Tag Archives: verification

Stratos: Quality, Expansion & Growth in Multiple Markets

By Aaron G. Biros
No Comments

Jason Neely founded Stratos in 2014, when he and a small group of people left the pharmaceutical industry in search of a new endeavor in the cannabis marketplace. The concept was straightforward: Apply pharmaceutical methodologyof production to cannabis products. Back then, Stratos offered a range of THC-infused tablets in the Colorado market.

Brenda Verghese, vice president of research & development

Brenda Verghese, vice president of research & development, was one of five people on staff when Stratos launched. Now they have about 30 team members. Consumers were looking for a cannabis product that would be consistent and reliable every time, taking the guesswork out of infused products dosage. That’s where Brenda Verghese found her skillset useful.

Transitioning to the pharmaceutical industry right out of college, Verghese started her career as a chemist and worked her way up to the R&D business development sector. “I specializedin formulations and taking a product from concept to commercialization in the pharmaceutical space,” says Verghese. “Jason Neely approached me with the idea of a cannabis company and focusing on making products as effective and consistent as possible, so really bringing pharmaceutical science into the cannabis space. In the matter of 4 years we grew substantially, mainly focusing on the efficacy of products.”

Behind the scenes at packaging and labeling Image credit: Lucy Beaugard

Soon after the success of their THC products became apparent, Stratos launched a CBD line, quickly growing their portfolio to include things like tinctures and topicals as well. According to Verghese, they are hoping that what’s been established on the THC side of their business as far as reproducibility and consistency is something that consumers will also experience on the CBD side. “Quality and consistency have definitely driven our growth,” says Verghese. “That is what consumers appreciate most- the fact that every tablet, tincture or swipe of a topical product is going to be consistent and the same dose every time.” This is what speaks to their background in the pharmaceutical sciences, FDA regulation has taught the Stratos team to create really robust and consistent formulations.

Quality in manufacturing starts at the source for Stratos: their suppliers. They take a hard look at their supply of raw materials and active ingredients, making sure it meets their standards. “The supplier needs to allow us to do an initial audit and periodic audits,” says Verghese. “We require documentation to verify the purity and quality of oil. We also do internal testing upon receipt of the materials, verifying that the COAs [certificates of analysis] match their claims.”

Process validation in action at the Stratos facility
(image credit: Lucy Beaugard)

Verghese says maintaining that attention to detail as their company grows is crucial. They implement robust SOPs and in-process quality checks in addition to process testing. They test their products 5-6 times within one production batch. Much of that is thanks to Amy Davison, director of operations and compliance, and her 15 years of experience in quality and regulatory compliance in the pharmaceutical industry.

Back in August of 2018, Amy Davison wrote an article on safety and dosing accuracy for Cannabis Industry Journal. Take a look at this excerpt to get an idea of their quality controls:

Product testing alone cannot assess quality for an entire lot or batch of product; therefore, each step of the manufacturing process must be controlled through Good Manufacturing Practices (GMP). Process validation is an aspect of GMPs used by the pharmaceutical industry to create consistency in a product’s quality, safety and efficacy. There are three main stages to process validation: process design, process qualification and continued process verification. Implementing these stages ensures that quality, including dosing accuracy, is maintained for each manufactured batch of product.

Fast forward to today and Stratos is looking at expanding their CBD products line significantly. While their THC-infused products might have a stronger brand presence in Colorado, the CBD line offers substantial growth potential, given their ability to ship nationwide as well as online ordering. “We are always evaluating different markets and looking for what suits Stratos and our consumer base,”says Verghese.

The New ISO/IEC 17025:2017: The Updated Standard

By Ravi Kanipayor, Christian Bax, Dr. George Anastasopoulos
No Comments

As state cannabis regulatory frameworks across the country continue to evolve, accreditation is becoming increasingly important. Because it provides consistent, turnkey standards and third-party verification, accreditation is quickly emerging as an important tool for regulators. For cannabis testing laboratories, this trend has been especially pronounced with the increasing number of states that require accreditation to ISO/IEC 17025.

As of 2017 there were nearly 68,000 laboratories accredited to ISO/IEC 17025, making it the single most important benchmark for testing laboratories around the world. ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests including sampling. It covers testing performed using standard methods, non-standard methods and laboratory-developed methods. It is applicable to all organizations performing tests including cannabis labs. The standard is applicable to all labs regardless of the number of personnel or the extent of the scope of testing activities.  Developed to promote confidence in the operation of laboratories, the standard is now being used as a key prerequisite to operate as a cannabis lab in many states.

