A MANAGEMENT SYSTEM FOR PREVENTING INTENTIONAL FOOD CONTAMINATION BASED ON RISK ANALYSIS

Purpose In overall terms, this paper aims on a proposal formulation based on a risk analysis that allows establishing a management system for preventing intentional food contamination and the improvement of the security of the supply chain. Given the recent events in Paris and Belgium, consideration has also been given to the present situation and the Importance of the issue of preventing any kind of terrorism.


INTRODUCTION
The Security in the Supply Chain is defined as the enforcement of policies, procedures and technologies to protect goods of the supply chains from robbery, damage or terrorism and to prevent the introduction of smuggled goods, people or weapons of mass destruction along the supply chain (Closs et al. ,2004).
The food industry sees the safety of its products as its main concern.Over the years, industry and regulators have developed food safety management systems, like Hazard Analysis Critical Control Point (HACCP), which is accepted globally (CA, 2003).HACCP however has not been routinely used to detect or mitigate deliberate attacks on a system or process (food terrorism).
Food terrorism has been defined as "an act or deliberately try of food contamination for human consumption with chemical, physical or microbiological agents, with the purpose of causing damage or death to civil populations or to interrupt the social, politic or economic stability" (WHO, 2008;Veiga, 2011).For the World Health Organization, food terrorism has become one of the biggest global public health threats in the 21st Century.It expresses concerns about the possibility that physical, chemical or biological agents might deliberately be used to harm civilian populations.In this regard, food is recognized as a potential vehicle for disseminating such agents to a broad population (WHO, 2008;WHO, 2003).
The Food Defense refers to the analysis, control and improvement of prevention mechanisms of those attacks; that is, the Food Defense involves a Risks Management.Risk management consists of recognizing the hazards, evaluating them and regulating some in relation to others, leaving aside the attempt to restore situations in which the risk would be completely excluded (Dourlens et al. ,1991).Then, food defense are procedures adopted to assure the security of food and drink and their supply chains from malicious and ideologically motivated attack leading to contamination or supply disruption (BSI, 2014).
However, in food defense the term threat is used instead of the term hazard.Hazard is something that can cause loos or harm which arises from a naturally occurring or accidental event or results from incompetence or ignorance of the people involved.Threat is something that can cause loss or harm which arises from the ill-intent of people (BSI, 2014).
Deliberate acts against food and food supply take several forms.The types of threat are BSI (2014): • Economically Motivated Adulteration (EMA): the motivation of this threat is financial, to gain an increased income from selling a foodstuff in a way which deceives customers and consumers.This may be by either passing off a cheaper material as a more expensive one.Or it may be that a less expensive ingredient is used to replace or extend the more expensive one.The avoidance of loss may also be an incentive for adulteration.The intention of EMA is not to cause illness or death, but that may be the result.
• Malicious contamination: the motivation for this threat may be to cause localized or widespread illness or death.In some cases, the attacker did not want the contamination to be detected before it was consumed, therefore the contaminant had to be an effective toxin with little effect on the palatability of the food.In other cases, the motivation could be publicity.Public opinion would have been against the attackers if harm had been caused to members of the public, but the supplier could not take that risk.Materials which could be used by an attacker to gain publicity, or to extort money, are more readily found than those needed to cause widespread harm.Contamination close to point of consumption or sale is more likely to cause harm to health than an attack on crops or primary ingredients.
• Extortion: The motivation for this threat by either an individual or group is financial, to obtain money from the victim organization.Such activity is attractive to the criminal mind when the product, like baby food, is sensitive or where a company is seen as rich.
• Espionage: The motivation of this threat is for competitors seeking commercial advantage to access intellectual property.They may infiltrate using insiders to report, or may attack remotely through information technology systems.Alternatively, organizations may try to entice executives to reveal confidential information or use covert recording to capture such material, or they may simply steal the material.
• Counterfeiting: the motivation for counterfeiting is financial gain, by fraudulently passing off inferior goods as established and reputable brands.Both organized and petty crime can cause companies financial loss and harm to their reputation.The former, for example, can use sophisticated printing technologies to produce product labels that are indistinguishable from the genuine ones.Organized criminals may try to mimic the food contents closely to delay detection and investigation.Petty criminals may be tempted by a "quick killing" and be less concerned about the safety of the food.
For these reasons, Food defense is an increasingly important topic to governments of different countries, as can be seen in various agreements, laws and standards.Among the most important are: Food Safety Modernization Act (FSMA), Customs-Trade Partnership Against Terrorism (C-TPAT), ISO/TS 22002-1: 2009, PAS 96:2014and SQF Code 7.2 Ed. (ISO, 2009;BSI, 2014;C-TPAT, 2014;FDA, 2014;SQFI, 2014).The oversight in this matter can lead to an increase in the failure probability in the security of the alimentary supply chain (Food Supply Chain: FSC); and therefore, generate potentially high costs for its constituents.This article explores how control over the dangers presented by food terrorism can improve supply chain security through an approach that encompasses risk analysis.This proposal establishes a system that is able to promote the security of each link, causing the whole supply chain to benefit from it, from the farm to the final consumers.The initial study covers only the theoretical methodological proposal and focusses only on the companies of the food sector of Guanajuato State in Mexico.However, it may extend into a research plan security of food supply chain.
Finally, this paper includes results of research in the doctoral thesis of Navarrete and Lario (2012), and previous results published in Navarrete et al.,(2015).

