Food-Processing Security

The events of September 11, 2001, have placed added emphasis on ensuring the security of the nation's food supply. GAO examined (1) whether FDA and USDA have sufficient authority under current statutes to require that food processors adopt security measures, (2) what security guidelines FDA and USDA have provided to industry, and (3) what security measures food processors have adopted.

Federal food safety statutes give the Food and Drug Administration (FDA) and the U.S. Department of Agriculture (USDA) broad authority to regulate the safety of the U.S. food supply but do not specifically authorize them to impose security requirements at food-processing facilities. However, these agencies' food safety statutes can be interpreted to provide authority to impose certain security measures. FDA believes that its statutes authorize it to regulate food security to the extent that food security and safety overlap but observes that there is little overlap between security and safety. USDA believes that it could require food processors to adopt certain security measures that are closely related to sanitary conditions inside the facility. USDA also believes that the statutes, however, cannot be interpreted to authorize the regulation of security measures that are not associated with the immediate food-processing environment, such as requiring fences, alarms, and outside lighting. Neither agency believes that it has the authority to regulate all aspects of security at food-processing facilities. Both FDA and USDA issued voluntary security guidelines to help food processors identify measures to prevent or mitigate the risk of deliberate contamination. Because these guidelines are voluntary, neither agency enforces, monitors, or documents their implementation. Both FDA and USDA have asked their inspectors to be vigilant and to discuss security with managers at food-processing facilities, but the agencies have stressed that inspectors should not enforce the implementation of security measures or document any observations because of the possible release of this information under the Freedom of Information Act and the potential for the misuse of this information. Since FDA and USDA do not monitor and document food processors' implementation of security guidelines, the extent of the industry's adoption of security measures is unknown. According to officials of trade associations and the five facilities we visited, however, food processors are implementing a range of security measures. In addition, the FDA and USDA field inspectors we surveyed indicated that most facilities have implemented some security measures, such as installing fences. However, the inspectors were less able to comment on security measures that were not as obvious, such as accounting for missing stock and implementing proper mail-handling practices. The inspectors also noted that while USDA has provided some of its field supervisory personnel with security training on the voluntary security guidelines it issued, it has not provided most of its inspectors with such training. FDA has not provided its staff with any training on the security guidelines. Without training on the security guidelines, inspectors are limited in their ability to conduct informed discussions regarding security with managers at food-processing facilities.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone: