Due to the volume of content involved, this may take a few minutes to load!

Sign up for free today!

Sign Up

Premier Online Food Safety and Quality Management Resource

Business Continuity and Crisis Management

Development – To define detail, scope and purpose.

User Uploaded Image Let us help you to develop integrated Food Safety and Quality solutions that level the playing field and get you ready to control your hazards. In fact, we're experts in helping you to establish effective systemic tools, drive continuous improvements and show you where your most effective outcomes originate.
Website: https://alimentex.com/
Sales Contact Person: Aron Malcolm
Sales Contact Email: achievegreatness@alimentex.com

Training participants will gain a basic understanding of Business Continuity and Crisis Management and its applications within food safety and quality systems. Basic knowledge competency will be verified through successful completion of the accompanying Business Continuity and Crisis Management assessment activity. Basic skill competency can be verified through the Business Continuity and Crisis Management competency checklist available as a resource for this training activity.

Key Definitions For Business Continuity and Crisis Management
- Business Continuity: Business continuity is the ability of an organisation to continue to function, even after a disastrous event. Outcomes should include the ability to ensure that critical business functions will be available to customers, suppliers, regulators and other relevant entities after a disastrous event.
- Crisis Management: Crisis management includes actions taken by an organisation in response to unexpected events or situations with potentially negative effects that threaten resources and people or the success and continued operation of the organisation.

Business Continuity and Crisis Management Development 
When considering the development, documentation and implementation of Business Continuity and Crisis Management within food safety and quality management systems, the following information should be considered to ensure effective outcomes:

About Business Continuity and Crisis Management 
Business Continuity and Crisis Management plans are developed, documented and implemented to ensure a food business has a structured and tested system to deal with known threats to the supply of safe and quality finished products. Business continuity plans may be strongly linked to systemic elements including those for food recall and withdrawal.

Contemporary food businesses are required to have in place business systems which not only facilitate the production of safe and quality foodstuffs; these systems must also ensure where possible that production and supply of foodstuffs to customers are not disrupted by manageable incidents or emergency situations. Business Continuity and Crisis Management includes the development of plans to reduce the risk of a crisis occurring and to deal with any crises that do arise, and the implementation of these plans to minimise the impact of crises and assist the organisation to recover from them. Crisis situations may occur as a result of external factors such as the development of a new product by a competitor or changes in legislation, or internal factors such as a product failure or faulty decision making, and often involve the need to make quick decisions on the basis of uncertain or incomplete information.

Within the context of food industry compliance standards, the terms Business Continuity and Crisis Management are often exchanged for other terms including Emergency Preparedness and Incident Management.

It is important to consider that the Business Continuity and Crisis Management system may have strong links to the established Product Recall and Product Withdrawal systems within a food business. This may become apparent both pre-activation and post-activation of the Business Continuity and Crisis Management protocols.

The following examples are provided as indicators of prospective related interactions:
- Pre-activation: This is where a Product Recall or Product Withdrawal may have been implemented, and the Business Continuity and Crisis Management systems may need to be activated as a result of the Product Recall or Product Withdrawal. An instance of such an occurrence may include where the outcomes of the investigation into a Product Recall or Product Withdrawal show that there has been a substantial incident that has impacted upon product safety or quality;
- Post-activation: This is where a Product Recall or Product Withdrawal may have been conducted as a result of the outcomes of a Business Continuity and Crisis Management incident. This may be where a significant incident has been identified within the business operation that may have potentially impacted upon the safety or quality of foods dispatched from the food business.

Business Continuity and Crisis Management review activities should be scheduled, conducted and recorded on an ongoing basis. Such activities are not dissimilar to a Mock Recall, in which a hypothetical scenario is devised, and the Business Continuity and Crisis Management system is activated within the food business. The Business Continuity and Crisis Management procedures are followed, and records are maintained to show a diary of events and timeframes. Mock Business Continuity and Crisis Management are commonly scheduled to be conducted at least annually.

