Tag Archive for: food standard and legislation

What is Single Sign On and why do we offer it?  

Since the initial launch of the Safefood 360 platform we have always had a staunch and steadfast commitment to security and privacy.  

This commitment has taken many shapes over the years and has been realised in many different ways in the SF360 platform. 

Indeed, for more than 180 years, security has also been at the heart of our parent company, LGC, which was founded to test the authenticity of, initially tobacco, and later food imports into the United Kingdom.  

Knowing the authenticity of a product, and validation of that claim, is itself a form of security as it gives peace of mind that things are as they should be.  

Since the acquisition of our platform into LGC we have benefitted from many different synergies and resources.  

To an external eye, some of these benefits and changes are more evident than others. 

Behind the scenes, however, one of these synergies has been access to the deep and expansive knowledge that exists across the LGC group from PCQI’s and QA to business analysts, data engineers, and great minds in legal and corporate governance.  

To this end, over the last 4 years we have been vigorously and continuously refining and improving our platform to ensure we offer an optimum product that suits a vast array of needs and gives peace of mind where it is needed.   

During this time we introduced a new Microsoft customer identity access management platform (CIAM) into Safefood – called ADB2C. This is a safe and scalable authentication system solution capable of supporting millions of users and automatically handles cyber threats such as denial of service, password spray and brute force attacks. 

This has proven very popular since we integrated it several years ago but it’s not the only choice for our customers. We also have another option that is more favourable for some of our clients – called Single Sign On. 

What is Single Sign On?

Single Sign On, or SSO, as its typically called, is an important part of cloud security that very simply, makes life easier for your administrators by reducing various user logins across systems to one master username and password.  

Essentially, it is a universal key that can be used to open all platforms a user needs, while allowing your administrators greater control of all the accounts and user roles in your organization.  

Using this, you, as the user, only need to log in once at the beginning of your day, and you will instantly have access to Safefood 360 and any other systems you configure through SSO to work.  

That means no more password resets or frustration when you make a mistake – just direct access so you can focus all your attention to the task at hand.  

If you are unfamiliar with this, you may be thinking what’s the catch, or in a growing world of importance on security, data protection and privacy, why would you not want your systems air-gapped from each other? 

The answer is quite simple, and we’ll go into the complex later, but essentially SSO provides your IT business partners with peace of mind that every user account is genuine as it provides greater traceability of accounts over the system, so no old accounts remain active long after the business need for it has ceased.  

It also gives your administrator team direct control over access criteria, so you can eliminate dependencies on a specific vendor, and enable a zero-trust security policy as well.  

In short, think of SSO like a bouncer to a nightclub – where the ID only needs to get checked once at the door and then the customer is free to order drinks – without SSO, the customer would need to verify their age each time they are at the bar, slowing up service, increasing the risk that someone may be underage or be refused, ultimately and decreasing the quality of service for everyone.  

 

Benefits of SSO

For the reasons already listed above – SSO is more convenient and creates a better experience for everyone.  

As people only need to be concerned with remembering one form of ID, you can make this stronger as it does not need to be repeated.  

Think of a hall pass in school versus a passport.  

Hallpasses can be issued frequently in line with changing demands, and typically are just a piece of paper with a stamp that can be forged versus a passport which has holograms, barcodes, serial numbers, signatures and other devices.  

While a passport is difficult to forge, access is more immediate as being in possession of it, means the document is more trusted – and no additional verification is needed.  

Both control your ability to travel, but one needs to be reissued constantly and checked, while the other is more durable, trusted, and can be used for a longer period of time without maintenance.  

Although it is always advised to not use specific words or patterns in passwords, people are human and sometimes cut corners. By cutting down on the number of passwords in use – it’s less likely that a specific one may be spoofed or guessed – and as such, another security measure is present.  

When your team do need to log on – they don’t need to think about it; and neither do your administrators.  

Lastly, your IT team can benefit from one master list which they can deploy and modify systems access in real time with – this means like the rest your Safefood 360 system, that you will benefit from a singular version of the truth where all information flows across the different verticals of the business where it is needed, but most importantly, that this information correlates and matches when there is duplication.  

Talk to us to learn more

If you are an existing customer we would be happy to talk to you or your technical teams about your SSO environment and what supports you need from us to enable this in your environment. 

If you are not a customer though, we’re also happy to speak with you about how this is just one small piece of a much larger digital transformation project that we can help with you. 

We offer off-the-shelf and custom solutions to food manufacturers of all sizes from single site manufacturers to some of the larger brands you may be familiar with such as Carlsberg, Publix, DSM-Firmenich, Upfield, Wegmans, Royal FrieslandCampina,  Jacobs Douwe Egberts and much more.  

Whether you are looking to fully digitally transform your food safety, compliance or operational data, our platform has customizable solutions which can fit your need. 

If you would like to see how and have your questions answered, simply click the button below and get in touch where a member of our team will explain more.  

 

Demo request

Alcoa+ Principles: What can the food industry learn from life sciences

No matter where you are based, the global food manufacturing industry must comply with strict regulatory requirements, retailer demands and legal frameworks.

While the nuances of each of these asks may vary, compliance to their principles and quality standards to mitigate risk are at the heart of every action in food safety.

In this regulated landscape, maintaining data integrity is paramount, not just from a business perspective, but more importantly, ethically, it is needed to ensure that manufactured products do not cause any threat to life.

From the creation of HACCP in the 1960’s up to the modern day, the industry has grappled with evolving demands and how best to demonstrate compliance with them.

It is evident that having a standard and complying with a standard are two different demands, and the fallacy of audits to these requirements are that they present a moment frozen in time, rather than a holistic view of the real-world application of any management system.

Where records are created, they are often paper-based and islands unto themselves, presenting a microcosm of what happened on that specific day, at that specific time, and too often, do not help us determine greater learnings.

GFSI compliant schemes like BRCGS, SQF (Safe Quality Food), FSSC and IFS allow us to standardize the questions we ask of our data and uncover learnings, however, as these are ultimately industry-led, is the question worth asking, do these ask enough, or rather to be more specific, do their outputs of complying with them enable us to ask the right questions?

To answer this, this blog proposes a thought-experiment of looking at what learnings we can derive from another highly regulated industry, specifically the pharmaceutical industry.

What is ALCOA+

ALCOA+ is a set of principles designed to ensure data integrity in the pharmaceutical industry but has also become commonplace in other related healthcare and bioscience related spaces.

Quite simply, data integrity is ensuring the “completeness, consistency and accuracy of data” (Source, Page 2 https://www.fda.gov/files/drugs/published/Data-Integrity-and-Compliance-With-Current-Good-Manufacturing-Practice-Guidance-for-Industry.pdf) and ALCOA+ is a means to achieving that.

Originally introduced by the US Food and Drug Administration with a condensed scope of ‘ALCOA’, it has since expanded to include the ‘+’ and its principles can be applied to manufacturing, clinical research, testing, validation, and supply chain compliance.

In addition to evolving, the use of ALCOA+ principles have also spread and impacts how these sectors approach GMP (Good Manufacturing Practices) as well.

ALCOA is an acronym which means that a document should be something which is:

  • Attributable
  • Legible
  • Contemporaneous
  • Original
  • Accurate

Further to this, the ‘+’ refers to documents that are also:

  • Complete
  • Consistent
  • Enduring
  • Available

To ensure we have a fuller understanding of each point before we consider what learnings the food industry can take from this framework, we must briefly provide an explanation for each:

Attributable

While anonymous data can be used, such as in instances of whistleblowing, to apply learnings, we must understand the context in which the data was generated.

When we say that something is attributable, therefore, we are meaning that the origin of the data itself, be it manually created by a person or automatically generated by a sensor or machine reading, is identified as well as the time and date that the measurement was taken.

While the idea of this is nothing that will be new to any reader, there are vulnerabilities that we may not consider if the necessary security provisions are not applied.

Systems that allow anonymous access, or password sharing between members of a team can expose a business to falling at the first hurdle here and disqualifying the data from being attributable.

Legible

If your company is still using manual systems, it likely is still doing so with printed forms and checklists.

While this will structure the data, it is still potentially illegible depending on the cursive skills of the person who completed the record, or indeed, the type of paper being used.

Today, in many factories around the world, paper-based records are still commonplace and in use, so it is wise to take precaution and consider the type of materials we use.

Simple things like pen thickness can impact legibility, and if your factory deploys carbon paper to improve record keeping, the thickness of sheets should be considered as simple things like the digits ‘8’ and ‘3’ can easily be confused with the degradation of each copy.

