Tag Archives: procedure

HACCP

HACCP for Cannabis: A Guide for Developing a Plan

By Radojka Barycki
1 Comment
HACCP

Hazard Analysis and Critical Control Points (HACCP) is a systematic approach that evaluates hazards that may potentially be present in food products that can harm the consumer. The process used to manufacture the product is evaluated from raw material procurement, receiving and handling, to manufacturing, distribution and consumption of the finished product1. The documented process is what is known as HACCP plan. Although HACCP was designed to evaluate hazards in foods, it can be used to assess or evaluate hazards that may potentially be present in cannabis consumable products (edibles and vaping) that can cause harm to the consumer.

HACCP plan development requires a systematic approach that covers 5 preliminary steps and 7 principles. A systematic approach means that each step must be followed as outlined. Skipping a step will result in a HACCP plan that most likely will be ineffective to control potential hazards in the product.

The 5 preliminary steps are:

  1. Establish a HACCP team
  2. Describe the product
  3. Establish the intended use of the product
  4. Develop a flow diagram
  5. Verify the flow diagram

The 7 Principles are:HACCP

  1. Conduct a hazard analysis
  2. Identify the critical control points (CCPs)
  3. Establish critical limits (CL)
  4. Establish monitoring procedures
  5. Establish corrective actions
  6. Establish verification procedures
  7. Establish records and record keeping procedures1,2

It is important to mention that HACCP plans are supported by programs and procedures that establish the minimum operational and sanitary conditions to manufacture safe products. These programs and procedures are known as pre-requisite programs (PRP) or preventative controls1,2.

Figure 1. Flow Diagram

A multidisciplinary team must be established in order to ensure that all inputs of the product manufacturing process are considered during the hazards analysis discussions. The description of the product and its intended use provides detail information on ingredients, primary packaging material, methods of distribution, chemical characteristics, labeling and if any consumer might be vulnerable to the consumption of the product. A verified flow diagram is an accurate representation of the different steps followed during the product manufacturing process and will be used to conduct a hazard analysis. An inaccurate flow diagram will set the stage for an inadequate HACCP plan. Therefore, it is important that the HACCP team members verify the flow diagram. Figure 1 is a flow diagram for a fictional infused apple juice manufacturing plan that I will be using as an example.

The hazard analysis is the backbone of the HACCP plan. There are two elements that must be considered when conducting the hazard analysis:

  • Identification of the hazard associated with the ingredient(s) and/or the product manufacturing steps. These hazards have been categorized as: Biological, chemical (including radiological) and physical. Biological, chemical and physical hazards should be considered for each ingredient, primary packaging and process step. Also, it is important that the team is specific as to what hazard they are referring to. I often find that biological hazards are identified as “pathogens” for example. The team has to be specific on which pathogen is of concern. For example, if you are processing apple juice, the pathogens of concern are pathogenic coli and Salmonella sp. However, if you are processing carrot juice, you need to add Clostridium botulinum as a biological hazard also. If the choice of method to eliminate the hazards is pasteurization for example, the processing temperature-time combinations will differ greatly when manufacturing the apple juice vs. the carrot juice as C. botulinum is an organism that can sporulate and, therefore, is harder to kill.
  • Characterization of the hazard. This implies determining the significance of the potential hazard based on the severity of the consequence if it is consumed and the likelihood of occurrence in the ingredient or process step. Only steps in the process that has significant hazards should be considered further.
Table 1. Ingredient Hazard Analysis

In my professional experience, the hazard analysis is one of the most difficult steps to achieve because it requires the expertise of the multidisciplinary team and a lot of discussion to get to the conclusion of which hazard is significant. I find that a lot of teams get overwhelmed during this process because they consider that everything in the process may represent a hazard. So, when I am working with clients or providing training, I remind everyone that, in the bigger scheme of things, we can get stricken by a lighting in the middle of a thunderstorm. However, what will increase our chances would be whether we are close or not to a body of water for example. If I am swimming in the middle of a lake, I increase my chances to get stricken by the lighting. In comparison, if I am just sitting in my living room drinking a cup of coffee during the thunderstorm, the likelihood of being stricken by a lighting is a lot less. The same rationale should be applied when conducting the hazard analysis for manufactured products. You may have a hazard that will cause illness or death (high on the severity chart) but you also may have a program that mitigates the likelihood of introducing or having the hazard. The program will reduce the significance of the hazard to a level that may not need a critical control point to minimize or eliminate it.