There are currently 26 states in the United States (also Canada) that require medical or adult-use cannabis to be tested as of February 2019. Of those states, 18 require cannabis testing laboratories to be accredited – with the vast majority requiring ISO/IEC 17025 accreditation. States that require testing laboratories to attain ISO/IEC 17025 accreditation represent some of the largest and most sophisticated cannabis regulatory structures in the country, including California, Colorado, Maryland, Massachusetts, Michigan, Nevada and Ohio. As a consequence, many cannabis testing laboratories are taking note of recent changes to ISO/IEC 17025 standards.

ISO/IEC 17025 was first issued in 1999 by the International Organization for Standardization. The standard was updated in 2005, and again in 2017. The most recent update keeps many of the legacy standards from 2005, but adds several components – specifically requirements for impartiality, risk assessment and assessing measurement uncertainty. The remainder of this article takes a deeper dive into these three areas of ISO/IEC 17025, and what that means for cannabis testing laboratories.Objectivity is the absence or resolution of conflicts of interest to prevent adverse influence on laboratory activities.

Impartiality

ISO/IEC 17025:2005 touched on an impartiality requirement, but only briefly. The previous standard required laboratories that belonged to organizations performing activities other than testing and/or calibration to identify potential conflicts of interest for personnel involved with testing or calibration. It further required that laboratories had policies and procedures to avoid impartiality, though that requirement was quite vague.

ISO/IEC17025:2017 emphasizes the importance of impartiality and establishes strict requirements. Under the new standard, labs are responsible for conducting laboratory activities impartially and must structure and manage all laboratory activities to prevent commercial, financial or other operational pressures from undermining impartiality. The definitions section of the standard defines impartiality as the “presence of objectivity.” Objectivity is the absence or resolution of conflicts of interest to prevent adverse influence on laboratory activities. For further elaboration, the standard provides similar terms that also convey the meaning of impartiality: lack of prejudice, neutrality, balance, fairness, open-mindedness, even-handedness, detachment, freedom from conflicts of interest and freedom from bias.

To comply with the new standard, all personnel that could influence laboratory activities must act impartially. ISO/IEC 17025:2017 also requires that laboratory management demonstrate a commitment to impartiality. However, the standard is silent on how labs must demonstrate such commitment. As a starting point, some cannabis laboratories have incorporated statements emphasizing impartiality into their employee handbooks and requiring management and employee training on identifying and avoiding conflicts of interest.

Risk Assessment

Both the 2005 and 2017 versions contain management system requirements. A major update to this is the requirement in ISO/IEC 17025:2017 that laboratory management systems incorporate actions to address risks and opportunities. The new risk-based thinking in the 2017 version reduces prescriptive requirements and incorporates performance-based requirements.

Under ISO/IEC 17025:2017, laboratories must consider risks and opportunities associated with conducting laboratory activities. This analysis includes measures that ensure that:

  • The lab’s management system is successful;
  • The lab has policies to increase opportunities to achieve its goals and purpose;
  • The lab has taken steps to prevent or reduce undesired consequences and potential failures; and
  • The lab is achieving overall improvement.

Labs must be able to demonstrate how they prevent or mitigate any risks to impartiality that they identify.To comply with ISO/IEC 17025:2017, labs must plan and implement actions to address identified risks and opportunities into management systems. They must also measure the effectiveness of such actions. Importantly, the standard requires that the extent of risk assessments must be proportional to the impact a given risk may have on the validity of the laboratory’s test results.

ISO/IEC 17025:2017 does not require that labs document a formal risk management process, though labs have discretion to develop more extensive methods and processes if desired. To meet the requirements of the standard, actions to address risks can include sharing the risk, retaining the risk by informed decision, eliminating the risk source, pinpointing and avoiding threats, taking risks in order to pursue an opportunity, and changing the likelihood or consequence of the risk.

