Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We have made big changes to make the eCFR easier to use. Be sure to leave feedback using the Feedback button on the bottom right of each page!

e-CFR data is current as of March 5, 2021

Title 21Chapter ISubchapter BPart 121 → Subpart C


Title 21: Food and Drugs
PART 121—MITIGATION STRATEGIES TO PROTECT FOOD AGAINST INTENTIONAL ADULTERATION


Subpart C—Food Defense Measures


Contents
§121.126   Food defense plan.
§121.130   Vulnerability assessment to identify significant vulnerabilities and actionable process steps.
§121.135   Mitigation strategies for actionable process steps.
§121.138   Mitigation strategies management components.
§121.140   Food defense monitoring.
§121.145   Food defense corrective actions.
§121.150   Food defense verification.
§121.157   Reanalysis.

return arrow Back to Top

§121.126   Food defense plan.

(a) Requirement for a food defense plan. You must prepare, or have prepared, and implement a written food defense plan.

(b) Contents of a food defense plan. The written food defense plan must include:

(1) The written vulnerability assessment, including required explanations, to identify significant vulnerabilities and actionable process steps as required by §121.130(c);

(2) The written mitigation strategies, including required explanations, as required by §121.135(b);

(3) The written procedures for the food defense monitoring of the implementation of the mitigation strategies as required by §121.140(a);

(4) The written procedures for food defense corrective actions as required by §121.145(a)(1); and

(5) The written procedures for food defense verification as required by §121.150(b).

(c) Records. The food defense plan required by this section is a record that is subject to the requirements of subpart D of this part.

return arrow Back to Top

§121.130   Vulnerability assessment to identify significant vulnerabilities and actionable process steps.

(a) Requirement for a vulnerability assessment. You must conduct or have conducted a vulnerability assessment for each type of food manufactured, processed, packed, or held at your facility using appropriate methods to evaluate each point, step, or procedure in your food operation to identify significant vulnerabilities and actionable process steps. Appropriate methods must include, at a minimum, an evaluation of:

(1) The potential public health impact (e.g., severity and scale) if a contaminant were added;

(2) The degree of physical access to the product; and

(3) The ability of an attacker to successfully contaminate the product.

(b) Inside attacker. The assessment must consider the possibility of an inside attacker.

(c) Written vulnerability assessment. Regardless of the outcome, the vulnerability assessment must be written and must include an explanation as to why each point, step, or procedure either was or was not identified as an actionable process step.

return arrow Back to Top

§121.135   Mitigation strategies for actionable process steps.

(a) You must identify and implement mitigation strategies at each actionable process step to provide assurances that the significant vulnerability at each step will be significantly minimized or prevented and the food manufactured, processed, packed, or held by your facility will not be adulterated under section 402 of the Federal Food, Drug, and Cosmetic Act. For each mitigation strategy implemented at each actionable process step, you must include a written explanation of how the mitigation strategy sufficiently minimizes or prevents the significant vulnerability associated with the actionable process step.

(b) Mitigation strategies and accompanying explanations must be written.

return arrow Back to Top

§121.138   Mitigation strategies management components.

Mitigation strategies required under§121.135 are subject to the following mitigation strategies management components as appropriate to ensure the proper implementation of the mitigation strategies, taking into account the nature of each such mitigation strategy and its role in the facility's food defense system:

(a) Food defense monitoring in accordance with §121.140;

(b) Food defense corrective actions in accordance with §121.145; and

(c) Food defense verification in accordance with §121.150.

return arrow Back to Top

§121.140   Food defense monitoring.

As appropriate to the nature of the mitigation strategy and its role in the facility's food defense system:

(a) Written procedures. You must establish and implement written procedures, including the frequency with which they are to be performed, for food defense monitoring of the mitigation strategies.

(b) Food defense monitoring. You must monitor the mitigation strategies with adequate frequency to provide assurances that they are consistently performed.

