By Nuno Soares
When Hoani Hearne bit into a nice red strawberry on September 9, 2018, he was not expecting to end the day in Sunshine Coast University Hospital with severe abdominal pain. Hearne had ingested a needle that had been intentionally planted in the strawberry by My Ut Trinh—a former strawberry farm supervisor. Two hundred and thirty similar incidents were reported—186 of those included sewing needles. Traces of Trinh’s DNAwere found in the needles and the case remains before the courts, with Trinh facing up to 10 years in jail.
Besides all of the people that were unfortunately injured as a result of the incident, a half-a-billion-dollar industry was brought to its knees as prices fell by half and some national supermarket chains removed all the strawberries from the shelves. Local farmers were also forced to dump tons and tons of produce.
Even in the best planned and rigorously implemented food safety management system, a deliberate attack like this one is likely to get through its procedures and pose a threat to consumers’ health. This is why food defense is addressed by some of the most used GFSI-recognized food safety programmes. In fact, SQF, IFS, BRC, and FSSC 22000 all have dedicated clauses to address this issue.
A more comprehensive description of each programme’s content and similarities/differences among them is presented below, as they all share the same core goal with interesting different nuances and approaches.
Food risk types have been divided by GFSI (GFSI Position on Food Fraud, 2014) as unintentional adulteration and intentional adulteration. In the first lies most of what we call food safety and food quality and, in the latter, food fraud and food defense.
In the USA, the FDA introduced the Rule for Mitigation Strategies to Protect Food Against Intentional Adulteration. This rule came into effect in July 2016 but is still in the transition period (for some organizations the compliance date starts July 26, 2019).
Unlike in food safety, where hazards are likely/reasonable to occur unintentional adulterations cases can be identified and addressed by control measures. In intentional adulteration voluntary/criminal actions are described and prevented/reduced through the implementation of mitigation measures/strategies.
One of the first difficulties that organizations face when thinking about addressing intentional adulteration is surpassing the idea that “this will never happen to us.” For that, the best solution is to have a clear picture of what can happen and be aware of real cases that have already affected other organizations. One document that can provide guidance and examples is the Public Available Specification 96 (PAS 96). This consultative document owned by British Standard Institution was first published in 2008 and is now in its fourth edition. It is one of the most common sources used by organizations because it provides a framework to categorize threats and includes examples.
In a previous article, the steps to prevent deliberate attack on food and drink based on PAS 96 TACCP (Threat Assessment Critical Control Points) approach were presented, so for the rest of the article our attention will focus on understanding the different kinds of threats that organizations face. According to PAS (1) the six kinds of threats are:
The case of the needles in fruit, presented at the beginning of the article, is an example of malicious contamination. In this kind of threat someone has the intention of causing illness, injury, or even death to someone or to widespread consumers. It is common in these situations that the attacker uses methods that are difficult to detect so the product actually reaches the consumer. Some cases of glass fragments, toxins, and allergenic substances that do not change organoleptic characteristics have been reported.
Economically motivated adulteration is driven by the ambition of economic gain. Nevertheless, organizations should take into account that, in some cases, the adulteration may represent a hazard to human health. Two well-known cases of economically motivated adulteration were the mixing of melamine in milk powder (2008 – China) and horse meat in frozen hamburgers (2013 – Europe). Although, in the essence, both were aimed to economic gain, the first example had dramatic consequences— six babies died and 300,000 were ill.
Counterfeiting is an activity commonly associated with apparel, but is also perpetrated in the food industry. More or less sophisticated, it is a deliberate action of mimicking a product content or labeling in order to pass it as a better established and higher-value brand. Although not intentional, this action may pose a threat to human health as in the cases of products produced in illegal facilities ( those who don’t comply with food safety principles and are not controlled by local authorities), but labeled as another brand or even using stolen original packages refilled with fake product.
We all are used to hearing news about cyber crimes, mostly related with identity theft or access to personal information in social networks. This is also an issue to be taken into consideration throughout the whole food chain. In the primary sector and industry, the focus should be the unauthorized access to computer systems that could enable attackers to change almost anything in production conditions (a growing concern, as more and more organizations are adopting the so called Internet of Things) or even enable procurement fraud where criminals order products under the organization’s name and those products are delivered to them. In retail, it is more common to hear reports of hacking into clients’ databases to use the information on their fraudulent activities.
In the case of espionage and extortion it can be even more difficult for organizations to see themselves as potential victims, especially because such cases are almost always associated with large companies. Espionage is largely related with the access to intellectual property and obtaining commercial advantages from it. Some cases have been reported from people that are infiltrated in organizations or, internal people that are bribed to share confidential information. Extortion is an activity where an individual or group threatens an organization to do something unless monetary compensation is provided. One example that was news all over Europe in September 2017 was the case of the attacker that poisoned five jars of baby food in German supermarkets and then sent an e-mail requesting €10 million to stop doing so.
Developing programs and procedures to address and mitigate the impact of these threats is time- and money-consuming. Although it is not an easy balance to do, organizations must understand that the costs of today are the savings of tomorrow. There are four main sources of costs that organizations may face if they fail to manage and avoid being victims of these activities.
Actions to respond – organizations may have to withdraw product from market, and destroy product produced in nonconformance.
Market loss – When a case like the needles in the strawberries happens, most consumers become afraid of the product and stop buying it, even after the problem is solved. Even if the problem is with a competitor, most likely consumers will reduce/stop consuming the whole product category (at least for a while).
Paying compensations – Compensations may be due to suppliers, distributors and customers/consumers as result of actions of intentional adulteration. Adding to that, it may lead to long and costly litigations in court.
Reputational damage – Even when organizations deal very well with these situations, especially in the communication with the stakeholders or press, there is always some reputational damage to the brand that can indirectly impact other products and services provided.
There is a growing awareness of the food industry to the importance of accessing these threats and the requirements included in the major food safety systems are just a reflexion of that. It is also probable that, following the example of FDA in the USA, other countries will include some requirements in their national law. Be sure to stay alert and prepared for these situations since, as in so many others’, it does not only happens to others.
(1) In PAS 96:2017 you can find examples of reported incidents related with each of this categories.
About the author
Nuno Soares is a food engineer who has been working in food industry since 1999. Nuno has worked in roles including quality and production manager. With the goal of reaching further with his ideas for food safety and support other professionals in their daily work, Nuno recently embraced researching and publishing activities. For his PhD, he researched how to improve frozen fish shelf-life and protection by developing a new glazing solution. After publishing his first book Food safety in the Seafood Industry (Wiley), he recently self-published the e-book: ISO 22000:2018 Explained in 25 diagrams.
You can contact Nuno on LinkedIn or at firstname.lastname@example.org.