ISO/IEC 17025:2017 references “risks” generally throughout most of the standard. However, it specifically addresses risks to a laboratory’s impartiality in section 4.1. Note, the new standard requires that labs must not only conduct activities impartially, but also actively identify risks to their impartiality. This requirement is on-going, not annually or bi-annually. Risks to impartiality include risks arising from laboratory activities, from laboratory relationships, or from relationships of laboratory personnel. Relationships based on ownership, governance, shared resources, contracts, finances, marketing, management, personnel and payment of a sales commission or other inducements to perform under pressure can threaten a laboratory’s impartiality. Labs must be able to demonstrate how they prevent or mitigate any risks to impartiality that they identify.

Assessing Measurement Uncertainty With Decision Rules

ISO/IEC 17025:2005 required (only where necessary and relevant) test result reports to include a statement of compliance/non-compliance with specifications and to identify which clauses of the specification were met or not met. Such statements were required to take into account measurement uncertainty and if measurement results and uncertainties were omitted from the statement, the lab was required to record and maintain the results for future reference.

ISO/IEC 17025:2017 requires similar statements of conformity with an added “decision rule” element. When statements of conformity to a specification or standard are provided, labs must record the decision rule it uses and consider the level of risk the decision rule will have on recording false positive or negative test results. Like the 2005 version, labs must include statements of conformity in test result reports (only if necessary and relevant- see 5.10.3.1 (b)). Now, test result reports on statements of conformity must include the decision rule that was employed. 

Moving Forward

Because many states require ISO/IEC 17025 accreditation for licensing, cannabis testing labs across the country would be well advised to closely monitor the implications of changes in ISO/IEC 17025:2017 related to impartiality, risk assessment and measurement uncertainty. If you run a cannabis testing lab, the best way to ensure compliance is education, and the best place to learn more about the new requirements is from a globally recognized accreditation body, especially if it is a signatory to the International Laboratory Accreditation Cooperation (ILAC) for testing laboratories, calibration laboratories and inspection agencies.


References

Facts & Figures

ISO/IEC 17025:2005: General requirements for the competence of testing and calibration laboratories

ISO/IEC 17025:2017: General requirements for the competence of testing and calibration laboratories 

Khyrrah-Cymone Shepard
Soapbox

Challenges in Cannabis Genome Sequencing for Genetic Tracking and Traceability

By Khyrrah-Cymone Shepard
5 Comments
Khyrrah-Cymone Shepard

Genome sequencing has made remarkable strides since the initiation of “The Human Genome Project” in 1990. Still, there are many challenges that must be overcome before this methodology can reach its fullest potential and be useful in serving as a method of Cannabis sativa genetics verification and tracking throughout the cannabis supply chain. Several major milestones that must be realized include end-to-end haploid type (single, unpaired set of chromosomes instead of complete paired set or “diploid”), long read, resolved genome sequences at a reasonable cost within a reasonable timeframe and with confidence in accuracy (Mostovoy et al.). These genomes are typically generated as shorter reads that are then scaffolded (Fig 1.) or matched to reference genomes in order to build a longer continuous read. While shorter sequencing reads indeed lower the cost barrier for producing more genomic data, it has created another issue as a result of this short-read technology.

Figure 1: Four sets of sequencing data (long-read WGS, Hi-C, optical mapping, and short-read WGS) were produced to generate the goat reference genome. A tiered scaffolding approach using optical mapping data followed by Hi-C proximity-guided assembly produced the highest-quality genome assembly. (Bickhart et al.)

There are two main issues with the more affordable short read sequencing methodology, the first being that sequential variants are typically not detected, especially if they involve a ton of repeats/inverted repeats, due to the limitation of the current referenced Cannabis genomes and the mapping process of the short-read sequences. This is especially unfortunate because larger variants can have up to a 13% variance within a diploid multichromosomal genome, such as Cannabis sativa, and this variance is thought to largely contribute to disease in various species, or maybe terpene profile in Cannabis sativa. Not being able to detect these variances with more affordable sequencing methodologies is particularly problematic and reference genomes produced with short read sequences are typically highly fragmented. The second limitation is the inherent errors, gaps and other ambiguities associated with taking tons of short read sequences and combining them all, like a jigsaw puzzle, in order to draft the larger genomic picture. While there is software with algorithms to assist in deciphering raw sequences, there is still much more work to be done on this challenge, considering that cannabis genome sequencing is new genomics territory. Unfortunately, as researchers seek higher and higher levels of data quality, shortcomings of this type of sequencing technology begin to become apparent. This sort of sequencing methodology relies heavily on reference sequences. This isn’t much of an issue with microbial genomes, which tend to be rather short and typically have one chromosome, however, when seeking to analyze much longer genomes with multiple diploid chromosomes and tons of mono and dinucleotide repeats, problems arise (English et al.).

