ilp system engineering approach to food safety

A System Engineering Approach to Food Safety

John Helferich PhD Candidate IDSS

Prof John Carroll, Advisor ILP R&D Conference – Food Track

11/18/15

Safe Food Lab

Outline •  Context –  US Food System: Pressures –  Food Safety: MoOvaOon to study

•  System Engineering: Can it create new insights on management of food safety?

•  Analysis of Food Safety Management System (FSMS) –  System TheoreOc Accident Modeling Process (STAMP)* –  Object Process Modeling (OPM) –  Design Structure Matrix (DSM)

* My research focus © John Helferich 2015 2

US Food System Historical PerspecOve

Local

Regional to Na.onal to Global

Pre Civil War Today 1970s © John Helferich 2015 3

Pressures on the Food System Today

Factory, Global Farm, Global

ArOsanal, Local Farm, Local

New Food System TradiOonal Food System

© John Helferich 2015 4

Local to Glob

al

Farm to Factory Industrial to ArOsanal

Food System Issues •  Food Safety -‐ illness and injury caused by micro-‐organisms,

allergens, or foreign material

•  Food Security -‐ lack of nutriOous food due to affordability and availability

•  Food Defense – protecOon against intenOonal contaminaOon

•  Food Sustainability – methods of producOon considering economics, environment and social perspecOves

•  Food JusOce -‐ ?????

•  Others – Obesity, GMOs, …


Societal Impacts of Food Safety •  On people1

–  3000 deaths per year: ~ 20 plane crashes per year –  300,000 hospitalizaOons –  48 Million illnesses: One out of 6 people in the US annually

•  On the Economy2 –  Direct -‐ $15 billion –  Indirect -‐ $152 billion –  Loss of confidence in food system

•  On Firms –  ReputaOonal damage: Chipotle -‐> 27% point drop in consumer percepOon3 –  Costs: Kellogg’s $70mm charge from PCA Salmonella in peanut buker –  Jail Time: Stewart Parnell, PCA, sentenced to 28 years

1 CDC, 2011 2 Pew FoundaOon, 2011 3 YouGov BrandIndex Survey, 11/13/15


System Engineering

•  Systems Engineering is an engineering discipline whose responsibility is creaOng and execuOng an interdisciplinary process to ensure that the customer and stakeholder's needs are saOsfied in a high quality, trustworthy, cost efficient and schedule compliant manner throughout a system's enOre life cycle.

INCOSE Handbook © John Helferich 2015 7

Food System High Level Requirements

•  Food shall be: –  Safe, – Affordable, – Available, – NutriOous, –  Palatable, – And, increasingly, Produced Sustainably

•  Safe -‐ Food shall not contain pathogens at point of consump.on


How the food system controls pathogens

Control the producOon environment

Control bacteria or bacterial growth by killing or chilling


US Food Safety Management System


Good Agricultural PracOces (GAP)

Good Manufacturing

PracOces (cGMP)

Good DistribuOon and Retail PracOces Good Food

Service PracOces (ServSafe)

Consumer PracOces

Hazard Analysis and CriOcal Control Points

HACCP à HARPC

“Prerequisite Programs”

Farm Factory DistribuOon ConsumpOon

System Boundary

Control the producOon environment

Control bacteria or bacterial growth by killing or chilling

System Engineering Process


Today’s Focus

System Engineering Models and Methods applied to Food Safety Management System

•  FSMS: A New Accident Model Approach –  System Theore.c Accident Modeling Process (STAMP)

•  FSMS: System Architecture – Object Process Modeling (OPM)

•  FSMS: RegulaOon Analysis – Design Structure Matrix (DSM)


System Approach to Safety Safety as a Control Problem


Prof Nancy Leveson Course 16 NAE Safety as a control problem, not a reliability problem IniOal Problem •  How to ensure souware is safe Now expanded to many other domains •  AviaOon •  Space •  Auto •  Nuclear •  Cybersecurity •  Food

Historical Approaches to Accident CausaOon


Domino Model Heinrich 1920’s

Swiss Cheese Model Reason 1990

Architectures of Safety Systems

Defense in Depth High Component Reliability


But what about component interacOons? (i.e. complex or emergent behavior)

Both components are highly reliable, but in an unsafe state © John Helferich 2015 16

Senior Manager

Operators

Prevention of Ingress of Pathogens

Food Safety Leader

Operations Manager

Regulator(Public and Private)

Food Firm Owner

MentalModel

DecisionRules

Food Hazard Control Structure

FeedbackResource Requests

Pathogen Control Results

ProceduresResources

PoliciesStandardsResources

ResultsRecommendations

Senior Manager

Operators


Food Safety Leader

Operations Manager


Food Firm Owner

MentalModel

DecisionRules




ProceduresResources



How can we strengthen system control to prevent driu into unsafe state?

