Food Defence Plan: Protect Your Business with Our Food Defense Program Software!

By David Rigbye May 23, 2023

A Food Defence Plan (FDP) is a document developed by businesses in the food industry to protect their products, operations, and facilities from intentional adulteration, sabotage, or terrorism. The FDP is a preventive measure to identify potential vulnerabilities and to establish procedures and protocols to mitigate risks and respond effectively in case of an attack.

The Australian government requires food businesses to implement an FDP under the Food Standards Code to ensure food safety and security. The FDP aims to prevent or minimise the impact of intentional contamination on public health, economic stability, and national security.

The FDP should include a risk assessment to identify potential threats, an action plan to manage risks, and procedures to detect and respond to incidents. It should also involve training and communication strategies to inform staff, suppliers, and customers about the importance of food defence and their roles in maintaining it.

Having an FDP is critical for businesses in the food industry because it can:

  • Protect public health: Contaminated food can cause serious illnesses, and an FDP can help prevent intentional contamination from harming consumers.
  • Prevent financial losses: Food recalls, legal liabilities, and reputational damage can result in significant financial losses for businesses. An FDP can minimise the risks of these incidents.
  • Ensure business continuity: An FDP can help businesses maintain their operations and supply chains even in the face of intentional contamination incidents.
  • Meet regulatory requirements: Food businesses are required by law to have an FDP to comply with food safety regulations.

A breach in food defence can have severe consequences for public health, the environment, and the economy. Some of the consequences of a breach in food defence include:

  • Public health risks: Contaminated food can cause illnesses or death, depending on the severity of the contamination and the vulnerability of the population consuming it.
  • Legal and financial consequences: Food companies can face legal action, fines, and financial losses resulting from product recalls, lawsuits, and reputational damage.
  • Economic damage: The impact of food contamination can ripple throughout the supply chain, affecting other companies and industries and leading to significant economic losses.
  • Damage to brand reputation: Food companies may suffer long-term damage to their reputation due to negative publicity, loss of consumer trust, and loss of market share.

Step One – Risk Assessment

The risk assessment is the first step of developing a food defence plan. It is a critical component because it provides the basis for identifying and prioritising actions and measures to protect the food supply chain from intentional contamination or other security breaches. 

The risk assessment process enables businesses in the food industry to identify potential vulnerabilities and risks to their operations, products, and services, and to develop strategies to manage and mitigate those risks.

The risk assessment process typically involves several stages, including:

Identification of hazards

This involves identifying potential sources of harm, including the various types of intentional contamination that could affect the food supply chain.

These potential risks to food safety include:

  • Intentional contamination: Food can be intentionally contaminated with harmful substances such as chemicals, biological agents, or physical objects by disgruntled employees, terrorists, or criminals.
  • Unauthorised access: Unauthorised individuals may gain access to a facility, equipment, or ingredients and cause harm to the food or facility.
  • Cybersecurity threats: Cyberattacks on a company’s computer systems can result in the compromise of food safety information or the disruption of food processing and distribution.
  • Supplier risks: The ingredients, packaging materials, or equipment from suppliers may be contaminated or tampered with, posing a risk to the food product.
  • Sabotage: Deliberate damage to equipment, facilities, or product can result in food contamination.

Risk analysis

This stage involves evaluating the likelihood and consequences of each identified hazard.

Risk evaluation

This stage involves assessing the level of risk posed by each identified hazard, considering the likelihood of the hazard occurring and the severity of the consequences if it does occur.

Risk management

This involves developing and implementing strategies to control, mitigate, or eliminate risks that have been identified through the risk assessment process.

Step Two – Mitigation Strategies

Once the risks have been identified and assessed, you need to determine the strategies to mitigate those risks.

These can take many forms, depending on the nature and severity of the risks. Some examples of strategies that can be implemented to mitigate risks include:

Access controls

Access controls are measures that restrict access to facilities, equipment, and ingredients. Examples of access controls include physical barriers, identification cards, and biometric authentication.

Surveillance systems

Surveillance systems are technologies used to monitor and detect potential threats to the food supply chain. Examples include CCTV cameras, motion sensors, and alarms.

Employee training

Training employees on food defence measures and how to identify and report potential threats is essential in protecting the food supply chain from intentional contamination. Training can include topics such as hygiene practices, identification of suspicious behaviours, and reporting procedures.

Supplier management

Ensuring that suppliers comply with food safety and security requirements is essential in reducing the risk of intentional contamination. Strategies can include verifying supplier certifications, conducting audits, and maintaining clear communication with suppliers.

Incident response planning

Developing an incident response plan that outlines procedures to follow in the event of an intentional contamination incident can help to minimise the impact of the incident and protect public health. An incident response plan should include procedures for notification, containment, investigation, and communication.

Cybersecurity measures

Cybersecurity measures can help to protect against cyberattacks and data breaches that could compromise the security of the food supply chain. Strategies can include firewalls, encryption, and regular software updates.

Step Three – Response Plan

Mitigating risks helps to prevent breaches in food safety, but you also have to have procedures in place in the event that a breach occurs.