Figure 2: Blockchain Digital Stamping Certificate which publicly documents the date and time of the completion of this work. (Mckernan – Crypto Funded Public Genomics)

The other category of sequencing is long read sequencing. Long read sequencing is as it sounds, the deciphering of much longer DNA strands. Of course, the technology is limited by the quality of the DNA captured, therefore, special high molecular weight DNA extraction protocols must be deployed in order to obtain the proper DNA quality (Fig. 3). Once this initial limitation is overcome there is the stark cost of long read sequencing technology. PacBio without a doubt makes one of the highest quality long read sequence generating instruments that has ever graced the field of biotechnology, but due to the steep price tag of the machine, progress in this field has been stifled simply because it just isn’t affordable and the read depth for mammalian and plant genomes is currently almost completely prohibitive until read lengths double in length for this instrumentation. In order to produce what is considered to be a “validated genome” both short read and long read sequencing methodologies are combined. Long read sequencing data is used to produce the reference contigs because they are much easier to assemble, then short read sequencing is scaffolded against the reference contigs as a sort of “consensus validation” of the long read contigs.

Figure 3: Depiction of various DNA high molecular weight DNA quality captured during cannabis genome submission project. (Mckernan – Crypto Funded Public Genomics)

Despite the shortcoming of utilizing short read sequencing technology for analysis of the cannabis genome, it is still useful especially when combined with other longer read sequencing technologies or optical mapping technologies. Kevin McKernan, chief scientific officer of Medicinal Genomics, has been working feverishly to bridge the information gap between the cannabis genome and other widely studied plant genomes. As a scientist that worked on the Human Genome Project in 2001, McKernan has a demonstrated history of brilliance in the field of genomics. This paved the way for him to coordinate the first crypto funded and blockchain notarized sequencing project (DASH DAO funded) (Fig. 2), which was completed in 60 days, and surprisingly showed that the cannabis genome is over 1 billion bases long which is 30% larger than any cannabis genome submitted prior to his work. By reaching the standard of 500kb N50 set forth by the Human Genome Project, Kevin McKernan was able to see new aspects of the cannabis genome that were not visible due to the fragmented genomic data previously generated. Information such as a possible linkage of THCA synthase and CBDA synthase genes is crucial when seeking to use the cannabis genome for verification and tracking purposes. This is because special linkages can be considered a type of “genetic marker” that may be used to differentiate cannabis cultivars and lineages. There are many types of genetic markers, including SNP (single nucleotide polymorphisms), VNTR (variable number tandem repeats) and even patterns of gene expression. Funding and recording of cannabis genomics must be further developed in order for potential markers to be identified and validated via larger scale genome-wide association studies.

These technologies, when combined, often reduce the number of scaffolds while increasing the percent of resolved genome by filling in gaps within the drafted genome. Nanopore sequencing is an especially interesting and innovative sequencing technology that is useful in many ways. One of the most powerful uses of this technology is its ability to upgrade the quality of draft and pushed genomes by resolving poorly organized genomes and genomic structure for a fraction of the time and cost of other long read sequencing platforms (Jian et al.), making it an excellent candidate for solving cost and time constraints. Nanopore’s portability and convenience makes it a real-time solution to solving genetics-based problems and questions. A notable use of this technology is recorded during an epidemiological outbreak in Africa, its proof of concept in pathogen detection in space, and its ability to detect base modifications during sequencing process. Even still there are more uses to this exciting technology and it has the potential to elevate cannabis genomics and the field of genomics entirely, while remaining portable and expeditious. A shortcoming of the Nanopore sequencing platform is its low sequencing coverage, which makes this platform inefficient for applications like haplotype phasing and single nucleotide variant detection due to the number of variants to be detected being smaller than the published variant-detection error rates of algorithms using MinION data. Single nucleotide variants can be considered to be genetic markers, especially markers for disease, so this is what inhibits Nanopore from resolving our cannabis genome sequencing problems, as of today.

