Announcing the new Risk Assessment Modelling (RAM) tool
Safefood 360° are proud to announce the launch of our new Risk Assessment Modelling (RAM) tool.
This new addition to our world-class compliance management software will, for the first time, open up the possibility for food businesses to conduct Risk Assessment exactly as they wish and against international best practice.
RAM will allow you to quickly and easily build any number of Risk Assessment models and apply them in your workflows for HACCP, Management Processes, PRPs, and Monitoring programs.
The new RAM feature is also ideal for conducting Risk Assessment for environmental management, Occupational Health and Safety, and Failure Mode Effective Analysis Failure (FMEA).
For a step-by-step video guide on how to add a Risk Assessment Model, and complete a Risk Assessment in your Supplier Assessment Records, please visit the Safefood 360° user guide:
In the meantime, there’s more about this new exciting feature in a moment, but first, let’s talk a little about Risk.
Risk and the Food Industry
Business magnate, investor, and philanthropist Warren Buffett once said:
Risk comes from not knowing what you’re doing.
While Buffett’s description may be some way from the typically accepted “Probability x Severity = Risk” definition used in food safety, it does highlight the general source of risk and the challenges faced by food organizations when it comes to its assessment.
Knowing what we are doing when it comes to risk is problematic on two fronts.
Firstly, how do we conduct Risk Assessment correctly (model), and secondly, do we have sufficient information (data) to risk assess accurately?
Regardless of these challenges, food businesses are obliged to conduct Risk Assessment for many aspects of their business.
The Global Food Safety Initiative (GFSI) Schemes, for example, require numerous and documented Risk Assessments to be conducted.
The FDA Food Safety Modernization Act (FDA FSMA) also requires detailed Risk Assessments of hazards for individual processes, suppliers, and products.
This makes sense. If we accept that understanding what we are doing in regard to hazards, then Risk Assessment is the most effective means available to us.
However, neither the GFSI nor FDA provide any clear guidance on how Risk Assessments should be conducted, leaving many companies who are seeking certification and compliance to implement Risk Assessment models which frequently fail to clarify what they are doing.
Let’s put this into perspective. The BRC Standard refers to requirements regarding Risk Assessment nearly 100 times.
The BRC Standard refers to requirements regarding Risk Assessment nearly 100 times.
These are almost 100 implicit or implied requirements to conduct a documented Risk Assessment.
This is not for the faint hearted, but it does highlight the increasing importance of Risk Assessment in all aspects of running a food business today.
Leaving aside compliance, Risk Assessment is now being recognised by businesses as a valuable tool in many other areas.
The Growth of Risk Assessment
Over recent years, we have witnessed the proliferation of Risk Assessment in the food industry.
There was once a time when Risk Assessment was confined solely to developing HACCP plans.
All that was necessary was the identification of general food safety hazards followed by a Qualitative Assessment of the Risks, which was usually based on subjective opinion.
Things have improved somewhat with many businesses now using publically available data on food safety incidents to underpin their assessment.
However, the full potential and benefits of Risk Assessments remain a long way from where we would like them.
These recent trends have seen an explosion in the types of Risk Assessments we need to conduct for food safety. The following list will be familiar to many of you:
- HACCP Assessment
- PCP Assessments
- Supplier Assessments
- Product / Material Assessments
- Vulnerability Assessments / Food Defense Plans
- TACCP Assessments
- Management Processes
In addition to the above list, food businesses are required to conduct Risk Assessments in the following areas:
- Environmental Impacts
- Occupational Health and Safety
- Failure Mode Effect Analysis (FMEA)
- Business Risks
We can see clearly that food businesses, more and more, are seeking to leverage the power of Risk Assessment to improve compliance, efficiency, and effectiveness of their business.
More and more, food businesses are seeking to leverage the power of Risk Assessment to improve compliance, efficiency, and effectiveness of their business.
Risk Assessment is here to stay. But what does this mean practically for the typical food business and those who are charged with conducting assessments?
We can summarize the impacts as follows:
- Business Process Overhead – Conducting so many Risk Assessments and maintaining them creates an increased overhead in management and technical resources. It takes time to do Risk Assessments. The studies required to yield benefits from Risk Assessments must be integrated into many aspects of running your business.
- Skills and Knowledge – Risk Assessment is a tool. Like all tools, it requires a certain set of skills and knowledge, which are seldom exposed at under and postgraduate level. In short, these skills must be acquired through experience on the job.
- Data – The quality of any Risk Assessment depends on the availability and quality of the data used. Having quality data available reduces the uncertainty of the Risk Assessment and increases the value of the study. This requires time, understanding, and knowledge of what you are doing.
- Methodology – Risk Assessment is a scientific undertaking. The process of collecting and analyzing objective data and determining management responses requires a clear and validated model. Many food businesses struggle with developing and utilizing models and can undermine the effort to conduct this work and diminish the value of the assessment.