An example of the following are the steps that should be taken:

Notify authorities

The appropriate authorities, such as law enforcement or public health officials, should be notified immediately of the security breach or threat. The notification should include details of the incident, including the location, nature, and severity of the threat.

Contain the threat

The next step is to contain the threat to prevent further harm to the food supply chain. This can include isolating affected products, stopping production, and implementing access controls.

Investigate the incident

Once the threat is contained, an investigation should be conducted to determine the source of the contamination or threat, the extent of the damage, and any vulnerabilities that need to be addressed to prevent similar incidents in the future.

Communicate with stakeholders

Communication is critical in managing the impact of the incident and maintaining public trust. Clear and timely communication with stakeholders, including employees, customers, suppliers, and the public, is essential. The communication should include details of the incident, steps being taken to address the issue, and any potential health risks.

Implement corrective actions

Based on the findings of the investigation, corrective actions should be implemented to prevent future incidents. This can include changes to production processes, improvements in access controls, or employee training.

Review and revise the Food Defence Plan

The incident should be used as an opportunity to review and revise the Food Defence Plan to address any vulnerabilities or weaknesses that were identified during the incident.

Why are documentation and record-keeping an important part of a food defence plan?

Keeping accurate records of food defence activities and incidents is essential in protecting the food supply chain from intentional contamination and ensuring compliance with Australian Government regulations. 

Reasons why documentation is important include:

Identifying potential issues

Documentation helps to identify potential issues and vulnerabilities in the food supply chain management. Records of risk assessments, incident investigations, and corrective actions can help to identify patterns and trends in security threats and vulnerabilities. This information can be used to develop more effective strategies to prevent future incidents.

Compliance with regulations

Compliance with Australian Government regulations is critical in ensuring the safety and security of the food supply chain. Documentation provides evidence that food businesses are complying with regulations such as the Food Standards Code, the Biosecurity Act, and the Criminal Code Act. It also helps to demonstrate due diligence in the event of an incident.

Monitoring and reporting

Accurate documentation is essential for monitoring and reporting food defence activities and incidents. Records of employee training, access controls, and incident response procedures can be used to demonstrate compliance with regulations and to report incidents to the appropriate authorities.

Continuous improvement

Documentation provides a foundation for continuous improvement in food defence practices. By documenting incidents, investigations, and corrective actions, food businesses can track progress over time and identify areas for improvement. This information can be used to refine risk assessments and to update the Food Defence Plan to address emerging threats.

What are the regulatory requirements for a food defence plan in Australia?

In Australia, the regulatory requirements for a food defence plan are outlined in the Food Standards Code, Chapter 3.2. Food Safety Practices and General Requirements, Standard 3.2.1 Food Safety Programs

Specifically, clause 3.2.1(6)(c) requires that a food safety program for a food business that processes or manufactures food must include procedures for food defence that identify and prevent malicious contamination of food.

Standard 3.2.1 defines the six core elements of a food safety program. These are:

  • Hazard identification: the systematic identification of hazards that may be reasonably expected to occur in the food handling operations of the business
  • Hazard control: the identification of the control point and controls for each hazard
  • Monitoring: the systematic monitoring of the controls
  • Corrective action: the steps to be taken when a hazard is not under appropriate control
  • Review: regular reviews of the program to ensure that it is still effective
  • Record keeping: the records made and kept by a food business to show the action taken to ensure that the business complies with the food safety program

Tips for implementing a food defence plan

Here are some practical tips and advice for implementing a Food Defence Plan:

Identify a Food Defence Team

Establish a team of employees who are responsible for implementing and maintaining the Food Defence Plan. This team should include individuals from different areas of the business, such as production, quality control, and security. Each team member should have a clear understanding of their role in implementing the plan.

Establish Policies and Procedures

Develop policies and procedures that address the vulnerabilities identified in the risk assessment. These should include access controls, surveillance systems, employee background checks, incident response procedures, and communication protocols. The policies and procedures should be documented and regularly reviewed to ensure they remain current and effective.

Conduct Regular Training and Drills

Ensure that all employees are trained on the policies and procedures in the Food Defence Plan. This should include regular training sessions on food defence awareness, employee roles and responsibilities, and incident response procedures. Regular drills should also be conducted to test the effectiveness of the Food Defence Plan and identify areas for improvement.

Review and Update the Food Defence Plan

Regularly review and update the Food Defence Plan to ensure it remains effective and addresses emerging threats. This should include a review of policies and procedures, risk assessments, and incident response procedures.

How can Operandio help with the development and implementation of a food defence plan?

Operandio has all the features you need to effectively and reliably develop and implement a food defence plan, including;

  • The ability to delegate important tasks to your food defence team
  • Progress tracker so you can be sure that all food safety tasks are completed on time and important deadlines are being met
  • Extensive knowledge base so everyone understands their roles and responsibilities regarding food safety
  • Procedure storage that makes updates simple
  • Messaging services that allow for streamlined communication and feedback

Request a demo for Operandio today!