Naturally, digital systems negate many of these potential pitfalls from the off and ensure that data can be read, however, even these systems must consider their place against other ALCOA considerations.

Contemporaneous

It is critical that the records you are keeping are reflective of the moment that they are pertaining to capture.

This means data should strive to be caught when it was generated or as close to the observation as possible, so that they reflect an accurate and complete picture of circumstance.

If a record is retroactively ascribed, it is possible that details may be forgotten or neglected to be included.

While one detail may be trivial and matter in the total picture of things, if left unchecked, these can quickly compound and create an issue.

This then means that future comparisons of current data against past data may be at odds and not able to be reconciled.

Further compounding this can be a potential risk of unchecked or unknown bias, where data being sampled retroactively may skew results if the individual happens to pick samples that are less onerous to test.

Again, software systems help mitigate against this risk with complete record keeping captured at source and random sampling to prevent against bias.

Original

‘Original’ data can also be considered ‘raw’ or ‘source’ data and refers to the data in its purest form at the point of capture.

This data represents a true picture and should be preserved in its original form before any assessment or application is made to the data.

For instance, temperature or sample readings in a monitoring record refer to the original data, and readings that refer to Mass Balance or Weight Averages would be considered additional or meta data.

In a paper-based process, this data can easily be skewed, misinterpreted, or truncated as it is copied from one form or format to another.

A digital system which can capture a higher quantity of digits and thus, more of the “original data” so it avoids things like rounding, resulting in a more complete picture that more accurately represents the true circumstances of output.

Accurate

There is a quote often attributed to Grace Hopper that “one accurate measurement is worth a thousand expert opinions.”

Accuracy is implied across all facets of quality management and underpins every reading we capture.

Over the years as the sophistication of machines, sensors, and indeed our ability to record information has grown – our ability to be more accurate has become pronounced.

The benefits of electronic systems compared to paper in this regard are unparalleled.

Fueled by the acceleration of systems like Hadoop, Data Lakes, Warehouses and indeed, Data Lakehouses, we are now able to capture a large quantum of data and recall it faster than ever.

This means that we can be more precise with machine calibration, maintenance, and proactively predict wear and tear.

The result is that Accurate systems striving for Total Data Quality deliver fundamental value to the bottom line of the business across Statistical Process Controls, Thorough Put, Yield, Waste, Rework, Scrap and knowing our Takt Time.

While the above considerations provide a solid baseline for data principles, they are further complimented and enhanced by the ‘+’ which includes four more areas which can be applied to create a more robust data strategy.

Complete

There is a theory that it is not just the data for product spec that we wish to capture that we should – but rather all original data and metadata should be collected as well.

This means that the ‘golden thread’ of data covers as absolute a picture as possible and can be reconciled against one another.

This includes retests, environmental data, batching details from lot number to time of goods-forward, audit logs, sensor readings, etc.

Consistent

Record keeping must be equal in its application.

Where possible, readings should occur to a defined and rigorous schedule, recorded in the moment and any deviations from the process monitored so that its effect on the captured data can be considered.

This is a principle that is quite tricky for humans and manual systems to adhere too, as variation is all but inevitable as front-line employees work at different speeds or have ad hoc tasks to perform in any given day.

As such, outsourcing, and capturing this at source in an electronic record, can give additional peace of mind.

Enduring

Retention of records and their availability to be accessed upon demand is ital.

A strong history of data capture that is archived and inaccessible is of no use as it cannot stand the test of time.

Vendors who provide systems must also ensure that access is uninterruptable, and the right redundancies are in place.

This is why Safefood like many vendors, includes automated daily data backup, multiple records across dispersed geographical servers and best practice disaster/recall recovery support.

Available

Last, but certainly not least, data must be available to all – or at least those that are in position to use it to drive continuous improvement.

It is of little merit or value to execute the above principles only to have the data locked in an environment where it cannot be used to help enhance processes.

If the data is available to everyone, it may overwhelm, cause confusion, or indeed, potentially compromise intellectual property or competitive edge.

Putting appropriate safeguards in place that protect the extent to which this data can be accessed and retrieved can be easier with software systems rather than needing to have manual security in place to protect or monitor specific areas of your facility.

How to apply ALCOA+?

