July 2019



Cyber Safety: Learn to Secure Your Data

If Disaster Strikes, What’s Your Emergency Plan?

Wildwood Pools, Inc.

Lessons to be Learned from an Anything-But-Typical Recall

Marijuana Edibles and Cross-Contamination Risks

How to Manager your Growers: FSMA Produce Safety Rules for Processors

Review: Terra Coffee

Review: Tacos Lucha

Minnick & Cleveland: James G. Parker Insurance Associates


Thank you for checking out the July edition of WCIS magazine. This quarter we are excited to focus exclusively on various ways to keep your business safe. This is an extremely important topic because, as business leaders, we are responsible for our company’s success, which includes the health and wellbeing of many stakeholders including employees, vendors, investors, and clients. It is far too easy to overlook safety issues until something goes wrong, but our goal is to help you identify some ways you can nurture safety throughout your business before there is an issue.

In this issue, you will find articles and profiles to help you navigate cyber security, financial risk management, disaster preparation, and food safety. We have consulted with local and national experts to create brief, but thorough introductions to each topic; and we have included references to help you dig more deeply into the issues you think will best benefit your business.

WCIS is also gearing up for its safety and maintenance expo, which will be held in Clovis, CA on October 22, 2019. We will feature speakers who can provide more information on these safety topics, including a session on Valley Fever that fulfills the regulatory requirement for AB 203,  effective January 2020. In addition, we will have over 40 vendors ready to help you make your business safer and more efficient. You can visit our website for more information. We hope to see you there!

Cyber Safety: Learn to Secure Your Data
By Sheri McClure

Technology is now a major aspect of virtually every business. From scheduling to recordkeeping, bookkeeping to social networking, we keep an increasingly large amount of data on our devices and networks, and on the cloud. There are many advantages to these digital solutions, but we must also be cautious of what we store and how we protect it. I sat down with two local experts to learn about the biggest cyber threats businesses today are facing, and what steps we can take to protect ourselves.

Jesse Gibson is Vice President and Partner of M3Cubed Technologies, which has been helping to protect Central Valley computer networks since 2012. Jesse joined the company in its first year and has moved from dispatch to manager, and now to partner. 

Kip Haroldsen is CEO of Unity IT: Information Technology Services. Kip and his wife Karen began the business in 2003, and they continue to provide IT support for approximately 270 Central Valley businesses.

Data breaches are happening in many big businesses—companies who should have better protection practices in place. The most recent example in the US is Facebook, which had over 540 million accounts compromised this year (List). Marriott was hit in 2018 and 500 million clients were affected (Armerding). And millions of people have been affected each year for many years prior. But don’t give up hope. Jesse, Kip, and many other experts  agree that there are four primary areas that businesses should be aware of regarding cyber security.


Cyber attacks through email are the most prevalent. Jesse warns that 90% of all attacks occur this way. Emails come into business accounts and they look like they are internal or from trusted contacts. They may even mimic your cellular provider or favorite retailer, but they are actually a phishing scheme designed to get your information. Many of these false emails will include company logos and be formatted just like official communication; but if you were to click on the sender’s address, you will find a very different looking email address leading to a fraudulent sender. 

Websites can also be fraudulent. They impersonate legitimate websites, and they will often have all of the typical features; however, they are only there to get your login credentials. You are prompted to enter your username and password to access your account or claim a discount or free product, but then nothing appears to happen. Why? Because all they wanted was your information, which they can now use to hack into your accounts.

Weak Passwords

It can be hard to keep track of our passwords, but weak passwords make it incredibly easy for other people to access your information. Avoid using information that would be easy for people to find online, like your address, date of birth, or pet’s name. And please do not use consecutive numbers, like 12345. Do not share your passwords with others, and do not leave passwords in easily accessible places, including in the cloud. If someone gets access to your cloud database of passwords, they now have access to all of your–and potentially your coworker’s–information. 

Exposed Systems

If you have a computer, you need to have perimeter protection. If you do not have antivirus, a fire wall, or anti-malware, you are risking all of your and your client’s information. 

Outdated Settings

We are often in a hurry to get our software and profiles set up, so we do not pay enough attention to our settings. Or we set things up and never update them as our lives, responsibilities, and businesses grow. Companies also change their policies over time, which can leave more of your information exposed. It is important to revisit your privacy settings regularly in order to keep your information secure.