Table 2. Process Hazard Analysis (1)

Clear as mud, right? So, how would this look like on the infused apple juice example? Table 1 shows the hazard analysis for the ingredients. Tables 2 and 3 show the hazard analysis for the part of the process. In addition, I have identified the CCPs: Patulin testing and pasteurization. There is a tool called the CCP decision tree that is often used to determine the CCPs in the process.

Once we have the CCPs, we need to establish the critical limits to ensure that the hazard is controlled. These limits must be validated. In the case of Patulin, the FDA has done several studies and has established 50 ppm as the maximum limit. In the case of pasteurization, a validation study can be conducted in the juice by a 3rd party laboratory. These studies typically are called thermal death studies (TDS) and provide the temperature and time combination to achieve the reduction of the pathogen(s) of concern to an acceptable level that they do not cause harm. In juice, the regulatory requirement is a 5-log reduction. So, let’s say that the TDS conducted in the infused apple juice determined that 165°F for 5 seconds is the critical limit for pasteurization. Note that the 5 seconds will be provided by the flow of the product through the holding tube of the pasteurizer. This is measured based on flow in gallons per minute.

Table 3. Process Hazard Analysis (2)

Monitoring is essential to ensure that the critical limits are met. A monitoring plan that outlines what, how, when and who is responsible for the monitoring is required.

Ideally, the system should not fail. However, in a manufacturing environment, failures can happen. Therefore, it is important to pre-establish steps that will be taken to ensure that the product is not out of the control of the facility in the event of a deviation from the HACCP plan. These steps are called corrective actions and must be verified once they are completed. Corrective actions procedures must address the control of the product, investigation of the event, corrective actions taken so the deviation doesn’t reoccur and product disposition.

Table 4. HACCP Plan Summary

Verification activities ensure that the HACCP plan is being followed as written. Typically, verification is done by reviewing the records associated with the plan. These records include but are not limited to monitoring records, calibration records, corrective action records, and preventive maintenance records for equipment associated with the CCPs. Record review must be done within 7 working days of the record being produced.

Finally, establishing records and record keeping procedures is the last step on developing HACCP plans. Records must be kept in a dry and secure location.

Table 4 show the summary of the HACCP plan for the infused apple juice example.

For more information on how to develop a HACCP plan for your facility, read the resources below:

  1. HACCP Principles and Application Guidelines – The National Advisory Committee on Microbiological Criteria for Foods (NACMCF)
  2. ASTM D8250-19: Standard Practice for Applying a Hazard Analysis Critical Control Points (HACCP) Systems for Cannabis Consumable Products

Processes, Protocols and Layers of Protection: Essential Security Measures for the Medical Cannabis and Hemp Industries

By Joshua Wall
No Comments

As legalization of cannabis products from hemp to medical cannabis takes root across the U.S., there’s a growing need to understand and build good security practices. While many think of security as safeguarding assets like facilities and product, effective security does much more. It protects a business’ workers, providing them secure workplaces and incomes. Ideally, it reaches from supply chain to customers by ensuring consistently safe products.

To truly understand the value of this for a brand or for the industry as a whole, consider the opposite: the destructive effect – on a brand and on the industry at large – of unsafe or tampered product reaching customers, or of crimes occurring, just as the industry seeks to demonstrate its validity and benefits. Security is vital not only to individual farmers, processors or customers but to all who value what the industry brings to those who rely on CBD or medical cannabis products for their wellbeing.

Know the Threats.

Part of the learning process involves understanding the value of the product.Security is all about anticipating and reducing risks. These can include physical threats from natural sources – think flood, fire, tornado or crop fail – or from human threats. Human threats can arise from organized criminals, hackers, amateur thieves, vandals – or insiders.