- Benefits – Risk Assessment is a powerful tool. World-class businesses employ it widely and seldom make important decisions without it. Why? Because as Warren Buffett understands, Risk Assessment makes sure you know what you are doing before you do it. It minimizes mistakes, errors, and ill-informed decision making. This is the most important impact for you and your business.
World-class businesses employ Risk Assessments widely and seldom make important decisions without them, as they make sure you know what you are doing before you do it.
In short, for businesses to undertake this emerging requirement to risk assess many aspects of their processes and systems requires a smart, practical, and scalable approach, which serves the business just as much as the compliance requirements of various standards.
What is Risk and Risk Assessment? It’s actually a simple concept.
In fact, humans employ Risk Assessment in their daily lives and experiences without even being aware of it.
It has even been a major factor in the human dominance of the planet.
Everything contains risk, from getting out of the bed in the morning, to willingly hurling yourself off a towering platform connected to nothing but a bungee cord.
We do these things because there is a potential reward to us personally.
We have developed an innate ability to calculate and balance the risk-versus-reward equation without major conscious engagement.
Humans have developed an innate ability to calculate and balance the risk-versus-reward equation without major conscious engagement.
Nature and our environment are woven from a fabric containing both strands of risk and reward, and it is a colorful tapestry depending on the individual.
But, what creates risk? There is an unavoidable property of the Universe we live in.
Regardless of our personal political, spiritual, or cultural perspectives, there is a universal force at play for us all and it is called Variation.
Everything in nature is subject to the property of variation or change.
Nothing is static.
Everything is essentially a process which vacillates around a base of center point.
This deviation or variation around a center point is observable in our day-to-day lives, and our ability to adapt and manage it is essential.
It is generally not a major issue – as long as we know what the variation is.
Knowing this allows us to make informed decisions, and, where required, to mitigate the impacts of the variation (Knowing what we are doing!).
When it comes to running a food business it is no different.
A business is essentially a collection of manufacturing, servicing, and management processes.
These processes take in a number of inputs, combine them to produce a product and service, and manage these activities at various levels.
All the processes in this collection have individual normal variation.
It is this variation that creates risk.
It is the individual normal variation in the processes of business that create risk.
To manage risk, we need to know the nature, extent, and impact of this variation.
Risk Assessment is the tool we use to determine these. Below, the main elements of this process are described.
A hazard is something which can cause an adverse impact, e.g., bacterial pathogen, chemical, etc.
In non-food safety Risk Assessment models, we may be looking for a failure of a part (FMEA) or business event (product recall).
Regardless, identification of these hazards is essential to ensure the Risk Assessment is relevant and focused.
Next follows the Risk Assessment.
At this step, we are seeking to tell a story about the hazard.
What is it? How much of it is required to cause an issue? How likely is the hazard, failure, or event to occur?
What would be the adverse outcomes if it was to occur?
During Risk Assessment, we are gathering all the available and relevant data required to answer these questions.
In the simplest form, we are asking what is the likelihood and the impacts of an occurrence.
Once we have a measure of the risk, we then need to ask the question: how significant is the risk?
Not all risks need to be addressed or mitigated (nor is it practical to do so).
We need to separate which risks are of such a magnitude that we need to take action.
Determination of significance is the separation of which risks are of such magnitude that action needs to be taken.
This is the determination of significance.
Once we are sure that the risk is significant we then need to determine the controls required to mitigate this risk.
In other words, if this hazard occurs, we need to know about it and have in place the required actions to ensure its impacts are not felt.
Following this, we simply need to monitor the Risk Management System and review it to ensure it remains pertinent.
This is Risk Assessment at its most effective.
Underpinning all Risk Assessments is the model employed. Let’s now talk a little about the various models and where they are used.
Risk Assessment Models
HACCP and Food Safety Risk Assessment
In the food industry, there are a number of typical models employed when conducting Risk Assessments.
Most of you will be familiar with conducting Risk Assessment under HACCP.
For the most part, companies employ a probability by severity model using a simple two-dimensional matrix, which is normally used to identify, assess, and control a specific hazard at a specific process step.
Below is a typical example of such a matrix:
This approach is very effective and has served the food industry for decades.
Some models extend this to a three-dimensional model with the addition of a third factor, such as ‘detectability’ of the hazard.
However, in the vast majority of cases, the two-dimensional model is sufficient.
Supplier Quality Management
In recent years, the GFSI and other standards and legislation have increased the burden of Risk Assessment by requiring that each individual supplier, supplier facility, and, indeed, individual material supplied is risk assessed.
This makes sense since general Risk Assessment of these can leave your business exposed to unidentified hazards.
However, to undertake this work is significant ̶ not least the requirement to communicate with suppliers and collect the required documents and data to complete the task.
Risk Assessment models for materials and supplier differ from the HACCP matrix approach.
