Unlocking Control Measures in Food Safety

When is a CCP not a CCP? When it’s a PRP, oPRP, CP, QCP or QSP to name a few. Our growing dedication to coming up with new and increasingly obscure acronyms to describe control measures in food safety has arguably led to a state of confusion in the community almost to the point where language has lost some of its meaning.

Food safety managers, auditors, consultants and trainers now spend countless hours discussing and debating whether a control measure should be called a CCP or oPRP. Even more time is invested in the methodology employed to come to the required control measure decision. Risk assessment models, decision trees and figuring out the difference between validation and verification have become an all too regular event during certification and customer audits. Why should this be? Surely after decades of using standardized models such as HACCP we should have greater clarity and agreement on these elements rather than the increased confusion prevalent today.

In our latest whitepaper, we have focused on this whole area to help food safety practitioners gain a better understanding. The whitepaper addresses the various control measures now employed in food safety as well as the risk assessment and decision tree models used to determine them. We also considered how best to develop a more sophisticated risk assessment and decision tree model capable of accounting for the various control options now found in the modern risk system.

However in this blog I want to broaden the discussion about Control Measures, their proliferation and ask the question does this help us and is it really necessary? Is it possible we have simply got carried away in the river of three letter acronyms without considering those who have to use them, understand them and wedge them into their system regardless of their value? A lot of questions, but then again there are a lot of control measures to understand.

The evolution of control measures

Let’s take a brief look at the history. In the beginning we had quality control for food production. The lack of assurance provided by this system required a different approach. This saw the emergence of HACCP and the introduction of a new concept – the CCP. The separation of specific points of control in a process essential for safe food production from general controls was a revolution. Companies could now focus their efforts on critical aspects of their process.

As time went by we saw the rehabilitation of general measures of control e.g. GMP, GHP, GLP. In many cases they were given a new name Pre-requisite Controls or PRP’s. More time passed and we were introduced to an additional concept – the Operational PRP or oPRP. Introduced by the ISO it appeared to be a control residing somewhere between a CCP and PRP.

This evolution on face value seemed logical and not too complex. Indeed, the principle of separating control measures based on the risk of the hazard they are intended to address makes a lot of sense. However the standards, tools, models and trees to support this framework failed to support the user who often struggled to determine the appropriate control measure.

An unwanted outcome

A number of years ago while conducting an audit on a food business, I came across a CCP decision tree posted on an office wall. It was one I was not familiar with and was curious to read it. While I can’t recall the exact detail, it went something like this:

Funny HACCP decision tree

While the above may be amusing, it underscores for me the depth to which the issue has gone in the industry. Food safety practitioners in this company had lost confidence in the principles and tools they had to use to determine control measures. I recall they were competent managers but evidently had grown somewhat cynical about decision trees. But who among us can deny operating a similar approach at some point when developing HACCP plans?

Amid the layers of terminology, jargon, diverse models and propagation of new control measures can we break things down and simplify matters? Well yes! It would seem to me that the lowest common denominator of what we are attempting to do is risk assessment. It is risk assessment which dictates what we need to do to manage the hazard. Why? Because it is the assessment of risk which characterises the hazard and informs the need and extent to which we need to control it. Its criticality is arguably a notional concept which serves only to confuse. There is strong evidence to support this. Just ask any food safety practitioner who has used the CODEX decision tree. They know it can lead to false CCP determinations while missing steps which are obviously CCP’s. For CODEX to say it is only a guide and common sense should always be applied is not good enough and for me its proof the model is flawed.

Risk is the critical measure of a hazard

If risk is the critical measure of a hazard, why not simplify our models to reflect this and make life easier and food safety systems more effective? The argument will be made that not all hazards are equal or significant in nature. Some are more significant than others and need to be handled differently. This makes sense until you dig a little more. We now find that significant hazards may not be critical to food safety. They are significant but not critical. Many of us suspect that the difference is merely that the hazard does not fit a tight definition of a critical control point (CCP) and by default becomes a PRP regardless of it criticality. Proof of this is the ISO’s introduction of an operational PRP. For me it is an attempt to bring these hazards which are not CCP material back into the realms of special control. I may be wrong but I challenge you to read the definition of an oPRP in the ISO 22000 standard for a clear explanation of what it is. You may struggle to find one.

Further evidence of the blurring of control measures is the more recent requirement in GFSI standards to risk assess, review and validate PRP’s and oPRPs. You will find a similar requirement for CCP’s. So what really is the difference? The difference is essentially the risk associated with the hazard but we are forcing users to take a long winding road to achieve what should be quite simple.

Let’s simplify the models – introducing RAACP

Let me distil this down so we can start to understand what it is we do when developing a food safety system regardless what the standards say.

  1. We have a process step, operation, activity or stage
  2. There is a potential hazard(s) associated with the step
  3. The hazard has a particular risk profile – we conduct risk assessment
  4. We apply an appropriate level of control to the hazard (control measure) based on this risk assessment
  5. And finally we validate the control measure

In reality this is where we have arrived. If you critically assess the various GFSI standards, retailer standards and codes this is what is called for but in a very disconcerted way. We have yet to admit it and more importantly to revise and align our standards, guides and codes of practice to this reality. Graphically we can represent this simple and effective model as follows:

RAACP Model for food safety

RAACP model for food safety

I referred to this as the RAACP model (Risk Assessment Appropriate Control Point). The key issue is this – depending on the risk of the hazard, appropriate controls are put in place regardless of the name you might give it. Good risk assessment, based on hazard identification, hazard characterisation and exposure assessment, will provide you with sufficient information to determine the required control to be employed which can then be validated. It can also be monitored, verified, audited etc. based on the risk assessment and clear criteria can be set down for this.

This model is clean, non-complicated, and consistent with good risk management principles. It reflects what we are seeking to do and most likely are doing in practice. More importantly it cuts across the layers of jargon, spurious requirements and confusion we have added year after year to our standards in an attempt to make them better. Of course the model is simple and so it should be but it does not preclude the development of robust frameworks in and around each element. As long as we maintain clarity development of the model should be encouraged.

All the acronyms are really just labels for the same thing

In the final analysis, what does it matter which name we give to a control point – CCP, PRP, oPRP or CP? We could call it Mickey Mouse in Pink Polka Dots Point as long as we have in place a validated control measure appropriate for the risk of the hazard.

One of my favourite song writers, Paddy McAloon, wrote “words are trains, for moving past what really has no name”. I never really understood that lyric. That was until I come across food safety risk models. If words are trains, then food safety acronyms are supersonic jet planes. Perhaps it is time we all slowed down a little…

George Howlett

About the author

George Howlett is the CEO of Safefood 360° and one of Europe’s leading food safety experts. Before establishing Safefood 360° he worked at some of Ireland’s most prominent companies and brings the expertise with him. George also lectures in the MSc for Food Safety Management in the Dublin Institute of Technology.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *