However, law enforcement officials deliberately suppress public disclosure of such cases, according to Ann Draughton, a professor and co-director of the Food Safety Center of Excellence at the University of Tennessee in Knoxville. To illustrate, she cites an incident involving a disgruntled Michigan supermarket employee who mixed pesticide into ground beef, sickening 92 individuals. Though known to federal authorities, the case didn’t register a media blip.
Fear of copycat incidents is law enforcement’s rationale for suppressing public disclosure, though it also fosters an it-can’t-happen-here attitude in the industry. As a result, many companies may approach the food defense mandates as just another compliance program, food-plant security specialists say, rather than an element of an effective security system that considers all possible hazards.
Every plant must have a food defense plan specific to its location and vulnerabilities, points out Peter Hayes, director of manufacturing operations support for Frito-Lay North America, Plano, Texas. In the wake of 9/11, the snack company’s CEO threw his support behind “a top-down, comprehensive food defense program,” Hayes told attendees at Tyco’s Food Defense Strategy Exchange last year in Chicago. Management support was essential to ensure financial support, but effectiveness required giving plant personnel the information and resources needed to implement and maintain the program, he said.
Most of the facilities in Frito-Lay’s network lacked effective security at the outset. Upgrades differed depending on the existing physical security and the results of a threat assessment. Seasonings were determined to be the area of greatest risk. “Reason? It was the only ingredient that didn’t go through a thermal process,” explains Hayes. Criminal activity in the neighborhood surrounding the facility factored into the vulnerability score, and plants in isolated areas were judged to be high risk.
Guard stations, CCTV, fencing and other defenses were deemed unnecessary at low-risk plants like the company’s Canton, Ohio, pretzel factory, Hayes says, though proximity card controls became common elements in every location. Plant leadership conducted the first defense review and considered the severity, likelihood and detectability of various events, but the scenarios those leaders devised proved too broad and ill defined. Bringing in security experts caused “HR angst,” but “that made the list of what could occur much more robust,” says Hayes.
Once the plans were implemented, the firm commissioned third-party audits to assess them. Food safety audits had been conducted by AIB International for more than 30 years, and the auditors who conducted those assessments were commissioned to conduct separate security reviews. “Both audits are unannounced,” he says, with the auditor spending one day on site to assess security and three days for safety systems.
A long-term commitment of capital resources and personnel is necessary for a viable plan, Hayes emphasizes. “This is not free.”
Several self-help guides to assessing the vulnerabilities in a plant are available on the FDA’s web site, beginning with the CARVER + Shock tool, a risk management system that helps prioritize security needs based on Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability and shock value. Food Defense 101 training courses for front-line workers and managers is another useful guidance, along with the Food Related Exercise Bundle.
A workforce that is aware of the need for proper defense protocols and alert to possible threats is much more important than expensive hardware, according to Bryan Fort, corporate security manager for McCormick & Co., Sparks, Md. “Whenever we have had problems, we’ve been fortunate to have an engaged workplace,” he says. “I’m not going to be the one who catches a bad guy on the third shift.”
McEntire seconds the sentiment. “If you want more technology, there’s always someone willing to sell you something,” she says, but awareness and training for front-line workers at vulnerable points in the supply chain will contribute more to an effective and productive defense program than automation hardware that satisfies compliance issues.