There are genetic markers to discover, molecular biology protocols to optimize, and industry wide potential for exciting collaborationMany algorithmic problems seem to occur due to input data quality. Typical input data quality suffers as the reads get longer and the sequencing depth gets shorter, resulting in not enough data being generated by the sequencing to provide confidence in the genome assembly. To mitigate this, scientists may decide to fractionate a genome, sequence it, or they may clone a difficult to sequence region with highly repetitive regions in order to produce reads with greater depth and thus resolve the region. They can then perform single molecule sequencing to resolve genome structure then determine and confirm the place of the cloned region. Thus, it seems that the best solution to the limitation of algorithms is to be aware of sequencing platform limitations and compensate for these limitations by using more than one sequencing platform to obtain enough pertinent data to confidently produce authentic, “validated” genome assemblies (Huddleston et al.). With input data being critical in producing accurate sequencing data, standardization of DNA isolation protocols, extraction reagents and any enzymes utilized may be deemed necessary.

To conclude, the field of cannabis genomics is teeming with opportunities. There are genetic markers to discover, molecular biology protocols to optimize, and industry wide potential for exciting collaboration. More states will need to take into account the lack of federal government research grant availability and begin to think of creative ways to get cannabis science funds to continue the development of this industry. Specifically speaking, developing a feasible method for genetic tracking of cannabis plants will require improvements within the availability of sequencing technology, improvements in deploying the resources to these projects in order for them to be completed expeditiously, and standardization/validation of methods and SOPs used in order to increase confidence in the accuracy of the data generated.

A special thank you to all of my cannabis industry mentors that have molded and elevated my understanding of current needs and applied technologies within the cannabis industry, without you there would be no career within this industry for me. You are immensely appreciated.


Citations

Bickhart, D. M., Rosen, B. D., Koren, S., Sayre, B. L., Hastie, A. R., Chan, S., . . . Smith, T. P. (2017). Single-molecule sequencing and chromatin conformation capture enable de novo reference assembly of the domestic goat genome. Nature Genetics,49(4), 643-650. doi:10.1038/ng.3802

English, A. C., Salerno, W. J., Hampton, O. A., Gonzaga-Jauregui, C., Ambreth, S., Ritter, D. I., . . . Gibbs, R. A. (2015). Assessing structural variation in a personal genome—towards a human reference diploid genome. BMC Genomics,16(1). doi:10.1186/s12864-015-1479-3

Huddleston, J., Ranade, S., Malig, M., Antonacci, F., Chaisson, M., Hon, L., . . . Eichler, E. E. (2014). Reconstructing complex regions of genomes using long-read sequencing technology. Genome Research,24(4), 688-696. doi:10.1101/gr.168450.113

Jain, M., Olsen, H. E., Paten, B., & Akeson, M. (2016). The Oxford Nanopore MinION: Delivery of nanopore sequencing to the genomics community. Genome Biology,17(1). doi:10.1186/s13059-016-1103-0

Mostovoy, Y., Levy-Sakin, M., Lam, J., Lam, E. T., Hastie, A. R., Marks, P., . . . Kwok, P. (2016). A hybrid approach for de novo human genome sequence assembly and phasing. Nature Methods,13(7), 587-590. doi:10.1038/nmeth.3865

HACCP

Hazard Analysis and Critical Control Points (HACCP) for the Cannabis Industry: Part 4

By Kathy Knutson, Ph.D.
No Comments
HACCP

In Part 3 of this series on HACCP, Critical Control Points (CCPs), validation of CCPs and monitoring of CCPs were defined. When a HACCP plan identifies the correct CCP, validates the CCP as controlling the hazard and monitors the CCP, a potential hazard is controlled in the manufacturing and packaging of cannabis-infused edibles. The food industry is big on documentation. If it’s not documented, it did not happen. The written hazard analysis, validation study and monitoring of CCPs create necessary records. It is these records that will prove to a customer, auditor or inspector that the edible is safe. Here in Part 4, more recordkeeping is added on for deviation from a CCP, verification and a recall plan. 