METHODOLOGY
The development of this proposal has been carried out under an approach that results from adaptation (and/ or combination) of different management systems that cover a risk analysis, such as the Management System of Information Security (MSIS), based on the standard ISO/ IEC 27001 1 .The proposed procedure has been prepared in compliance with the Good Manufacturing Practices (GMPs) and the recommendations of the Food Defense proposed by experts in the government, academic and private fields of the alimentary sector.A risk analysis approach was taken into account during the evaluations of the intentional contamination hazards of the supply chain links.
To develop the Management System for the Prevention of Intentional Contamination (MSPIC), and the security improvement to the Supply Chain, the continuous PDCA cycle is used (Plan, Do, Check, Act), which is traditional in quality management systems (see Figure 1).• Plan: establishes the MSPIC.
• Do: implements and uses the MSPIC.
• Check: monitors and reviews the MSPIC.
• Act: maintains and improves the MSPIC.
The adoption of the MSPIC should be a strategic decision of organizations.The design and implementation of this management system within an organization are influenced by: a) its organizational environment, the changes that it undergoes, and the associated risks; b) its changing needs; c) its objectives; d) the products that it makes; e) its processes; f) its size; and g) its structure.
This system adopts a process approach.A process is a sequence of activities that use resources (inputs) and transforms these inputs into products (outputs).Often the output from one process directly forms the input to the next process.MSPIC takes as input the Good Manufacturing Practices (GMP´s) and food defense recommendations and through the necessary actions and processes produces food defense controls that meet those requirements.
The GMP´s have been developed for many years to prevent accidental contamination of food (FDA, 1999;CA, 2003), compared to the recommendations of the food defense which they are very recent and are used to prevent intentional contamination.
In the reviewed literature from various sources, including USDA ( 2004USDA ( , 2008USDA ( , 2009aUSDA ( , 2009bUSDA ( y 2013)), DHSS (2001DHSS ( , 2005DHSS ( , 2007aDHSS ( , 2007bDHSS ( , 2007c)), Rasco & Bledsoe, (2006), Valle et al. (2007), WHO (2008), Rasco and Bledsoe (2010) FDA (2012, 2014), BSI (2014), C-TPAT (2014) and AIB (2015); described the general food defense recommendations to follow in order to prevent food terrorism.In some references, such as those presented by the USDA, they are grouped to have certain common characteristics.According to their scope, it is proposed to classify the recommendations of defense food used in six types: • Food defense programs The MSPIC is designed to ensure the selection of adequate and proportionate controls that protect against food terrorism.Controls are based on the results and conclusions of the risk assessment, legal or regulatory requirements, contractual obligations and the organization's business requirements for food defense.