Depending on where your facility and personnel are starting from, the best way to apply the above principles is likely to divide them amongst the relevant stakeholders with separate projects for each.

A GAP assessment of current status can be a good starting point, as it will reveal gaps from your ‘as-is’ to its ‘should-be.’

Once the assessment and these potential pitfalls are known to you, you could couple this with a Failure Mode Effects Analysis to quantify the potential risk to the business, and indeed, what costs could be incurred.

The good news is operating and adhering to ALCOA+ with manual systems can be done, however, it does require ongoing maintenance, drive, oversight, and cross department co-operation.

As such, it can often be burdensome on resources and while projects typically start strong, they may decrease in effectiveness as employee churn occurs or manual creep in systems takes place.

The better news is that there are ready-made solutions in the market available today which can help, Safefood 360 is one such system.

Our software combines more than 35+ modules which are purpose built for global legislation and technical standards such as GFSI, BRCGS, SQF, FSSC, and ISO22000.

Each of these modules can replace your current systems and brings the different elements of ALCOA+ together so you can remain in step with best practices.

All of our projects are supported by a team of Food Safety Professionals who will take the pain out of a digital transformation and be more than a support to you.

These services include full set up and deployment of all records, programmes, data, and tasks, so your team can remain focused on value added activities and contributing to your company’s bottom line.

Still not sure? Click the button below and contact us to see how.

 

Demo request

Introducing Audit Management 360: Better Food Safety Audits

We are delighted to announce Audit Management 360, an enhanced version of the existing Safefood 360 Audit Management Solution.

The solution is relevant to food manufacturers and distributors of all sizes and will help them to simplify their audit processes and securely report findings.

For the first time, the solution will enable native offline functionality, allowing users to complete audits anywhere, and upload the results later, using our new mobile app.

Fully compliant with all retailer and technical standards like BRCGS, SQF and FSSC 22000, the app delivers a new and enhanced User Experience which delivers a simpler interface and streamlined workflows for mobile devices.

Until now, the Safefood 360 platform has always been browser agnostic, however, this new development is designed to address some of the expanding needs that our customers have articulated and provides a simpler, more user-friendly experience.

 

What is Audit Management 360?

Audit Management is a new solution designed for stakeholders across the supply chain at all levels who are involved in the audit process.

At its core, the solution is designed to assist Quality, Compliance and Technical Managers that the full FSMS already caters for, but will provide them the option of priming management to transition to a full digital solution at a lower entry cost point and with minimal demand on resources.

Transition to a full digital solution at a lower entry cost point with minimal demand on resources.

Audit Management 360 brings together the existing Auditing, Corrective Action and Management Review programs and workflows, supported by Safefood 360’s backbone functionality of master data management, document management, the reporting centre, and alert management.

In addition, Audit Management 360 is the first Safefood 360 solution to have its workflows available on the new Safefood 360 mobile app which gives users the option to conduct internal audits online or offline using their devices.

Conduct internal audits online or offline

We have developed the solution in response from our user base to evolving mark need to utilize hybrid working while maintaining compliance and oversight of facilities in accordance with GFSI and retailer technical standards.

Easier than ever to use and remove barriers in adoption

The solution will allow users to maintain oversight with retailer and technical standards to the same extent as when all resources are available on site with significantly less labour resources needed to be physically present.

New workflows designed specifically for mobile audits, will make it easier than ever to use and remove barriers in adoption across the wider work force.

What’s included (Features)

  • Focused auditing functionality delivering internal audit, site audit and site self-assessment programs and workflows.
  • Ability to configure your own customizable checklists, and also have access to our checklist library of globally recognized standards, large international retailers & other compliant bodies.
  • Build your own ratings and scoring for your checklists to align with your own compliance regime or pull from our libraries.
  • Access to our brand new mobile app, which gives users the option to fill out and complete their internal audits and raise corrective actions online or offline on the app with real-time data synching.
  • Ability to raise corrective actions automatically or manually during your audit, or log corrective actions independently, and then track, manage and close these corrective actions with enhanced reporting and follow-up workflows.
  • Ability to write Audit Reports, including customizing approval and review workflows.
  • Ability to add files and photos while carrying out your audit to respond to checklist questions or support audit findings.
  • Add guides and procedures to your audits, including on or offline on the mobile app, so your auditors always have access to the right information when they conduct the au