By Brandon Schwarz, Chief Executive Officer at Indeavor

A U.S. PIRG Education Fund report found that food recalls have increased 10% since 2013.

The uptick in recalls could be due partly to new technology and regulations that make it easier to catch contamination in the first place. Whether it’s through bacteria or suspect behavior (i.e., intentional contamination), even one recall is too many. No consumer should have to worry that the food they consume will make them sick, yet the Centers for Disease Control and Prevention estimate that 1 in 6 people in the U.S. suffers from a foodborne illness.

Since being signed into law on January 4, 2011, the FDA’s Food Safety Modernization Act (FSMA) has been the largest food policy reform focused on preventive response in recent decades. FSMA has seven rules, all specifying actions that must be taken to prevent contamination at each point of the food supply chain. That these ordinances were placed on the industry in the midst of a number of significant food recalls is no surprise.

The first six rules—Preventive Controls for Human Food, Preventive Controls for Animal Food, Produce Safety, Foreign Supplier Verification, Sanitary Transportation, and Accredited Third-Party Certification—are already being monitored for adherence by the FDA. The Intentional Adulteration (IA) rule was the last to be published in May 2016. Over three years later, the first deadline finally looms.

Here’s what you need to know to prepare for the final FSMA hurdle, along with some greater workforce management implications that you may not be considering.

The basics

For the first time ever in the U.S., the IA rule requires that facilities develop a Food Defense Plan. The goal is to protect against intentional contamination of the food supply, whether by terrorism or acts committed by insiders with access, that may cause wide-scale public health harm.

The first compliance deadline for large FDA-registered food facilities is July 26, 2019. This means that most food facilities will be expected to have a written and implemented Food Defense Plan next month. Small facilities with fewer than 500 full-time employees have until 2020 to comply.

In a nutshell, Food Defense Plans should identify vulnerabilities and mitigation strategies at each point, step, or procedure for every food product at the facility. Here’s what specifically needs to be documented:

  1. Vulnerability assessment: Identify vulnerabilities and actionable process steps for every type of product at the facility, outlining (1) potential impact on public health, (2) the degree of physical access, and (3) the ability to successfully contaminate said product
  2. Mitigation strategies: Discuss ways to reduce or prevent vulnerabilities at each stage
  3. Management components: Outline steps to ensure proper implementation of each mitigation strategy, including (1) the monitoring process, (2) corrective actions that will be taken if mitigation strategies are not properly implemented, and (3) verification to ensure monitoring is being conducted
  4. Employee training and documentation: Maintain recordkeeping on employee training activities


Proper employee training and easily traceable documentation are two critical aspects of keeping compliant with FSMA’s IA rule.

That seems obvious when you read over the FDA’s guidelines. But when you read between the lines, you may find yourself asking an important question. Am I able to properly keep records of employee data, from when and where they are working at any given time to training certifications and expirations, with my current processes?

Perhaps you have a time and attendance (T&A) system and aren’t concerned about this. Time and attendance records, however, do not show if the employee is qualified for the job(s) they are working on. Time and attendance records also do not show where an employee is at any given time; just that they showed up to work by punching in and left work by punching out. In other words, they’re just a lagging indicator that shows you if someone showed up to work, not where they were. This is problematic when it comes to complying with the IA rule.

Now more than ever, your facility needs to ensure that only workers with the right certifications are handling certain task. This is compounded with the added burden of being able to produce any required documents for the FDA within 24 hours of their request. You can see how quickly vulnerability assessments, mitigation strategy breakdowns, and subsequent training documentation can get lost (or be inaccurate) when your organization relies on hosting such vital information on paper or in spreadsheets.

All information needs to be centralized. Keeping data in the cloud makes it simple to achieve this level of visibility.

With manual processes, you do not get the luxury of real-time information that can help your facility prevent problems and miscommunications, exposing your organization to risk. With automated, cloud-based systems, however, you have an audit log of where every worker is stationed and when. Not to mention that such visibility will come in handy if there is suspicion of foul play, since you’ll have the accurate employee roster and their associated jobs for each shift. If contamination occurs, you have documented proof that only properly trained employees were working at each position, taking risk off the business.

Food for thought: Compliance starts with scheduling

At the end of the day, any potential problems that would bring about an audit (e.g., product recalls) can be mitigated with proper scheduling. The scheduling process is the first step taken to get an employee on the line. Whether they are tasked with mixing ingredients or sanitizing a machine, they need to be certified to do so and you need to be able to back this up with proper documentation.

So, it makes sense that FSMA trainings and other employee credentials should be taken into account at the point of scheduling. This proactive process can be referred to as skills-based scheduling, and it is easiest to achieve with an automated scheduling solution.

When you consider the costly implications of failing to comply with the IA rule, coupled with the risk you are exposing to the public with contaminated food products, the time is now to scrutinize your current scheduling and certification management processes.

Brandon Schwarz is the Chief Executive Officer at Indeavor. He has been with the company since 2010, focusing on enterprise workforce management solutions, implementation, and support. Solving complex workforce management challenges through leading-class technology and building a culture of innovation and teamwork continues to be his driving force. Visit