A Guide to the New FDA Traceability Requirements
In late September 2020, the FDA unveiled the FSMA Proposed Rule for Food Traceability, a 55-page document that aims to standardize traceability practices for foods deemed to be high-risk. While the proposed rule is rather long, we’ve identified some key points for food, beverage, and CPG facilities to note.
NOTE: The FDA Food Traceability Rule had been finalized since the writing of this blog post. Please refer to the following post for the most up-to-date information: "The FDA's Final Food Traceability Rule"
Foods on the Food Traceability List (FTL) & How They Were Chosen
The FDA’s proposed traceability requirements focus on high-risk foods, though the verbiage largely avoids directly referring to the foods as such. This is likely a means of sidestepping any sensitivities around certain foods that are declared high-risk and thwarting the notion that any foods not on the list are automatically risk-free.
With that being said, the foods on the list do indeed pose an elevated risk, which was determined by a ranking algorithm that identified microbiological and chemical hazards. The Food Traceability List (FTL) comprises the following 16 foods identified by independent academics and industry experts:
Cheeses (excluding hard cheeses)
Leafy greens
Ready-to-eat deli salads
Crustaceans
Melons
Shell eggs (from domesticated chickens)
Cucumbers
Mollusks
Sprouts
Fin fish
Nut butters
Tomatoes
Fresh herbs
Peppers
Tropical tree fruits
Fresh-cut fruits and vegetables
According to the rule, the list may be updated as needed.
One of the challenges of the proposed rule is that it’s not only FTL foods themselves that must be considered, but also foods that contain them as ingredients. Since many Food & Beverage companies have extensive product lines, using an electronic food safety management program like SafetyChain can help leaders track all of the products that would fall under the rule to ensure compliance.
Key Data Elements & Critical Tracking Events
The two pillars of the proposed rule, Key Data Elements (KDE) and Critical Tracking Events (CTE), first appeared in the recommendations for improved product tracing provided by the Institute of Food Technologies in 2012. KDEs call for the collection and communication of important traceability data, which should take place at critical points in the supply chain (CTEs).
An advisory group recommended the FDA develop a consistent set of record-keeping requirements, including the implementation of standardized technology to capture KDEs, which could then be used to trigger investigations and reduce traceback times should there be an outbreak or recall. The FDA adopted this premise into the proposed rule, stating that traceability lot codes and additional KDEs should be recorded and linked to enable product tracing when foodborne illness outbreaks or recalls arise.
The FDA has created an interactive guide to illustrate examples of CTEs and KDEs throughout the supply chain. KDEs vary based on the nature of one’s business; for instance, growing, receiving, transforming, creating, and shipping foods will all have different data requirements. Here’s a closer look at how these activities (tracking events) are defined:
Creating: producing a food on the FTL via a process that uses ingredients with foods not on the list. An example is peanut butter; peanuts themselves are not on the FTL, but peanut butter is.
Growing: (typically produce) an initial step in the supply chain that would require a traceability lot code to be created and linked to growing area coordinates (sprouts have proposed additional requirements, including seed lot codes)
Receiving: an event in which food is received by a customer (other than the consumer) following transportation
Shipping: the transportation of food from one location to another
Transforming: changing of any food on the FTL, including its package or label
A comprehensive list of KDEs for each of these CTEs has been provided by the FDA. KDEs must include traceability lot codes for all.
Establishing and tracking these lot codes would require significant time and effort. The FDA acknowledges that implementation would impose compliance costs on some businesses including initial capital investment. Using standard NPV calculations, however, they project that the financial benefits alone far outweigh the costs based on an estimated 84 percent reduction of traceback time resulting from the requirements of this rule. A paper-based system would be far too unwieldy to manage, but SafetyChain’s centralized record-keeping system can take lot code tracking out of the binder and into the Cloud for a simplified, accurate approach.
A Look into Record-keeping Requirements
Traceability efforts have already been tightened across the industry since the requirement of tracing “one step forward, one step back” in the supply chain was outlined in the Bioterrorism Act of 2002. Yet, barriers to the quick access of accurate and complete data have continued to impede the agency’s response to foodborne illness outbreaks. By synchronizing traceability practices across the industry, links will become more defined, making it easier to trace the source of contaminated products.
To achieve this goal, the FDA’s proposed rule requires Food & Beverage companies to include the following records:
All shipped FTL foods: Companies should maintain a list that includes a description of all FTL foods shipped, along with a traceability product identifier.
Reference records: Companies should have a description of traceability reference records and how different information is linked, such as purchase orders and bills of lading.
Traceability lot codes: Companies must develop traceability lot codes that identify different types of food at any point when it is originated, created, or transformed. A description of how these codes are developed and assigned is also required.
As you might imagine, this introduces a great deal of data into food, beverage & CPG companies, many of whom are already scrambling to keep up with the amount of information generated in their plants each day. SafetyChain is a centralized solution with a program manager feature for all of your regulatory and non-regulatory programs, offering a simplified document repository that streamlines record-keeping. In addition to food safety, quality, and compliance programs, it can also help you implement and maintain a robust traceability program that satisfies FDA requirements.
Additionally, the FDA requires that any additional information relevant to traceability records (abbreviations, classification systems, and so forth) be included in records. Companies would also have to either use electronic records or legible paper records that could quickly be transformed into sortable spreadsheets and provided to the FDA within 24 hours upon request. This would include detailed traceability information, with specified date ranges and across all foods in question.
The request for accurate and updated records with just 24 hours’ notice could put enormous pressure on companies using paper-based traceability programs. They’d have to locate the documents, review them for accuracy, and then compile them into a searchable spreadsheet with only the requested information — more or less overnight.
With SafetyChain, all this can be achieved in just a few clicks. An intuitive dashboard makes it easy to quickly call up records by product type, date, line, lot, and other filters. These customized reports are easily shareable, so you can pass them along to any parties as needed. You can also put controls in place to ensure that data is collected consistently and shared with only specific individuals.
Rule Exemptions
There are certain exemptions to the proposed Food Traceability Rule, including small farms that sell directly to the public, small retail food establishments, and nonprofit food establishments.
Proposed Compliance Date for the FDA Traceability Requirements
The FDA has proposed a compliance date of two years following the final regulation, and unlike with many prior rules, there is no gradual roll-out by business size. All affected parties must comply by the same date.