prevents the significant
vulnerability associated with the actionable process step (Sec.
121.135).
Establish and implement mitigation strategies management
components, as appropriate to ensure the proper implementation of each
such mitigation strategy, taking into account the nature of the
mitigation strategy and its role in the facility's food defense system
(Sec. 121.138).
Establish and implement food defense monitoring
procedures, for monitoring the mitigation strategies, as appropriate to
the nature of the mitigation strategy and its role in the facility's
food defense system (Sec. 121.140).
Establish and implement food defense corrective action
procedures that must be taken if mitigation strategies are not properly
implemented, as appropriate to the nature of the actionable process
step and the nature of the mitigation strategy (Sec. 121.145).
Establish and implement specified food defense
verification activities, as appropriate to the nature of the mitigation
strategy and its role in the facility's food defense system (Sec.
121.150).
Conduct a reanalysis of the food defense plan (Sec.
121.157).
Ensure that all individuals who perform required food
defense activities are qualified to perform their assigned duties
(Sec. 121.4).
Establish and maintain certain records, including the
written food defense plan (vulnerability assessment, mitigation
strategies and procedures for food defense monitoring, corrective
actions, and verification) and documentation related to training of
personnel. All records are subject to certain general recordkeeping and
record retention requirements (Sec. Sec. 121.301 to 121.330).
The effective date is 60 days after this final rule is
published. However, we are providing for a longer timeline for
facilities to come into compliance. Facilities, other than small and
very small businesses, have 3 years after the effective date to comply
with part 121. Small businesses (i.e., those employing fewer than 500
full-time equivalent employees) have 4 years after the effective date
to comply with part 121. Very small businesses (i.e., businesses that
have less than $10,000,000, adjusted for inflation, per year, during
the 3-year period preceding the applicable calendar year in both sales
of human food plus the market value of human food manufactured,
processed, packed, or held without sale, e.g., held for a fee) have 5
years after the effective date to comply with Sec. 121.5(a).
As discussed in detail in later sections of the rule, we made
several major revisions to the provisions of this rule, mainly in
response to comments, to provide for greater flexibility and clarity.
These major revisions to the regulatory text include the following:
We removed the key activity types (KATs); however, the use
of the KATs is still permissible to conduct a vulnerability assessment
and will be further discussed in guidance.
We specified three elements that must be evaluated when
conducting a vulnerability assessment: (1) The potential public health
impact (e.g., severity and scale) if a contaminant were added; (2) the
degree of physical access to the product; and (3) the ability of an
attacker to successfully contaminate the product.
We specified that the vulnerability assessment must
consider the possibility of an inside attacker.
We removed the distinction between ``broad'' and
``focused'' mitigation strategies.
We made the mitigation strategy management components
(food defense monitoring, corrective actions, and verification) more
flexible by providing that they are required ``as appropriate to ensure
the proper implementation of the mitigation strategies, taking into
account the nature of each such mitigation strategy and its role in the
facility's food defense system.''
We revised the terminology used for the food defense
management components such that monitoring, corrective actions, and
verification are now food defense monitoring, food defense corrective
actions, and food defense verification.
We made the requirement to document food defense
monitoring more flexible by providing for use of exception records.
We made the food defense corrective actions requirement
more flexible by providing that it is required ``as appropriate to the
nature of the actionable process step and the nature of the mitigation
strategy.''
We made the requirement for verifying proper
implementation of mitigation strategies more flexible by providing for
``other activities appropriate for verification of proper
implementation of mitigation strategies.''
We exempted records required by this rule from the
requirements of 21 Code of Federal Regulations, part 11.
We provided for the use of existing records if certain
conditions are met.
We removed the term ``qualified facility'' and instead
refer to ``very small business'' in the exemption under 121.5(a).
We established an exemption for certain on-farm
manufacturing, processing, packing, or holding by small and very small
businesses of certain foods identified as having low-risk production
processes.
We added a new definition for ``qualified individual'' and
included new requirements to ensure that all individuals who perform
activities required under subpart C are qualified to perform their
assigned activities.
We provided longer timelines for facilities to come into
compliance with the rule.
Costs and Benefits
The total cost of the rule, annualized over 10 years at a 7 percent
discount rate, is between $280 and $490 million. With a 3 percent
discount rate, the annualized cost is between $270 and $480 million.
The first-year cost is between $680 and $930 million. Counting only
domestic firms, the total annualized costs are between $90 and $150
million, with initial costs of between $220 and $300 million. The
average annualized cost per covered facility is between $9,000 and
$16,000,
[[Page 34168]]
and the average annualized cost per covered firm is between $27,000 and
$47,000.
The benefits of the actions required by the rule are a reduction in
the possibility of illness and death resulting from intentional
adulteration of food. We monetize the damage that various intentional
adulteration scenarios might cause, and present a breakeven analysis
showing the number of prevented attacks at which the benefits are
larger than the costs. For attacks that are similar in impact to acts
of intentional adulteration that have happened in the United States in
the past, the breakeven threshold, counting only producer costs, is 28
to 48 attacks prevented every year. For attacks causing similar
casualties as major historical outbreaks of food-related illness, the
breakeven threshold is one or two attacks every year. For catastrophic
terrorist attacks causing thousands of fatalities, the breakeven
threshold is one attack prevented every 270 to 460 years.
The table shows the approximate, rounded, mean values for various
cost components of the rule:
Annualized Cost and Benefit Overview
------------------------------------------------------------------------
All Numbers are USD 2014 (millions),
annualized over 10 years 3% Discount 7% Discount
------------------------------------------------------------------------
Costs:
Learning about Rule................. $3 $4
Creating Food Defense Plans......... 10 11
Mitigation Costs.................... 26 28
Monitoring, Corrective Action, 62 62
Verification.......................
Employee Training................... 5 6
Documentation....................... 9 9
Subtotal (Domestic cost)............ 115 119
Cost to Foreign Firms............... 247 256
-------------------------------
Total............................. 362 375
Benefits:
-------------------------------
Lower Chance of Intentional
Adulteration....................... Unquantified
------------------------------------------------------------------------
I. Background
A. FDA Food Safety Modernization Act
The FDA Food Safety Modernization Act (FSMA) (Pub. L. 111-353),
signed into law by President Obama on January 4, 2011, is intended to
allow FDA to better protect public health by helping to ensure the
safety and security of the food supply. FSMA enables us to focus more
on preventing food safety problems rather than relying primarily on
reacting to problems after they occur. The law also provides new
enforcement authorities to help achieve higher rates of compliance with
risk-based, prevention-oriented safety standards and to better respond
to and contain problems when they do occur. In addition, the law
contains important new tools to better ensure the safety of imported
foods and encourages partnerships with State, local, tribal, and
territorial authorities. A top priority for FDA are those FSMA-required
regulations that provide the framework for industry's implementation of
preventive controls and enhance our ability to oversee their
implementation for both domestic and imported food. To that end, we
proposed the seven foundational rules listed in table 1 and requested
comments on all aspects of these proposed rules.
Table 1--Published Foundational Rules for Implementation of FSMA
------------------------------------------------------------------------
Title Abbreviation Publication
------------------------------------------------------------------------
Current Good Manufacturing 2013 proposed 78 FR 3646,
Practice and Hazard Analysis human preventive January 16, 2013.
and Risk-Based Preventive controls rule.
Controls for Human Food.
Standards for the Growing, 2013 proposed 78 FR 3504,
Harvesting, Packing, and produce safety January 16, 2013.
Holding of Produce for Human rule.
Consumption.
Current Good Manufacturing 2013 proposed 78 FR 64736,
Practice and Hazard Analysis animal preventive October 29, 2013.
and Risk-Based Preventive controls rule.
Controls for Food for Animals.
Foreign Supplier Verification 2013 proposed FSVP 78 FR 45730, July
Programs (FSVP) for Importers rule. 29, 2013.
of Food for Humans and Animals.
Accreditation of Third-Party 2013 proposed 78 FR 45782, July
Auditors/Certification Bodies third-party 29, 2013.
to Conduct Food Safety Audits certification
and to Issue Certifications. rule.
Focused Mitigation Strategies To 2013 proposed 78 FR 78014,
Protect Food Against intentional December 24,
Intentional Adulteration. adulteration rule. 2013.
Sanitary Transportation of Human 2014 proposed 79 FR 7006,
and Animal Food. sanitary February 5, 2014.
transportation
rule.
------------------------------------------------------------------------
We also issued a supplemental notice of proposed rulemaking for the
rules listed in table 2 and requested comments on specific issues
identified in each supplemental notice of proposed rulemaking.
[[Page 34169]]
Table 2--Published Supplemental Notices of Proposed Rulemaking for the
Foundational Rules for Implementation of FSMA
------------------------------------------------------------------------
Title Abbreviation Publication
------------------------------------------------------------------------
Current Good Manufacturing 2014 supplemental 79 FR 58524,
Practice and Hazard Analysis human preventive September 29,
and Risk-Based Preventive controls notice. 2014.
Controls for Human Food.
Standards for the Growing, 2014 supplemental 79 FR 58434,
Harvesting, Packing, and produce safety September 29,
Holding of Produce for Human notice. 2014.
Consumption.
Current Good Manufacturing 2014 supplemental 79 FR 58476,
Practice and Hazard Analysis animal preventive September 29,
and Risk-Based Preventive controls notice. 2014.
Controls for Food for Animals.
Foreign Supplier Verification 2014 supplemental 79 FR 58574,
Programs (FSVP) for Importers FSVP notice. September 29,
of Food for Humans and Animals. 2014.
------------------------------------------------------------------------
We have finalized six of the foundational rulemakings, as listed in
table 3.
Table 3--Published Foundational Final Rules for Implementation of FSMA
------------------------------------------------------------------------
Title Abbreviation Publication
------------------------------------------------------------------------
Current Good Manufacturing PCHF final rule... 80 FR 55908,
Practice, Hazard Analysis and September 17,
Risk-Based Preventive Controls 2015.
for Human Food.
Current Good Manufacturing PCAF final rule... 80 FR 56170,
Practice, Hazard Analysis and September 17,
Risk-Based Preventive Controls 2015.
for Food for Animals.
Standards for the Growing, Produce final rule 80 FR 74354,
Harvesting, Packing, and November 27,
Holding of Produce for Human 2015.
Consumption.
Foreign Supplier Verification FSVP final rule... 80 FR 74226,
Programs (FSVP) for Importers November 27,
of Food for Humans and Animals. 2015.
Accreditation of Third-Party Third-party final 80 FR 74570,
Certification Bodies to Conduct rule. November 27,
Food Safety Audits and to Issue 2015.
Certifications.
Sanitary Transportation of Human Transport final 81 FR 20092, April
and Animal Food. rule. 6, 2016.
------------------------------------------------------------------------
As FDA finalizes these seven foundational rulemakings, we are
putting in place a framework for food safety that is modern and brings
to bear the most recent science on provisions to enhance food safety
and food defense, that is risk-based and focuses effort where the
hazards are most significant, and that is flexible and practical given
our current knowledge of food safety and food defense practices. To
achieve this, FDA has engaged in a great deal of outreach to the
stakeholder community to find the right balance in these regulations of
flexibility and accountability.
Since FSMA was enacted in 2011, we have been involved in
approximately 600 engagements on FSMA and the proposed rules, including
public meetings, Webinars, listening sessions, farm tours, and
extensive presentations and meetings with various stakeholder groups
(Ref. 1) (Ref. 2). As a result of this stakeholder dialogue, FDA
decided to issue the four supplemental notices of proposed rulemaking
to share our current thinking on key issues and get additional
stakeholder input on those issues. As we move forward into the next
phase of FSMA implementation, we intend to continue this dialogue and
collaboration with our stakeholders, through guidance, education,
training, and assistance, to ensure that stakeholders understand and
engage in their roles in food safety and food defense. FDA believes
these seven foundational final rules, when implemented, will fulfill
the paradigm shift toward prevention that was envisioned in FSMA and be
a major step forward for food safety and food defense that will protect
consumers into the future.
B. Proposed Rule on Intentional Adulteration
In the Federal Register of December 24, 2013 (78 FR 78014), we
issued a proposed rule to implement the intentional adulteration
provisions in sections 103, 105, and 106 of FSMA (proposed rule). We
initially requested public comments on the proposed rule by March 31,
2014. We extended the comment period for the proposed rule until June
30, 2014, in response to several requests for an extension.
The proposed rule proposed to require various food defense measures
that an owner, operator, or agent in charge of a facility would be
required to implement to protect against the intentional adulteration
of food, and can be summarized as follows:
Prepare and implement a written food defense plan that
includes actionable process steps, focused mitigation strategies, and
procedures for monitoring, corrective actions, and verification
(proposed Sec. 121.126).
Identify any actionable process steps, using one of two
procedures. In the proposed rule, we explained that FDA has analyzed
vulnerability assessments conducted using the CARVER+Shock methodology
and identified four key activity types: Bulk liquid receiving and
loading; Liquid storage and handling; Secondary ingredient handling;
and Mixing and similar activities. We further explained that FDA has
determined that the presence of one or more of these key activity types
at a process step (e.g., manufacturing, processing, packing, or holding
of food) indicates a significant vulnerability under section 418 of the
FD&C Act and that the food is at high risk of intentional adulteration
caused by acts of terrorism under section 420 of the FD&C Act. We
proposed that facilities may identify actionable process steps using
the FDA-identified key activity types as described in proposed Sec.
121.130(a) or conduct their own facility-specific vulnerability
assessments as provided in proposed Sec. 121.130(b).
Identify and implement focused mitigation strategies at
each actionable
[[Page 34170]]
process step to provide assurances that the significant vulnerability
at each step will be significantly minimized or prevented and the food
manufactured, processed, packed, or held by the facility will not be
adulterated (proposed Sec. 121.135).
Establish and implement procedures, including the
frequency with which they are to be performed, for monitoring the
focused mitigation strategies (proposed Sec. 121.140)
Establish and implement corrective action procedures that
must be taken if focused mitigation strategies are not properly
implemented (proposed Sec. 121.145).
Verify that monitoring is being conducted and appropriate
decisions about corrective actions are being made; verify that the
focused mitigation strategies are consistently implemented and are
effectively and significantly minimizing or preventing the significant
vulnerabilities; and conduct a reanalysis of the food defense plan
(proposed Sec. 121.150).
Ensure that personnel and supervisors assigned to
actionable process steps receive appropriate training in food defense
awareness and their respective responsibilities in implementing focused
mitigation strategies (proposed Sec. 121.160).
Establish and maintain certain records, including the
written food defense plan; written identification of actionable process
steps and the assessment leading to that identification; written
focused mitigation strategies; written procedures for monitoring,
corrective actions, and verification; and documentation related to
training of personnel. All such records are subject to certain
recordkeeping requirements, record retention requirements, requirements
for official review and public disclosure requirements (proposed
Sec. Sec. 121.301 to 121.325).
Proposed the effective date as 60 days after this final
rule is published. However, we proposed for a longer timeline for
facilities to come into compliance. Facilities, other than small and
very small businesses, would have 1 year after the effective date to
comply with part 121. Small businesses (i.e., those employing fewer
than 500 persons) would have 2 years after the effective date to comply
with part 121. Very small businesses (i.e., businesses that have less
than $10,000,000 in total annual sales of food, adjusted for inflation)
would be considered a qualified facility and have 3 years after the
effective date to comply with Sec. 121.5(a).
We requested comment on all aspects of the proposed requirements.
In addition, we described our thinking and sought comment on other
issues, including the framework of the rule; activities that occur on
produce farms; transportation carriers; food for animals; acts of
disgruntled employees, consumers, or competitors; economically
motivated adulteration; low-risk activities at farm mixed-type
facilities; activities that occur on dairy farms; and other ways to
focus on foods with a high risk of intentional adulteration caused by
terrorism.
C. Appendix 4 to Draft Risk Assessment
We issued for public comment an ``Appendix 4 to Draft Qualitative
Risk Assessment of Risk of Activity/Food Combinations for Activities
(Outside the Farm Definition) Conducted in a Facility Co-Located on a
Farm'' (the draft RA Appendix) (78 FR 78064, December 24, 2013). The
purpose of the draft RA Appendix was to provide a science-based risk
analysis of those foods whose production processes would be considered
low risk with respect to the risk of intentional adulteration caused by
acts of terrorism. We used the tentative conclusions of the section
103(c)(1)(C) draft RA Appendix to seek comment in the proposed rule on
possible exemptions or modified requirements for this final rule (78 FR
78014 at 78029). We are including the final appendix to the risk
assessment in the docket established for this document (Ref. 3).
D. Public Comments
We received more than 200 public submissions on the proposed rule,
each containing one or more comments. We received submissions from
diverse members of the public, including food facilities (including
facilities co-located on a farm); farms; cooperatives; coalitions;
trade organizations; consulting firms; law firms; academia; public
health organizations; public advocacy groups; consumers; consumer
groups; Congress, Federal, State, local, and tribal Governments; and
other organizations. Some submissions included signatures and
statements from multiple individuals. Comments addressed virtually
every provision of the proposed rule, including our requests for
comment on including additional provisions that we did not include in
the proposed regulatory text. In the remainder of this document, we
describe these comments, respond to them, and explain any revisions we
made to the proposed rule.
Some comments address issues that are outside the scope of this
rule. For example, some comments express concern about overregulation
in general. Some comments believe the Department of Homeland Security
is the Federal Agency that should protect the food supply. Some
comments express concern about ``genetically modified organisms'',
while other comments express concern about the amount of chemicals in
food. Some comments express concern that extreme consolidation of our
food system is the main reason that it could be a target for terrorism
or other intentional acts aimed at causing widespread human casualties.
These comments state that decentralization is the most resilient
defense against those who wish to contaminate the food supply. We do
not discuss such comments in this document.
II. Legal Authority
The proposed rule contained an explanation of its legal basis under
authorities in the FDA Food Safety Modernization Act and section 701 of
the FD&C Act. After considering the comments received in response to
the proposed rule, FDA made changes in the final rule. The legal
authorities relied on in the final rule are the same as those in the
proposed rule unless otherwise described in the sections that follow.
A. Section 103 of FSMA
Section 103 of FSMA, Hazard Analysis and Risk-Based Preventive
Controls, amends the FD&C Act to create a new section 418, which
mandates rulemaking. Section 418(n)(1)(A) of the FD&C Act requires that
the Secretary issue regulations ``to establish science-based minimum
standards for conducting a hazard analysis, documenting hazards,
implementing preventive controls, and documenting the implementation of
the preventive controls. . . .'' Section 418(n)(1)(B) of the FD&C Act
requires that the regulations define the terms ``small business'' and
``very small business,'' taking into consideration the study of the
food processing sector required by section 418(l)(5) of the FD&C Act.
Further, section 103(e) of FSMA creates a new section 301(uu) in the
FD&C Act (21 U.S.C. 331(uu)) to prohibit ``[t]he operation of a
facility that manufactures, processes, packs, or holds food for sale in
the United States if the owner, operator, or agent in charge of such
facility is not in compliance with section 418 [of the FD&C Act].''
In addition to rulemaking requirements, section 418 contains
requirements applicable to the owner, operator, or agent in charge of a
facility
[[Page 34171]]
required to register under section 415. Section 418(a) is a general
provision that requires the owner, operator, or agent in charge of a
facility to evaluate the hazards that could affect food manufactured,
processed, packed, or held by the facility, identify and implement
preventive controls, monitor the performance of those controls, and
maintain records of the monitoring. In addition to the general
requirements in section 418(a) of the FD&C Act, sections 418(b)-(i)
contain more specific requirements applicable to facilities, including
several provisions explicitly directed at intentional adulteration. For
example, section 418(b)(2) of the FD&C Act specifies that the owner,
operator, or agent in charge of a facility shall identify and evaluate
hazards that may be intentionally introduced, including by acts of
terrorism. Section 418(c)(2) of the FD&C Act specifies that the owner,
operator, or agent in charge of a facility shall identify and implement
preventive controls to provide assurances that any hazards that relate
to intentional adulteration will be significantly minimized or
prevented and addressed, consistent with section 420 of the FD&C Act.
Sections 418(j)-(m) of the FD&C Act and sections 103(c)(1)(D) and
(g) of FSMA provide authority for certain exemptions and modifications
to the requirements of section 418 of the FD&C Act. These include
provisions related to seafood and juice hazard analysis critical
control point (HACCP), and low-acid canned food (section 418(j));
activities of facilities subject to section 419 of the FD&C Act
(Standards for Produce Safety) (section 418(k)); qualified facilities
(section 418(l)); facilities that are solely engaged in the production
of food for animals other than man, the storage of raw agricultural
commodities (other than fruits and vegetables) intended for further
distribution or processing, or the storage of packaged foods that are
not exposed to the environment (section 418(m)); facilities engaged
only in certain low risk on-farm activities on certain foods conducted
by small or very small businesses (section 103(c)(1)(D) of FSMA), and
dietary supplements (section 103(g) of FSMA). We are issuing all of the
provisions of the rule under section 418 of the FD&C Act, except with
respect to facilities that are exempt from its coverage.
B. Section 106 of FSMA
Section 106 of FSMA, Protection Against Intentional Adulteration,
amends the FD&C Act to create a new section 420, which mandates
rulemaking. Section 420 of the FD&C Act requires FDA to issue
regulations to protect against the intentional adulteration of food.
Section 420(b)(1) of the FD&C Act requires that such regulations are to
specify how a person is to assess whether the person is required to
implement mitigation strategies or measures intended to protect against
the intentional adulteration of food. Section 420(b)(2) of the FD&C Act
requires that the regulations specify appropriate science-based
mitigation strategies or measures to prepare and protect the food
supply chain at specific vulnerable points, as appropriate. Section
420(c) of the FD&C Act provides that such regulations are to apply only
to food for which there is a high risk of intentional adulteration and
for which such intentional adulteration could cause serious adverse
health consequences or death to humans or animals. Section 420(c)(1)
provides that such foods are to include those for which FDA has
identified clear vulnerabilities. Section 420(d) of the FD&C Act limits
applicability on farms to farms that produce milk. Further, section
106(d) of FSMA creates a new section 301(ww) in the FD&C Act to
prohibit ``[t]he failure to comply with section 420 [of the FD&C
Act].'' We are issuing all of the provisions of the rule under section
420 of the FD&C Act.
C. Intrastate Activities
FDA concludes that the rule should apply to activities that are
intrastate in character. Facilities are required to register under
section 415 of the FD&C Act regardless of whether the food from the
facility enters interstate commerce (Sec. 1.225(b)). The plain
language of section 418 of the FD&C Act applies to facilities that are
required to register under section 415 of the FD&C Act (section
418(o)(2)) and does not exclude a facility because food from such a
facility is not in interstate commerce. Similarly, the plain language
of section 420 of the FD&C Act requires FDA to issue regulations to
protect against the intentional adulteration of food and does not
include a limitation to interstate commerce. Further, the prohibited
act provisions in sections 301(uu) and (ww) of the FD&C Act (21 U.S.C.
331(uu) and (ww)) do not require an interstate commerce nexus. Notably,
other subsections in section 301 of the FD&C Act, and section 304 of
the FD&C Act (21 U.S.C. 334) demonstrate that Congress has included a
specific interstate commerce nexus in the provisions of the FD&C Act
when that is its intent. Accordingly, it is reasonable to interpret
sections 418, 420, 301(uu), and 301(ww) of the FD&C Act as not limited
to those facilities with a direct connection to interstate commerce.
III. General Comments on the Proposed Rule
A. Comments on Overall Framework for the Regulatory Approach
We proposed a HACCP-type approach, like the one proposed for the
systematic control of food safety hazards in the PCHF proposed rule, as
the most effective means of ensuring that mitigation strategies are
consistently applied once the significant vulnerabilities are
identified and appropriate mitigation strategies are developed. We
requested comment on the appropriateness of a HACCP-type system to
ensure that mitigation strategies designed to significantly minimize or
prevent intentional adulteration related to terrorism are effective and
implemented as intended. We also requested comment about whether there
are other approaches that would be more suitable to address intentional
adulteration related to terrorism.
In the following paragraphs, we discuss the comments that disagree
with, or request changes to, the proposed approach. After considering
these comments, we are continuing to require an approach based on an
analysis of hazards/vulnerabilities and the implementation of measures
to mitigate the identified hazards/vulnerabilities (a HACCP-type
approach); however, we are providing for additional flexibility, as
requested.
(Comment 1) Some comments state food defense and food safety
require different approaches because they are different disciplines.
The comments explain that the science is different, that food safety
deals with known and identifiable risks whereas food defense deals with
unknown, often unidentifiable, and ever changing threats and that food
safety risks can be prevented or reduced to an acceptable level but
food defense threats only can be mitigated. The comments conclude that
regulatory requirements addressing food defense must reflect these key
differences between food defense and food safety and use different
terminology. Some comments state that FSMA does not require a
preventive controls approach for food defense, and a traditional HACCP
approach is too rigorous and prescriptive for food defense. Conversely,
other comments support regulatory requirements for food defense that
are based on the proactive approach found in HACCP, specifically HACCP
concepts related to
[[Page 34172]]
analyzing problems and devising appropriate solutions.
(Response 1) We disagree that food safety and food defense require
entirely different approaches to ensure that food is not adulterated.
We agree that there are important, specific differences between food
safety and food defense, and these differences require different
requirements for particular components of the approaches. However, we
believe that food safety and food defense are more similar than they
are different. For both food safety and food defense, the framework for
preventing adulteration, whether it is intentional or unintentional, is
the same: (1) An analysis is needed to identify the hazards for which
measures should be taken to mitigate the hazard; (2) appropriate
measures must be identified and implemented; and (3) management
components are needed to ensure systematically that the measures are
functioning as intended. This is the foundation of the HACCP approach,
and we continue to believe this approach is appropriate for food
defense as well as food safety. In food defense terms, the three
elements are as follows: (1) A vulnerability assessment is needed to
identify significant vulnerabilities; (2) mitigation strategies must be
identified and implemented; and (3) mitigation strategy management
components are needed to ensure systematically that the mitigation
strategies are functioning as intended. See the proposed rule (78 FR
78014 at 78025) for a discussion of how the hazard analysis/preventive
control model is consistent with a vulnerability assessment/mitigation
strategy model.
We agree that the nature of the hazards being analyzed for food
safety and food defense purposes are different, but we disagree that
this means they need a different analytical approach. As discussed more
in the responses to Comment 71 and Comment 72, the vulnerabilities
considered for food defense, while not as predictable as some food
safety hazards, lend themselves to analytical assessment because they
have commonalities that would make them attractive to an attacker,
particularly an inside attacker. In this rule, we are focusing on
preventing the actions of an inside attacker. Our interactions with the
intelligence community, as well as the conclusions reached during
vulnerability assessments conducted in collaboration with industry,
have identified the inside attacker as the highest threat. Though FDA
is not aware of any information that points to an imminent, credible
threat to the food supply, achieving public health harm through an
attack via food remains an advocated option for terrorist groups (Ref.
4). Additionally, recent events have shown a general evolution in
terrorist activity away from large, centrally planned attacks to
attacks that are locally planned and implemented. These locally planned
attacks may be conducted by assailants inspired by terrorist groups but
who otherwise have no formal connection to, or regular contact with, a
terrorist organization (Ref. 5, 6, 7). Moreover, recent attacks
indicate that terrorist groups are adept at responding to protections
put in place to harden certain targets and will evolve their thinking
toward less-protected targets. Given the potential for wide scale
public health harm from intentional adulteration of the food supply, we
believe that a comprehensive, systematic approach, such as a HACCP-type
approach, is the most appropriate one and is not too rigorous. Further,
as an example of what can happen when someone intending harm has inside
access, in December 2013 a contract employee at Aqlifoods (a subsidiary
of Naruha Nichiro Holdings, Japan's largest seafood company),
intentionally adulterated several frozen foods with the pesticide
malathion. Japanese authorities believe the assailant brought malathion
to the plant and injected it into frozen foods during the manufacturing
process (Ref. 8). The employee exploited his access to the food prior
to packaging to introduce the agent. The adulteration resulted in at
least 2,843 mild foodborne illnesses and a recall of 6.4 million
packages of frozen seafood (Ref. 9). Though this assailant was most
likely trying to harm the company and not trying to cause massive
public health harm, this example indicates the damage that can be done
by an inside attacker.
Section 103 of FSMA reflects a Congressional determination that the
``hazard analysis and risk-based preventive controls'' approach is
appropriate for food defense. Section 103 directs us to promulgate a
framework for intentional adulteration that includes concepts that are
similar to those in HACCP. Section 103 of FSMA contains requirements
applicable to the owner, operator, or agent in charge of a facility
required to register under section 415 of the FD&C Act. Section 103(a)
of FSMA is a general provision that requires the owner, operator, or
agent in charge of a facility to evaluate the hazards that could affect
food manufactured, processed, packed, or held by the facility, identify
and implement preventive controls, monitor the performance of those
controls, and maintain records of the monitoring. Section 103(a)
specifies that the purpose of the preventive controls is to ``prevent
the occurrence of such hazards and provide assurances that such food is
not adulterated under section 402 [of the FD&C Act] or misbranded under
section 403(w) [of the FD&C Act]. . . .'' In addition to the general
requirements in section 418(a) of the FD&C Act, sections 418(b)-(i)
contain more specific requirements applicable to facilities. These
include hazard analyses for both unintentionally and intentionally
introduced hazards (section 418(b)(1)(2)), preventive controls for both
unintentionally and intentionally introduced hazards (section 418(c)
(1)(2)), monitoring (section 418(d)), corrective actions (section
418(e)), verification (section 418(f)), recordkeeping (section 418(g)),
a written plan and documentation (section 418(h)), and reanalysis of
hazards (section 418(i)). Therefore, we believe that FSMA directs us to
take a ``preventive controls approach'' for food defense, as well as
food safety.
We agree that, while the regulatory approaches for food defense and
food safety fundamentally should be similar, there need to be
differences in how the approach is implemented for food defense. We do
not agree that a HACCP-type approach is too prescriptive in general for
food defense, but additional flexibility is needed in the application
of the approach for food defense given the difference in the nature of
the potential adulteration and the implementation of mitigation
strategies that are not likely to be process-oriented or readily lend
themselves to validation. We also agree that differences in terminology
are appropriate. (See responses to Comment 2, Comment 45, and Comment
47.)
(Comment 2) While some comments acknowledge that section 103 of
FSMA directs us to promulgate a framework for intentional adulteration
that includes concepts that are similar to those in HACCP, these
comments also request that we provide more flexibility than a
traditional HACCP framework, with specific requests for flexibility in
the management components of monitoring, corrective actions, and
verification.
(Response 2) We agree that the intentional adulteration regulatory
framework should provide more flexibility than that of a traditional
HACCP approach. We believe there are key disciplinary differences
between food safety and food defense that argue for additional
flexibility in the intentional adulteration framework. Most
significantly, improper implementation of preventive controls is more
likely to result in adulterated
[[Page 34173]]
food than is improper implementation of mitigation strategies.
Preventive controls are more likely to be process-oriented and lend
themselves to being scientifically validated. Mitigation strategies are
more likely to be implemented to reduce physical access to a point,
step, or procedure, and/or reduce the opportunity for an attacker to
successfully contaminate the food and, in most instances, do not lend
themselves to scientific validation. These differences indicate a need
to apply the concepts of the HACCP approach in a more flexible manner
for food defense.
Recognizing the differences in the likelihood of adulteration and
the differences in mitigation strategies compared to the process-
oriented preventive controls, the intentional adulteration corrective
actions requirements contain neither provisions for the evaluation of
all affected food for safety in the event a corrective action is
required nor provisions for unanticipated corrective actions (see Sec.
121.145). Further, the intentional adulteration verification
requirement does not contain provisions for validation, calibration,
product testing, environmental monitoring, review of records for
calibration, testing, or supplier verification (see Sec. 121.150). We
believe this more flexible approach for food defense is appropriate and
adds flexibility compared to the provisions of the PCHF final rule.
We also have added flexibility to the identification of mitigation
strategies similar to the flexibility added to the identification of
preventive controls in the PCHF final rule (80 FR 55908 at 56020).
Although each facility subject to this rule must prepare and implement
a food defense plan, the mitigation strategies that the facility would
establish and implement would depend on the facility, the food, and the
outcome of the facility's vulnerability assessment to identify
actionable process steps (Sec. Sec. 121.130 and 121.135). For examples
of this added flexibility related to mitigation strategies, see the
discussion in section V.C.
As requested in comments, we also have changed regulatory text to
reflect the inclusion of more flexibility in monitoring, corrective
actions, and verification (see Sec. Sec. 121.138, 121.140, 121.145,
and 121.150 and discussed in more detail in the relevant sections later
in this document). These changes are similar to those made in the
regulatory text for preventive controls management components.
As we have concluded that similar regulatory approaches are
appropriate for both food safety and food defense, we have adopted the
flexibility included in the PCHF final rule management components
regulatory text, as appropriate for these intentional adulteration
requirements. The intentional adulteration provisions for mitigation
strategies management components make clear that mitigation strategies
management components are required as appropriate to ensure the proper
implementation of each such mitigation strategy, taking into account
the nature of the mitigation strategy and its role in the facility's
food defense system, and we have added Sec. 121.138 to reflect this
change. Likewise, the provisions for each of the individual mitigation
strategies management components (i.e., food defense monitoring, food
defense corrective actions and food defense verification) individually
provide flexibility, either by specifying that the provisions apply as
appropriate to the nature of the mitigation strategy and its role in
the facility's food defense system (i.e., for food defense monitoring
and food defense verification) or as appropriate to both the nature of
the mitigation strategy and the nature of the significant vulnerability
(i.e., for food defense corrective actions) (see Sec. Sec. 121.140,
121.145, and 121.150). For additional discussion of the flexibility
added for the mitigation strategies management components, see sections
V.E, V.F, and V.G and in particular the responses to Comment 88,
Comment 89, Comment 90, Comment 92, Comment 93, and Comment 95.
(Comment 3) Some comments state that the intentional adulteration
proposed HACCP approach is ``one size fits all.''
(Response 3) We disagree. The intentional adulteration requirements
to conduct a vulnerability assessment to identify actionable process
steps, identify and implement mitigation strategies, and use mitigation
strategies management components provide significant flexibility, are
tailored to the facility and its processes, and are therefore not
``one-size-fits-all.'' Although each facility with significant
vulnerabilities is required to identify and implement mitigation
strategies, the mitigation strategies that the facility would establish
and implement would depend on the facility, the food, and the outcome
of the facility's vulnerability assessment (Sec. Sec. 121.130 and
121.135). In addition, the mitigation strategies management components
(i.e., food defense monitoring, food defense corrective actions, and
food defense verification) that a facility would establish and
implement for its mitigation strategies would be established as
appropriate to ensure the proper implementation of the mitigation
strategies, taking into account the nature of each such mitigation
strategy and its role in the facility's food safety system (Sec.
121.138).
(Comment 4) Some comments state that management and oversight
activities of mitigation strategies should occur if they are
``appropriate'' (suitable for a particular purpose or capable of being
applied) and ``necessary'' (taking into account the nature of both the
significance of the vulnerability and the particular mitigation
strategy) for food defense.
(Response 4) We agree that mitigation strategies management
components of the HACCP-type framework should occur if they are
appropriate and necessary. As we have concluded that similar regulatory
approaches are appropriate for food safety and food defense, we have
adopted the flexibility included in the PCHF final rule management
components regulatory text (Sec. 117.140(a)), as appropriate for these
intentional adulteration requirements. The intentional adulteration
provisions for mitigation strategies management components make clear
that mitigation strategies management components are required as
appropriate to ensure the proper implementation of the mitigation
strategies, taking into account the nature of each such mitigation
strategy and its role in the facility's food defense system, and we
have revised proposed requirements for monitoring, corrective actions,
and verification to reflect these changes (see Sec. Sec. 121.138,
121.140, 121.145, and 121.150).
(Comment 5) Some comments state that the requirement for the amount
of paperwork associated with a HACCP-type approach, and the information
contained therein, may be counterproductive to the goal of mitigating
or preventing vulnerabilities because individuals or groups interested
in conducting these types of attacks may try to access this
information.
(Response 5) We disagree. A written food defense plan and its
required contents, which include the vulnerability assessment, the
identification and implementation of mitigation strategies, and
mitigation strategies management components, are essential to
significantly minimizing or preventing significant vulnerabilities
related to intentional adulteration of food, where the intent of the
adulteration is to cause wide scale public health harm. The required
documentation of the plan and implementation of the plan are necessary
so that both the facility and FDA can ensure that the significant
[[Page 34174]]
vulnerabilities are being addressed properly. We encourage facilities
covered by this rule to adequately protect food defense plans and
associated information and records. For a more detailed discussion
related to protecting food defense plan information, see section VI.F.
(Comment 6) One comment disagrees with the HACCP framework, and
requests we use a current good manufacturing practice (CGMP) approach.
This comment states that such an approach provides facilities with
sufficient flexibility to address intentional adulteration. Another
comment supports using a HACCP approach in the context of allowing
facilities to utilize prerequisite programs.
(Response 6) We disagree that a CGMP approach is the most
appropriate approach. We address the appropriateness and flexibility of
the HACCP-type approach in responses to Comment 1 and Comment 2. We
address the potential to consider pre-existing activities while
conducting a vulnerability assessment and identifying and implementing
mitigation strategies in Response 72 and Response 83.
We are requiring a HACCP-type approach rather than a CGMP-type
approach for several reasons. First, the management components in a
HACCP-type approach are the most effective means, as discussed in the
response to Comment 1, of ensuring that the mitigation strategies are
consistently applied. Second, as with food safety, there are hazards
(or in food defense terms, vulnerabilities) that warrant requirements
that are more rigorous than general, non-targeted CGMP provisions. The
vulnerabilities that warrant such requirements are those that we have
concluded are the highest risk, namely intentional adulteration
conducted at actionable process steps, including those vulnerabilities
associated with an inside attacker, intended to cause wide scale public
health harm. It is precisely these attacks at these points that require
the most robust and rigorous system to ensure that vulnerabilities are
assessed, significant vulnerabilities are identified, and mitigation
strategies are properly implemented to reduce these significant
vulnerabilities. General, non-targeted CGMP requirements (e.g.,
restricting access to outsiders) would not necessarily focus on the
significant vulnerabilities or ensure that mitigation strategies are
implemented to harden the potential targets. Finally, section 418 of
the FD&C Act requires that hazards intentionally introduced be
addressed in a HACCP-type framework.
(Comment 7) One comment asserts that because we already have
required food safety plans for facilities under a separate rulemaking,
and because an act of intentional adulteration of food that would cause
wide scale public health harm is not likely to occur, a separate food
defense plan, and thus this rule, is not necessary.
