Food Safety Plan (FSP) – Hazard Analysis, Preventive Controls, and Defensible Evidence

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • FSMA Preventive Controls • Risk Management & Documentation

A Food Safety Plan (FSP) is the written, risk-based program that identifies hazards that are reasonably likely to occur in human food and establishes the preventive controls, monitoring, corrective actions, verification activities, and records needed to ensure the product is manufactured, packed, and held under conditions that provide reasonable assurance of safety. While good manufacturing practices keep processes capable and clean, and while environmental monitoring and statistical control limits (SPC) watch for drift, the FSP is the codified argument that hazards have been understood, control points are effective, and the plant can prove conformity lot by lot. It is not a binder of generic SOPs; it is a living risk case that ties process knowledge, supplier oversight, sanitation, allergen control, and recall readiness into a single, reviewable structure governed by Document Control and supported by contemporaneous, attributable records per Data Integrity and ALCOA+.

At a practical level, an FSP starts with a thorough hazard analysis that is specific to ingredients, formulations, equipment, and packaging configurations used on given lines and shifts. Team members evaluate biological, chemical (including allergens, residues, and unapproved additives), and physical hazards; assess severity and likelihood; and determine which hazards require preventive controls beyond baseline GMPs. For each selected control—process, food allergen, sanitation, supplier, or recall/traceability—the plan defines scientifically sound parameters and the means to achieve and hold them. It also defines how the facility will monitor the parameters at the cadence needed to catch failure quickly, what happens when limits are missed (containment, evaluation, and product disposition), how verification and validation prove the control is effective and sustained, and how reanalysis is triggered by new hazards, process changes, or data trends. An FSP is complete only when the records associated with monitoring, verification, corrective action, and reanalysis are retrievable, tied to the version-in-force of each master procedure, and robust against post hoc editing.

“A convincing Food Safety Plan doesn’t just say the process is safe—it shows, shift by shift, that the right limits were applied, the right data were captured, and nonconforming product was contained before it became a customer’s problem.”

1) What It Is

An FSP is a structured set of documents and records that together constitute a risk-based food safety system. The plan names responsible individuals, defines the scope (products, processes, and facilities covered), and provides traceable references to the scientific basis used to select limits and interventions. It includes a current process flow diagram; the hazard analysis by step and ingredient; a list of preventive controls and the parameters they must meet; detailed monitoring procedures; corrective action decision trees including product evaluation and segregation; verification activities (calibration, review, environmental and product testing, internal audit); validation studies where needed to show controls can indeed achieve the intended outcomes; a recall plan that is rehearsed and practical; and a data retention policy that preserves readability, metadata, and audit trails for the required period. Plans are reviewed at least every three years, and sooner when there are changes in ingredients, suppliers, equipment, packaging, intended users, or new information about hazards.

2) Regulatory Anchors & Scope

In the United States, the FSP concept is anchored in the Preventive Controls for Human Food rule, 21 CFR 117. Facilities subject to the rule must prepare and implement a food safety plan written or overseen by a qualified individual. The rule distinguishes between preventive controls that require written procedures and records, and prerequisites like GMPs that are foundational but may not be designated as controls unless needed to manage a specific hazard. It emphasises supplier controls when hazards are managed upstream, including supplier approval, verification activities based on risk (on-site audits, sampling/testing, review of records), and receiving procedures to ensure only approved lots enter production. For dietary supplements, 21 CFR 111 imposes related but distinct obligations. When records are electronic, expectations about identity, e-signatures, audit trails, and time-synchronised, validated archival align with 21 CFR Part 11. While global jurisdictions vary in terminology, the core logic—hazard analysis, effective controls, evidence—remains consistent and maps readily to private standards used by retailers and brands.

3) Hazard Analysis: From Ingredients to Packaging & People

An effective hazard analysis moves beyond generic lists and asks where this particular product, on this line, could acquire a risky attribute that would persist to consumer use. Teams consider raw material risks (e.g., pathogens in agricultural inputs, undeclared allergens from shared suppliers, economically motivated adulteration of high-value powders), processing risks (e.g., survival due to inadequate thermal lethality, cross-contact during changeovers, chemical residues from cleaning agents), packaging and labelling risks (e.g., art/template mix-ups, migration from materials), and distribution risks (e.g., temperature abuse that drives growth). Personnel and culture are evaluated as enabling conditions for error or misuse, tying into training and supervision plans under controlled documents. The analysis is documented step-by-step with severity and likelihood scoring, justification for whether a preventive control is needed, and identification of where monitoring will provide the fastest signal of loss of control.

4) Types of Preventive Controls

Process controls are parameters applied during manufacturing—time/temperature profiles, pH/aw, cook or kill steps, metal detection thresholds, filtration integrity, or hold times—that prevent or significantly minimise hazards. They require defined limits, statistical control or alarms, calibration, and device-level data capture. Food allergen controls cover correct labelling, segregation, and changeover cleaning with validated verification (e.g., rapid allergen swabs) and label management from master art to print/apply. Sanitation controls include validated cleaning and sanitation standard operating procedures, pre-op inspections, and targeted environmental swabbing for indicator organisms. Supplier controls place verified responsibilities on approved suppliers with incoming checks to ensure only acceptable lots (identity, CoA, seals) are received—linking directly to Component Release and Dock-to-Stock. Finally, recall/traceability controls ensure that if something goes wrong, the firm can identify affected lots rapidly via Batch Genealogy, notify customers, and remove product from commerce, with verification through mock recalls and time-to-trace metrics.