As regulated industries, hemp and cannabis businesses also face risk of losses, which can be significant, from penalties ranging from fines to being shut down for non-compliance. While rules vary from state to state and continue to change, a disciplined approach to security is foundational to reducing risk at many levels. Rigorous operational processes must incorporate security that addresses risks at multiple points of access, transport and sale of products.

Learn the Rules.

In a rapidly evolving industry, one of the most important things producers can do is to learn. Security requirements vary by region and providers need to be aware of what is available. Get to know your state, local and federal resources for your operating area. California law, for example, specifies use of high-resolution video surveillance in dispensaries, while others do not.

Joshua Wall, Chief Operating Officer at Harvest Connect LLC

Part of the learning process involves understanding the value of the product. With medicinal cannabis, it’s helpful to grasp both its commodity value and the street value that could make it attractive to thieves. In “Why Marijuana Plant Value is So Important for Adjusters,” Canadian Underwriter Magazine gave examples that indicate the size of losses that may occur in growing and processing operations:

“In the medical marijuana space, ClaimsPro has already seen losses primarily between $150,000 and $750,000. These losses, mostly on Vancouver Island, were for fire and water damage, as well as boiler machinery issues, physical damage to buildings and specialized greenhouse equipment, as well as extra expense and business interruption.”

The same article notes a claim over $20 million at another single flower greenhouse. Security needs to reflect what’s present on our premises.

Educating the community can reduce risk as well. Producers of industrial hemp may need to inform would-be thieves that what they are looking at is not street-valued product. To protect the crops, which are generally grown outdoors and do not require a full security detail, a best practice is simply posting signs on the property that say explicitly “No THC.” 

Begin with a Risk Assessment.

Security begins with a professional evaluation of site vulnerabilities, examining key weaknesses that could be exploited by attackers. These include:

  • Monitoring access to the site is a foundational principle of security.
  • Design limited access points into the facility as well as prepare for possible facility breaches with perimeter access control, technological redundancies and ballistic glass for defensive architecture measures.
  • Look at route vulnerabilities as well.
  • Hedge site risk by not limiting your operation to a single site where one incident could wipe out an entire year’s crop.

The nature of threats is always changing. A 2018 Newsweek article described the struggles of legal cannabis farmers against illegal and potentially cartel-backed and violent operations in California. While a 2020 Business Insider report described indications that legalization was prompting some cartels to leave cannabis alone and move on to fentanyl and meth. “While Mexican drug cartels made their money predominantly from marijuana in past decades, the market has somewhat dissipated with the state-level legalization of cannabis in dozens of states across the US.”

Define Levels of Risk and Access.

The best security matches spending to risk in a commonsense way. Are you more at risk from the occasional smash and grab incident or is there reason to anticipate an organized assault? As in many industries, the greatest risk often comes from employee fraud or theft. Hiring carefully, paying fairly and training staff well are important to long term security.

Iron Protection Group in a training session
Image credit: Tampa Bay Times

How will the product be moved around within the facility and beyond it – and what staff are responsible for each part of the journey? Who can enter the cultivation areas and what protocols must they follow? On site staff should be trained on what to look for if they observe a security breach. Consider biometrics such as retinal scans, fingerprint scans or similar.

In cases where valuable product or cash is present, guards can play an important role. Harvest Connect uses only high-level former military or police officers in these roles, an approach recognized by many. Hunter Garth of Iron Protection Group notes they have “the ability to de-escalate a potentially harmful situation and the fortitude to see a mission through to completion, no matter what external circumstances may arise.”

Inventory and Transaction Controls

Inside threats from sloppy processes can be just as insidious as attacks. Poor tracking of inventory by Oregon’s legal cannabis producers made headlines in 2018 as The Oregonian reported, “U.S. Attorney Billy Williams told a large gathering that included Gov. Kate Brown, law enforcement officials and representatives of the cannabis industry that Oregon has an ‘identifiable and formidable overproduction and diversion problem.’’ Discipline, applied by state pressure but carried out by producers themselves, has begun to reduce the diversion of untracked product into the black market a year later.

