United States General Accounting Office GAO Report to Congressional Requesters February 2003 FOOD-PROCESSING SECURITY Voluntary Efforts Are Under Way, but Federal Agencies Cannot Fully Assess Their Implementation GAO-03-342 February 2003 FOOD-PROCESSING SECURITY Voluntary Efforts Are Under Way, but Highlights of GAO-03-342, a report Federal Agencies Cannot Fully Assess to Senators Richard J. Durbin and Tom Harkin Their Implementation The events of September 11, 2001, Federal food safety statutes give the Food and Drug Administration (FDA) have placed added emphasis on and the U.S. Department of Agriculture (USDA) broad authority to regulate ensuring the security of the the safety of the U.S. food supply but do not specifically authorize them to nation’s food supply. GAO impose security requirements at food-processing facilities. However, these examined (1) whether FDA and agencies’ food safety statutes can be interpreted to provide authority to USDA have sufficient authority under current statutes to require impose certain security measures. FDA believes that its statutes authorize it that food processors adopt security to regulate food security to the extent that food security and safety overlap measures, (2) what security but observes that there is little overlap between security and safety. USDA guidelines FDA and USDA have believes that it could require food processors to adopt certain security provided to industry, and (3) what measures that are closely related to sanitary conditions inside the facility. security measures food processors USDA also believes that the statutes, however, cannot be interpreted to have adopted. authorize the regulation of security measures that are not associated with the immediate food-processing environment, such as requiring fences, alarms, and outside lighting. Neither agency believes that it has the authority to regulate all aspects of security at food-processing facilities. This report recommends that the Secretaries of the Departments of Both FDA and USDA issued voluntary security guidelines to help food Health and Human Services and Agriculture study their agencies’ processors identify measures to prevent or mitigate the risk of deliberate existing statutes to identify what contamination. Because these guidelines are voluntary, neither agency additional authorities they may enforces, monitors, or documents their implementation. Both FDA and need relating to security measures USDA have asked their inspectors to be vigilant and to discuss security with at food-processing facilities to managers at food-processing facilities, but the agencies have stressed that reduce the risk of deliberate inspectors should not enforce the implementation of security measures or contamination of the food supply. document any observations because of the possible release of this On the basis of these studies’ information under the Freedom of Information Act and the potential for the results, the agencies should seek misuse of this information. additional authority from the Congress, as needed. Since FDA and USDA do not monitor and document food processors’ GAO also recommends that the implementation of security guidelines, the extent of the industry’s adoption agencies provide training for all of security measures is unknown. According to officials of trade food inspection personnel to associations and the five facilities we visited, however, food processors are enhance their awareness and implementing a range of security measures. In addition, the FDA and USDA ability to discuss security measures field inspectors we surveyed indicated that most facilities have implemented with plant personnel. some security measures, such as installing fences. However, the inspectors were less able to comment on security measures that were not as obvious, USDA agreed with this report’s such as accounting for missing stock and implementing proper mail-handling recommendations. FDA agreed practices. The inspectors also noted that while USDA has provided some of with the recommendation to its field supervisory personnel with security training on the voluntary provide training for all food security guidelines it issued, it has not provided most of its inspectors with inspection personnel but took no position on GAO’s other such training. FDA has not provided its staff with any training on the recommendation. security guidelines. Without training on the security guidelines, inspectors are limited in their ability to conduct informed discussions regarding www.gao.gov/cgi-bin/getrpt?GAO-03-342. security with managers at food-processing facilities. To view the full report, including the scope and methodology, click on the link above. For more information, contact Lawrence J. Dyckman at (202) 512-3841 or email@example.com. Contents Letter 1 Results in Brief 3 Background 5 Existing Food Safety Statutes Do Not Provide Sufficient Authority to Regulate All Aspects of Security at Food-Processing Facilities 9 FDA and FSIS Issued Voluntary Security Guidelines to Food Processors but Do Not Track or Document the Extent to Which They Are Being Implemented 11 Food Processors Are Implementing a Range of Security Measures, but Extent of Implementation Is Largely Unknown to FDA and FSIS 15 Conclusions 22 Recommendations for Executive Action 23 Agency Comments and Our Evaluation 23 Appendix I Scope and Methodology 26 Appendix II FDA Survey Results 28 Appendix III FSIS Survey Results 33 Appendix IV Comments from the U.S. Department of Agriculture 43 Appendix V Comments from the Food and Drug Administration 44 Appendix VI GAO Contacts and Staff Acknowledgments 47 Table Table 1: State Officials’ Satisfaction with Federal, State, and Industry Efforts to Safeguard Food Products from Deliberate Contamination 22 Page i GAO-03-342 Food-Processing Security Figures Figure 1: Examples of Security Measures Contained in FDA and FSIS Guidelines 12 Figure 2: Percentage of Survey Responses Indicating Observation or Knowledge of More Visible Security Measures 19 Figure 3: Percentage of Survey Responses Indicating Observation or Knowledge of Less Visible Security Measures 20 Abbreviations CDC Centers for Disease Control and Prevention EPA Environmental Protection Agency FBI Federal Bureau of Investigation FDA Food and Drug Administration FSIS Food Safety and Inspection Service GAO General Accounting Office HACCP Hazard Analysis and Critical Control Point ISAC Information Sharing and Analysis Center USDA U.S. Department of Agriculture This is a work of the U.S. Government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. It may contain copyrighted graphics, images or other materials. Permission from the copyright holder may be necessary should you wish to reproduce copyrighted materials separately from GAO’s product. Page ii GAO-03-342 Food-Processing Security United States General Accounting Office Washington, DC 20548 February 14, 2003 The Honorable Richard J. Durbin Ranking Democratic Member Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia Committee on Governmental Affairs United States Senate The Honorable Tom Harkin Ranking Democratic Member Committee on Agriculture, Nutrition and Forestry United States Senate Ensuring the safety of the nation’s food supply—protecting the food supply from unintentional contamination—is a key objective of the Department of Health and Human Service’s Food and Drug Administration (FDA) and the Food Safety and Inspection Service (FSIS) of the U.S. Department of Agriculture (USDA). Since the terrorist attacks of September 11, 2001, however, ensuring food security—that is, protecting the food supply from deliberate contamination—has also become a heightened concern of these agencies. Bioterrorism experts, government officials, and scientists at the Centers for Disease Control and Prevention (CDC) and the National Academies warn that U.S. food-processing facilities are vulnerable to terrorist attack and that the deliberate introduction of biological and chemical agents into food supplies could sicken large numbers of people and possibly cause many deaths. Some experts note that terrorist groups could introduce infectious disease agents and chemicals into the food supply to confuse public health officials into believing that outbreaks were naturally occurring, thus delaying detection and action. Recognizing this risk, on October 8, 2001, the President added the agriculture and food industries to the list of critical infrastructure sectors needing protection from terrorist attack. Although the U.S. food supply has been mostly secure from deliberate contamination, a few such incidents have occurred. In 1984, for example, a cult group poisoned salad bars in some Oregon restaurants with Salmonella bacteria, and about 750 people became ill. Some large Page 1 GAO-03-342 Food-Processing Security naturally