These risks may sound scary, and you should definitely take them seriously. However, there are ways to strengthen your cyber security. 

Multi-factor Authentication

The number one suggestion I have seen from virtually every expert in this field is to implement multi-factor authentication whenever possible. Yes, it may be frustrating to have to enter a password and then get an additional code through your cell phone, but it truly reduces risk. Set it up whenever possible.


The best way you can help your employees avoid email and website fraud is through training and clear policies. No doubt you have people with a variety of comfort and skill with technology. Do not assume that they can tell the difference between a real and fraudulent email because scams can be very convincing. They are not all coming from supposed Arabian princes asking for wired money. Teach your employees to create passwords that are at least 12 characters and that involve letters, caps, numbers, and symbols.

Institute a policy regarding how often passwords must be changed, and who will reset passwords after an employee has left the company. You do not need to have a master file of everyone’s passwords. In fact, please don’t. With administrative settings, you can reset anyone’s password once they leave. Implement these policies and then provide periodic training and reminders. Passwords might seem trivial, but they are the main gate between outsiders and your private information.

Physical and Virtual Protection

Install antivirus and malware software. Then, make sure you have a firewall. Kip explained a firewall as a “hardware appliance that sits between the Internet connection and everything else on the network. It decides what is okay – what is coming in and going out.” Kip also recommends going with a single vendor for your firewall, encryption services, and malware software. The older school of thought was to go with whichever products had slight advantages, but when you utilize a single vendor they can watch your business through various access points and follow up when suspicious activity is detected. 

These three steps can help safeguard you, your employees, and your clients. The bottom line is to be proactive about your cyber security. It is much easier to be preventative than to recover from a massive data breach. But if you feel overwhelmed and in need of help, there are experts like Kip and Jesse who will come out and give you a personalized assessment of your business’s needs. 


Aquino, Charles. (2018). The best ways to store your important financial documents. Retrieved from https://www.doughroller.net/tech/store-important-financial-documents/

Armerding, Taylor. (2018). The 18 biggest data breaches of the 21st century. Retrieved from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

Lists compromised this year. (2019). Retrieved from https://en.wikipedia.org/wiki/List_of_data_breaches

RSA Conference. (2019 March 7). The five most dangerous new attack techniques and how to counter them. [Video file.] Retrieve from https://www.youtube.com/watch?v=sibeN4U1fOg

If Disaster Strikes, What’s Your Emergency Plan?
By Martin McCann, LUTCF, ChFC &
Sheri McClure

Through August of 2018, Hawaiians had faced lava flows, hurricanes, and mudslides. Californians had coped with wildfires and mudslides. Southerners and Midwesterners had suffered torrential rains, high winds, and flash flooding, and Easterners had experienced bomb cyclones and massive flooding (Slocum, 2018).

No matter where you live or work, having an emergency plan is a good idea. Here are five steps that may help you recover more quickly if disaster strikes:

1. Make a plan and communicate it clearly. Knowing what to expect and how to respond can make a big difference when disaster strikes. Talk about the types of emergencies that may occur, and create a plan of action. It should include:

  •  An evacuation plan for each type of emergency,
  •  A post-evacuation meeting place for each type of emergency, and
  •  A communication plan.

New employees should always be briefed on your emergency plan. In addition, the IRS recommends updating these plans annually to keep up with changes in the business. Regularly communicate these changes and review the plan with all employees.

2. Make digital and cloud-based copies of all important documents. You no doubt keep all of your important personal and business documents safe. However, if all of your important documents are in a safe place, but that place becomes inaccessible, then recovering from an emergency may be quite challenging. An easy way to solve this problem is by making digital and cloud-based copies of all of your important documents, but you must be careful about where and how you store these documents.

The Federal Trade Commission (FTC) asks you to think about what is at stake if someone else gets access to a given document. If the risk is high, then your security should be tight. Only use password protected sites. Dual verification is preferred. Do not access private information on public wifi, and use encryption whenever possible. Look for the “lock” icon in your browser to ensure safe data transmission. And never share your password with others.

Some important personal and professional documents to secure are insurance policies, medical records, prescriptions, birth certificates, financial account statements, marriage licenses, divorce papers, Social Security cards, green cards, passports, divorce decrees, property records and titles, and tax documents. But again, be careful as you save these documents digitally. It is important that you are able to get access, but you also want to prevent others from accessing the documents.

