Over the course of my 36 years with The Hershey Company, I helped lead and execute a number of global Quality, Regulatory, and Governance initiatives. Perhaps one of the most challenging, and yet rewarding, was implementation of the Food Safety Modernization Act (FSMA).
When the FDA published the proposed rules in 2011, we had a very robust food safety program in place. The first question senior management asked was, “how close are we to being compliant?” At the time, there were still a lot of unanswered questions. But, like many food companies, generally speaking we thought we were in pretty good shape – maybe 85% to 95% “there.” We initiated a FSMA working group within Hershey to identify potential gaps and develop associated action plans in preparation for the final FDA rules. Thus began a five-year marathon to move us to full compliance with FSMA. There are three lessons we learned along the way that might prove helpful to others as they make this same journey.
Last week, Sarah Geisert wrote about the importance of understanding the FSMA rules and using them to create a roadmap for evaluating your current food safety program. That’s exactly where we started, even before the rules were final. As we dug through the proposed rules and what seemed to be endless comments, we realized that this was not going to be as simple as initially thought - some of the new rules required us to make significant changes to the way we thought about and implemented our food safety plan. As you embark on FSMA compliance initiatives, here are three learnings to consider:
1. Supplier Management Requires Cross-Functional Engagement, Alignment, and Access.
One of the new FDA expectations is that manufacturers can validate that they have pre-approved their suppliers and that they monitor for on-going supplier compliance … all within 24 hours of request. We absolutely had an existing supplier approval and monitoring process in place. It included audits, pre-approval testing of raw materials, supplier history, literature reviews of new ingredients to understand potential risks, and a robust supplier information packet. Yes, these processes were documented. But the information was stored across different systems and lived within different functional departments. We could manually pull together the information for an ad-hoc request, but doing so on a consistent basis was challenging and time-consuming. Doing it on-demand during an FDA inspection was going to be exciting. We realized we needed a more holistic approach to supplier information management that went beyond just storage. The information had to be easily accessible and usable across the organization: to identify trends, to remind us to follow up on corrective actions and/or audits, and to allow suppliers to update their own information directly. We also knew we could not develop this data management system in-house. We reviewed several potential software vendors and selected one with pre-built templates, relatively easy implementation, and the ability to add functionality as we progressed. We decided to eat the elephant one bite at a time in order to get moving.
There was one other painful realization that came out of our supplier management work: we had approved supplier lists. Yes, lists, plural. Procurement had their list – based on the contract. Finance had another list – based on the billing address. Quality and Regulatory had yet another list - based on where audits were conducted. To further complicate things, suppliers change their names, merge with other suppliers and move their facilities. Getting these lists aligned was quite an exercise. I advise everybody to make sure your multifunctional team is aligned to and working from a single, centrally maintained, master list of suppliers. Otherwise you will have more data to scrub and/or your beautiful list will quickly go out of date.
2. Training Means More than Just Showing Up for Class.
Employee training is a key component across all the FSMA rules. Fundamental to all FSMA compliance is the principle “If it’s not documented, it didn’t happen” and its corollary, “Show me AND convince me.” For example, it is no longer sufficient to show the FDA a list of employees who attended a particular training course. You now have to demonstrate that the learning was sufficient to insure comprehension and that your employees will/do react appropriately in various situations. Of course we had training! Of course we had documented attendee lists! But the “convince me” part was more difficult. It forced us to rethink how we rolled out training modules so that we could “test” comprehension against learning objectives. We implemented the use of “clickers.” You know the technology … press the button that corresponds to the best answer. This had the advantage of being able to track each trainee’s progress privately. The final scores were downloaded and reviewed. Those who did not receive a passing score were notified that they needed to repeat the training.
The same holds true for product safety equipment and other related processes. For example, it is not enough to simply show the FDA that you have a metal detector on your line. You also have to demonstrate that it works and that your employees know how to react if it does kick off rejects. I have seen a few recent FDA warning letters that point out employee training alone is not enough to prove that a situation has been remediated and will not recur. It is your responsibility to demonstrate that employees have, in fact, learned how to react appropriately to out of tolerance situations.
3. The Best Documentation and Records Retention Policy is “Just Right.”
As noted above, not having something documented is viewed as though it never happened. On the other hand, neither is it a virtue to be a pack rat. Make sure your records retention policy is in sync with the FSMA requirements. Then make sure you keep only what you need…no less and no more. Here again, cross-functional engagement and alignment is critical to ensure that no one throws away something someone else needs. However, keeping records ad infinitum, can be problematic if they are not compatible with your current food safety practices and policies. Keep the Goldilocks lesson in mind, “not too much, not too little, but just right.” By the way, the use of ditto marks (“) should be discouraged. They tend to leave inspectors wondering if the indicated action was really taken, or if someone just marked it off.
The goal of FSMA is to ensure that the U.S. food supply is safe by shifting the focus from response to prevention. This is paramount. But in addition to that, I found that the implementation process ignited greater collaboration, instilled a broader business perspective, and created new relationships that enhanced employee performance, improved productivity, and sparked innovation. Perhaps that is the greatest lesson of all.
Need help jumpstarting your FSMA compliance plan or breaking through a roadblock? Contact me and let's talk about what help might look like for your food safety program. Be sure to check out the webinar below covering FSMA Compliance.
About Llaine Groninger: Ms. Groninger spent 36 years in global Quality, Regulatory, and Governance roles at The Hershey Company. An expert in the development of robust regulatory compliance programs, she was instrumental in the implementation of the FSMA Preventive Controls for Human Food rule at Hershey operations. In addition, she identified and leveraged information systems to strengthen food safety and regulatory processes enterprise-wide, providing continuous improvement in regulatory compliance through better data management and employee training. Since joining YourEncore in 2016, Llaine has worked with clients to jumpstart their FSMA implementation and compliance programs.