occurring outbreaks of foodborne illness that result from accidental contamination illustrate how widespread and costly the effects of deliberate contamination could be. In 1994, for example, 224,000 people nationwide were infected with Salmonella enteritidis after eating a national brand of ice cream. This outbreak was estimated to have cost about $18.1 million, including $6.9 million for medical care and $11.2 million in time lost from work. The intentional contamination of the food supply could have severe consequences for the economy and the health of the American public. Security measures that could minimize the risk of such an event at food- processing facilities range from restricting visitor access, securing hazardous chemicals, and restricting access to in-plant laboratories to conducting employee background checks, building fences around facilities, and designating a food security management coordinator. In this context, you asked us to determine (1) the extent to which federal statutes can be effectively used to regulate food security at food- processing facilities; (2) what actions FDA and USDA have taken to help food processors prevent or reduce the risk of deliberate food contamination and how these agencies determine the extent to which food-processing facilities are implementing security measures; and (3) the extent to which industry is implementing security measures to better protect food products against deliberate contamination. While experts acknowledge that a terrorist attack could be aimed also at livestock and crops on farms or at foods at retail stores, this review focused on the food-processing segment of the farm-to-table food continuum—that is, from the farm gate to the retail level. Also, we confined our review to domestic food processors, although we recognize that both FDA and USDA have intensified their efforts to enhance the oversight of imported foods at U.S. ports of entry. In conducting our work, we sought the cooperation of industry associations to survey a representative number of food-processing facilities. We also sought permission to visit some food-processing facilities to discuss the extent to which they are implementing security measures, although we acknowledge that industry is not obligated to respond to our inquiries. We were unsuccessful in our attempts to survey a representative number of food-processing facilities because companies were concerned about sharing information on security measures; however, we were able to secure visits to five companies. To obtain a broader overview of the security measures being adopted, we also surveyed FDA and USDA food inspectors to obtain their views on the Page 2 GAO-03-342 Food-Processing Security extent of security they have observed at food-processing facilities they inspect across the country. We also asked state audit offices in all 50 states to interview a selected number of state food safety regulatory officials concerning their food security activities, if any. Eleven agreed to participate. Appendix I contains the details of our scope and methodology. We conducted our review from February through December 2002 in accordance with generally accepted government auditing standards. Federal food safety statutes provide FDA and USDA with broad authority Results in Brief to regulate the safety of the U.S. food supply but do not specifically authorize them to impose security requirements at food-processing facilities. However, while these agencies’ food safety statutes can be interpreted to provide authority to impose certain security requirements, as opposed to food safety requirements, neither agency believes it has the authority to regulate all aspects of security. FDA believes that its authorities under the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act would extend to the regulation of facility security measures to prevent the intentional contamination of food products to the extent that they overlap with food safety. However, FDA observes that there is little overlap between safety and security. USDA believes that the Federal Meat, Poultry Products, and Egg Products Inspection Acts can be construed to authorize it to require food processors to adopt certain security measures that are closely related to sanitary conditions inside food-processing plants. In addition, USDA believes that the statutes cannot be interpreted to authorize the regulation of security measures that are not associated with the immediate food-processing environment. As a result, USDA does not believe it has the authority to require that food processors adopt measures to ensure security outside the premises, such as installing fences, or to require that food processors conduct employee background checks. Both FDA and USDA have issued voluntary guidelines to help food processors identify measures they can implement to prevent or mitigate the risk of deliberate contamination. Because these guidelines are voluntary, neither agency monitors or documents their implementation. Also, FDA and FSIS have instructed their food safety inspectors to be familiar with the agencies’ guidelines as they conduct regular food safety inspections and to discuss, but not interpret, the security guidelines with facility personnel. The agencies have told inspectors not to document the existence or lack of security measures because of the possible release of this information under the Freedom of Information Act and the potential for the misuse of this information. As a result, FDA and FSIS do not have Page 3 GAO-03-342 Food-Processing Security information on the extent of security at food-processing facilities or whether gaps in security may exist in specific industry sectors. FDA and USDA lack comprehensive information on the extent to which food-processing companies are adopting security measures. However, officials from the food trade associations that we contacted believe that food processors are voluntarily implementing a range of security measures, including those in the federal guidelines—from limiting access to facilities to evaluating plant security. Although we found this to be the case at the five food-processing facilities we visited, we could not verify the extent to which industry has adopted security measures nationwide— in part, because food-processing facilities prefer not to share information about their security measures with federal agencies. They are concerned that this sensitive information could be released to the public under the Freedom of Information Act. In particular, the industry is worried that if security gaps at food-processing facilities were made public they could provide a road map for terrorist groups. FDA and FSIS officials also cited this concern as a factor that limits the amount of information they believe they can collect. In addition, according to FDA and FSIS food inspectors we surveyed, the food-processing facilities they regularly inspect are voluntarily implementing a range of security measures and most facilities have implemented measures to enhance perimeter fencing and lighting. On the other hand, these inspectors were less able to comment on less-visible security measures, such as accounting for missing stock and implementing proper mail-handling practices. The inspectors also indicated that larger food-processing facilities are implementing more security measures than smaller ones. Finally, the FDA inspectors that we surveyed stated that they had not received training on food security even though the agency encourages them to discuss security matters with plant personnel. FSIS has provided training to its supervisory field inspection personnel, who reported that it would be beneficial if the field inspectors—who are most directly involved with daily processing activities at each plant—were also trained on security measures. This report recommends that the Secretary of the Department of Health and Human Services and the Secretary of Agriculture study what additional authorities their agencies may need relating to security measures at food-processing facilities to reduce the risk of deliberate contamination of the food supply. On the basis of the results of these studies, the agencies should seek additional authority from the Congress, as needed. The report also recommends executive action aimed at ensuring that the agencies’ field personnel are provided with training on food security measures. Page 4 GAO-03-342 Food-Processing Security We provided FDA and USDA with a draft of this report for their review and comment and received written and oral comments from both agencies on the report’s contents and its recommendations. The agencies also provided technical comments, which we incorporated into the report as appropriate. USDA agreed with the two recommendations made in this report. FDA agreed with our