Header graphic for print

Food Safety News

Breaking news for everyone's consumption

Process and Substance in Third-Party Food Safety Audits

Opinion

As the result of numerous national and international outbreaks of foodborne illness, food industries worldwide have come under increasing pressure to ensure that their products are safe, wholesome and meet government standards. FDA and USDA have the primary authority for our food supply nationally, while individual states typically regulate local food operations through state and county departments of agriculture and health.

The public health burden of foodborne illness in the U.S. is significant, with many thousands hospitalized. The Centers for Disease Control and Prevention reports these agents are responsible for 3,000 deaths a year.

Outbreaks of foodborne illness cost the U.S. food industry untold millions in claims and legal fees yearly, as well as cause crises and business disruptions. (One law firm alone has recovered more than $500 million in damages for clients affected by foodborne illness.)

In response, the world’s major retailers now require that their suppliers, growers, packers, processors and manufacturers of food prove adherence to their standards for safety and quality. Auditing companies, hired by the suppliers themselves, now inspect many thousands of food operations a year around the globe. Such inspection numbers may actually rival or even surpass what government is able to do, making the private regulation of food safety both big business and an important public health issue.

Auditors follow a set of standards and guidelines developed by the standard owner provided through the Certification Body (CB). The process for creating a “third party standard” is in itself regulated by the International Standards Organization, better known as ISO. Many CBs use these ISO-accredited private standards. Other standards are used that have no accreditation, but, in either case, the CB pays a percentage of the proceeds from auditing back to the standard holder or owner. The ISO-accredited standards are developed through an open and transparent consensus process that involves the buyers and sellers of products, government, the scientific community and other interested parties. Many standards can be found on the websites of the organizations providing such services. In addition, there are guidelines produced that help to guide the auditing process and put policies and procedures in place for the execution of the audit.

Ultimately, audits provide the buyer with assurance that suppliers meet the standards they adopt. The expectation is that of limiting liability by demonstrating due diligence in sourcing raw materials. However, such findings do not necessarily protect the exposure of a seller or buyer if there is an outbreak or if a consumer is made ill or injured. Even when firms have satisfactory audit findings, they may be sued under the doctrine of “strict liability.” In such legal cases, the plaintiff does not have to prove negligence, only that “they were injured by a product,” and the product was in some way “defective,” e.g., it was adulterated.

The goal of any food safety program, then, should be to prevent foodborne illness or injury. The independent third-party food safety audit can be a tool to further this goal, but such audits are not currently particularly capable of protecting public health as they are more focused on limiting the buyer’s legal liability. However, when third-party standards are followed, they undoubtedly reduce the potential for illnesses to occur. Adherence to them is likely leading to better food safety, but recent events have revealed significant flaws in the third-party audit model.

Much has been written about the 2011 Listeria monocytogenes outbreak in cantaloupe that claimed the lives of 33 victims in one of the most devastating foodborne illness outbreaks of recent years. In the trial of the grower/packer, Eric Jensen, FDA opined that the auditor (employed by the CB that Mr. Jensen contracted with) was seriously deficient in his findings. The basis for FDA’s criticism is that the auditor found the operation to be at a 96-percent conformance rate with the standard (Superior) just days before the outbreak was identified, and he allegedly did not find many of the violations later reported by FDA. While FDA takes the position that the audit was flawed, the audit firm publicly supports the findings of the auditor. The auditing company, in spite of this criticism, stands behind the auditor and states, “He did his job with great care.”

This was not the first serious outbreak of foodborne illness where an auditor was criticized for giving a superior rating to a facility that was later shown to be unsanitary. In 2007, the Peanut Corporation of America knowingly distributed Salmonella-contaminated peanut products and caused a recall of more than 4,000 different foods, as well as taking the lives of seven persons and injuring many more. Although the facility was very poorly maintained and had a serious rodent problem, the auditor had given the firm a superior rating several months before.