3. Document valuables and business equipment. Document your property by taking pictures or videos. Capture images of every room in your home or business, as well as the contents of jewelry boxes, safes, and vaults. Keep records of all equipment on the property. Do not forget to include equipment that may be loaned out or that is transportable. 

Store the images off site. These images may be vital if you incur any property damage, but they are less sensitive than many of the documents listed above. Still, take precautions as you record and store these images.

4. Learn about FEMA regulations. When a large natural disaster strikes, Federal Emergency Management Association offers aid to those affected. However, there are many rules and regulations to follow in order to receive that aid. Jennifer Dowd of Kronos recommends using these buckets as you record expenses from the moment the emergency ends: 

  • “Flood Project Time
    • FEMA reimbursed; 100 FEMA codes
  • Direct Admin Time
    • FEMA reimbursed
  • Indirect Admin Time 
    • FEMA will give a bucket of money towards this, but doesn’t cover everything.

Even non-reimbursable costs are important to track so city/county leaders and citizens have a holistic view of the total impact of the event” (Dowd). You can view Homeland Security’s audit tips online for more details. (See reference below.) 

5. Understand the financial risks involved. You can never fully predict the financial, physical, or emotional impact of any disaster, but you can start to prepare for it. Consider the types of disasters that have happened in your geographic area. With those disasters in mind, do your best to address these seven key areas of financial preparedness recommended by insurance and federal claims specialists Allen Melton and Michael Speer:

  • Plan for business continuity: what services can your company reasonably provide after this disaster?  
  • Understand employee retention: how will your workforce be affected?
  • Understand and mitigate costs: what financial losses can you predict, including labor, equipment, and production loss?
  • Identify other potential sources of funding: what additional supports are available to you and your business? Consider “Federal Emergency Management Agency (FEMA) Public Assistance Program grants, U.S. Department of Housing and Urban Development Community Development Block Grant Disaster Recovery grants, and Federal Highway Administration disaster grants” (Melton & Speer).
  • Assess liquidity needs: what kinds of funds do you need to resume business? How and when can you get these funds?
  • Develop a loss response team: what internal and external resources are in place to help your business recover quickly?
  • Assess your insurance coverage: do you have the right insurance for where your business is now? 

Any disaster planning you can do in advance is beneficial, and there are experts in your area who can help when the task seems overwhelming. 

The time to prepare for a disaster is before it happens. If you would like to learn more about disaster preparedness or discuss ways to prepare financially for unexpected events, give us a call.

About the Authors:

Martin McCann is President of McCann Asset Management and is a financial advisor in Fresno CA. Check out the website: http://www.McCannAM.com for other articles and blog posts. Martin can be reached by phone: (559) 400-8710 and by email: Martin@McCannAM.com

Sheri McClure is Marketing Director of WCIS and is a doctoral candidate at Texas Tech University. She studies technologically mediated communication practices in medical and other professional contexts. You can find her digital portfolio at https://www.clippings.me/users/sherimcclure. 


Aquino, Charles. (2018). The best ways to store your important financial documents. Retrieved from https://www.doughroller.net/tech/store-important-financial-documents/

Audit tips for managing disaster-related project costs [PDF file]. Retrieved from https://www.oig.dhs.gov/sites/default/files/assets/2017/OIG-17-120-D-Sep17.pdf

Dowd, Jennifer. (2018). Emergency preparedness: Minimize the financial disaster after the disaster. Retrieved from https://www.governing.com/topics/workforce/Emergency-Preparedness-Minimize-the-Financial-Disaster-after-the-Disaster.html

FEMA preparedness checklist. (2017). Retrieved from https://www.fema.gov/preparedness-checklists-toolkits

How to keep your personal information secure. (2012). Retrieved from https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure

Melton, Allen, & Speer, Michael. (2017). The importance of financial disaster preparedness. Retrieved from http://www.rmmagazine.com/2017/05/01/the-importance-of-financial-disaster-preparedness/

Preparing for a disaster. (2019). Preparing for a disaster (taxpayers and businesses). Retrieved from https://www.irs.gov/businesses/small-businesses-self-employed/preparing-for-a-disaster-taxpayers-and-businesses

Slocum, Lauren. (2018). The worst natural disasters of 2018. Retrieved from https://www.ranker.com/list/worst-natural-disasters-2018/lauren-Slocum.