(Response 7) We disagree. Although it is true that most facilities
covered by this rule will also have a food safety or HACCP plan, the
focus of those plans is on preventing the contamination of food from
hazards that are unintentionally introduced and, therefore, the control
points and the measures implemented in those plans differ from those in
a food defense plan. It is unlikely that a facility would choose
preventive controls under the PCHF final rule that would be sufficient
to address vulnerabilities to intentional adulteration. For example, it
is unlikely that a facility conducting a hazard analysis would identify
the step of holding a liquid, such as a syrup, in a tank in a facility
as a hazard requiring a preventive control. In conducting a hazard
analysis, the facility would likely be considering whether there are
hazards associated with the incoming syrup or ingredients for the syrup
or the syrup production process (inadequate heating), but would not
likely identify the step of holding the syrup as requiring a preventive
control. However, in a vulnerability assessment, the step of holding
liquid syrup may be identified as a significant vulnerability if (1)
there would be significant public health consequences if a contaminant
were added, (2) there is access to the product while being held, and
(3) an attacker would be able to successfully contaminate the product.
With regard to the statement that an act of intentional
adulteration is not likely to occur, we agree that the likelihood of an
incident is low. However, given the potential for a successful
intentional adulteration of food to cause wide scale public health
harm, it is prudent for the largest facilities to take preventive
measures, and it is required by sections 418 and 420 of the FD&C Act
that they do so.
B. One Set of Requirements Under Sections 418 and 420 of the FD&C Act
(Comment 8) One comment asserts that the proposed rule blends
sections 103 and 106 of FSMA into one set of requirements and disagrees
with that approach. The comment states that section 103 requires basic
foundational food defense activities, including food defense plans at
all registered food facilities. The comment contrasts this with section
106, which it states provides FDA with the authority to designate
certain foods as ``high risk,'' and to require certain escalated food
defense activities for those foods. The comment asserts that FDA should
designate foods as ``high risk'' based on real-time actionable
intelligence of a credible threat. The comment acknowledges that
section 103 of FSMA does not apply to facilities required to comply
with the seafood HACCP program, the juice HACCP program, or the dietary
supplement CGMPs, but because none of these regulations address food
defense programs, the comment asserts the Agency can use other legal
authority to require these food facilities to have food defense
programs.
(Response 8) The final rule requires ``basic foundation[al] food
defense activities'' as well as providing for ``escalated food
defensive activities'' where warranted. To provide for foundational
food defense, the rule requires a food defense plan (i.e., a
vulnerability assessment, mitigation strategies, and procedures for
food defense monitoring, corrective actions, and verification) and
associated actions. These requirements are the minimum measures
necessary to provide assurances that hazards that relate to intentional
adulteration intended to cause wide scale public health harm will be
significantly minimized or prevented. Weakening these provisions, such
as by eliminating the requirement to implement mitigation strategies to
address significant vulnerabilities at each actionable process step,
would result in food defense measures inadequate to address the threat
of an inside attacker. As discussed in response to Comment 1, our
interactions with the intelligence community, as well as the
conclusions reached during vulnerability assessments conducted in
collaboration with industry, have identified an inside attacker as the
highest threat.
Further, the suggested approach would place too much reliance on
FDA having real-time actionable intelligence of a credible threat. As
discussed in the responses to Comment 11 and Comment 12, there are a
number of limitations to this approach. FDA may not receive specific,
real-time, credible threat intelligence. Further, rapidly communicating
even specific, actionable information to the food industry so that it
is received by all of the relevant facilities would present challenges.
Although some facilities may be able to identify some or all actionable
process steps and implement mitigation strategies within a short
[[Page 34175]]
timeframe, many other facilities would not be able to identify and
implement the necessary mitigation strategies and the mitigation
strategies management components (e.g., food defense monitoring,
corrective actions, verification) within the short time period that
could be required in the event of a credible threat. In addition,
taking action only in the event of a credible threat may not be
sufficient to prevent wide scale public health harm. Measures taken
after the threat is known may not be sufficient to prevent an attack if
the intelligence does not provide enough specific information, such as
the food product, contaminant, point of attack in a facility, and
geographic location of an attack.
Because the vulnerability assessment identifies the specific foods
at specific process steps at greatest risk, it also serves to identify
those foods that must be protected against intentional adulteration
under section 420. Having one set of requirements for food defense
measures helps ensure that the significant vulnerabilities will be
significantly minimized or prevented and addressed consistently across
sections 418 and 420 (see section 418(c)(2)). Further, as suggested by
the comment, the rule provides for escalated food defense activities
when necessary. Specifically, Sec. 121.157(b)(4) requires reanalysis
of a food defense plan (which could lead to the identification of
additional needed mitigation strategies) whenever FDA requires it to
respond to new vulnerabilities or credible threats to the food supply.
(Comment 9) One comment asserts that the proposed combination of
provisions under sections 418 and 420 of the FD&C Act has created
complexity that could be eliminated by removing acts intended to cause
massive public health harm from section 418 and covering them solely
under section 420. The comment further asserts that although section
418 includes ``acts of terrorism'' within the hazard analysis, Congress
did not intend to add this level of complexity to the rule and create
new work that is inconsistent with materials previously created to
address food defense. Further, the comment states that it appears these
new requirements were included in the rule as a consequence of the
statutory language rather than to reduce risk.
The comment states that one key difference between sections 418 and
420 is that section 418 requires the facility to identify hazards
related to intentional adulteration while section 420 requires FDA to
identify vulnerabilities that could result in serious adverse health
consequences. The comment asserts that due to the confidentiality of
information that serves as the basis for the FDA vulnerability
assessments, it would be more appropriate for FDA to perform the
assessment for acts that could cause massive public health harm and for
the facility to perform a vulnerability assessment for other types of
intentional adulteration that may be specific to a facility and are
outside of the FDA's vulnerability assessment.
(Response 9) FDA believes that a single unified set of requirements
(i.e., this rule) is more clear and less complex than dividing the
types of intentional adulteration covered by this rule into two
categories with two sets of requirements, as suggested by the comment.
It is not clear what would be covered under section 418 if it applied
only to ``other types of intentional adulteration that may be specific
to a facility,'' as suggested by the comment. Further, we do not
believe the provisions of the rule are inconsistent with our current
guidance; rather, they are more comprehensive and robust. FDA believes
that these new requirements will reduce risk beyond what is contained
in our current guidance documents. Our guidance documents mainly focus
on assessing vulnerabilities and identifying mitigation strategies, but
do not include recommendations for mitigation strategy management
components. We believe the management components (part of a HACCP-type
framework) are critical to ensuring that any hazards that relate to
intentional adulteration intended to cause wide scale public health
harm will be significantly minimized or prevented. Further, the
confidentiality of vulnerability assessments that FDA conducted is not
a barrier to a facility conducting a vulnerability assessment under
this rule. The key activity types that FDA has identified were derived
from FDA's vulnerability assessments and using key activity types to
conduct a vulnerability assessment remains a permissible option under
the final rule.
In addition, as recognized by the comment, section 418 explicitly
applies to ``acts of terrorism.'' Specifically, 418(b)(2) requires that
a hazard analysis identify and evaluate hazards that may be
intentionally introduced, including by acts of terrorism. Further,
section 418(i) authorizes FDA to require a reanalysis to respond to new
hazards including, as appropriate, results from terrorism risk
assessments. Generally, acts of terrorism involving the food supply
would be committed with the intention to cause wide scale public health
harm. Therefore, they are clearly covered by section 418.
(Comment 10) Some comments suggest that FDA require a hybrid
approach where all facilities subject to section 103 are required to
conduct a vulnerability assessment and develop and implement a basic
food defense plan. Under the hybrid approach, if a credible threat is
identified, then section 106 would serve as an escalation provision and
allow FDA to designate specific food(s) associated with the credible
threat as ``high risk.'' Comments suggest that FDA could then require
facilities with these high risk foods to reassess their food defense
plans and implement appropriate mitigation strategies that FDA may
specify to address the threat. Comments argue that if all potential
mitigation strategies need to be identified through the vulnerability
assessment and are managed in the absence of actionable intelligence of
a credible threat, then there is no ability to escalate the plan with
respect to certain mitigation strategies when needed.
(Response 10) FDA agrees with the comment in part. As discussed in
response to Comment 8, this rule requires facilities to conduct a
vulnerability assessment and develop and implement foundational food
defense activities. Further, the rule provides a mechanism which serves
a similar function to the ``escalation provision'' described in the
comment. Specifically, under Sec. 121.157(b)(4), FDA can require
facilities to reassess their food defense plans, which could trigger a
requirement to implement additional mitigation strategies.
FDA disagrees that the rule requires ``all potential mitigation
strategies'' to be identified and managed. We believe we have
appropriately balanced the need to provide assurances that hazards
associated with intentional adulteration are being prevented with the
low likelihood of a successful attack on the food supply. The rule does
not mandate specific mitigation strategies be implemented at actionable
process steps but rather allows strategies to be tailored to the
facility and its procedures. We also disagree that there is ``no
ability to escalate the plan with respect to certain mitigation
strategies.'' In response to a credible threat involving a specific
agent, a covered facility could reanalyze its food defense plan with
specific focus on the relevant agent. The facility then could implement
specific mitigation strategies to counter this threat (such as
processing changes, product testing, or other appropriate measures)
that are not currently required by the rule.
[[Page 34176]]
C. Require Measures Only in the Event of a Credible Threat
In the proposed rule, we sought comment on whether it would be
feasible to require measures to protect against intentional
adulteration only in the event of a credible threat. We also sought
comment on whether such an approach would be consistent with the
intentional adulteration provisions of FSMA and how such requirements
would be communicated to industry in a timely and actionable manner.
Many comments agree with the requirements as proposed that measures
to protect food against intentional adulteration be required even in
the absence of a credible threat but some comments support requirements
only in the event of a credible threat. Some comments assert that FDA
has the tools available in the Registration of Food Facility database
to establish a communications protocol to notify industry if there is a
credible threat. A few comments express concern over the difficulty of
developing and implementing food defense plans in a timely manner in
the event of a credible threat.
In the following paragraphs, we discuss these comments and our
responses. After considering the comments, we have revised the
regulatory text in Sec. 121.157(b)(4) to include specific language
that provides for FDA to require facilities to conduct a reanalysis of
their food defense plans to, among other things, respond to credible
threats to the food supply.
(Comment 11) Some comments state that this rule should only go into
effect in the event of a credible threat. One of these comments argues
that the oilseed processing industry that they represent has never been
the target of attacks or threats and therefore they are unlikely
targets for intentional adulteration and should be exempted from the
rule unless there is a credible threat against a facility or industry
as a whole.
(Response 11) We disagree with these comments. The fact that the
oilseed processing industry and other food industry sectors have not
been attacked in the past does not mean that these industry sectors
will never be attacked. Nor does it mean that preventive mitigation
strategies are unnecessary. As discussed in response to Comment 8,
taking action only in the event of a credible threat may not be
sufficient to prevent wide scale public health harm.
(Comment 12) Some comments encourage FDA to collaborate with the
U.S. Department of Homeland Security (DHS), the Federal Bureau of
Investigation (FBI), and other Federal and State Agencies to ensure
that the relevant stakeholders of the food industry are notified in a
timely manner upon discovery of a credible threat. These comments
discuss that alerting the food industry to known credible threat
information would be valuable because there may be additional
mitigation strategies that could be put into place when there is a
threat. The comments further explain that having such knowledge would
allow for industry stakeholders with specific, technical knowledge of
their products, equipment and plant security to better collaborate and
support the efforts of law enforcement. Some comments recommend that we
establish and formalize a mechanism and process to communicate credible
threat information to relevant stakeholders in industry and that the
Food Facility Registration database could help facilitate this. The
comments also recommend that we conduct exercises to test this
mechanism so that all stakeholders are aware of the established
communications process and can make adjustments and improvements as
necessary. Several comments recommended that we convene a panel of
industry stakeholders annually to discuss threat intelligence at the
``Secret'' level.
(Response 12) We concur with the recommendation that we should
collaborate with our Federal and State Agency partners on the discovery
and communication of credible threats in a timely manner. Currently,
FDA regularly meets and communicates with DHS, FBI, the U.S. Department
of Agriculture (USDA), and State and local Agency partners through the
Food and Agriculture Sector Government Coordinating Council (GCC) to
discuss food defense issues and research activities and introduce new
initiatives for mutual evaluation, implementation, and education. FDA's
Office of Criminal Investigations (OCI) works closely with the FBI and
other Agencies on a regular basis on threats against FDA-regulated
products, including food. We also agree that notifying relevant
stakeholders within industry of credible threats is essential to
protecting the food supply. The Food and Agriculture Sector GCC and
Sector Coordinating Council (consisting of private sector members) hold
in-person joint meetings twice a year and, when needed, classified
meetings at the ``Secret'' level are held to exchange information. As
we move towards implementing this rule, we will continue to work with
our partners--both in government and the private sector--to include
them in discussions regarding communicating credible threat
information.
(Comment 13) One comment states that the term ``credible threat''
is not adequately defined in the proposed rule, nor is the relationship
between a ``credible threat'' and a ``reasonably foreseeable hazard''
adequately described. The same comment also notes that because the term
``credible threat'' is commonly used to discuss sensitive or classified
information, the use of the term may place an unrealistic expectation
for sharing of sensitive or classified threat information between
government agencies and the private sector. The comment suggests either
removing the term ``credible threat'' from the rule or including a
definition with an explanation of the mechanism for sharing information
about credible threats with the food industry.
(Response 13) We disagree with this comment and decline the request
to include a definition for credible threat. It is not possible to
identify with precision what constitutes a credible threat. There are
many factors to consider in regards to how, what, when, or why those
who intend to cause harm may take action. As such, it is not possible
to write a definition for credible threat that is neither so broad that
it covers potentially any piece of intelligence, nor so narrow that it
is unnecessarily limiting. FDA routinely works with other agencies to
maintain situational awareness of potential threats to the food supply
and will consider that information in determining whether intelligence
rises to the level of a credible threat.
Within the context of protecting food against intentional
adulteration with the intent to cause wide scale public health harm, we
see no direct relationship between a ``credible threat'' and a
``reasonably foreseeable hazard.'' ``Known or reasonably foreseeable
hazard'' is defined in the PCHF final rule to mean a biological,
chemical (including radiological), or physical hazard that is known to
be, or has the potential to be, associated with the facility or the
food. We do not use the phrase ``reasonably foreseeable'' within the
context of intentional adulteration because it does not apply.
We acknowledge that there will be challenges to sharing sensitive
or classified threat information between government agencies and the
private sector. That is one of several reasons that we are not making
the requirement for mitigation strategies dependent on a particular
credible threat. In the event such information was to become known, FDA
intends to work with its
[[Page 34177]]
government partners to determine the appropriate course of action.
(Comment 14) Some comments recommend that in the event of a
credible threat, a facility could conduct a reassessment or reanalysis
of its food defense plan so that it could better tailor its mitigation
strategies to the threat. Some comments recommend that FDA revise the
regulatory text within proposed Sec. 121.150 for reanalysis to require
facilities to reassess their food defense plans when the Agency has
actionable intelligence of a credible threat of intentional
adulteration.
(Response 14) In the proposed rule, we describe that we may require
a reanalysis of the food defense plan in the event of a credible
threat. However, this was not specifically stated within the regulatory
text. Therefore, we have revised Sec. 121.157(b)(4) to provide that
reanalysis may be required by FDA to respond to credible threats to the
food supply. We did not see the need to include ``actionable
intelligence'' in the regulatory text because we believe that
``credible threat to the food supply'' implies a threat that also
requires actionable intelligence.
D. General Comments on Implementation and Compliance
We received a substantial number of comments with regard to how the
Agency will implement this rule. Many comments focused specifically on
the need for inspectors to be provided food defense training to enable
them to make informed decisions during inspections and compliance
activities. Another issue raised by many comments is that the Agency
should make available guidance resources, tools, training, and other
information to help facilities comply with the final rule. In the
section that follows, comments related to implementation and compliance
are discussed.
(Comment 15) Some comments state that existing regulatory
inspections should include evaluation of the intentional adulteration
rule requirements for the best use of time and resources.
(Response 15) FDA is currently considering the best approach for
structuring and conducting food defense inspections. We recognize that
inspections require resources from facilities and recognize that some
facilities may prefer that food defense inspections be conducted as
part of an inspection for other regulatory programs, such as preventive
controls for human food. We will consider this when developing our
enforcement strategy.
(Comment 16) Some comments express concern about the level of
training that will be needed for inspectors. These comments state that
the inspectors must be trained specifically on food defense and that
FDA should be transparent about the training that we provide the
inspectors. Comments emphasize the importance that FDA provide
specialized training to ensure consistent compliance and enforcement
activity by the Agency.
(Response 16) FDA understands and agrees with comments that state
that training for inspectors conducting food defense inspections is
critical to a consistent and adequate inspection, compliance, and
enforcement system. We agree with the comment that specialized training
in food defense will be required for inspection and compliance staff to
evaluate a facility's compliance with this rule. FDA has begun the
process of assessing its training needs for inspectors on food defense.
It is our intention that training provided to our inspection and
compliance staff will be consistent with that training for industry
that will be provided by the Intentional Adulteration subcommittee
organized within the Food Safety Preventive Controls Alliance (see
Comment 105) to facilitate consistent implementation of this rule. This
strategy is consistent with the other FSMA food safety regulations and
training strategies.
(Comment 17) Some comments state that inspections should have a
``big picture'' focus, and focus on the evaluation of the facility's
vulnerability assessment. Additionally, comments state that this
inspection should not compare the mitigation strategies used at other
facilities to the facility being inspected.
(Response 17) We agree. The rule is designed to provide flexibility
such that facilities can select appropriate mitigation strategies that
are best suited for their operations. FDA investigators will consider a
facility's written explanations regarding identification of actionable
process steps and selection of mitigation strategies when evaluating a
food defense plan to understand a facility's rationale. In addition, we
will work to educate industry before and while we regulate to assist
industry to gain and maintain compliance with the rule.
(Comment 18) Some comments request that FDA not cite food defense-
related items on FDA's Form 483 until the facilities and inspectors
learn about compliance with the intentional adulteration rule.
Additionally, some comments state concerns about FDA including
potentially sensitive information from food defense plans when citing
food defense-related items on Form 483.
(Response 18) FDA is currently in the process of developing its
inspection and compliance strategy for the intentional adulteration
rule and an important part of this strategy development will include
methods and processes for information exchange with regulated industry.
We recognize that food defense inspections could include evaluation of
sensitive information, including vulnerability assessments and
mitigation strategies. For a more detailed discussion on how FDA will
protect food defense-related information, see section VI.F, Public
disclosure.
(Comment 19) Some comments request that FDA include State
departments of agriculture in the process to develop and implement
inspection and compliance programs.
(Response 19) As mentioned previously, FDA is currently in the
process of developing its inspection and compliance strategy for the
intentional adulteration rule. FDA's implementation working group for
this rule includes representation from State partners, and State
partners will continue to play an essential and collaborative role
throughout the process.
(Comment 20) Several comments state that an alliance would be
beneficial for the implementation of the intentional adulteration rule.
(Response 20) Training alliances have played an important role in
facilitating industry compliance with many regulations in the past. We
agree with the comment and are in the initial stages of organizing and
establishing the Intentional Adulteration subcommittee within the Food
Safety Preventive Controls Alliance operated out of the Institute for
Food Safety and Health at the Illinois Institute of Technology. We
anticipate the Intentional Adulteration training subcommittee will
assist industry compliance with this final rule by supporting the
development and dissemination of training resources. We further
anticipate that the curriculum developed through the Intentional
Adulteration subcommittee will form the basis of training for
regulators as well.
(Comment 21) Some comments state that equal enforcement of this
rule across companies domestically and globally may require FDA to
adopt different enforcement mechanisms.
(Response 21) We intend to enforce this rule in a consistent manner
with regard to imported and domestically produced foods. FDA is
currently in the
[[Page 34178]]
process of developing its inspection and compliance strategy, including
how facilities will be selected for inspections and how inspections
will be conducted for both domestic and foreign facilities. Further, we
intend to engage in significant outreach activities--both domestically
and internationally--to facilitate industry compliance with this rule
and to communicate the Agency's current thinking on inspection,
compliance, and enforcement strategies. Additionally, we intend to
develop fact sheets, FAQ documents, guidance documents, and other
informational materials as needed to support domestic and foreign
industry compliance with the rule.
(Comment 22) Several comments recommend that food defense
activities conducted under programs, such as the Department of Homeland
Security's (DHS) Customs-Trade Partnership Against Terrorism (C-TPAT)
and mutually recognized international programs, the Chemical Facility
Anti-Terrorism Standards (CFATS), the USDA Food Safety and Inspection
Services (FSIS) food defense plan template, should be recognized as
meeting the requirements of this rule. Several comments state that
there are global food safety schemes that include food defense
requirements which could be leveraged in inspections and
implementation. Comments suggest that audits and private certifications
done under these food safety schemes should be sufficient for meeting
the requirements of this rule.
(Response 22) We disagree. The programs identified by comments are
not sufficient to substitute for compliance with this rule. For
example, they do not require mitigation strategies at all actionable
process steps and therefore are not sufficient to significantly
minimize or prevent intentional adulteration intended to cause wide
scale public health harm. Further, even if currently they were
sufficient for compliance for this rule, they could change at any time.
C-TPAT is a voluntary supply-chain security certification program
led by U.S. Customs and Border Protection (CBP) that focuses on private
companies (including food companies) implementing anti-terrorism
measures to protect their supply chains. When companies join C-TPAT,
they sign an agreement to work with CBP to identify supply chain
security gaps and implement specific security measures and best
practices. CBP has found that the security standards of some foreign
industry partnership programs are similar to those of the C-TPAT
program.
CFATS is a DHS program which regulates high-risk chemical
facilities to ensure they have anti-terrorism measures in place to
reduce risks associated with the storage and use of these high-risk
chemicals. Any facility that possesses ``chemicals of interest,'' as
identified by DHS, in certain quantities is considered a covered
facility that must meet some or all of the requirements under CFATS.
Some agriculture and food facilities are subject to CFATS requirements.
Covered chemical facilities are required to prepare Security
Vulnerability Assessments that identify facility security
vulnerabilities and to develop and implement Site Security Plans that
identify measures that satisfy risk-based performance standards. These
risk-based performance standards focus on physical security of the
chemicals.
Although both CFATS and C-TPAT programs address some of the
security concerns related to some food facilities, neither program
addresses the unique vulnerabilities associated with the food being
manufactured, processed, packed or held at the facility. In general,
voluntary security programs such as C-TPAT focus on global supply chain
security measures involved in the transportation of goods from location
to location. The CFATS program focuses on reducing risks related to
chemicals, even in facilities that are mainly geared toward food
production. In contrast, vulnerability assessments required by this
rule require identification of significant vulnerabilities at discrete
processing steps within a facility, where the intent of the attack is
to cause wide scale public health harm by contaminating the food
supply. Further, a vulnerability assessment must consider the threat
stemming from an inside attacker. Once these significant
vulnerabilities are identified, mitigation strategies are implemented
at or near those most vulnerable processing steps. Given these
differences, it is unlikely that facilities would be compliant with
this rule were they to rely wholly on assessments and mitigation
strategies conducted as part of other programs.
The food defense plan template from USDA FSIS is voluntary for
FSIS-regulated facilities, and is organized in four sections: (1)
Outside Security Measures, (2) Inside Security Measures, (3) Personnel
Security Measures, and (4) Incident Response Security Measures. The
template focuses on a facility's physical security measures, which are
analogous to recommended, but not required, facility wide security
measures in this rule. FSIS-regulated facilities are encouraged to read
and sign the template, adopt it as their food defense plan, and then
implement, test, and maintain the plan.
There are important similarities between the plan template and some
requirements in this rule. For example, some security measures listed
in the template are similar to some mitigation strategies included in
the FDA Mitigation Strategies Database. The testing of the plan is
somewhat similar to food defense monitoring. The plan template also
suggests awareness training for employees, which is similar to a food
defense awareness training requirement in this rule. The similarities
reflect FDA and USDA collaboration on food defense activities for many
years as discussed in the proposed rule (78 FR 78014 at 78021).
However, food defense plans developed using the FSIS template would
not meet all requirements of this final rule. Specifically, FSIS's food
defense plan template does not include a vulnerability assessment of
the points, steps, or procedures in a food process, nor does it include
implementation of mitigation strategies specific to the vulnerable
points. Additionally, the plan template does not include food defense
monitoring, food defense corrective action, food defense verification,
and some training required by this rule.
In addition, we recognize that there are existing global food
safety schemes that include food defense requirements and that many in
the food industry have already adopted and implemented these
requirements. For example, the Global Food Safety Initiative's (GFSI)
Guidance Document Sixth Edition (Ref. 10) addresses food defense.
Subsequently, many of the GFSI-recognized schemes include more specific
food defense requirements. The Safe Quality Foods (SQF) Code, edition
7.1 is a process and product certification standard that specifies
various food defense elements, including that the methods,
responsibility, and criteria for preventing food adulteration caused by
a deliberate act of sabotage or terrorist-like incident shall be
documented, implemented and maintained (Ref. 11). Another example of
industry standards that incorporate food defense elements is the
International Featured Standards (IFS) Food Version 6 Standard, which
specifies that areas critical to security be identified, food defense
hazard analysis and assessment of associated risks be conducted
annually or upon changes that affect food integrity, and an appropriate
alert system be defined and periodically tested for effectiveness (Ref.
12). We recognize that some in the food industry have already
voluntarily taken steps to incorporate and implement food
[[Page 34179]]
defense measures; however, they are not adequate to substitute for
meeting the requirements of this rule.
Although participation with global food safety schemes and other
programs administered by our Federal partners are not substitutes for
compliance with this rule, we believe that participation in programs
such as C-TPAT, CFATS, the use of the FSIS food defense plan template,
or international programs granted mutual recognition status as that of
C-TPAT, for example, decreases a facility's vulnerability to
intentional adulteration and can work in concert with the requirements
of the final rule. Additionally, a facility's participation in such
programs may be considered by FDA as we prioritize risk-based
inspections of facilities subject to the final rule. Further, we note
that a facility may use existing records (e.g., records that are kept
as part of these other programs) to meet the requirements of this rule,
if they contain all of the required information and, facilities may
supplement existing records as necessary to include all of the
information required by this rule (Sec. 121.330).
(Comment 23) Some comments state that laws in the European Union
currently require food facilities to take necessary measures to prevent
intentional adulteration, and it is therefore not justified to request
additional safety or security requirements for facilities subject to
these laws.
(Response 23) We disagree. This rule contains those measures FDA
has determined are necessary to protect food against intentional
adulteration. To the extent a facility is already taking actions that
are required by this rule, a facility will have to make fewer changes
to its operations. These security measures should be evaluated on a
case-by-case basis to determine if they qualify as a mitigation
strategy under this rule.
(Comment 24) Some comments request that FDA focus on education over
enforcement and use discretion during inspections.
(Response 24) As FSMA as a whole is a substantial change in how FDA
approaches regulating the food and agriculture sector, we recognize
that significant outreach, education, and training will be required to
facilitate industry compliance with all FSMA rules. As previously
stated by the Agency, one of the guiding principles for implementing
FSMA is that the Agency will educate before and while we regulate. This
includes a focus on sector-specific guidance, education, outreach, and
technical assistance for industry. The intentional adulteration rule
implementation will include these efforts to ensure facilities gain
understanding and awareness to comply with the rule. In addition, we
are providing for a longer timeline for facilities to come into
compliance, allowing for more outreach and dialogue with industry.
Facilities, other than small and very small businesses, have 3 years
after the effective date to comply with part 121. Small businesses
(i.e., those employing fewer than 500 full-time equivalent employees)
have 4 years after the effective date to comply with part 121. Very
small businesses (i.e., businesses that have less than $10,000,000,
adjusted for inflation, per year, during the 3-year period preceding
the applicable calendar year in both sales of human food plus the
market value of human food manufactured, processed, packed, or held
without sale, e.g., held for a fee) have 5 years after the effective
date to comply with Sec. 121.5(a).
(Comment 25) Some comments recommend that FDA update the Food
Defense Plan Builder software tool to capture the elements of a food
defense plan required by the final rule, such as monitoring, corrective
actions, and verification.
(Response 25) FDA plans to update existing tools and resources,
including the Food Defense Plan Builder software, to assist industry
with meeting the requirements for the final rule.
(Comment 26) Several comments request that FDA periodically update
its online tools and resources for companies to have access to
information about broad mitigation strategies, although they are not
required under the rule.
(Response 26) FDA intends to publish guidance to support industry
compliance with the final rule. This guidance will include information
relevant to the required provisions of the final rule and also will
likely include helpful information on facility-wide security measures
as well as other best practices and recommendations to assist
facilities in their development of a comprehensive food defense
program. In addition, FDA has a number of tools and resources currently
available on our Web site (https://www.fda.gov/fooddefense) that were
developed for our voluntary food defense program that can assist
industry.
E. Comments on Requests for Additional Exemptions
In the proposed rule we specifically requested comments on whether
there are other ways in which the coverage of this regulation can be
further focused on foods that present a high risk of intentional
adulteration caused by acts of terrorism. In this document we discuss
comments we received with specific recommendations on foods or
activities to exempt from the rule.
(Comment 27) Some comments assert that facilities engaged solely in
cooling, holding, handling, packing, repacking, packaging and shipping
of raw, intact fresh produce, similar to activities that may be
performed on farms, are unlikely to be engaged in any of the key
activity types and should be exempt from this rule. The comments
describe activities conducted by these facilities, including
application of fungicide, food grade wax coating, sorting and placing
whole intact produce into boxes for shipping. The comments further
state that whole intact produce would not be an attractive or feasible
target for an act of intentional adulteration with the intent to cause
wide scale public health harm, regardless of where the activities
occur.
(Response 27) We decline the requested exemption for facilities
engaged solely in cooling, holding, handling, packing, repacking,
packaging and shipping of raw, intact fresh produce. We recognize that
some of these facilities may not have any significant vulnerabilities;
however, some may. For example, packaging may be a significant
vulnerability, depending on the degree of access to the food and the
characteristics of the packaging area (e.g., in a minimally trafficked
area where individuals are working alone for extended periods of time,
or if the product is being sprayed with fumigant or fungicide
applications that may serve to apply a contaminant onto the food).
Therefore, to determine whether any mitigation strategies are needed,
each facility must conduct a facility specific vulnerability assessment
that considers, at a minimum: (1) The potential public health impact if
a contaminant were added (e.g., severity and scale); (2) the degree of
physical access to product; and (3) the ability of an attacker to
successfully contaminate the product. Any of the activities described
in the comments that are otherwise covered by existing exemptions do
not need to be considered in the vulnerability assessment. For example,
holding of foods other than in liquid storage tanks is exempt from the
rule (Sec. 121.5(b)). Also, packing or re-packing of food where the
container that directly contacts the food remains intact is exempt
(Sec. 121.5(c)).
If after conducting a vulnerability assessment, a facility
appropriately concludes that it has no actionable process steps, the
facility would not be required to implement mitigation strategies. The
facility's food defense plan would include the vulnerability
[[Page 34180]]
assessment, the conclusion that no actionable process steps are
present, and an explanation for this conclusion at each step. In
contrast, facilities with actionable process steps are required to
implement mitigation strategies and the appropriate mitigation
strategies management components.
(Comment 28) One comment suggests that we exempt food additives
used in low dosages. The comment asserts that ``the dosage of food
additives are approximately 0.01--1 percent of the total food, and the
final amount of the food additive absorbed into the human body should
be very small, roughly 1/100--1/10,000 of the total food consumed.''
The comment further asserts that if a contaminant is added to a food
additive used in low dosages, the risk to public health is very small.
(Response 28) We decline this request. Our vulnerability
assessments considered a number of factors when evaluating a product's
vulnerability to acts of intentional adulteration and the potential
public health consequences of such an act, including a wide variety of
threat agents. Our vulnerability assessments concluded that there were
situations where an act of intentional adulteration could still result
in wide scale public health harm even if the dose of the adulterant
were at or below the levels highlighted in this comment. Moreover, the
concentration of a food additive in the finished product may vary
depending on the nature of the product (e.g., citric acid can be added
to a food as a flavor enhancer in relatively low concentrations, or to
other foods in higher concentrations as a color retention agent).
(Comment 29) One comment recommends that we exempt production and
packaging of food ingredients from the rule. The comment asserts that
terrorist groups are more likely to attack finished food production
than food ingredient production because they want the publicity
associated with seeing the harm that their act causes. The comment
further asserts that it may be months or years before a contaminated
ingredient reaches consumers, and therefore it would not be a likely or
attractive target for terrorists who want to make a more immediate
impact. The comment also states that a contaminant can be degraded,
inactivated, or destroyed in further processing or prolonged storage if
it is added to an ingredient. The comment maintains that it is far
easier to select an appropriate contaminant with some knowledge of what
types of processing it will have to survive. The comment requests that,
at a minimum, we exempt the production and packaging of food
ingredients from requirements for focused mitigation strategies and
make them subject only to requirements for broad mitigation strategies.
(Response 29) We decline this request. As discussed in section
IV.B.3, the rule now refers to ``mitigation strategy'' rather than
``focused mitigation strategy.'' Further, our vulnerability assessments
concluded that an act of intentional adulteration could still result in
wide scale public health harm even if the adulteration occurred during
the production of an ingredient. Ingredients have many different
distribution paths. Many ingredients can be sold in bulk to
manufacturing facilities for inclusion in processed finished foods or
be sold in consumer sized packaging for home use. Some ingredients can
be used in later processing as a primary ingredient or as a secondary
ingredient added in much lower volumes. In either case, the ingredient
manufacturer could be an effective point for an attacker to achieve
wide scale public health harm.
(Comment 30) One comment supports our proposed exemption Sec.
121.5(c) applicable to packing, repacking, labeling, or re-labeling of
food where the container that directly contacts the food remains
intact. The comment would like us to further exempt the transportation
and holding of foods in retail packaged form from coverage under this
rule.
(Response 30) The holding of food, except for holding of food in
liquid storage tanks, is exempt under Sec. 121.5(b). Therefore, the
holding of foods in retail packaged form is exempt from this rule.
Furthermore, as explained in section III.G.1, transportation carriers
are not included in the scope of this rule.
(Comment 31) One comment requests that food gases be considered for
an exemption for several reasons. The comment states that food gas
containers are extremely difficult to breach. Further, the comment
states that food gases may be stored in bulk storage tanks either
during manufacture, or prior to containerization (i.e., pressurized
cylinders) or transport (i.e., cryogenic tankers) but a person
intentionally trying to contaminate the product during storage or
transportation would require use and knowledge of specialized equipment
that is not readily available. The comment argues therefore that food
gases are not at high risk for intentional adulteration. In addition,
the comment notes that there are several uses for food gases, such as
processing aids (e.g., freezing, chilling, pressure transfer) that will
have minimal contact with the food provided to consumers, and whether
used as a food additive or an ingredient the gas comprises a very small
percentage of the final food product.
(Response 31) We decline the request. The comment identifies that
food gases may be stored in bulk storage tanks either during
manufacture, or prior to containerization or transport. We recognize at
some facilities manufacturing food gas may not have any significant
vulnerabilities; however, each covered facility must conduct a facility
specific vulnerability assessment, and that assessment must consider,
at a minimum: (1) The potential public health impact if a contaminant
were added (e.g., severity and scale); (2) the degree of physical
access to product; (3) the ability of an aggressor to successfully
contaminate the product. The comment mentions that breaching food gas
containers would require use and knowledge of specialized equipment
that is not readily available. However, the vulnerability assessment
must include consideration of an inside attacker, so this information
may be available to such an individual. The comment also mentions that
gases can be stored or transported in liquid form. Based on our
vulnerability assessments, liquids storage and handling has been
identified as potentially significantly vulnerable. Therefore,
facilities manufacturing food gas would need to evaluate their
manufacturing process through a vulnerability assessment. If after
conducting a vulnerability assessment, the facility appropriately
concludes that there are no actionable process steps in the facility,
the facility would not be required to implement mitigation strategies.
The food defense plan at this facility would include the vulnerability
assessment, the conclusion that no actionable process steps are
present, and an explanation for this conclusion at each step.
(Comment 32) Some comments request that FDA exempt research and
development (R&D) and pilot plants from the rule. These comments argue
that a vulnerability assessment conducted at such a facility would in
all likelihood conclude that there are no significant vulnerabilities
due to the low volume of product produced, because such products are
not typically for retail sale, and because of the narrow scope of
consuming individuals, if any.
(Response 32) We decline the request. We note that if food at an
R&D facility is not for consumption, the facility is not required to
register and would not be subject to this rule. Food processed at R&D
facilities may be consumed as samples, distributed at special events,
or
[[Page 34181]]
may take other routes to public consumption. As with other facilities
covered by the rule, it is possible, based on a facility specific
vulnerability assessment, that an R&D facility may conclude that it
does not contain any significant vulnerabilities. If, after conducting
a vulnerability assessment, the facility appropriately concludes that
it has no actionable process steps, the facility would not be required
to implement mitigation strategies. The facility's food defense plan
would include the vulnerability assessment, the conclusion that no
actionable process steps are present, and an explanation for this
determination at each step. In contrast, an R&D facility with
actionable process steps is required to implement mitigation strategies
and the appropriate mitigation strategies management components.
F. Other General Comments
(Comment 33) Some comments ask us to publish a revised proposed
rule or an interim rule before proceeding to a final rule because of
anticipated, significant changes resulting from comments that we
received in response to the proposed rule. Some comments state that
food defense is a new and evolving area without existing regulatory
requirements or a long history of broadly accepted practices and that
further substantive dialogue with industry is needed. Some comments
state that a reproposal would serve the same purpose as an Advance
Notice of Proposed Rulemaking which was FDA's stated intent prior to
the imposition of judicial deadlines. Some comments state that because
FSMA rules are dependent on one another, some proposed FSMA rules
should be issued concurrently so that a concurrent evaluation and
comment period may be conducted. Some comments state that industry must
first get used to the new food safety regulations and then concentrate
on new food defense regulations and believe reproposing at a later date
will give industry a chance to comply with all the new regulations.
(Response 33) We decline these requests. These revisions in the
final rule more closely align the rule with many current food defense
best practices and increase flexibility for facilities to comply. With
regard to the suggestion that we should issue the FSMA foundational
proposed rules simultaneously for comment, this was not feasible given
our judicial deadlines for the seven rules (Ref. 13). We believe that
stakeholders were given adequate opportunity to comment on the proposed
rules, and we extended many comment periods. With regard to the
comments that suggest we repropose this rule to give industry more time
to comply, we have addressed this issue by extending the compliance
dates by an additional 2 years (see section VIII).