recommendation that it provide all food inspection personnel with training on security measures. FDA did not have an opinion on our recommendation that the agency study what additional authorities it may need relating to security measures at food-processing facilities. USDA’s comments are contained in appendix IV, and FDA’s comments are provided in appendix V. Under the Federal Meat Inspection Act, the Poultry Products Inspection Background Act, and the Egg Products Inspection Act, USDA, through FSIS, is responsible for ensuring the safety of meat, poultry, and certain egg products. Under the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, FDA is responsible for all other foods, including fruits and vegetables; dairy products; seafood; and certain canned, frozen, and packaged foods. The food-processing sector is generally described as the middle segment of the farm-to-table continuum—it extends from the time livestock and crops leave the farm for slaughter and processing into food until it reaches retail establishments. FDA and FSIS work to ensure the safety of food products processed in the United States through a regulatory system of preventive controls that identifies hazards early in the production process to minimize the risk of contamination. Known as the Hazard Analysis and Critical Control Point (HACCP) system, it makes food-processing facilities responsible for developing a plan that identifies harmful microbiological, chemical, and physical hazards that are reasonably likely to occur and establishes critical control points to prevent or reduce contamination.1 Through their inspection programs, FDA and FSIS verify that food processors are implementing their HACCP plans. FDA inspects over 57,000 food facilities every 5 years on average, and USDA inspects over 6,000 meat and poultry slaughter and processing facilities daily. Individual states also conduct yearly inspections of about 300,000 food-processing facilities, including small firms with fewer than 10 employees and large corporations with thousands of employees and multiple processing plants located in many 1 FDA’s HACCP program applies only to seafood and juice, not to all FDA-regulated food. Page 5 GAO-03-342 Food-Processing Security states. Both FDA and FSIS have the authority to take enforcement actions as necessary to ensure that facilities meet the agencies’ safety and sanitation regulatory requirements. As we reported in 2001, in fiscal year 1999, the latest year for which such information was available, FDA, FSIS, and the states spent a total of about $1.3 billion on food safety activities.2 Following the events of September 11, 2001, the federal government intensified its efforts to address the potential for deliberate contamination of agriculture and food products. On October 8, 2001, the President issued an executive order establishing the Office of Homeland Security, which added the agriculture and food industries to the list of critical infrastructure systems needing protection from terrorist attack. In addition, the Congress provided FDA and USDA with emergency funding to prevent, prepare for, and respond to potential bioterrorist attacks through the Department of Defense Appropriation Act of 2002: $97 million for FDA and $15 million for FSIS. For the most part, FDA has used the emergency funds to enhance the security of imported food by hiring new inspectors and increasing inspections at U.S. ports of entry. FSIS has used its emergency funds to support its food security activities, which include, among other things, providing educational and specialized training. FDA’s fiscal year 2003 budget builds upon funding received from the fiscal year 2002 appropriation plus the fiscal year 2002 emergency supplemental funding of $97 million to counter terrorism. FDA plans to seek additional funding in the future for food safety activities and security activities related to terrorism. FSIS is asking for an additional $28 million. The Congress also enacted the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, which contains numerous provisions designed to enhance the safety and security of the food, drug, and water industries.3 In addition, both FDA and USDA have taken many actions to better protect the food supply against deliberate contamination. For example, FDA has hired 655 new food safety investigators and laboratory personnel in the field. In addition, it has participated in several exercises at the 2 See U.S. General Accounting Office, Food Safety: Overview of Federal and State Expenditures, GAO-01-177 (Washington, D.C.: Feb. 20, 2001). 3 This act contains provisions that provide FDA with new authority to detain products that are believed to present a serious health threat. It also authorizes FDA to debar importers who have been convicted of certain food import violations, which results in the denial of delivery of products to those importers. Page 6 GAO-03-342 Food-Processing Security federal and state levels to enhance emergency response procedures. Furthermore, FDA is working with CDC to initiate and implement a nationwide Laboratory Response Network for foods to identify laboratory capacity for testing agents that could be used to deliberately contaminate food. It has also provided additional laboratory training for food safety personnel and sought stakeholders’ input to develop regulations that are required by the new bioterrorism legislation. Moreover, FDA worked with the Office of the Surgeon General, U.S. Air Force, to adapt a version of the Operational Risk Management approach to examine the relative risks of intentional contamination during various stages of food production and distribution.4 Within the Department of Health and Human Services, both FDA and CDC have worked closely with federal, state, and local agencies to enhance their surveillance of diseases caused by foodborne pathogens. FDA’s efforts to reduce food security risks also include working with other federal agencies, trade associations, and the Alliance for Food Security. USDA has formed a Homeland Security Council to develop a Department- wide plan to coordinate efforts between all USDA agencies and offices. The Department has also established the FSIS Office of Food Security and Emergency Preparedness to centralize the Department’s work on security matters. USDA has also coordinated with other government agencies, such as the Office of Homeland Security, the Federal Bureau of Investigation (FBI), and FDA, to develop prevention, detection, and response procedures to better protect the nation’s food supply.5 USDA will be increasing the number of import inspectors by 20. These inspectors will place special emphasis on food security in addition to their traditional food safety role. In addition, USDA has participated in several exercises at the federal and state levels to enhance response procedures and has conducted risk assessments for domestic and imported food. Since this review began, USDA has conducted three simulation exercises at the Department and agency level to test the Department’s response to a terrorist attack and is planning three additional simulations for the spring of 2003. USDA has also conducted preparedness-training sessions for veterinarians and circuit supervisors. (Circuit supervisors supervise the 4 Operational Risk Management is an approach to risk assessment that increases operational effectiveness by anticipating hazards and reducing the potential for loss. 5 On November 25, 2002, President Bush signed the Homeland Security Act of 2002, which created the Department of Homeland Security. The Department will replace the Office of Homeland Security. Page 7 GAO-03-342 Food-Processing Security work of in-plant inspection personnel and discuss the security guidelines with them.) Experts from government and academia generally agree that terrorists could use food products as a vehicle for introducing harmful agents into the food supply. Just recently, the National Academies reported that terrorists could use toxic chemicals or infectious agents to contaminate food production facilities and that, although much attention has been paid to ensuring safety and purity throughout the various stages of processing and distribution, protecting the food supply from intentional contamination has not been a major focus of federal agencies.6 Among other things, the report says that FDA should act promptly to extend its HACCP methodology so that it could be used to deal effectively with the deliberate contamination of the food supply. In February 2002, CDC reported that although the food and water systems in the United States are among the safest in the world, the nationwide outbreaks due to unintentional food or water contamination demonstrate the ongoing need for vigilance in protecting food and water supplies.7 All of the bioterrorism experts whom we consulted from academia agreed that the food supply is at risk. 6 See National Research Council of the National Academies, Making the Nation Safer: The Role of Science and Technology in Countering Terrorism (Washington, D.C: June 2002). 