Cannabis businesses need a professional approach to monitoring all product and money that moves through its systems. These operational processes can include time, date and attendance stamps on all inventory. Similarly, accounting systems and software must follow the highest professional standards. Lastly, when breaches occur, it is essential that fraud and theft are caught, eliminated and prosecuted as appropriate.

Nurturing an Emerging Industry

Security resources are an integral part of maintaining the integrity of a business’ supply chain. As the product moves from the fields to processing centers to consumers, purity assurance becomes an operational objective. Ultimately, protecting the product through secure and professional practices is the optimal way to serve customers, build a brand, and sustain the industry.

Radojka Barycki picture

Preparing Your Recall Strategies

By Radojka Barycki
No Comments
Radojka Barycki picture

A product recall is the removal of a defective product from the market because it can cause harm to the consumer or place the manufacturer at risk of legal action.

Although a recall is not something that companies want to be related to, preparing for it is very critical and it is an important part of crisis management.Product recalls can cost companies million dollars in profit loss and civil damages. The company senior management and employees can also face criminal action, if the investigation shows negligent acts. The company will also face loss of reputation and the trust of its customers.

Although a recall is not something that companies want to be related to, preparing for it is very critical and it is an important part of crisis management.

There are several phases when preparing a recall strategy:

Planning Phase

During the planning phase, a recall plan is developed. A recall plan is the procedure that will be followed by an appointed company’s team during an actual recall. A good recall plan will have the following components:

  • Definitions of the type of products recalls. According to federal regulations, there are three types of recalls. The company should know what type of recall they are performing to understand the risk the consumer is facing.
  • A Recall Team. The recall team is the key stakeholders that are responsible for different processes within the company. A good recall team will be multidisciplinary. A multidisciplinary team is a group of people that have different responsibilities within the manufacturing site (i.e. Receiving Manager, QA Manager, etc.) and/or outside (i.e. Legal Counsel, Public Relations, etc.) 
  • A description of the recall team member’s responsibilities must be outlined. A recall coordinator and a backup should be assigned to ensure that there is one person organizing all activities during the recall. 
  • A Communication Plan. It is important that only the appointed person that has the responsibility of external communications (i.e. media, regulators, customers, key stakeholders, etc.). In addition, there should be only one person appointed to handle all the communication within the team (internal communications.)
  • Documents to be used during the recall are:
    • Communication documents: Letters to customers, regulators and media must be drafted and kept on hand for use during the crisis.
    • Forms that will be used to keep track of product inventory on hand (still in the site), product being returned and product being destroyed.
  • A Traceability Procedure should be in place to ensure that materials used in the manufacturing of the finished good can be traced from the time of the delivery to the facility and throughout the product manufacturing process. In addition, traceability must also be provided for finished goods from the manufacturing site to its first point of distribution. This is known as traceability one step back (materials used) and one step forward (first point of distribution.)

    PlantTag
    A plant tagged with a barcode and date for tracking
  • A description of (or reference to) product quarantine (product hold) procedures that must be followed to ensure that the product that is still at the site do not leave the facility. 
  • Product Destruction The company must outline (or reference) how product will be destroyed during a recall process.

Implementation Phase

There are three processes that need to be followed when implementing the recall plan:

  • Training: The recall team must be trained on their roles and responsibilities. Employees working at the site will be receiving directives from the appointed recall team members. It is also important that they are aware about the recall plan and understand the importance of urgency during the situation.
  • Exercise: It is important that the company doesn’t wait until the incident occurs to ensure that everyone in the team understands their roles and responsibilities during the recall. Therefore, annual testing of the procedure is imperative. This implies creating a “mock recall” situation and providing the information to the team to evaluate if they fully understand their role and responsibilities. This also allows the testing of the traceability protocols and systems that have been put in place by the site. Ensure that the team understands that this is an exercise and not an actual recall. You don’t want the team members going through the emotions that an actual recall gives. However, stress the importance of their participation during this exercise. You do not communicate to customers, media or regulators during a recall exercise. 
  • Execution: This is the actual recall and full implementation of the plan. During the actual recall, you communicate to the regulators, customers and media. The company must also conduct daily recall effectiveness checks by using the forms developed for tracking product inventory, recovery and destruction. 
  • Identify root cause and implement corrective actions. Root cause(s) will be identified during the recall process by analyzing the information resulting from the investigation of the incident. Regulatory agencies will actively participate in the discussion for identifying in the implementation of corrective actions. 