Wildwood Pools, Inc. & Aquatech

Greg Kearns is the Vice President of Wildwood Pools, Inc., which provides personal and commercial properties with customized water features, pools, and solar energy. It was clear that Greg is a regular at the local burger joint where we met for the interview, and he carried the same thoughtful and friendly demeanor he showed with the employees into our conversation. In fact, it took some prompting to get Greg to talk about himself and Wildwood. He seemed far more interested in learning about me, which is the mark of a good businessman who wants to understand his customer before suggesting products and services. 

James Cobb founded Wildwood Pools in 1972, and he hired Jeff, Greg’s brother, as a foreman. The brothers, who both have extensive experience in construction, worked for Cobb for years until Jeff bought the company in 1981. Although Greg took a brief hiatus to work in the computer industry, he returned in 1989 as the Vice President, and has been helping to grow this family business ever since. 

Wildwood serves commercial and residential customers throughout California and up the coast. You can find their commercial pools and spas in places like Fresno’s Grizzlies Stadium, Yosemite’s Tenaya Lodge, and Casa Palmero in Pebble Beach. And if you have visited the Fresno Air Terminal, North Pointe Shopping Center, or Downtown Fresno, you have probably seen their beautiful water features. What is most impressive is that Wildwood designs more than the water feature itself. They customize the landscaping, too. Greg explained that their vision is to provide customers with a fully turnkey package, including eco-friendly solar energy and full yard design, in addition to the customized pool or water feature.

One of the more recent additions to Wildwood is solar energy, and they provide far more than energy for heated pools. Customers who install SunPower solar panels can use the energy they harvest for whatever they would like; and the best part is that these systems are set up to store the energy, not just sell it back to big name energy providers. Greg explained that many of the solar panels installed now do not come with inverters, which are required in order for owners to store and use their own energy. Although these other units can be upgraded, those upgrades can be time consuming and expensive. Wildwood’s units, however, come equipped with an inserter and battery pack, which can be used to store energy gathered during low energy use periods, like during the day while residents are at work, and use it when the energy need is higher. The same system can be used by commercial customers who can use their stored solar energy to run generators during brownouts and to offset costs during times of peak energy consumption. 

Lessons to be Learned from an Anything -But-Typical Recall
The Acheson Group
Originally published 6 May 2019

Wheat fields harvesting. Shallow DOF. Developed from RAW; retouched with special care and attention; Small amount of grain added for best final impression. 16 bit Adobe RGB color profile.

On March 12, a recall notice was posted on the FDA website for two production lots of Pillsbury Unbleached All-Purpose Flour due to possible Salmonella contamination. While that may sound like a typical recall announcement, this recall was anything but typical. That’s because, although at least some grocery chains were notified of the recall by the parent company, Hometown Food Co., on March 8 – four days prior to FDA’s March 12 listing – the company did not submit it to FDA at that time.

Hometown Food did send FDA “a letter in reference to the recall,” according to an FSN article. So FDA was aware of the recall, but the agency’s standard procedure is that it only releases recall information upon receipt of a public recall notice from a company. Since it wasn’t until March 12 that FDA received the notice from Hometown Food, the agency could not post it until then.

The fine line between a “letter” and a “public notice” is the wording of the second – that is, it is to be a notice or press release that is publicly issued and submitted to FDA with all the information included in the Guidance for Industry: Product Recalls, Including Removals and Corrections. That guidance also recommends that the information be submitted “to your local FDA District Recall Coordinator as soon as possible after the decision to recall is made and the coordinator notified. It is recommended that you do not wait to submit this information until ALL applicable information is prepared and assembled prior to FDA notification. This ‘early’ notification will allow FDA the opportunity to review and comment on your written notification and to offer guidance and assistance in your recall process.” Again, FDA notes that early notification is simply for it to provide guidance and assistance, it never states that the public will be informed.

In fact, a boxed statement on FDA’s recall page for the flour, which is labeled as a “Company Announcement,” states “When a company announces a recall, market withdrawal, or safety alert, the FDA posts the company’s announcement as a public service.” Telling us, it seems, that the agency has no requirement to post these, but it is done for the benefit of the public.

Interestingly, a final guidance document also was issued earlier this year that seems to have passed largely unnoticed. That is, the February 2019 guidance on the use, content, and circumstances for the issuance of public warnings and public notifications for firm-initiated or FDA-requested recalls, “Public Warning and Notification of Recalls Under 21 C.F.R. Part 7, Subpart C, Guidance for Industry and FDA Staff.”

