ILP System Engineering Approach to Food Safety
-
Upload
john-helferich -
Category
Documents
-
view
254 -
download
2
Transcript of ILP System Engineering Approach to Food Safety
A System Engineering Approach to Food Safety
John Helferich PhD Candidate IDSS
Prof John Carroll, Advisor ILP R&D Conference – Food Track
11/18/15
Safe Food Lab
Outline • Context – US Food System: Pressures – Food Safety: MoOvaOon to study
• System Engineering: Can it create new insights on management of food safety?
• Analysis of Food Safety Management System (FSMS) – System TheoreOc Accident Modeling Process (STAMP)* – Object Process Modeling (OPM) – Design Structure Matrix (DSM)
* My research focus © John Helferich 2015 2
US Food System Historical PerspecOve
Local
Regional to Na.onal to Global
Pre Civil War Today 1970s © John Helferich 2015 3
Pressures on the Food System Today
Factory, Global Farm, Global
ArOsanal, Local Farm, Local
New Food System TradiOonal Food System
© John Helferich 2015 4
Local to Glob
al
Farm to Factory Industrial to ArOsanal
Food System Issues • Food Safety -‐ illness and injury caused by micro-‐organisms,
allergens, or foreign material
• Food Security -‐ lack of nutriOous food due to affordability and availability
• Food Defense – protecOon against intenOonal contaminaOon
• Food Sustainability – methods of producOon considering economics, environment and social perspecOves
• Food JusOce -‐ ?????
• Others – Obesity, GMOs, …
© John Helferich 2015 5
Societal Impacts of Food Safety • On people1
– 3000 deaths per year: ~ 20 plane crashes per year – 300,000 hospitalizaOons – 48 Million illnesses: One out of 6 people in the US annually
• On the Economy2 – Direct -‐ $15 billion – Indirect -‐ $152 billion – Loss of confidence in food system
• On Firms – ReputaOonal damage: Chipotle -‐> 27% point drop in consumer percepOon3 – Costs: Kellogg’s $70mm charge from PCA Salmonella in peanut buker – Jail Time: Stewart Parnell, PCA, sentenced to 28 years
1 CDC, 2011 2 Pew FoundaOon, 2011 3 YouGov BrandIndex Survey, 11/13/15
© John Helferich 2015 6
System Engineering
• Systems Engineering is an engineering discipline whose responsibility is creaOng and execuOng an interdisciplinary process to ensure that the customer and stakeholder's needs are saOsfied in a high quality, trustworthy, cost efficient and schedule compliant manner throughout a system's enOre life cycle.
INCOSE Handbook © John Helferich 2015 7
Food System High Level Requirements
• Food shall be: – Safe, – Affordable, – Available, – NutriOous, – Palatable, – And, increasingly, Produced Sustainably
• Safe -‐ Food shall not contain pathogens at point of consump.on
© John Helferich 2015 8
How the food system controls pathogens
Control the producOon environment
Control bacteria or bacterial growth by killing or chilling
© John Helferich 2015 9
US Food Safety Management System
© John Helferich 2015 10
Good Agricultural PracOces (GAP)
Good Manufacturing
PracOces (cGMP)
Good DistribuOon and Retail PracOces Good Food
Service PracOces (ServSafe)
Consumer PracOces
Hazard Analysis and CriOcal Control Points
HACCP à HARPC
“Prerequisite Programs”
Farm Factory DistribuOon ConsumpOon
System Boundary
Control the producOon environment
Control bacteria or bacterial growth by killing or chilling
System Engineering Models and Methods applied to Food Safety Management System
• FSMS: A New Accident Model Approach – System Theore.c Accident Modeling Process (STAMP)
• FSMS: System Architecture – Object Process Modeling (OPM)
• FSMS: RegulaOon Analysis – Design Structure Matrix (DSM)
© John Helferich 2015 12
System Approach to Safety Safety as a Control Problem
© John Helferich 2015 13
Prof Nancy Leveson Course 16 NAE Safety as a control problem, not a reliability problem IniOal Problem • How to ensure souware is safe Now expanded to many other domains • AviaOon • Space • Auto • Nuclear • Cybersecurity • Food
Historical Approaches to Accident CausaOon
© John Helferich 2015 14
Domino Model Heinrich 1920’s
Swiss Cheese Model Reason 1990
Architectures of Safety Systems
Defense in Depth High Component Reliability
© John Helferich 2015 15
But what about component interacOons? (i.e. complex or emergent behavior)
Both components are highly reliable, but in an unsafe state © John Helferich 2015 16
Senior Manager
Operators
Prevention of Ingress of Pathogens
Food Safety Leader
Operations Manager
Regulator(Public and Private)
Food Firm Owner
MentalModel
DecisionRules
Food Hazard Control Structure
FeedbackResource Requests
Pathogen Control Results
ProceduresResources
PoliciesStandardsResources
ResultsRecommendations
Senior Manager
Operators
Prevention of Ingress of Pathogens
Food Safety Leader
Operations Manager
Regulator(Public and Private)
Food Firm Owner
MentalModel
DecisionRules
Food Hazard Control Structure
FeedbackResource Requests
Pathogen Control Results
ProceduresResources
PoliciesStandardsResources
ResultsRecommendations
How can we strengthen system control to prevent driu into unsafe state?
STAMP
© John Helferich 2015 17
STAMP: How the high level safety requirement is controlled
© John Helferich 2015 18
Senior Manager
Operators
Prevention of Ingress of Pathogens
Food Safety Leader
Operations Manager
MentalModel
DecisionRules
Senior Manager Control Loop
External Input
Senior Manager
Operators
Prevention of Ingress of Pathogens
Food Safety Leader
Operations Manager
Regulator(Public and Private)
Food Firm Owner
MentalModel
DecisionRules
Food Hazard Control Structure
FeedbackResource Requests
Pathogen Control Results
ProceduresResources
PoliciesStandardsResources
ResultsRecommendations
© John Helferich 2015 19
My Research
Senior Manager
Operators
Prevention of Ingress of Pathogens
Food Safety Leader
Operations Manager
MentalModel
DecisionRules
Senior Manager Control Loop
External Input
© John Helferich 2015 20
My Research
My Research QuesOons 1. How do food safety decisions get made under the real condiOons
of low frequency-‐high consequences in a listeria prone environment? (Study 1) 1. Food Safety Subject Maker Expert (FS SME) PerspecOve 2. Decision Maker (DM) PerspecOve
2. Based on Study 1, do we see evidence of “behavioral” decision making? What are the decision making styles of DM?
3. Can we “nudge” the decision-‐making process to improve incidence of good food safety decision making by inducing regulatory fit between SME proposal style and the decision making style of the DM? (Study 2)
Research Plan
• Study 1 – Interviews of pairs of Decision Makers/Food Safety SME
– How are Food Safety Decisions made? – Looking for several more firms for interviews
• Study 2 – Can we “nudge” managers to make beker decisions? – Priming PrevenOon vs PromoOon OrientaOon
© John Helferich 2015 22
Subjects(FS DM)
Promotion Primed
Prevention Primed
RandomAssignment
Promotion Fit Proposal
Prevention Fit Proposal
Promotion Fit Proposal
Prevention Fit Proposal
ALikelihood of
Approval
BLikelihood of
Approval
CLikelihood of
Approval
DLikelihood of
Approval
RandomAssignment
RandomAssignment
Check for Regulatory Fit
Check for Regulatory Fit
Check for Regulatory Fit
Check for Regulatory Fit
Predictions
1. Likelihood: A,D > B,C
2. Likelihood: D>A
3. Regulatory Fit: A,D > B,C
Study 2: “Nudging” through inducing regulatory fit
Looking for Decision Makers to par.cipate, short survey
System Engineering Models and Methods applied to Food Safety Management System
• FSMS: A New Accident Model Approach – System TheoreOc Accident Modeling Process (STAMP)
• FSMS: System Architecture – Object Process Modeling (OPM)
• FSMS: RegulaOon Analysis – Design Structure Matrix (DSM)
© John Helferich 2015 24
System Architecture
© John Helferich 2015 25
Dr Bruce Cameron Director, System Architecture Lab Lecturer in Engineering Systems Prof Edward Crawley Course 16, MIT President, Skolkovo InsOtute of Science and Technology, Moscow Defining and Analyzing System Architecture leading to beker designs
System Architecture The embodiment of concept, and the allocaOon of funcOon to elements of form, and defini.on of rela.onships among the elements and with the surrounding context.
© John Helferich 2015 26
Modeling System Architectures Object Process Modeling Language*
Food SterilizaOon (Canning)
Architectures of food preservaOon
Food Freezing
Object Process
28 * Prof Dov Dori, Technion -‐ Israel InsOtute of Technology
To prevent presence of pathogens in food by controlling pathogen ingress using validated control processes
Preventing Ingress
Pathogen
Out In
Maintaining
Certifying
Training
Building Envelope
Closed Open
Raw Materials
Tested Nottested
Personnel
Trained Not Trained
Controlling Presence
Sanitizing
Plant Environment
Clean NotClean
Equipment
Clean NotClean
Pathogen
Out In
Food(Microbiology)
Stable Not Stable
Stabilization
Heating
Chilling
Freezing
Irradiation
Level 1 Level 2 Level 3
OPD of Food Safety Control System
© John Helferich 2015 29
System Engineering Models and Methods applied to Food Safety Management System
• FSMS: A New Accident Model Approach – System TheoreOc Accident Modeling Process (STAMP)
• FSMS: System Architecture – Object Process Modeling (OPM)
• FSMS: Regula.on Analysis – Design Structure Matrix (DSM)
© John Helferich 2015 30
Design Structure Matrix
© John Helferich 2015 31
Prof Steven Eppinger, Sloan Wide applicaOons to many systems • Products
• OrganizaOons
• Projects • RegulaOons
Design Structure Matrix
• Requirements • Food shall be …
1. Safe 2. Affordable 3. Available 4. NutriOous 5. Palatable 6. Sustainable
1 2 3 4 5 6
1 -‐ X X X
2 -‐ X X
3 X X -‐
4 -‐ X
5 X X -‐
6 X X -‐
NxN Matrix Connected Requirements
DSM
© John Helferich 2015 32
FSMA GMP Rules: 21 CFR 117
© John Helferich 2015 33
1 117.10 Personnel. 2 The management of the establishment must take reasonable measures and precautions to ensure the following:
3
(a) Disease control. Any person who, by medical examination or supervisory observation, is shown to have, or appears to have, an illness, open lesion, including boils, sores, or infected wounds, or any other abnormal source of microbial contamination by which there is a reasonable possibility of food, food-contact surfaces, or food-packaging materials becoming contaminated, must be excluded from any operations which may be expected to result in such contamination until the condition is corrected, unless conditions such as open lesions, boils, and infected wounds are adequately covered (e.g.,by an impermeable cover). Personnel must be instructed to report such health conditions to their supervisors.
4 (b) Cleanliness. All persons working in direct contact with food, food-contact surfaces, and food-packaging materials must conform to hygienic practices while on duty to the extent necessary to protect against allergen cross-contact and against contamination of food. The methods for maintaining cleanliness include:
5 117.20 Plant and grounds.
6 (a) Grounds. The grounds about a food plant under the control of the operator must be kept in a condition that will protect against the contamination of food. The methods for adequate maintenance of grounds must include:
7 (b) Plant construction and design. The plant must be suitable in size, construction, and design to facilitate maintenance and sanitary operations for food-production purposes (i.e., manufacturing, processing, packing, and holding). The plant must:
8 117.35 Sanitary operaOons.
9
(a) General maintenance. Buildings, fixtures, and other physical faciliOes of the plant must be maintained in a clean and sanitary condiOon and must be kept in repair adequate to prevent food from becoming adulterated. Cleaning and saniOzing of utensils and equipment must be conducted in a manner that protects against allergen cross-‐contact and against contaminaOon of food, food-‐contact surfaces, or food-‐packaging materials.
10 (b) Substances used in cleaning and saniOzing; storage of toxic materials.
11
(c) Pest control. Pests must not be allowed in any area of a food plant.Guard, guide, or pest-‐detecOng dogs may be allowed in some areas of a plant if the presence of the dogs is unlikely to result in contaminaOon of food, food-‐contact surfaces, or food-‐packaging materials. EffecOve measures must be taken to exclude pests from the manufacturing, processing, packing, and holding areas and to protect against the contaminaOon of food on the premises by pests. The use of pesOcides to control pests in the plant is permiked only under precauOons and restricOons that will protect against the contaminaOon of food, food-‐contact surfaces, and food-‐packaging materials.
High Level Requirements
FSMA Requirements Ideal DSM
Planning Opera.ng Monitoring Documen.ng Re-‐planning
1 2 3 4 5 6 7 8 9 10
Planning • 1 • 2
OperaOng • 3 • 4
Monitoring • 5 • 6
DocumenOng • 7 • 8
Re-‐planning • 9 • 10
© John Helferich 2015 34
Food Safety ModernizaOon Act: GMP Requirements DSM
35
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
1
2
3 1
4
5 1
6
7 1 1 1 1 1 1 1
8
9 1 1 1 1
10 1 1
11 1 1 1 1 1 1
12 1 1 1 1
13 1 1 1
14 1 1 1
15
16 1
17 1
18 1
19 1 1 1
20 1 1 1
21 1 1 1
22 1
23
24 1 1 1
25 1 1
26 1 1
27
28 1
29 1
30
31
32
33
34
35
36 1 1 1
ParOOoned DSM
32
3 5 16 24 28 14 25 26 29 21 12 13 11 7 9 17 18 19 20 10 22 36 4 6 30
3 1
5 1
16 1
24 1 1 1
28 1
14 1 1 1
25 1 1
26 1 1
29 1
21 1 1 1
12 1 1 1 1
13 1 1 1
11 1 1 1 1 1 1
7 1 1 1 1 1 1 1
9 1 1 1 1
17
18 1
19 1 1 1
20 1 1 1
10 1 1
22 1
36 1 1 1
4
6
30
Equipment and Facility Design
Sanita.on Capabili.es
Plant Design Maintenance
Summary
• System Engineering Methods – STAMP – Object Process Modeling – Design Structure Matrix
• More Info? Interested in parOcipaOng in research? – [email protected]
© John Helferich 2015 37