Plan
In this phase the MSPIC creation takes place, with the scope definition and the Security Policy.The scope refers to the limits the MSPIC will have in terms of the characteristics of the FSC chain, its organizational structure, its location, its activities, its technology and the details of and justification for anything excluded from its range.The MSPIC policy as defined and approved by the management will include: i) a key framework for objectives setting out a general sense of direction and principals for action relating to the prevention of intentional contamination; ii) the legal and commercial requirements; and iii) the definition of a criterion for evaluating risk that is in line with the organization's strategic risk management framework.
The fundamental core of this phase as well as of the MSPIC is the risk analysis performance that reflects the current situation of the entity.For the risks analysis it is necessary to define an adequate risk evaluation methodology, besides establishing the risk acceptance criteria and specifying the acceptable risk levels.It is of utmost importance to identify the threats within the business processes and infrastructure of the analyzed supply chain link.Afterwards, the risks related to the identified threats are being evaluated.Some of the methodologies, which could be adapted for this purpose, although currently used in the field of information security, are Magerit (Methodology of analysis and risk management information systems); the methodology detailed in the ISO/ IEC 27005 standard, OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation), etc.In the field of food safety, methodologies that could be adapted are ORM (Operational Risk Management), CARVER + Shock, or the methodology suggested for business processes in Navarrete et al. ( 2011).
However, a methodology has recently emerged that focuses on the analysis of risks related to food defense.This methodology is in line with HACPP, but it may require information to be provided by other departments such as those of human resources, purchasing, and security.

Risk Analysis Methodology
This section describes the risk analysis methodology mentioned at the end of the previous section.This methodology has been designed to prevent the deliberate contamination of foodstuffs.The aim of such attacks may not be solely terrorist in nature -they may also have a fraudulent objective based on financial motives.
The name of the methodology is Threat Assessment Critical Control Points (TACCP), which it is first described in BSI (2014).TACCP is defined as a systematic management of risk through the evaluation of threats, identification of vulnerabilities, and implementation of controls to materials and products, purchasing, processes, premises, distribution networks and business systems by a knowledgeable and trusted team with the authority to implement changes to procedures (BSI, 2014).
The following flowchart (see Figure 2) and description of the TACCP process focuses on deliberate adulteration and contamination (BSI, 2014).
The product, the premises and the organization can be the target of an attack from a range of groups and individuals, and each element should be assessed separately.The TACCP team should consider suppliers under financial stress, alienated employees and former employees, single issue groups, commercial competitors, media organizations, terrorist organizations, criminals and local pressure groups.
An examination of each step of the process with a flow chart could help identify the vulnerable points and the people who would have access to them.The TACCP team identify possible threats at each vulnerable point of process and asses its impact.In addition, the team determines if routine control procedures detecting such threats or could mitigate them.
For each identified threat the TACCP team considers and gives a score for the likelihood of each threat happening and for its impact (see Table 1).This is an example scoring matrix where organizations may choose their own ranking scheme.The likelihood of a threat happening can be judged by considering: whether an attacker would achieve their aims if successful; whether an attacker could have access to the product or process; whether an attacker would be deterred by protective measures; whether an attacker would prefer other targets; and whether an attack would be detected before it had any impact.The impact might be assessed in financial terms or in terms of the seniority of staff needed to deal with it (BSI, 2014).
Finally, the different risk treatment options are identified and evaluated.In this methodology, food defense controls are selected to improve food defense performance.