7 See Centers for Disease Control and Prevention, Public Health Assessment of Potential Biological Terrorism Agents, Emerging Infectious Diseases (Atlanta, Ga.: February 2002). Page 8 GAO-03-342 Food-Processing Security The food safety statutes do not specifically authorize FDA or USDA to Existing Food Safety require food processors to implement any type of security measures Statutes Do Not designed to prevent the intentional contamination of the foods they produce.8 While these agencies’ food safety statutes can be interpreted to Provide Sufficient provide authority to impose certain security requirements, as opposed to Authority to Regulate food safety requirements, neither agency believes it has the authority to regulate all aspects of security. All Aspects of Security at Food- Counsel in the Department of Health and Human Service’s Office of the Processing Facilities Assistant Secretary for Legislation advised that FDA’s authorities under the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act provide FDA with tools to adopt measures to control insanitary preparation, packing, and holding conditions that could lead to unsafe food; detect contamination of food; and control contaminated food. However, Counsel also advised that FDA’s food safety authorities do not extend to the regulation of physical facility security measures. FDA’s counsel provided a similar assessment, telling us that, to the extent that food safety and security overlap, FDA might be able to require the industry to take precautionary steps to improve security but observed that there is little overlap between safety and security. One area where safety and security do overlap is in the handling of hazardous materials. FDA’s existing safety regulations specify that hazardous chemicals should be stored so that they cannot contaminate food products. This requirement overlaps with FDA’s food security guidelines advising that hazardous chemicals be stored in a secure area and that access to them be limited. USDA, on the other hand, has a somewhat more expansive view of the extent to which its statutory authority allows it to require food processors to adopt certain security measures. USDA’s general counsel concluded that to the extent that security precautions pertain to activities closely related to sanitary conditions in the food preparation process, FSIS has the authority to require food processors to implement certain security 8 FDA, under the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, and USDA, under the Federal Meat Inspection Act, Poultry Products Inspection Act, and the Egg Products Inspection Act, have broad authority to regulate food safety. These laws require that food products be processed under sanitary conditions, be unadulterated, and be properly labeled. Page 9 GAO-03-342 Food-Processing Security measures.9 The general counsel concluded that FSIS could require facilities to develop and maintain a food security management plan concerning their response to an actual threat involving product tampering, since this is directly related to food adulteration. Such a plan could be added to a current HACCP plan or it could be entirely separate. USDA also believes that FSIS has authority to mandate its “inside security” guidelines, such as controlling or restricting access to certain areas, monitoring the operation of equipment to prevent tampering, and keeping accurate inventories of restricted ingredients and hazardous chemicals. Similarly, USDA believes that many of its security measures that address shipping and receiving food products or protecting water and ice used in processing products also could be made mandatory. These measures include putting tamper-proof seals on incoming and outgoing shipments and controlling access to water lines and ice storage. On the other hand, USDA believes that the “outside security” measures included in its guidelines, such as securing plant boundaries and providing guards, alarms, and outside lighting, have little to do with sanitation in the facility or the immediate food-processing environment and, therefore, could not be made mandatory under existing authorities. With respect to the guidelines’ personnel security measures, USDA noted that FSIS has limited authority over personnel matters at food-processing facilities and could not require facilities to perform personnel background checks before hiring. 9 USDA’s view on its authority to impose security requirements that are closely related to sanitary conditions is derived from the food safety laws’ prohibitions against adulteration. Adulterated food is virtually identically defined in the Federal Food, Drug, and Cosmetic Act and the Federal Meat, Poultry Products, and Egg Products Inspection Acts as food that has been “prepared, packed, [“packaged” in the egg inspection act] or held under insanitary conditions whereby it may have become contaminated with filth, or whereby it may have been rendered injurious to health.” See 21 U.S.C. 342(a)(4), 21 U.S.C. 601(m)(4), 21 U.S.C. 453(g)(4) and 21 U.S.C. 1033(a)(4). Page 10 GAO-03-342 Food-Processing Security In response to the nation’s growing concerns regarding the potential for FDA and FSIS Issued deliberate contamination of the food supply, FDA and USDA issued Voluntary Security guidelines to the food-processing industry suggesting measures to enhance security at their facilities. Among other things, the guidelines suggests Guidelines to Food conducting a risk assessment, developing a plan to address security risks Processors but Do at plants, and adopting a wide range of security measures inside and outside the premises. Food-processing facilities are not required to adopt Not Track or any of the security measures but are encouraged to adopt those that they Document the Extent feel are best suited for their operations. Although both agencies have to Which They Are alerted their field inspection personnel to be vigilant about security issues, they have also told the inspectors that they are not authorized to enforce Being Implemented these measures and have instructed them not to document their observations regarding security because of the possible release of this information under the Freedom of Information Act and the potential for the misuse of this information. As a result, FDA and USDA currently do not know the extent to which food security measures are being implemented at food-processing facilities. In contrast, the Congress directed medium-size and large-size community water systems, which are privately or publicly owned, to assess their vulnerability to terrorist attacks and to develop an emergency response plan to prepare for such an event. The act also authorized funding to be used for basic security enhancements, such as the installation of fencing, gating, lighting, or security cameras. This approach enables the Environmental Protection Agency (EPA) to monitor the water industry’s security efforts and could be a possible model for the food safety agencies. Industry’s Compliance In 2002, FDA and FSIS each issued voluntary security guidelines to the with Security Guidelines Is food-processing industry to help federal- and state-inspected plants Voluntary identify ways to enhance their security.10 The agencies encouraged food processors, among others, to review their current operations and adopt those security measures suggested in the guidelines that they believed would be best suited for their facilities. Officials from both FDA and FSIS told us that there was little or no coordination between the two agencies in developing these guidelines. The FDA guidance contains over 100 recommended security measures covering seven areas of plant operation, such as managing food security, physical (outside) security, and computer security. FSIS’s guidelines contain 68 security measures and cover seven 10 FDA was first to issue guidelines in January 2002; FSIS subsequently issued its guidelines in May 2002. Page 11 GAO-03-342 Food-Processing Security areas of plant operation. Figure 1 summarizes key aspects of both agencies’ voluntary security guidelines for industry. FDA and FSIS have made the guidelines available on the Internet.11 These guidelines are very similar—one difference is that FSIS’s contain security measures for slaughter facilities. Figure 1: Examples of Security Measures Contained in FDA and FSIS Guidelines Some state governments have also acted to protect food products from deliberate contamination. We learned from 11 state auditing offices that food safety regulatory officials from most of these states are