The FDA’s Food Safety Modernization Act (FSMA) includes a very crucial rule focused on protecting the food supply from intentional harm. Known as the Intentional Adulteration (IA) Rule, it’s designed to prevent acts meant to cause widespread public health damage—including terrorism.

Although such threats are rare, their potential cause a resultant—illness, death, and major disruptions to the food system, this explains why food defense preparedness is critical.

What the Rule Requires

Unlike other FSMA rules that target specific hazards or products, the IA Rule applies broadly. It mandates risk-reducing mitigation strategies for key processes at certain FDA-registered food facilities.

The proposed rule was first released in December 2013, and the final version, published on May 27, 2016, which reflects industry feedback by providing more information and flexibility. Facilities now have clearer guidance on assessing vulnerabilities, implementing strategies, and ensuring those strategies work.

The rule was developed with insights from the U.S. intelligence community and food industry, using vulnerability assessments to guide the food supply chain and food defense structure.

While food can be intentionally adulterated for various reasons, such as employee sabotage or economic gains; however, this rule focuses solely on prevention of large-scale public health threats. Notwithstanding, economic fraud is covered under different FSMA rules for human and animal food.

Who Must Comply?

The IA Rule applies to both U.S. and foreign food facilities that are required to register with the FDA under the Federal Food, Drug, and Cosmetic (FD&C)Act. It does not apply to farms and mostly targets larger companies whose products reach a wide population. About 3,400 companies operating 9,800 facilities fall under this rule.

Core Requirements

This rule introduces the first-ever requirement for companies to create and maintain a Food Defense Plan, much like a food safety plan based on Hazard Analysis Critical Control Point (HACCP)principles.

Each plan must include:

1. Vulnerability Assessment: This is the identification of vulnerabilities and actionable process steps for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these elements must be evaluated:
   • Considerations include:

1. • • Scale of public health impact (e.g., volume, serving size, spread, lethality of contaminants).
     • Access to the product (e.g., physical barriers, seals, locks).
     • Likelihood of successful contamination of food products.

2. Mitigation Strategies: These should be identified and implemented at each actionable process step to provide assurances that vulnerabilities will be minimized or prevented. The mitigation strategies must be tailored to the facility and its procedures.

1. • The final rule eliminates the distinction between “broad” and “focused” mitigation strategies. Previously, only “focused” strategies were required, as “broad” strategies—like installing a fence around the entire facility—were not effective at securing specific areas from insider threats.
   • Strategies must directly address risks from internal threats, attacks and intentional adulteration(e.g., insiders with access to critical steps).
2. Mitigation strategy management components: Ensuring the strategies work through:
   • Monitoring: Develop and carry out procedures to monitor mitigation strategies, including how often monitoring should occur.
   • Corrective Actions: What happens and what response is given when a mitigation strategy fails.
3. Verification: Carry out activities to confirm that monitoring is properly conducted and that corrective actions are being appropriately determined and implemented.
4. Training & Recordkeeping: Staff involved in vulnerable areas must be trained, and records must be maintained for all monitoring, corrective, and verification activities.

Compliance Timeline

The FDA allowed staggered timelines to help businesses prepare:

• Very Small Businesses
  • Defined as those averaging less than $10 million/year in human food sales over three years.
  • Must meet modified requirements within 5 years (by July 2021).
• Small Businesses
  • Fewer than 500 employees.
  • Must comply within 4 years (by July 2020).
• All Other Businesses
  • Larger companies.
  • Required to comply within 3 years (by July 2019).

Exemptions

Certain activities and businesses are exempt, including:

• Very small businesses (Borden of proof and documentation required upon request to the FDA).
• Food holding facilities, except in liquid storage tanks.
• Packing/repacking or labeling where containers are not opened.
• Activities conducted on farms.
• Food for animals.
• Alcoholic beverages, under certain conditions.
• On-farm processing of specific low-risk foods (e.g., game meats, certain eggs) by small/very small businesses.

This rule represents a major step in proactively protecting the public from intentional harm in the food system. While compliance may require substantial effort, it empowers companies to take control of their own defense systems and in doing so, protect public health and food industry stability.

Source: United States Food and Drug Administration (FDA)

Reach out to Fresh Group Food Safety And Quality Consulting for any inquiries related to food quality and safety.