Business Continuity and Crisis Management System Elements 
Elements of a Business Continuity and Crisis Management system usually consist of documented policies and procedures for:
- The type of events that would constitute the activation of the Business Continuity and Crisis Management system;
- Designated nominations for responsibility for the application of the Business Continuity and Crisis Management system;
- Contact listings for persons or entities with responsibility for the application of the Business Continuity and Crisis Management system. Contact listings should contain details for primary and secondary methods of contact, including after-hours options;
- Communication to contact listees, consumers, regulatory authorities within an appropriate timeframe;
- Business Continuity and Crisis Management links to recall and withdrawal procedures, including requirements for stock reconciliation, logistics, product recovery, product storage and product disposal where applicable;
- Notification of relevant customers, food standards certification bodies and other stakeholders whenever the Business Continuity and Crisis Management systems are activated;
- Specific corrective and preventative action measures or processes;
- Business recovery plans.

Contact listings for Business Continuity and Crisis Management should be inclusive of the following where applicable:
- Business Continuity and Crisis Management team members;
- Emergency services;
- Suppliers;
- Customers;
- Food standards certification bodies;
- Regulatory authorities;
- Analytical testing laboratories;
- Legal representatives;
- Press representatives;
- Financial representatives;
- Insurance representatives;
- Staff and union delegates;
- Business recovery specialists.

Business Continuity and Crisis Management systems are commonly developed, documented and implemented into food businesses to define the procedures and responsibilities for handling contingencies such as Disruption to Key Services, Destruction of Premises or Equipment or Malicious Contamination of Sabotage.

Disruption of Key Services 
Disruption of key services may include instances in which the following are impaired within a food business:
- Potable or non-potable water;
- Electricity;
- Transport access;
- Staff availability;
- Telephone access;
- Internet access;
- Email access.

Destruction of Premises or Equipment 
Destruction to Premises or Equipment may occur due to:
- Fire;
- Flood;
- Storm damage;
- Natural disasters.

Malicious Contamination or Sabotage
In an age where instances of terrorism and sabotage are common place, it is important to ensure that deliberate malicious contamination or sabotage of products or process is prevented.

Consideration of such prevention may take into account the following:
- Screening of staff members, contractors and visitors with access to critical areas or systems within a food business;
- Fitting or cameras or other monitoring devices which are not in breach of privacy laws;
- Commissioning of metal detection or X-ray devices for raw materials, work in progress or finished products.

Defining Business Continuity and Crisis Management Risk 
As with any food safety and quality system element, Business Continuity and Crisis Management require a structured approach to defining the risk associated with outcomes of food business incidents. A factual approach to decision making defines a business' ability to use accurate information and data as a foundation for decision making.

The benefits of a factual approach to decision making include:
- Enhancing the outcomes of all decisions made within the business operation.
- Decisions founded on objective data and information, and the ability to demonstrate the effectiveness of decisions through referencing to objective data and information.
- Increased accessibility of relevant data and information for those who require it.
- Enhanced abilities regarding the inclusion of experience, skill and knowledge within the decision-making process.
- Reliance on data and information gained from reputable sources.

About Risk Management 
Risk Management principles can be applied throughout all sectors of all food industries, and throughout all business systems, including food safety, food quality, workplace health and safety, finance and operational management.

Risks are an unavoidable component of any business operation. Risk taking is essential to progression and success, and failure is often a key part of learning. Although some risks are inevitable, this does not mean that attempting to recognise and manage risk will harm opportunities for creativity.  It is important to keep in mind that risks are generally known by management, but are often poorly communicated. Usually, communicating risks down the chain of command is easy, but communicating risks up the chain of command is difficult. The risk management process is ongoing, and requires constant analysis, as agenda elements need to be decided, implemented and managed.

Risk management processes are best managed by multidisciplinary teams. When risk management teams use proactive risk management, the continuous assessment creates data and information that can then be used for decision-making in all phases of the scope of the risk management activity. The team must ensure that risks are identified, managed and resolved in a manner that is facilitative of continuous improvement for the business involved.

The Risk Management Process 
Contemporary risk management processes are inclusive of the following 5 elements:
- Risk Identification;
- Risk Analysis;
- Risk Action Planning;
- Risk Tracking; and
- Risk Control.