So what does all this mean to you?

It means that as recalls continue and FDA is being held more and more accountable to take swift action, there is ever more a sense of urgency in providing information to consumers on issues that could impact public health. It means that when things go wrong, you have to be on it very fast, know the level of risk, and make a fast decision on when to contact the regulators and what you propose to do about it. This means you have to be very prepared.

In my opinion, the number of recalls is going to continue to rise with the better use of molecular diagnostics and regulatory vigilance. So when that happens to you the goal is to come out the other side with an intact reputation and an intact brand. And having a member of the media (or social media) be the one to inform the public of your contaminated product certainly does not provide consumers with trust in your product or brand.

If someone were to fall ill – or worse – as a result of this contamination, it would not only further the media coverage and consumer distrust, it could be seen as a lack of due diligence to contain the impact. And with the DOJ’s increased focus on food safety and executive accountability, that’s the last thing a food company would want.

It also means that you need to have a good understanding of the recall process and FDA’s requirements. I don’t really know if Hometown Food thought the “letter” it sent to FDA fulfilled the requirements of a recall notice or if they just intended to send a notice at a later date. But large or small (and Hometown Food is quite large, having acquired the Pillsbury Shelf-Stable Baking Business, Hungry Jack Brand and other assets from The J.M. Smucker Company in September 2018), all food companies need to ensure they thoroughly understand and practice both the recall process and crisis response, and follow it with a sense of urgency for consumer (and brand!) protection.

About The Acheson Group (TAG)

Led by Former FDA Associate Commissioner for Foods Dr. David Acheson, TAG is a food safety consulting group that provides guidance and expertise worldwide for companies throughout the food supply chain. With in-depth industry knowledge combined with real-world experience, TAG’s team of food safety experts help companies more effectively mitigate risk, improve operational efficiencies, and ensure regulatory and standards compliance. www.AchesonGroup.com

Marijuana Edibles and Cross-Contamination Risks
Francine L. Shaw & Kimberly Stuck
Originally published in Total Food 10 August 2018

A close up of the marijuana farm industry. Beautiful macro and micro shots. Green house, outdoor, indoor plants. Harvesting cannabis, planting weed and more.

As marijuana is being legalized in certain states, people are using it in many forms, including edibles.

Unfortunately, food safety isn’t always top-of-mind when preparing marijuana edibles, and if proper protocols aren’t followed, consumers can get very ill.

Cross-contamination is usually something that most people associate with foods, but it is also a real risk in the cannabis industry. Improper handling of cannabis and other ingredients can make consumers seriously ill, can cost companies millions of dollars in lost product, and can ruin organizations’ reputations. Companies that are involved in the cannabis industry should be aware of potential risks of marijuana edibles and always follow proper protocols to mitigate the risk of cross contamination.

Cross-contamination can happen in a number of ways in cannabis facilities. When growing cannabis, there are often issues involving pests, molds, and bacteria. Arrange regular visits from a pest control agency to manage pests, such as mice and gnats. Mice love cannabis as much as humans do, and if they get into your facility they will not only eat your plants, but will also contaminate product with their urine and feces. Mice are known to frequently carry salmonella bacteria in their digestive tract, so salmonella can be easily spread through contact with rodent waste. This is true with marijuana edibles just as it is with other food products.

Mold can be an issue as cannabis grows.  Powdery mildew (PM) is non-toxic and doesn’t produce mycotoxins (any toxic substance produced by a fungus), but it’s unsightly and can sometimes negatively affect the yield of the plant. Sometimes PM is tracked in from other sources on employees’ clothing.  It can also come from contaminated grow houses. The flow of the facility is important to reduce or eliminate PM. Additionally, prevent employees from going into a contaminated room and then going into a non-contaminated room. This is essential to limiting PM/mold exposure.

Pesticides are a risk factor in contaminating product.  If employees bring in plants that have been treated with pesticides, it can cross-contaminate clean plants.  Test plants – and their facilities – to determine whether pesticides were used before bringing treated plants into your clean facility.  Outdoor grows also run the risk of “drifting pesticides”. Know what neighboring crops are being sprayed with, and when they’re being sprayed.  This can help prevent cross-contamination with your clean crops.

