Food System Resilience within a Learning Organization

Authors: Food System Resilience within a Learning Organization

Food System Resilience within a Learning Organization written by; Ir. Cornelis van Elst,¹* John T. Hoffman² and Carl C. J. Unis³

• (1)Managing Director, QAssurance B.V.,Van Nelle Factory, Postbus 13310, 3004 HH Rotterdam, The Netherlands
• (2)Senior Research Fellow, Food Protection and Defense Institute, University of Minnesota,1365 Gortner Ave., St. Paul, MN 55108, USA
• (3)Systems Engineer, United States Space Force, Albuquerque, NM 87123, USA
• The original pdf can be found the following link

Summary article

Our global food supply chains are changing very quickly, driven by increasing demand, growing complexity, longer and longer input supply chains. Industry consolidation is outpacing the capability of managers to assimilate and integrate acquisitions. The reality today is that the perception of growing corporate wealth within this critical global infrastructure is a target for both thieves and nation states, for firms large and small. Most firms in our global supply system do not adapt well to change. They are slow to mature against a vast array of risks. They simply cannot get ahead of the risk environment. These growing complexity challenges, organizational, technological and regulatory, means they lack resilience.

Food System Resilience within a Learning Organization Approach

The expanding role of technology is very much a food safety and food system protection issue. We propose concepts intended to help firms sort the various issues, place them into a logical self-assessment framework and to aid them in approaching these challenges from a systems thinking approach. A firm that embraces the concepts of a learning organization will be far more agile, resilient and successful in protecting their consumers and investors. They will also become a less suitable target for the range of threats faced today from Economically Motivated Adulteration (EMA) to ransomware.

Overview: Food System Resilience within a Learning Organization

This article is about the learning capability of a food organization regarding food safety and operational resilience. Risks to firms abound today from technology to operational to regulatory. Yet few firms are prepared to address these risks before there is a crisis, to stay ahead of the evolving threats targeting their operations or the shifting regulatory or legislative environment. For Operational Technology (OT) risks, such as technology or systems failure, cyber compromise or direct attack, Economically Motivated Adulterations (EMA) or disgruntled employees, a range of compliance requirements exist (except for the cyber risks) but early detection or functional feedback leading to change or new mitigation action rarely happens, if at all, on a timely basis. For food safety management and overall company resilience it is important to identify emerging risks in time to mitigate effects and, wherever possible, to anticipate them ahead of time. When a company demonstrably manages operational and food safety risks, this has a positive impact on confidence in the company on the part of customers, consumers and investors. To achieve such resilience a firm must transform to a learning organization.

Challanges food system resilience

The integration of planning and implementation of operational and food safety measures builds optimum company performance and brand (4). While it may be easy to articulate as an objective, most view such a fundamental shift as a challenge outside their operational capacity. Yet those firms who are successful, who reduce their risks from the growing spectrum of risks and compliance challenges, are the ones that operationally build success into their culture.These firms are one who have built change recognition, feedback and adaptation into their culture. They are learning organizations (13).

Main actors for food safety resilience

How do you set up a learning organization regarding operational resilience and food safety? First, we must consider what is involved in managing operational and food safety risk? When we look at operational and food safety management from a helicopter view, there are six main actors.

• the food company
• the company's customers and consumers
• the company's suppliers
• the company's operational technology (OT) systems
• the food legislation and the regulatory environment
• the food quality standards

Business preformance management food company

Within the food company there are different operational departments and roles regarding operational systems and food safety. Company management determines the company's performance objectives and allocates investments in operational and food export programs. The employees carryout day to day operational functions. They also interact directly with the firm's OT systems and engage with the food safety and quality assurance processes. It is important that management invests in the right food safety structure and operational technology systems that enable the company to perform well: business performance management (BPM). But it is equally important for the employee community to be engaged in the BPM program and are educated on their role in both implementation and feed

Food system resilience : Costumer

The customers depend on the company's operational and food safety performance. The company must properly align its operational technology activities with the requirements and wishes of customers and consumers regarding the products and services provided, like OT performance and reliability, allergen or origin information, and food safety record: demand relationship management (DRM).

