FDA announced the availability of supplemental draft guidance entitled "Mitigation Strategies to Protect Food Against Intentional Adulteration," to support compliance with the Intentional Adulteration (IA) Rule under the FDA Food Safety Modernization Act (FSMA). The third and final installment of draft guidance for the IA rule is intended to help food facilities required to comply with the FSMA IA rule in the following areas: food defense corrective actions, food defense verification, reanalysis, and recordkeeping. The guidance also contains appendices on FDA's online Mitigation Strategies Database, which provides a range of mitigation strategies for individuals to consider implementing at points, steps or procedures to minimize the vulnerability to an intentional attack, as well as how businesses can determine their status as a small or very small business under the rule. Compliance requirements for large facilities began in July 2019, and inspections under the IA rule are scheduled to begin in March 2020

Original Post Begins Here.

The FDA Food Safety Modernization Act (FSMA) final rule is aimed at preventing intentional adulteration from acts intended to cause wide-scale harm to public health, including acts of terrorism targeting the food supply. Such acts, while not likely to occur, could cause illness, death, economic disruption of the food supply absent mitigation strategies.

Rather than targeting specific foods or hazards, this rule requires mitigation (risk-reducing) strategies for processes in certain registered food facilities.

The proposed rule was issued in December 2013. The changes in the final rule are largely designed to provide either more information, where stakeholders requested it, or greater flexibility for food facilities in determining how they will assess their facilities, implement mitigation strategies, and ensure that the mitigation strategies are working as intended.

In developing the rule, FDA interacted with the intelligence community and considered vulnerability assessments conducted in collaboration with the food industry.

While acts of intentional adulteration may many other forms, including acts of disgruntled employees or economically motivated adulteration, the goal of this rule is to prevent acts intended to cause wide-scale harm. Economic adulteration is addressed in the final preventive controls rules for human and animal foods.


With some exceptions listed below, this rule applies to both domestic and foreign companies that are required to register with the FDA as food facilities under the Federal Food, Drug, and Cosmetic (FD&C) Act.

This rule is designed to primarily cover large companies whose products reach many people, exempting smaller companies. There are 3,400 covered firms that operate 9,800 food facilities.

It does not cover farms.


While this is the first time that companies are required to create a food defense plan, the FDA has taken an approach similar to Hazard Analysis Critical Control Point (HACCP) system, an approach adopted by industry for the identification, evaluation and control of food safety hazards. The FSMA rules advance and strengthen those safeguards. Each covered facility is required to prepare and implement a food defense plan. This written plan must identify vulnerabilities and actionable process steps, mitigation strategies, and procedures for food defense monitoring, corrective actions and verification. A reanalysis is required every three years or when certain criteria are met, including mitigation strategies that are determined to be improperly implemented.

Vulnerability assessment: This is the identification of vulnerabilities and actionable process steps for each type of food manufactured, processed, packed or held at the food facility. For each point, step, or procedure in the facility’s process, these elements must be evaluated:

  • The severity and scale of the potential impact on public health. This would include such considerations as the volume of product, the number of servings, the number of exposures, how fast the food moves through the distribution system, potential agents of concern and the infectious/lethal dose of each; and the possible number of illnesses and deaths.

  • The degree of physical access to the product. Things to be considered would include the presence of such physical barriers as gates, railings, doors, lids, seals and shields.

  • The ability to successfully contaminate the product.

Mitigation strategies: These should be identified and implemented at each actionable process step to provide assurances that vulnerabilities will be minimized or prevented. The mitigation strategies must be tailored to the facility and its procedures.

  • The final rule removes the distinction between “broad” and “focused” mitigation strategies. The original proposal only required “focused” mitigation strategies because “broad” mitigation strategies, such as a fence around the entire facility, did not protect specific points from being attacked by an insider.

  • The final rule recognizes that a mitigation strategy, applied in a directed and appropriate way to protect the actionable process step from an insider attack, would sufficiently minimize the risk of intentional adulteration.

Mitigation strategy management components: Steps must be taken to ensure the proper implementation of each mitigation strategy. In each of these areas of food defense, the facilities are given more flexibility in the final rule to establish the actions most appropriate to their operation and product.

  • Monitoring: Establishing and implementing procedures, including the frequency with which they are to be performed, for monitoring the mitigation strategies.

  • Corrective actions: The response if mitigation strategies are not properly implemented.

  • Verification: Verification activities would ensure that monitoring is being conducted and appropriate decisions abou