When on 9th September of 2018 Hoani Hearne bit a nice red strawberry he was not expecting to end the day in Sunshine Coast University Hospital with severe abdominal pain. He had ingested a needle intentionally planted by My Ut Trinh, a former strawberry farm supervisor! 230 incidents were reported, 186 of those included sewing needles. Traces of her DNA were found in the needles and now the case remains before the courts, as Trinh faces up to 10 years in jail (picture from Daily Mail online).
Note: Not all the incidents reported were connected to the actions of My Ut Trinh. As far as I was informed My Ut was charged with seven counts of contamination for one incident in Queensland.
Besides all the people that were unfortunately injured, another consequence was a half-a-billion-dollar industry brought on its knees as prices fell by half and some national supermarket chains removed all the strawberries from the shelves at that time. Local farmers were also forced to dump tons and tons of their produce.
Even in the best planned and rigorously implemented food safety management system, a deliberate attack like this one is most probably able to get through its procedures and pose a threat to consumers’ health. This is why food defense is addressed by some of the most used GFSI-recognized food safety programmes. In fact, SQF, IFS, BRC and FSSC 22000 all have dedicated clauses to address this issue.
A more comprehensive description of each programme content and similarities/differences among them will be shared together with this article as, they all share the same core goal with interesting different nuances and approaches.
Food Risk Types have been divided by GFSI (GFSI Position on Food Fraud, 2014) as Unintentional adulteration and Intentional adulteration. In the first lays most of we call Food Safety and Food Quality and, in the latest, Food Fraud and Food Defense.
In the USA, FDA introduced the Rule for Mitigation Strategies to Protect Food Against Intentional Adulteration. This rule is effective since July 2016 but is still in the transition period (for some organizations the compliance date starts at 26 July 2019). Unlike in food safety, where hazards likely/reasonable to occur (unintended) are identified and addressed by control measures, in Intentional Adulteration voluntary/criminal actions are described and prevented/reduced through the implementation of mitigation measures/strategies.
One of the first difficulties that organizations have when thinking in addressing Intentional Adulteration is surpassing the idea that “this will never happen to us”. For that, the best solution is to have a clear picture of what can happen and be aware of real cases that have already affected other organizations. One document that can provide good guidance and examples on that is the Public Available Specification 96 (PAS 96). This consultative document owned by British Standard Institution was first published in 2008 and is now in its fourth edition. It is one of the most common sources used by organizations, precisely because it provides a framework to categorize the threats and also examples.
In a previous article the steps to prevent deliberate attack on food and drink based on PAS 96 TACCP (Threat Assessment Critical Control Points) approach were presented, so for the rest of the article our attention will focus on understanding the different kinds of threats that organizations face. According to PAS (1) the six kinds of threats are:
The case of the needles in fruit, presented at the beginning of the article, is the perfect example of a malicious contamination. In this kind of threat someone has the intention of causing illness, injury or even death to someone or even to widespread consumers. It is common in these situations that the attacker uses methods difficult to detect, so the product actually reaches the consumer. Some cases of glass fragments, toxins and allergenic substances that do not change organoleptic characteristics have been reported.
Economically motivated adulteration is mostly driven by the ambition of an economic gain. Nevertheless, organizations should take into account that, in some cases, the adulteration may represent a hazard to human health. Two well-known cases of economically motivated adulteration were the mixing of melamine in milk powder (2008 – China) and the mixing of horse meat in frozen hamburgers (2013 – Europe). Although in the essence both were aimed to economic gain the first one had dramatic consequences (6 babies died and 300,000 were ill).
Counterfeiting is an activity that is commonly associated with apparel but is also perpetrated in the food industry. More or less sophisticated, it is a deliberate action of mimicking a product content or labeling in order to pass it as a better established and higher value perceived brand. Although not intentional, this action may pose a threat to human health as in the cases of products produced in ilegal facilities (not complying with food safety principles and not controlled by local authorities), but labeled as another brand or even using stolen original packages refilled with fake product.
We all are used to hear regular news about cybercrimes, mostly related with identity theft or access to personal information in social networks. This is also an issue to be taken into consideration throughout the whole food chain. In the primary sector and industry, the focus should be the unauthorized access to computer systems that could enable attackers to change almost anything in production conditions (a growing concern, as more and more organizations are adopting the so called Internet of Things) or even enable procurement fraud where criminals order products on the organization’s name and those products are delivered to them. In retail, it is more common to have reports of hackings into clients’ databases to use the information on their fraudulent activities.
In the case of Espionage and Extortion it can be even more difficult for organizations to see themselves as potential victims, especially because such cases are almost always associated with large companies. Espionage is largely related with the access to intellectual property and obtaining commercial advantages from it. Some cases have been reported from people that are infiltrated in organizations or, in alternative, internal people that are bribed to share confidential information. Extortion is an activity where an individual or group threats an organization to do something unless a monetary compensation is provided. One good example that was news all over Europe in September 2017 was case of the attacker that poisoned 5 baby food jars in German supermarkets and then sent an e-mail requesting €10 m to stop.
Developing programs and procedures to address and mitigate the impact of these threats are time- and money-consuming. Although it is not an easy balance to do, organizations must understand that the costs of today are the savings of tomorrow. There are four main sources of costs that organizations may face if fail to manage and avoid being victims of these activities.
Actions to respond – organizations may have to withdraw product from market, and destroy product produced in nonconformance.
Market Lost – When a case like the needles happens, most consumers get so afraid of the product that they stop buying it, even after the problem is solved. Even if the problem is with a competitor, most likely consumers will reduce/stop consuming the whole product category (at least for a while).
Paying compensations – Compensations may be due to suppliers, distributors and customers/consumers as result of actions of Intentional Adulteration. Adding to that, it may lead to long and costly litigations in court.
Reputational damage – Even when organizations deal very well with these situations, specially in the communication with the stakeholders or press, there is always some reputational damage to the brand that can indirectly impact other products and services provided.
There is a growing awareness of the food industry to the importance of accessing these threats and the requirements included in the major food safety systems are just a reflexion of that. It is also probable that, following the example of FDA in the USA, other countries will include some requirements in their national law. Be sure to stay alert and prepared for these situations since, as in so many others’, it does not only happens to others!
(1) In PAS 96:2017 you can find examples of reported incidents related with each of this categories.
Disclaimer: The information contained on this article is based on research done in the last months and the authors personal experience and opinion. It is not intended to represent the view of any organization they work for or collaborate with. The author will not be held liable for the use or misuse of the information provided in the article.