(Comment 34) One comment disagrees with the exemption for holding
non-liquid bulk food. The comment asserts that most bulk foods,
irrespective of their physical form, are likely to be mixed or blended
at some point after receipt by the end-user (i.e., the manufacturer or
packager that will convert the bulk food into retail packaged food),
and are likely to be processed into a much larger volume of finished
food. Thus, the comment maintains that any contamination introduced
into a bulk food during storage prior to its use in the preparation of
a retail packaged food may affect a large volume of finished food and
may thereby cause massive public health harm.
(Response 34) As discussed in the proposed rule, based on an
analysis of the vulnerability assessments that FDA has conducted using
the CARVER+Shock methodology, we identified four key activity types
(Bulk liquid receiving and loading; Liquid storage and handling;
Secondary ingredient handling; and Mixing and similar activities) as
production processes that require focused mitigation strategies. With
the exception of the holding of food in liquid storage tanks, which is
not included in the exemption, we are not aware of activities performed
during the holding of food that fit within any of these four key
activity types (see 78 FR 78014 at 78036). There is no likely way that
a contaminant can be homogeneously mixed throughout a non-liquid bulk
food during storage. We found in our vulnerability assessments that the
potential for uniform distribution of a contaminant into the food is a
major factor in elevating vulnerability. Since it is highly unlikely
that an inside attacker would be able to evenly distribute a
contaminant into a dry bulk ingredient during storage, the
vulnerability associated with these steps did not rise to the level
associated with the vulnerability associated with the key activity
types.
G. Other Issues Discussed in the Proposed Rule
1. Transportation Carriers
In the proposed rule, we tentatively determined that there is a
significant vulnerability to intentional adulteration during bulk
liquid receiving and loading, one of the four key activity types
included in the proposal as an option to identify actionable process
steps. We did not identify receiving and loading of other types of
foods (e.g., non-bulk liquid, solid, gaseous) as key activity types
because we determined through our vulnerability assessments that they
do not present the same level of risk. Further, we tentatively
concluded that requiring receivers and shippers of bulk liquids to
implement mitigation strategies at actionable process steps involving
loading and receiving of bulk liquid foods would significantly minimize
or prevent the potential for intentional adulteration of these foods
during transportation.
Based on our vulnerability assessments, we proposed to require that
mitigation strategies to ensure the integrity of food during transport
would be implemented by facilities, rather than carriers. Where such
measures are implemented by the shippers and receivers of bulk liquids,
we tentatively concluded that the food would be sufficiently protected,
and that no further actions by a carrier would be needed. For this
reason, we did not propose to cover transportation carriers in the
proposed rule. We requested comment on our analysis and tentative
conclusion.
Some comments agree with the tentative conclusion in the proposed
rule to exclude transportation carriers. Some comments oppose this
approach. In the following paragraphs, we discuss comments that
disagree with the proposed approach. After considering the comments, we
are finalizing the rule as proposed with regard to transportation
carriers.
(Comment 35) Some comments disagree with our conclusion that
implementing mitigation strategies at the receiving and loading steps
for bulk liquids will adequately protect food during transportation.
Some comments argue that transport of food is one of the most
vulnerable stages in a process, as food is not protected by a secure
facility and may often be parked at a truck stop or other unsecure
locations for extended periods of time which provides the opportunity
for an attacker to gain access. One comment states that food shipments
have consistently been documented as either the first or second most
stolen truckloads on U.S. highways, and if terrorists were to use this
mode of attack on the food supply, the result could be a major event
for which we were not only unprepared, but for which we could have
foreseen the risk.
(Response 35) We disagree with these comments. Based on our
vulnerability assessments, we determined that the most practical
mitigation strategies to
[[Page 34182]]
ensure the integrity of food during transport would be implemented by
facilities, rather than by carriers. For example, to significantly
minimize or prevent the product from being intentionally adulterated
during transport, a shipper may elect to use seals to secure access
points, such as doors or hatches, on the transport conveyance. The
shipper seals the load prior to departure from its facility by using
seals with unique identification numbers. The shipper includes the seal
numbers on shipping documentation and transmits the seal numbers to the
receiving facility. Once the shipment arrives at the receiving
facility, the receiver would verify the seals are in place and that the
identification numbers match. This mitigation strategy ensures the food
was not accessible during transport. To ensure that the driver cannot
exploit his position to gain access and intentionally adulterate the
food during transport, the carrier has no role in the seal mitigation
strategy. If seals are missing or the identification numbers do not
match the shipping documentation, the receiving facility would reject
the load and notify the shipper.
Facilities are required to implement mitigation strategies that
significantly minimize or prevent significant vulnerabilities
associated with actionable process steps. Therefore, if a food
operation has a significant vulnerability associated with
transportation, the facility must choose a mitigation strategy or
combination of strategies to significantly reduce the vulnerability at
the receiving or loading step. Mitigation strategies implemented at
inbound receiving and outbound shipping would work complementary to
each other to protect the food during transport. For example, if the
vulnerability assessment concludes that loading is an actionable
process step because of a vulnerability during transportation, the
facility would implement mitigation strategies to protect its outbound
food from intentional adulteration (e.g., sealing the bulk liquid
tanker truck access points). Likewise, if the facility receiving the
food identifies receiving as an actionable process step because of a
vulnerability during transportation, it would implement mitigation
strategies to reduce the vulnerability of the food to intentional
adulteration during shipping. The mitigations employed at the
receiving/unloading step may include procedures to accept only
scheduled shipments, verification of shipping documentation, procedures
to investigate delayed or missing shipments, inspecting loads prior to
receipt, and rejecting damaged or suspect items. These steps together
will then work to significantly reduce the significant vulnerabilities
associated with the transport of food. With respect to the prevalence
of theft of food during transport, such theft is economically
motivated; the scope of this rule is limited to acts of intentional
adulteration where the intent is to cause wide scale public health
harm.
(Comment 36) One comment states that the use of seals or tamper-
evident containers is insufficient to protect bulk foods during
transportation and/or holding because tamper-evident seals can be
defeated and cannot be expected to prevent a determined attacker. The
comment further states that tamper-evident containers or seals should
be used in combination with other measures.
(Response 36) Mitigation strategies are ``risk-based,''
``reasonably appropriate measures'' employed to ``significantly
minimize or prevent'' significant vulnerabilities. They cannot always
eliminate entirely any possibility of intentional adulteration.
Furthermore, each facility has some degree of discretion in determining
how, and whether, each mitigation strategy is properly implemented, as
part of the facility's written explanation of how the mitigation
strategy sufficiently minimizes or prevents the significant
vulnerability associated with the actionable process step. Facilities
are required to implement mitigation strategies that significantly
minimize or prevent the significant vulnerability; therefore, if a
significant vulnerability is identified, the mitigation strategy or
combination of strategies chosen by the facility must be sufficient to
reduce the vulnerability to an acceptable level at these steps.
In many cases the use of tamper evident seals may be an appropriate
mitigation strategy for limiting access to the product. Additionally,
if a tamper evident seal had been circumvented by an attacker, a close
inspection of the seal at receiving may reveal suspicious activity or
tampering which reduces the likelihood of a successful attack. However
if the facility concludes that tamper evident seals are not by
themselves sufficient to significantly reduce the vulnerability, they
should employ other or additional measures (such as directing carriers
to travel directly to the end destination without stop-overs, or
requiring teamed drivers to prevent the load from being unsupervised
during transport).
(Comment 37) One comment requests clarification of expectations in
situations where only one of the entities involved is covered by the
intentional adulteration rule (e.g., the shipper is covered, but the
receiver is exempt due to size or vice versa) and states that FDA may
need to take a closer look into exemption of carriers.
(Response 37) A covered facility may ship food to or receive food
from a facility that is not covered by the rule (e.g., it is a very
small business). The covered facility is responsible for implementing
mitigation strategies to address transportation if it has a significant
vulnerability associated with transportation at the receiving or
shipping steps. The mitigation strategies used by the covered facility
must significantly minimize or eliminate the significant vulnerability
at this step. Mitigation strategies are available to protect the food
during transport regardless of whether the shipper or receiver is
exempt from the rule. If the receiving facility is exempt, the shipping
facility can address the vulnerability by implementing mitigation
strategies such as those discussed in Response 36. If the shipping
facility is exempt, the receiving facility can address the
vulnerability by implementing mitigation strategies such as visually
inspecting seals and cargo to identify any suspicious activity or
tampering, verifying shipping documents are accurate, ensuring only
scheduled deliveries are accepted, and investigating delayed or
inaccurate shipments. Additionally, we do not believe a shipping and/or
receiving facility that qualifies for the very small business exemption
is an attractive target for attackers intending to cause wide scale
public health harm, as detailed in section IV.B.11.
(Comment 38) Some comments state that covering carriers under this
rule may not be the best approach and this component of the food sector
may be better addressed in guidance. Some comments ask us to continue
to develop materials, guidelines and other tools to promote voluntary
compliance of food defense measures by the transportation component of
the food sector.
(Response 38) We agree with these comments. As resources allow, we
will continue to develop best practices for the transportation industry
to assist with voluntary compliance with food defense measures.
[[Page 34183]]
2. Other Types of Intentional Adulteration: Disgruntled Employees,
Consumers, and Competitors; and Economically Motivated Adulteration
a. Disgruntled Employees, Consumers, and Competitors
In the proposed rule, we explained that when we considered the
spectrum of risk associated with intentional adulteration of food,
attacks conducted with the intent of causing massive casualties and to
a lesser extent, economic disruption, would be ranked as relatively
high risk. (Note that to further clarify the rule's focus we have
removed the reference to economic disruption from the definition of
``food defense.'') We further explained that attacks by disgruntled
employees, consumers, or competitors would be consistently ranked as
relatively low risk mainly because their public health and economic
impact would be generally quite small. We further stated that
disgruntled employees are generally understood to be interested
primarily in attacking the reputation of the company and otherwise have
little interest in public health harm. Typically, acts of disgruntled
employees, consumers, or competitors target food and the point(s) in
its production that are convenient (i.e., a point at which they can
easily access the food and contaminate it). To minimize or prevent this
type of adulteration would require restricting access to nearly all
points in the food system. Instead, we proposed to focus on those
points in the food system where an attack would be expected to cause
massive adverse public health impact.
We received comments supporting the proposed approach; comments
stating that measures should be required to protect against acts of
terrorism and disgruntled employees; and a comment stating that
disgruntled employees can be recruited by terrorist organizations. The
final rule is focused on protecting food against intentional
adulteration where the intent of the adulteration is to cause wide
scale public health harm. In the circumstance described by the comment
where a disgruntled employee is recruited by a terrorist organization,
the motivation of the employee has changed from harming the reputation
of the company to that of the terrorist organization intending to cause
wide-scale public health harm. The rule is designed to reduce the
likelihood that such an attack would be successful. Further, the
protections required by the rule would be effective in minimizing the
likelihood of success of a disgruntled employee, consumer, or
competitor who attempts an act of intentional adulteration at an
actionable process step--even if that act of intentional adulteration
is not intended to cause wide-scale public health harm. We continue to
believe that an approach that does not focus on preventing wide-scale
public health harm, but rather attempts to address intentional acts
regardless of their potential severity, would require restricting
access to nearly all points in the food system because these types of
attacks are typically conducted at areas of convenience and could occur
at any point in the food system.
b. Economically Motivated Adulteration
In the proposed rule, we stated that the goal of the perpetrator of
economically motivated adulteration is for the adulteration to go
undetected so the perpetrator can continue to obtain the desired
economic benefit. Unlike with intentional adulteration, where the
intent is to cause wide scale public health harm through instances such
as acts of terrorism focused on the food supply, occurrences of
economically motivated adulteration are expected to be long term, and
would not be appropriately viewed as a rare occurrence, but rather as
reasonably likely to occur. Because of these reasons, we concluded that
the approaches in the PCHF and PCAF final rules are better suited to
address economically motivated adulteration. We sought comment on our
conclusions.
We received numerous comments related to economically motivated
adulteration, including comments suggesting economically motivated
adulteration is best addressed in this rule, comments suggesting it is
best addressed in the PCHF and PCAF final rules, comments recommending
different hazard identification methodologies, comments related to
terminology and definitions, and comments requesting postponement of
any economically motivated adulteration-associated requirements.
We continue to believe that the approaches in the PCHF and PCAF
final rules are better suited to address economically motivated
adulteration, and have finalized this rule with no requirements related
to economically motivated adulteration for facilities covered by those
rules. For further discussion see the PCHF final rule (80 FR 55908 at
56028-56029) and the PCAF final rule (80 FR 56170 at 56243-56246).
In the proposed rule, we also tentatively decided not to require
produce farms subject to section 419 of the FD&C Act and farms that
produce milk (also referred to in this document as ``dairy farms'')
subject to section 420 of the FD&C Act to take measures to address
economically motivated adulteration. With regard to produce farms, we
tentatively concluded that there are not procedures, processes, or
practices that are reasonably necessary to be implemented by these
entities to prevent the introduction of known or reasonably foreseeable
biological, chemical, or physical hazards that can cause serious
adverse health consequences or death as a result of economically
motivated adulteration. With regard to farms that produce milk, we
tentatively concluded that there are not appropriate science-based
strategies or measures intended to protect against economically
motivated adulteration that can be applied at the farm. Those tentative
conclusions were based on our assessment that preventive controls are
suitable to address economically motivated adulteration when it is
perpetrated by the entity's supplier, but not when it is perpetrated by
the entity itself, and supplier controls are not warranted in this
context because of the lack of inputs into the growing, harvesting,
packing, or holding of produce or milk (i.e., activities within our
farm definition) that could be subject to economically motivated
adulteration that could cause serious adverse health consequences or
death under sections 419 and 420 of the FD&C Act.
We received one comment suggesting we include requirements related
to economically motivated adulteration on produce farms and stating
that economically motivated adulteration (e.g., illegal use of dyes and
ripening agents) has occurred on foreign produce farms. We continue to
believe that preventive controls are suitable to address economically
motivated adulteration when it is perpetrated by an entity's supplier,
but not by the entity itself. Preventive controls for economically
motivated adulteration are not suitable to address the situation where
the same farm that would be economically adulterating the food (which
is already prohibited) would also be responsible for implementing
preventive controls to prevent the adulteration. After considering this
comment, we have finalized this rule with no requirements related to
economically motivated adulteration on produce and dairy farms.
3. Dairy Farms
In the proposed rule, we stated that FDA-led vulnerability
assessments and associated data analyses identified certain categories
of points, steps, or
[[Page 34184]]
procedures in the food system which scored high on vulnerability scales
related to intentional adulteration of food, regardless of the food
being assessed. Two of these key activity types, liquid storage and
handling, and bulk liquid receiving and loading, are present on dairy
farms in areas such as the bulk liquid storage tank. We requested
comment on several questions, including whether and how access to the
bulk milk storage tank and milk house could be limited; the presence
and types of any mitigation strategies currently used on farms; and
whether and what mitigation strategies would be appropriate and
feasible given current dairy farming practices.
Some comments acknowledge that limiting access to the bulk milk
tank and milk house is an important objective; however, these comments
describe significant challenges regarding limiting access to milk.
These comments state that some State laws require unannounced access to
the bulk tank and/or the milk house for food safety inspections.
Additionally, comments state that locking only the bulk tank would be
ineffective because this would still leave the milk accessible via the
milk house. These comments also state that it is common for many dairy
farms to leave the bulk tank and the milk house unlocked to facilitate
normal day-to-day operations and that any regulation requiring strictly
limiting access, such as locking the milk house, would be impractical
due to the multiple entry points and the number of personnel needed for
these measures to function effectively. Some comments suggest that FDA
engage in substantial dialogue with industry to gain a better
understanding of current practices and better ascertain the food
defense measures that would be effective and appropriate before issuing
regulations. Some comments state that FDA should utilize existing
programs to identify potential activities to reduce the vulnerability
to intentional adulteration on dairy farms because these programs have
demonstrated efficacy and have the structures in place to successfully
implement new food defense measures.
Some comments state that FDA should not issue requirements for
dairy farms because they are not at high risk for intentional
adulteration. Some comments describe the willingness of stakeholders to
adopt voluntary food defense measures, with specific examples including
State-led education efforts and adoption of some elements of existing
FDA guidance relating to food defense measures on dairy farms. Some
comments state that any requirements should be limited to food defense
awareness training while other comments state that such training may be
beneficial and is provided on some farms, but more information is
needed to identify effective training programs.
Additionally, several comments address procedural matters, with
many comments stating that FDA must either allow a full and separate
comment period for any potential requirements for dairy farms because
there were no requirements related to dairy farms in the proposed rule,
or issue a fully separate proposal for dairy farms which will cover the
requirements in their entirety independent of the intentional
adulteration regulations for facilities that are not farms. Some
comments also request that dairy processing facilities be exempt from
the requirements of this rule.
Although we believe requiring mitigation strategies that restrict
access to milk on dairy farms is warranted based on risk, at this time
there are not strategies that limit access to milk that are appropriate
and practical to require for all farms. We believe it is important that
any mitigation strategies we consider imposing include restricting
access to milk while it is on farms. We agree with comments that state
that potential mitigation strategies, such as locking the milk tank and
milk house, are not currently workable given the realities of milking
schedules and the access to the bulk tank needed for food safety
inspections and milk collection. We need further dialogue with key
stakeholders and collaborative research to develop and identify
strategies that are protective and practical; we are aware of
technology-mediated advancements that are under development, and are
potentially promising for the future in this area. Given the current
lack of mitigation strategies that would practically limit access to
milk, we agree that working with the Federal-State collaborative
program for milk safety, the National Conference on Interstate Milk
Shipments (NCIMS), is the most appropriate way to address concerns
regarding intentional adulteration on dairy farms in the near term as
strategies that can limit access to milk while on farm are developed.
We believe NCIMS offers an effective platform for FDA to advance the
development and implementation of mitigation strategies for dairy farms
because the cooperative program includes key partners, such as the U.S.
Public Health Service/FDA, the States, and the dairy industry, and has
a central role in helping to ensure the safety of milk and milk
products.
We are not exempting Pasteurized Milk Ordinance (PMO) facilities
that are not farms (e.g., dairy processing facilities) from complying
with this rule. Unlike farms, such facilities have identified effective
mitigation strategies available to them. In addition, PMO requirements
do not currently address intentional adulteration. Further, unlike
farms, these facilities are not exempt from the PCHF rule. We note that
the earliest compliance date for this rule (3 years) is the same as the
extended compliance date in the PCHF rule, which was chosen to give the
NCIMS time to modify the PMO to include the requirements of the PCHF
rule.
IV. Subpart A: Comments on Specific Provisions
A. Revisions to Definitions Also Used in Section 415 Registration
Regulations (21 CFR Part 1, Subpart H) and Section 414 Recordkeeping
Regulations (21 CFR Part 1, Subpart J)
As discussed in the proposed rule (78 FR 78014 at 78030), several
terms we proposed have the same definitions as proposed in 21 CFR part
117 (the PCHF proposed rule) and therefore we did not include an
extensive discussion in the proposed rule of the following terms:
facility, farm, holding, manufacturing/processing, mixed-type facility,
and packing. We did not receive specific comments on any of our
proposed definitions for these terms, except that many comments state
that it is critical for FDA to cross-reference and be consistent with
the same terms as finalized in the PCHF final rule. We agree and we
have amended each of these terms to be consistent with the definitions
as finalized in the PCHF final rule. See section IV. of the PCHF final
rule for extensive discussion of the comments received and changes made
to these definitions.
1. Facility
We proposed to define the term ``facility'' to mean a domestic
facility or a foreign facility that is required to register under
section 415 of the FD&C Act (21 U.S.C. 350d), in accordance with the
requirements of 21 CFR part 1, subpart H. We have finalized this term
as proposed, except that we have made editorial changes by removing the
U.S. Code citation and amended the Code of Federal Regulations
citation.
2. Farm
We proposed to define the term ``farm'' by reference to the
definition of that term in Sec. 1.227 of this chapter. We have
finalized this term as proposed. For a detailed discussion of the
definition of ``farm,'' see sections IV.A and IV.B of the PCHF final
rule.
[[Page 34185]]
3. Holding
We proposed to define the term ``holding'' to mean storage of food.
In addition, we proposed that holding facilities include warehouses,
cold storage facilities, storage silos, grain elevators, and liquid
storage tanks. Further, we proposed that for farms and farm mixed-type
facilities, holding also includes activities traditionally performed by
farms for the safe or effective storage of raw agricultural commodities
grown or raised on the same farm or another farm under the same
ownership, but does not include activities that transform a raw
agricultural commodity (RAC), as defined in section 201(r) of the
Federal Food, Drug, and Cosmetic Act (21 U.S.C. 321), into a processed
food as defined in section 201(gg). In this final rule, consistent with
the PCHF final rule, we have revised the definition for ``holding'' by
removing the distinction for farms and farm mixed-type facilities and
added that holding also includes activities performed incidental to
storage of a food, but does not include activities that transform a RAC
into a processed food and included additional examples of holding
activities. For a detailed discussion of the definition of ``holding,''
see section IV.D of the PCHF final rule.
4. Manufacturing/Processing
We proposed to define manufacturing/processing to mean making food
from one or more ingredients, or synthesizing, preparing, treating,
modifying or manipulating food, including food crops or ingredients.
Further, the proposed definition provided that examples of
manufacturing/processing activities are cutting, peeling, trimming,
washing, waxing, eviscerating, rendering, cooking, baking, freezing,
cooling, pasteurizing, homogenizing, mixing, formulating, bottling,
milling, grinding, extracting juice, distilling, labeling, or
packaging. In addition, the proposed definition provided that for farms
and farm mixed-type facilities, manufacturing/processing does not
include activities that are part of harvesting, packing, or holding. In
this final rule, consistent with PCHF final rule, we have revised the
definition of ``manufacturing/processing'' by adding to the list of
examples and we have reorganized the listed examples to present them in
alphabetical order. For a detailed discussion of the definition of
``manufacturing/processing,'' see section IV.E of the PCHF final rule.
5. Mixed-Type Facility
We proposed to define mixed-type facility to mean an establishment
that engages in both activities that are exempt from registration under
section 415 of the FD&C Act and activities that require the
establishment to be registered. The proposed definition also stated
that an example of such a facility is a ``farm mixed-type facility,''
which is an establishment that grows and harvests crops or raises
animals and may conduct other activities within the farm definition,
but also conducts activities that require the establishment to be
registered. In this final rule, consistent with PCHF final rule and as
a conforming change associated with the revisions to the ``farm''
definition, we have revised the example of a ``farm mixed-type
facility'' to specify that it is an establishment that is a farm, but
also conducts activities outside the farm definition that require the
establishment to be registered. For a detailed discussion of the
definition of ``mixed-type facility,'' see section IV.F of the PCHF
final rule.
6. Packing
We proposed to define packing to mean placing food into a container
other than packaging the food. Further, the proposed rule provided that
for farms and farm mixed-type facilities, packing also includes
activities traditionally performed by farms to prepare RACs grown or
raised on the same farm or another farm under the same ownership for
storage and transport, but does not include activities that transform a
RAC, as defined in section 201(r) of the FD&C Act, into a processed
food as defined in section 201(gg). In this final rule, consistent with
the PCHF final rule, we have revised the definition for ``packing'' by
removing the distinction for farms and farm mixed-type facilities and
adding that packing includes activities performed incidental to packing
a food, but does not include activities that transform a RAC into a
processed food. We have also revised the definition to clarify that
packing includes ``re-packing.'' For a detailed discussion of the
definition of ``packing,'' see section IV.G of the PCHF final rule.
B. Other Definitions That We Proposed To Establish in Part 121
To establish the scope of facilities, activities and food covered
by this regulation, we proposed to define key terms. We also proposed
to establish that the definitions in section 201 of the FD&C Act apply
when used in part 121. We received no comments regarding the use of
statutory definitions in section 201 of the FD&C Act, and we are
finalizing that provision without change. In this section, we discuss
each definition as proposed, related comments, and our responses.
1. Actionable Process Step
We proposed to define the term ``actionable process step'' to mean
a point, step, or procedure in a food process at which food defense
measures can be applied and are essential to prevent or eliminate a
significant vulnerability or reduce such vulnerability to an acceptable
level. Although we did not receive comments on the proposed definition
for actionable process step, we have revised the definition to improve
understanding of the regulatory requirements in Sec. 121.130
(Vulnerability assessment to identify significant vulnerabilities and
actionable process steps) and to be consistent with the definition of
mitigation strategies. In this final rule, actionable process step is
defined to mean a point, step, or procedure in a food process where a
significant vulnerability exists and at which mitigation strategies can
be applied and are essential to significantly minimize or prevent the
significant vulnerability.
2. Contaminant
We proposed to define the term ``contaminant'' to mean any
biological, chemical, physical or radiological agent that may be
intentionally added to food and that may cause illness, injury or
death.
(Comment 39) Some comments assert the proposed language defining
``contaminant'' could be interpreted to include ingredients
intentionally added to food that resulted in harm, even if
unintentional, such as an unintended allergic or other adverse health
response. The comments urge FDA to clarify the meaning to be an
``intentional'' contaminant, for the purpose of this rule, by amending
the proposed definition as follows: ``Contaminant means any biological,
chemical, physical or radiological agent added to food to intentionally
cause illness, injury or death.''
(Response 39) We agree with the possible confusion as pointed out
by the comments and have amended the proposed definition. The term
``contaminant'' is used in the context of intentional acts of
adulteration with intent to cause wide scale public health harm. We
agree that amending the proposed definition for contaminant to make
clear that the harm must be intended better reflects how the term is
used in this rule.
[[Page 34186]]
(Comment 40) One comment asserts the term ``contaminant,'' is used
widely in the food and dietary supplement industries and that if FDA
were to include a definition for this term, it must employ a definition
that is consistent throughout all regulations pertaining to food and
dietary supplements. Further, one comment notes that this term is
defined differently in the proposed rule (i.e., a contaminant is any
agent that may be added to food) than it is in the Codex Alimentarius
guidelines (i.e., contaminants are substances that are ``not
intentionally added to food or feed''). The comment suggests that FDA
take note of this difference and consider revisions with the goal of
promoting consistency and common understanding of terminology.
(Response 40) As discussed in the proposed rule (78 FR 78014 at
78031), we based the proposed definition, in part, on the definition of
``contaminant'' used in Codex Alimentarius guidelines, but made
modifications to reflect the narrower context that the term is used
within this rule. Further, as discussed in response to Comment 39, we
are amending the definition of ``contaminant'' to better reflect its
limited use in this rule.
3. Focused Mitigation Strategies
We proposed to define the term ``focused mitigation strategies'' to
mean those risk-based, reasonably appropriate measures that a person
knowledgeable about food defense would employ to significantly minimize
or prevent significant vulnerabilities identified at actionable process
steps, and that are consistent with the current scientific
understanding of food defense at the time of the analysis.
We explained in the proposed rule that a ``mitigation strategy'' is
a measure taken by a facility to reduce the potential for intentional
adulteration of food. We further explained that FDA divides mitigation
strategies into two types, ``broad mitigation strategies'' and
``focused mitigation strategies.'' We explained that broad mitigation
strategies are general facility-level measures that are intended to
minimize a facility's vulnerability, as a whole, to potential acts of
intentional adulteration. We provided some examples of broad mitigation
strategies, such as (1) physical security, such as perimeter security
fencing, locking exterior doors, penetration alarms; (2) personnel
security, such as pre-hire background and reference checks,
identification badges, and controlled visitor access; (3) securing
hazardous materials, such as cleaning products, laboratory materials,
and pesticides; (4) management practices, such as ingredient storage
inventory procedures; key security procedures, PINs or passwords;
procedures to restrict personal items from all food production areas;
procedures requiring IDs and uniforms to be returned when a person's
employment ends; and supplier verification or certification procedures;
and (5) crisis management planning, such as maintenance of updated
emergency contact information, procedures for responding to reported
threats, and establishment of a designated food defense leadership
team. We further explained that broad mitigation strategies, by nature,
are generally applicable to a facility, regardless of the type of food
being processed, and, as such, are not targeted to a specific
processing step in a food operation.
In contrast, focused mitigation strategies are specific to an
actionable process step in a food operation where a significant
vulnerability is identified. They represent reasonably appropriate
measures that are necessary to reduce the likelihood of intentional
adulteration intended to cause wide scale public health harm. Focused
mitigation strategies are customized to the processing step at which
they are applied, tailored to existing facility practices and
procedures, and depend on an evaluation of the significant
vulnerability associated with the actionable process step at which they
are applied. In the proposal we tentatively concluded, based on our
vulnerability assessments, that the implementation of focused
mitigation strategies at actionable process steps in a food operation
is necessary to minimize or prevent the significant vulnerabilities
that are identified in a vulnerability assessment, regardless of the
existence of broad mitigation strategies.
We further explained, in contrast to broad mitigation strategies,
focused mitigation strategies are targeted to actionable process steps
and, therefore, are more effective at countering an attacker who has
legitimate access to the facility. Our conclusion was based upon our
interactions with the intelligence community and the many vulnerability
assessments we conducted with industry, which showed that an act of
intentional adulteration by an insider presents significant risk for
that adulteration to result in wide scale public health harm and that
broad mitigation strategies are not specific enough, for example, to
counter the actions of an attacker who has legitimate access to the
facility (i.e., insider attack) or an attacker who circumvents
perimeter protections (e.g., scaling a fence), with the goal of
intentionally contaminating the food.
Although the regulatory text now only refers to ``mitigation
strategies,'' we continue to believe that facilities must protect
vulnerable points in their operation from acts of intentional
adulteration intended to cause wide scale public health harm and that a
facility's vulnerability to acts of intentional adulteration by
attackers who have achieved access to the facility must be
significantly reduced or prevented to protect the food from intentional
adulteration intended to cause wide scale public health harm. General,
facility-level protections do not sufficiently address the significant
vulnerabilities within a facility because they do not address an inside
attacker who has obtained access to the facility.
(Comment 41) Some comments state that the distinction between
``broad'' and ``focused'' mitigation strategies is confusing, and
request that the distinction be removed. One comment states the line
between broad and focused mitigation strategies is often blurry. The
comment asks how close ingredient handling needs to be to a gate for
the gate to be considered a focused mitigation strategy and not a broad
one. The comment further asserts that a mandate for focused mitigation
strategies will result in endless debates between facility management
and FDA investigators as to whether a particular mitigation strategy is
broad or focused and that this potential for difference of opinion
between facilities and FDA investigators is of significant concern for
industry stakeholders.
(Response 41) The question asked by the comment highlights the
nuance and gradation that exists within mitigation strategies. After
considering the comments, we agree that many mitigation strategies may
not lend themselves to clear categorizations as either ``broad'' or
``focused,'' and we agree that the delineation between broad and
focused mitigation strategies, as described in the proposed rule, may
be confusing because of the wide diversity of potential mitigations as
well as variation as to how a facility chooses to implement a
particular strategy. As a result, we have modified the regulatory text
throughout the final rule to refer to ``mitigation strategy'' rather
than ``focused mitigation strategy.'' For example, Sec. 121.135 now
requires ``mitigation strategies for actionable process steps.'' Also,
the title of the rule has been modified to reflect this change.
[[Page 34187]]
4. Food
We proposed to define the term ``food'' to mean food as defined in
section 201(f) of the FD&C Act and include raw materials and
ingredients.
(Comment 42) Some comments urged us to clarify that the definition
of food does not include food contact substances as defined in section
409(h)(6) of the FD&C Act (21 U.S.C. 348(h)(6)). One comment recommends
FDA amend the definition of food to exempt EPA registered
antimicrobials/pesticides and food contact substances which have no
ongoing intended technical effect in the final finished food.
(Response 42) This rule only applies to facilities required to
register with FDA. The registration rule does not include food contact
substances and pesticides (21 CFR 1.227(a)(4)(i)). No change to the
definition of food in this rule is necessary.
5. Food Defense
We proposed to define the term ``food defense'' to mean the effort
to protect food from intentional acts of adulteration where there is an
intent to cause public health harm and economic disruption.
(Comment 43) One comment states that references to ``terrorism'' in
the preamble to the proposed rule were unnecessarily limiting and
confusing and recommends that instead of attempting to narrow the scope
of intentional adulteration to ``terrorism,'' FDA should use the
definition of ``food defense'' to explain and further clarify the focus
of activities covered by the rule.
(Response 43) We agree with this comment and have modified the
definition of ``food defense'' in the final rule as follows: ``Food
defense means, for purposes of this part, the effort to protect food
from intentional acts of adulteration where there is intent to cause
wide scale public health harm.'' As discussed in the preamble to the
proposed rule, although we referred to the protection of the food
supply from ``acts of terrorism'' throughout the proposed rule, we
expect our approach would generally address acts intended to cause wide
scale public health harm, whether committed by terrorists, terrorist
organizations, individuals or groups of individuals. The purpose of
this rule is to protect the food supply against individuals or
organizations with the intent to cause wide scale public health harm.
Further, although economic disruption is likely to occur in any such
instance of wide scale public health harm, because the focus of the
rule is not the protection against economic disruption we have removed
that language from the definition of ``food defense'' for purposes of
this rule. In addition, as discussed in section III.G.2, economically
motivated adulteration is not addressed in this final rule.
(Comment 44) One comment states that the proposed rule defines
``food defense'' within the scope of the rule and requests that FDA
establish a generalized definition of ``food defense'' that can be
adopted for the purposes of all FDA activities and subsequently the
scope of this rule can then be further elaborated. The comment proposes
the following definition of food defense: ``Actions and activities
related to prevention, protection, mitigation, response, and recovery
of the food system from intentional acts of adulteration. This includes
intentional adulteration from both terrorism and criminal activities.
Criminal activities include economically motivated adulteration, as
well as acts by disgruntled employees, consumers, or competitors
intending to cause public health harm or business disruption.''
(Response 44) We decline this request. The purpose of Sec. 121.3
(Definitions) is to define terminology that is used within the
regulatory text of the rule. Therefore, the definitions of terms need
to be within the context and scope of the rule, rather than a
definition to be used by FDA or industry activities not related to the
rule in particular.
6. Monitor
We proposed to define the term ``monitor'' to mean to conduct a
planned sequence of observations or measurements to assess whether
focused mitigation strategies are consistently applied and to produce
an accurate record for use in verification.
(Comment 45) Some comments assert that food safety and food defense
require different terminology and suggest referring to the activities
as ``checking'' instead of ``monitoring.'' These comments go on to
suggest that the definition of checking should be ``to observe or
otherwise assess whether mitigation strategies or measures are in place
and fully implemented.'' The comments also state that ``a planned
sequence of observations and measurements'' may not be appropriate for
all or any mitigation strategies, and questions what kind of
measurements of a mitigation strategy a facility would take.
(Response 45) We agree that using completely different terminology
is appropriate when components of a food safety and food defense HACCP-
type system differ in important, specific ways. As noted in the
Regulatory Approach discussion in section III.A, food safety uses the
term ``hazard analysis'' to identify hazards, while food defense uses
the term ``vulnerability assessment'' to identify significant
vulnerabilities. These terms are completely different because they
represent key disciplinary differences which require different
methodological considerations related to whether the adulteration is
intentional. A hazard analysis has very different considerations than a
vulnerability assessment.
However, we disagree that completely different terminology is
appropriate for a term that describes the performance of similar
activities for both food safety and food defense. Monitoring is
conducted to perform a similar function and in similar ways in both a
food defense and a food safety framework. In both contexts monitoring
is conducted to assess whether control measures are operating as
intended, and in accordance with the food safety or food defense plan.
However, constant monitoring of some preventive controls is necessary
(e.g., time-temperature monitoring for pasteurization), while periodic
monitoring is likely to be more appropriate for many mitigation
strategies (e.g., checking the lock on an access hatch to a liquid
storage tank at the end of the tank cleaning cycle). Therefore, to
recognize that the management components for food safety and food
defense perform similar activities, but also include some differences,
we are changing the term to ``food defense monitoring'' to make clear
that the expectations for compliance are different. In additional
recognition that the management components for food safety and food
defense perform similar activities, we are finalizing the definition of
food defense monitoring to mean to conduct a planned sequence of
observations or measurements to assess whether mitigation strategies
are operating as intended. This definition is similar to the definition
of monitoring in the PCHF final rule.
As we have concluded that, in some instances, similar terminology
is appropriate for activities that are conducted to perform similar
functions for food safety and food defense, incorporation of elements
from definitions of internationally recognized standards (e.g., Codex)
is appropriate for this rule. A ``planned sequence'' is included in the
definition because it is important to thoughtfully and systematically
assess whether mitigation
[[Page 34188]]
strategies are operating as intended, and the inclusion of ``a planned
sequence'' in the definition conveys this importance. For example, a
facility may establish and implement written monitoring procedures to
include a planned sequence of observations to monitor a lock on an
access hatch to occur at the end of every silo cleaning cycle, when
there is potential to add a contaminant because the access hatch can be
opened without the contents of the silo spilling out. Without planning
the sequence of observations of this mitigation strategy, monitoring
the strategy may occur in the middle of the cleaning cycle when the
access hatch must be open to complete the cleaning process, and would
therefore not be able to assess if the mitigation strategy was
functioning as intended (i.e., properly locking the access hatch at the
end of the cleaning cycle). Additionally, we include the term
``measurements'' not only to align more so with definitions from
international standards, but also to reflect a facility's flexibility
to choose the most appropriate mitigation strategy and how to monitor
that strategy. In many cases, a facility will observe that a mitigation
strategy is functioning as intended; however, there are some cases
where a facility may measure whether a strategy is functioning as
intended. For example, a facility may choose to implement a mitigation
strategy that is a thermal-kill step. It would then be necessary for
the facility to take measurements of the time and temperature to ensure
the thermal-kill step is functioning as intended. Additionally, we have
deleted ``consistently applied'' in the proposed definition and added
``operating as intended'' as this more closely aligns with the ISO
22000:2005 and with a similar change made in the PCHF final rule.
Finally, we have removed ``and to produce an accurate record for use in
verification'' from the proposed definition because the requirement for
documenting monitoring records is established by the requirement for
monitoring, and not by the definition of monitor. As discussed in
Response 89, we have made several revisions to the regulatory text,
with associated editorial changes, to clarify that monitoring records
may not always be necessary.
7. Significant Vulnerability
We proposed to define the term ``significant vulnerability'' to
mean a vulnerability for which a prudent person knowledgeable about
food defense would employ food defense measures because of the
potential for serious adverse health consequences or death and the
degree of accessibility to that point in the food process.
Although we did not receive comments on the proposed definition for
significant vulnerability, we have revised the definition to improve
understanding of the regulatory requirements in Sec. 121.130
(Vulnerability assessment to identify significant vulnerabilities and
actionable process steps). In this final rule, significant
vulnerability is defined to mean a vulnerability that, if exploited,
could reasonably be expected to cause wide scale public health harm. A
significant vulnerability is identified by a vulnerability assessment,
conducted by a qualified individual, that includes consideration of the
following: (1) Potential public health impact (e.g., severity and
scale) if a contaminant were added, (2) degree of physical access to
the product, and (3) ability of an attacker to successfully contaminate
the product. The assessment must consider the possibility of an inside
attacker. For further discussion of the related changes made to the
requirement in Sec. 121.130 for a vulnerability assessment to identify
significant vulnerabilities and actionable process steps, see section
V.B.