Improvement Phase

The recall team should always meet after the recall exercise or the actual recall incident. The team must evaluate what positive or negative outcomes resulted from the process. If there are gaps identified, these need to be closed, so the process is improved.

Documentation: Are You Prepared?

By Radojka Barycki
No Comments

Documents play a key role in the world of regulations and global standards. Documents tell a story on programs development, implementation and verification during an inspection or audit. Documents are used as evidence to determine conformance to the law or standard. However, do you know what kind of documents may be reviewed during a regulatory inspection or a food safety audit? Are you prepared to show that the implementation of regulatory requirements or a standard is done efficiently at your facility?

Inspectors and auditors will look for compliance either to regulations or to a standard criterion. Regulations and standards require that documentation is controlled, secured and stored in an area where they cannot deteriorate. Therefore, writing a Document Management Program (DMP) will help a business owner ensure consistency in meeting this and other requirements.Radojka Barycki will host a a plenary session titled, “Cannabis: A Compliance Revolution” at the 2018 Food Safety Consortium | Learn More

A well-developed and implemented DMP provides control over documents by providing a number sequence and revision status to the document. In addition, ownership for development, review and distribution of the documents are assigned to specific individuals within the company to ensure that there are no inconsistencies in the program. Documents must also have the name of the company in addition to a space to write the date when the record is generated. It is recommended to include the address if there are multiple operational sites within the same company.

There are different types of documents that serve as support to the operations:

  1. Program: A written document indicating how a business will execute its activities. When it comes to the food industry, this is a written document that indicates how quality, food safety and business activities are controlled.
  2. Procedures: General actions conducted in a certain order. Standard Operational Procedures (SOPs) allow the employee to know what to do in general. For example, a truck receiving procedure only tells the employee what the expected conditions are when receiving a truck (cleanliness, temperature, etc.) However, it doesn’t tell the employee how to look for the expected conditions at the time of the truck arrival.
  3. Work Instructions: Detailed actions conducted in a certain order. For example, truck inspection work instruction tells the employee what steps are to be followed to perform the inspection.
  4. Forms: Documents used to record activities being performed. 
  5. Work Aids: are documents that provide additional information that is important to perform the job and can be used as a quick reference when performing the required activities within the job. 
Are you prepared to face document requirements now and in the future?

The inspectors and auditors base their role on the following saying: “Say what you do. Do what you say. Prove it!” The programs say what the company do. The procedures, work instructions and work aids provide information on implementation (Do what you say) and the forms become records that are evidence (prove) that the company is following their own written processes.

Regulatory requirements for cannabis vary from state to state. In general, an inspector may ask a cannabis business to provide the following documentation during an inspection:

  1. Business License(s)
  2. Product Traceability Programs and Documents
  3. Product Testing (Certificate of Analysis – COAs)
  4. Certification Documents (applicable mainly to cannabis testing labs)
  5. Proof of Destruction (if product needs to be destroyed due to non-compliance)
  6. Training Documents (competency evidence)
  7. Security Programs

As different states legalize cannabis, new regulatory requirements are being developed and modeled after the pharma, agriculture and food industries. In addition, standards will be in place that will provide more consistency to industry practices at a global level. The pharma, agriculture and food industries base their operations and product safety in programs such as cGMPs, GAPs, HACCP-based Food Safety Management Systems and Quality Management Systems. Documents required during an inspection or audit are related to:

  1. Good Agricultural Practices (GAPs)
  2. Current Good Manufacturing Practices (cGMPs)
  3. Food Safety Plan Documents
  4. Ingredient and Processing Aids Receiving
  5. Ingredient and Processing Aids Storage
  6. Operational Programs (Product Processing)
  7. Final Product Storage
  8. Final Product Transportation
  9. Defense Program
  10. Traceability Program
  11. Training Program
  12. Document Management Program

In the always evolving cannabis industry, are you prepared to face document requirements now and in the future?