FDA Public Meeting on Food E-Commerce (Part 4): Video Lecture on Cybersecurity and the Food Safety Manager

If FDA is asking questions about food e-commerce, then what is your role? As a food safety manager, you have a role in cybersecurity – including e-commerce – but to do what? This post includes a recent video lecture on the topic that provides for a simple call to action.

This is the fourth blog post in our multi-post series that focuses on the FDA “New Era of Smarter Food Safety” (SFS) blueprint. Other posts include a review of the FDA public meeting, an e-commerce and food fraud overview, a review of ISO cybersecurity definitions, a country-level vulnerability assessment, an explanation of supply chain mapping and the use of criminology hot spot analysis, and possibly others.

Over the last six months, we’ve intensified our focus on food fraud in the online marketplace. This post provides two resource links: (1) a video lecture on Cybersecurity and the Food Safety Manager, and (2) for your comments, a draft of the Cybersecurity and ISO 22000 section from my new book.

Our cybersecurity research started with consideration of the food fraud risks from e-commerce and online direct-to-consumer sales. Our recent activity in this area includes presentations at the 2016 IUOFST conference in Beijing and the 2017 INTERPOL/ Europol Operation Opson meeting. [1,2] In 2018, the ISO 22000 Food Safety Management scope clarified that it included “cybersecurity and food fraud.” Then, last month FDA announced their food e-commerce public meeting. Together, these were the motivation for creating this video lecture and finishing the section draft.

Video Presentation

To support the need for training and education, we presented and recorded the topic in the PJR Registrars food safety webinar series.

The subjects included are:

  • The Requirements in the Food Law and Food Safety Management Systems
    • ISO 22000 Food Safety Management (the foundation for GFSI and the food safety standards)
    • Food Safety Modernization Act (FSMA)
    • Global Food Safety Initiative (GFSI)
  • General Cybersecurity standards:
    • US National Institute of Standards and Technology (NIST)
    • ISO 27000 Information Security
    • ISO 27034 Cybersecurity
  • The role of the food safety manager in cybersecurity


The foundation of this video presentation is based on our previous research, including this draft book section. Please review and comment in the shared Google Document:


As presented in the video lecture and the book section, to manage cybersecurity, here are key statements:

Conclusion for a Food Safety Manager based on NIST, ISO 27000, and ISO 27032:

  • You are NOT accountable or responsible for conducting IT/ cybersecurity assessments or selecting/ implementing/ managing those systems.
  • You ARE accountable for sharing your expert, functional-area insight on critical infrastructure protection (what processes are the most vulnerable, and why) AND assuring your systems are covered.
  • You ARE accountable for making sure you are meeting the FSMA and GFSI requirements for considering all hazards, including cybersecurity and e-commerce.
  • This post continues to provide a foundation for the FDA food e-commerce public meeting and provides insight for your food fraud prevention strategies.


    [1] Spink, John W (2016). Food Fraud and E-Commerce, Session: Food Safety and Supervision in E-Commerce, International Forum on Food Safety (IFFS), International Union of Food Science and Technology (IUOFST), April 4, 2016, Beijing

    [2] Spink, John W (2017). Food Fraud Prevention Challenges in E-Commerce [FSAI] – e-commerce and country-level assessment: a presentation at the Food Safety Authority of Ireland meeting for the EU Food Integrity Project. This covers a Food Fraud Vulnerability Assessment (initial screen or pre-filter) for an entire country of a specific product problem. This is an example of an FFVA for an entire country (18 minutes): https://www.youtube.com/watch?v=uhrkoUuOhEk

    Scroll to Top