www.canadiansecuritymag.com

News Retail
Locking down the food chain

At one time, food security might have  involved checking for razor blades in Halloween candy. But in 2002, the U.S. Bioterrorism Act put measures in place for product tracking, such as registration of facilities, and C-TPAT, the Customs-Trade Partnership Against Terrorism, now requires documentation of security procedures for cross-border trade.



September 29, 2006
By Vawn Himmelsbach

Topics

While Canada has no legislation on “food defence,” a phrase coined by
the U.S., many Canadian companies are affected by regulations south of
the border and are making significant investments in physical security
infrastructure.

Millions of tons of food are shipped around and
through Canada every year, making it a potential target for tampering
or terrorism. But Canada doesn’t have a plan for “food defence,” per
se.

“Unless there’s a disease outbreak on a farm or we’re
investigating an on-site feed-mill, which is subject to regulations, we
don’t have any role in the day-to-day operation of a farm,” says Marc
Richard, a spokesperson with the Canadian Food Inspection Agency (CFIA). Where it plays a role is in slaughter plants and with the importation of plants and animals.

“If
you have someone who’s making candies, we’ll rarely visit them because
candy is basically sugar, there’s not a lot of risk to it, and it’s
heated to very high temperatures when you manufacture it and that would
kill any pathogen or parasite,” he says. “So that’s the approach — we
don’t have a role in certifying [physical security infrastructure].”

But
the U.S. government is demanding it, and wants to see proof of a food
security program on site that addresses any potential risks and
hazards. Many Canadian companies, however, are a little naïve about
food security, says Frank Schreurs, director of food safety and quality
services with the Guelph Food Technology Centre (GFTC),
which provides both consulting and auditing services. Addressing food
security means formalizing a food security program that documents
procedures and policies, and investing in infrastructure, which could
include fencing, surveillance cameras and access control systems.

“Identifying
your weaknesses and doing something about it is another thing,” says
Schreurs. “Do I need 10-foot fencing and an armed security guard and
all those things? That may or may not be needed — it depends on their
location, the type of product they ship.”

 But for a company
that ships bulk materials across the border that could easily be
tampered with, a food security program is now a necessity.

“In
some countries, companies like Kraft or Heinz don’t even put their name
on the front of the building,” he says. “They don’t want people to know
it’s a Kraft or Heinz plant because it’s like putting a big target on
your forehead.”

But “food defence” costs money. This could
include security guards, gates and fencing, for example, as well as
surveillance cameras and access card systems for employees.

Companies
should assess their requirements first, says Schreurs. If your facility
is up against the street, for example, and you can’t put a fence there,
what are your other options? Is it easy for someone to get on your roof
and put something into your air system? Where are the best places to
put surveillance cameras? And what is the cost versus the risk? There’s
a lot to consider, from someone walking into a building with a machine
gun to someone discretely slipping poison into a 10,000-pound batch of
ground beef.

The industry’s biggest weakness is that there isn’t
a formalized process of assessing what needs to be done. “There’s no
allocation of responsibility, there’s no ownership,” says Schreurs.
“How often are you archiving the film [from surveillance cameras] and
how long do you keep it? If you’re rewriting over it every 24 hours, is
that good?”

We need to look at the entire farm-to-table
continuum to understand vulnerabilities and the potential for adverse
actions that could impact the food supply, says John Brown, global
operational risk manager with the H.J. Heinz Company. We also have to
understand the goals of the individuals or groups who would want to
cause those actions.

There are several characteristics of the
food industry that make it a difficult target, he says. Agriculture is
spread over vast areas, although there are concentrations in specific
sectors. “Food processing subjects products to steps that inactivate or
kill most biological contaminants,” he says. “Similarly, quantities of
foods processed would require large amounts of chemical contaminants to
achieve a particular effect.”

The maturity of the industry in
dealing with food safety and the ability to quickly locate and recall
products limit the amount of contaminated product that could get into
consumers’ hands, he says. Product packaging has also matured relative
to tamper-evidence features, limiting the potential for post-packaging
contamination.

Leigh Booth, director of quality assurance with
Honeyman’s Beef Purveyors — J.J. Derma Meats, sees it differently. “The
food chain is so large and has so many access points, you can do a lot
of damage,” he says, pointing to the recent E.coli outbreak in
California spinach. In the case of a biological attack, it would be
something much more contaminant than E.coli.

“That could be
done relatively easily and that goes right across the food chain in
North America,” he says. “Produce is probably one of the worst as a
security threat.”

Unlike Brown, he believes Canada is a ticking
time bomb. “The problem in Canada is the Canadian government isn’t
looking at it as much as it should,” he says. “But it will happen here
and they’ve really got to start looking at it. Why is it starting at
our end?”

But all parties agree that Canadian companies have to
be vigilant in identifying potential weaknesses and putting controls in
place to strengthen them. “We like to view the issue of food defence
within the realm of any intentional contamination,” says Heinz’s Brown.
In reality, these threats most likely come from employees or people who
have valid access to a processing facility, such as contract employees,
suppliers and contractors.

Beyond employee awareness, there are
physical and procedural measures that can be taken to increase
protection of specific points in the farm-to-table continuum that have
been identified as potential vulnerabilities, says Brown. Facilities
should have the minimum possible number of access points, use
turnstiles coupled with access control systems to ensure one person per
access activation, and use access control to further limit access to
more sensitive areas within processing facilities. These physical
measures should be reinforced with human resource measures to include
background checks and similar investigations on hiring.

Other
measures that can and should be incorporated within the scope of
processing plants, says Brown, include the use of seals on in-bound and
out-bound trucks (or tamper-evident features at the case or pallet
level), locks or seals on bulk delivery ports and storage tanks,
tamper-evident sealing of partially-used ingredients, and good lighting
systems to limit the ability for activity to go unnoticed.

“You
have to identify not only what are the risks, but where are the risks,”
says Honeyman’s Booth. “The outside is huge ”“ usually there’s no
barrier, there’s no fencing, there’s nothing to stop somebody from
getting at your building.”

The company uses surveillance cameras
and electronic access at the front door; anyone who is not an employee
must be accompanied inside the building, whether it’s a tour group or
an auditor. The plant’s shipping and receiving facility has a secure
door and drivers can’t get in unless they’re let in. Every employee has
a security “fob” — and that’s the only way they can get into the
building.

Some facilities are going so far as to build
automation controls that monitor the temperature of food products, says
Nick Migliore, president of Reilly Security Services.
When a product is received, for example, a thermal temperature gun
tests if that product is at a certain temperature. It either accepts or
rejects it; if accepted, it can then be secured properly ”“ and this can
be demonstrated through a trail of documentation.

There’s also
increased screening and supervision of the human element and more
controls on access, externally as well as internally ”“ from production
to distribution. “We work for some firms that are more involved in the
distribution and logistics side and they’ve invested heavily in
technology to help them with their vehicles and type of refrigeration
in the vehicles and the type of locks securing the product,” says
Migliore.

But let’s be honest, says GFTC’s Schreurs, a lot of
the push for this is coming out of the U.S. “For the most part they
said that our audits were being too lenient, we weren’t being tough
enough on the security side, and I would agree with that.”

This
is serious stuff, he added, and if Canadian companies don’t take it
seriously they’re going to get hammered. And the hammer, ultimately, is
the consumer.