Food system resilience : Supplier

The suppliers have the greatest impact on the company's operational and food safety performance. Most recalls are caused by the suppliers of food companies. As a food company you have the best grip on your own performance, because you can manage and monitor it yourself. The supplier must properly attune its activities to the requirements and wishes of the food company regarding the products and services supplied: supply relationship management (SRM).

Food system resilience : The food company

Food company operational technology, to include management and handling of all input, processing, processing devices and systems, quality control devices and processes, packaging, labeling and product output, tracking and tracing functions. These operational functions are composed of both human activities and automation. Automation is, of late, rapidly expanding to reduce direct human engagement in many processing steps. The operational systems integration with food safety functions are typically far more intensive today than even a decade ago. Yet most in senior management within the firm and within regulatory agency staff do not fully appreciate this evolution of the technology nor its inherent risks. Indeed, as such automation progresses, particularly with the growing miX of older, legacy technology and systems management with the introduction of newly automated functions and technology, presents significant risk both operational and food safety functions (10). Further, as current and emerging food product traceability and tracking processes are OT based, the need to build in resilience and OT risk reduction is paramount to business performance success: operational technology (OT).

Food system resilience : Legislation

As a food company you must take into account all facets of current and pending food regulations and legislation (3). For example, the legislation (European Parliament, 2002) (2) in the EU is designed in such a way that as a food company you are responsible for food safety yourself. In the United States, company management is responsible under state and federal regulations for food safety and to owners and investors for day-to-day operational performance. But it is also subject to these same regulatory for operational compliance with a range of company functions from OT system compliance to tracking and tracing and, product recalls, when there are OT and/or food safety failures. The regulatory environment has a major impact on the framework in which a food company can operate. It is therefore important to make managing these legislative and regulatory issues part of business operations: legislation/regulatory management (LM) (3).

Food system resilience : Quality standard

As a food company you also must take the food quality standards into account. Both business to business customers and retailers often require a supplier to be certified to a standard recognized by the Global Food Safety Initiative (GFSI) (7): BRC Food (1), IFS Food (9),FSSC22000 (6) or SQF (12). It is therefore important to make managing this certification part of the business: certification management (CM). When you combine the 6 main actors regarding Food Safety management with the 4 main themes that the QA department normally works on, you get the following definition.

OT resilience and food safety compliance management (15):

Management of business performance, demand and supply relations, legislation and regulations, operational technology and certification with regard to company resilience and food safety, taking into account operations, technology systems, production specifications, quality activities, traceability and assessment. We must consider that the description above is a complex system and specific training will be needed to recognize “tipping cues” by operations/policy personnel as to how and why a system may fail. A tabletop exercise (TTX) will be needed to flush-out the problematic areas in the system to create a better understanding of systems operation, its inherent operational risks and to identify area where increased functionality of the overall enterprise system can be achieved.

Systems thinking approach

You must carry out these integrated management activities from a “systems thinking” perspective (11, 14). Depending on the importance of and potential risk to each integrated activity, you can organize it at different levels.

Level of activity organization:

• Activity: the activity is performed without pre-structured recording and/or tuning of the input or output of the activity.
• OT Process: the activity is performed with structured controls and recording of the input or output of the activity between 2 actors.
• Systematic: the activity is performed with monitored controls and recording of the input or output of the activity and control between 2 actors
• Chain: a set of predefined activities between multiple actors are performed with structured recording of the input or output of the activities and control thereof.
• Holistic: a set of predefined activities between multiple actors are performed with monitored and structured recording of the input or output of the activities and controls thereof, also considering the signaling of external influences (triggers) that can lead to new necessary tasks and activities.

Connectivity phases:

The way in which the activities are carried out within the company provide an indication of the connectivity within the organization. In an organization with a good infrastructure and monitored, predefined processes and systems, business- critical activities will be organized at least at the system level, allowing the Deming circle (Plan-Do-Check-Act) to take place.

Intra-connected

The company is set up for the activity and process connectivity phases. An activity takes place within the company, whereby coordination takes place about the input and/or output of this activity.

