Table of Contents

Rat Salad and Other Lessons from Food Safety

(notes from the session are downpage)

(AKA lessons in Quality Assurance from the food industry)

Discussion Coordinated By: Peter Eschright (@pgesch or www.eschright.com)

I will share some anecdotes and the truth about how safety happens, and explain briefly the standard safety program used in the food production industry and open discussion on how software can benefit from the model it teaches. Below are some notes on HACCP the scientific system used to produce safe quality food in the industry today.

“Space-age technology designed to keep food safe in outer space may soon become standard here on Earth.” FDA Backgrounder, October 2001

Why HACCP?

HACCP is a method of addressing the safety issues involved in food manufacturing. It reduces to acceptable levels or eliminates food hazards using sound scientific principles.

What is HACCP?

Hazard Analysis Critical Control Points

HACCP is based on the “Modes of Failure Concept”. By gathering information about a product or process, it is possible to predict what might go wrong and how and where the problem will occur. HACCP is based on seven principles:

  1. Analyze hazards: Potential hazards and control measures are identified.
  2. Create CCPs: Identify the last point where a potential hazard can be controlled or eliminated, these are critical control points (CCPs).
  3. Prevention and limits: Establish preventive measures and critical limits for each CCP.
  4. Monitoring: Establish procedures to monitor the CCPs.
  5. Corrective Actions: Establish corrective actions to be taken when monitoring shows that a critical limit has not been met.
  6. Verification: Establish procedures to verify that the system is working properly.
  7. Documentation: Establish record keeping and documentation of the HACCP system.

What are the steps necessary to build an effective HACCP program?

We need prerequisite support programs and to complete some preliminary tasks.

Prerequisite Support Programs

There are seven basic programs prerequisite support programs that must be in place for [food] HACCP:

  1. Sanitation
  2. Good Manufacturing Practices (GMPs)
  3. Pest control
  4. Chemical control
  5. Allergen control
  6. Traceability and recall
  7. Customer complaints, addressing quality issues that customers report

In Programming we might think of these as:

  1. Code Maintenance
  2. Good Coding Practices
  3. Source Control
  4. Disallowing Harmful and Malicious Code
  5. Cross Platform Testing
  6. Traceability and Recall
  7. Customer Complaints Handling

The necessary preliminary tasks are:

  1. Management Involvement
  2. Establish A HACCP team
  3. Create a profile of the finished product
  4. Diagram the complete process flow

Where can I learn more about HACCP?

http://www.cfsan.fda.gov/~lrd/haccp.html

http://en.wikipedia.org/wiki/HACCP

Rat Salad

notes from the session

Peter has a history of working in the food industry and is also a computer programmer

introductions, and most important derivative from the US Space Program

  1. Tang
  2. astronaut/zero-G pens
  3. computers
  4. compact disc

Peter's suggests the HACCP program, developed by Pillsbury to minimize risk of food-bourne sickness during the early space program, since adopted by canning, juice, etc mainstream food industry also Goretex and Velcro

Hazard Analysis (and) Critical Control Points

note that in the food industry testing is destructive, while in compsci

the Rat Salad story couple years ago at a salad plant nearby at quality control, found a rat head packaged in the product of course, where is the rest of the rat and how does a production plant control the immediate issue, as well as the overall contamination in this case, the complete day's production was destroyed

how are products tested so that issues can be identified and isolated

Q: are there national mandates or is it dependent up on the processing plant A: both, as major identified risks are regulated

how frequently is a data set sampled in order to achieve confidence in analysis

statistical models exist to determine points in process at which to test this in consumer electrical component manufacturing 100% testing is not as effective as controlled partial testing

what is the start of an effective QC program four points

  1. Management Involvement “tone from the top”
  2. Establish a HACCP team - the core group responsible for quality assurance
  3. Create a profile of the finished product - define the finished product: use, distro, storage / functional spec and use case scenarios
  4. Diagram the complete process flow - identify where quality and safety points exist

change management in IT change control in an IT operations organization

cleanliness of the physical plant : code maintenance reduction of worker contamination vectors : code formatting, check-ins pest control : source control, good source code repository; code review chemical control (accounting, checkout) : use of outside code libraries, handling liabilities / testing of those libraries allergen control : compatibility, cross platform testing trace-ability (location of product after it is deployed) ability to recall :

Principals of HACCP

2. a CCP is the ultimate point at which control can be exerted to minimize a particular hazard identify which are critical

3. example of use of metal detectors in food prep: startup check of metal detector function, hourly tests, shutdown test. note that production sprints allow the isolation of problem batches

4.

5. verification use of outside auditors, and government regulation

6. documentation (as they say “pics or it didn't happen”) various codices requirements based on industries in which software will be deployed

Preventative Action in food handling - documentation of incident and development of new control procedures in software - post-mortem meeting, conclusions honored in the breech perhaps too often in software - lack of regulatory environment might not encourage actual analysis perhaps not looking for a root cause, just reboot or restore prophylactic reboots

testing of continuity procedures failure to keep such procedures up to date

unit testing becoming more prevalent in software engineering the isolation of a test-able unit of code

combining iterative edits of a document and having trace-ability of those edits

as applications become larger, it is impossible for a single person to hold it in their head

test suite to test changes against after every check-in

in IT operations, it is critical to control/documents change or just lock it down change management small thoughtful tested manner

Hal finds this change management extremely close to HACCP as described, possible lineage?