providing industry or state inspectors with guidelines, either in the form of the FDA and FSIS guidelines or guidelines developed by the state officials 11 See www.cfsan.fda.gov/~dms/secguid.html for FDA and www.fsis.usda.gov/oa/topics/securityguide.htm for FSIS. Page 12 GAO-03-342 Food-Processing Security themselves.12 In addition, three states have enacted new legislation or regulations addressing the security of food products. FDA and FSIS Instruct Although FDA and FSIS do not assess the extent to which food processors Their Inspectors to Be are implementing security measures, the agencies have asked their field Observant inspection personnel to be on heightened alert and to discuss, but not interpret, the security guidance with facility officials during their routine food safety inspections.13 However, both FDA and USDA have instructed their field inspection personnel to refrain from enforcing any aspects of the security guidelines because the agencies generally believe that they lack such authority. They have also instructed their field personnel not to document plants’ security measures because they are concerned that such information would be subject to Freedom of Information Act requests. More specifically, FDA’s instructions to its field personnel specify that they should neither perform a comprehensive food security audit of the establishment nor conduct extensive interviews to determine the extent to which preventive measures suggested in the guidelines have been adopted. The goals, according to FDA, are to heighten industry’s awareness of food security practices, facilitate an exchange of information between FDA and industry on the subject of food security, and encourage plant management to voluntarily implement those preventive measures that they believe are most appropriate for their operation. In short, FDA inspectors are encouraged to discuss food security concerns with plant management and to provide them with copies of the guidelines. Although the exact details of such discussions are not to be recorded, inspectors are required to document in their inspection reports that such discussions took place and that they gave a copy of the guidelines to facility management. Similarly, FSIS has informed its field inspectors that they have no regulatory duties regarding the enforcement of the guidelines. Initially, the agency instructed its inspectors to refer any questions from facility 12 Eleven of the 50 state audit offices we contacted for assistance in interviewing their food regulatory officials responded to our request. The participating state auditing offices were Arizona, Florida, Maryland, Michigan, New York, North Carolina, Oklahoma, Oregon, Pennsylvania, Tennessee, and Texas. Because the state auditors collected information from only 11 states, these observations cannot be generalized. 13 According to an FSIS memorandum to its field personnel, “heightened alert” is defined as identifying and reporting any suspicious activities that could adversely affect our nation’s security. Page 13 GAO-03-342 Food-Processing Security managers to USDA’s Technical Service Center in Omaha, Nebraska.14 Recently the agency modified its position regarding direct discussions of food security and now allows inspectors to discuss, but not interpret, security with facility management. Inspectors are still instructed not to document these conversations or enforce the adoption of any security measure. Officials from both agencies expressed concerns about gathering security information from facilities because it could be subject to public disclosure through Freedom of Information Act requests. If terrorists gained access to this information, it could give them a road map to target the most vulnerable areas in a food-processing plant. Water Security Provisions Recent congressional efforts to better protect the nation’s drinking water in the 2002 Bioterrorism from terrorist acts may offer a model for FDA and USDA to help monitor Act Are a Possible Model security measures adopted at food-processing facilities as well as to identify any security gaps that may exist at these facilities. Although there for the Food Safety are differences in how the government regulates drinking water and food, Agencies food and water are essential daily consumption elements, and both are regulated to ensure their safety. In June 2002, the Congress enacted the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, which, among other things, amended the Safe Drinking Water Act. The Bioterrorism Act requires medium-size and large-size community water systems (those serving over 3,300 people), which are privately and publicly owned, to certify to EPA that they have assessed their vulnerability to a terrorist attack and developed emergency plans to prepare for and respond to such an attack. These water systems serve 91 percent of the United States’ population. Each community’s water system is required to conduct a vulnerability assessment and submit a copy of the assessment to EPA.15 The act specifies that the vulnerability assessment is exempt from disclosure under the Freedom of Information Act, except for the identity 14 The Technical Service Center provides field inspection personnel with technical assistance, advice, and guidance regarding the implementation of national policies, programs, and procedures. The center also serves as a central point for reporting and responding to suspicious activities related to food security. 15 The vulnerability assessment must include, among other things, a review of pipes and constructed conveyances; physical barriers; and water collection, pretreatment, treatment, storage, and distribution facilities. Page 14 GAO-03-342 Food-Processing Security of the community water system and the date on which it certifies compliance. Community water systems are also required to prepare an emergency response plan that incorporates the results of their vulnerability assessments. In addition, the act authorizes funding for financial assistance to community water systems to support the purchasing of security equipment, such as fencing, gating, lighting, or security cameras. FDA and FSIS lack comprehensive information on the extent to which Food Processors Are food-processing companies are adopting security measures. However, Implementing a Range officials from the majority of the food trade associations that we contacted believe that their members are implementing a range of measures to of Security Measures, enhance security at their facilities. We found that the five food-processing but Extent of facilities we visited in various geographic regions around the country are also implementing an array of security measures that range from Implementation Is developing risk assessment plans to hiring security contractors.16 Largely Unknown to Furthermore, our survey of FDA and FSIS inspectors indicates that, FDA and FSIS generally, food-processing facilities are implementing a range of security measures. The survey responses indicate, however, that the inspectors were more aware of those security measures that were the most visible to them during the course of their regular food safety inspections.17 Trade Association Officials According to trade association officials, food processors are voluntarily Indicate That Industry Is taking steps to prevent the deliberate contamination of their products, Implementing Various including adopting many of the measures suggested by FDA and FSIS, such as installing fences, requiring that employees wear identification, and Security Measures restricting access to certain plant areas. Association officials told us that most large food-processing facilities already have ample security plans that include many of the recommendations made by FDA and FSIS. One trade association recently conducted a survey of its members and asked for their opinions about FSIS’s Guidelines. Most of the respondents 16 The facilities vary in size from 100 to 800 employees. 