Contamination often takes place in processing/manufacturing facilities. Contaminates can include pesticides, heavy metals, and toxins (such as arsenic), found in the oil used in the production of marijuana edibles.  This kind of contamination is most frequently seen in terpenes, essential oils, and sometimes CBD oil. It’s essential to conduct proper testing, evaluating all ingredients used in production. All manufacturing facilities must be aware of the sources and suppliers for the ingredients used in production, and take steps to mitigate these issues. As with processing of the food we consume daily, tracking the supply chain for cannabis is extremely important.

Do not allow employees to work when they’re ill, as illnesses can contaminate product, equipment and facilities. Implementing an employee illness policy is the best way to prevent illness from contaminating your manufacturing facility. Insist that employees utilize single-use gloves. Preventing bare hand contact of any marijuana edibles is also a great way to prevent contamination. Human hands can be the dirtiest things in your facility, so have proper hand washing procedures and proper PPE plans in place, and ensure that all employees comply with these protocols. Since there are no personal hygiene/health regulations in place for the cannabis industry at this time, we would suggest following those recommended by the current Food and Drug Administration (FDA) Food Code. 

Setting up proper sanitization is a must to prevent bacterial growth and cross-contamination. As in food preparation facilities, it’s essential to have proper handwashing stations in cannabis facilities.  Have hot water, soap, single-use paper towels, and a trash at each hand sink. This promotes proper hygiene and assists with bacterial and mold spore elimination during hand washes.  Additionally, implement room sanitization after harvest, with mats in the entrance of rooms, and easily accessible sanitizer for tables and equipment.

Facilities should have designated areas for chemical storage. Improperly stored chemicals could possibly end up in the product, causing illness and even death in consumers. Train all employees to follow safe chemical storage protocols.

As with other types of cannabis facilities, dispensaries also deal with contamination. Often, dispensaries don’t properly clean bud jars between harvests. If a bud harvest is stored in a jar that has bacteria or mold contamination, and the jar isn’t cleaned/sanitized before the next clean bud is stocked, it can contaminate that next clean harvest, and the next, and the next. Having a proper cleaning and sanitation procedure can help prevent this form of cross-contamination. 

Don’t allow consumers or employees to touch cannabis items with their bare hands before purchasing or consuming product. This can easily cause the spread of bacteria to the product.

Proper protocols can save a business from recalls, consumer illnesses, and ruined reputations, ultimately leading to major profit losses and even the dissolution of the business.

The marijuana edibles business is not all that different from the food service industry. Consumers have the right to assume that the products they are purchasing are safe. It’s the manufacturer’s responsibility to do whatever it takes to ensure that it is.

Francine L. Shaw is President of Savvy Food Safety, Inc. which offers a robust roster of services, including consulting, food safety education, food safety inspections, crisis management training, writing norovirus policies for employees, writing norovirus clean-up procedures, curriculum development, responsible alcohol service training, and more. The Savvy Food Safety team has more than 100 combined years of industry experience in restaurants, casinos, and convenience stores and has helped numerous clients prevent foodborne illnesses. Francine has been featured as a food safety expert in numerous media outlets, including the Dr. Oz Show, the Huffington Post, iHeartRadio, Food Safety News, Food Management Magazine and Food Service Consultants Society International.  For more information, visit https://savvyfs.com 

Kimberley Stuck, cannabis compliance expert and Founder of Allay Consulting, was the first Marijuana Specialist in the nation. She’s done everything from conducting compliance inspections, license sign offs, running pesticide investigations, conducting recalls, conducting shelf stability and CBD source approvals.  For more information, visit http://allayconsulting.com/about/

How to Manage Your Growers: FSMA Produce Safety Rules for Processors
John Kimble
Originally published in Food Safety, FSMA 6 May 2019

Farmer doing quality control of his products

Let’s face it, all of our food comes from farms. When it comes to plant-based food there’s always a grower (or many growers!) involved. 

Here at Safe Food Alliance, we work to, help growers implement processes to ensure compliance with the FSMA Produce Safety rule (FSMA is the FDA’s “Food Safety Modernization Act”). Many of our customers are also processors who buy a raw agricultural commodity (‘RAC’) from growers, and are reevaluating how they “manage” these growers as part of their supplier approval/ supplier management program.

