One of the most accessible, yet powerful tools in food defense is the concept of Key Activity Types, or KATs. Let’s explore what they are, why they matter, and how to use them effectively when conducting vulnerability assessments (VAs) under FDA’s Intentional Adulteration (IA) rule.
A Brief History Lesson
Having worked extensively on FDA vulnerability assessments over the past 20 years, I saw firsthand how the KAT concept evolved. We conducted voluntary VAs with industry across a wide range of FDA-regulated food products, and a clear pattern emerged: regardless of the product, the same types of process steps consistently ranked highest in vulnerability. After years of observing this trend, we had enough data to objectively analyze and identify process steps of highest concern — well before the IA rule was published.
When it came time to write the IA rule, we recognized the power of what we had built: a scientifically sound, industry-informed vulnerability assessment method that focused on process steps, not product categories. That core insight became the foundation of the Key Activity Types.
KATs and the IA Rule
Under the IA rule, facilities are required to conduct a vulnerability assessment to identify significant vulnerabilities that could be exploited to cause wide-scale public health harm. As explained in IA rule guidance, one FDA-recognized method that facilities may choose for conducting VAs is to match process steps to the four Key Activity Types:
- Bulk liquid receiving and loading
- Liquid storage and handling
- Secondary ingredient handling
- Mixing and similar activities
The “Matching Method” Explained
If a process step matches one of these four KATs, it is considered to have a significant vulnerability based on the underlying research that led to the development of KATs. No additional scoring or analysis is required. That match itself is the vulnerability assessment. If there’s no match, the step is not considered significantly vulnerable.
This streamlined approach offers multiple advantages, including:
- Simplifying VAs without compromising scientific rigor
- Providing a practical, scalable method suited to a wide range of facilities
- Facilitating team training and communication by focusing on observable, concrete activities.
The key is accurate process mapping. Facilities must have a clear understanding of their operations to determine where (or if) KATs exist, and they must be equally familiar with the KAT descriptions to make those determinations.
What About the Hybrid Approach?
Some facilities choose to go further by performing a scored analysis using the 3 Elements — FDA calls it the “hybrid approach” (I’ll cover that in a separate post). This is typically done when they believe a process step that matches a KAT may not actually have a significant vulnerability, based on the inherent characteristics of the step. But it’s important to remember this deeper analysis is optional and not required. The KAT approach stands on its own as an acceptable VA method that FDA recognizes.
Bottom Line
Whether you’re developing a Food Defense Plan for the first time, or refining an existing one, don’t underestimate the power of this matching method. When used correctly, Key Activity Types offer clarity, simplicity, and confidence in compliance.
Jon Woody led FDA’s food defense program for two decades and now consults on FSMA compliance and food defense strategies through his firm, Woody Food Strategies.
Originally posted on WoodyFoodStrategies.com. To inquire about reposting or reprinting, please contact info@woodyfoodstrategies.com.