17 We surveyed 50 FSIS Circuit Supervisors (obtained responses from 45) who oversee the activities of the agency’s field inspectors and 150 FDA investigators (obtained responses from 128) who perform the inspections of food-processing facilities to ask about the security measures they have observed at the plants they inspect. Our survey included questions about outside security, visitor access, employee screening, and shipping and handling, among others. The methods used and results from these surveys are contained in appendixes II and III. Page 15 GAO-03-342 Food-Processing Security indicated that they were aware of the guidelines; they believed the guidelines were for the most part practical and workable; and they used them in their security plans. However, these officials were unable to provide data on the extent to which the food-processing industry is implementing security measures to prevent or mitigate the potential deliberate contamination of food products.18 Trade association officials also said that they provided FDA and FSIS with comments on the voluntary guidelines and, in some cases, have also issued their own food security guidelines to their members. Although the officials generally believe that the agencies’ guidelines are reasonable, they do not want the government to regulate food security. They also feel that some companies, especially small facilities with limited resources, are unable to implement all the measures in the guidelines. Therefore, these officials believe it is important for the guidelines to remain voluntary. The industry is involved in improving food security in other ways as well. For example, the food industry associations formed the Alliance for Food Security to facilitate the exchange of information about food security issues. The Alliance is composed of trade associations representing the food chain, from commodity production through processing, packaging, distribution, and retail sale, as well as government agencies responsible for food and water safety, public health, and law enforcement. Similarly, led by the Food Marketing Institute, the food industry and FBI established the Information Sharing and Analysis Center (ISAC), which serves as a contact point for gathering, analyzing, and disseminating information among companies and the multiagency National Infrastructure Protection Center based at FBI headquarters. Through ISAC, FBI officials have notified food manufacturers of warnings and threats that the Center deems to be credible. ISAC also provides a voluntary mechanism for reporting suspicious activity in a confidential manner and for developing solutions. Five Processing Facilities We visited five food-processing facilities, including a slaughter plant and Provide Some Indication facilities that produce beverages and ready-to-eat products. Although about Industry’s Efforts these facilities are not in any way representative of all food-processing plants nationwide, they provide some information about the types of 18 The National Food Processors Association is in the process of evaluating the results from its food security survey of its members, but not all of the results were ready in time to be included in this report. Page 16 GAO-03-342 Food-Processing Security security measures that some facilities are implementing. All five facilities had conducted risk analyses and, on the basis of the results, had implemented a number of security measures similar to those suggested in the FDA and FSIS guidelines. For example, all five facilities limited access to the facility through such means as requiring visitors to enter through a guard shack and to provide identification. In addition, employees at three of the facilities could enter the facility only by using magnetic cards. However, managers at the five facilities offered differing opinions about personnel security. Although all of the facilities we visited performed background checks on their employees that included verification of social security numbers, only some verified prior work experience, criminal history, and level of education. One company also required that its contractors, such as construction companies working in the facility, perform employment, education, and criminal checks of their own employees. The facilities also used different protocols for employee access to different areas within the plant. For example, at four of the facilities, employees were limited to those areas of the plant in which they worked. While the managers at these facilities generally complimented FDA’s and USDA’s security guidelines, they said that they do not want the agencies to regulate security. Rather, they believe that the agencies should develop a nonprescriptive framework or strategy for industry and then leave them to decide how to meet their individual requirements. One manager believes that food security responsibilities should be moved to the Department of Homeland Security. Finally, our discussions with trade association officials and food- processing industry officials revealed that the industry is very concerned about sharing security information with federal agencies because of the possibility that it could provide a road map for terrorist groups if it were released under the Freedom of Information Act. Although the act exempts from public release certain national security, trade secret, and commercial or financial information, industry officials are generally skeptical about the government’s ability to prevent the release of sensitive security information at food-processing facilities. FBI officials told us that they have cited these exemptions when assuring ISAC members that security information shared with them will be protected from public release. These officials explained that the courts have generally ruled that the commercial information exemption protects those who voluntarily provide Page 17 GAO-03-342 Food-Processing Security the government with information if the information is of a kind that the provider would not ordinarily release to the public.19 However, the FBI officials we interviewed believe that the government should find some way of assuring industry that sensitive security information is protected from public release. FDA and FSIS Survey FDA and FSIS survey respondents observed a range of security measures Respondents Indicate That being implemented at food-processing facilities, although both FDA and Processing Facilities Are FSIS respondents were able to provide more information about those security measures that were most visible during the course of their normal Implementing a Range of inspection duties. Figure 2 shows selected categories of security measures Security Measures recommended in the FDA and FSIS security guidelines that were most visible to inspectors.20 The majority of the FDA survey respondents said they were able to observe security measures, such as fencing around the plants’ perimeter, limiting access to restricted areas, securing hazardous materials, and providing adequate interior and exterior lighting. Likewise, most of FSIS’s circuit supervisors were able to observe outside security measures including alarmed emergency exits, plant perimeter protection, positive employee identification, and the inspection of incoming and outgoing vehicles. 19 See, for example, Critical Mass Energy Project v. Nuclear Regulatory Commission, 975 F. 2d 871 (D.C. Cir. 1992) (en banc) cert. denied, 507 U.S. 984 (1993) (information in safety reports voluntarily provided to the Nuclear Regulatory Commission by nuclear safety groups was confidential and thus exempt from disclosure under the Freedom of Information Act’s exemption for financial or commercial information). 20 Security measures listed in FDA’s and FSIS’s food security guidelines are somewhat different. The agencies developed their guidelines in January and May 2002, respectively, and did not coordinate their efforts. Page 18 GAO-03-342 Food-Processing Security Figure 2: Percentage of Survey Responses Indicating Observation or Knowledge of More Visible Security Measures Note: GAO survey of FDA and FSIS inspectors. Survey respondents provided fewer observations regarding other types of security measures included in the FDA and FSIS guidelines—in some instances because these measures were less visible to them. For example, FDA respondents were less able to comment on whether they noticed or knew of the presence of security measures designed to account for missing stock or for other finished product irregularities. (See fig. 3.) Similarly, FSIS respondents were less unable to comment on the extent to which facilities were performing background checks on new employees or implementing proper mail-handling practices. Page 19 GAO-03-342 Food-Processing Security Figure 3: Percentage of Survey Responses Indicating Observation or Knowledge of Less Visible Security Measures Note: GAO survey of FDA and FSIS inspectors. More than half of FSIS’s survey respondents stated that large plants— those with at least 500 employees—had implemented a range of security measures, including the areas of outside security, storage, slaughter and processing, and personnel security. Fewer of these respondents observed these security measures at smaller plants. Some FDA and FSIS respondents provided additional comments that the very small firms typically lack the financial resources to implement many of the security measures suggested in the government guidelines. Similarly, some respondents commented that many of the security measures might not be necessary at smaller establishments. Additionally, most of the FDA respondents reported that they had not received training on food