Take Corrective Action When There Is a Deviation from a Critical Control Point

Your food safety team conducts a hazard analysis, identifies CCPs and decides on monitoring devices, frequency and who is responsible for monitoring. You create an electronic or paper record of the monitoring for every batch of edible to document critical limits were met. Despite all your good efforts, something goes wrong. Maybe you lose power. Maybe the equipment jams. Nothing is perfect when dealing with ingredients, equipment and personnel. Poop happens. Because you are prepared before the deviation, your employees know what to do. With proper training, the line worker knows what to do with the equipment, the in-process product and who to inform. In most cases the product is put on hold for evaluation, and the equipment is fixed to keep running. The choices for the product include release, rework or destroy. Every action taken needs to be recorded on a corrective action form and documents attached to demonstrate the fate of the product on hold. All the product from the batch must be accounted for through documentation. If the batch size is 100 lb, then the fate of 100 lb must be documented.

Verify Critical Control Points Are Monitored and Effective

First, verification and validation are frequently confused by the best of food safety managers. Validation was discussed as part of determining CCPs in Part 3. Validation proves that following a CCP is the right method for safety. I call validation, “one and done.” Validation is done once for a CCP; while verification is ongoing at a CCP. For example, the time and temperature for effective milk pasteurization is very well known and dairies refer to the FDA Pasteurized Milk Ordinance. Dairies do not have to prove over and over that a combination of time and temperature is effective (validation), because that has been proven.

I encourage you to do as much as you can to prepare for a recall.A CCP is monitored to prove the safety parameters are met. Pasteurization is an example of the most commonly monitored parameters of time and temperature. At a kill step like pasteurization, the employee at that station is responsible for accurate monitoring of time and temperature. The company managers and owners should feel confident that CCPs have been identified and data are being recorded to prove safety. Verification is not done by the employee at the station but by a supervisor or manager. The employee at the station is probably not a member of the food safety team that wrote the HACCP plan, but the supervisor or manager that performs verification may be. Verification is proving that what was decided by the food safety team is actually implemented and consistently done.

Verification is abundant and can be very simple. First, every record associated with a CCP is reviewed by a supervisor or manager, i.e. someone who did not create the record. This can be a simple initial and date at the bottom of the record. Every corrective action form with its associated evaluation is verified in the same way. When HACCP plans are reviewed, that is verification. Verification activities include 1) testing the concentration of a sanitizer, 2) reviewing Certificates of Analysis from suppliers, 3) a review of the packaging label and 4) all chemical and microbiological testing of ingredients and product. The HACCP plan identifies CCPs. Verification confirms that implementation is running according to the plan.

Verification is like a parent who tells their child to clean their room. The child walks to their room and later emerges to state that the room is clean. The parent can believe the word of the child, if the child has been properly trained and has a history of successfully cleaning their room. At some frequency determined by the parent, the room will get a parental visual check. This is verification. In the food industry, CCP monitoring records and corrective action must be reviewed within seven days after the record is created and preferably before the food leaves the facility. Other verification activities are done in a timely manner as determined by the company.

Food processing and sanitation
Product recalls due to manufacturing errors in sanitation cause mistrust among consumers.

Write a Recall Plan

In the food industry, auditors and FDA inspectors require a written recall plan. Mock recalls are recommended and always provide learning and improvement to systems. Imagine your edible product contains sugar, and your sugar supplier notifies you that the sugar is recalled due to glass pieces. Since you are starting with the supplier, that is one step back. Your documentation of ingredients includes lot numbers, dates and quantity of sugar.You keep good records and they show you exactly how much of the recalled lot was received. Next you gather your batch records. Batches with the recalled sugar are identified, and the total amount of recalled sugar is reconciled. You label every batch of your edible with a lot code, and you identify the amount of each affected lot and the customer. You have a press release template in which you add the specific information about the recall and affected lots. You notify every customer where the affected edible was shipped with a plan to return or destroy the edible. When you notify your customers, you go one step forward.

How would your company do in this situation? I have witnessed the difficulties a company faces in a recall when I was brought in to investigate the source of a pathogen. Food safety people in my workshops who have worked through a recall tell me that it was the worst time of their life. I encourage you to do as much as you can to prepare for a recall. Here are two good resources:

Please comment on this blog post below. I love feedback!

HACCP

Hazard Analysis and Critical Control Points (HACCP) for the Cannabis Industry: Part 3

By Kathy Knutson, Ph.D.
2 Comments
HACCP

Parts One and Two in this series have defined Good Manufacturing Practices, introduced Hazard Analysis and Critical Control Points (HACCP) and explained the first HACCP step of hazard analysis. A food safety team will typically work from a flow diagram to identify biological, chemical or physical hazards at each step of processing and packaging. Once the hazard is identified, the severity and probability are debated. Hazards with severe consequences or high probability are carried through the HACCP plan as Critical Control Points (CCPs).