As it stands, if you are a processor that purchases directly from growers you should be considering a review of your company’s grower management programs, with the following objectives in mind:

  • Meeting FSMA regulatory requirements
  • Meeting your customer requirements and food safety audit requirements
  • Protecting your operation by reducing risk

Assessing Risk & Defining Controls

At the most basic level, any food processor should be making sure that their suppliers and the products purchased comply with current regulations and are safe. This includes packaging suppliers, ingredient suppliers, and raw materials like agricultural commodities. This doesn’t mean that you have to physically audit all of your suppliers; it doesn’t even mean that you have to get a copy of a third-party audit from all of them. Food safety is always based on risk, so as a processor, you need to determine the level of risk posed by the raw material, then based on that assessment determine what controls are needed.

If this sounds a lot like HACCP or Preventive Controls, that’s because it is. Based on your hazard analysis you determine what needs to be done to reduce risk and help ensure the safety of your products, and to ultimately protect the future of your company.

With produce, processors should always identify the risk of pathogens in their hazard analysis. Remember that any produce may bear this risk, since it’s grown outside. Additionally, there may be physical hazards that a company will have to contend with in its internal operations. Lastly, an assessment of likely chemical risks, such as pesticides, has to be done.

Evaluating Each Type of Risk


Products that are higher risk will require the highest level of verification to help minimize any risk. High-risk products might include anything such as  an annual crop grown directly on the ground, or anything eaten fresh without a processing step that would significantly reduce pathogens. Imported items may also bear a higher risk, depending on the country of origin and their local practices and regulations, and may need extra verification activities.

Examples: Leafy greens, fresh fruit, some imported items

Potential Controls: Third-party GAP audit, or full on-site review of programs conducted by your company. Confirm compliance with FSMA Produce Safety rule, as well as industry best practices, potentially to include review of growers’ records. Sampling and testing of product on a defined schedule will generally need to be conducted as well.


Tree crops or other items grown off the ground, and items with no history of past recalls.  Other factors to consider: local or domestically grown items, or crops over which the processor has direct oversight (vertically integrated companies) may have lower risk.

Examples: Dried fruit or other items with minimal past food safety issues, some tree nuts, items that are always heat treated or processed in some way prior to consumption. In some cases, these items may qualify for an exemption from FSMA (see below).

Potential Controls: Grower completes a questionnaire or your employee works with them to complete one; review of the grower’s food safety plan; short on-site visit to review practices / observe.

Exempt: There are a few exemptions built into the FSMA Produce Safety rule.  For these items, an exemption may be taken per the regulation, or they can be treated as low risk as outlined above.  These include: 

  1. Produce on the “rarely consumed raw” list
  2. Produce on individual consumption or on-farm consumption (not for sale)
  3. Produce the receives a commercial processing step which would significantly reduce pathogens

Examples: Tomatoes for paste or canning, peaches or olives for canning, California-grown almonds treated per the marketing order, wine grapes used for wine (not eaten).

Potential Controls: Documentation to demonstrate qualification for exemption.  This implicitly requires that the processing step be validated as a “kill step”, it can’t just be assumed that it is effective.

FDA’s Focus Areas for Risk Management in Produce

There are a few specific focus areas built into the rule, where the FDA and industry working groups have identified potential risks related to agricultural products. These are the focus areas of the Produce Safety rule that can be reviewed with growers you purchase from:

  1. Personnel training and qualification: This section is mainly focused on personal hygiene, harvesting activities, handling product, and relevant employee training.
  2. Agricultural water quality: The most controversial section, this one is still under review by FDA for discussion with the industry as they consider potential changes. Requires growers to establish and maintain a “microbial water quality profile”, utilizing specific test methods for generic E. coli.  Compliance dates for these requirements are delayed for a few more years.
  3. Soil amendments: Focuses mainly on soil amendments of animal origin, and controlling associated risks. This control can be achieved through treatment of those amendments, or timing of application of raw amendments well in advance of harvest.  No soil amendments should ever come into contact with the harvestable portion of the crop.
  4. Domesticated and wild animals: Requires monitoring for animal activity which may put product at risk, and taking appropriate actions if observed.
  5. Growing, harvesting, packing and holding activities: Focused on how activities are carried out related to product risk, such as handling practices.
  6. Equipment, tools, buildings, and sanitation for processing operations: Design and maintenance of equipment, tools and facilities; cleaning and sanitation; pest control; etc.