In this case, the specific process point is not at play and, therefore, the matrix model breaks down.
When assessing supplier or materials a whole variety of factors come into play, such as certification, the level of control systems, nature of the material supplied, source, complexity, and vulnerability of the supply chain to name a few.
Here, a Criteria-based model is more appropriate, which takes into account the totality of all the factors that contribute to risk.
Vulnerability Assessments and Threats
When it comes to determining risks in the supply chain, again, the basic matrix model may not be sufficient.
Food Defense plans for example typically need to combine audit-like assessments (general facility threats) with quantifiable vulnerabilities (specific process threats).
Here, we can see the complexity of assessment models required by a business as it increases.
Management Processes and PRP
When it comes to determining the risks associated with management processes and PRP’s, we experience a shift in what we need to assess as the hazard.
For HACCP, it is clear-cut. We are seeking to identify a specific hazard within one process step, e.g., Salmonella at the cooking step.
However, for a management process, such as Auditing, we are not dealing with specific hazards, but rather a failure of the system (to be conducted, to be effective, etc.).
In this sense, Risk Assessment in these cases is more akin to FMEA than HACCP. We can see that having one universal Risk Assessment model would not be workable in a food business.
The same can be said for PRP’s such as calibration or pest control.
Of course, other areas of your business may exist where you will need Risk Assessment models, such as environmental management risks and occupational health and safety.
These all require a slightly different approach and model to address the requirement.
What all this points to is: a business must put in place a robust tool which allows for the development and maintenance of a whole variety of Risk Assessment models and workflows in order to comply with the vast requirements of standards, legislation, and business needs.
A business must put in place a robust tool which allows for the development and maintenance of a whole variety of Risk Assessment models and workflows in order to comply with the vast requirements of business needs.
Now let’s talk more about how Safefood 360°’s new Risk Assessment Modelling (RAM) tool will help do this.
The New RAM Solution
In order to meet the changing needs of our customers, we have introduced a new solution into SF360° called the Risk Assessment Modelling tool.
This tool effectively allows you to conduct any type of Risk Assessment against best practice workflow and your own internal Risk Assessment models.
We have referred to all the major food safety standards and international best practice guidance in developing this solution. It allows you to set up and conduct Risk Assessments for the following:
- Supplier Assessments
- Material and Product Assessments
- Food Defense
- Vulnerability Assessment
- Business and Management Process
- Environmental Management
- Occupational Health and Safety
- Monitoring and Test Programs
How does it Work?
The RAM solution allows you to build out a suite of Risk Assessment models used in your business.
The modelling tool is very powerful and can cope with even the most complex models.
Once these models are built they can be ‘slotted’ into your assessment workflows for risk-based assessments, supplier quality control, or any other aspect of your compliance framework.
These models can be based on either matrix structures or multiple assessment criteria.
Let’s take a look at a few examples:
HACCP and PCP Plans
Safefood already has the best risk-based assessment workflow in the market.
With the new RAM companies can now ‘drop’ their own unique Risk Assessment model for conducting HACCP and PCP studies into the workflow.
This same workflow can also be used to conduct your Vulnerability Assessment, Health and Safety studies, and environmental Risk Assessment work.
In fact, there is no limit to the solution, so you can house all your business Risk Assessment and Control Plans in this one solution, using any type of Risk Assessment models you need.
I’m sure you now agree with what I said earlier; it’s very powerful!
Supplier Quality Management
This area has seen the greatest change in recent years with GFSI and FSMA increasing the burden significantly.
No longer is a general Risk Assessment on suppliers and product categories sufficient. You must now risk assess:
- Individual Supplier facilities
- Individual Materials from each facility
With RAM you can now build bespoke Risk Assessment models for different supplier and material types.
For example, the Risk Assessment criteria for a high-risk ingredient supplier may not be the same as a secondary packaging supplier.
Under FSMA, different types of suppliers and products must be assessed for different compliance requirements.
The SQM supplier assessment workflow also allows for a follow-up Risk Assessment to determine the risk mitigation following the application of specific controls.
Management and PRP Systems
For each specific management process or PRP you can build a specific Risk Assessment model.
This makes sense since, in these cases, we are interested in determining the risk of risk failure.
Lastly, for Internal Auditing, for example, you can build out and apply a simple matrix model which assesses the likelihood of failure of the audit program and potential impact.
From this, the system can support you identifying the required frequency for audits.
What to expect in the coming weeks and future for RAM?
There is a lot more to our new RAM feature and, over the coming weeks, we will be providing a series of webinars and supporting material to help you get the most from this new innovative solution.
We promise you will only need this one tool to do all your Risk Assessment work.
We promise you will only need this one tool to do all your Risk Assessment work.
Supported by our team in Professional and Customer Services, we intend to help our customers become world-class leaders in the field of Risk Assessment for everything.
More: If you would like to see the RAM in action please visit our demo request page.