STAMP


STAMP: How the high level safety requirement is controlled


Senior Manager

Operators


Food Safety Leader

Operations Manager

MentalModel

DecisionRules

Senior Manager Control Loop

External Input

Senior Manager

Operators


Food Safety Leader

Operations Manager


Food Firm Owner

MentalModel

DecisionRules




ProceduresResources




My Research

Senior Manager

Operators


Food Safety Leader

Operations Manager

MentalModel

DecisionRules

Senior Manager Control Loop

External Input


My Research

My Research QuesOons 1.  How do food safety decisions get made under the real condiOons

of low frequency-‐high consequences in a listeria prone environment? (Study 1) 1.  Food Safety Subject Maker Expert (FS SME) PerspecOve 2.  Decision Maker (DM) PerspecOve

2.  Based on Study 1, do we see evidence of “behavioral” decision making? What are the decision making styles of DM?

3.  Can we “nudge” the decision-‐making process to improve incidence of good food safety decision making by inducing regulatory fit between SME proposal style and the decision making style of the DM? (Study 2)

Research Plan

•  Study 1 –  Interviews of pairs of Decision Makers/Food Safety SME

– How are Food Safety Decisions made? –  Looking for several more firms for interviews

•  Study 2 –  Can we “nudge” managers to make beker decisions? –  Priming PrevenOon vs PromoOon OrientaOon


Subjects(FS DM)

Promotion Primed

Prevention Primed

RandomAssignment

Promotion Fit Proposal

Prevention Fit Proposal

Promotion Fit Proposal

Prevention Fit Proposal

ALikelihood of

Approval

BLikelihood of

Approval

CLikelihood of

Approval

DLikelihood of

Approval

RandomAssignment

RandomAssignment

Check for Regulatory Fit




Predictions

1. Likelihood: A,D > B,C

2. Likelihood: D>A

3. Regulatory Fit: A,D > B,C

Study 2: “Nudging” through inducing regulatory fit

Looking for Decision Makers to par.cipate, short survey


•  FSMS: A New Accident Model Approach –  System TheoreOc Accident Modeling Process (STAMP)


•  FSMS: RegulaOon Analysis – Design Structure Matrix (DSM)


System Architecture


Dr Bruce Cameron Director, System Architecture Lab Lecturer in Engineering Systems Prof Edward Crawley Course 16, MIT President, Skolkovo InsOtute of Science and Technology, Moscow Defining and Analyzing System Architecture leading to beker designs

System Architecture The embodiment of concept, and the allocaOon of funcOon to elements of form, and defini.on of rela.onships among the elements and with the surrounding context.


Modeling System Architectures Object Process Modeling Language*

Food SterilizaOon (Canning)

Architectures of food preservaOon

Food Freezing

Object Process

28 * Prof Dov Dori, Technion -‐ Israel InsOtute of Technology

To prevent presence of pathogens in food by controlling pathogen ingress using validated control processes

Preventing Ingress

Pathogen

Out In

Maintaining

Certifying

Training

Building Envelope

Closed Open

Raw Materials

Tested Nottested

Personnel

Trained Not Trained

Controlling Presence

Sanitizing

Plant Environment

Clean NotClean

Equipment

Clean NotClean

Pathogen

Out In

Food(Microbiology)

Stable Not Stable

Stabilization

Heating

Chilling

Freezing

Irradiation

Level 1 Level 2 Level 3

OPD of Food Safety Control System



•  FSMS: A New Accident Model Approach –  System TheoreOc Accident Modeling Process (STAMP)


•  FSMS: Regula.on Analysis – Design Structure Matrix (DSM)