8. Significantly Minimize
We proposed to define the term ``significantly minimize'' to mean
to reduce to an acceptable level, including to eliminate.
We did not receive comments on the proposed definition for
significantly minimize and we are finalizing the definition as
proposed.
9. Small Business
We proposed to define the term ``small business'' to mean a
business employing fewer than 500 persons. We proposed to establish the
same definition for small businesses as that which has been established
by the U.S. Small Business Administration under 13 CFR part 121 for
most food manufacturers. We did not receive any comments on this
definition. We are finalizing the definition as proposed, with several
changes for clarity. We are using the term ``500 full-time equivalent
employees'' rather than ``500 persons.'' In addition, we are adding a
definition of ``full-time equivalent employee'' to the definition
section (Sec. 121.3). We have made these changes because we will base
the calculation on ``full-time equivalent employees'' and use the same
approach to calculating full-time equivalent employees for the purpose
of this rule as we used to calculate full-time equivalent employees in
the section 414 recordkeeping regulations (see Sec. 1.328). Under this
approach, the number of full-time equivalent employees is determined by
dividing the total number of hours of salary or wages paid directly to
employees of the business entity claiming the exemption and of all of
its affiliates and subsidiaries by the number of hours of work in 1
year, 2,080 hours (i.e., 40 hours x 52 weeks).
In addition, we are adding ``including any subsidiaries and
affiliates'' to the definition to provide clarity on how to calculate
``500 full-time equivalent employees'' for purposes of this rule.
10. Verification
We proposed to define the term ``verification'' to mean those
activities, other than monitoring, that establish that the system is
operating according to the food defense plan.
(Comment 46) One comment suggests ``verification'' be defined as
``the application of methods, procedures, tests and other evaluations,
in addition to monitoring, to determine whether a focused mitigation
strategy is or has been operating as intended.''
(Response 46) We have revised the definition of food defense
verification to more closely align with the Codex definition of
verification. The term is now defined as the application of methods,
procedures, and other evaluations, in addition to food defense
monitoring, to determine whether a mitigation strategy or combination
of mitigation strategies is or has been operating as intended according
to the food defense plan. ``Methods, procedures, and other
evaluations'' better describes the scope of verification than
``activities'' used in the proposal. Although the Codex definition
includes ``test'' as a form of verification, we have not included it
because the rule does not require verification testing. We believe
changing ``that establish the system is operating'' to ``to determine
whether a mitigation strategy is or has been operating'' more
accurately describes the purpose of food defense verification. We have
added ``a combination of mitigation strategies'' to recognize that
facilities may use more than one mitigation strategy to significantly
minimize or prevent a significant vulnerability. The definition
proposed by the comment limits verification to mitigation strategies;
it does not require verification of the food defense plan. Verification
of the food defense plan reflects the fact that verification is broader
than just mitigation strategies; it includes, for example, verification
of food defense monitoring and corrective actions.
[[Page 34189]]
(Comment 47) Some comments suggest using the term ``evaluation''
instead of verification. These comments suggest that evaluation be
defined as ``those activities, in addition to checking, that establish
that the facility is implementing a food defense plan.''
(Response 47) We deny this request. As discussed in response to
Comment 46, we have revised the definition of food defense verification
to include ``evaluation'' because evaluation is an appropriate
verification activity. However, we disagree that completely different
terminology (in this case, ``evaluation'' rather than ``verification'')
is appropriate for a term that describes the performance of similar
activities for both food safety and food defense (see Responses 45 and
46). Verification is conducted to perform a similar function and in
similar ways in both a food defense and a food safety framework. In
both frameworks verification is conducted to determine whether control
measures are operating as intended according to the food safety or food
defense plan, and these verification activities are in addition to
monitoring. At the same time, by using the term ``food defense
verification,'' we make clear that verification as required by this
rule is not identical to verification required in the preventive
controls context.
11. Very Small Business
We proposed to define the term ``very small business'' to mean a
business that has less than $10,000,000 in total annual sales for food,
adjusted for inflation. In the preamble of the proposed rule we
explained our rationale for defining ``very small businesses'' at the
$10,000,000 threshold because the purpose of this rule is to protect
the food supply against individuals or organizations with the intent to
cause wide scale public health harm. We tentatively conclude these
individuals or groups would likely target the product of relatively
large facilities, especially firms whose brand is nationally or
internationally recognizable. Some comments agree with our proposed
definition while others disagree. Among the comments that disagree with
the definition, some state that the $10,000,000 amount is too high or
too low, and several comments suggest alternatives to using dollar
amount as the threshold. We further discuss these comments and our
response to them in this document.
Some comments submitted to the PCHF proposed rule request that we
specify that the monetary threshold for the definition be based on
average sales during a 3-year period on a rolling basis because
otherwise firms may be subject to significant changes in status from
year to year. Those comments also ask us to clarify that the sales are
to be evaluated retrospectively, not prospectively. Although we did not
receive similar comments to this rule, in an effort to be consistent
with the PCHF final rule, we have revised the definition of very small
business to specify that it is based on average sales during the 3-year
period preceding the applicable calendar year. The applicable calendar
year is the year after the 3 calendar years used to determine whether a
facility is a very small business.
We also revised the definition to include the market value of human
food manufactured, processed, packed, or held without sale (e.g., held
for a fee). When there are no sales of human food, market value of the
human food manufactured, processed, packed, or held without sale is a
reasonable approach to calculating the dollar threshold for a very
small business.
(Comment 48) One comment requests that FDA change the definition of
``very small business'' to only apply to $10,000,000 in annual sales of
food that is covered under the rule, and not to total annual food
sales. The comment asserts that basing the threshold on the sale of
food covered by the intentional adulteration rule, rather than all
food, would be necessary to be consistent with the fact that covered
produce is regulated under the produce rule. Specifically, the comment
requests that we exclude the sale of animal foods from the calculation
of annual food sales because this rule exempts the manufacturing,
processing, packing, or holding of animal foods. The comment further
argues that this approach is consistent with the statutory mandate that
FDA regulations be flexible in scale and supply chain appropriate and
provide special considerations for small and very small businesses.
(Response 48) We have revised the definition of very small
businesses to include only the sale of human food plus the market value
of human food manufactured, processed, packed, or held without sale
(e.g., held for a fee). Under this revised definition, firms that
process both human and animal foods will not be required to include
sale of animal food in their calculation to determine whether they fall
under the $10,000,000 threshold.
(Comment 49) Several comments expressed confusion with the varying
business size thresholds across the seven FSMA rules and stated that it
will be a significant challenge for the food industry to interpret and
decide which rules under FSMA they are required to comply with if the
definitions of the size of business are not consistent throughout all
FSMA rules. Some comments encourage us to establish a tiered system
that clearly outlines coverage under all FSMA rules by business size,
while others request that we provide clear guidance to assist firms,
especially small and very small businesses, to identify which of the
seven FSMA rules are applicable to them.
(Response 49) We recognize that the varying business size
thresholds across the FSMA rules may be cause for confusion. However,
each of the rules differs in scope and intent, which compels us to
establish requirements and exemptions that are specific to and
appropriate for each rule. To help small and very small businesses
comply with each rule, we plan to issue Small Entity Compliance Guides.
(Comment 50) One comment objected to exempting any facilities from
the rule, arguing that this would give terrorists a ``road map'' to
those facilities not covered and make them targets for intentional
adulteration. The comment recommends that FDA remove the exemptions for
very small businesses and qualified facilities completely.
(Response 50) We disagree with this comment. Section 418(l)(2) of
the FD&C Act specifies that qualified facilities, which include very
small businesses, are not subject to the requirements in sections
418(a) through (i) and (n). We note that section 418(l)(2) requires
qualified facilities to submit one of two types of documentation to the
Secretary. The PCHF and PCAF rules have requirements reflecting this
provision but this rule does not. Section 418(l)(2)(B)(i)(I) requires
documentation that demonstrates that the facility has identified
potential hazards and is implementing and monitoring the preventive
controls. We have concluded that very small businesses are at reduced
risk and therefore do not have significant vulnerabilities that require
mitigation strategies. Therefore, there is nothing for very small
businesses to document under this option. In contrast, a human or
animal food facility is not at lesser risk of a food safety problem
solely because it is relatively small. Section 418(l)(i)(II) is
similarly inapplicable for several reasons. That section requires
documentation that a facility is in compliance with State, local,
county, or other applicable non-Federal food safety law. First, food
safety is traditionally viewed as separate from food defense. Second,
no States currently require food defense
[[Page 34190]]
measures, and States are unlikely to impose measures different from
those in this rule. Therefore, compliance with ``food safety law'' as
described in the provision would be irrelevant. In contrast, all States
have food safety laws. Further, regulations issued under section 420 of
the FD&C Act are to apply to food for which there is a high risk of
intentional contamination (section 420(c)). Individuals or groups
intending to cause wide scale public health harm are more likely to
target the product of relatively large facilities, especially for
facilities whose brands are nationally or internationally recognizable,
than to target very small businesses. Covering all facilities would be
inconsistent with the statutory requirement to limit coverage to foods
at high risk. The $10,000,000 threshold for very small businesses still
covers 97-98 percent of the market share of manufactured packaged foods
(Ref. 14). In addition, section 420(a)(1)(B) of the FD&C Act directs
FDA to consider the risks, costs, and benefits associated with
protecting food against intentional adulteration. Imposing the full
requirements of the rule on all facilities, regardless of size, would
almost triple the current cost of the rule while only covering an
additional 2-3 percent of the market share of manufactured foods.
(Comment 51) One comment recommends we apply the lower dollar
amount used to define ``very small businesses'' in the PCHF proposed
rule. Another comment recommends that the threshold be lowered to
$3,000,000 because smaller companies are less likely to implement food
defense measures unless mandated.
(Response 51) The higher threshold for very small businesses in
this rule as compared to the PCHF rule reflects the difference in the
nature of risk of intentional adulteration as compared to unintentional
adulteration (i.e., traditional food safety). This rule protects food
against intentional adulteration caused by individuals or organizations
whose goal is to maximize public health harm. An attacker would more
likely target the product of relatively large facilities, especially
firms whose brand is nationally or internationally recognizable. An
attack on such a target would potentially provide the desired wide
scale public health consequences and the significant public attention
that would accompany an attack on a recognizable brand. Such facilities
are likely to have larger batch sizes, potentially resulting in greater
human morbidity and mortality. Further, an attack on a well-recognized,
trusted brand is likely to result in greater loss of consumer
confidence in the food supply and in the government's ability to ensure
its safety and, consequently, cause greater economic disruption than a
relatively unknown brand that is distributed regionally.
(Comment 52) Several comments argue that the $10,000,000 threshold
is too high, is arbitrary and not risk-based, and excludes many
suppliers and co-manufacturers to large food companies. The comments
state that suppliers who provide ingredients to larger firms would not
be covered under the rule and therefore would pose a significant
vulnerability to these large, nationally branded food manufacturers
that have large consumer exposure. They argue that this high threshold
creates a major hole in the industry that may be exploited, and they
point out that we identified ``ingredient handling'' as a key activity
type having significant vulnerabilities and therefore all ingredient
manufacturers need to be covered.
(Response 52) The full name of the key activity type referenced is
``secondary ingredient handling.'' Secondary ingredient handling refers
to activity occurring in the production facility where the ingredient
is being added; it does not refer to a facility's ingredient supply
chain. The potential for incoming ingredients to be intentionally
adulterated is addressed by the rule's applicability to ingredient
suppliers. As with finished food, not all ingredient suppliers are
covered. The rule focuses on those foods at highest risk of intentional
adulteration; it does not eliminate all risk.
(Comment 53) Several comments argue that the $10,000,000 threshold
is too low and recommend that we increase it to $50,000,000 or
$1,000,000,000 in annual sales. One comment states that for an
intentional adulteration event to happen, the brand or food must be one
that a terrorist or a similarly ill-intentioned person is likely to
target, which would encompass only the largest and most well-known food
brands. The comment goes on to argue that, ``the top roughly 250 food
brands in the Western world are owned by only a handful companies
having annual human food revenues from tens of billions of dollars to
over 100 billion dollars,'' and therefore, if we are focusing the rule
on those at ``high risk,'' as specified under section 420 of the FD&C
Act, then there is little benefit to be gained by imposing the
requirements of this rule on hundreds of thousands of companies whose
products are not likely to be targeted. The comment points out that
because we are ``unable to identify any previous act of intentional
adulteration intended to cause public health harm that was perpetrated
in a setting that would be covered by this rule (i.e., all such
previous attacks have involved restaurant or donated food), it would
appear that the risk of any such attack occurring is overall quite low,
and that only the most attractive targets can conceivably be considered
``high'' risk.''
(Response 53) We decline this request. Although we agree that those
intending to cause wide scale public health harm would more likely
target the larger well known food brands, we disagree that there is
little benefit to be gained by imposing the requirements of this rule
on companies under a $50,000,000 or $1,000,000,000 threshold. To
identify which facilities to cover under this rule, we assessed risk
based on both the likelihood of being a target and the potential impact
to public health. If we were to increase the threshold for a very small
business to $50,000,000 or $1,000,000,000, a large number of facilities
producing large quantities of food, including some well-known brands,
would not be covered.
(Comment 54) Several comments state that using annual sales is not
indicative of risk and offer alternative ways to define which
facilities are covered under the rule. The comments argue that annual
sales do not determine the potential consumer exposure as it relates to
preventing wide scale public health harm because more expensive
products could have higher annual sales but lower consumer exposure.
The comments point out that a manufacturer of a premium chocolate bar
would sell fewer chocolate bars than a commodity chocolate manufacturer
with sales of the same dollar amount. Some comments suggest
alternatives to using annual sales, including units of a product sold
(e.g., 100,000 retail units), number of servings, volume manufactured,
and distribution patterns of the product. Other comments recommend
using the shelf life of products or the shelf stableness of product as
alternatives.
(Response 54) We use sales and the market value of food
manufactured, processed, packed, or held without sale as a proxy for
volume. We are aware that dollar amounts can be skewed by product
values and, thus, sales are an imperfect proxy for volume. However, we
are not aware of a more practical way to identify a threshold based on
volume or amount of product that could be applied across all product
sectors, and the comments provide no suggestions for how their
recommendations could be carried out.
Shelf life and shelf stability are not necessarily good indicators
of the speed at which a particular product moves
[[Page 34191]]
through the distribution system because many products are sold and
consumed months, and even years, before their shelf life expires. The
risk of a product for intentional adulteration does not increase based
solely on a short shelf life. Similarly, a product that has a longer
shelf life is not necessarily at lower risk for intentional
adulteration; it could be an attractive target based on the potential
to cause wide scale public health harm.
(Comment 55) One comment suggests that we base the very small
business definition on the number of full-time employees, similar to
how we define ``small business.'' The comment recommends that we define
``very small business'' at 50 full-time employees.
(Response 55) We deny this request. The purpose of the definition
of ``very small business'' is to exempt the smallest businesses from
the requirements of the rule because they are less likely to be
targeted by individuals or organizations intending to cause wide scale
public health harm. The consideration of sales is consistent with the
other option for being a qualified facility under section 418 of the
FD&C Act, which also considers sales (section 418(l)(1)(C)). (As
discussed in IV.E.1 of this rule, we have removed the term ``qualified
facility'' from the exemption provided in Sec. 121.5(a) for simplicity
because any facility that would be a ``qualified facility'' as proposed
in Sec. 121.5(a) will also meet the definition for a ``very small
business.'')
In contrast, section 418(l) of the FD&C Act does not specify any
particular criterion (whether sales or number of employees) for the
definition of ``small business,'' other than directing us to consider
the results of the Food Processing Sector Study. Basing the definition
of ``small business'' on the number of employees is consistent with our
approach to defining ``small business'' in many other regulations (see,
e.g., the PCHF final rule, Produce final rule, HACCP regulation for
juice (Sec. 120.1(b)(1)), the section 414 recordkeeping regulations
(69 FR 71562, December 9, 2004), and our CGMP regulation for
manufacturing, packaging, labeling, or holding operations for dietary
supplements (72 FR 34752, June 25, 2007)).
(Comment 56) Some comments request that we change the definition of
``very small business'' to only include the total annual sales of food
in the United States, adjusted for inflation, for foreign facilities
that export food to the United States.
(Response 56) A foreign business that sells more than the threshold
dollar amount of food has more resources than the businesses being
excluded, even if less than that threshold dollar amount reflects sales
to the United States. Likewise, a domestic business that sells more
than the threshold dollar amount of food has more resources than the
businesses being excluded, even if that domestic business exports some
of its food and, as a result, less than that threshold dollar amount
reflects sales within the United States. Further, this is consistent
with the PCHF final rule.
12. Vulnerability
We proposed to define the term ``vulnerability'' to mean the
susceptibility of a point, step, or procedure in a facility's food
process to intentional adulteration.
We did not receive comments on the proposed definition of
vulnerability and we are finalizing the definition as proposed.
C. Additional Definitions To Clarify Terms Not Defined in the Proposed
Rule
1. Adequate
We have defined the term ``adequate'' to mean that which is needed
to accomplish the intended purpose in keeping with good public health
practices. See section V.E for a detailed discussion of the changes to
the requirement for food defense monitoring in Sec. 121.140, including
the requirement to monitor the mitigation strategies with ``adequate''
frequency to provide assurances that they are consistently performed.
2. Affiliate and Subsidiary
We have defined the term ``affiliate'' to mean any facility that
controls, is controlled by, or is under common control with another
facility. We have defined the term ``subsidiary'' to mean any company
which is owned or controlled directly or indirectly by another company.
These definitions incorporate the definitions in sections 418(l)(4)(A)
and (D) of the FD&C Act and would make the meanings of these terms
clear when used in the definition of ``very small business.''
3. Full-Time Equivalent Employee
We have established a definition for ``full-time equivalent
employee'' as a term used to represent the number of employees of a
business entity for the purpose of determining whether the business
qualifies as a small business. The number of full-time equivalent
employees is determined by dividing the total number of hours of salary
or wages paid directly to employees of the business entity and of all
of its affiliates by the number of hours of work in 1 year, 2,080 hours
(i.e., 40 hours x 52 weeks). If the result is not a whole number, round
down to the next lowest whole number. Because the calculation for the
number of employees affects the small business definition and extended
compliance dates, we are establishing the definition of ``full-time
equivalent employees'' in the definitions for this rule and modifying
the definition of ``small business'' to use the term ``500 full-time
equivalent employees'' rather than ``500 persons.''
4. Qualified Individual
In this final rule, we have defined the term ``qualified
individual'' to mean a person who has the education, training, or
experience (or a combination thereof) necessary to perform an activity
required under subpart C, as appropriate to the individual's assigned
duties. A qualified individual may be, but is not required to be, an
employee of the establishment. See section V.H. for a detailed
discussion of the new requirements in Sec. 121.4--Qualifications of
Individuals Who Perform Activities Under Subpart C.
5. You
In this final rule, we have defined the term ``you'' for purposes
of this part, to mean the owner, operator, or agent in charge of a
facility. We have made conforming changes throughout the regulatory
text to replace ``owner, operator, or agent in charge'' with ``you''
for simplicity and consistency with the PCHF and PCAF regulations.
D. Comments Asking FDA To Establish Additional Definitions or Otherwise
Clarify Terms Not Defined in the Rule
1. Correction
(Comment 57) Some comments that request the addition of corrections
to the requirement related to corrective actions request we define
``correction'' to mean the action to eliminate a non-conformity.
(Response 57) We decline this request. Because we are not providing
for corrections and the term ``corrections'' is not in the regulatory
text, there is no need to define the term.
2. Defensive Controls or Defensive Control Point
(Comment 58) One comment requests that FDA consider adoption of
food defense terminology that is complementary to food safety
terminology used in the PCHF final rule, such as ``defensive controls''
or ``defense control point.''
(Response 58) We decline the request to adopt the specific terms of
``defense controls'' or ``defense control point.''
[[Page 34192]]
Although the comment did not further explain what terms ``defense
controls'' or ``defense control point'' would replace, we believe
``actionable process steps'' and ``mitigation strategies''
appropriately differentiate these terms, related to intentional
adulteration, from analogous food safety terms used in the PCHF final
rule.
3. Reasonably Foreseeable
(Comment 59) Some comments state FDA should clearly define what
constitutes a ``reasonably foreseeable'' threat as it relates to the
risk of intentional adulteration.
(Response 59) We decline this request. The term ``reasonably
foreseeable'' is not used in the regulatory text of this rule.
4. Supply Chain
(Comment 60) One comment requests that FDA define ``supply chain''
as it relates to food and provides a recommended definition to be
included in the rule.
(Response 60) We decline this request. The term ``supply chain'' is
not used in the regulatory text of this rule.
5. Validation
(Comment 61) One comment suggests we define ``validation'' as
obtaining evidence that a control measure or combination of control
measures, if properly implemented, is capable of controlling the hazard
to a specified outcome.
(Response 61) We decline this request. The term ``validation'' is
not used in the regulatory text of this rule.
6. Miscellaneous
(Comment 62) One comment requests that FDA define certain terms or
phrases that are used in some definitions and that the comment suggests
will have a wide range of interpretations. The comment cites
``acceptable level'' (used in the definitions of ``actionable process
step'' and ``significantly minimize''), ``reasonably appropriate
measures'' and ``person knowledgeable about food defense'' (both used
in the definition of ``focused mitigation strategies''), and ``prudent
person knowledgeable about food defense'' (used in the definition of
``significant vulnerability'').
(Response 62) The terms ``acceptable level'' and ``reasonably
appropriate measures'' are meant to be flexible standards. We do not
need to define every term used in the definitions. By specifying that a
point, step, or procedure in a food process at which food defense
measures can be applied and are essential to prevent or eliminate a
significant vulnerability or reduce such vulnerability to an acceptable
level, the definition for actionable process step provides flexibility
for a facility to determine what that level would be in a particular
circumstance. We now use ``person knowledgeable about food defense''
without reference to ``prudent'' in the definitions of ``significant
vulnerability'' and ``mitigation strategies.'' A person knowledgeable
about food defense would meet the requirements of being a Qualified
Individual (Sec. 121.4).
E. Proposed Sec. 121.5--Exemptions
We proposed to establish a series of exemptions from the
intentional adulteration requirements. We also sought comments on
whether we should exempt on-farm manufacturing, processing, packing, or
holding of the food identified as having low-risk production practices
identified in Appendix 4 to the Draft Risk Assessment (further
discussed in section I.C). We discuss these in the following sections.
1. Proposed Sec. 121.5(a)--Exemption Applicable to a Qualified
Facility
We proposed to exempt a qualified facility, except that qualified
facilities must, upon request, provide for official review
documentation that was relied upon to demonstrate that the facility
meets this exemption. We also proposed that such documentation must be
retained for 2 years. We proposed to define qualified facility, in
part, as a facility that is (1) a very small business; or (2) a
facility to which certain circumstances must apply.
We have removed the exemption applicable to a qualified facility
and replaced it with a very small business exemption. Revised Sec.
121.5(a) provides that this part does not apply to a very small
business, except that a very small business must, upon request, provide
for official review documentation sufficient to show that the facility
meets the exemption and that such documentation must be retained for 2
years. We have removed the term ``qualified facility'' from the
exemption provided in Sec. 121.5(a) to simplify the provision and
provide clarity as to the applicability of the exemption. For purposes
of this rule, any facility that would be a ``qualified facility'' as
proposed in Sec. 121.5(a) will also meet the definition for a ``very
small business.'' Further, section 418(l)(3) of the FD&C Act, which
provides for withdrawal of an exemption from a ``qualified facility,''
is not relevant because we are also issuing these requirements under
section 420 of the FD&C Act.
2. Proposed Sec. 121.5(b)--Exemption Applicable to Holding of Food
We proposed to exempt holding of food, except the holding of food
in liquid storage tanks. We received one comment that disagrees with
the holding exemption, and have addressed the comment in Response 34.
After considering this comment, we are finalizing the exemption as
proposed.
3. Proposed Sec. 121.5(c)--Exemption Applicable To Packing, Re-
Packing, Labeling, or Re-Labeling of Food Where the Container That
Directly Contacts the Food Remains Intact
We proposed to exempt packing, re-packing, labeling, or re-labeling
of food where the container that directly contacts the food remains
intact. We did not receive comments on the proposed exemption and we
are finalizing the exemption as proposed.
4. Proposed Sec. 121.5(d)--Exemption Applicable to Activities of a
Facility That Are Subject to Section 419 of the FD&C Act
We proposed to exempt activities of a facility that are subject to
section 419 of the FD&C Act (Standards for Produce Safety). We did not
receive comments on the proposed exemption and we are finalizing the
exemption as proposed.
5. Proposed Sec. 121.5(e)--Exemption With Respect to Alcoholic
Beverages
Section 116 of FSMA (21 U.S.C. 2206) (Alcohol-Related Facilities)
provides a rule of construction for certain facilities engaged in the
manufacturing, processing, packing, or holding of alcoholic beverages
and other food. In the proposed rule, we discussed our interpretation
of section 116 of FSMA and requested comment on our interpretation.
Based on our interpretation, we proposed that part 121 would not apply
with respect to alcoholic beverages at facilities meeting two specified
conditions (78 FR 78014 at 78037). We also proposed that part 121 would
not apply with respect to food other than alcoholic beverages at
facilities described in the exemption, provided such food is in
prepackaged form that prevents direct human contact with the food and
constitutes not more than 5 percent of the overall sales of the
facility. No comments disagreed with the exemption of alcoholic
beverages, but some comments requested changes or clarifications to the
proposed activities covered in the exemption. After reviewing the
comments, we are finalizing this exemption as proposed.
(Comment 63) Two comments supported the exemption for alcoholic
beverages and FDA's interpretation of
[[Page 34193]]
section 116 of FSMA, but one comment requests changing the language
from just ``alcoholic beverages'' to ``manufacturing, processing,
packing and holding of alcoholic beverages,'' stating that in reducing
the words FDA may unintentionally limit the scope of the exemption to
facilities holding finished beverage alcohol products.
(Response 63) We agree with the comments that support the exemption
as written. We do not believe it is necessary to list the activities in
the codified as requested by one comment. Under section 415 of the FD&C
Act a facility is required to register as a facility because it is
engaged in manufacturing, processing, packing, or holding of one or
more alcoholic beverages. Therefore, the language stating ``alcoholic
beverages at a facility'' encompasses facilities engaged in the
activities listed previously and the regulatory text in Sec. 121.5(e)
clearly covers the intended exemption for the ``manufacturing,
processing, packing and holding of alcoholic beverages.''
(Comment 64) One comment supports the exemption for alcoholic
beverages but requests that we further exempt craft breweries from
drying and packaging requirements for disposal of spent grains as
cattle feed to small farmers.
(Response 64) The exemption established under the rule of
construction in section 116 of FSMA applies to alcoholic beverages, not
to any other food (see section 116(c) of FSMA (21 U.S.C. 2206(c)). The
by-products described in this comment appear to be products that would
be used in food for animals rather than in human food, and we exempt
these foods in section Sec. 121.5(f). Since this rule exempts both
alcoholic beverages at a facility, provided certain conditions are met,
and food for animals, we believe this comment misunderstands the
exemptions.
6. Proposed Sec. 121.5(f)--Exemption Applicable To Manufacturing,
Processing, Packing, or Holding of Food for Animals Other Than Man
We proposed to exempt manufacturing, processing, packing, or
holding of food for animals other than man. Section 418(m) of the FD&C
Act authorizes FDA to exempt or modify the requirements for compliance
with section 418 with regard to facilities that engage solely in the
production of animal food. Further, section 420(c) of the FD&C Act
requires that regulations that FDA issues under that section apply only
to food for which there is a high risk of intentional contamination.
FDA tentatively concluded in the proposed rule that animal food is not
at a high risk for intentional contamination because our analysis shows
that adulteration of animal food has minimal potential for human
morbidity and mortality which would lead to wide scale public health
harm. In considering whether to provide an exemption related to animal
food, we evaluated three types of possible attack scenarios: (1)
Incorporation of a contaminant into feed to be used for muscle meat-
producing animals; (2) incorporation of a contaminant into feed to be
used for egg-producing or milk producing animals; and (3) incorporation
of a contaminant into pet food. With regard to the two former
scenarios, we did not identify any contaminants that could be
incorporated into feed at levels that would lead to human morbidity or
mortality among consumers that subsequently eat the meat, eggs or milk
without first showing noticeable clinical signs and/or mortality in the
animals. While some contaminants can increase the risk of chronic
disease, such as cancer, among consumers, such an outcome is not
consistent with our understanding of the goals of terrorist
organizations, which include a more immediate impact. Regarding the
third attack scenario, adulterants could be incorporated into feed or
pet food that result in significant animal morbidity and mortality as
well as lead to secondary infections of humans through cross
contamination, but this type of intentional adulteration of animal food
poses a lower risk because secondary human illness or death is not the
primary goal of an attacker with the intent to cause wide scale public
health harm. As such, the proposed rule would not apply to the
manufacturing, processing, packing, or holding of food for animals
other than man. We requested comment on our tentative conclusions. Some
comments agreed with our conclusions and support the exemption as
proposed. One comment supported the exemption but requested a
clarification of exempted activities. Some comments disagreed with our
conclusions and assert that animal food is at high risk for intentional
adulteration because it has been intentionally contaminated in the
past. Some comments state that FDA should protect against intentional
adulteration that leads to serious health consequences or death to
humans or animals. After reviewing the comments, we are finalizing the
exemption as proposed.
(Comment 65) Some comments support our tentative conclusions and
agree that animal food would not be at high risk for intentional
contamination and lacks a significant potential for human morbidity and
mortality. One comment supports the exemption but requests
clarification that the exemption of animal feed includes the byproduct
of manufactured human food regardless of the small business exemption.
(Response 65) We conclude that animal food, regardless of whether
it is produced at a facility solely engaged in the production of animal
food or at a facility engaged in the production of both animal and
human food, does not involve significant vulnerabilities that require
mitigation strategies under section 418 of the FD&C Act, and is not
high risk under section 420 of the FD&C Act. Therefore, we are not
requiring a vulnerability assessment to determine that there are no
actionable process steps present and no mitigation strategies needed.
Regarding the requested clarification, the exemption applies to animal
food regardless of whether a facility is part of a small business.
(Comment 66) Some comments disagree with our conclusion that animal
feed would not be at high risk for intentional contamination for
several reasons. Some comments cite the 2007 incident of melamine in
animal food that sickened and killed many animals as an example of
previous intentional contamination suggesting that animal food is at
high risk for intentional contamination. Some comments state that in
section 420(c) of the FD&C Act the intent of Congress was for
regulations to be issued that addressed hazards that would cause
``serious health consequences or death to humans or animals.'' One
comment asserts that pet food and human food supply chains are
interconnected, and therefore should be covered by this rule. One
comment believes that animal food comes into our homes as pet food
therefore can harm families via cross-contamination. One comment
asserts that the risk of Foot and Mouth Disease has been the focus of
many exercises and discussions with respect to intentional adulteration
and asserts that terrorists have attacked livestock in the past.
(Response 66) We disagree with these comments and continue to
believe that animal food is not at high risk for intentional
adulteration within the context of this rule. While we agree that some
animal feed could be intentionally contaminated, our analysis shows
only minimal potential for human morbidity and mortality as a result of
an attack during, or associated with, animal food production. We
analyzed both human and animal food using CARVER+Shock methodology. For
human food, our analyses show the potential for
[[Page 34194]]
significant human morbidity and mortality should intentional
adulteration occur at certain points in a food operation. In contrast,
for animal food, our analysis shows only minimal potential for human
morbidity or mortality as a result of attacks at points in an animal
food operation.
Significantly, our CARVER+Shock vulnerability assessments of animal
food have had to focus entirely on economic consequences because of the
lack of potential for human morbidity and mortality. As stated in the
preamble to the proposed rule (78 FR 78014 at 78037), in considering
whether to provide an exemption related to animal food, we evaluated
three types of possible attack scenarios: (1) Incorporation of a
contaminant into feed to be used for muscle meat-producing animals; (2)
incorporation of a contaminant into feed to be used for egg-producing
or milk producing animals; and (3) incorporation of a contaminant into
pet food. With regard to the two former scenarios, we are not aware of
contaminants that could be incorporated into feed at levels that would
not produce noticeable clinical signs and/or mortality in animals but
would result in significant human morbidity or mortality among
consumers that subsequently eat the meat, eggs or milk. While such
contaminants can increase the long-term risk of chronic disease, such
as cancer, among consumers, such an outcome is not consistent with our
understanding of the more-immediate goals of individuals or groups
intending to cause wide scale public health harm.
Regarding the third attack scenario, incorporation of a contaminant
into pet food, we are aware of contaminants that could be incorporated
into feed or pet food that could result in significant animal
(including pet) morbidity and mortality, including some which could
result in secondary infectious spread of disease (because some
infectious agents can be transmitted orally as well as through
aerosol). Such attacks could be significant from an economic and
societal standpoint. However, the risk that they pose with regard to
targeting by individuals or groups intending to cause wide scale public
health harm appears to be significantly lower than those involving
human morbidity and mortality.
Foot and mouth disease, mentioned in one comment, can lead to
animal death and economic consequences, but does not affect human
morbidity or mortality. Because foot and mouth disease would not cause
wide scale public health harm, it does not change our conclusion that
animal food is a less attractive target than human food, when the
intent of the adulteration is to cause wide scale public health harm
for humans. The event in 2007 involving contamination of wheat flour
and wheat gluten with melamine that resulted in pet illnesses and
deaths did not affect human health and was motivated by economic gain.
That form of intentional adulteration (i.e., economically motivated
adulteration) is addressed by the PCHF and PCAF final rules.
7. Exemption for Low-Risk Activities at Farm Mixed-Type Facilities
As discussed in section I.D, we issued for public comment an
``Appendix to Draft Qualitative Risk Assessment of Risk of Activity/
Food Combinations for Activities (Outside the Farm Definition)
Conducted in a Facility Co-Located on a Farm'' (the draft RA Appendix)
(78 FR 78064, December 24, 2013). The draft RA Appendix was conducted
to provide a science-based risk analysis to determine which foods'
production processes would be considered low risk with respect to the
risk of intentional adulteration. Based on the tentative conclusions of
the draft RA Appendix, we asked for comment in the proposed rule on
possible exemptions or modified requirements for this final rule. In
the draft RA Appendix we tentatively concluded that the production
processes for the following finished foods are low-risk: Eggs (in-
shell); fruits and vegetables other than pods, seeds for direct
consumption, and hesperidia (fresh, intact); game meats (whole or cut,
not ground or shredded, without secondary ingredients); peanuts and
tree nuts (raw, in-shell); and sugarcane and sugar beets (fresh,
intact). We sought comment on whether we should exempt on-farm
manufacturing, processing, packing, or holding of the foods identified
as having low-risk production practices when conducted by a small or
very small business if such activities are the only activities
conducted by the business that are subject to section 418 of the FD&C
Act.
(Comment 67) Several comments agree with the conclusions of the
draft RA Appendix and state we should provide exemptions in the
regulatory text for those on-farm manufacturing, processing, packing,
or holding activities identified as having low-risk production
practices when conducted by a small or very small business if such
activities are the only activities conducted by the business subject to
section 418 of the FD&C Act.
(Response 67) We agree with these comments. In addition, we have
conducted a reanalysis of the risk assessment and have identified some
foods included in the draft RA Appendix as being out of scope of the
final appendix because of the changes to the definition of ``farm''
made by the PCHF rule, including some foods determined to have low risk
production practices in the draft appendix. Finished foods that are
produced using only activities that fall within the farm definition
(e.g., RACs such as fruits and vegetables, grains, and unpasteurized
milk) are out of scope for the purposes of this final appendix because
this evaluation focuses on the production processes used to produce a
finished food and applies only to activities outside the farm
definition performed by facilities co-located on farms. Accordingly, we
have provided a new exemption in the regulatory text in Sec. 121.5(g)
that exempts on-farm manufacturing, processing, packing, or holding of
eggs (in-shell, other than RACs, e.g., pasteurized), and game meats
(whole or cut, not ground or shredded, without secondary ingredients)
when conducted by a small or very small business if such activities are
the only activities conducted by the business subject to section 418 of
the FD&C Act. This exemption is also appropriate under section 420 of
the FD&C Act because such activities are not high risk under that
provision.
The draft RA, considered fruits and vegetables other than pods,
seeds for direct consumption, and hesperidia, and determined them to be
low risk. Because these foods are produced using only activities that
fall within the modified farm definition, these finished foods are now
out of scope of the RA. Additionally, peanuts, tree nuts (raw, in
shell), sugarcane, and sugar beets were also considered and determined
to be low risk in the draft RA. These foods similarly are out of scope
of the evaluation of risk because these foods are produced using only
activities that fall within the modified farm definition. The finished
foods mentioned in this paragraph, when produced on farms, are exempt
under Sec. 121.5(d).
V. Subpart C: Comments on Food Defense Measures
A. Proposed Sec. 121.126--Requirement for a Food Defense Plan
We proposed that the owner, operator, or agent in charge of a
facility must prepare, or have prepared, and implement a written food
defense plan which must include: (1) Written identification of
actionable process steps; (2) written focused mitigation strategies;
(3) written procedures for monitoring; (4) written corrective action
[[Page 34195]]
procedures; and (5) written verification procedures.
Some comments agree with the requirements for a food defense plan
as proposed. In general, comments support the proposed requirement that
facilities develop and maintain food defense plans to protect food
against intentional adulteration. In the following paragraphs, we
discuss comments that disagree with, or suggest one or more changes to,
the proposed requirements. After considering these comments, we are
finalizing the provisions as proposed, with editorial and conforming
changes as discussed in the other applicable sections of this document.
(Comment 68) Some comments state that facilities should be allowed
to develop food defense plans that are tailored to and best meet the
needs and unique characteristics of the establishment. Other comments
state that the requirements should be adequately broad and provide
flexibility so that companies can build on their plans over time based
on emerging threats and new mitigation strategies.
