Language selection

Search

Standard Regulatory Response Process

On this page

1. Purpose

To describe the Canadian Food Inspection Agency (CFIA) Standard Regulatory Response Process that recommends responses to potential or realized risk and non-compliance to regulatory requirements or permission conditions. This document is intended for the CFIA Inspectorate.

2. Authorities

The CFIA is responsible for administering and/or enforcing the following Acts and their respective regulations:

3. Definitions

In addition to the terms defined below, other definitions related to regulatory response activities may be found in the Compliance and Enforcement Operational Policy.

Compliance
The state of conformity of regulated parties with legislative requirements
Compliance history

A regulated party's history of non-compliance that resulted in enforcement responses taken by CFIA in the previous 5 years. Compliance history is constituted of two components:

  • internal administratively collected history of non-compliance captured through communications with the regulated party, including inspection reports, letters of non-compliance (LoNC) and meetings with the regulated party (MwtRP). This information is required to ensure that non-compliance is documented to form the basis for enforcement responses; and
  • history of enforcement responses such as administrative monetary penalties (AMPs) or prosecutions that may be used for statutory purposes such as the issuance of AMPs, the issuance, renewal, suspension or cancellations of licenses and/or in the context of prosecutions
Control action
An action that is taken for the purpose of controlling risk when a regulated commodity or process poses or may pose a risk to human, plant or animal health, the environment, economy or trade
Control response plan
For the purpose of this document, a plan that identifies a series of steps that the CFIA will initiate in response to an event that may require the mitigation of risk
Enforcement action
Actions taken by the CFIA in response to non-compliance
Hazard
A biological, chemical or physical property that may cause an unacceptable risk to human, animal or plant health or the environment
Inspection report
For the purpose of this document, the primary mechanism by which the CFIA communicates non-compliance to the regulated party
Instance of non-compliance
Each occurrence of non-compliance against a regulatory provision
Permission

Official consent granting legal authorization to a regulated party to conduct specified activities (for example, permits, certificates, licences and registrations). For the purposes of this document there are two types of permissions:

  • those used to operate – includes licences, registrations or other authorizations enabled by legislation that grants permission to operate an establishment or perform prescribed activities
  • those used to trade – includes export certificates, import permits and ministerial exemptions which are transactional and may be cancelled as a means of controlling risk with or without non-compliance
Regulatory response
Actions taken in response to non-compliance or risk
Risk
The product of the likelihood of the occurrence of a hazard, and the severity of its consequences

4. Acronyms

AAAMP Act
Agriculture and Agri-Food Administrative Monetary Penalties Act
AMP
Administrative monetary penalty
CFIA
Canadian Food Inspection Agency
EIS
Enforcement and Investigation Services
iAIM
integrated Agency Inspection Model
INCR
Inspector non-compliance report
LoNC
Letter of non-compliance
MwtRP
Meeting with the regulated party
OGD
Other Government Department
PPB
Policy and Programs Branch
RD
Regional Director
RDIMS
Records Document Information Management System
SIP
Standard Inspection Procedure
SRF
Source and risk factor (investigation)
SRRP
Standard Regulatory Response Process

5. Standard Regulatory Response Process

The CFIA is dedicated to safeguarding food, animals and plants, which enhances the health and well-being of Canada's people, environment and economy. As part of these responsibilities, the CFIA needs to respond effectively and efficiently to:

The CFIA's regulatory response can be in the form of control actions, enforcement actions or both. Regulatory control actions are undertaken to mitigate risk while enforcement actions may also be undertaken to respond to non-compliance. For example, an inspector may need to seize and detain a commodity that may cause a risk to humans, plants or animals (control action) as well as initiate the process to issue an AMP (enforcement action) if actions or inactions of a regulated party are in contravention to legislation enforced by the CFIA.

Figure 1 summarizes the relationship between the control and enforcement components of the regulatory response process which is further elaborated in the text below. The relationship is depicted as linear (control flowing to enforcement) to demonstrate the urgency to address any real or potential risk(s) immediately.

Figure 1: The regulatory response process
Figure 1: The regulatory response process. Description follows.
Description of Figure 1: The regulatory response process

This process flow illustrates the regulatory response process. Text version below.