Do
In this phase the MSPIC' policy and controls are implemented and operate with the risks treatment plan and its execution.The plan should establish the actions, resources, responsibilities and priorities in the risks management; with the purpose to achieve the identified control objectives.The possible actions for dealing with risk include: i) applying the controls; ii) consciously accepting the risk (doing nothing), as long as the criteria for risk acceptance are met; iii) avoiding risk (not carrying out the activity which entails risk); or iv) transferring the risk (for example by insuring or subcontracting).The controls have been prepared in compliance with the Good Manufacturing Practices (GMPs) and the Food Defense recommendations proposed by experts in the government, academic and private fields of the alimentary sector.The definition of metrics and indicators is important to evaluate the efficiency of the implanted controls.
Training programs must also be established to ensure that the personnel who have responsibilities defined in the MSPIC are competent to perform the relevant tasks.The personnel in charge must be aware of the relevance and importance of all the prevention activities to contribute to the food defense goals.
Organizations must provide the resources required to: a) implement and maintain the MSPIC, while continually improving its effectiveness; b) identify and evaluate legal and contractual requirements; c) identify individuals and/ or groups that may represent a threat to the organizations; d) maintain the appropriate level of security by correctly applying established control procedures; and e) conduct reviews of the MSPIC when necessary.

Check
During this phase different types of revisions are performed to check the correct system implantation.Among those, an independent and objective internal audit takes place; as well as a global review of the MSPIC by the Board.
Audits must be planned by taking into consideration the state and importance of the processes and areas to be audited, as well as the results of previous audits.
Internal audits should be carried out at planned intervals to determine whether the controls, control objectives and system procedures: i) comply with legislation or international standards; ii) comply with good manufacturing practices (GMPs) and Food Defense recommendations; iii) are implemented and maintained effectively; and iv) are performed as anticipated.
The management must check the MSPIC at planned intervals to ensure continuity, effectivity and suitability.The results of both checks must be clearly recorded and the records must be maintained.
To evaluate the competency of an organization's internal auditors and the audit teams, there must be evidence that the organization: i) has identified the competency requirements for its internal auditors, ii) has provided appropriate training, iii) has implemented a process that monitors the performance of its internal auditors and audit teams, iv) includes in its audit teams staff who have specific and adequate knowledge of the sector (so that the teams are able to identify when the likelihood of a deviation within a particular process or activity may lead to significant consequences with regard to food defense).Some of the general objectives of these checks are: to identify the security gaps, to guarantee the effectiveness of the controls, to update the risks analysis or review the compliance with the MSPIC's policy and objectives.

Act
The result of the reviews should be reflected in the definition and implantation of corrective, preventive and improved actions to advance in the achievement of an effective and efficient MSPIC.At this stage, the FSC chain must do the following: i) implement the identified improvements; ii) establish preventative and corrective actions; iii) communicate results and actions to those effected at an appropriate level of detail; and iv) ensure that improvements achieve their stated objectives.
The organization continually improve the effectiveness of the MSPIC through the use of the food defense policy, food defense objectives, audit results, corrective and preventive actions and management review.Actions to eliminate the cause of nonconformities with the MSPIC requirements in order to prevent recurrence (ISO/IEC 27001, 2013).
Corrective and preventative actions are basic tools with which to achieve the continual improvement of organizations.The objective of these actions is to eliminate real and potential causes of problems and nonconformities, thereby preventing such incidents from being repeated.We refer to a corrective action when the nonconformity we wish to avoid has already happened, while an action is deemed preventative when the nonconformity has not yet taken place, but there are well-founded suspicions that it could indeed occur.
The originating cause of a nonconformity is the key element to be dealt with when we talk of corrective and preventative actions.Knowing the real cause, in the greatest amount of detail, makes it easier to take the correct action and also improves the effectiveness of that action.Causeand-effect diagrams are a very useful tool for performing this task.The actions taken to eliminate the cause of the nonconformity must be planned.This means they must be organized with adequate time, and that the appropriate resources and responsibilities must also be defined.Organizations must record and verify that the planned actions have been carried out.Once these actions have been completed, it is necessary to check whether they have been effective and whether the originating cause of the nonconformity has been eliminated.