(Response 68) We agree with these comments and recognize that there
needs to be flexibility within the requirements for a facility to
develop a food defense plan that meets its needs and unique
characteristics. In the final rule we have added flexibility for
management components (see Comment 88, Comment 92, Comment 93, and
Comment 95 for a detailed discussion). Additionally, we agree that food
defense plans should change over time based on emerging threats and
identification of new mitigation strategies. The rule (Sec. 121.157)
requires a reanalysis of the food defense plan as a whole or to the
applicable portion of the plan when any of the following circumstances
occur: a significant change made in the activities conducted at the
facility creates a reasonable potential for a new vulnerability or a
significant increase in a previously identified vulnerability; a
facility becomes aware of new information about potential
vulnerabilities; a mitigation strategy, a combination of mitigation
strategies, or the food defense plan as a whole is not properly
implemented; or whenever FDA requires reanalysis to respond to new
vulnerabilities, credible threats to the food supply, or developments
in scientific understanding. See section V.G.2 for more detailed
discussion of the reanalysis section.
(Comment 69) Some comments state that many food facilities have
already voluntarily developed and implemented food defense plans. The
comments express concern that FDA would require companies to completely
overhaul their existing food defense plans that are already in place
and working properly. These comments argue that existing food defense
plans should be adequate to meet the requirements of this rule so long
as they were thoughtfully developed.
(Response 69) We recognize that some facilities have already
voluntarily developed and implemented food defense plans. These
facilities likely have a head start on compliance with this rule. To
the extent a food defense plan satisfies elements of this rule, a
facility has less to do to meet these requirements. Further, in the
final rule we have specified that existing records do not need to be
duplicated if they contain all of the required information and satisfy
the requirements of part 121, subpart D (Sec. 121.330).
(Comment 70) Some comments express concern that it is too premature
to require that all foreign facilities prepare and implement a food
defense plan.
(Response 70) All foreign facilities do not have to prepare and
implement a food defense plan. For example, foreign facilities that are
not required to register are not subject to this rule. This includes a
foreign facility, if food from such a facility undergoes further
manufacturing/processing (including packaging) by another facility
outside the United States (21 CFR 1.226(a)). In addition, the rule
contains exemptions applicable to domestic and foreign facilities
(Sec. 121.5). For example, very small businesses are only required to
keep records documenting their status.
B. Proposed Sec. 121.130--Identification of Actionable Process Steps
We proposed to require that the owner, operator, or agent in charge
of a facility identify any actionable process steps by either
conducting a facility-specific vulnerability assessment or by using the
four key activity types we identified. Recognizing that various
methodologies may exist to conduct a facility-specific vulnerability
assessment, and not wishing to preclude the benefits of future science
in this area, we did not propose to require a specific methodology for
the facility-specific vulnerability assessment. Further, we proposed
that regardless of the method chosen, the identification of actionable
process steps and the assessment leading to that identification must be
written.
Some comments agree with the requirements as proposed. In the
following paragraphs, we discuss comments that suggest one or more
changes to, and/or disagree with the proposed requirements. After
considering the comments, we have revised this section as follows: (1)
Removing from the regulatory text the option to identify actionable
process steps by utilizing the four FDA-identified key activity types,
(2) adding to the regulatory text the factors that must be considered
when conducting a vulnerability assessment, (3) adding to the
regulatory text a requirement to explain why each process step was or
was not identified as an actionable process step, (4) adding to the
regulatory text a requirement that the vulnerability assessment must
consider the possibility of an inside attacker, and (5) changing the
title of this section to ``Vulnerability Assessment to Identify
Significant Vulnerabilities and Actionable Process Steps.''
(Comment 71) Some comments recommend removing from the regulatory
text the option for facilities to use the key activity types as a
method for identifying actionable process steps, and instead, requiring
all facilities to conduct facility-specific vulnerability assessments.
Some comments recommend continuing to provide the option to use key
activity types but not specifically providing for it in the regulatory
text. Under this approach, key activity types would be considered an
``appropriate method'' for identifying actionable process steps with
the specific key activity types identified in guidance. These comments
express concern that identifying a particular methodology (i.e., key
activity types) in the codified indicates there is one ``right'' way to
conduct vulnerability assessments. Furthermore, some comments express
concern that the key activity types may become the de facto standard
for the regulatory inspection of actionable process steps, even if
facilities conduct facility-specific vulnerability assessments. Some
comments express concerns that including key activity types in the
codified would result in mitigation strategies being required at key
activity types regardless of the outcome of a facility-specific
vulnerability assessment.
(Response 71) The key activity types are based upon the results of
over 50 vulnerability assessments which reflect the activities and
associated vulnerabilities present in a wide array of manufacturing
settings. The vulnerability assessments included consideration of the
three elements now required by Sec. 121.130 to be evaluated in any
vulnerability assessment: (1) The potential public health impact if a
contaminant were added (e.g., severity and scale); (2) the degree of
physical access to product; and (3) the ability of
[[Page 34196]]
an attacker to successfully contaminate the food. The four identified
key activity types are processes, steps, or procedures that
consistently ranked as the most vulnerable, regardless of the commodity
being assessed, and reflect significant vulnerabilities to intentional
adulteration caused by acts intended to cause wide scale public health
harm. Therefore, using the key activity types is an appropriate method
to conduct a vulnerability assessment. In addition, using key activity
types has the benefit of allowing facilities with less technical
expertise in conducting food defense vulnerability assessments to
leverage their expertise in food processing to identify actionable
process steps.
However, in response to comments, we are no longer singling out key
activity types in the regulatory text. Importantly, using key activity
types remains as one appropriate vulnerability assessment method. We
intend to place the key activity types in guidance, which will provide
us with greater flexibility to update them in the future, if necessary.
The final rule provides firms the flexibility to choose a vulnerability
assessment methodology appropriate to their operations, provided that
methodology includes the three fundamental elements required by Sec.
121.130(a). We expect that some firms will use key activity types, and
some firms will use other methods.
(Comment 72) Some comments recommend that vulnerability assessments
should consider the contribution of existing practices, procedures, and
programs that may already function to reduce vulnerability.
(Response 72) When conducting facility-specific vulnerability
assessments, the role of existing measures (e.g., security practices,
procedures, or programs) should be determined on a case-by-case basis.
In general, existing measures that are applied to the process (e.g.,
locks, area access controls, peer or supervisory monitoring) and are
not inherent characteristics of a particular process step, should be
considered after the vulnerability assessment is completed and
actionable process steps have been identified, and should not be
considered during the identification of significant vulnerabilities.
For example, when evaluating the vulnerability of a mixing tank, a
facility would not conclude the tank does not represent a significant
vulnerability because the mixing tank lid and sampling ports are
routinely locked. Instead, the vulnerability of the mixing tank would
be evaluated as if the existing measure (in this case the locks) were
not in place. If, in the absence of properly implemented locks, the
mixing tank would be significantly vulnerable, then the facility would
identify the mixing tank as an actionable process step. The facility
may then decide that the existing locks could serve as a mitigation
strategy that reduces the significant vulnerability of the mixing tank
and evaluate if any other mitigation strategies are necessary. The food
defense plan would then capture the mixing tank step as an actionable
process step and the locks as the mitigation strategy. As a mitigation
strategy, the locks would be subject to mitigation strategy management
components (i.e., food defense monitoring, corrective actions, and
verification).
There are some instances where it is appropriate to consider
existing food defense measures before the vulnerability assessment is
completed. For example, the owner of the same facility may assess a
second mixing tank that is part of an entirely closed system, with no
direct access points into the system, such that an individual
attempting to access this mixing tank likely would cause a major
disruption to the line, foiling any attempted intentional adulteration.
Because this second mixing tank has specific closed properties designed
into the system, that are inherent characteristics of the mixing tank,
it would be appropriate for the facility to consider these inherent
characteristics in the vulnerability assessment. Based on this
assessment, the facility may conclude that the inherent characteristics
of this mixing tank, in this case its enclosed nature, renders the
product inaccessible at this step and, therefore would not identify an
actionable process step associated with this mixing tank (in which
case, there would also be no requirement to implement a mitigation
strategy at this step).
Permanent equipment changes may reduce a significant vulnerability
to such an extent that a processing step would no longer be considered
an actionable process step. For example, a facility might identify a
rotating air dryer as an actionable process step and in the supporting
rationale discuss the high degree of accessibility at the point where
product is fed from a pneumatic conveyor into the top of the dryer. The
facility later installs a permanent, clear plastic shield affixed to,
and extending from, the discharge of the pneumatic conveyor to the
opening of the dryer. The clear plastic shield enables workers to
supervise the product flow into the dryer while serving as an effective
barrier to an attacker wishing to introduce a contaminant into the
product at the dryer. This engineering improvement would significantly
minimize or eliminate access to product in the dryer and thereby
significantly minimize or prevent a significant vulnerability at this
process step. The implementation of this engineering improvement would
be detailed in the facility's food defense plan and, upon reanalysis,
the facility may determine that this processing step is no longer an
actionable process step.
(Comment 73) Some comments recommend that vulnerability assessments
should consider downstream processing steps, the volume of product,
shelf life, marketplace turnover, and consumption patterns and that
additional details regarding vulnerability assessments should be in the
regulatory text. The comments did not provide specifics or
recommendations regarding what additional details about vulnerability
assessments should be included.
(Response 73) As previously stated, we are not prescribing a
specific methodology that facilities must use to conduct vulnerability
assessments to identify actionable process steps. In the preamble to
the proposed rule, we listed a number of elements to consider when
conducting vulnerability assessments (78 FR 78014 at 78042) and did not
require particular elements in the regulatory text. However, in light
of comments requesting further vulnerability assessment details in the
regulatory text, and the removal of key activity types as a separately
identified option, we are specifying that three elements must be
considered in any vulnerability assessment. These three elements are
based on our extensive experience conducting vulnerability assessments
and collaborating with stakeholders to refine vulnerability assessment
methodology and are critical elements of an acceptable vulnerability
assessment methodology. Specifically, we have revised Sec. 121.130 to
require that for each processing step under evaluation, the facility
must consider, at a minimum: (1) The potential public health impact if
a contaminant were added (e.g., severity and scale); (2) the degree of
physical access to product; and (3) the ability of an attacker to
successfully contaminate the product.
a. Element 1: The potential public health impact if a contaminant
were added (e.g., severity and scale). This factor includes, for each
processing step, consideration of the volume of product impacted, the
number of at risk servings generated, and the number of potential
exposures. As appropriate, and with sufficient scientific rigor, the
facility may also consider other factors such as food velocity (i.e.,
the speed at which a
[[Page 34197]]
particular product moves through the distribution system); potential
agents of concern; the infectious or lethal dose of agents of concern;
and the morbidity/mortality rate if the intentional adulteration were
successful. This element is required in the vulnerability assessment
because it enables facilities to focus resources on processing steps
with the highest degree of public health impact if the intentional
adulteration were successful.
We recognize that some facilities may not have the scientific
knowledge to critically identify and evaluate individual agents of
concern across their production process. The potential public health
impact can also be determined through the consideration of the volume
of food at risk should an act of intentional adulteration be successful
at each process step. This approach would serve to extrapolate the
potential public health impact without the scientifically rigorous
examination of specific agents (e.g., consideration of infectious or
lethal dose). For example, using this approach, a facility considering
the potential public health impact of the intentional adulteration of
its primary ingredient storage tank would consider the volume of food
in the tank and the servings generated from this volume. If the
facility has a 50,000 gallon primary ingredient liquid storage tank
that would generate 800,000 one cup servings (50,000*16), the facility
would consider all of these 800,000 servings as being at risk. Note
that potential servings at risk is not limited to the amount of food
being processed at an actionable process step. This is illustrated by a
process step that applies a minor ingredient, such as a vitamin mixture
applied over toasted cereal as it passes underneath spray nozzles. The
facility's metering tank for application to the cereal is 10 gallons.
However, these 10 gallons will be sprayed over 100,000 servings of
cereal. The facility would conclude that 100,000 servings are at risk
if the intentional adulteration were successful at this point.
A number of other factors may also go into the calculations a
facility uses to determine the potential public health impact. For
example, if a facility has conducted market research and concludes that
each distribution unit of 20 servings is typically consumed by four
persons, the potential public health impact of that distribution unit
could be considered four persons rather than 20.
b. Element 2: The degree of physical access to product. This
element includes consideration of, at a minimum, the ability of an
attacker to conduct the attack at the particular processing step under
evaluation; and the openness of the processing step to intentional
adulteration, based on the presence of physical barriers such as gates,
railings, doors, lids, seals, shields, and other barriers. This element
is required in the vulnerability assessment because it enables
facilities to prioritize how easy or difficult it is to access product
at each processing step, based on the inherent characteristics of the
physical environment surrounding the step.
c. Element 3: The ability of an attacker to successfully
contaminate the product. This element includes, for each processing
step, consideration of, at a minimum, the ease of introducing an agent
to the product; the ability for an agent to be uniformly mixed or
evenly applied; and the ability of an attacker to work unobserved and
have sufficient time to introduce the agent. As appropriate, and with
sufficient scientific rigor, the facility may also consider: The amount
of specific agent required; whether downstream dilution or
concentration steps would affect the volume of agent required; whether
downstream processing would or would not neutralize the agent(s) under
evaluation; and the ability of the attacker to successfully introduce a
sufficient volume of agent to the food without being detected or
interdicted. This element is required in the vulnerability assessment
because it enables facilities to understand whether the amount of agent
required at each processing step is feasible and if subsequent
processing steps would successfully remove an agent if present.
Taken together, these three required vulnerability assessment
elements provide facilities appropriate tools to adequately identify
which vulnerabilities should be identified as significant
vulnerabilities (i.e., those vulnerabilities, if attacked, could
reasonably be expected to cause wide scale public health harm). If the
step under evaluation has significant vulnerabilities associated with
it and requires the application of mitigation strategies to prevent or
eliminate a significant vulnerability or reduce such vulnerability to
an acceptable level, the step would be categorized as an actionable
process step.
By utilizing these three required elements when conducting a
vulnerability assessment, regardless of the vulnerability assessment
methodology utilized, facilities are provided with a systematic
approach that enables them to move in a logical, step-wise manner to
identify actionable process steps. First, a facility would develop a
list or flow diagram of each point, step, or procedure in the food
process under evaluation, recognizing that each processing step has
some associated vulnerability (i.e., the susceptibility of a point,
step, or procedure in a facility's food process to intentional
adulteration). Second, the facility would identify which
vulnerabilities are significant vulnerabilities (by using the three
required elements), and third, the facility would identify actionable
process steps where significant vulnerabilities are present. We intend
to provide further guidance on conducting vulnerability assessments to
satisfy these requirements.
As noted previously, some comments suggested that vulnerability
assessments should consider downstream processing steps, the volume of
product, shelf life, marketplace turnover, and consumption patterns. We
have found that shelf life is not necessarily a good indicator of the
speed at which a particular product moves through the distribution
system (i.e., food velocity), because many products are sold and
consumed months, if not years, before their shelf life expires.
Marketplace turnover and consumption patterns are captured within the
concept of food velocity, which may be considered in a vulnerability
assessment as a component of Element 1, detailed previously in this
document. Likewise, the potential effect of downstream processing can
be considered as a component of Element 3, detailed previously in this
document.
(Comment 74) One comment suggests adding laboratory professionals
to the list of possible vulnerability assessment team members.
(Response 74) The list of potential members of the vulnerability
assessment team discussed in the preamble to the proposed rule is not
exhaustive (78 FR 78014 at 78042). The original list included
``personnel working in the areas of security, food safety/quality
assurance or control, human resources, operations, maintenance, and
other individuals deemed necessary to facilitate the formation of the
vulnerability assessment.'' We agree that laboratory professionals can
provide important contributions to the vulnerability assessment and can
be included as potential team members.
(Comment 75) A few comments seek clarification on what type of
justification would be required in the instance where no significant
vulnerabilities are identified through a vulnerability assessment.
(Response 75) It has been our experience that most facilities will
identify one or more significant vulnerabilities. For a facility to
[[Page 34198]]
conclude that it has no significant vulnerabilities and therefore no
actionable process steps, the facility would need to determine that
none of its production steps present a significant vulnerability for
wide scale public health harm from intentional adulteration. In
conducting its vulnerability assessment, the facility would need to
consider at each step of its process: (1) The potential public health
impact if a contaminant were added (e.g., severity and scale); (2) the
degree of physical access to the product; and (3) the ability of an
attacker to successfully contaminate the product. The written
vulnerability assessment, including the accompanying rationale
supporting the decision not to identify any significant vulnerabilities
would be important for determining if such a facility had complied with
Sec. 121.130.
(Comment 76) One comment suggests the term ``vulnerability
assessment'' should be clearly defined in the rule.
(Response 76) We deny this request. As discussed in Response 73,
Sec. 121.130 has been revised to provide required elements the
facility would need to consider at each step of its process when
conducting vulnerability assessments: (1) The potential public health
impact if a contaminant were added (e.g., severity and scale); (2) the
degree of physical access to the product; and (3) the ability of an
attacker to successfully contaminate the product. Additionally, the
definition for significant vulnerability has been revised to include
these three required elements, which underscores the importance of the
evaluation that leads to the identification of significant
vulnerabilities, which in turn leads to the identification of
actionable process steps.
We believe the combination of required vulnerability assessment
elements in Sec. 121.130 and a revised definition for significant
vulnerability provides a high degree of specificity regarding what
constitutes a vulnerability assessment and will provide direction to
facilities as they select an appropriate vulnerability assessment
methodology.
(Comment 77) One comment suggests that the term ``secondary
ingredient handling'' used in a key activity type is confusing because
it is not obvious whether ``secondary'' describes ``ingredient'' or
``handling,'' nor what is meant by ``secondary.''
(Response 77) We are removing the key activity types from the
regulatory text, although the key activity types are one appropriate
method to conduct vulnerability assessments to identify actionable
process steps. Consequently, we will consider these comments when
developing guidance to support the use of key activity types as an
appropriate method to conduct a vulnerability assessment.
(Comment 78) One comment suggests that the definition for
``holding'' used in two key activity types should be modified to
account for activities that involve the safe and effective storage of
raw agricultural commodities, other than fruits and vegetables,
intended for further distribution or processing, but does not include
activities that transform a raw agricultural commodity into a processed
food. The specific example of mineral oil applied to raw grains and
oilseeds for dust control was provided.
(Response 78) In response to the comment, we have conducted an
analysis of this activity and believe that the storage of mineral oil
and its application onto raw, whole grains or oilseeds in accordance
with 21 CFR 172.878 is not a significant vulnerability and facilities
engaged in these specific practices are not required to evaluate these
processing steps when conducting vulnerability assessments (Ref. 15).
Facilities storing and using mineral oil on other food products, such
as baked goods, condiments, spices, or confectionery products, are
required to evaluate mineral oil storage and use when conducting
vulnerability assessments.
Additionally, we are removing the key activity types from the
regulatory text, as discussed previously, although the key activity
types are one appropriate method to conduct vulnerability assessments
to identify actionable process steps. Further, we are revising the
definition of ``holding'' in this final rule, as discussed in section
IV.A.3, by removing the distinction for farms and farm mixed-type
facilities and adding that holding also includes activities performed
incidental to storage of a food, but does not include activities that
transform a RAC into a processed food and we include additional
examples of holding activities. However, the holding of food in liquid
storage tanks remains an activity subject to the rule under Sec.
121.5(b).
(Comment 79) Some comments state that when conducting vulnerability
assessments, facilities should take different processing steps into
consideration, but facilities should not be expected to conduct
vulnerability assessments based on product type. Rather, they should be
able to conduct a tailored vulnerability assessment based on the best
methodology for each facility, either in its entirety or by any
appropriate, locally determined methodological approach, such as
grouping different production areas or processing steps.
(Response 79) Facilities have the flexibility to choose a
vulnerability assessment methodology appropriate to their operations,
provided that methodology includes consideration of three fundamental
elements (i.e., the evaluation of the potential public health impact if
a contaminant were added (e.g., severity and scale), the degree of
physical access to the product, and the ability of an attacker to
successfully contaminate the product) and is performed by an individual
qualified by training and/or experience to conduct vulnerability
assessments. A facility must conduct written vulnerability assessments
for all of the foods that it manufactures/processes, packs, or holds.
We recognize there are instances where facilities are manufacturing
very similar products using either the same equipment and/or very
similar processes. In such instances, it is appropriate for the
facility to conduct vulnerability assessments of like products by
grouping these products into one or more processes and conducting
vulnerability assessments on these process groupings. However, any
product or process-specific differences must be carefully delineated
and noted in the vulnerability assessment, and the facility must
clearly identify the specific products included in each vulnerability
assessment. In some facilities with limited types of products, the
written vulnerability assessment may contain a single set of process
steps that addresses all of the products produced. For example, a
facility making fruit-flavored beverages may be able to conduct a
single vulnerability assessment for all of its beverages using a single
set of processing steps.
In other facilities, there may not be a practical way to group all
products into a single set of process steps, and vulnerability
assessments may be needed for multiple groups of products. For example,
a facility that makes both ready-to-eat (RTE) entrees and entrees that
are not RTE may need to conduct a vulnerability assessment of the RTE
entrees and conduct a separate vulnerability assessment for the entrees
that are not RTE.
d. Qualified Individual
(Comment 80) Several comments requested more information regarding
the requirement that vulnerability assessments must be conducted by
individual(s) qualified by experience and/or training using appropriate
methods. Specifically, additional clarification was requested regarding
[[Page 34199]]
training such individuals must receive (particularly in the absence of
FDA standardized curriculum); the process and criteria by which
relevant work experience may supplement or substitute for training; and
the criteria by which FDA will determine if the individual is
adequately qualified to conduct vulnerability assessments.
Additionally, several comments believe there is confusion with the use
of qualified individuals in this rule compared to other rules and
believe the term should be defined.
(Response 80) We agree that further clarification is needed
regarding a definition for a qualified individual in the context of
this rule and in particular, how it relates to the qualifications
necessary to conduct vulnerability assessments. Consequently, in Sec.
121.3 we have defined a qualified individual to mean ``a person who has
the education, training, or experience (or a combination thereof)
necessary to perform an activity required under subpart C, as
appropriate to the individual's assigned duties. A qualified individual
may be, but is not required to be, an employee of the establishment.''
We have further clarified the qualifications necessary for the conduct
of a vulnerability assessment by creating a new section (Sec. 121.4,
Qualifications of Individuals Who Perform Activities Under Subpart C).
In Sec. 121.4 we state ``each individual responsible for . . .
conducting or overseeing a vulnerability assessment as required in
Sec. 121.130'' must (1) have the appropriate education, training, or
experience (or a combination thereof) necessary to properly perform the
activities; and (2) have successfully completed training for the
specific function at least equivalent to that received under a
standardized curriculum recognized as adequate by FDA or be otherwise
qualified through job experience to conduct the activities. Job
experience may qualify an individual to perform these functions if such
experience has provided an individual with knowledge at least
equivalent to that provided through the standardized curriculum. This
new definition and qualifications section has provided more information
on what would qualify an individual to perform a vulnerability
assessment. We believe that our definition of ``qualified individual''
as well as the qualifications required of those individuals have
addressed this need and fulfill the request of the comments. This new
approach is consistent with other FSMA rules, including the PCHF final
rule, which we believe allows for easier understanding and
implementation for the regulated industry.
As stated in the preamble to the proposed rule, we recognize that
the task of performing a vulnerability assessment requires an
individual with a specific skill set to properly assess and prioritize
the various points, steps, or procedures in a food process to
characterize their susceptibility to intentional adulteration, to
identify significant vulnerabilities and to identify actionable process
steps where mitigation strategies are essential to significantly
minimize or eliminate the significant vulnerabilities. We also believe
that various activities required by this rule may require higher levels
of training based on the difficulty and intensity of the task. We
believe that a standardized curriculum will be required to ensure clear
and consistent training is provided for this activity. The training
developed for the purpose of conducting or overseeing a vulnerability
assessment will require an in-depth analysis of the functional and
thought processes required to properly characterize significant
vulnerabilities associated with a facility's points, steps or
procedures and the identification of actionable process steps. The
process of conducting a vulnerability assessment may be new to much of
the industry and the training must take this into consideration. The
standardized curriculum for conducting a vulnerability assessment will
need to be a comprehensive training that teaches an individual the
required components of a vulnerability assessment and provides enough
information for an individual to calibrate their decision making based
on the scientific analysis required by a vulnerability assessment. We
believe that the curriculum designed for this activity will require
multiple days and may best be offered in person.
(Comment 81) A few comments believe the key activity type option
for identifying actionable process steps should include a requirement
that the evaluation be performed by an individual(s) qualified by
experience and/or training using appropriate methods.
(Response 81) We agree with the comments and this is reflected in
the revised requirements. As explained in Response 71, key activity
types have been removed from the regulatory text, but are still
considered an appropriate method to conduct a vulnerability assessment.
The rule requires that a vulnerability assessment, no matter which
methodology is used, must be conducted or overseen by a qualified
individual. We note that the requirements to conduct or oversee a
vulnerability assessment will differ depending on the type of
vulnerability assessment conducted. Using key activity types requires
less technical expertise and experience than other methodologies and
this would be reflected in the necessary qualifications.
C. Proposed Sec. 121.135--Focused Mitigation Strategies for Actionable
Process Steps
We proposed that the owner, operator, or agent in charge of a
facility must identify and implement focused mitigation strategies at
each actionable process step to provide assurances that the significant
vulnerability at each step will be significantly minimized or prevented
and the food manufactured, processed, packed, or held by such facility
will not be adulterated under section 402 of the FD&C Act (21 U.S.C.
342). As discussed in section IV.B.3, in the final rule we use the term
``mitigation strategies'' and no longer reference focused and broad
mitigation strategies.
In addition, we have modified this provision to provide that for
each mitigation strategy or combination of strategies implemented at
each actionable process step, the facility must include a written
explanation of how the mitigation strategy(ies) sufficiently minimizes
or prevents the significant vulnerability associated with the
actionable process step. In the preamble to the proposed rule, we
stated that a justification for how the strategy significantly reduces
or eliminates the risk of intentional adulteration at that actionable
process step(s) must be documented (see 78 FR 78014 at 78048); however,
this was not explicitly included in the regulatory text. We believe
that providing additional flexibility in the nature of the mitigation
strategies facilities may employ makes it critical that facilities
explain their rationale as to how the strategy(ies) are, in fact,
protective of the actionable process step. This explanation will
include a facility's rationale for selecting its mitigation strategies.
This explanation can provide additional benefits to the facility by
assisting them in the decision-making process for identifying
mitigation strategies as well as identifying the most appropriate
mitigation strategies management components for the mitigation
strategy(ies).
Based on our vulnerability assessments, we believe that adequate
mitigation strategies are designed to minimize or eliminate the chances
an attacker would be successful if an act of intentional adulteration
were attempted at the actionable process step by either
[[Page 34200]]
(1) minimizing the accessibility of the product to an attacker (e.g.,
physically reducing access to the product by locking storage tanks) or
(2) reducing the opportunity for an attacker to successfully
contaminate the product (e.g., increasing observation of the area
through supervision or use of the buddy system), or a combination of
both. Mitigation strategies found within FDA's Mitigation Strategies
Database, generally, are designed to address one or both of these
concepts. The content of the Mitigation Strategies Database is derived
from our experience conducting vulnerability assessments with industry
and can serve as a resource for facilities to identify adequate and
appropriate mitigation strategies. The explanation of how the
mitigation strategy sufficiently minimizes or prevents the significant
vulnerability associated with the actionable process step would,
generally, address the mitigation strategy's impact on one or both of
these outcomes.
For example, a facility seeking to protect its liquid storage
tank's access hatch with a lock may conclude that the lock
significantly reduces access to the liquid food stored in the tank by
rendering the hatch inaccessible and include this explanation in its
food defense plan. As another example, a facility may elect to protect
its liquid storage tank actionable process step with a policy to
require two or more employees to be in the area at all times. The
facility's explanation would include the rationale that this ``buddy
system'' reduces the opportunity and ability of an attacker to bring a
contaminant into the vulnerable production area and introduce the
contaminant into the food without being detected by his or her co-
workers. These two examples show that the same actionable process step
can be protected in a variety of ways. The explanation will clarify the
facility's thinking and rationale as to how a mitigation strategy
significantly minimizes or prevents a significant vulnerability.
We believe that the explanation accompanying the mitigation
strategy(ies) will be highly beneficial to the facility in gauging the
proper implementation of the mitigation strategy during required
verification activities. In identifying and implementing appropriate
mitigation strategies, the facility will need to reason through how and
why the mitigation strategy(ies) will be protective of the respective
actionable process step in question. This explanation and the
monitoring of the mitigation strategy play key roles in enabling the
facility to determine if the mitigation strategy is achieving its
intended aim and, therefore, is properly implemented.
For example, for a facility that secures its liquid storage tank
with a lock, a review of monitoring records may show that the lock is
consistently in place and locked, therefore reducing accessibility and
significantly reducing the vulnerability associated with the liquid
storage tank. By being consistently implemented as intended, the lock
is achieving the aim as explained in the food defense plan to reduce
access to the liquid food held in the liquid storage tank. In this
case, the facility can conclude that this mitigation strategy is
properly implemented and is reducing a significant vulnerability.
In contrast, consider a lock on a mixer that is not achieving its
intended aim. In this example, the worker at the mixer must routinely
open the mixer's lid to determine if the product is being sufficiently
mixed. The worker finds the lock to be interfering with his or her
responsibilities and frequently does not engage the lock after checking
on the product, repeatedly leaving the mixer unsecured. This deviation
is documented in monitoring records by the production supervisor. In
this case, the facility's explanation as to how the mitigation strategy
would be protective of the mixer included the rationale that the lock
would reduce access to the product. A component of the facility's
corrective action procedure for this mitigation strategy was to retrain
the employee on the importance of locking the mixer, but the employee
continues to repeatedly leave the mixer unlocked due to its
interference with his or her responsibilities. Since the mitigation
strategy, as determined through a review of monitoring and corrective
action records, was not consistently implemented, it is not achieving
the aim as specified in the mitigation strategy's explanation.
Therefore, the mitigation strategy cannot be determined to be properly
implemented and is not reducing significant vulnerabilities associated
with the mixer. Since the facility has found that the mitigation
strategy is not properly implemented, the facility must reanalyze this
portion of the food defense plan under the requirements of Sec.
121.157(b)(3) and then identify and implement a different mitigation
strategy, or combination of strategies, for the mixer that would reduce
the likelihood that an act of intentional adulteration would be
successful.
Additionally, we believe that the explanation for how the
mitigation strategy(ies) are suitable and intended to reduce the
significant vulnerability will also be highly beneficial in
establishing common understanding and communication between the
facility and inspectors during inspections.
(Comment 82) Many comments support our proposed requirement that
mitigation strategies be targeted at high vulnerability process steps
instead of setting requirements for general facility-level protections.
Further, some comments assert that significant vulnerabilities by
nature present themselves at particular points in a process and that
these individual points, steps, or procedures must be protected. These
comments also state that broad mitigation strategies would be far
reaching and require significantly more capital investment from
industry, while not directly protecting the most vulnerable processes.
(Response 82) We agree with comments supporting the direction of
mitigation strategies to those areas where vulnerability is highest. As
discussed previously, we now refer to mitigation strategies, rather
than broad and focused mitigation strategies. However, we continue to
believe that to be sufficient and appropriate mitigation strategies
must be specifically tailored to the significant vulnerability and
customized to the actionable process step where they are applied rather
than applied to the entire facility (e.g., locking exterior doors, or
ensuring employees and visitors have identification badges). We would
not consider these two examples to be adequate to significantly reduce
or prevent a significant vulnerability because they do not address an
inside attacker.
However, we believe that many policies or procedures that a
facility currently has in place can be modified or altered to provide
protection against acts of intentional adulteration without the
facility incurring significant costs, or requiring additional capital
investment. For example, consider a liquid food storage tank with an
inward opening hatch. When the tank is full, the pressure of the liquid
prevents the hatch from being opened, rendering the tank inaccessible.
However, when the tank is empty, the hatch may be opened and a
contaminant added. It may be part of normal facility practice for a
supervisor to conduct a visual check of storage tanks after a cleaning
cycle to ensure the cleaning has been conducted properly. Rather than
incur the cost of installing a lock or other access control on the
hatch, the facility may elect to implement a food defense mitigation
strategy by altering its visual check procedure so that the visual
check by the supervisor is conducted
[[Page 34201]]
immediately prior to food being added to the storage tank so that the
tank is observed after the tank has been empty and accessible for an
extended period of time. Alternatively, the facility could elect to
secure the tank's hatch with a tamper-evident seal or tape after the
visual inspection. This slight modification of an existing facility
practice could be implemented with little, if any, cost to the facility
and serve to protect the actionable process step--in this case the
storage tank--from an attacker adding a contaminant to the tank while
it is empty and accessible after it been cleaned and visually
inspected.
(Comment 83) Some comments state that those strategies previously
termed as broad mitigation strategies should be considered as being
among appropriate mitigation strategies for compliance with the
requirements, with the majority of those comments indicating that FDA
should not distinguish between focused and broad mitigation strategies
in the final rule. Some comments disagree with FDA's statement in the
proposed rule that the implementation of focused mitigation strategies
at actionable process steps in a food operation is necessary to
minimize or prevent the significant vulnerabilities that are identified
in a vulnerability assessment regardless of the existence of broad
mitigation strategies. These comments contend that mitigation
strategies (whether broad or focused) can work in concert with one
another and play an important role in a facility's food defense
approach. Additionally, some comments state that broad mitigation
strategies can sometimes achieve the same results as focused mitigation
strategies and some comments state that the differentiation between the
two types of strategies is confusing and subjective.
(Response 83) We believe this comment is largely addressed by
changing the regulatory text to refer to only mitigation strategies in
this final rule. We agree with comments that mitigation strategies
exist across a spectrum from those that are very broad and facility-
wide in nature to those that are very specific and tailored to unique
processing steps and areas. If implemented in a directed manner, a
strategy that may tend to be thought of as ``broad'' can be effective
at reducing vulnerability associated with a specific actionable process
step and could sufficiently minimize the likelihood of a successful act
of intentional adulteration at the actionable process step.
Based on the results of our vulnerability assessments, we believe
that mitigation strategies implemented at actionable process steps that
are customized to the processing step at which they are applied,
tailored to existing facility practices and procedures, and consider
the actionable process step's vulnerability to an insider attack are
sufficient to protect the actionable process step. An insider attack
must be considered because an attacker who has achieved access to the
facility will have already circumvented the facility's general
facility-level protections. During the course of our vulnerability
assessments, we determined that if an actionable process step was
sufficiently protected against an attack perpetrated by an insider with
legitimate access to the facility, it would be similarly protected
against the actions of an outside attacker who has circumvented
perimeter protections. Facility-wide security measures can support or
compliment the mitigation strategy(ies) the facility implements;
however the significant vulnerability associated with the actionable
process step must be significantly reduced or prevented.
For example, if a facility implements a strategy to restrict access
at an actionable process step to only those authorized individuals who
work in the area, and the facility leverages identification badges to
enforce this strategy, then the strategy becomes much more targeted. In
this case, the strategy is simply not about identifying personnel who
work anywhere in the facility, but rather, restricting access to a
specifically vulnerable area. In this case, the pre-existing badging
process the facility had in place to positively identify employees and
visitors serves as the foundation upon which the more tailored
mitigation strategy is built. However, the badging process itself is
not a mitigation strategy sufficient to significantly reduce or prevent
a significant vulnerability at the actionable process step because the
badging process alone does not restrict access to the actionable
process step.
Another example to illustrate how different practices can work in
concert with each other to achieve protection is that of vetting
employees. In the proposal we described a hypothetical scenario where a
facility's secondary ingredient handling area was identified as
significantly vulnerable and was, therefore, identified as an
actionable process step. In the scenario, the facility elected to
mitigate this vulnerability by (1) reducing the time ingredients were
open and accessible, (2) entrusting the handling of secondary
ingredients to one of the most trusted employees, and (3) increasing
observation over the secondary ingredient handling area. To implement
the second mitigation strategy (use of most trusted employees), the
facility could utilize either senior and/or long-term employees who had
earned their trust over time, or the facility could conduct a more
detailed background check on specific employees.
Much the same way the Federal government assigns more sensitive
tasks to Federal workers based on a multi-layered classification and
security clearance process, the facility could require basic level pre-
employment screening for most employees, but for those employees
working at actionable process steps, a mitigation strategy could be to
require a more detailed level of background check. The facility would
also conduct periodic review of the background check, as appropriate.
By applying a more targeted approach to establishing trust for the
employee working in the secondary ingredient handing area, the facility
leveraged what was previously described in the proposal as a ``broad''
mitigation strategy in a much more directed and targeted way such that
it was specifically addressing the significant vulnerability associated
with the secondary ingredient staging area. This example shows how what
were ``broad'' and ``focused'' mitigation strategies can work together
to protect an actionable process step.
We caution against using background checks as the sole mitigation
strategy to reduce significant vulnerabilities at an actionable process
step because a background check may not identify all indicators of an
insider threat. Additionally, information within a background check may
be outdated or missing more recent key information that could be
indicators of an insider threat. Background checks should be used in
concert with other mitigation strategies to counter the risk of an
insider attack. In this example, the facility also mitigated
vulnerability at the secondary ingredient staging area by reducing the
staging time of ingredients and increasing observation of the area.
Similarly, some other mitigation strategies may not be adequate
when used in isolation. For example, ensuring adequate lighting around
an actionable process step would generally be a mitigation strategy
that must be used in concert with other strategies to significantly
reduce the likelihood of, or prevent, successful acts of intentional
adulteration at an actionable process step. The increased lighting can
support other mitigation strategies (i.e., increased supervision of an
actionable process step) but, generally, increased
[[Page 34202]]
lighting would not by itself be sufficient to address the significant
vulnerability associated with the actionable process step.
(Comment 84) Some comments state that existing facility practices
and facility-level measures should be considered when a facility is
identifying appropriate mitigation strategies.
(Response 84) We agree. As discussed previously, mitigation
strategies should be tailored to existing facility practices and
procedures, and take into account the nature of the actionable process
step's significant vulnerability. Mitigation strategies can be
complemented by or built on top of existing practices or facility-level
measures. For example, a facility might prepare secondary ingredients
in an area near the process step where they will be added to the
product line. The facility weighs and measures ingredients the night
before use so they are ready for introduction into the product line in
the morning. To identify a suitable and appropriate mitigation
strategy, the facility would consider its normal practice of staging
ingredients the night before and any other relevant practices the
facility engages in regarding its handling of secondary ingredients in
this area. The facility might conclude that staging ingredients the
night before is unnecessary and elect to implement the mitigation
strategy that ingredients will only be handled immediately before their
introduction into the product line to prevent them from being open and
accessible for extended periods of time. Alternatively, if the facility
concludes that their operating practices prevent this approach, it
could implement the mitigation strategy to place the ingredients in
tamper evident storage containers overnight to prevent an attacker from
being able to introduce an agent without indications of tampering with
the ingredients. The facility would implement the most appropriate
mitigation strategy taking into consideration its existing practices
and procedures.