Critical Control Points definedHACCP is a do-it-yourself project.

Where exactly will the hazard be controlled? CCPs are embedded within certain steps in processing and packaging where the parameters, like temperature, must be met to ensure food safety. Failure at a CCP is called a deviation from the HACCP plan. The food safety team identifies where manufacturing problems could occur that would result in a product that could cause illness or injury. Not every step is a CCP! For example, I worked with a client that had several locations for filters of a liquid stream. The filters removed food particles, suspended particulates and potentially metal. We went through a virtual exercise of removing each filter one-by-one and talking through the result on controlling the potential hazard of metal. We agreed that failure of the final filter was the CCP for catching metal, but not the other filters. It was not necessary to label each filter as a CCP, because every CCP requires monitoring and verification.

Identification of a CCP starts more documentation, documentation, documentation.

Do you wish you had more reports to write, more forms to fill out, more data to review? No. Nobody wants more work. When a CCP is identified, there is more work to do. This just makes sense. If a CCP is controlling a hazard, you want to know that the control is working. Before I launch into monitoring, I digress to validation.

CCP validationThis is where someone says, “We have always done it this way, and we have never had a problem.”

You want to know if a critical step will actually control a hazard. Will the mesh of a filter trap metal? Will the baking temperature kill pathogens? Will the level of acid stop the growth of pathogens? The US had a major peanut butter recall by Peanut Corporation of America. There were 714 Salmonella cases (individuals) across 46 states from consumption of the contaminated peanut butter. Imagine raw peanuts going into a roaster, coming out as roasted peanuts and being ground into butter. Despite the quality parameters of the peanut butter being acceptable for color and flavor, the roasting process was not validated, and Salmonella survived. Baking of pies, pasteurization of juice and canning all rely on validated cook processes for time and temperature. Validation is the scientific, technical information proving the CCP will control the hazard. Without validation, your final product may be hazardous, just like the peanut butter. This is where someone says, “We have always done it this way, and we have never had a problem.” Maybe, but you still must prove safety with validation.

The hazard analysis drives your decisions.

Starting with the identification of a hazard that requires a CCP, a company will focus on the control of the hazard. A CCP may have one or more than one parameter for control. Parameters include time, temperature, belt speed, air flow, bed depth, product flow, concentration and pH. That was not an exhaustive list, and your company may have other critical parameters. HACCP is a do-it-yourself project. Every facility is unique to its employees, equipment, ingredients and final product. The food safety team must digest all the variables related to food safety and write a HACCP plan that will control all the hazards and make a safe product.

Meeting critical limits at CCPs ensures food safety

The HACCP plan details the parameters and values required for food safety at each CCP.The HACCP plan identifies the minimum or maximum value for each parameter required for food safety. A value is just a number. Imagine a dreadful day; there are problems in production. Maybe equipment stalls and product sits. Maybe the electricity flickers and oven temperature drops. Maybe a culture in fermentation isn’t active. Poop happens. What are the values that are absolutely required for the product to be safe? They are often called critical limits. This is the difference between destroying product and selling product. The HACCP plan details the parameters and values required for food safety at each CCP. In production, the operating limits may be different based on quality characteristics or equipment performance, but the product will be safe when critical limits are met. How do you know critical limits are met?

CCPs must be monitored

Every CCP is monitored. Common tools for monitoring are thermometers, timers, flow rate meters, pH probes, and measuring of concentration. Most quality managers want production line monitoring to be automated and continuous. If samples are taken and measured at some frequency, technicians must be trained on the sampling technique, frequency, procedure for measurement and recording of data. The values from monitoring will be compared to critical limits. If the value does not reach the critical limit, the process is out of control and food safety may be compromised. The line operator or technician should be trained to know if the line can be stopped and how to segregate product under question. Depending on the hazard, the product will be evaluated for safety, rerun, released or disposed. When the process is out of control, it is called a deviation from the HACCP plan.

A deviation initiates corrective action and documentation associated with the deviation. You can google examples of corrective action forms; there is no one form required. Basically, the line operator, technician or supervisor starts the paperwork by recording everything about the deviation, evaluation of the product, fate of the product, root cause investigation, and what was done to ensure the problem will not happen again. A supervisor or manager reviews and signs off on the corrective action. The corrective action form and associated documentation should be signed off before the product is released. Sign off is an example of verification. Verification will be discussed in more detail in a future article.

