Feeling uncertain about mitigation strategies? You're not the only one! There have been major changes in how the issue is approached from the proposed to the final FSMA rule. When the FDA issued the proposed rule on intentional contamination they initially defined two different types of mitigation strategies: broad and focused.
Broad mitigation strategies encompassed several distinct areas including physical security, personnel security, securing hazardous materials, secure management practices, and crisis management planning.
Focused mitigation strategies were defined as specific to an actionable process step in a food operation where a significant vulnerability is identified, including appropriate measures necessary to reduce the likelihood of intentional adulteration. These strategies were customized to the processing step at which they are applied, tailored to existing facility practices and procedures, and dependent on an evaluation of the significant vulnerability associated with the actionable process step at which they are applied.
When the proposed rule was issued, the FDA asked for comments to the rule. Industry members responded that these definitions were confusing and the lines between broad and focused mitigation strategies could be blurry. Hearing these comments, the FDA removed broad and focused categories from the final rule and revised the definition:
Mitigation strategies are risk-based, reasonably appropriate measures that a person knowledgeable about food defense would employ to significantly minimize or prevent significant vulnerabilities identified at actionable process steps, and that are consistent with the current scientific understanding of food defense at the time of the analysis.
Using this definition, it is clear that the formerly named broad, focused, or a combination of mitigation strategies could be implemented to significantly reduce an identified vulnerability.
Mitigation strategies are developed and determined by the risk-based vulnerability assessment completed by each facility. Mitigation strategies required to significantly reduce an identified vulnerability are flexible. What works at one facility may not at another location. Therefore, mitigation strategies and vulnerability assessments are required to be facility specific.