(Comment 85) One comment asserts broad mitigation strategies offer
significant protections to the food supply and that focused mitigation
strategies are of questionable or at least unproved efficacy. This
comment goes on to request that FDA focus requirements only on broad
mitigation strategies that limit access to bulk foods prior to and at
process steps that may disperse contamination in a large volume of
finished food.
(Response 85) During the course of our vulnerability assessments,
we found that appropriate mitigation strategies must be specifically
tailored to the significant vulnerability they are addressing and
customized to the actionable process step where they are applied, while
taking into account existing facility practices and procedures. We
disagree with the comment's assertion that strategies previously termed
as ``focused mitigation strategies'' are questionable or of unproven
efficacy. Indeed, we conclude as determined through our vulnerability
assessments that mitigation strategies specifically designed to protect
the most vulnerable points in a food operation are the most effective
at reducing the likelihood that an act of intentional adulteration
would be successful. General facility-level security measures have
questionable value in protecting actionable processing steps from
significant vulnerabilities, especially those significant
vulnerabilities associated with attackers with legitimate access to the
facility. However, this comment illustrates why we are changing the
codified to refer to only ``mitigation strategies.'' We would consider
the efforts described by this comment to be focused mitigation
strategies as we used that term in the proposed rule. We agree that
``bulk foods prior to and at process steps that may disperse
contamination in a large volume of finished food'' would most likely be
significantly vulnerable and thus require appropriate mitigation
strategies.
(Comment 86) Some comments state that some of the mitigation
strategies identified in the preamble of the proposed rule may not be
appropriate or suitable in certain circumstances. For example, some
comments mention that one-way sample ports as a mitigation strategy may
not be appropriate for products that require aseptic sampling. Some
comments contend that making engineering enhancements to equipment or
repositioning equipment to increase visual observation may be
prohibitively costly.
(Response 86) We agree that certain mitigation strategies may not
be appropriate or suitable in some situations. Therefore, we are not
requiring any specific mitigation strategies in this rule. A facility
may identify the most appropriate and suitable mitigation strategies
for its facility, the food being processed, the actionable process step
being protected, and the nature of the significant vulnerability being
mitigated.
(Comment 87) Some comments urge FDA to permit requirements that are
already in place by other government agencies to count as mitigation
strategies, when appropriate based on a thoughtful vulnerability
assessment. In particular, these comments suggest the C-TPAT program
has proved successful in requiring that broad mitigation strategies be
implemented, including physical security, personnel security,
ingredient storage and inventory procedures, and crisis management
planning.
(Response 87) As discussed in section III.D, we believe that
participation in other security programs, such as C-TPAT or CFATS for
example, raises the overall security posture for a facility and can be
beneficial along with the requirements of the final rule. In certain
circumstances, security measures implemented under other security
programs may also prove to be effective mitigation strategies once
actionable process steps are identified. These security measures should
be evaluated on a case-by-case basis to determine if they significantly
reduce or prevent significant vulnerabilities at actionable process
steps. If so, the facility may consider these protections as mitigation
strategies under Sec. 121.135 and document them in the food defense
plan. However, FDA will not consider a facility's participation with
other security programs as de facto compliance with this rule.
D. Final Sec. 121.138--Mitigation Strategies Management Components
We have added a new Sec. 121.138 (Mitigation Strategies Management
Components) to establish that mitigation strategies required under
Sec. 121.135 are subject to the following mitigation strategies
management components as appropriate to ensure the proper
implementation of the mitigation strategies, taking into account the
nature of each such mitigation strategy and its role in the facility's
food defense system: (1) Food defense monitoring in accordance with
Sec. 121.140; (2) Food defense corrective actions in accordance with
Sec. 121.145; and (3) Food defense verification in accordance with
Sec. 121.150. We have created this new section to provide clarity and
understanding regarding the application of the three management
components to the mitigation strategies as required by Sec. 121.135.
E. Proposed Sec. 121.140--Monitoring
1. Proposed Sec. 121.140(a)-(b) Requirement for Written Procedures for
and Frequency of Monitoring
We proposed that you must establish and implement written
procedures, including the frequency with which they are to be
performed, for monitoring the mitigation strategies, and you must
monitor the mitigation strategies with
[[Page 34203]]
sufficient frequency to provide assurance that they are consistently
applied.
Some comments support the proposed requirements. In the following
paragraphs, we discuss comments that disagree with the proposed
requirements, ask us to clarify the proposed requirements, or suggest
one or more changes to the proposed requirements. Some comments request
that we provide more flexibility than a traditional HACCP framework,
with specific requests for flexibility in the management components,
including monitoring.
After considering these comments, we are making three revisions to
the requirements for monitoring in Sec. 121.140. First, we are adding
the qualification ``as appropriate to the nature of the mitigation
strategy and its role in the facility's food defense system,'' to the
beginning of the provision. Second, we are changing ``sufficient'' to
``adequate'' in Sec. 121.140(b), which now states that ``you must
monitor the mitigation strategies with adequate frequency to provide
assurances that they are consistently performed.'' We are substituting
the term ``adequate'' for the term ``sufficient'' to be consistent with
the PCHF final rule definition for monitoring. We conclude that there
is no meaningful difference between ``adequate'' and ``sufficient'' for
the purposes of part 121. We have also added a definition for the term
``adequate'' in the regulatory text to mean that which is needed to
accomplish the intended purpose in keeping with good public health
practice. We also conclude that the regulations will be clearer if we
use the single term ``adequate'' throughout the regulations. Third, we
are changing ``applied'' to ``performed'' to address comments that
state the language was unclear. Section 121.140(b) now states that
``you must monitor the mitigation strategies with adequate frequency to
provide assurances that they are consistently performed.''
(Comment 88) Some comments argue that the language of section
418(d) of the FD&C Act is ambiguous, and state that monitoring in
section 418(d) does not require that facilities conduct monitoring as
described in the National Advisory Committee on Microbiological
Criteria for Foods' HACCP Principles and Application Guidelines. These
comments state that the statute sets a standard for facilities to
``monitor the effectiveness of the preventive controls.'' The comments
state that the statute does not indicate how facilities are to monitor
the effectiveness of the mitigation strategies; it does not indicate
that each mitigation strategy must be monitored, and it does not
specify the frequency at which monitoring must occur. However, the
comments agree that facilities should assess whether mitigation
strategies are in place and are fully implemented. The comments agree
that facilities should have written procedures regarding how, and the
frequency at which, observations take place, but also indicate that
these procedures and frequencies should be less rigorous than
procedures and frequencies for preventive controls.
(Response 88) We agree that facilities must assess whether
mitigation strategies are in place. We also agree that facilities must
provide written procedures regarding how, and the frequency at which,
monitoring occurs. This rule implements section 103 of FSMA, and
therefore includes components for monitoring (section 418(d) of the
FD&C Act). We agree that monitoring in the intentional adulteration
regulatory framework should be more flexible than monitoring as
described in the National Advisory Committee on Microbiological
Criteria for Foods' HACCP Principles and Application Guidelines.
Therefore, we have modified the requirement for monitoring in the
regulatory text to include ``as appropriate to ensure the proper
implementation of the mitigation strategies, taking into account the
nature of each such mitigation strategy and its role in the facility's
food defense system'' (see Sec. Sec. 121.138, 121.140) and to provide
for the use of exception records (see Sec. 121.140(c)(2)). These
changes allow a facility to select the appropriate rigor and frequency
of its monitoring based on its particular circumstances and are similar
to those made in the PCHF final rule regulatory text for monitoring in
the preventive controls management components.
For example, a facility stages ingredients overnight so the first
shift can immediately begin adding ingredients to a hopper. The
facility identifies staged ingredient containers as an actionable
process step because the overnight staging makes the ingredient
containers significantly vulnerable. The facility then identifies a
mitigation strategy of reducing ingredient staging time. The facility
establishes and implements food defense monitoring procedures to
include observations of the staging area to ensure the ingredients are
staged immediately prior to addition into the hopper rather than
overnight. This monitoring procedure is tailored to the facility's
circumstances and is appropriate to the mitigation strategy (i.e.,
suitable for a particular purpose and capable of being applied) because
it allows for the assessment or observation that the ingredient staging
time is being reduced. When establishing the monitoring procedure, the
facility considered the nature of the mitigation strategy (i.e., an
observation would determine if reducing the staging time was being
consistently performed) and its role in the facility's food defense
system (i.e., the facility deemed it necessary to conduct the
monitoring for the mitigation strategy because the reducing the staging
time significantly minimized the significant vulnerability associated
with the ingredient containers). Additionally, the facility reasoned
that monitoring the staging area immediately prior to the addition of
the ingredients to the hopper met the requirement for monitoring to be
conducted on an adequate frequency because this frequency meets the
definition of adequate (i.e., that which is needed to accomplish the
intended purpose in keeping with good public health practice) in that
monitoring prior to ingredient addition to the hopper ensures that
employees will properly implement the reduced staging time and reduce
the significant vulnerability.
2. Proposed Sec. 121.140(c)--Requirement for Records
We proposed that all monitoring of focused mitigation strategies in
accordance with this section must be documented in records that are
subject to verification in accordance with proposed Sec. 121.150(a)
and records review in accordance with proposed Sec. 121.150(c).
In the following paragraphs, we discuss comments that disagree with
the proposed requirements, ask us to clarify the proposed requirements,
or suggest one or more changes to the proposed requirements. After
considering these comments, we have revised the regulatory text to
provide that exception records may be adequate in some circumstances
(see Sec. 121.140(c)(2)).
(Comment 89) Some comments state that a facility will be much more
likely to document a deviation from an established mitigation strategy
(i.e., a light is broken or turned off) rather than a confirmation that
the light was working properly each day. These comments seem to
indicate that this could be a potential area where greater flexibility
is needed regarding how monitoring is documented.
(Response 89) New Sec. 121.140(c)(2) provides for exception
records and states records may be affirmative records demonstrating the
mitigation strategy is functioning as intended and
[[Page 34204]]
that exception records demonstrating the mitigation strategy is not
functioning as intended may be adequate in some circumstances. This
revision to the regulatory text was made to clarify that exception
records, in certain circumstances, are acceptable. We understand
exception reporting as a structure where automated systems are designed
to alert operators and management on an exception basis--i.e., only
when a deviation from food safety parameter limits are observed by the
system.
Exception reporting would be an acceptable monitoring system in
some circumstances. A facility must be able to verify that food defense
monitoring is being conducted (Sec. 121.150(a)(1)). This is
straightforward with affirmative monitoring records but can be more
difficult or impossible with exception records. The following example
provides an instance where a facility may choose exception records when
monitoring a mitigation strategy. A facility identifies an ingredient
storage area as an actionable process step, and identifies and
implements a restricted access system that uses electronic swipe/key
cards to limit access to the area. The restricted access system is
designed to allow authorized personnel to open a door to the area,
while also alerting management when the door is left unlocked. While
the system would not need to produce a record for every authorized
access to the area, the system would produce a record for each instance
that the door is left unlocked and alert operators to those instances.
In this example, the facility would periodically verify that the
restricted access system is working properly, in part, by leaving the
door unlocked, and ensuring the system alerts the operator by
generating a record that documents the door being unlocked. Exception
records are not always appropriate. For example, it would not be
appropriate to create a record that indicates adequate lighting is not
functioning as intended, rather than documenting adequate lighting is
functioning as intended, unless the facility devised an approach that
would allow it to verify that food defense monitoring was being
conducted as required.
F. Proposed Sec. 121.145--Corrective Actions
1. Proposed Sec. 121.145(a)(1)-(2) Requirement To Establish and
Implement Corrective Action Procedures That Must Describe Steps To Be
Taken
We proposed that you must establish and implement written
corrective action procedures that must be taken if the mitigation
strategy is not properly implemented. The corrective action procedures
must describe the steps to be taken to ensure that appropriate action
is taken to identify and correct a problem with implementation of a
mitigation strategy to reduce the likelihood that the problem will
recur.
Some comments support the proposed requirements. In the following
paragraphs, we discuss comments that disagree with the proposed
requirements, ask us to clarify the proposed requirements, or suggest
one or more changes to the proposed requirements. Some comments request
that the intentional adulteration requirements provide more flexibility
than a traditional HACCP framework, with specific requests for
flexibility in the management components, including corrective actions.
After considering these comments, we are making several revisions to
the proposed requirements for corrective actions. First, we are adding
the qualification ``as appropriate to the nature of the actionable
process step and the nature of the mitigation strategy'' to the
beginning of the provision in Sec. 121.145(a). Second, we are
separating the requirements to take appropriate action to identify and
correct a problem that has occurred from the requirement to take
appropriate action, when necessary, to reduce the likelihood that the
problem will recur. The separated requirements are now included in the
regulatory text as Sec. 121.145(a)(2)(i) and Sec. 121.145(a)(2)(ii),
respectively. Similar changes were made to the PCHF final rule
regulatory text for corrective actions, as comments related to that
rule asserted the proposed corrective action regulatory text could have
been misunderstood as a requirement to establish a new preventive
control after implementing a corrective action procedure. These
comments also asserted that it would be inappropriate to assume that
corrective action procedures always correct a problem with the
implementation of a new or additional preventive control. We have
addressed these comments to the requirement to identify and correct a
problem by adding ``that has occurred'' after ``correct a problem'' in
Sec. 121.145(a)(2)(i). We have also addressed these comments by
qualifying the requirement that the corrective action procedures must
describe the steps to be taken to ensure that appropriate action is
taken to reduce the likelihood that the problem will recur by inserting
``when necessary'' after ``appropriate action is taken'' in Sec.
121.145(a)(2)(ii).
(Comment 90) A few comments state that greater flexibility is
needed to reflect the differences between mitigation strategies and
preventive controls and that corrective actions is one potential area
in which to increase flexibility. While comments agree that a facility
should take action when a mitigation strategy is not properly or fully
implemented, these comments further state that detailed, written
corrective action procedures should not be required to address every
possible deviation for each mitigation strategy. In addition, comments
state that facility employees should make corrections, rather than take
corrective actions, in some circumstances. These comments provide an
example of corrections where a door is simply closed, and the action is
not documented, in response to a single, isolated event where a door is
propped open.
(Response 90) As described previously, we have modified the
provision to provide that corrective action procedures are established
and implemented based on the nature of the actionable process step in
addition to the nature of the mitigation strategy (see Sec.
121.145(a)). The rule allows for a facility's corrective action
procedures to reflect the extent of the deviation. For example, a
facility's monitoring indicates that a peer monitoring mitigation
strategy is not implemented as intended because one of the employees
does not accompany the other employee at the actionable process step. A
component of the facility's written corrective action is to retrain the
employee on the importance of accompanying the other employee while at
the actionable process step. We expect, in most cases, that food
defense corrective action procedures will be simple and easy to
undertake. Further, we agree that written corrective action procedures
need not address every possible deviation, and the rule does not
require this. Written corrective action procedures should address
circumstances where deviations are likely to occur. The reason to have
corrective action procedures is to consider the likely scenarios in
advance, rather than react to these scenarios on an ad hoc basis.
We do not agree that certain situations are more appropriate for
corrections rather than corrective actions. A ``correction'' does not
include, among other things, actions to reduce the likelihood that the
problem will recur. The comment describes a situation where a facility
is locking the door to serve as the mitigation strategy, and the
[[Page 34205]]
monitoring of the mitigation strategy indicates the strategy is not
performing as intended (i.e., the door is not locked, and it is propped
open). Because monitoring has indicated the mitigation strategy is not
properly implemented, a corrective action is required (Sec.
121.145(a)(1)). While the example includes a corrective action that is
quite simplistic and easy to undertake, it is important that a
corrective action, and not a correction, be taken because the
corrective action includes actions to reduce the likelihood that the
problem will recur, while the correction does not. An unlocked door
leaves the significant vulnerability unmitigated, and therefore, this
seemingly isolated problem directly impacts product vulnerability.
Furthermore, corrections, such as those discussed in the PCHF final
rule (e.g., facility observes food residue on ``clean'' equipment prior
to production of food, and then cleans the equipment), are appropriate
for minor and isolated problems that do not directly impact product
safety. An analogous situation does not exist in the context of
intentional adulteration where requirements of this rule are designed
to reduce significant vulnerabilities associated with an insider
attack. Additionally, food defense corrective action requirements are
less rigorous and resource-intensive than corrective actions for food
safety purposes. Food defense corrective actions do not include
requirements to evaluate all affected food for safety, prevent affected
food from entering commerce, or include requirements for unanticipated
problems.
2. Proposed Sec. 121.145(a)(3)--Documentation
We proposed that all corrective actions taken in accordance with
this section must be documented in records that are subject to
verification in accordance with proposed Sec. 121.150(b) and records
review in accordance with proposed Sec. 121.150(c).
Some comments support the proposed requirements without change. One
comment states that documentation would not be needed in a single,
isolated event, such as where a door is propped open, and the
corrective action would simply result in the door being closed. While
the example includes a corrective action that is simple and easy to
undertake, it is necessary that it be documented. Without such
documentation, verification of proper implementation of the mitigation
strategy, as required in Sec. 121.150(a)(3), may not be possible
because there are no records to review which reflect failure to
implement the mitigation strategy. Further, without documentation, it
may not be known whether it was a one-time event or the door was
propped up more regularly. Documentation of the corrective actions and
review of the documentation to verify proper implementation of
mitigation strategies is necessary to identify trends and patterns of
implementation of mitigation strategies over time, and is also
necessary to ensure appropriate decisions about corrective actions are
being made. After considering the comment, we are finalizing these
requirements as proposed.
G. Proposed Sec. 121.150--Verification
We proposed to require verification of monitoring, verification of
corrective actions, verification of implementation and effectiveness,
reanalysis, and documentation of all verification activities.
Specifically regarding verification of implementation and
effectiveness, (proposed Sec. 121.150(c)), we proposed that you must
verify that the focused mitigation strategies are consistently
implemented and are effectively and significantly minimizing or
preventing the significant vulnerabilities. We proposed that this must
include, as appropriate to the facility and the food, review of the
monitoring and corrective actions records within appropriate timeframes
to ensure that the records are complete, the activities reflected in
the records occurred in accordance with the food defense plan, the
focused mitigation strategies are effective, and appropriate decisions
were made about corrective actions. We also requested comment on
whether we should specify the verification activities that must be
conducted for verification of monitoring and for verification of
corrective actions and, if so, what verification activities should be
required.
1. Verification of Monitoring, Corrective Actions and Implementation
and Effectiveness
Some comments support the proposed requirements. In the following
paragraphs, we discuss comments that disagree with the proposed
requirements, ask us to clarify the proposed requirements, or suggest
one or more changes to the proposed requirements. Some comments request
that the intentional adulteration requirements provide more flexibility
than a traditional HACCP framework, with specific requests for
flexibility in the management components, including verification. Most
of the comments addressing verification activities request
clarification specifically related to implementation and effectiveness.
One comment requests that we provide for other activities appropriate
for verification of implementation and effectiveness. After considering
these comments, we are making several changes to the requirements for
verification.
First, we are adding text to Sec. 121.150(a) (Food defense
verification) to reflect that verification procedures are established
and implemented based on the nature of the mitigation strategy and its
role in the facility's food defense system. Second, we made edits to
reflect new Sec. 121.138. We have changed proposed Sec. 121.150(a) to
final Sec. 121.150(a)(1), which now states ``Verification that food
defense monitoring is being conducted as required by Sec. 121.138 (and
in accordance with Sec. 121.140).'' We have changed proposed Sec.
121.150(b) to final Sec. 121.150(a)(2), which now states
``Verification that appropriate decisions about food defense corrective
actions are being made as required by Sec. 121.138 (and in accordance
with Sec. 121.145).'' We have changed proposed Sec. 121.150(c) to
final Sec. 121.150(a)(3) which requires verification that mitigation
strategies are properly implemented and significantly minimizing the
significant vulnerabilities.
Third, we have removed the requirement to verify that mitigation
strategies are effectively significantly minimizing or preventing
significant vulnerabilities in Sec. 121.150(c) because it is more
appropriate to verify mitigation strategies are being properly
implemented, in accordance with the food defense plan, rather than
verifying these strategies are effective. In the food safety context,
verification of effectiveness is mainly accomplished via validation and
testing, which are not required in this final rule due to the nature of
mitigation strategies. Fourth, we are adding a new section Sec.
121.150(a)(3)(ii) to provide for ``other activities appropriate for
verification of proper implementation'' to allow for increased
flexibility in verifying mitigation strategies are properly implemented
beyond what is included in Sec. 121.150(a)(3)(i). Fifth, we added a
requirement (Sec. 121.150(b)), to establish and implement written
procedures, including the frequency for which they are performed, for
verification activities. This requirement was added because the
flexibility, provided in Sec. 121.150(a)(3)(ii), is significant but
not unbounded. Written procedures are essential to ensure these
activities are occurring in accordance with the food defense plan.
Sixth, we moved the more
[[Page 34206]]
extensive section for reanalysis (proposed Sec. 121.150(d)) to a new
section (final Sec. 121.157) to improve readability and clarity. As a
result, we created a new Sec. 121.150(a)(4) (``Verification of
Reanalysis in accordance with Sec. 121.157'') to include in Sec.
121.150 the requirement to verify that reanalysis has been conducted.
Some of these changes are similar to those made in the PCHF final rule
regulatory text for verification and preventive controls management
components.
(Comment 91) Some comments request clarification and elaboration
for verification activities related to implementation and effectiveness
of mitigation strategies (proposed Sec. 121.150(c)).
(Response 91) As mentioned previously, we have removed the
requirement to verify the effectiveness of mitigation strategies. As
part of food defense verification, a facility must determine if each
mitigation strategy is properly implemented and significantly
minimizing or preventing significant vulnerabilities. To do this, a
facility would determine whether the mitigation strategies are
consistently implemented and functioning as intended. Part of this
determination would be based on review of monitoring and corrective
action records. In addition, as mentioned in section V.D, facilities
may use, but are not limited to, two important factors to determine the
proper implementation of mitigation strategies to significantly
minimize or prevent significant vulnerabilities: (1) The degree of
physical access to the product at the actionable process step and (2)
the ability of an attacker to successfully contaminate the product at
the actionable process step.
For example, if a mitigation strategy is significantly minimizing
the degree of physical access to the product at an actionable process
step, and the strategy is consistently implemented as determined by
record review, the strategy can be considered properly implemented.
Likewise, if the mitigation strategy is significantly minimizing the
ability of an attacker to successfully contaminate the product at the
actionable process step, and the strategy is consistently implemented
as determined by record review, the strategy can be considered properly
implemented. These factors are the same as two of the factors required
to be evaluated in a vulnerability assessment (Sec. 121.130(a)(2) and
(3)).
We are not including the third factor (the potential for public
health impact (Sec. 121.130(a)(1)) because it has been our experience
that mitigation strategies either directly reduce access to a point,
step, or procedure, or directly reduce the ability of an attacker to
contaminate the food at a point, step, or procedure, and in doing so,
indirectly reduce the potential public health impact if a contaminant
were added at a point, step, or procedure.
As a facility reasons through its explanation of how the mitigation
strategy significantly minimizes or prevents the significant
vulnerability (Sec. 121.135(a)), the facility's explanation will most
likely include the rationale for how the mitigation strategy reduces,
to an acceptable level, either the degree of unauthorized access to the
actionable process step or the ability of an attacker to successfully
contaminate the product at the actionable process step. When the
facility reviews the monitoring and corrective action records to ensure
that activities reflected in the records occur as envisioned by the
food defense plan (Sec. 121.135(a)) and are consistently implemented
(Sec. 121.150(a)(3)), the facility can then determine whether the
mitigation strategy is properly implemented and is significantly
minimizing the significant vulnerability at the actionable process
step.
(Comment 92) One comment states that verification methods other
than those required by proposed Sec. 121.150(c) may be appropriate,
and provides suggestions of such methods, including direct observation
of monitoring, such as a supervisor observing monitoring conducted by
an employee, and review of monitoring and corrective actions activities
during team meetings.
(Response 92) We agree that the rule should provide flexibility for
additional activities related to verification of properly implemented
mitigation strategies, and have revised the specific requirements to
provide for other activities appropriate for verification of proper
implementation of mitigation strategies in Sec. 121.150(a)(3)(ii).
Providing specific requirements for verification of implementation
(Sec. 121.150(a)(3)(i)), but allowing for other activities appropriate
for verification of implementation (Sec. 121.150(a)(3)(ii)),
addresses, in part, comment requests that mitigation strategies
management components need to provide more flexibility.
(Comment 93) One comment disagrees with the requirement that, as
part of verification, monitoring and corrective action records must be
reviewed and further states that the proposed requirement is too
prescriptive and not applicable to food defense.
(Response 93) Review of monitoring and corrective action records is
a key component of verification in a food defense system. Review of
monitoring records is necessary to determine whether mitigation
strategies are implemented as intended and are therefore significantly
minimizing significant vulnerabilities. For example, review of
monitoring records for a mitigation strategy of using a lock to secure
an access hatch on top of a silo could indicate that the lock is
functioning as intended because the securing mechanism is fully
engaged, and the hatch cannot be accessed without a key to the lock.
The significant vulnerability has been significantly minimized because
the food in the silo is no longer accessible. The facility determines
the mitigation strategy is properly implemented because it is
functioning as intended and minimizes the significant vulnerability.
Review of corrective action records is necessary to determine
whether appropriate decisions are being made to identify and correct
any problems with the implementation of a mitigation strategy and
whether actions are being taken to reduce the likelihood that a problem
would recur. To continue with the example, if the review of monitoring
records indicated that the lock was not properly implemented due to
employee error, the facility implements the corrective action, which
consists of engaging the securing mechanism of the lock on the access
hatch, and retraining the employee assigned to this step in how to
properly use the securing mechanism. During the review of the
corrective action records, the facility determines that appropriate
decisions about corrective actions were made because the problem was
identified that the lock was not properly implemented due to employee
error, the problem was corrected because the facility engaged the
securing mechanism of the lock to lock the access hatch, and actions
were taken to reduce the likelihood the problem would recur by training
the employee on how to successfully engage the securing mechanism of
the lock in order to lock the access hatch.
Further, FDA has provided a flexible time period for review,
allowing review of monitoring and corrective action records to take
place in an ``appropriate timeframe.'' For example, a facility chooses
to use several mitigation strategies, including adequate lighting, at
the bulk truck unloading bay to protect the actionable process step,
and the lighting may be monitored each time a shipment is received or
on a weekly basis depending on the facility's determination of the
frequency of the monitoring procedures. The review of these monitoring
records may occur on
[[Page 34207]]
a weekly or monthly basis, depending on the frequency of the monitoring
procedures and the role this mitigation strategy plays in a facility's
food defense system. We disagree that this requirement is too
prescriptive.
(Comment 94) Some comments assert that industry cannot be held to a
standard of absolute prevention of intentional adulteration, and given
this assertion, one of these comments further states that effectiveness
of mitigation strategies should be interpreted reasonably by both FDA
and industry. The comment agrees that facilities should be expected to
take reasonably appropriate measures to mitigate vulnerabilities and
also states that facilities should have discretion to determine how
mitigation strategies are effective. This comment goes on to state that
facilities should not be expected to employ a certain measure just
because the measure is available, particularly when the added benefit
might be minimal. Finally, the comment states that, in the context of
interpreting effectiveness of mitigation strategies in a reasonable
manner, FDA should be mindful of the extremely low likelihood of an
intentional adulteration event that may cause massive public health
harm or economic disruption.
(Response 94) We acknowledged the low probability of an intentional
adulteration event that may cause wide scale public health harm in the
proposed rule (78 FR 78014 at 78024). The rule does not create a
standard of absolute prevention at every identified actionable process
step. Mitigation strategies are, among other things, ``risk-based'' and
``reasonably appropriate measures.'' They are employed to
``significantly minimize or prevent'' significant vulnerabilities.
Furthermore, each facility has some degree of discretion in
determining how, and whether, each mitigation strategy is properly
implemented, as part of the facility's written explanation of how the
mitigation strategy sufficiently minimizes or prevents the significant
vulnerability associated with the actionable process step.
Additionally, facilities are not required to employ measures just
because they are available or convenient. Rather, facilities are
required to identify and implement mitigation strategies that reflect
the specific circumstances of the actionable process step and the
facility. Because the facility considers these circumstances when
identifying and implementing an appropriate mitigation strategy, and
provides a written explanation of how the mitigation strategy
sufficiently minimizes or prevents the significant vulnerability
associated with an actionable process step, a facility may choose a
mitigation strategy that it believes provides maximum benefit,
regardless of availability or convenience, if it complies with the
requirement to significantly minimize, or prevent, the significant
vulnerability.
2. Proposed Sec. 121.150(d)--Reanalysis (Final Sec. 121.157)
We proposed that you must conduct a reanalysis of the food defense
plan (1) At least once every 3 years; (2) Whenever a significant change
in the activities conducted at your facility creates a reasonable
potential for a new vulnerability or a significant increase in a
previously identified vulnerability; (3) Whenever you become aware of
new information about potential vulnerabilities associated with the
food operation or facility; (4) Whenever you find that a focused
mitigation strategy is ineffective; and (5) Whenever FDA requires
reanalysis to respond to new vulnerabilities and developments in
scientific understanding including, as appropriate, results from the
Department of Homeland Security biological, chemical, radiological, or
other terrorism risk assessments. These requirements for reanalysis of
the food defense plan were proposed within Sec. 121.150 Verification.
Many comments responded to Sec. 121.150 (Verification) as a whole,
without specifically referring to reanalysis as an area needing edits.
However, some comments regarding verification potentially apply to
reanalysis, and these are addressed in this section. Some comments
support the proposed requirements without change and some support the
proposed provisions but ask for more flexibility and suggest
alternative regulatory text. After considering these comments, to
improve clarity and readability and to be consistent with the PCHF
final rule with respect to the regulatory text for reanalysis, we have
removed reanalysis from Sec. 121.150 and created a new section Sec.
121.157 devoted entirely to requirements for reanalysis. We have
revised the regulatory text within this section to clarify which
portions of the food defense plan will need reanalysis and how often
(e.g., the whole plan needs reanalysis at least every 3 years, and the
whole plan or the applicable portions of the plan need reanalysis for
all other reasons required in the text), to expand the scope of
situations that trigger a reanalysis (e.g., added a reanalysis
requirement when required by FDA based on credible threats to the food
supply), and we increased clarity for when the reanalysis requires a
revision to the food defense plan (e.g., the proposed language stated a
revision to the food defense plan is required when a significant change
is made, and the text was edited to state that a revision to the food
defense plan is required when a significant change in activities
conducted at your facility creates a reasonable potential for a new
significant vulnerability or a significant increase in a previously
identified vulnerability). Also, the new reanalysis section provides
more flexibility in the timeframe for when a reanalysis must be
completed, and clarifies when a reanalysis requires a revision to the
food defense plan.
In the following paragraphs, we discuss comments that suggest one
or more changes to the proposed requirements.
(Comment 95) Some comments state that greater flexibility is needed
to reflect the differences between mitigation strategies and preventive
controls and that verification is one potential area in which to
increase flexibility. These comments believe that the oversight burden
and the records burden associated with verification could be lessened
by adding more flexibility.
(Response 95) We interpreted these comments to include reanalysis
in the verification activities mentioned. We agree that the overall
regulatory framework for this rule should provide more flexibility than
that of a traditional HACCP approach and have described our general
thinking in Comment 1 and Comment 2 of this document. To align with
this thinking we have made specific changes to the reanalysis
requirements. We removed reanalysis from Sec. 121.150 and created a
new section Sec. 121.157 devoted entirely to requirements for
reanalysis to help clarify activities for the purpose of verification
versus activities specific to reanalysis. Within this section we
provide for reanalysis of an applicable portion of the food defense
plan (rather than the complete food defense plan) in specified
circumstances. We have revised the regulatory text to state that when
reanalysis is conducted for any reason other than Sec. 121.157(a)
(every 3 years), the food defense plan as a whole may need to be
reanalyzed, or just the applicable portion of the food defense plan
that may be affected by the proposed change or the new information (see
Sec. 121.157(a) and 121.157(b)). In the proposed rule, the portions of
the plan that required reanalysis were not detailed, and the
implication was that the entire plan must be reanalyzed in all cases.
Our clarification of this language
[[Page 34208]]
allows flexibility for the facility to determine the extent of the
required reanalysis based on the nature of the reanalysis trigger. In
addition, we made associated editorial changes for the intentional
adulteration reanalysis requirements to improve the readability of the
requirement to conduct reanalysis ``whenever a mitigation strategy, a
combination of mitigation strategies, or the food defense plan as a
whole, is not properly implemented'' (see Sec. 121.157(b)(3)). In the
proposed rule this requirement applied only to the ineffective nature
of a mitigation strategy and did not take into account other areas of
the food defense plan that may be contributing to an ineffective food
defense plan. We also added new text to the reanalysis requirement to
allow FDA to require a reanalysis ``when credible threats are made to
the food supply'', as discussed more fully in section III.C.
Further, additional flexibility has been provided with respect to
timeframes associated with completing reanalysis. The proposed rule
required that reanalysis be completed ``before the change in activities
at the facility were operative'' or ``when necessary, during the first
6 weeks of production.'' The new requirement states that the reanalysis
must be complete ``before any changes in activities (including any
change in mitigation strategy) at the facility is operative,'' or
``when necessary, within 90 days of production'' or ``within a
reasonable timeframe, providing a written justification is prepared for
a timeframe that exceeds 90 days after production of the applicable
food first begins.'' This flexibility in timeframes lessens the burden
on the facility. We believe the 90-day timeframe is sufficient for
completing the reanalysis but recognize that there may be instances
where the 90-day timeframe is exceeded and this is allowed with
sufficient written justification.
We lessened the documentation burden by only requiring a revision
to the food defense plan ``if a significant change in the activities
conducted at your facility creates a reasonable potential for a new
significant vulnerability or a significant increase in a previously
identified vulnerability.'' The proposed rule required a revision to
the food defense plan if ``a significant change was made.'' By stating
specifically that revisions are only required if a change is made in
activities that affect vulnerabilities, we eliminate the revision
requirements for changes that are not directly related to the risk of
intentional adulteration. Both the proposed and final rules provide for
the option to conclude that a revision to the food defense plan is not
needed as long as the basis for that conclusion has been documented.
Many of the changes we made to the reanalysis provisions are
similar to changes made in the PCHF final rule, and we believe this
consistency will assist with overall understanding and implementation
of these rules.
(Comment 96) Some comments ask us to recognize other terminologies
suggesting reanalysis could be referred to as ``reassessment.''
(Response 96) We decline this request. We have acknowledged that
the terminology used in relation to the concept of ``reanalysis''
varies in current regulations and guidelines for systems such as HACCP
(78 FR 3646 at 3759). A facility may choose to use a term such as
``reassessment'' in its records--e.g., if it relies on existing records
that use the term ``reassessment'' to satisfy some or all of the
requirements of this rule for reanalysis. However, the rule will use a
single term to minimize the potential for confusion about whether
different terms have a different meaning for the purposes of the rule.
H. Proposed Sec. 121.160--Training (Final Sec. 121.4)
We proposed in Sec. 121.160 to require that (1) Personnel and
supervisors assigned to actionable process steps must receive
appropriate training in food defense awareness and their respective
responsibilities in implementing focused mitigation strategies and (2)
All required training must be documented in records. We asked for
comment on several questions related to training, including whether we
should require that basic food defense awareness training be completed
by all employees and whether we should require training to be repeated
periodically. We also requested comment on the adequacy of FDA's Food
Defense 101 training materials and whether additional FDA training
materials are needed. Finally, we requested comment on the feasibility
of the proposed training requirements, in light of the current state of
food defense awareness in the industry and available training
resources.
No comments disagree with the need for training for facilities to
be able to properly implement this rule, and many comments acknowledge
that training is crucial to creating an effective food defense
environment in a facility. Some comments agree with our proposed
training approach, and other comments request changes. After
considering the comments, we have changed the training requirements by
creating a new section, Sec. 121.4 (Qualifications of Individuals Who
Perform Activities Under Subpart C), which replaces Sec. 121.160 and
defining the term ``qualified individual'' in Sec. 121.3. In summary,
the final rule requires all individuals who perform activities under
Subpart C to be qualified through training or job experience or a
combination thereof. Individuals and their supervisors at actionable
process steps are required to take food defense awareness training and
individuals who prepare the food defense plan, conduct a vulnerability
assessment, identify and explain mitigation strategies and perform
reanalysis must have successfully completed training for the specific
activity at least equivalent to that received under a standardized
curriculum recognized as adequate by FDA or be otherwise qualified
through job experience to conduct the activities.
Section 121.4 requires that individuals performing activities under
Subpart C have certain qualifications that vary based on the activity
performed. Section 121.4(a) requires that you ensure that each
individual who performs activities required under Subpart C is a
qualified individual. A qualified individual is ``a person who has the
education, training, or experience (or a combination thereof) necessary
to perform an activity required under Subpart C, as appropriate to the
individual's assigned duties. A qualified individual may be, but is not
required to be, an employee of the establishment'' (Sec. 121.3). See
section IV.C.4 for further discussion of this definition. Section
121.4(b) requires that each individual assigned to an actionable
process step (including temporary and seasonal personnel) or in the
supervision thereof must (1) be a qualified individual and (2) receive
training in food defense awareness. Section 121.4(c) requires that each
individual assigned to (1) the preparation of the food defense plan,
(2) the conduct of a vulnerability assessment, (3) the identification
and explanation of the mitigation strategies, or (4) the reanalysis of
the food defense plan must be a qualified individual and have
successfully completed training for the specific activity at least
equivalent to that received under a standardized curriculum recognized
as adequate by FDA or be otherwise qualified through job experience to
conduct the activities. Job experience may qualify an individual to
perform any of the activities listed previously if such experience has
provided an individual with knowledge at least equivalent to that
provided through the standardized
[[Page 34209]]
curriculum. Section 121.4(d) requires that responsibility for ensuring
compliance by individuals with the requirements be clearly assigned to
supervisory personnel with adequate qualifications to supervise the
activities. Section 121.4(e) requires that the training required by
Sec. 121.4(b) and (c) must be documented in records that include the
date of the training, the type of training, and the person trained, and
must be established and maintained in accordance with the requirements
of subpart D.
In the following paragraphs, we discuss comments that respond to
our request for comment regarding the proposed training requirement and
comments that request changes to the training requirement as proposed.
(Comment 97) Some comments assert that FDA should require
facilities to conduct food defense awareness training for all employees
and not just for employees and supervisors who work at actionable
process steps. Some comments indicate that, since food defense is a new
area of regulation, that training to increase general awareness by all
employees would be a useful requirement in gaining familiarity with the
risk and mitigation of intentional adulteration. Some comments state
that food defense awareness training for all employees is fundamental
for creating a food defense culture at a facility and may be the
critical element for preventing a successful attack. Alternatively,
some comments state that expanding the food defense awareness training
requirement to all employees will not advance food defense and could
create a generalized approach that may diminish the ability of the
facility to effectively train personnel who have significant roles in
implementing food defense requirements. Some comments state that the
cost of requiring training of all employees would be overly burdensome.