5) Monitoring: Cadence, Capability, and Human Factors

Monitoring captures whether a parameter met its limit at the right time and place. The FSP specifies who monitors, what is measured or checked, how it is measured (instrument, method), when and how often, where results are recorded, and what happens when results are out of limit. For device-read parameters, direct electronic capture reduces transcription risk and supports audit trail review; for manual checks, Dual Verification and enforced reason codes for overrides improve reliability. Monitoring should be designed to signal before unsafe product is created; where that is not feasible, the FSP clarifies the sampling plans and product evaluation steps needed to make defensible disposition decisions.

6) Corrective Actions & Product Evaluation

When monitoring shows loss of control or an unknown state, the plan triggers immediate containment: isolate affected lots via Bin / Location moves and status changes; block release; and preserve evidence. The FSP defines decision logic for evaluation (additional testing, risk assessment) and disposition (rework, reject, or use-as-is with justification). For label issues, scan-back mismatches or template errors are handled before shipment; for allergen changeovers, verification failures hold the line until re-cleaning passes. Complex events are escalated through Deviation/NC and linked to CAPA where root causes show systemic gaps (training, method clarity, equipment capability). Corrective actions are specific, time-bound, and subject to effectiveness checks to confirm recurrence drops to acceptable levels.

7) Verification, Validation, & Reanalysis

Verification demonstrates that the plan is being followed and remains in control: calibration records, review of monitoring logs, environmental swab trends, CoA checks against specifications, and internal audits. Validation is evidence that the control, when implemented as specified, can effectively manage the hazard (e.g., thermal lethality studies, cleaning validation swab data, scale capability studies, label control failure-mode testing). Reanalysis is triggered by significant changes—new ingredients, process modifications, complaints or recalls, repeated deviations, or shifts in scientific understanding—and at defined periodic intervals. The reanalysis updates hazard decisions, control limits, sampling plans, and training needs; it also ensures that linked systems (labels, eBMR/eMMR, WMS) reflect the revised master via Change Control.

8) Records & Data Integrity

Records make the plan defensible. They must show who performed each activity, with what instrument or method, at what time, for which order/lot, and with what result—plus what happened when results were not acceptable. Electronic records should ensure unique user identity, time-synchronised entries, role-based access, and immutable audit trails; paper records should be controlled copies with legible, contemporaneous entries and no unapproved obliteration. Version control is critical: monitoring forms and label templates must trace to the master version in force at the time. Retention aligns to company policy and regulatory expectations, with validated migration or archival to preserve context and metadata. Retrieval time matters: firms should be able to render a full set of monitoring, verification, and disposition records for a lot within minutes during an inspection or recall drill.

9) How This Fits with V5

V5 by SG Systems Global turns the Food Safety Plan from a static document into day-to-day behaviour. In V5 MES, preventive controls become executable steps: parameters and acceptance criteria from the master are enforced at runtime; device integrations capture primary data; Dual Verification gates high-impact actions; and exceptions open Deviation/NC with photographs and reason codes. In V5 WMS, Directed Picking, FEFO/FIFO rotation, Bin / Location rules, and Barcode Validation ensure the correct, released lots move to the right place at the right time; suspect lots are quarantined through Component Release. In V5 QMS, the plan itself—hazard analysis, validation evidence, monitoring procedures, verification schedules, and the recall plan—lives under Document Control with training assignments and periodic review. eBMR/eMMR link each lot’s data, signatures, and genealogy so QA can review by exception and hold Batch Release until all preventive controls show compliant results. Analytics trend process capability, deviation categories, and verification completion; APR/PQR-style summaries pull directly from the execution record so leadership sees control effectiveness rather than anecdotes.

10) FAQ

Q1. How is an FSP different from HACCP?
HACCP focuses on critical control points and is historically process- and hazard-centric. FSMA’s FSP retains that logic but broadens it to include allergen, sanitation, and supplier controls, along with verification/validation and recall planning, all under a documented, periodically reanalysed system.

Q2. When is validation required versus verification only?
Validation is needed when scientific evidence is required to show a control can achieve its intended outcome (e.g., thermal lethality, cleaning effectiveness, filtration integrity). Verification confirms the plan is followed and remains in control (calibration, record review, environmental results).

Q3. What proves supplier controls are effective?
A documented approval program tied to risk, on-site audits or equivalent verification for high-risk hazards, defined receiving checks, evaluation of supplier CoAs, and a feedback loop where supplier performance trends drive re-approval or intensified oversight.

Q4. How should corrective actions be structured?
Specify immediate containment (status change and segregation), evaluation criteria (testing, risk assessment), disposition rules, root cause analysis where patterns appear, and effectiveness checks. Link these to CAPA when systemic.

Q5. How often must the FSP be reanalysed?
At least every three years, and sooner when significant changes occur (new ingredients, equipment, packaging, intended use), when deviations or complaints indicate a new hazard, or when new scientific information emerges. Reanalysis should propagate to masters via Change Control and retraining before effective dates.

Related Reading
• Foundations & Governance: Document Control | Change Control | Audit Trail (GxP) | Data Integrity
• Execution & Records: Electronic Batch Record (eBMR) | eMMR | Barcode Validation | Batch Genealogy | Batch Release
• Risk & Monitoring: Control Limits (SPC) | Environmental Monitoring (EM) | CAPA | 21 CFR Part 117 | 21 CFR Part 111