CONCLUSION
To address the issues raised in the introduction, a proposal for a management system for the prevention of intentional contamination (MSPIC) of food is performed.
The results of the research may be summarized as follows: • A proposal is made for a management system, based on risk analysis that will improve food defense.
• The proposal makes it possible for metrics to be employed in order to find out the state of an organization with regard to its food-defense performance.

Brazilian Journal of Operations & Production Management
Volume 13, Número 2, 2016, pp. 174-183 DOI: 10.14488/BJOPM.2016.v13.n2.a4 • According to the research reference frame, the proposal has the potential to improve the security of the supply chain in the alimentary sector of Guanajuato State, Mexico.
• In accordance to the research scope, the proposal has the potential to improve the food security (food safety and food defense) in the alimentary sector links in Guanajuato.
The system uses the continuous PDCA cycle (Planning, Doing, Checking, Acting), which are traditional systems of quality management.In the planning phase, the MSPIC is established, i.e., the risk analysis is performed and the policies, objectives and procedures are established to be managed.For the doing phase, the MSPIC is implemented, in other words, executing the policy, the controls and the procedures.In the checking phase, the MSPIC evaluates the performance through internal audits and management reviews.Finally, on the acting stage, the MSPIC is maintained and improved.i.e., there are preventive and corrective actions performed based on the previous step.
The risk analysis, proposed as part of the MSPIC planning stage, includes three principal components: i) risk evaluation, ii) communication of risks, and iii) risk management.Risk analysis provides an instrument that gives people the information necessary for taking effective decisions and achieving significant progress as regards the issue of food defense.
The PDCA is a continuous life cycle, which means that the Acting phase brings back to the Planning stage to start a new cycle of the four phases.There-fore, the system enables continuous improvement in risk prevention of intentional contamination and increased security of the food supply chain, not only in the food sector in the state of Guanajuato, but it can be extended into a security re-search plan of the food supply chain.
With the proposal complete, and taking into account its limitations, some future lines of research have been identified.
• According to an analysis of the available literature, there is clear evidence of a lack of research on food defense in the context of both supply chain management and business process management.The gap in this field of knowledge could be considered for further exploration.
• The immediate evaluation of the proposal in a company from the food sector, based in Guanajuato, Mexico.
• A possible extension of the research problem would contemplate more links in the supply chain, that is, taking in consideration producers and distributors into an 'upstream' and 'downstream' scenario of the customer and the supplier, located in different places, they may also be featured as multi-linked (multiple clients), so that various types of supply chain could contemplated.
• An auspicious extension of the research problem would be to change the application to other geographic regions in other countries or continents.It could also be applied in various subsectors of the food industry, such as the meat or milk markets.
• A future research direction would be the development of new alternatives for the development of a food defense KPI that could be helpful to measure improvement.
• A possible future line of research includes the development of software that helps food defense management.It is vital that the exchange of information about the threats of food terrorism between government institutions and the links in the food supply chain is made quickly and effectively.
• Another line of research can refer to calculate the implementation costs for mitigating the threats of terrorism in food supply chains.
The proposal given in this paper allows giving the business companies and the managers of the supply chain the tools for implementing the concept of food defense based on a risk analysis.This implies a great advantage, since the necessary activities for the fulfillment of the recommendations can be implemented on an adequate food defense, in an easy and systematic way.
On the other hand, managers can also provide a management system and continuous improvement of food defense that can be applied in any food supply chain, which has a potential market value to use in consulting companies.
It is important to note that a second phase of the research is scheduled for implementation on any particular company in the food sector.By proposing the possible application of MSPIC to a real case, the validation of the proposal is made contrasting it with the business reality.
External physical infrastructure installation • Staff and visitors program • Reception of raw materials and supplies facility operations • Storage and shipment of the finished product