Low-Cost Training Available

If you are responsible for purchasing raw agricultural commodities, or handle the “grower relations” function, consider attending the official one-day produce safety course and become familiar with the requirements of the rule. After attending the course you’ll receive an official certificate from AFDO.  Safe Food Alliance currently offers this course in various locations at low cost this spring.

Review: Culture and Coffee: A Delightful Blend
Terra Coffee

I recently had the good fortune to visit Terra Coffee, located in downtown Stockton, CA. Although I enjoy the comfort and predictability of chain coffee shops, I also love exploring local spots when I travel. On this particular week, I had the opportunity to meet with a new business collaborator in a new spot, and I was not disappointed. 

Terra Coffee has a large corner location at Market and Sutter, surrounded by beautiful old downtown architecture. The large windows reveal a colorful interior of Mexican art both new and old, because Terra Coffee is nestled within the Mexican Heritage Center. The Center opened in the late 1990s to educate community members about the heritage and culture of Mexico. Many different events are held in the Mexican Heritage Center, but regular visitors and Terra Coffee patrons can enjoy daily art exhibits by local and budding artists. During my visit, their gallery was filled with works from a wide range of local child artists. It was a whimsical and talent-filled expression of local culture, and it paired beautifully with the coffee.

The owners of Terra Coffee have a passion for their product, and it shows. They began with a mission to provide local businesses with small batch home-roasted coffee, which developed into the collaboration with the Mexican Heritage Center that they have now. The menu is simple, but delicious. There are the standard drip coffees and mochas, and the now popular pour over and cold brew options. I, however, had to try the lavender latte. Lavender is an interesting addition to any food or beverage, but it can easily overpower other flavors or leave a chalky taste. Fortunately, that was not my experience. The creaminess of the latte blended beautifully with the floral lavender undertones making it subtle and uniquely delicious.  

I was equally thrilled with Terra Coffee’s staff. There were two bright smiling faces eager to help as soon as I walked in the door. The employees were friendly and knowledgeable about both their products and the area, and were eager to talk about the businesses’ coffee/culture collaboration. When there is literally a cafe on every corner, quality in product and service make all the difference. Terra Coffee has both in spades. From my experience, they have developed a passionate and friendly workforce that can also make a mean lavender latte. The next time I’m in Stockton, I will definitely stop in to try the equally intriguing peach latte. I suggest you do the same.

Review: Artful Tacos in an Unlikely Location
Tacos Lucha

If you have visited downtown Visalia, you have likely driven past Tacos Lucha. You just didn’t know it. Located right past Oval Park, this small, hidden restaurant offers amazingly authentic tacos and ramen with sophisticated twists. Even if the journey is a bit out of your way, trust me: you’ll want to find Tacos Lucha.

There is a triad of small restaurants nestled in front of a large dilapidated store. One of these—the most colorful—is Tacos Lucha. You’ll know it by the festive vertical striping and the DJ spinning vinyl under the gazebo. The owner, Chris Gonzalez, will tell you that this is his passion project, and it shows. The food is meticulously prepared and presented, and the flavors all blend perfectly. 

I have sampled almost all of the tacos, both veggie- and meat-based, and have yet to be disappointed. So far, the pork belly is my favorite with its slightly sweet crunch and melt in your mouth finish. The greens and radishes add a delightful cooling flavor. The fried avocado is also amazing if you like a kick. The creaminess of the avocado balances, but definitely does not cover, the spicy seasoning. It really doesn’t matter what you order–the shrimp, brisket, pulled pork, or cauliflower–they are all mouth-watering. And if you want to add some additional umame and creaminess, you can add a sunny side up egg to any taco. And you definitely should. It’s amazing.

I have yet to try the ramen, but everyone I have spoken to about it has raved. The noodles are made from scratch daily, so only a lucky 18-20 customers get their hands around these delicious bowls each day. Add the protein of your choice to the ramen, which already includes bamboo shoots, shoyu, baby corn, a soft boiled egg steeped in soy sauce, and a fish cake. My date had previously ordered the brisket. When I asked him to describe it, he closed his eyes and, with a little smile on his face, he said, “amazing.” With some additional prompting, he spoke fondly of the rich, flavorful broth and soft, spicy kick. He also raved about the egg, which added additional richness to the meal.

So, the next time you start craving tacos, venture into downtown Visalia. Enjoy the DJ spinning records in the open air, and dig into some amazingly delicious food.