Co-authored by Brian Gross 

A company’s interest in protecting its brand by providing a safe product to consumers, in conjunction with the increased regulatory requirements set forth under the Food Safety Modernization Act (FSMA) require that entities active in the food supply chain take appropriate measures to verify that their suppliers comply with Current Good Manufacturing Practices (cGMPs).   It is incumbent upon every business involved in the food supply chain to perform its own due diligence with respect to its suppliers, including, confirming FDA registration, making Freedom of Information Act (FOIA) requests for documentation generated or retained during FDA inspections of suppliers’ facilities, reviewing suppliers’ Food Safety Control plans, Hazard Analysis and Critical Control Point (HACCP) plans and/or Allergen Control Programs, and conducting regular audits of their facilities.  Not every business, however, has the internal expertise to personally audit their suppliers’ facilities.  Furthermore, the current market demands, in which consumers expect local, organic foods, means that many businesses must purchase their products from a larger, more diverse group of suppliers.  This creates an issue because many businesses lack the resources to perform regular audits of all their suppliers’ facilities.  Companies cannot rely upon the FDA to audit their suppliers, as it lacks the funding necessary to audit food processing companies both domestic and abroad with the regularity necessary.   In fact, the FSMA only requires that the FDA inspect domestic high-risk facilities once by 2016, and at least every three years thereafter.  Third-party audits provide a cost-efficient alternative which, if properly regulated, can ensure a high quality of food without the insurmountable costs associated with having to individually audit each supplier.  For that reason, third-party audits will inevitably play a larger role in future food safety.

The failures of the third-party audit system are well documented.

Frequently, suppliers are required to undergo an audit as a condition precedent to doing business with a buyer.  In that scenario, the suppliers retain the third-party auditor, schedule the date of the audit, and are often able to directly or indirectly exert control over the standards which are applied.   Obviously, this set-up presents a host of issues.  If the supplier retains and pays the auditor, it then becomes the auditor’s customer, which creates a conflict of interest.   The auditor’s evaluation of the supplier’s facility may not be as stringent as it should be based on its desire to obtain additional work from the supplier.  Moreover, when the supplier dictates the date of the audit or is given too much advance notice, it can remediate any issues which would otherwise negatively impact the results.  Thus, the facility and practices assessed by the auditor do not necessarily reflect those employed by the supplier in the normal course of business.

Recently, the problems associated with the current third-party audit system were highlighted by the cantaloupe listeria outbreak which originated at Jensen Farms.  As a result of that outbreak, 139 people have become infected, and 29 were reported dead.  Jensen Farms, at the behest of its customer Frontera Produce, retained Primus Group to perform a third-party audit.  Primus Group subcontracted out the audit to a different vendor which, just days before the outbreak began, gave Jensen Farms an audit score of 96 percent. An FDA inspection performed at Jensen Farms following the outbreak found widespread contamination, unsanitary practices, and pooling of water on the floor near equipment and in employee walkways, all of which are conditions that can lead to the spread of listeria.   Based on the available information, it appears that the audit performed by Primus Group’s subcontractor was inadequate, and only served to provide false confidence to the customers of Jensen Farms that its facilities and practices were in accordance with cGMP, the standard against which Jensen Farms was audited.  There were similarly misleading audits conducted prior to other recent outbreaks as well, such as the Peanut Corporation ofAmericaoutbreak in 2009 and the Wright County Egg outbreak in 2010.

Perhaps the most important issue to be addressed in improving the efficiency and value of the third-party audit system is the adoption of universal standards.   Neither the FDA nor the FSMA has mandated a set of standards.  There are, however, numerous other acceptable standards in existence.  The most prominent set of standards are those used by the Global Food Safety Initiative (GFSI), a non-profit foundation formed through a collaboration of food safety experts employed by retailers, manufacturers and food service companies.   The GFSI sought to “take a harmonized approach to the recognition of food safety standards and their supporting systems,” by adopting various standards, such as Safe Quality Food (SQF), British Retail Consortium (BRC) and International Food Standards (IFS).  Many companies are reluctant, however, to adopt the GFSI recognized schemes because they are the highest standards available and suppliers fear significantly higher costs associated with compliance.  This view is shortsighted.  Not only will adoption of GFSI accepted food safety schemes ensure a higher quality product, which diminishes costs associated with future contamination and damage to your brand, it also means fewer audits because buyers can trust the results of those previously conducted.

A more difficult question is how to alter the customer/employee relationship which commonly exists between the supplier and third-party auditor.  Ideally, the company that intends to purchase food from the supplier (“the buyer”) would willingly assume the costs of the third-party auditor.  In doing so, the buyer would become the third-party auditor’s customer and can then dictate the terms of the audit, such as timing, standards and stringency.   It is unlikely, however, that the buyer will willingly accept both the costs and duties associated with the control of third-party audits conducted relative to their suppliers.   One proposal offered as a potential solution to this issue involves a statutory scheme pursuant to which auditors would bear liability in instances where it can be demonstrated that they negligently overlooked or failed to detect unsafe conditions and/or practices which caused or contributed to an outbreak.  Another option is to mandate that third-party auditors who negligently undertake their duties and fail to uncover or report dangerous conditions be stripped of their accreditation/certification and precluded from conducting further audits until they complete extensive additional training.  .

The third-party audit system is necessary to the successful implementation of the FSMA, and provides an efficient, cost-saving alternative for buyers who need to ensure their suppliers are in compliance with modern food safety practices and standards.  Unfortunately, as evidenced by the recent cantaloupe listeria outbreak, the present system is flawed.   Overcoming those flaws, however, can be accomplished through the universal acceptance of a set of standards, such as the GFSI accepted food safety schemes, and the realignment of the relationships between the supplier, buyer and third-party auditor.   The role of third-party audits is only going to increase, thus, it is in the interest of the supplier, buyer and consumer that these changes are realized sooner rather than later.