Risk Identification 
Risk identification is the first step in the proactive risk management process. Risks must be identified before they can be managed. Risk identification provides the risk management team with opportunities, stimulus and information that allow them to surface major risks before they have an impact upon the business. This risk identification step involves adequate and appropriate communication between team members and stakeholders to be successful. It is a powerful way to expose assumptions and differing viewpoints between all parties involved in the risk management process.

Risk Analysis 
Risk analysis is the conversion of risk data into risk decision-making information. Thorough risk analysis ensures that the risk management team is managing appropriate risks. During this step the risk management can use a system which identifies the following:
- Risk identifier: The name the team uses to uniquely identify a risk analysis nomination for reporting and tracking purposes.
- Risk source: The focus area and the risk factor that were used to identify the risk.
- Risk condition: A description of the existing condition that could possibly lead to a negative outcome for the business.
- Risk consequence: A description of the negative outcome that would occur for the business if the risk became certain.
- Risk probability: An expression of a percentage greater than zero and less than 100 percent that represents the likelihood that the risk will result in a negative outcome for the business.
- Risk impact classification: Whether the impact of the risk is financial, strategic, technical, legal, or another category.
- Risk impact: The magnitude of impact should the risk actually occur. This number could be the dollar value of the loss or simply a number between 1 and 10 that indicates relative magnitude. The result of multiplying risk impact by risk probability is often used to rank risks.
- Risk exposure: The overall threat of the risk to the business, balancing the likelihood of actual loss with the magnitude of the potential loss. The team uses risk exposure to rate, rank and prioritise risks.
- Risk context: A paragraph containing additional background information that helps to clarify the risk situation.
- Related risks: A list of risk identifications the risk management team uses to track interdependent risks.

Risk Action Planning 
Risk action planning is the third step in the risk management process - It turns risk information into decisions and actions. Planning involves developing actions to address individual risks, prioritising risk actions, and creating an integrated risk management plan, which may contain the following:
- Risk identifier: The name the risk management team uses to uniquely identify the risk statement for reporting and tracking purposes;
- Risk statement: The description of the condition that exists that could possibly lead to a negative outcome for the business and describing the negative outcome that would occur if the risk were to become certain;
- Risk management strategy: A statement describing the risk management team strategy for managing the risk, including any assumptions that have been made;
- Risk management strategy measures: The measures the risk management team will use to determine whether the planned risk management actions are working;
- Action items: A list of actions the risk management team will take to manage the risk;
- Due dates: The date when the risk management team will complete each planned action item;
- Personnel assignments: The people assigned to perform the action items;
- Risk contingency strategy: A description of the team strategy in the event that the actions planned to manage the risk does not work. The risk management team would execute the risk contingency strategy if the risk contingency strategy trigger were reached;
- Risk contingency strategy metrics and trigger values: The measures and triggers the risk management team will use to determine when the risk contingency strategy should be put into effect and if the contingency strategy is working.

Risk Tracking
Risk tracking is the fourth step in the risk management process. This step is where the risk management team monitors the status of risks and the actions it has taken to observe and control them. Risk tracking is essential to effective risk action plan implementation. This means defining the risk measures, and triggering events needed to ensure that the planned risk actions are working. Tracking is the observation function of the risk action plan. Risk reviews are a recommended item to include in each program review.

Risk Control 
Risk control is the final step in the proactive risk management process prior to proceeding back onto the risk analysis step. After the risk management team has chosen the risk measures and the triggering events, there is nothing defined about the risk management process; it simply becomes a component of the business management process. Risk control is intended to manage the risk action plans, correct for variations from the risk action plans, respond to triggering events, and improve the general risk management process.

Where a Business Continuity and Crisis Management incident has occurred as an outcome of a customer complaint, it is important to ensure that the appropriate actions are taken for the complaint, as well as for other requirements:

Customer Complaint Investigation, Results Notification and Resolution 
The complaint should be investigated immediately by a suitably qualified person from your business, or by an approved external specialist.

The investigation should answer the following questions:
- How did the problem occur?
- Did the problem occur in your manufacturing plant or was it caused by a raw ingredient or package received from a supplier?
- Could the problem affect other products?