security; while nearly all of the FSIS respondents reported that they had recently received such training. Some of the FSIS respondents further stated that although they had received food security Page 20 GAO-03-342 Food-Processing Security training, further training was greatly needed in the field. Such training would be beneficial because field personnel are encouraged to discuss security measures with managers at the facilities they inspect. Finally, responses to our survey showed that FDA and FSIS respondents have different levels of “satisfaction” with or “confidence” in the efforts of the processing facilities they inspect to ensure the protection of food from acts of deliberate contamination.21 While nearly half of the FSIS respondents said they were somewhat or very confident of the efforts made by the food processors they inspect, slightly over one-fourth of the FDA respondents were satisfied or very satisfied with the efforts made by the food processors they inspect. Regulatory Officials from Thirty-seven food regulatory officials interviewed by state auditors in 11 11 States Indicate Some states provided opinions on their overall level of satisfaction with federal, Level of Satisfaction with state, and industry efforts to protect food from intentional contamination. Table 1 shows that nearly half of the state regulatory officials interviewed Security Efforts expressed satisfaction with the efforts made by federal, state, and industry to safeguard food products—though these results cannot be generalized to all state regulatory officials. 21 FDA preferred that we ask about the level of “satisfaction,” while FSIS wanted us to ask about the level of “confidence.” Page 21 GAO-03-342 Food-Processing Security Table 1: State Officials’ Satisfaction with Federal, State, and Industry Efforts to Safeguard Food Products from Deliberate Contamination Questions asked of 37 state food safety Percentage of officials Percentage of officials Percentage of officials regulatory officials very satisfied or neither satisfied nor dissatisfied or very (11 states) satisfied dissatisfied dissatisfied How satisfied are you with the federal 43.3 32.4 24.3 government’s efforts? How satisfied are you with the state 56.8 29.7 13.5 government’s efforts? How satisfied are you with industry’s efforts? 43.2 45.9 10.8 Source: State audit offices. Notes: Combined state survey of 37 state regulatory officials. Percentages may not total 100 because of rounding. Finally, most of the state officials interviewed by state auditors believed it was either “important” or “very important” for states to monitor whether companies have adopted security measures to prevent acts of deliberate contamination; 3 of the 11 states are already requiring their inspectors to do so. The vulnerability of the food supply to potential acts of deliberate Conclusions contamination is a national concern. The President addressed this concern in the October 8, 2001, executive order establishing the Office of Homeland Security and adding the agriculture and food industries to the list of critical infrastructure systems needing protection from terrorist attack. The National Academies have also concluded in a recently released report that infectious agents and toxic chemicals could be used by terrorists to contaminate food-processing facilities. Among other things, the report says that FDA should act promptly to extend its Hazard Analysis and Critical Control Point methodology so it might be used to deal effectively with deliberate contamination of the food supply. The Centers for Disease Control and Prevention also reported recently on the need to better protect our nation’s food and water supplies. These assessments underscore the need to enhance security at food- processing facilities. Although FDA and FSIS recognize that need and have taken action to encourage food processors to voluntarily adopt security measures, these actions may be insufficient. Because the agencies believe that they generally lack authority to mandate security measures and are concerned that such information would be subject to Freedom of Information Act requests, they do not collect information on industry’s Page 22 GAO-03-342 Food-Processing Security voluntary implementation of security measures. The agencies are, therefore, unable to determine the extent to which food processors have voluntarily implemented such measures. Both FDA and USDA have completed risk assessments. However, without the ability to require food- processing facilities to provide information on their security measures, these federal agencies cannot fully assess industry’s efforts to prevent or reduce the vulnerability of the nation’s food supply to deliberate contamination. Similarly, they cannot advise processors on needed security enhancements. Furthermore, lacking baseline information on the facilities’ security condition, the agencies would be unprepared to advise food-processing facilities on any additional actions needed if the federal government were to go to a higher threat alert. Finally, the lack of security training for FDA food inspectors on the voluntary security guidelines issued for food processors and the limited number of FSIS inspectors that have so far received training on the voluntary security guidelines hamper the inspectors’ ability to conduct informed discussions regarding security measures with facility personnel as they are currently instructed to do. In order to reduce the risk of deliberate contamination of food products, Recommendations for we are recommending that the Secretary of Health and Human Services Executive Action and the Secretary of Agriculture study their agencies’ existing statutes and identify what additional authorities they may need relating to security measures at food-processing facilities. On the basis of the results of these studies, the agencies should seek additional authority from the Congress, as needed. To increase field inspectors’ knowledge and understanding of food security issues and facilitate their discussions about the voluntary security guidelines with plant personnel, we are also recommending that the Secretary of Health and Human Services and the Secretary of Agriculture provide training for their agencies’ field staff on the security measures discussed in the voluntary guidelines. We provided FDA and USDA with a draft of this report for their review Agency Comments and comment. We received written and clarifying oral comments from and Our Evaluation each agency. The agencies also provided technical comments, which we incorporated into the report as appropriate. FDA agreed with our recommendation that it provide all food inspection personnel with training on security measures. Subsequently, FDA officials told us that the agency Page 23 GAO-03-342 Food-Processing Security did not have an opinion on our recommendation that it study what additional authorities it may need relating to security measures at food- processing facilities. In its written comments, FDA stated that the report is factual and describes accurately the events and actions that FDA has taken on food security. FDA also commented that one of the goals of its voluntary guidance to industry is to heighten awareness of food security practices and that the role of its investigators is first and foremost food safety. FDA also said that it does not have sufficient security expertise to provide industry with consultation in this area. FDA further commented that although HACCP and other preventive controls are appropriate measures to enhance food safety, HACCP does not afford similar advantages for addressing deliberate contamination, tampering, and/or terrorist actions related to the food supply. Our report underscores that the role of FDA’s investigators is primarily one of food safety. Nevertheless, we believe that it is also crucial for cognizant agencies to have information about industry’s security efforts so that they can assess the extent to which the risk of deliberate contamination is being mitigated. We also believe that possessing such information is important if it becomes necessary to advise food processors on needed security enhancements. With regard to HACCP, our report does not take a position on the feasibility of using HACCP as a means to control deliberate contamination; instead, we report on the opinion of the National Academies. FDA’s comments are presented in appendix V. In its written comments, USDA agreed with the contents of our report. Subsequently, USDA’s food safety officials confirmed that the agency also agrees with the report’s recommendations. In its letter, USDA commented that it has already conducted a comprehensive risk assessment of the food supply without plant security information and that knowing whether a plant employed one or several security measures was not needed to assess the risk. Our report acknowledges that USDA has conducted a comprehensive risk assessment, but we believe that it is crucial for cognizant agencies to have information about industry’s security efforts so that they can assess the extent to which the risk of deliberate contamination is being mitigated. USDA’s comments are presented in appendix IV. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretaries of Agriculture and Health and Human Services; the Director of the Federal Bureau of Investigation; the Director, Office of Management and Budget; Page 24 GAO-03-342 Food-Processing Security and other interested parties. We will also make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at http://www.gao.gov. If you have any questions about this report, please contact Maria Cristina Gobin or me at (202) 512-3841. Key contributors to this report are listed in appendix VI. Lawrence J. Dyckman Director, Natural Resources and Environment Page 25 GAO-03-342 Food-Processing Security Appendix I: Scope and Methodology Appendix I: Scope and Methodology To determine the extent to which the current federal food safety statutes can be effectively used to regulate security at food-processing facilities, we analyzed the Food and Drug Administration’s (FDA) and the U.S. Department of Agriculture’s (USDA) existing statutory authorities. We discussed these authorities with FDA and USDA counsel and requested a legal opinion to determine the extent to which each agency believes its existing authorities allow it to regulate food security. We then independently reviewed these authorities to draw our own conclusions. To describe the actions that FDA and USDA have taken to help food processors prevent or reduce the risk of deliberate food contamination, we met with staff from FDA and FSIS to review the voluntary guidelines issued by each agency. To better understand the provisions of the guidelines, we met with agency program staff responsible for issuing the guidelines and for receiving industry comments on it. To learn how the guidelines would be implemented, we met with FDA and USDA’s Food Safety and Inspection Service (FSIS) officials responsible for field operations and with staff from field offices in Atlanta, Georgia, and Beltsville, Maryland. Finally, to gather additional information about the vulnerability of the food supply to acts of deliberate contamination, we contacted nine experts from academia, including experts in food safety and in bioterrorism. To describe how the government is determining the extent to which food- processing companies are implementing security procedures, we asked FDA and FSIS program officials about the nature of the information they are collecting about industry security measures. We also conducted surveys of agency field personnel to obtain their observations about and knowledge of food security measures taken at facilities they regularly inspect for food safety. Our FDA survey, which was Web-based, was administered to all 150 field investigators who recorded 465 or more hours for domestic food inspection from June 1, 2001 to May 31, 2002. Our survey of FSIS staff was a telephone survey of a randomly selected stratified sample of 50 circuit supervisors. Our response rate for these surveys was higher than 85 percent for FDA and 90 percent for FSIS, and respondents included participants from all the agencies’ geographic regions. Before administering the surveys, we discussed with and obtained input from FDA and FSIS program officials. We also pretested the surveys at field locations to ensure that our questions were valid, clear, and precise and that responding to the survey did not place an undue burden on the respondents. In addition, we contacted state audit offices in all 50 states to collect information about state government actions designed to prevent the deliberate contamination of food products. Of the 50 state Page 26 GAO-03-342 Food-Processing Security Appendix I: Scope and Methodology audit offices we contacted, only 11 agreed to help us collect this information: Arizona, Florida, Maryland, Michigan, New York, North Carolina, Oklahoma, Oregon, Pennsylvania, Tennessee, and Texas. To determine the extent to which the food-processing industry is implementing security measures to better protect its products against deliberate contamination, we contacted officials from 13 trade associations representing, among others, the meat and poultry, dairy, egg, and fruits and vegetables industries and the food-processing industry. We discussed the guidelines that their organizations have issued, and they described what actions their constituents are taking to protect their products. We also visited five food-processing facilities in various geographic regions to ask corporate and plant officials about the actions they have taken to protect their products and facilities against intentional contamination. These facilities included a slaughter plant as well as facilities that produce beverages and ready-to-eat products. We recognize that the efforts of these five facilities are not necessarily representative of the whole food-processing industry. To identify the concerns that the industry has about sharing sensitive information with federal agencies, we spoke with industry representatives as well as officials from the Federal Bureau of Investigation’s National Infrastructure Protection Center. We conducted our review from February through December 2002 in accordance with generally accepted government auditing standards. Page 27 GAO-03-342 Food-Processing Security Appendix II: FDA Survey Results Appendix II: FDA Survey Results Page 28 GAO-03-342 Food-Processing Security Appendix II: FDA Survey Results Page 29 GAO-03-342 Food-Processing Security Appendix II: FDA Survey Results Page 30 GAO-03-342 Food-Processing Security Appendix II: FDA Survey Results Page 31 GAO-03-342 Food-Processing Security Appendix II: FDA Survey Results Page 32 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Appendix III: FSIS Survey Results Page 33 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 34 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 35 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 36 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 37 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 38 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 39 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 40 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 41 GAO-03-342 Food-Processing Security Appendix III: FSIS Survey Results Page 42 GAO-03-342 Food-Processing Security Appendix IV: Comments from the U.S. Department of Appendix IV: Comments from the Agriculture U.S. Department of Agriculture Page 43 GAO-03-342 Food-Processing Security Appendix V: Comments from the Food and Drug Appendix V: Comments from the Food and Administration Drug Administration Page 44 GAO-03-342 Food-Processing Security Appendix V: Comments from the Food and Drug Administration Page 45 GAO-03-342 Food-Processing Security Appendix V: Comments from the Food and Drug Administration Page 46 GAO-03-342 Food-Processing Security Appendix VI: GAO Contacts and Staff Appendix VI: GAO Contacts and Staff Acknowledgments Acknowledgments Lawrence J. Dyckman, (202) 512-3841 GAO Contacts Maria Cristina Gobin, (202) 512-8418 In addition to those named above, John Johnson, John Nicholson, Jr., Acknowledgments Stuart Ryba, and Margaret Skiba made key contributions to this report. Nancy Crothers, Doreen S. Feldman, Oliver Easterwood, Evan Gilman, and Ronald La Due Lake also made important contributions. (360177) Page 47 GAO-03-342 Food-Processing Security The General Accounting Office, the audit, evaluation and investigative arm of GAO’s Mission Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no cost is Obtaining Copies of through the Internet. GAO’s Web site (www.gao.gov) contains abstracts and full- GAO Reports and text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents Testimony using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select “Subscribe to daily E-mail alert for newly released products” under the GAO Reports heading. Order by Mail or Phone The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548 To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061 Contact: To Report Fraud, Web site: www.gao.gov/fraudnet/fraudnet.htm Waste, and Abuse in E-mail: firstname.lastname@example.org Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 Public Affairs U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548
Food-Processing Security: Voluntary Efforts Are Under Way, but Federal Agencies Cannot Fully Assess Their Implementation
Published by the Government Accountability Office on 2003-02-14.
Below is a raw (and likely hideous) rendition of the original report. (PDF)