My thoughts on GMPs and HACCP were shared in a webinar on May 2nd hosted by CIJ and NEHA. Please comment on this blog post below. I love feedback!

Supplier Quality Audits: A Critical Factor in Ensuring GMP Compliance

By Amy Scanlin
1 Comment

Editor’s Note: This is an article submission from the EAS Consulting Group, LLC team.


To Audit, or not to audit? Not even a question! Audits play a crucial role in verifying and validating business practices, ensuring suppliers are meeting their requirements for Good Manufacturing Practices (GMPs), and most importantly, protecting your interests by ensuring that you consistently receive a compliant and quality product. Audits can help ensure sound business procedures and quality systems, including well-established SOPs, verification and documentation of batch records, appropriate sanitation practices and safe storage and use of ingredients. Audits can also identify deficiencies, putting into motion a corrective action plan to mitigate any further challenges. While a detailed audit scheme is commonplace for established industries such as food, pharmaceuticals and dietary supplements, it is equally important for the cannabis industry to ensure the same quality and safety measures are applied to this budding industry.

If the question then is not whether to audit, perhaps the question is how and when to audit, particularly in the case of a company’s suppliers.This is an opportunity to strengthen the working relationship with each side demonstrating a commitment to the end product.

Supplier audits ensure first and foremost that the company with which you have chosen to work is operating in a manner that meets or exceeds your quality expectations – and you should have expectations because ultimately your product is your responsibility. Any issues that arise, even if they are technically the fault of a supplier, become your issue, meaning any enforcement action taken by your state regulators will directly impact your business. Yes, your supplier may provide you with a batch Certificate of Analysis but you should certify their results as well.

Audits are a snapshot of a moment in time and therefore should be conducted on a regular basis, perhaps biennially or even annually, if they are a critical supplier. In some cases, companies choose to bring in third-party auditors to provide an objective assessment of suppliers. This is especially helpful when the manufacturer or customer does not have the manufacturing, compliance and analytical background to accurately interpret data gathered as part of the audit. With the responsibility for ensuring ingredient identity and product integrity falling on the manufacturer, gaining an unbiased and accurate assessment is imperative to reducing the risk to your business.

Conducting a supplier audit should be well planned in advance to ensure both sides are ready. The audit team must be prepared and able to perform their duties via a combination of education, training and experience. A lead auditor will oversee the team and ultimately will also oversee the results, verifying all nonconformities have been properly identified. They will also work with the supplier to conduct a root cause analysis for those nonconformities and develop a corrective action plan to eliminate them from occurring in the future. The audit lead will also verify follow-up results.

Auditors should discuss with the supplier in advance what areas will be observed, what documentation will need to be ready for review and they should conduct their assessments with professionalism. After all, this is an opportunity to strengthen the working relationship with each side demonstrating a commitment to the end product.This is your chance to ensure your suppliers are performing and will meet your business, quality and product expectations.

Auditors must document that ingredient identity and finished product specifications are verified by test methods appropriate for the intended purpose (such as a whole compound versus a powder). State regulations vary so be certain to understand the number and types of required tests. Once the audit is complete and results are analyzed, you, the manufacturer, have an opportunity to determine if the results are acceptable. Remember, it is your product, so ultimately it is your responsibility to review the available data and release the product to market, you cannot put that responsibility on your supplier.

Quality Agreements as Part of a Business Agreement

There are opportunities to strengthen a partnership at every turn, and one way to set a relationship on the right path is to include a quality agreement as part of a business agreement. A quality agreement lays out your expectations for your suppliers, what you are responsible for and is a living document that, once signed, demonstrates their commitment to upholding the standards you expect. Just as with a business agreement, have any quality agreements reviewed by an outside expert to ensure the wording is sound and that your interests are protected. This is just another step in the development of a well-executed business plan and one that solidifies expectations and provides consequences when those expectations are not met.

Supplier audits must be taken seriously as they are opportunities to protect your brand, your business and your consumers. Enter into an audit as you would with any business endeavor – prepared. This is your chance to ensure your suppliers are performing and will meet your business, quality and product expectations.