All products that may have been implicated by the problem should be immediately risk assessed and investigated.

Record in your customer complaint file:
- The name of the person from your business who investigated the complaint;
- Date and time of the investigation;
- Investigation findings;
- Other products that may be affected by the problem;
- Corrective Action taken;
- Preventative action taken or proposed Actions to be implemented.

Where Customer Complaints involve allegations such as foreign objects, samples of such objects may be provided by the complainant. During the investigative process, it is in the best interests of the food business involved to:
- Test the foreign object to confirm its composition, which can then provide information regarding the source of the material;
- Assess the size of the foreign object against the size of physical contaminant control, such as screens, filters or metal detectors within the process. This may provide useful information regarding the genuine nature of the complaint, or may also provide a stimulus for considering deliberate product contamination. Where an identified foreign object is extremely unlikely to have originated from raw materials or through processing, consideration should always be given to the potential for deliberate product contamination of a false complaint.

After giving the matter proper consideration, if key team members have reason to believe that a foodborne illness incident has occurred, the following contacts should be facilitated within an appropriate timeframe:
- Key Customers: Contact key customers who on-sell the items manufactured by your food business;
- Legal Representative: Advise your legal representative of the situation and the action taken. Although your attorney will most likely recommend that you co-operate fully with the health department, he or she may want to be included in the investigation to ensure that the rights of all concerned are properly respected;
- Insurance Agent: Depending on the nature and the extent of the outbreak, your insurance company may become involved. It is advisable to inform your agent at the beginning of an official investigation.

Once the investigation has gathered as much information as possible from all relevant sources:
- Contact the senior management of the business and all relevant personnel. These contacts should be made aware that the person handling the complainant has gathered all of the relevant information. If it is ascertained that more information is required from the complainant or other sources, additional details must be collated and recorded as soon as possible. The responsibility is now placed on the food business to determine whether or not any of the alleged suspect food remains at the business premises. If any such foods are located, they must be hygienically segregated, secured and identified so as not to potentially cause further foodborne illness;
- When you have all of the investigation findings, a decision of notification to relevant authorities should be made. This process may include contacting the local heath authority to ensure that the corrective and preventative actions applied are appropriate considering the situation. It is important to consider that a multi-tiered contact structure may be required for regulatory bodies. Relevant food legislation must be followed to ensure appropriate notification of suspected or confirmed food borne illness incidents. Once this notification has occurred, it is often the responsibility of appropriate government departments to investigate the matter and assist with any related processes, which may include Product Recall and Product Withdrawal.

It is important to consider at this step that if your food business supplies foodstuffs manufactured to a customer’s specifications, you may be required to contact the customer prior to notifying the nominated regulatory body, particularly where “private label” branded products are involved. This is an important consideration as legal accountability for the regulatory compliance of any foodstuff often remains the liability of the “brand owner”, rather that the manufacturer.

A local health authority notification contact list should contain the following information:
- Name of the primary contact;
- Contact telephone number;
- Contact fax number;
- Contact email address;
- Contact postal address;
- Secondary contact details.

Outcomes of this notification process generally include details for:
- What to do with the affected product;
- How to correct the problem.

The following details should be recorded as an element of notifications:
- Who made the corrective and preventative action decision, including time and date;
- The details and dates of the corrective action taken with the affected product;
- The corrective action taken to fix the problem that caused the incident and any preventative actions taken to prevent reoccurrence.

If your food business supplies foodstuffs manufactured to a customer’s specifications, it is important to consider any specific Business Continuity and Crisis Management Development requirements in relation to their items.

The "General Content" pages within haccp.com include current and relevant information broken into the following elements: Develop, Document, Implement, Monitor, Corrective Action, Verify, Validate and Skills and Knowledge.

You can use the tabs provided at the top of the page body to navigate between these elements!

haccp.com is Your Food Quality, Food Safety and Food Risk Management resource! We encourage your participation in recommending content addition, updates and adjustment to ensure you access to the most current and relevant Food Safety and Quality information and resources available on the web. Please don’t hesitate to contact us with your suggestions.