Inter-connected

The company is set up for the system and chain connectivity phases. An activity takes place within the company and with directly involved actors in the chain (relations: suppliers and customers), whereby coordination takes place about the input and/or output of this activity and a predefined check is performed on the input and output and feedback is given on the outcome of the activity.

Extra-connected

The company is holistically organized. An activity takes place within the company, in a monitored chain and with (in)directly involved actors on the output of the company (where OT systems are subject to active security and performance monitoring, and quality and safety inspection bodies are integrated into the processes, such as the Food Safety Authority and certifying internal or external 3rd parties), whereby coordination takes place about the inputs, processes and outputs of this activity and predefined checks are performed on the input, OT processes and outputs, with continuous feedback provided on the performance and outcome of the activity.

The connectivity phases of a company

The connectivity phases of a company are directly related to the learning capacity of the organization. An intra- connected organization is more inwardly oriented than an inter or extra-connected organization. As a result, such a company will be less able to identify emerging performance, OT or food safety risks or legislation/regulatory changes in time to be proactively anticipated. These three organizational forms are explained in more detail below.

Intra-connected organization

The company is internally focused. Within the food company, cooperation is based on input and output. There is little coordination between departments. Questions from customers and consumers are handled on an ad hoc and reactive basis. This also applies to complaints against the company's suppliers. There is no overview of the latest Food legislation and unannounced audits are not achieved because not all certification requirements are continuously met. The company knows that something has happened with a food safety theme or knows that something is happening. In the Netherlands, for example, stricter rules regarding Listeria monocytogenes control have been in place since the end of 2018. There have been companies that have not anticipated this in time, because of which, for example, the best before date of the produced meals had to be reduced from 10 to 4 days. This had major consequences for the supply chain. As a result, a smoked salmon producer was no longer able to export and saw its turnover halve as a result.

Inter-connected organization

The company works in a systematic manner and is chain (16). Within the food company, cooperation is based on the Deming circle (Plan-Do-Check-Act). There is good coordination between departments. Inquiries from customers and consumers are handled routinely and proactively. This also applies to complaints against the company's suppliers. There is an overview of the latest food legislation, and this is known throughout the company and unannounced audits are no problem because all certification requirements are continuously met. The company knows that something is happening with a food safety theme or even knows why something is happening. For example, after a visit from the Food Safety Authority, a company knows that work needs to be done on shelf-life studies for Listeria monocytogenes and starts working on this, with log 2 as the maximum outgrowth value. On a subsequent visit by the Food Safety Authority, all shelf life of the products will be reset to a maximum of 4 days best before date, because the Food Safety Authority has in the meantime adjusted the requirements in their guidelines (In the Netherlands Infosheet 85) to a maximum of 0.5 log growth. A large producer of meat products was closed as a result.

Extra-connected organization

Within the food company, cooperation is based on the Haeckel SIDA circle (Sense-Interpretate-Decide-Act). The company works completely integrated and is holistically designed as a real time learning organization. Also, within the food company, cooperation is also based on the Deming circle (Plan-Do-Check-Act), and everyone knows their role and is part of the sense and respond (8) function regarding the identification of opportunities and risks that could have an impact on the company from the world. The company knows why something is happening with an operational technology function or a food safety theme and can anticipate that something is going to happen. Regulatory bodies in Europe and the United States all have processes to share regulatory changes and guidance. For example, The Food Safety Authority in the Netherlands publishes in Infosheet 85 the desired method with which Listeria monocytogenes must be controlled. This information sheet is updated annually with new requirements regarding control. Food companies must therefore organize themselves in such a way that they are aware of changes in this Infosheet, so that they continue to comply. This also applies to other themes, such as the control of ethylene oxide in sesame seeds.

Monitoring all systems

An extra-Connected organization will also have active monitoring of all systems, to include cyber systems embedded within Operational Technology processes within the firm and across supplier and customer systems. Cyber risk management involves the same processes of hazard identification, vulnerability assessment and risk reduction steps as are employed in food safety risk reduction processes, such as HACCP (5) and Vulnerability Analysis of Critical Control Points (VACCP). Even network segmentation steps to reduce to introduction of system contamination, such as malware, are similar to food safety processes. The use of 3rd party monitoring and certification is equally applicable to OT cyber security and food safety processes. Building OT resilience must be based upon both cyber risk reduction and food safety processes. Moving forward we will find that customers will demand the certification of both.