(Response 97) Although we agree that food defense awareness
training would be useful for all employees, we believe that the best
use of training resources for industry would be to focus the
requirement for food defense awareness training on personnel who are
assigned to an actionable process step. We do not believe it is
necessary to require that facilities provide all employees with
awareness training to significantly minimize or prevent significant
vulnerabilities. Although we disagree that training all employees could
diminish the ability of a facility to effectively train personnel, we
agree that concentrating awareness training on certain individuals is
less burdensome than a general training requirement. We believe it is
the best use of resources to train individuals at actionable process
steps in food defense awareness because that is where intentional
adulteration, when intended to cause wide scale public health harm, is
most likely to occur. Our food defense guidance includes options for
increasing general awareness of food defense throughout a facility by
incorporating the importance of food defense procedures into routine
facility communications, such as brochures, staff meetings, or payroll
stuffers. We recommend that facilities encourage all employees to
report unusual or suspicious individuals or activities to management.
In addition to requiring food defense awareness training for
certain individuals, the rule requires that each individual who
performs activities required by subpart C be a qualified individual as
that term is defined in Sec. 121.3. In addition, the rule requires
individuals performing certain activities, including the preparation of
the food defense plan or the conduct of a vulnerability assessment, to
have successfully completed training for the specific activity at least
equivalent to that received under a standardized curriculum recognized
as adequate by FDA or be otherwise qualified through job experience to
conduct the activities.
(Comment 98) Some comments express a need for advanced food defense
training requirements for individuals conducting higher level food
defense activities such as food defense coordinators, individuals who
prepare, monitor, verify, or conduct corrective actions associated with
food defense plans, managers or quality control personnel or personnel
who would be responsible for identification of appropriate mitigation
strategies. Some comments assert that these food defense activities
require specialized knowledge that would not be covered in food safety
training and that qualified individuals should perform these higher
level functions.
(Response 98) We agree with these comments and are requiring that
each individual engaged in activities in subpart C must be a qualified
individual with the appropriate education, training, or experience (or
a combination thereof) to perform the activity. Further, the rule
requires increased qualifications for individuals responsible for
higher level activities, such as preparation of the food defense plan,
conducting a vulnerability assessment, identifying and explaining
mitigation strategies, and reanalysis (Sec. 121.4(c)). These
individuals must have the appropriate education, training, or
experience (or a combination thereof) necessary to properly perform
their assigned activities and have successfully completed training at
least equivalent to that received under a standardized curriculum
recognized as adequate by FDA or be otherwise qualified through job
experience to conduct the activities. Job experience may qualify an
individual to perform these functions if such experience has provided
an individual with knowledge at least equivalent to that provided
through the standardized curriculum. We believe the activities listed
previously require an additional level of expertise and training than
other activities required under subpart C and, therefore, FDA is
establishing a standardized curriculum for training which individuals
performing these activities must successfully complete (or be otherwise
qualified through job experience). This approach is consistent with the
PCHF final rule, where additional food safety training is required for
individuals who prepare or oversee preparation of the food safety plan,
including conducting the hazard analysis (21 CFR 117.126(a)(2)).
We anticipate that the standardized curriculum for activities other
than the conduct of a vulnerability assessment will be an approximately
4-hour training that will cover food defense awareness and food defense
planning components such as preparing, implementing, and reanalysis of
a food defense plan and selecting and explaining mitigation strategies.
We plan for the training to be available online.
The training for conducting or overseeing a vulnerability
assessment will require in-depth analysis of the functional and thought
processes required to properly characterize significant vulnerabilities
associated with a facility's points, steps, or procedures and the
identification of actionable process steps. The process of conducting a
vulnerability assessment may be new to much of the industry and the
training will take this into consideration. The standardized curriculum
for conducting a vulnerability assessment will need to cover each
required component of the vulnerability assessment and provide enough
information for an individual to calibrate their decision making based
on the scientific analysis required by a vulnerability assessment. We
believe that the curriculum designed for this activity will require
multiple days and may be best offered in person. Based on the
vulnerability assessment method chosen, the length of the standardized
curriculum may vary, for example if a
[[Page 34210]]
facility is using the key activity types the training could be shorter.
Finally, with regard to comments that suggest that individuals who
prepare, monitor, verify, or conduct corrective actions associated with
food defense plans receive specialized training, we agree that
individuals responsible for these activities should be qualified
individuals and may need training to perform such activities. However,
we are not standardizing a curriculum for such training and realize
that individuals may be qualified through education or experience to do
these activities because these concepts are not completely unique to
food defense planning and analogous food safety concepts have been in
routine practice in many food facilities for the purpose of food safety
plans and/or HACCP approaches.
(Comment 99) Some comments state that food defense awareness
training should be recognized as a beneficial mitigation strategy
within food defense plans to create heightened awareness and that this
training can be used to address intentional contamination including
insider threats. Other comments state that the only requirement for
food defense should be training and that any requirements beyond this
approach are not necessary.
(Response 99) We agree that food defense awareness training for
employees and supervisors assigned to actionable process steps would
increase awareness and could assist with recognizing or thwarting an
insider threat; however, the training alone will not protect the food
at that actionable process step. It is the properly implemented
mitigation strategies, which are designed to reduce the significant
vulnerability at that step, which would protect the food against
intentional adulteration.
(Comment 100) Some comments recommend that FDA set a requirement
for periodic retraining, and some comments suggest the training
requirement should specify training intervals such as during an
employee ``onboarding'' process and periodically thereafter or when
significant changes are made to the food defense plan. One comment did
not request a requirement for retraining but stated that it should be
understood that education and training are not a one-time occurrence.
One comment asked for flexibility for training and retraining
frequencies so a facility can take into account facility size,
environment, seasonality of employees, and other circumstances.
(Response 100) We agree that training should not be a one-time
occurrence and believe that by defining ``qualified individual'' in
terms of an ability to perform assigned responsibilities we have
provided the flexibility for firms to consider relevant factors in
determining how often to perform training. Individuals conducting
activities under subpart C must be qualified to successfully implement
the food defense measures contained in the food defense plan. If the
food defense plan changes, because of a production change resulting in
a mitigation strategy change, for example, employees and supervisors
may need retraining if their responsibilities under subpart C change.
Also, retraining may be needed as a component of corrective action. For
example, if during the course of monitoring a facility determines that
certain mitigations strategies are not being implemented consistently
or appropriately, a component of the corrective action may be to
retrain the responsible staff and their supervisors. To ensure that
employees remain qualified to perform their duties under subpart C,
facilities will need to retrain employees when the food defense plan
changes and when a problem has been identified that training would
address.
(Comment 101) Some comments commend FDA on the development of a
broad range of free training materials that will be efficient and
useful to meet training requirements. Some comments suggest updating
and expanding these trainings to include options for free,
downloadable, and customizable materials to reach a broad range of
cultural and language groups, and to include information on how to
protect food defense-related documents. One comment recommends that FDA
update all of its food defense resources to reflect the requirements
ultimately included in this final rule. One comment suggests that FDA
develop a ``train-the-trainer'' course that could be effectively
utilized by industry to equip management of food companies with the
training materials needed to comply with the training requirements.
(Response 101) We agree that many of our trainings and other
resources will assist industry in complying with this rule. However, we
recognize that many of our existing materials will need to be updated
to reflect the provisions of the rule and new training materials will
need to be developed. We intend to update our training materials to
provide an option to comply with the food defense awareness training
requirement, and we will be developing a standardized curriculum for
training in accordance with the requirements of Sec. 121.4(c). We
anticipate the standardized content of the training will be modular,
with certain modules varying based on the difficulty and skill level of
the activity being performed, with the vulnerability assessment
training module being the most in-depth and lengthy (See Comment 80 and
Comment 81).
The training for individuals and supervisors assigned to actionable
process steps may require facility-specific information for proper
implementation of the mitigation strategy or strategies and, therefore,
will need to be developed and administered on the job and will not be
developed by FDA.
We will continue to provide food defense training and other
materials in as many formats as resources allow, such as online, DVD,
and hard copy. FDA currently has some food defense materials in
languages other than English, but will work as we are able towards
translating more materials in other languages to reach a broader
audience.
In response to the development of a ``train the trainer'' course to
assist management with meeting the training requirements of this rule,
we interpret this comment to mean that we should offer materials so
that companies can deliver their own food defense awareness training.
Since the requirement for awareness training has inherent flexibility,
facilities can deliver their own food defense awareness trainings. We
believe the training tools and resources that we intend to update,
based on the requirements of this rule, will assist facility management
with gaining knowledge necessary for delivering food defense awareness
training, and we intend to explore the development of a ``train the
trainer'' in consultation with the alliance to meet the needs of the
standardized curriculum requirements.
(Comment 102) Some comments request that FDA support the
development and distribution of educational and training resources to
assist very small facilities exempt from the rule with voluntary
compliance. Some comments request that FDA clarify how it will work
with retail stakeholders to strengthen education and training for
retail facilities that want to take voluntary food defense risk
reduction measures.
(Response 102) FDA offers free tools and food defense awareness
training, as well as guidance, that we intend to update based on the
final requirements which should assist non-covered entities, such as
those at the retail level, who wish to voluntarily comply with the
final provisions of this rule.
(Comment 103) Some comments support the food defense awareness
[[Page 34211]]
training requirement but ask that FDA keep the requirement flexible and
make clear that online training or other non-FDA developed trainings
are acceptable. One comment asked us to state whether the ``Food
Defense 101'' training released in 2013 by FDA is the preferred
resource for employee awareness training. Some comments state that it
might not be possible to provide the same type of training to all staff
at various levels, and that it should be up to the facility to
determine which training to provide to which staff, based on their food
defense responsibilities.
(Response 103) We agree with the need to avoid rigid requirements
with respect to training content for food defense awareness. We
recognize that many food defense awareness trainings exist and may
already be utilized at facilities, and mandating specific content in
trainings may lead to redundancy and additional cost. We intend to
update our ``Food Defense 101, Food Defense Awareness for the Front-
line Employee'' training such that it would satisfy the requirement for
food defense awareness training; however, it is not the only acceptable
training. In addition, we believe that there are several existing
trainings that would be acceptable for other activities that may
require training such as food defense monitoring, food defense
corrective actions, and food defense verification.
(Comment 104) Some comments recommend that, because food defense is
a new and evolving area, and because this regulation will be the first
of its kind worldwide, training and education need to occur at many
levels to effectively implement this rule. These comments state that
FDA must provide significant outreach and education to both industry
and State regulatory Agencies with jurisdiction over the production of
human food. These comments emphasize that FDA and State and local
inspection personnel will need significant training in conducting food
defense inspections and that training developed for FDA investigators
should be extended to State and local governments as well as industry
to help food facilities understand what is expected and how compliance
will be determined.
(Response 104) We appreciate these comments regarding consistency
of training between industry and Federal, State, local and tribal
regulators, and we agree that this is a novel area of regulation that
could benefit from alignment of training between the regulated industry
and its regulators. We have addressed the issue of training for the
purposes of inspection and compliance in section III.D, but in general,
FDA is still in the process of assessing its training needs for
inspection and enforcement of this rule.
(Comment 105) Some comments state that Alliances have been
successfully used to support implementation of other national
requirements, including other FSMA rules, using a partnership model.
These comments recommend that FDA consider formation of an Alliance
structure for the area of food defense as well. Comments state that
Alliances, made up of State and local public health professionals,
State and local public health associations, and industry can play an
important role in information sharing and outreach and a formal
Alliance for food defense is the best way to accomplish the development
of standardized food defense training content and effective training
tools and resources.
(Response 105) We agree with these comments and have funded the
establishment of an Intentional Adulteration Subcommittee under the
existing Food Safety Preventive Controls Alliance. We intend to
leverage the expertise of State and local public health professionals,
State and local public health associations, and industry associations
to develop the standardized curriculum needed to meet the training
requirement.
(Comment 106) Some comments suggest that FDA establish a technical
assistance office based out of the Center for Food Safety and Applied
Nutrition (CFSAN) that can answer queries, provide guidance, and
release information consistently to both regulators and the covered
industry to assist with educating industry and regulators.
(Response 106) FDA has established a FSMA Technical Assistance
Network (TAN) to provide technical assistance to industry, regulators,
academia, consumers, and others regarding FSMA implementation.
Inquiries are answered by FDA Information Specialists or Subject Matter
Experts, based on the complexity of the question. To find out more
about the FSMA TAN please visit https://www.fda.gov/food/guidanceregulation/fsma/ucm459719.htm.
(Comment 107) Some comments request funding from FDA for the
training of State, local, tribal, and territorial regulators.
(Response 107) Funding associated with training State, local,
tribal, and territorial regulators is outside the scope of this rule.
(Comment 108) One comment asserts that training and compliance
incentives must be available at the same time the final regulation is
released to give facilities time to learn about, build, and deploy an
effective implementation plan.
(Response 108) It is unclear what is meant by training and
compliance incentives, but we have established extended compliance
dates to allow facilities the time necessary to comply with this
training requirement. See section VIII for information on compliance
dates.
(Comment 109) One comment suggests that FDA should mandate training
on a ``code of ethics'' to prevent economically motivated adulteration.
(Response 109) Acts of intentional adulteration for the purpose of
economic gain, i.e., economically motivated adulteration, are outside
the scope of the rule and are addressed in the preventive controls for
human food rule (80 FR 55907 at 56028-56029) and the preventive
controls for animal food final rule (80 FR 56170 at 56244-56246).
VI. Subpart D: Comments on Requirements Applying to Records That Must
Be Established and Maintained
We proposed to establish in subpart D requirements that would apply
to all records that would be required by the various provisions of
proposed part 121, including general requirements related to the
content and form of records, additional requirements specific to the
food defense plan, requirements for record retention, requirements for
official review of records by FDA, and public disclosure.
Some comments generally support requiring records to demonstrate
that a food defense plan has been created, is functioning, and is being
monitored. However, many comments disagreed with some of the specific
requirements that we proposed. In the following paragraphs, we discuss
comments that ask us to clarify the proposed requirements, disagree
with, or suggest one or more changes to the proposed requirements.
A. Proposed Sec. 121.301--Records Subject to the Requirements of This
Subpart D
We proposed that all records required by proposed subpart C (Food
Defense Measures) are subject to all requirements of this subpart
except that the requirements of Sec. 121.310 apply only to the written
food defense plan. We received no comments on this section and are
finalizing as proposed.
B. Proposed Sec. 121.305--General Requirements Applying to Records
We proposed that the records must (1) be kept as original records,
true copies, or electronic records (and that electronic records must be
kept in accordance with
[[Page 34212]]
part 11 (21 CFR part 11)); (2) contain the actual values and
observations obtained during monitoring; (3) be accurate, indelible,
and legible; (4) be created concurrently with performance of the
activity documented; (5) be as detailed as necessary to provide history
of work performed; and (6) include the name and location of the plant
or facility, the date and time of the activity documented, the
signature or initials of the person performing the activity, and, where
appropriate, the identity of the product and the production code, if
any. In the following paragraphs, we discuss comments that ask us to
clarify the proposed requirements or that disagree with, or suggest one
or more changes to, the proposed requirements.
(Comment 110) Several comments express concern over the proposed
requirement that all electronic records be kept in accordance with part
11 and request that FDA exempt electronic records under part 121 from
compliance with part 11. Comments argue that while some of the larger
companies may have the technologies in place to comply with part 11,
many of the covered facilities do not. These comments assert that
compliance with part 11 would create the need to redesign and recreate
existing systems, thus leading to considerable cost, which was not
taken into account in the cost analysis in the preliminary regulatory
analysis for the proposed rule. The comments go on to point out that we
do not impose these requirements for recordkeeping requirements imposed
under section 414 of the FD&C Act, and that this requirement is an
added burden and expense that does not have any added benefit to public
health.
(Response 110) The final rule does not require compliance with part
11 (Sec. 121.305 (a)). Similar to the PCHF final rule, we are making a
conforming change in part 11 to specify in new Sec. 11.1(o) that part
11 does not apply to records required to be established or maintained
under part 121, and that records that satisfy the requirements of part
121, but that also are required under other applicable statutory
provisions or regulations, remain subject to part 11. Although we are
not specifying that part 11 applies, facilities should take appropriate
measures to ensure that records are trustworthy, reliable, and
generally equivalent to paper records and handwritten signatures
executed on paper.
(Comment 111) One comment asserts that while it is common for
certain records to be created concurrently with performance of the
activity, some records may require more time for writing, reviewing,
editing, or approving. The comment requests that we provide for the
creation of records ``in a timely manner following performance of the
activity,'' rather than ``concurrently with performance of the
activity.''
(Response 111) We decline this request. The comment did not provide
any specific examples of activities where concurrent record creation
would prove difficult, and we are not aware of any such circumstance.
For example, we are not aware of any difficulty complying with
longstanding similar requirements associated with our HACCP regulations
for seafood and juice (see Sec. Sec. 123.9(a)(4) and 120.12(b)(4),
respectively).
(Comment 112) Some comments assert that for certain production and
associated activities documenting the time of activity is not
necessary. Specific examples cited include equipment setup,
verification of equipment setup, charging an ingredient into a blender,
and weighing material for process yield and reconciliation purposes.
These comments ask us to modify the proposed requirements so that the
records would only be required to include the time of the activity
where appropriate for food defense.
(Response 112) The recordkeeping requirements in the rule only
apply to records required by subpart C (Food defense measures). It is
not clear that all of the activities specified by the comments relate
to food defense measures and therefore are subject to the recordkeeping
requirements in the rule. For records that are required, we agree that
documenting the time of the activity is not always necessary. The rule
requires that records must contain ``when appropriate, the time of the
activity documented'' (Sec. 121.305(f)(2)). Monitoring records are an
example of when documenting the time of the activity is appropriate
because monitoring records are used to determine if a particular
mitigation strategy is properly implemented. Without documenting the
time the monitoring was conducted, a facility cannot identify patterns
over time as to the mitigation strategy's implementation and whether
appropriate corrective actions were being made. For mitigations
strategies that are not time-dependent (e.g., permanent equipment
changes to reduce access to the product, such as permanently affixing a
shield to the rotating air drying to prevent access to the food at the
point where product is introduced into the dryer from the pneumatic
conveyance), facilities are not required to document the time the
activity was performed.
(Comment 113) Some comments express concern that we will require
records to be kept in English. These comments ask us to limit the
documents that must be written in English to reduce translation and
records duplication. These comments ask that records related to
verification and monitoring should be allowed to be written in
languages other than English.
(Response 113) The rule does not require that any records be kept
in English.
(Comment 114) One comment seeks clarification on whether the use of
checklist-type forms to document monitoring observations would satisfy
the requirement in Sec. 121.305(b) that records contain actual values
and observations obtained during monitoring. The comment argues that
properly developed checklists will allow monitoring records to be
accurate, indelible, and legible as required in Sec. 121.305(c) and
will lessen the recordkeeping burden. For example, monitoring a
mitigation strategy such as adequate lighting at the truck unloading
bay could be recorded as a ``yes'' or ``no'' by checking the
appropriate box on a checklist.
(Response 114) Although monitoring records must contain the actual
values and observations obtained during monitoring, facilities have
flexibility to tailor the amount of detail to the nature of the record
(Sec. 121.305(e)). Monitoring for adequate lighting at the truck
unloading bay could be recorded as ``yes'' or ``no'' in either a
narrative or checklist format. However, in the case of an improperly
implemented mitigation strategy, we would recommend that the facility
also document the extent to which the strategy was incorrectly applied,
because this information would support the identification of previously
written corrective actions that could be used to remedy the situation,
as well as provide context as to why the mitigation strategy failed in
this instance, which would be beneficial information for verification
activities. For example, if lighting in the bulk unloading bay was
insufficient, the monitoring document may record this instance as
``no'' in a checklist and also may note that half of the lights were
inoperative due to a circuit-breaker that failed. This information
would be helpful to facility management to determine whether the
mitigation strategy is consistently applied and appropriate to the
actionable process step in question. In this case, a faulty circuit
breaker would be replaced, thereby correcting the deviation in the
mitigation strategy. The mitigation strategy could still be determined
to be achieving its aim with
[[Page 34213]]
this corrective action. Alternatively, if monitoring records document
that the lighting was turned off by an employee, a different corrective
action may be required, such as retraining of the employee on the
importance of maintaining adequate lighting in the area. We note in
Response 83 that ensuring adequate lighting around an actionable
process step would generally be a mitigation strategy that must be used
in concert with other strategies to significantly reduce the likelihood
of, or prevent, successful acts of intentional adulteration at an
actionable process step.
C. Proposed Sec. 121.310--Additional Requirements Applying to the Food
Defense Plan
We proposed that the food defense plan must be signed and dated by
the owner, operator, or agent in charge of the facility upon initial
completion and upon any modification. We did not receive any comments
related to this section, and we are finalizing as proposed.
D. Proposed Sec. 121.315--Requirements for Record Retention
We proposed that (1) All required records must be retained at the
facility for at least 2 years after the date they were prepared; (2)
The food defense plan must be retained at the facility for at least 2
years after its use is discontinued; (3) Except for the food defense
plan, offsite storage of records is permitted after 6 months following
the date that the records were made if such records can be retrieved
and provided onsite within 24 hours of request for official review; and
(4) If the facility is closed for a prolonged period, the records may
be transferred to some other reasonably accessible location but must be
returned to the plant or facility within 24 hours for official review
upon request.
(Comment 115) One comment asserts that a 2-year retention period
for monitoring, corrective actions, and verification records for a
product with a short shelf life is unnecessary. The comment argues that
industry has been following record retention requirements in the
Seafood HACCP regulation which requires 1 year records retention for
refrigerated products and 2 years records retention for frozen,
preserved, or shelf-stable products and requests that we use the same
requirements in this rule.
(Response 115) We decline this request. The 2-year record retention
period is explicitly provided for by section 418(g) of the FD&C Act.
Further, shelf life is more relevant to record retention requirements
for the purpose of tracking potentially contaminated food than to
record retention requirements for the purpose of evaluating compliance
with this rule. Finally, 2 years is the same retention period as
required by the PCHF final rule.
(Comment 116) Some comments ask us to exercise flexibility
regarding the 2-year record retention requirement because the unique
nature of food defense activities and the technologies used in
protecting the food supply against intentional adulteration do not
typically allow for record retention for such a long period of time.
For example, several comments explain that records related to video
surveillance cannot be kept for 2 years because it is impractical;
industry practice is typically to keep video records for 30 days or
less. Comments argue that requiring 2-year retention of video records
would be very difficult and costly, and that FDA likely did not include
calculations for those added costs in our preliminary regulatory impact
analysis for the proposed rule.
(Response 116) The assertion that it is impractical for food
defense records cannot be kept for 2 years seems to reflect a
misunderstanding of the rule. The rule does not require maintaining
video surveillance footage for 2 years. Video surveillance used as part
of a mitigation strategy is not a monitoring record. If the video is
being sent to a security office for observation, the monitoring record
could be a log affirming that a security officer reviewed the video and
detected no abnormal activities. If the video is being watched by a
security officer in real time, the monitoring record could be the
timesheets of the security officer showing he was in the security
office performing his duties in observing the video feed.
(Comment 117) Some comments ask us to specify our expectations for
record availability and allow companies the flexibility in using
technology to meet those expectations. The comments explain that many
companies keep important records such as food defense plans at their
corporate headquarters or other central locations and not at individual
facilities but that the facilities can easily access those records
electronically if needed. The comments also assert that 6-month onsite
record retention requirement is arbitrary and that FDA should establish
a workable requirement that provides for the efficient storage and
retrieval of records in a timely manner. Some comments ask us to revise
the requirement so that records that can be retrieved and provided
onsite within 24 hours would be sufficient.
(Response 117) We have revised the provisions to provide for
offsite storage of all records (except the food defense plan), provided
that the records can be retrieved and made available to us within 24
hours of a request for official review. We expect that many records
will be electronic records that are accessible from an onsite location
and, thus, would be classified as being onsite (see Sec. 121.315(c)).
As a companion change, we have revised the proposed provision directed
to the special circumstance of storing records when a facility is
closed for prolonged periods of time so that it only relates to the
offsite storage of the food defense plan in such circumstances (see
Sec. 121.315(d)). Further, we require records that a facility relies
on during the 3-year period preceding the applicable calendar year to
support its status as exempt as a very small business must be retained
at the facility as long as necessary to support the status of a
facility as a very small business during the applicable calendar year
(see Sec. 121.315(a)(2)).
(Comment 118) One comment states that records and documentation
should not increase costs for farm-based operations, most of whom
operate as small businesses. They argue that these businesses already
maintain a variety of records but some do not have the technical or
financial resources available to maintain an electronic system for
records. The comment requests that FDA accept records in formats that
are not electronic.
(Response 118) To clarify, we did not propose to require that any
records must be kept in electronic format. In addition, this rule does
not apply to farms.
E. Proposed Sec. 121.320--Requirements for Official Review
We proposed that all records required by this part must be made
promptly available to a duly authorized representative of the Secretary
of Health and Human Services upon oral or written request. In the
following paragraphs, we discuss comments that ask us to clarify the
proposed requirements or that disagree with, or suggest one or more
changes to, the proposed requirements.
(Comment 119) Some comments assert that FDA investigators should
only review food defense plans on site and that we should not copy,
photograph, transmit, or take possession of food defense plans. These
comments assert that onsite review of records allows facility staff
that is familiar with the documents and recordkeeping
[[Page 34214]]
practices to answer any questions or provide clarification to the
investigator. Some comments state that we should make it clear that any
State investigators must follow the same policy and not copy,
photograph, transmit, or take possession of food defense plans. Other
comments assert that we should only take possession of food defense
plans for compliance reasons or in the event of an emergency or a
credible threat.
(Response 119) Some of the issues raised by these comments are
similar to issues raised by comments on the PCHF rule (see the
discussion at 80 FR 55908 at 56091) and seafood HACCP rule (see the
discussion at 60 FR 65096 at 65137-65140, December 18, 1995). During an
inspection, we expect that FDA investigators will determine whether to
copy records on a case-by-case basis as necessary and appropriate. It
may be necessary to copy records when, for example, our investigators
need assistance in reviewing a certain record from relevant experts in
headquarters. If we are unable to copy records, we would have to rely
solely on our investigators' notes and reports when drawing
conclusions. In addition, copying records will facilitate follow-up
regulatory actions. The public availability of any records that FDA
would possess as a result of copying during an inspection would be
governed by section 301(j) of the FD&C Act and by the Freedom of
Information Act (FOIA) and regulations issued pursuant to it by the
Department of Health and Human Services (DHHS) and FDA. Section 301(j)
of the FD&C Act expressly prohibits FDA from disclosing trade secret
information obtained during the course of an inspection. FDA's
disclosure regulations also provide that FDA will not divulge either
trade secret or confidential commercial information. See section VI.F.
for a further discussion of protecting food defense records from
disclosure.
(Comment 120) Some comments assert that FDA investigators should
not include details of food defense plans in the Establishment
Inspection Reports (EIR) Form 483 and that food defense information
should be kept separate from food safety information on FDA reports.
The comments argue that if investigators include food defense-related
noncompliance on an official report, that report could become public
and could increase the risk to public health by disclosing weak points
in a facility's food defense plan.
(Response 120) As we do now, FDA would redact any protected
information in an EIR or other document before publically releasing the
document. See section VI.F for further discussion of protecting food
defense records from disclosure.
(Comment 121) One comment asserts that section 106 of FSMA does not
give FDA express access to review food defense plans and that FSMA
indicates a Congressional intent to limit the distribution of certain
materials related to food defense.
(Response 121) The provisions in section 106 of FSMA concerning
limited distribution relate to the ability of the Secretary of HHS (and
by delegation, FDA) to limit the distribution of certain information
already in the Agency's possession. Specifically, section 420(a)(2) of
the FD&C Act authorizes FDA to determine the time, manner, and form in
which a vulnerability assessment is made publically available. Further,
section 420(b)(3) provides for FDA to determine the time, manner, and
form in which certain guidance documents are made public. The
provisions do not limit FDA's authority to access information in a
facility's possession, such as a food defense plan.
Further, the ability of FDA to review food defense plans is
necessary for the efficient enforcement of the FD&C Act. The rule
requires a food defense plan consisting of a written vulnerability
assessment, mitigation strategies, and procedures for food defense
monitoring, corrective actions, and verification. Access to food
defense plans is necessary for FDA to assess the adequacy of each of
these documents and determine compliance with the rule. For example, to
assess compliance with Sec. 121.130(a), FDA must review a facility's
vulnerability assessment to determine whether it includes an evaluation
of the potential public health impact if a contaminant were added, the
degree of physical access to the product, and the ability of an
attacker to successfully contaminated the product.
In addition to section 420 (added to the FD&C Act by section 106 of
FSMA), FDA is issuing this rule under the authority of section 418 of
the FD&C Act. Section 418 explicitly provides authority for FDA access
to certain documents. Under section 418, the required ``written plan,
together with the documentation of [monitoring, instances of
nonconformance, the results of testing and other appropriate means of
verification, instances where corrective actions were implemented, and
the efficacy of preventive controls and corrective actions] shall be
made promptly available to [FDA] upon oral or written request.''
(Comment 122) One comment asserts that neither section 103 nor 106
of FSMA expressly provide FDA with the authority to copy food defense
plans or records.
(Response 122) As we described in the seafood HACCP rule (60 FR
65096 at 65101, December 18, 1995), to effectuate the broad purposes of
the FD&C Act, there may be some circumstances in which access to the
records would be meaningless without the opportunity to copy them, and
therefore copying records is necessary for the efficient enforcement of
the FD&C Act. For further discussion of copying records, see response
to Comment 121.
F. Proposed Sec. 121.325--Public Disclosure
We proposed that records required by this part will be protected
from public disclosure to the extent allowable under part 20 of this
chapter. We received numerous comments expressing concern with
protecting food defense plans and records from public disclosure,
especially due to the sensitive nature of the content within a food
defense plan. One comment fully supports our proposal and believes
there is sufficient precedent and need to protect the sensitive
documents from public disclosure. In the following paragraphs, we
discuss comments that ask us to clarify the proposed requirements or
that disagree with, or suggest one or more changes to, the proposed
requirements.
(Comment 123) Some comments assert that food defense plans include
information that is commercial confidential or trade secret and,
therefore, should be exempt from disclosure under FOIA. The comments
argue that food defense plans may include information on a facility's
food defense-related measures and that disclosure of one facility's
food defense plan may adversely affect other facilities and companies
that may process similar foods or have similar processing procedures.
(Response 123) FDA protects records from disclosure under Exemption
4 of FOIA to the extent they contain ``trade secrets'' or ``commercial
or financial information obtained from a person and privileged or
confidential.'' The questions raised in these comments are similar to
some of the questions raised during the rulemaking to establish our
HACCP regulation for seafood (see the discussion at 60 FR 65096 at
65137-65140). Our experience in conducting CGMP inspections in
processing plants, our experience with enforcing our HACCP regulations
for seafood and juice, and our understanding from the Regulatory Impact
Analysis for this rule make it clear that food defense plans
[[Page 34215]]
will take each facility time and money to develop.
There is value in a plan to a company that produces it for no other
reason than that it took work to write. The equity in such a product is
not readily given away to competitors. We expect that plant
configurations will be unique to individual processors, or at least
have unique features, as was the case in the seafood industry (Ref.
16). While generic plans will have great utility in many circumstances,
they will serve primarily as starting points for facilities to develop
their own plans. Facilities will still need to expend time and money to
tailor a generic food defense plan to their individual circumstances.
Thus, we conclude that food defense plans generally will meet the
definition of trade secret, including the court's definition in Public
Citizen Health Research Group v. FDA, 704 F.2d 1280 (D.C. Cir. 1983).
(Comment 124) Some comments ask us to provide assurances that food
defense plans and related records will not be made public and assert
that protecting these documents from disclosure to the extent allowable
under part 20 may not be sufficient. They argue that food defense plans
are more sensitive than food safety plans because food defense plans
contain specifics on a facility's vulnerabilities and how they protect
those vulnerabilities, and as such, could provide a ``road map'' for
individuals intending to cause harm. These comments state that FDA
should be more protective of food defense plans and argue that due to
the sensitivity of information contained in food defense plans, it is
too risky to rely on FOIA exemptions alone.
(Response 124) We agree that food defense plans contains
information that presents sensitivities not likely to be present in
food safety plans. Exemption 7(F) of FOIA allows Agencies to withhold
``records or information compiled for law enforcement purposes . . . to
the extent that production of such law enforcement records or
information . . . could reasonably be expected to endanger the life or
physical safety of any individual.'' Food defense plans are likely to
meet the criteria to withhold them from disclosure under exemption
7(F). Food defense plans in FDA's possession would be compiled for law
enforcement purposes because they would be collected as part of
compliance efforts. Further, production of such records could
reasonably be expected to endanger life or physical safety.
Specifically, a food defense plan is likely to contain information that
could be used to identify weaknesses in a facility's security, to
choose targets, and to help plan and execute an attack involving
intentional adulteration.
(Comment 125) Some comments state that food defense plans could be
classified under Executive Order 13526 because their unauthorized
disclosure could reasonably be expected to cause identifiable or
describable damage to national security and because food defense plans
pertain to ``vulnerabilities or capabilities of systems, installations,
infrastructures, projects, plans, or protection services relating to
national security.'' These comments acknowledge that classifying food
defense plans would be cumbersome and access to the classified
documents would be extremely restricted and therefore, they recommend
that FDA implement a policy that FDA investigators not copy,
photograph, or transmit any food defense plan records or make detailed
notes about the food defense plans in the Establishment Inspection
Reports that could reveal sensitive information.
(Response 125) See response to Comment 124 for a discussion of FDA
handling of food defense plans. We note that FDA cannot classify food
defense plans under Executive Order 13526. That executive order
provides that information may be originally classified only if several
conditions are met, including that the information is owned by,
produced by or for, or is under the control of the U.S. Government. A
food defense plan that is developed by industry for use by industry is
not owned by, produced by or for, or under the control of, the U.S.
Government.
(Comment 126) One comment suggests that FDA only allow
investigators who have the appropriate national security credentials
(e.g., background checks, security clearances) to review the content of
a food defense plan. The comment asserts that this will help prevent
the risk of a sophisticated insider attack by a potential wrongdoer who
has infiltrated the Agency.
(Response 126) All FDA investigators and contracted State
investigators are required to undergo background checks by the Federal
government prior to employment and periodically thereafter. Food
defense plans are not classified, and therefore FDA investigators would
not need national security clearances.
(Comment 127) Some comments state that FDA should, at a minimum, be
aligned with and apply the same protection for food defense plans and
records required under this part as HACCP seafood and juice regulations
(see Sec. Sec. 123.9(d) and 120.12(f), respectively).
(Response 127) We disagree that the proposed provisions governing
public disclosure are not aligned with the public disclosure provisions
of our HACCP regulations for seafood and juice. Our regulations in part
20 regarding public information apply to all Agency records, regardless
of whether a particular recordkeeping requirement says so. In the
public disclosure provisions for our HACCP regulations for seafood and
juice, we provided specific details about how particular provisions in
part 20 (i.e., Sec. 20.61 (Trade secrets and commercial or financial
information which is privileged or confidential) and Sec. 20.81 (Data
and information previously disclosed to the public)) would apply to the
applicable records, because we recognized that such details were of
particular interest to the regulated industries and such recordkeeping
requirements were relatively new. In this rule, we framed the
provisions regarding public disclosure more broadly by referring to all
the requirements of part 20, consistent with our more recent approach
to public disclosure provisions in regulations (see e.g., 21 CFR
112.167, 117.325).
(Comment 128) Some comments assert that FDA should develop guidance
and training for industry on how to protect food defense-related
documents because industry is developing these documents to meet an FDA
requirement and has a potential to increase the risk to public health.
(Response 128) Our implementation of this rule will involve a
broad, collaborative effort to foster awareness and compliance through
guidance, education, and technical assistance. We agree that protection
of food defense plans--by FDA and by industry--is important; we plan on
including information within guidance for industry on best practices
for how to protect food defense plans.
G. Proposed Sec. 121.330--Use of Existing Records
We are adding new section Sec. 121.330 (Use of Existing Records)
to the final rule to increase recordkeeping flexibility. Section
121.330 specifies that existing records (e.g., records that are kept to
comply with other Federal, State, or local regulations) do not need to
be duplicated if they contain all of the required information and
satisfy the requirements of subpart D. Section 121.330 also provides
that existing records may be supplemented as necessary to include all
of the required information. Further, Sec. 121.330 clarifies that the
information required does not need to be kept in one set of records; if
existing records contain some of the required information, any new
[[Page 34216]]
information required may be kept either separately or combined with the
existing records.
VII. Subpart E: Comments on Compliance--Proposed Sec. 121.401
1. Proposed Sec. 121.401(a)--Failure To Comply With Section 418 of the
FD&C Act
We proposed that the operation of a facility that manufactures,
processes, packs, or holds food for sale in the United States if the
owner, operator, or agent in charge of such facility is required to
comply with, and is not in compliance with, section 418 of the FD&C Act
or subparts C or D of this part is a prohibited act under section
301(uu) of the FD&C Act.
We did not receive any comments on this provision, and we are
finalizing as proposed.
2. Proposed Sec. 121.401(b)--Failure To Comply With Section 420 of the
FD&C Act
We proposed that the failure to comply with section 420 of the FD&C
Act or subparts C or D of this part is a prohibited act under section
301(ww) of the FD&C Act.
We did not receive any comments on this provision, and we are
finalizing as proposed.
VIII. Effective and Compliance Dates
We proposed the effective date would be 60 days after this final
rule is published. However, we proposed for a longer timeline for
facilities to come into compliance. As proposed, facilities, other than
small and very small businesses, would have 1 year after the effective
date to comply with part 121. Small businesses (i.e., those employing
fewer than 500 persons) would have 2 years after the effective date to
comply with part 121. Very small businesses (i.e., businesses that have
less than $10,000,000 in total annual sales of food, adjusted for
inflation) would have 3 years after the effective date to comply with
Sec. 121.5(a).
Some comments express concern that facilities will not have the
time or resources to implement requirements for the intentional
adulteration rule at the same time they must comply with other FSMA
rules. Some comments also state that more time is necessary to comply
with this rule because food defense is different from current
requirements for food safety. These comments request additional time
for compliance.