Design Structure Matrix


Prof Steven Eppinger, Sloan Wide applicaOons to many systems •  Products

•  OrganizaOons

•  Projects •  RegulaOons

Design Structure Matrix

•  Requirements •  Food shall be …

1.  Safe 2.  Affordable 3.  Available 4.  NutriOous 5.  Palatable 6.  Sustainable

1 2 3 4 5 6

1 -‐ X X X

2 -‐ X X

3 X X -‐

4 -‐ X

5 X X -‐

6 X X -‐

NxN Matrix Connected Requirements

DSM


FSMA GMP Rules: 21 CFR 117


1 117.10 Personnel. 2 The management of the establishment must take reasonable measures and precautions to ensure the following:

3

(a) Disease control. Any person who, by medical examination or supervisory observation, is shown to have, or appears to have, an illness, open lesion, including boils, sores, or infected wounds, or any other abnormal source of microbial contamination by which there is a reasonable possibility of food, food-contact surfaces, or food-packaging materials becoming contaminated, must be excluded from any operations which may be expected to result in such contamination until the condition is corrected, unless conditions such as open lesions, boils, and infected wounds are adequately covered (e.g.,by an impermeable cover). Personnel must be instructed to report such health conditions to their supervisors.

4 (b) Cleanliness. All persons working in direct contact with food, food-contact surfaces, and food-packaging materials must conform to hygienic practices while on duty to the extent necessary to protect against allergen cross-contact and against contamination of food. The methods for maintaining cleanliness include:

5 117.20 Plant and grounds.

6 (a) Grounds. The grounds about a food plant under the control of the operator must be kept in a condition that will protect against the contamination of food. The methods for adequate maintenance of grounds must include:

7 (b) Plant construction and design. The plant must be suitable in size, construction, and design to facilitate maintenance and sanitary operations for food-production purposes (i.e., manufacturing, processing, packing, and holding). The plant must:

8 117.35 Sanitary operaOons.

9

(a) General maintenance. Buildings, fixtures, and other physical faciliOes of the plant must be maintained in a clean and sanitary condiOon and must be kept in repair adequate to prevent food from becoming adulterated. Cleaning and saniOzing of utensils and equipment must be conducted in a manner that protects against allergen cross-‐contact and against contaminaOon of food, food-‐contact surfaces, or food-‐packaging materials.

10 (b) Substances used in cleaning and saniOzing; storage of toxic materials.

11

(c) Pest control. Pests must not be allowed in any area of a food plant.Guard, guide, or pest-‐detecOng dogs may be allowed in some areas of a plant if the presence of the dogs is unlikely to result in contaminaOon of food, food-‐contact surfaces, or food-‐packaging materials. EffecOve measures must be taken to exclude pests from the manufacturing, processing, packing, and holding areas and to protect against the contaminaOon of food on the premises by pests. The use of pesOcides to control pests in the plant is permiked only under precauOons and restricOons that will protect against the contaminaOon of food, food-‐contact surfaces, and food-‐packaging materials.

High Level Requirements

FSMA Requirements Ideal DSM

Planning Opera.ng Monitoring Documen.ng Re-‐planning

1 2 3 4 5 6 7 8 9 10

Planning •  1 •  2

OperaOng •  3 •  4

Monitoring •  5 •  6

DocumenOng •  7 •  8

Re-‐planning •  9 •  10


Food Safety ModernizaOon Act: GMP Requirements DSM

35

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

1

2

3 1

4

5 1

6

7 1 1 1 1 1 1 1

8

9 1 1 1 1

10 1 1

11 1 1 1 1 1 1

12 1 1 1 1

13 1 1 1

14 1 1 1

15

16 1

17 1

18 1

19 1 1 1

20 1 1 1

21 1 1 1

22 1

23

24 1 1 1

25 1 1

26 1 1

27

28 1

29 1

30

31

32

33

34

35

36 1 1 1

ParOOoned DSM

32

3 5 16 24 28 14 25 26 29 21 12 13 11 7 9 17 18 19 20 10 22 36 4 6 30

3 1

5 1

16 1

24 1 1 1

28 1

14 1 1 1

25 1 1

26 1 1

29 1

21 1 1 1

12 1 1 1 1

13 1 1 1

11 1 1 1 1 1 1

7 1 1 1 1 1 1 1

9 1 1 1 1

17

18 1

19 1 1 1

20 1 1 1

10 1 1

22 1

36 1 1 1

4

6

30

Equipment and Facility Design

Sanita.on Capabili.es

Plant Design Maintenance

Summary

•  System Engineering Methods – STAMP – Object Process Modeling – Design Structure Matrix

•  More Info? Interested in parOcipaOng in research? – [email protected]


ilp system engineering approach to food safety

Documents