OT Resilience and Food Safety Compliance: learning capability stages

These stages of connectivity can be used to characterize the learning capability of the organization in the field of OT resilience and Food Safety Compliance

• Getting Connected: OT human and technology systems are actively monitored for performance compliance and security. OT system resilience and food safety management are both process-driven, everyone works according to instructions and functional regimes that apply to the department.
• Networking: OT and food safety management are systematically managed, and attention is also paid to operational controls monitoring and food chain safety assurance, whereby we work according to cross-departmental routines and agreements.
• Sense and Respond (8): OT and food safety management is designed holistically regarding the external risks that can have an impact on the total performance of the company. This means that both human and technology systems have feedback and corrective action processes in place. OT cyber systems are segmented to reduce the introduction of malware and to facilitate managed feedback systems to address anomalies or intrusion attempts. (16)

OT Resilience and Food Safety Compliance: certification management (CM)

Getting Connected	Networking	Sense and Respond
The OT and food safety quality system is set up in accordance with the standards but is not aware of new doctrines. A month before a 3rd party compliance audit, all sails are pulled (Dutch expression for doing your best), an unannounced audit is not a good idea.	The OT monitoring and quality system is set up in accordance with the standards and the latest guidelines. Because the company works systematically, an unannounced audit can take place without any problems. There is a central action list for OT and food safety system monitoring, security, compliance and certification issues.	OT system performance and security are monitored with built-in feedback processes. The GFSI guidelines are also monitored to be able to anticipate changes in quality standards in time. The company tracks auditor performance and results because there is knowledge of the standard and the complete certification process.

OT Resilience and Food Safety Compliance: demand relationship management (DRM)

Getting Connected	Networking	Sense and Respond
Customer questions are answered reactively, and product specifications are issued on request, after a year there is no overview of who has been promised what. A customer audit leads to disappointment with the customer, because the agree- ments made are not known within the company and are not complied with.	There is a company-wide system for customer communication, which records who communicates what. The compa- ny demonstrably works according to additional customer requirements and a customer audit leads to extra bonding with the customer. Communications are secure and there is a central action list for customer issues.	It is known which operational and food safety themes will become important for customers and proactive anticipation is given. Corporate social responsibility, secure connectivity and chain transparency are part of the customer approach, in which there is cooperation on improvement.

OT Resilience and Food Safety Compliance: business performance management (BPM)

Getting Connected	Networking	Sense and Respond
There are general instructions at depart- ment level. Active monitoring is not in place to detect failure or deviation. The de- partment manager is involved. There is an overview of actions at department level, recorded in the minutes of the department meeting. There is no company-wide action list that is centrally managed.	There is a company-wide system for OT and food export program integrity, which determines who carries out what. Work is accomplished according to the requirements and an internal audit leads to involvement and company-wide improvements that are addressed via the central action list.	There is a holistic approach to OT performance and food safety, which defines who performs what. The company actively monitors OT and food safety to identify and follow up on the detected OT and food safety issues and works together with suppliers, customers and industry organizations on transparency and trust within the Global Food Supply Chain.

OT Resilience and Food Safety Compliance: supply relationship management (SRM)

Getting Connected	Networking	Sense and Respond
Purchasing specifications have been drawn up for suppliers, but there is no overview of agreements. There is no company-wide system for supplier communication or contractual supplier compliance, in which it is determined who communicates what.	There is a secure company-wide system for supplier communication, which records who communicates what. Compliance with supplier agreements is demonstrably monitored and an audit on location at the supplier leads to extra commitment. There is a central action list for supplier issues.	It is known which OT and Food Safety themes will become important within the supplier relationship. They are proactively anticipated. Corporate social responsibility, secure connectivity and chain transparency are part of the supplier approach, where there is cooperation on improvement.