Third-party audits clearly suffer from some serious drawbacks regarding public health protection. Private auditors have no authority to stop production or to embargo or condemn food products; this can only be done by regulatory agencies that have legal authority. In fact, auditors have no legal authority at all. Under the contract, the “auditee” can restrict the scope of the audit, stop an audit, or simply cancel it. The true power in the third-party model is the buyer. If the buyer is unhappy with the audit results, the buyer can cancel orders or put the supplier on some provisional status. The buyer can also choose not to do business with a supplier that opts out of being audited. Buyers, however, rarely exercise these powers since buyers typically need to have products and need to have as many sources of products as possible. Limiting competition over time puts the buyer in a poor position; therefore, price, availability and quality issues may outrank safety scores. It is well known in the industry that produce buyers especially can, and do, go outside the approved supply chain whenever they feel they need to.

If an auditor finds the potential for product adulteration, the best he/she can do to protect public health is down-score the item in the audit question, reducing the audit score (for example, failure to properly validate the sanitary quality of re-circulated water in a produce washing operation would result in a 10-point loss out of more than 1,000 available points). Less frequently, an auditor may actually see an actual contamination issue, such as broken glass in contact with food or fecal contamination. In these cases, the auditor can strike against the relevant question, and, if that question results in the failure of the audit (and very few questions do), the audit can stop, but only at the auditee’s request; the auditor has no ability to stop the audit.

Although an auditor may immediately advise the auditing firm of such hazardous findings, the findings may take several days to get to the buyer requesting the report. In the meantime, although it would be illegal to do so, the auditee might ignore the findings and continue selling and distributing contaminated products.

To summarize, auditors have no authority to stop production and very limited power to protect public health when they find adulterated products or the conditions that lead to that.

As an alternative, auditors cannot report such findings to authorities. Whistleblower rules under FDA do not afford protection to auditors who are under contract to keep audit findings confidential. Such contractual agreements preclude an auditor from reporting adulterated food or grossly insanitary conditions to local public health officials, FDA or USDA, although this may change under proposed FDA rules (FSMA).

Currently, auditors announce their visits, sometimes months in advance. The conditions an auditor might find on the day of the audit may be very different from the conditions otherwise maintained, making the audit findings highly biased. Experienced auditors will find telltale signs of neglect in a facility, but other gross problems may be temporarily covered up. The provision for unannounced audits is in the protocols of some certification bodies, but unannounced audits rarely occur.

Unlike their FDA counterparts, third-party auditors are precluded from taking tests or samples. Auditors must rely on the firm’s own testing and sampling records in order to validate many of the critical sanitation standards. Auditors may be restricted from taking product samples, performing ATP sanitation verification, using a pH or ORP meter, a thermometer, or using a titration or paper-based test for chemical concentration. Data from in-house tests can be flawed, but the auditor has no way to verify this except to ask at the time of the audit for a demonstration. This is a poor substitute for actually performing the test oneself because operators do not always follow the proper methods, and flaws in sampling are often detected during audits.

Especially in the auditing of fresh produce operations, much more scientific information is needed to strengthen the audit criteria. In the Jensen Farms case, for example, the court found that chlorine should have been used to sanitize the cantaloupe. However, the scientific literature does not support a significant reduction in Listeria with a chlorine wash once the organism has attached to a fruit. FDA guidance at the time of this outbreak did not specifically require the use of chlorine in single-use potable water used to wash and cool the cantaloupe. The audit standard used by the audit firm also did not specifically require the use of a sanitizer such as chlorine to sanitize single-use water. Uncertainty in the scientific basis for critical sanitation rules and changing perspectives about the need for controls makes the process for assessments volatile, and much more solid practical scientific information is sorely needed.