(c) Records—(1) Requirement to document food defense monitoring. You must document the monitoring of mitigation strategies in accordance with this section in records that are subject to verification in accordance with §121.150(a)(1) and records review in accordance with §121.150(a)(3)(i).

(2) Exception records. Records may be affirmative records demonstrating the mitigation strategy is functioning as intended. Exception records demonstrating the mitigation strategy is not functioning as intended may be adequate in some circumstances.

return arrow Back to Top

§121.145   Food defense corrective actions.

(a) Food defense corrective action procedures. As appropriate to the nature of the actionable process step and the nature of the mitigation strategy:

(1) You must establish and implement written food defense corrective action procedures that must be taken if mitigation strategies are not properly implemented.

(2) The food defense corrective action procedures must describe the steps to be taken to ensure that:

(i) Appropriate action is taken to identify and correct a problem that has occurred with implementation of a mitigation strategy; and

(ii) Appropriate action is taken, when necessary, to reduce the likelihood that the problem will recur.

(b) Records. All food defense corrective actions taken in accordance with this section must be documented in records that are subject to food defense verification in accordance with §121.150(a)(2) and records review in accordance with §121.150(a)(3)(i).

return arrow Back to Top

§121.150   Food defense verification.

(a) Food defense verification activities. Food defense verification activities must include, as appropriate to the nature of the mitigation strategy and its role in the facility's food defense system:

(1) Verification that food defense monitoring is being conducted as required by §121.138 (and in accordance with §121.140);

(2) Verification that appropriate decisions about food defense corrective actions are being made as required by §121.138 (and in accordance with §121.145);

(3) Verification that mitigation strategies are properly implemented and are significantly minimizing or preventing the significant vulnerabilities. To do so, you must conduct activities that include the following, as appropriate to the facility, the food, and the nature of the mitigation strategy and its role in the facility's food defense system:

(i) Review of the food defense monitoring and food defense corrective actions records within appropriate timeframes to ensure that the records are complete, the activities reflected in the records occurred in accordance with the food defense plan, the mitigation strategies are properly implemented, and appropriate decisions were made about food defense corrective actions; and

(ii) Other activities appropriate for verification of proper implementation of mitigation strategies; and

(4) Verification of reanalysis in accordance with §121.157.

(b) Written procedures. You must establish and implement written procedures, including the frequency for which they are to be performed, for verification activities conducted according to §121.150(a)(3)(ii).

(c) Documentation. All verification activities conducted in accordance with this section must be documented in records.

return arrow Back to Top

§121.157   Reanalysis.

(a) You must conduct a reanalysis of the food defense plan, as a whole at least once every 3 years;

(b) You must conduct a reanalysis of the food defense plan as a whole, or the applicable portion of the food defense plan:

(1) Whenever a significant change made in the activities conducted at your facility creates a reasonable potential for a new vulnerability or a significant increase in a previously identified vulnerability;

(2) Whenever you become aware of new information about potential vulnerabilities associated with the food operation or facility;

(3) Whenever you find that a mitigation strategy, a combination of mitigation strategies, or the food defense plan as a whole is not properly implemented; and

(4) Whenever FDA requires reanalysis to respond to new vulnerabilities, credible threats to the food supply, and developments in scientific understanding including, as appropriate, results from the Department of Homeland Security biological, chemical, radiological, or other terrorism risk assessment.

(c) You must complete such reanalysis required by paragraphs (a) and (b) of this section and implement any additional mitigation strategies needed to address the significant vulnerabilities identified, if any:

(1) Before any change in activities (including any change in mitigation strategy) at the facility is operative;

(2) When necessary within 90-calendar days after production; and

(3) Within a reasonable timeframe, providing a written justification is prepared for a timeframe that exceeds 90 days after production of the applicable food first begins.

(d) You must revise the written food defense plan if a significant change in the activities conducted at your facility creates a reasonable potential for a new vulnerability or a significant increase in a previously identified vulnerability or document the basis for the conclusion that no revisions are needed.

return arrow Back to Top

Need assistance?