OT Resilience and Food Safety Compliance: legislation/regulatory management (LM)

Getting Connected	Networking	Sense and Respond
The quality system is set up in accordance with the current regulations but is not aware of the latest legislation or rules interpretations. A month before a system audit, every effort is made to catch up, an unannounced visit by the Food Safety Authority often leads to a warning or fine report.	The OT and food safety monitoring and quality systems are set up in accordance with the regulations and the latest guidelines. Because the company works systematically, an unannounced audit can take place without any problems. There is a central action list for legislative issues.	New legislative or regulatory processes are also monitored to be able to anticipate changes in legislation and enforcement in time. The company actively monitors its OT performance and Food Safety systems. The Company challenges regulators and auditors where it is aware of inconsistencies with their findings and the latest rules and the entire enforcement processes.

Conclusion

The degree of connectivity of the company says a lot about the learning capability of the company. Operational Technology integrity and resilience and Food Safety Compliance management focuses on safeguarding risks where the company needs a holistic approach regarding OT performance and food safety, food defense and food fraud. In addition to the basic requirements for food companies, a company must be organized in such a way that the Hazard Analysis Critical Control Points (HACCP), Threat Analysis Critical Control Points (TACCP) and Vulnerability Analysis Critical Control Points (VACCP) are not just up to date but are actively monitored and risk thwarted. Carrying out a HACCP, TACCP or VACCP study alone is not sufficient. The company must focus on a holistic approach to business performance, OT systems resilience and security, demand and supply relations, legislation and certification that creates a learning organization about OT performance and Food Safety Compliance and the company knows what is going to happen so that the associated risks can be proactively managed.

References: Food System Resilience within a Learning Organization

• British Retail Consortium. Available at: https://www.brcgs.com/. Accessed 10 December 2021.
• European Parliament, Council of the European Union. 2002. Regulation (EC) No 178/2002. Available at: https:// eur-lex.europa.eu/legal-content/ EN/ ALL/?uri=celex%3A32002R0178. Accessed 10 December 2021.
• Food and Drug Administration. 2011. Food Safety Modernization Act. Available at: https://www.fda.gov/food/food-safety- modernization-act-fsma/full-text-food- safety-modernization-act-fsma. Accessed 10 December 2021.
• Food Engineering. 2013. Informational silos stand in the way of strong food safety management systems. Available at: https://www.foodengineeringmag. com/articles/90623-informational-silos-stand-in- the-way-of-strong-food-safety-management- systems. Accessed 10 December 2021. Food Protection and Defense Institute. Food and cybersecurity. Available at: https:// foodprotection.umn.edu/research/food-and- cybersecurity. Accessed 10 December 2021.
• Food Safety System Certification 22000. Available at: https://www.fssc22000. com/. Accessed 10 December 2021.
• Global Food Safety Initiative. Available at: https://mygfsi.com/. Accessed 10 December 2021.
• Haeckel, S. H. 2016. Adaptive enterprise: the workbook. CreateSpace Independent.
• International Food Standard. Available at: https://www.ifs-certification.com/index. php/en/. Accessed 10 December 2021.
• Keogh, J. G. and C. J. Unis. 2020. Rethinking future food chains: systems thinking and the cascading consequences of system failures. Food Saf. Mag.
• Morganelli, M. 2020. What is system thinking? Available at: https://www.snhu. edu/about-us/newsroom/business/what- is-systems-thinking. Accessed 10 December 2021.
• Safe Quality Food Institute. Available at: https://www.sqfi.com/. Accessed 10 December 2021.
• Senge, P. M. 1990. The leader's new work: building learning organizations. Mag. Fall 1990.
• Unis, C. J. 2021. System thinking and space force enterprise challenges. Phalanx.
• Unis, C. J., and C. van Elst. 2021. Food safety compliance and systems thinking. Available at: https://www.qassurance.com/food- safety-compliance-and-systems-thinking/ Accessed 10 December 2021.
• Wikipedia. n.d. OODA. Available at: https:// en.wikipedia.org/wiki/OODA_ loop. Accessed 10 December 2021.
• Wikipedia. n.d. PDCA. Available at: https:// en.wikipedia.org/wiki/PDCA. Accessed 10 December 2021.

Download the article