Equipment used in most food processing environments (operations that cut produce, or otherwise alter the form of raw products) must meet well-understood design standards for cleanliness and sanitation. Independent standard-setting bodies such as UL and NSF typically set design criteria for food processing equipment in regulated industries, but such certifications are lacking in operations packing whole fresh fruits and vegetables. At Jensen Farms, the packing equipment used did not have to meet pre-approval by any recognized body, yet FDA found that the condition of the packing line conveyor was a substantial contributing factor to the outbreak. An auditor is in a difficult position to make a determination about the acceptability of a variety of equipment under a wide variety of usage conditions without the aid of such certifications or agency pre-approvals.

Produce facilities currently do not need to meet a pre-approval process for their physical construction either. In the Jensen Farms outbreak, the failure to properly discharge and control wastewater was found to be significant by FDA, as were the condition of the floors, yet we have no published guidelines for construction of the facility itself. Given the wide variation in locations and variety of produce operations in general, the lack of a formal building code is a major hindrance to an effective audit.

The review of laboratory findings greatly strengthens the validity of audits, but only when the findings are verifiable and accurate and the sampling methods and results are free of bias. Unfortunately, the way the standard used was interpreted, testing of equipment was optional. If there was one thing that would have alerted the operation to the danger, it would have been a positive finding of Listeria in an equipment or environmental sample. If investigators can find the agent after the fact in food, it only makes sense that, especially with products with a known potential for causing illness, product and environmental testing results are critical to an evaluation of a firm’s true level of safety. This is another area that needs significant strengthening.

While audit companies are rightly focused on the process their auditors follow in executing an audit, it is clear that audit results, however true they might be to the standard and inspection protocol, often lack substance. It is also clear that auditors are not entirely capable of detecting unsafe operations the way audits are performed now, and they are totally ineffective at stopping such operations, even when they observe gross contamination of products.

Because the court in the Jensen Farms case has found that auditors have a legal and moral responsibility to protect public health, auditing companies and the food industry as a whole must address these basic weaknesses and solve the problem of auditors being responsible to protect public health without the legal authority to do so.

© Food Safety News
  • Oginikwe

    Thank you for this very informative article.

    • Roy Costa

      You are very welcome.

  • Erica

    So it sounds like the Jensens are getting hung out to dry when they weren’t doing anything wrong because there are no standards to adhere to.

    • Roy Costa

      Erica, no I don’t think that. This whole matter has changed the way we must look at food safety in produce. The responsibility to keep products unadulterated is in the hands of these suppliers, it doesdn’t matter if the operator meant this to happen or was ignorant. It is also unprecedented that in the criminal trial of the farmers, the court found the third party auditor (an indepndent observer), shares this responsibility. These opinions, although they might seem to be unfair, will make the industry more responsible to protect the public. Whether the Jensen’s and and the auditor for that matter had everything in hand they needed is another debate.

  • Kellie Bauman

    No, that is not what this says. The FDA report made it clear that Jensen Farms had many issues. They are certainly not being ‘hung out to dry.’ Did you read the FDA report?

    • roy costa

      The operation had conditions that were conducive to the growth and survival of Listeria. This could have been detected, there should have been a sampling program in place but because of the way the standard was written they didn’t do this. We have laws, however, outside the third party standard in violation. This is what FDA is telling us. So the guidance and methods used in the evaluation by FDA was different then the one used by the auditor and the one the Jensen thought he was in conformance with. It has come out also that the operation was not running at the time the auditor saw it. The later inspection by FDA revealed things the auditor would never have seen. This is in complete disregard of the audit company’s policy that require the auditor to only audit when conditions are “normal” for the operation.

      I have performed over 700 of these types of audits and can tell you that conditions found on this farm by FDA can be found at too many operations. Keep in mind this is farming, not processing, and these so called “facilities” are often nothing more than open sheds.

      • Kellie Bauman

        Roy, my comment was directed at Erica, not yourself. I replied in the wrong place in the thread. I agree with you, I work in food safety, and count many produce companies (grower, packer, shipper, as well as processors) as my clients. :)