We agree with the comments and are providing more time for
facilities to come into compliance. Facilities, other than small and
very small businesses, have 3 years after the effective date to comply
with part 121. Small businesses (i.e., those employing fewer than 500
full-time equivalent employees) have 4 years after the effective date
to comply with part 121. Very small businesses (i.e., businesses that
have less than $10,000,000, adjusted for inflation, per year, during
the 3-year period preceding the applicable calendar year in both sales
of human food plus the market value of human food manufactured,
processed, packed, or held without sale) have 5 years after the
effective date to comply with Sec. 121.5(a).
IX. Executive Order 13175
In accordance with Executive Order 13175, FDA has consulted with
tribal government officials. A Tribal Summary Impact Statement has been
prepared that includes a summary of Tribal officials' concerns and how
FDA has addressed them (Ref. 17). Persons with access to the Internet
may obtain the Tribal Summary Impact Statement at https://www.fda.gov/Food/GuidanceRegulation/FSMA/ucm378628 or at https://www.regulations.gov. Copies of the Tribal Summary Impact Statement also
may be obtained by contacting the person listed under FOR FURTHER
INFORMATION CONTACT.
X. Final Regulatory Impact Analysis
We have examined the impacts of the final rule under Executive
Order 12866, Executive Order 13563, the Regulatory Flexibility Act (5
U.S.C. 601-612), and the Unfunded Mandates Reform Act of 1995 (Pub. L.
104-4). Executive Orders 12866 and 13563 direct Agencies to assess all
costs and benefits of available regulatory alternatives and, when
regulation is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health and safety, and other advantages; distributive impacts; and
equity). We have developed a comprehensive Economic Analysis of Impacts
that assesses the impacts of the final rule. We believe that this final
rule is a significant regulatory action under Executive Order 12866.
The Regulatory Flexibility Act requires us to analyze regulatory
options that would minimize any significant impact of a rule on small
entities. The annualized costs per entity due to this rule are about
$13,000 for a one-facility firm with 100 employees, and there are about
4,100 small businesses that would be affected by the rule, so we
tentatively conclude that the final rule could have a significant
economic impact on a substantial number of small entities.
The Small Business Regulatory Enforcement Fairness Act of 1996
(Pub. L. 104-121) defines a major rule for the purpose of congressional
review as having caused or being likely to cause one or more of the
following: An annual effect on the economy of $100 million or more; a
major increase in costs or prices; significant adverse effects on
competition, employment, productivity, or innovation; or significant
adverse effects on the ability of U.S.-based enterprises to compete
with foreign-based enterprises in domestic or export markets. In
accordance with the Small Business Regulatory Enforcement Fairness Act,
the Office of Management and Budget (OMB) has determined that this rule
is a major rule for the purpose of Congressional review.
The Unfunded Mandates Reform Act of 1995 (section 202(a)) requires
us to prepare a written statement, which includes an assessment of
anticipated costs and benefits, before proposing ``any rule that
includes any Federal mandate that may result in the expenditure by
State, local, and tribal governments, in the aggregate, or by the
private sector, of $100,000,000 or more (adjusted annually for
inflation) in any one year.'' The current threshold after adjustment
for inflation is $144 million, using the most current (2014) Implicit
Price Deflator for the Gross Domestic Product. This final rule may
result in a 1-year expenditure that would meet or exceed this amount.
XI. Paperwork Reduction Act of 1995
This rule contains information collection requirements that are
subject to review by the OMB under the Paperwork Reduction Act of 1995
(PRA) (44 U.S.C. 3501-3521). A description of these provisions is given
in this section with an estimate of the annual reporting and
recordkeeping burden; there is no third-party disclosure burden
associated with the information collection. Included in the estimate is
the time for reviewing instructions, searching existing data sources,
gathering and maintaining the data needed, and completing and reviewing
each collection of information.
Title: Mitigation Strategies to Protect Food Against Intentional
Adulteration
Description: The Food and Drug Administration (FDA or we) is
requiring domestic and foreign food facilities that are required to
register under the Federal Food, Drug, and Cosmetic Act to address
hazards that may be introduced with the intention to cause wide scale
public health harm. These food facilities are required to identify and
implement mitigation strategies that significantly minimize or prevent
significant
[[Page 34217]]
vulnerabilities identified at actionable process steps in a food
operation. FDA is promulgating these requirements as part of our
implementation of the FDA Food Safety Modernization Act (FSMA). We
expect the rule to help protect food from acts of intentional
adulteration intended to cause wide scale public health harm.
Description of Respondents: Respondents to the collection are food
production facilities with more than $10 million in annual sales. We
estimate there are 9,759 such facilities owned by 3,247 firms. We
estimate there are 18,080 facilities with less than $10 million in
annual sales that will need to show documentation of their exemption
status under the rule, upon request.
In the Federal Register of December 24, 2013, FDA published a
proposed rule including a PRA analysis of the information collection
provisions found in the regulations. While FDA did not receive specific
comments in response to the four information collection topics
solicited, comments in response to the rule are addressed elsewhere in
this document. Comments filed in response to the rulemaking are filed
under Docket No. FDA-2013-N-1425.
We estimate the burden for this information collection as follows:
Reporting: The rule does not apply to very small businesses, except
that ``a very small business'' is required to provide for official
review, upon request, documentation that was relied upon to demonstrate
that the facility meets this exemption. At this time we estimate there
are 18,080 firms with less than $10 million in annual sales, exempting
them from the rule. However, these facilities must show documentation
upon request to verify their exempt status under the regulations (Sec.
121.5(a)). We estimate preparing and updating relevant files will
require an average of 30 minutes per respondent for a total annual
burden of 9,040 hours (30 minutes x 18,080), as reflected in table 4.
Table 4--Estimated Annual Reporting Burden \1\
--------------------------------------------------------------------------------------------------------------------------------------------------------
Number of
21 CFR Section; activity Number of responses per Total annual Average burden per Total hours
respondents respondent responses response
--------------------------------------------------------------------------------------------------------------------------------------------------------
Sec. 121.5; Exemption for food from very small businesses........ 18,080 1 1 0.50 (30 minutes) 9,040
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ There are no capital costs, or operating and maintenance costs associated with this collection.
Recordkeeping: Under the rule, the owner, operator, or agent in
charge of a facility must prepare, or have prepared, and implement a
written food defense plan, including a written vulnerability
assessment; written mitigation strategies; written procedures for
defense monitoring; written procedures for food defense corrective
actions; and written procedures for food defense verification. Table 5
shows the estimated recordkeeping burden associated with these
activities, totaling 2,515,258 annual burden hours and 409,486 annual
responses. This is a revision from our previous estimate, reflecting a
slight decrease in burden hours as a result of finalizing regulatory
requirements from the proposed rule and revising the number of
estimated respondents.
Table 5--Estimated Annual Recordkeeping Burden \1\
----------------------------------------------------------------------------------------------------------------
Number of Total
21 CFR Section; activity Number of records per annual Average burden per Total hours
recordkeepers recordkeeper records recordkeeping
----------------------------------------------------------------------------------------------------------------
Food Defense Plan; Sec. 121.126 3,247 1 3,247 23 hrs............. 74,681
Vulnerability Assessment; Sec. 9,759 1 9,759 20 hrs............. 195,180
121.130.
Mitigation Strategies; Sec. 9,759 1 9,759 20 hrs............. 195,180
121.135(b).
Monitoring, Corrective Actions, 9,759 1 9,759 175 hrs............ 1,707,825
Verification; Sec. 121.140(a),
Sec. 121.145(a)(1), Sec.
121.150(b).
Training; Sec. 121.4........... 367,203 1 367,203 0.67 hrs. (40 244,802
minutes).
Records; Sec. 121.305, Sec. 9,759 1 9,759 10 hrs............. 97,590
121.310.
------------------------------------------------------------------------------
Total........................ .............. .............. 409,486 ................... 2,515,258
----------------------------------------------------------------------------------------------------------------
\1\ Costs of compliance are discussed in the Final Regulatory Impact Analysis to this final rule.
We estimate 3,247 firms will need to create a food defense plan
under Sec. 121.126, that a one-time burden of 50 hours will be needed
to create such a plan, and that a burden of 10 hours will be required
to update the plan. We annualize this estimate by dividing the total
number of burden hours (70 hours) over a 3-year period, as reflected in
table 5, row 1.
Under Sec. 121.130, each of the estimated 9,759 food production
facilities will identify and specify actionable process steps for its
food defense plan. We estimate that an individual at the level of an
operations manager will need 20 hours for this activity, as reflected
in table 5, row 2. At the same time we note that this is a one-time
burden we expect will have been realized upon implementation of the
rule by the affected facilities. In our subsequent evaluation of the
burden associated with this information collection provision, we will
adjust our estimate accordingly.
Under Sec. 121.135(b), each of the estimated 9,759 facilities must
identify and implement mitigation strategies for each actionable
process step to provide assurances that any significant vulnerability
at each step is significantly minimized or prevented, ensuring that the
food manufactured, processed, packed, or held by the facility will not
be adulterated. The rule does not specify a specific number or set of
mitigation strategies to be implemented. Some of the covered facilities
are already implementing mitigation strategies. We estimate it will
require an average of 20 hours per facility to satisfy the
recordkeeping burden associated with these activities for a total of
195,180 hours, as reflected in table 5, row 3.
We estimate that the recordkeeping activities associated with
monitoring,
[[Page 34218]]
documenting mitigation strategies, implementing necessary corrective
actions, and verification activities will require first-line
supervisors or others responsible for quality control an average of 175
hours for each recordkeeper, and that these provisions apply to each of
the 9,759 facilities. This results in a total of 1,707,825 annual
burden hours, as reflected in table 5, row 4.
We estimate that recordkeeping activities associated with training
under Sec. 121.4 total 244,802 annual burden hours, as reflected in
table 5, row 5. This figure assumes that there are an estimated 1.2
million employees working at the regulated facilities and that 30
percent of them (367,203) will require training. This figure also
assumes that the average burden for the associated recordkeeping
activity is approximately 40 minutes (or 0.67 hours) per record.
Finally, we expect each of the estimated 9,759 firms will fulfill
the recordkeeping requirements under Sec. 121.305 and Sec. 121.310,
and that it will require the equivalent of an operations manager and a
legal analyst an average of 5 hours each (10 hours) per record, as
reflected in table 5, row 6.
XII. Analysis of Environmental Impact
We previously considered the environmental effects of this rule, as
stated in the proposed rule (78 FR 78014). We stated that we had
determined under 21 CFR 25.30(h) and 21 CFR 25.30(j) that this action
is of a type that does not individually or cumulatively have a
significant effect on the human environment such that neither an
environmental assessment nor an environmental impact statement is
required. We have not received any new information or comments that
would affect our previous determination (Ref. 18).
XIII. Federalism
FDA has analyzed this final rule in accordance with the principles
set forth in Executive Order 13132. FDA has determined that the rule
does not contain policies that have substantial direct effects on the
States, on the relationship between the National Government and the
States, or on the distribution of power and responsibilities among the
various levels of government. Accordingly, the Agency has concluded
that the rule does not contain policies that have federalism
implications as defined in the Executive order and, consequently, a
federalism summary impact statement is not required.
XIV. References
The following references are on display in the Division of Dockets
Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane,
Rm. 1061, Rockville, MD 20852, and are available for viewing by
interested persons between 9 a.m. and 4 p.m., Monday through Friday;
they are also available electronically at https://www.regulations.gov.
FDA has verified the Web site addresses, as of the date this document
publishes in the Federal Register, but Web sites are subject to change
over time.
1. FDA Memorandum. ``FDA Memorandum to Dockets on Records of
Outreach. See Reference 7 to the 2014 supplemental human preventive
controls notice,'' 2013.
2. FDA Memorandum. ``Memoranda of Outreach,'' 2015.
3. FDA. ``Appendix 3 to the Final Qualitative Risk Assessment: Risk
of Activity/Food Combinations for Activities (Outside the Farm
Definition) Conducted in a Facility Co-Located on a Farm,'' 2016.
4. Avel, D., ``ISIS Calls for Poisoning and Running Down
Westerners.'' The Algemeiner (https://www.algemeiner.com/2014/11/28/isis-calls-for-poisoning-and-running-down-westerners/#), November
28, 2014. Accessed December 15, 2015.
5. Norton, R.A., ``Food Defense in the Age of Domestic Terrorism.''
Food Safety Magazine (https://www.foodsafetymagazine.com/enewsletter/food-defense-in-the-age-of-domestic-terrorism/, December 15, 2015.
Accessed December 15, 2015.
6. Valdmanis, R., ``Boston Bomb Suspect Influenced by Al Qaeda:
Expert Witness.'' Reuters (https://www.reuters.com/article/us-boston-bombings-trial-idUSKBN0MJ0Z620150323), March 23, 2015. Accessed
December 15, 2015.
7. Faiola, A., and S. Mekhennet, ``Paris Attacks Were Carried Out by
Three Groups Tied to Islamic State, Official Says.'' The Washington
Post (https://www.washingtonpost.com/world/string-of-paris-terrorist-attacks-leaves-over-120-dead/2015/11/14/066df55c-8a73-11e5-bd91-d385b244482f_story.html), November 15, 2015. Accessed
December 15, 2015.
8. ``Toxins Tie Suspect to Poisonings.'' The Japan Times (https://www.japantimes.co.jp/news/2014/01/26/national/crime-legal/toxins-tie-suspect-to-poisonings/#.VvBCLnn2ZD9) January 26, 2014. Accessed
December 14, 2015.
9. ``Toshiki Abe Arrested for Poisoning Frozen Food in Japan.''
news.com.au (https://www.news.com.au/world/toshiki-abe-arrested-for-poisoning-frozen-in-japan/story-fndir2ev-1226810502913) January 25,
2014. Accessed December 15, 2015.
10. Global Food Safety Initiative. ``GFSI Guidance Document Version
6.3.'' (https://www.mygfsi.com/images/mygfsi/gfsifiles/information-kit/GFSI_Guidance_Document.pdf), 2012.
11. Safe Quality Food Institute. ``SQF Code: A HACCP-Based Supplier
Assurance Code for the Food Industry, Edition 7.1'' April 2013.
12. International Featured Standards. ``IFS Food: Standard for
Auditing Quality and Food Safety of Food Products, Version 6.''
(https://www.ifscertification.com/images/ifs_standards/ifs6/IFS_Food_V6_en.pdf) January 2012. Accessed November 10, 2015.
13. Hamilton, P.J., ``Center for Food Safety, et al. v. Margaret A.
Hamburg, M.D. Order Granting Injunctive Relief.'' United States
District Court Northern District of California. https://www.centerforfoodsafety.org/files/fsma-remedy-order_52466.pdf, June
21, 2013.
14. FDA. ``Mitigation Strategies to Protect Food Against Intentional
Adulteration: Regulatory Impact Analysis, Regulatory Flexibility
Analysis, and Unfunded Mandates Reform Act Analysis,'' 2016.
15. FDA Memorandum. ``Memo Detailing an Evaluation of the Potential
For Wide-Scale Public Health Harm Resulting From Intentional
Adulteration Of Mineral oil When Used as a Dust Control Agent During
Storage and Handling Raw Grain,'' November 16, 2015.
16. FDA. ``CPG Sec. 555.300 Foods, Except Dairy Products--
Adulteration With Salmonella,'' March 1995.
17. FDA. ``Tribal Summary Impact Statement,'' 2016.
18. FDA. ``Memorandum to the File: Environmental Analysis Related to
the Final Rule on Mitigation Strategies to Protect Food Against
Intentional Adulteration.'' February 2016.
List of Subjects
21 CFR Part 11
Administrative practice and procedure, Computer technology,
Reporting and recordkeeping requirements.
21 CFR Part 121
Food packaging, Foods.
Therefore, under the Federal Food, Drug, and Cosmetic Act and under
authority delegated to the Commissioner of Food and Drugs, 21 CFR
Chapter 1 is amended as follows:
PART 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES
0
1. The authority citation for part 11 continues to read as follows:
Authority: 21 U.S.C. 321-393; 42 U.S.C. 262.
0
2. In Sec. 11.1, add paragraph (o) to read as follows:
Sec. 11.1 Scope.
* * * * *
(o) This part does not apply to records required to be established
or maintained
[[Page 34219]]
by part 121 of this chapter. Records that satisfy the requirements of
part 121 of this chapter, but that also are required under other
applicable statutory provisions or regulations, remain subject to this
part.
0
3. Add part 121 to read as follows:
PART 121--MITIGATION STRATEGIES TO PROTECT FOOD AGAINST INTENTIONAL
ADULTERATION
Sec.
Subpart A--General Provisions
121.1 Applicability.
121.3 Definitions.
121.4 Qualifications of individuals who perform activities under
subpart C of this part.
121.5 Exemptions.
Subpart B--Reserved
Subpart C--Food Defense Measures
121.126 Food defense plan.
121.130 Vulnerability assessment to identify significant
vulnerabilities and actionable process steps.
121.135 Mitigation strategies for actionable process steps.
121.138 Mitigation strategies management components.
121.140 Food defense monitoring.
121.145 Food defense corrective actions.
121.150 Food defense verification.
121.157 Reanalysis.
Subpart D--Requirements Applying to Records That Must Be Established
and Maintained
121.301 Records subject to the requirements of this subpart.
121.305 General requirements applying to records.
121.310 Additional requirements applying to the food defense plan.
121.315 Requirements for record retention.
121.320 Requirements for official review.
121.325 Public disclosure.
121.330 Use of existing records.
Subpart E--Compliance
121.401 Compliance.
Authority: 21 U.S.C. 331, 342, 350g, 350(i), 371, 374.
Subpart A--General Provisions
Sec. 121.1 Applicability.
This part applies to the owner, operator or agent in charge of a
domestic or foreign food facility that manufactures/processes, packs,
or holds food for consumption in the United States and is required to
register under section 415 of the Federal Food, Drug, and Cosmetic Act,
unless one of the exemptions in Sec. 121.5 applies.
Sec. 121.3 Definitions.
The definitions and interpretations of terms in section 201 of the
Federal Food, Drug, and Cosmetic Act are applicable to such terms when
used in this part. The following definitions also apply:
Actionable process step means a point, step, or procedure in a food
process where a significant vulnerability exists and at which
mitigation strategies can be applied and are essential to significantly
minimize or prevent the significant vulnerability.
Adequate means that which is needed to accomplish the intended
purpose in keeping with good public health practices.
Affiliate means any facility that controls, is controlled by, or is
under common control with another facility.
Calendar day means every day as shown on the calendar.
Contaminant means, for purposes of this part, any biological,
chemical, physical, or radiological agent that may be added to food to
intentionally cause illness, injury, or death.
Facility means a domestic facility or a foreign facility that is
required to register under section 415 of the Federal Food, Drug, and
Cosmetic Act, in accordance with the requirements of part 1, subpart H
of this chapter.
Farm means farm as defined in Sec. 1.227 of this chapter.
FDA means the Food and Drug Administration.
Food means food as defined in section 201(f) of the Federal Food,
Drug, and Cosmetic Act and includes raw materials and ingredients.
Food defense means, for purposes of this part, the effort to
protect food from intentional acts of adulteration where there is an
intent to cause wide scale public health harm.
Food defense monitoring means to conduct a planned sequence of
observations or measurements to assess whether mitigation strategies
are operating as intended.
Food defense verification means the application of methods,
procedures, and other evaluations, in addition to food defense
monitoring, to determine whether a mitigation strategy or combination
of mitigation strategies is or has been operating as intended according
to the food defense plan.
Full-time equivalent employee is a term used to represent the
number of employees of a business entity for the purpose of determining
whether the business qualifies as a small business. The number of full-
time equivalent employees is determined by dividing the total number of
hours of salary or wages paid directly to employees of the business
entity and of all of its affiliates and subsidiaries by the number of
hours of work in 1 year, 2,080 hours (i.e., 40 hours x 52 weeks). If
the result is not a whole number, round down to the next lowest whole
number.
Holding means storage of food and also includes activities
performed incidental to storage of food (e.g., activities performed for
the safe or effective storage of that food, such as fumigating food
during storage, and drying/dehydrating raw agricultural commodities
when the drying/dehydrating does not create a distinct commodity (such
as drying/dehydrating hay or alfalfa)). Holding also includes
activities performed as a practical necessity for the distribution of
that food (such as blending of the same raw agricultural commodity and
breaking down pallets), but does not include activities that transform
a raw agricultural commodity into a processed food as defined in
section 201(gg) of the Federal Food, Drug, and Cosmetic Act. Holding
facilities could include warehouses, cold storage facilities, storage
silos, grain elevators, and liquid storage tanks.
Manufacturing/processing means making food from one or more
ingredients, or synthesizing, preparing, treating, modifying or
manipulating food, including food crops or ingredients. Examples of
manufacturing/processing activities include: Baking, boiling, bottling,
canning, cooking, cooling, cutting, distilling, drying/dehydrating raw
agricultural commodities to create a distinct commodity (such as
drying/dehydrating grapes to produce raisins), evaporating,
eviscerating, extracting juice, formulating, freezing, grinding,
homogenizing, irradiating, labeling, milling, mixing, packaging
(including modified atmosphere packaging), pasteurizing, peeling,
rendering, treating to manipulate ripening, trimming, washing, or
waxing. For farms and farm mixed-type facilities, manufacturing/
processing does not include activities that are part of harvesting,
packing, or holding.
Mitigation strategies mean those risk-based, reasonably appropriate
measures that a person knowledgeable about food defense would employ to
significantly minimize or prevent significant vulnerabilities
identified at actionable process steps, and that are consistent with
the current scientific understanding of food defense at the time of the
analysis.
Mixed-type facility means an establishment that engages in both
activities that are exempt from registration under section 415 of the
Federal Food, Drug, and Cosmetic Act and activities that require the
establishment to be registered. An example of such a facility is a
``farm
[[Page 34220]]
mixed-type facility,'' which is an establishment that is a farm, but
also conducts activities outside the farm definition that require the
establishment to be registered.
Packing means placing food into a container other than packaging
the food and also includes re-packing and activities performed
incidental to packing or re-packing a food (e.g., activities performed
for the safe or effective packing or re-packing of that food (such as
sorting, culling, grading, and weighing or conveying incidental to
packing or re-packing)), but does not include activities that transform
a raw agricultural commodity into a processed food as defined in
section 201(gg) of the Federal Food, Drug, and Cosmetic Act.
Qualified individual means a person who has the education,
training, or experience (or a combination thereof) necessary to perform
an activity required under subpart C of this part, as appropriate to
the individual's assigned duties. A qualified individual may be, but is
not required to be, an employee of the establishment.
Significant vulnerability means a vulnerability that, if exploited,
could reasonably be expected to cause wide scale public health harm. A
significant vulnerability is identified by a vulnerability assessment
conducted by a qualified individual, that includes consideration of the
following: (1) Potential public health impact (e.g., severity and
scale) if a contaminant were added, (2) degree of physical access to
the product, and (3) ability of an attacker to successfully contaminate
the product. The assessment must consider the possibility of an inside
attacker.
Significantly minimize means to reduce to an acceptable level,
including to eliminate.
Small business means, for purposes of this part, a business
(including any subsidiaries and affiliates) employing fewer than 500
full-time equivalent employees.
Subsidiary means any company which is owned or controlled directly
or indirectly by another company.
Very small business means, for purposes of this part, a business
(including any subsidiaries and affiliates) averaging less than
$10,000,000, adjusted for inflation, per year, during the 3-year period
preceding the applicable calendar year in sales of human food plus the
market value of human food manufactured, processed, packed, or held
without sale (e.g., held for a fee).
Vulnerability means the susceptibility of a point, step, or
procedure in a facility's food process to intentional adulteration.
You means, for purposes of this part, the owner, operator, or agent
in charge of a facility.
Sec. 121.4 Qualifications of individuals who perform activities under
subpart C of this part.
(a) Applicability. You must ensure that each individual who
performs activities required under subpart C of this part is a
qualified individual as that term is defined in Sec. 121.3.
(b) Qualifications of individuals assigned to an actionable process
step. Each individual assigned to an actionable process step (including
temporary and seasonal personnel) or in the supervision thereof must:
(1) Be a qualified individual as that term is defined in Sec.
121.3--i.e., have the appropriate education, training, or experience
(or a combination thereof) necessary to properly implement the
mitigation strategy or combination of mitigation strategies at the
actionable process step; and
(2) Receive training in food defense awareness.
(c) Qualifications of individuals for certain activities described
in paragraph (c)(3) of this section. Each individual assigned to
certain activities described in paragraph (c)(3) of this section must:
(1) Be a qualified individual as that term is defined in Sec.
121.3--i.e., have the appropriate education, training, or experience
(or a combination thereof) necessary to properly perform the
activities; and
(2) Have successfully completed training for the specific function
at least equivalent to that received under a standardized curriculum
recognized as adequate by FDA or be otherwise qualified through job
experience to conduct the activities. Job experience may qualify an
individual to perform these functions if such experience has provided
an individual with knowledge at least equivalent to that provided
through the standardized curriculum. This individual may be, but is not
required to be, an employee of the facility.
(3) One or more qualified individuals must do or oversee:
(i) The preparation of the food defense plan as required in Sec.
121.126;
(ii) The conduct of a vulnerability assessment as required in Sec.
121.130;
(iii) The identification and explanation of the mitigation
strategies as required in Sec. 121.135; and
(iv) Reanalysis as required in Sec. 121.157.
(d) Additional qualifications of supervisory personnel.
Responsibility for ensuring compliance by individuals with the
requirements of this part must be clearly assigned to supervisory
personnel with a combination of education, training, and experience
necessary to supervise the activities under this subpart.
(e) Records. Training required by paragraphs (b)(2) and (c)(2) of
this section must be documented in records, and must:
(1) Include the date of training, the type of training, and the
persons trained; and
(2) Be established and maintained in accordance with the
requirements of subpart D of this part.
Sec. 121.5 Exemptions.
(a) This part does not apply to a very small business, except that
a very small business must, upon request, provide for official review
documentation sufficient to show that the facility meets this
exemption. Such documentation must be retained for 2 years.
(b) This part does not apply to the holding of food, except the
holding of food in liquid storage tanks.
(c) This part does not apply to the packing, re-packing, labeling,
or re-labeling of food where the container that directly contacts the
food remains intact.
(d) This part does not apply to activities of a farm that are
subject to section 419 of the Federal Food, Drug, and Cosmetic Act
(Standards for Produce Safety).
(e)(1) This part does not apply with respect to alcoholic beverages
at a facility that meets the following two conditions:
(i) Under the Federal Alcohol Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the Internal Revenue Code of 1986
(26 U.S.C. 5001 et seq.) the facility is required to obtain a permit
from, register with, or obtain approval of a notice or application from
the Secretary of the Treasury as a condition of doing business in the
United States, or is a foreign facility of a type that would require
such a permit, registration, or approval if it were a domestic
facility; and
(ii) Under section 415 of the Federal Food, Drug, and Cosmetic Act
the facility is required to register as a facility because it is
engaged in manufacturing, processing, packing, or holding one or more
alcoholic beverages.
(2) This part does not apply with respect to food that is not an
alcoholic beverage at a facility described in paragraph (e)(1) of this
section, provided such food:
[[Page 34221]]
(i) Is in prepackaged form that prevents any direct human contact
with such food; and
(ii) Constitutes not more than 5 percent of the overall sales of
the facility, as determined by the Secretary of the Treasury.
(f) This part does not apply to the manufacturing, processing,
packing, or holding of food for animals other than man.
(g) This part does not apply to on-farm manufacturing, processing,
packing, or holding of the following foods on a farm mixed-type
facility, when conducted by a small or very small business if such
activities are the only activities conducted by the business subject to
section 418 of the Federal Food, Drug, and Cosmetic Act.
(1) Eggs (in-shell, other than raw agricultural commodities, e.g.,
pasteurized); and
(2) Game meats (whole or cut, not ground or shredded, without
secondary ingredients).
Subpart B--Reserved
Subpart C--Food Defense Measures
Sec. 121.126 Food defense plan.
(a) Requirement for a food defense plan. You must prepare, or have
prepared, and implement a written food defense plan.
(b) Contents of a food defense plan. The written food defense plan
must include:
(1) The written vulnerability assessment, including required
explanations, to identify significant vulnerabilities and actionable
process steps as required by Sec. 121.130(c);
(2) The written mitigation strategies, including required
explanations, as required by Sec. 121.135(b);
(3) The written procedures for the food defense monitoring of the
implementation of the mitigation strategies as required by Sec.
121.140(a);
(4) The written procedures for food defense corrective actions as
required by Sec. 121.145(a)(1); and
(5) The written procedures for food defense verification as
required by Sec. 121.150(b).
(c) Records. The food defense plan required by this section is a
record that is subject to the requirements of subpart D of this part.
Sec. 121.130 Vulnerability assessment to identify significant
vulnerabilities and actionable process steps.
(a) Requirement for a vulnerability assessment. You must conduct or
have conducted a vulnerability assessment for each type of food
manufactured, processed, packed, or held at your facility using
appropriate methods to evaluate each point, step, or procedure in your
food operation to identify significant vulnerabilities and actionable
process steps. Appropriate methods must include, at a minimum, an
evaluation of:
(1) The potential public health impact (e.g., severity and scale)
if a contaminant were added;
(2) The degree of physical access to the product; and
(3) The ability of an attacker to successfully contaminate the
product.
(b) Inside attacker. The assessment must consider the possibility
of an inside attacker.
(c) Written vulnerability assessment. Regardless of the outcome,
the vulnerability assessment must be written and must include an
explanation as to why each point, step, or procedure either was or was
not identified as an actionable process step.
Sec. 121.135 Mitigation strategies for actionable process steps.
(a) You must identify and implement mitigation strategies at each
actionable process step to provide assurances that the significant
vulnerability at each step will be significantly minimized or prevented
and the food manufactured, processed, packed, or held by your facility
will not be adulterated under section 402 of the Federal Food, Drug,
and Cosmetic Act. For each mitigation strategy implemented at each
actionable process step, you must include a written explanation of how
the mitigation strategy sufficiently minimizes or prevents the
significant vulnerability associated with the actionable process step.
(b) Mitigation strategies and accompanying explanations must be
written.
Sec. 121.138 Mitigation strategies management components.
Mitigation strategies required underSec. 121.135 are subject to
the following mitigation strategies management components as
appropriate to ensure the proper implementation of the mitigation
strategies, taking into account the nature of each such mitigation
strategy and its role in the facility's food defense system:
(a) Food defense monitoring in accordance with Sec. 121.140;
(b) Food defense corrective actions in accordance with Sec.
121.145; and
(c) Food defense verification in accordance with Sec. 121.150.
Sec. 121.140 Food defense monitoring.
As appropriate to the nature of the mitigation strategy and its
role in the facility's food defense system:
(a) Written procedures. You must establish and implement written
procedures, including the frequency with which they are to be
performed, for food defense monitoring of the mitigation strategies.
(b) Food defense monitoring. You must monitor the mitigation
strategies with adequate frequency to provide assurances that they are
consistently performed.
(c) Records--(1) Requirement to document food defense monitoring.
You must document the monitoring of mitigation strategies in accordance
with this section in records that are subject to verification in
accordance with Sec. 121.150(a)(1) and records review in accordance
with Sec. 121.150(a)(3)(i).
(2) Exception records. Records may be affirmative records
demonstrating the mitigation strategy is functioning as intended.
Exception records demonstrating the mitigation strategy is not
functioning as intended may be adequate in some circumstances.
Sec. 121.145 Food defense corrective actions.
(a) Food defense corrective action procedures. As appropriate to
the nature of the actionable process step and the nature of the
mitigation strategy:
(1) You must establish and implement written food defense
corrective action procedures that must be taken if mitigation
strategies are not properly implemented.
(2) The food defense corrective action procedures must describe the
steps to be taken to ensure that:
(i) Appropriate action is taken to identify and correct a problem
that has occurred with implementation of a mitigation strategy; and
(ii) Appropriate action is taken, when necessary, to reduce the
likelihood that the problem will recur.
(b) Records. All food defense corrective actions taken in
accordance with this section must be documented in records that are
subject to food defense verification in accordance with Sec.
121.150(a)(2) and records review in accordance with Sec.
121.150(a)(3)(i).
Sec. 121.150 Food defense verification.
(a) Food defense verification activities. Food defense verification
activities must include, as appropriate to the nature of the mitigation
strategy and its role in the facility's food defense system:
(1) Verification that food defense monitoring is being conducted as
required by Sec. 121.138 (and in accordance with Sec. 121.140);
[[Page 34222]]
(2) Verification that appropriate decisions about food defense
corrective actions are being made as required by Sec. 121.138 (and in
accordance with Sec. 121.145);
(3) Verification that mitigation strategies are properly
implemented and are significantly minimizing or preventing the
significant vulnerabilities. To do so, you must conduct activities that
include the following, as appropriate to the facility, the food, and
the nature of the mitigation strategy and its role in the facility's
food defense system:
(i) Review of the food defense monitoring and food defense
corrective actions records within appropriate timeframes to ensure that
the records are complete, the activities reflected in the records
occurred in accordance with the food defense plan, the mitigation
strategies are properly implemented, and appropriate decisions were
made about food defense corrective actions; and
(ii) Other activities appropriate for verification of proper
implementation of mitigation strategies; and
(4) Verification of reanalysis in accordance with Sec. 121.157.
(b) Written procedures. You must establish and implement written
procedures, including the frequency for which they are to be performed,
for verification activities conducted according to Sec.
121.150(a)(3)(ii).
(c) Documentation. All verification activities conducted in
accordance with this section must be documented in records.
Sec. 121.157 Reanalysis.
(a) You must conduct a reanalysis of the food defense plan, as a
whole at least once every 3 years;
(b) You must conduct a reanalysis of the food defense plan as a
whole, or the applicable portion of the food defense plan:
(1) Whenever a significant change made in the activities conducted
at your facility creates a reasonable potential for a new vulnerability
or a significant increase in a previously identified vulnerability;
(2) Whenever you become aware of new information about potential
vulnerabilities associated with the food operation or facility;
(3) Whenever you find that a mitigation strategy, a combination of
mitigation strategies, or the food defense plan as a whole is not
properly implemented; and
(4) Whenever FDA requires reanalysis to respond to new
vulnerabilities, credible threats to the food supply, and developments
in scientific understanding including, as appropriate, results from the
Department of Homeland Security biological, chemical, radiological, or
other terrorism risk assessment.
(c) You must complete such reanalysis required by paragraphs (a)
and (b) of this section and implement any additional mitigation
strategies needed to address the significant vulnerabilities
identified, if any:
(1) Before any change in activities (including any change in
mitigation strategy) at the facility is operative;
(2) When necessary within 90-calendar days after production; and
(3) Within a reasonable timeframe, providing a written
justification is prepared for a timeframe that exceeds 90 days after
production of the applicable food first begins.
(d) You must revise the written food defense plan if a significant
change in the activities conducted at your facility creates a
reasonable potential for a new vulnerability or a significant increase
in a previously identified vulnerability or document the basis for the
conclusion that no revisions are needed.
Subpart D--Requirements Applying to Records That Must Be
Established and Maintained
Sec. 121.301 Records subject to the requirements of this subpart.
(a) Except as provided by paragraph (b) of this section, all
records required by subpart C of this part are subject to all
requirements of this subpart.
(b) The requirements of Sec. 121.310 apply only to the written
food defense plan.
Sec. 121.305 General requirements applying to records.
Records must:
(a) Be kept as original records, true copies (such as photocopies,
pictures, scanned copies, microfilm, microfiche, or other accurate
reproductions of the original records), or electronic records;
(b) Contain the actual values and observations obtained during food
defense monitoring;
(c) Be accurate, indelible, and legible;
(d) Be created concurrently with performance of the activity
documented;
(e) Be as detailed as necessary to provide history of work
performed; and
(f) Include:
(1) Information adequate to identify the facility (e.g., the name,
and when necessary, the location of the facility);
(2) The date and, when appropriate, the time of the activity
documented;
(3) The signature or initials of the person performing the
activity; and
(4) Where appropriate, the identity of the product and the lot
code, if any.
(g) Records that are established or maintained to satisfy the
requirements of this part and that meet the definition of electronic
records in Sec. 11.3(b)(6) of this chapter are exempt from the
requirements of part 11 of this chapter. Records that satisfy the
requirements of this part, but that also are required under other
applicable statutory provisions or regulations, remain subject to part
11 of this chapter.
Sec. 121.310 Additional requirements applying to the food defense
plan.
The owner, operator, or agent in charge of the facility must sign
and date the food defense plan:
(a) Upon initial completion; and
(b) Upon any modification.
Sec. 121.315 Requirements for record retention.
(a)(1) All records required by this part must be retained at the
facility for at least 2 years after the date they were prepared.
(2) Records that a facility relies on during the 3-year period
preceding the applicable calendar year to support its status as exempt
as a very small business must be retained at the facility as long as
necessary to support the status of a facility as a very small business
during the applicable calendar year.
(b) The food defense plan must be retained for at least 2 years
after its use is discontinued.
(c) Except for the food defense plan, offsite storage of records is
permitted if such records can be retrieved and provided onsite within
24 hours of request for official review. The food defense plan must
remain onsite. Electronic records are considered to be onsite if they
are accessible from an onsite location.
(d) If the facility is closed for a prolonged period, the food
defense plan may be transferred to some other reasonably accessible
location but must be returned to the facility within 24 hours for
official review upon request.
Sec. 121.320 Requirements for official review.
All records required by this part must be made promptly available
to a duly authorized representative of the Secretary of Health and
Human Services for official review and copying upon oral or written
request.
Sec. 121.325 Public disclosure.
Records required by this part will be protected from public
disclosure to the extent allowable under part 20 of this chapter.
[[Page 34223]]
Sec. 121.330 Use of existing records.
(a) Existing records (e.g., records that are kept to comply with
other Federal, State, or local regulations, or for any other reason) do
not need to be duplicated if they contain all of the required
information and satisfy the requirements of this subpart. Existing
records may be supplemented as necessary to include all of the required
information and satisfy the requirements of this subpart.
(b) The information required by this part does not need to be kept
in one set of records. If existing records contain some of the required
information, any new information required by this part may be kept
either separately or combined with the existing records.
Subpart E--Compliance
Sec. 121.401 Compliance.
(a) The operation of a facility that manufactures, processes,
packs, or holds food for sale in the United States if the owner,
operator, or agent in charge of such facility is required to comply
with, and is not in compliance with, section 418 of the Federal Food,
Drug, and Cosmetic Act or subparts C or D of this part is a prohibited
act under section 301(uu) of the Federal Food, Drug, and Cosmetic Act.
(b) The failure to comply with section 420 of the Federal Food,
Drug, and Cosmetic Act or subparts C or D of this part is a prohibited
act under section 301(ww) of the Federal Food, Drug, and Cosmetic Act.
Dated: May 20, 2016.
Leslie Kux,
Associate Commissioner for Policy.
[FR Doc. 2016-12373 Filed 5-26-16; 8:45 am]
BILLING CODE 4164-01-P