IJCA - Volume 3 - Flipbook - Page 52
50 The International Journal of Conformity Assessment
Food Safety Due Diligence Process
So, how is food safety due diligence conducted?
As a general rule, it involves identifying regulatory,
operational, and reputational hazards, and risk
mitigation through document reviews, on-site
inspections, staff interviews, gap assessments,
and the issuance of a final report containing overall
analysis and recommendations. The final due
diligence report should include both the positive and
the negative aspects—identifying risks and noncompliances, while also recognizing good (or great)
practices and programs. The following are key areas
of focus for each of the three hazards:
Regulatory. Although 80% of all food in the U.S. is
subject to FDA governance, there are other regulatory
agencies and standard bodies to which food
companies are held. For example, meat, poultry, and
eggs are subject to USDA regulations, while food
service and retail companies are primarily answerable
to state health inspectors, in alignment with the FDA
Food Code. Within these realms, however, there are
further differentiations. For instance, FDA’s FSMA
regulations include specific rules for produce safety,
human foods, and animal foods; imported foods
or ingredients undergo additional oversight before
entering the country; seafood and juice are required
to implement Hazard Analysis Critical Control Point
(HACCP) systems; and foods intended for infants
or other vulnerable populations have highly specific
requirements. Thus, it is critical that those conducting
due diligence know and understand all regulations to
which the particular company is liable.
In addition to regulations, the food industry has
standards and certifications that are often required
by their downstream customers. The most common
of these is the Global Food Safety Initiative (GFSI),
to which a company can obtain certification
through different schemes. A high score on a GFSI
certification may indicate a quality company that
is likely to be compliant with all applicable laws.
However, sometimes GFSI audits are questionable
in their accuracy. Therefore, it is not advisable for
an investor to rely solely on a GFSI audit as its due
diligence. A company required to have a HACCP
plan can also obtain HACCP certification through
third-party accreditation, further demonstrating its
qualifications. In the food service arena, most states
require food handler certifications, with many also
requiring a certified food protection manager to be
onsite whenever food is handled.
Documentation should also be assessed for the
company’s management of its supply chain, ensuring
that both regulations and best practices are followed,
and showing evidence of a full traceability program
should a recall be required. Understanding the
company’s supply chain and the sources of its raw
materials are critical to assessing potential risks,
as issues in the supply chain can directly impact
food safety.
Regulatory assessment is a matter of document
review of current and archived records related to the
company’s supply chain, processing practices, and
distribution. The review should be conducted by a
person who has full knowledge of the requirements
for the specific company and food. Ideally, this
document review should be complemented by an
on-site visit to determine whether the company is
operating in a regulatory compliant fashion. The
combined review should provide a full picture of the
company’s regulatory compliance, identifying any
instances of non-compliance (e.g., FDA inspection
observations, warning letters, recalls, etc.). While
these should be investigated, they do not necessarily
provide cause for current concern if they have been