5.1 Control

Control is part of the compliance, control and enforcement continuum. The purpose of the control process is to determine the nature and extent of a potential or actual risk to inform risk assessment and risk mitigation decisions. These risks may originate from a process, commodity or regulated party action that may or may not comply with legislative requirements. The outcome of the control process determines the control actions to be implemented to limit or prevent risk for the specific inspection case.

Control covers a wide range of actions triggered in response to situations where regulated commodities or the actions of a regulated party pose or may pose a risk to human, plant or animal health, the environment, the economy or trade.

Control actions include, but are not limited to:

All actions listed above are made possible by powers and authorities granted to the CFIA and its inspectors through the legislation enforced by the Agency.

For some situations, control response plans or other guidance documents inform inspectors on the steps to take to control the relevant risk (for example, Food Investigation Response Manual, Hazard Specific Plans). Where these guidance documents do not exist, the Inspectorate ensures that the full control process (Appendix 1) is followed by seeking guidance as needed via the established communication or supervisory channels. In these cases, the Inspectorate works with subject matter experts from Inspection Support, PPB, Science Branch or other groups to develop a control response plan for the specific event as per the process identified in Appendix 1.

5.1.1 Control Process

Figure 2 outlines the steps followed by an inspector when an event triggers the need for a control response. Possible triggers could be:

Figure 2: The control response process
Figure 2: The control response process. Description follows.
Description of Figure 2: The control response process

When some form of trigger (inspection result, lab result, etc.) initiates a regulatory response, determine if a control measure to control risk is required:

  • if not, proceed to determine if non-compliance has occurred
  • if a control measure is required
    • implement the applicable control procedure if it exists
    • an applicable procedure does not exist, request a control response plan from the applicable OGE and /or PPB and implement the plan
    • then proceed to determine if a non-compliance has occurred

If non-compliance has occurred, determine the harm, history and intent. Identify the appropriate enforcement response and recommend it for management approval. Implement the enforcement response once approval received

When an event occurs, the inspector applies the following steps to determine if control actions are required and if so, where to obtain guidance on how to respond.

Step 1:

Determine if there is a risk that requires a control action to be taken by considering the following question:

Is there a potential for impact on:

  • human, animal or plant health, or
  • the environment, or
  • the economy or trade

Consult business line or commodity specific guidance and legislation. Seek expert advice from Operational Guidance and Expertise (OGE), Policy and Programs Branch (PPB) or Science Branch, if required. If no control action is required, go to Step 6.

Step 2:

Ensure that the CFIA has the legal authority to respond to the event. If not, transfer the case to the appropriate responsible party or OGD

Step 3:

Determine if a business line specific control response plan or guidance for the specific type of event exists. If no specific control response plan or guidance exists, request guidance through established communication channels

Step 4:

Follow the Determine if a business line specific control response plan or guidance for the specific type of event appropriate control response plan or guidance to determine which control actions are required

Step 5:

Initiate any required control actions

Step 6:

After effectively implementing control actions to mitigate the risk(s) or having decided that no control action is required, proceed to assess whether non-compliance has occurred. Presence of non-compliance sets into motion the enforcement portion of the regulatory response process

5.2 Enforcement

The purpose of the enforcement process is to determine the most appropriate enforcement action to take when responding to non-compliance of regulatory requirements or permission conditions. The process is intended to provide an objective, fair, effective, predictable and transparent enforcement response where:

Harm, compliance history, and intent are factors the CFIA considers when determining the most appropriate enforcement response.

Enforcement activities cover a wide range of measures including, but not limited to, letters of non-compliance, issuance of administrative monetary penalties (AMPs), actions on permissions to operate (for example, licences) and recommendations made by EIS that the regulated party be prosecuted.

Figure 3 outlines the process flow for the enforcement response initiated when non-compliance occurs. In this process flow, the inspector consults the Enforcement Decision Matrix (Table 3) in all instances of non-compliance as soon as possible after initiating or completing control actions. Where the non-compliant party holds a permission to operate issued by the CFIA, the inspector also consults the Permissions Action Process Flow (Figure 4) to determine which, if any, action is appropriate for the specific inspection case.

Figure 3: The enforcement response process
Figure 3: The enforcement response process. Description follows.
Description of Figure 3: The enforcement response process

This detailed process flow shows the enforcement response process. Text version below.

5.2.1 Enforcement process

When non-compliance occurs, the inspector applies the following steps to assist with the determination of the appropriate enforcement action to recommend.

Step 1: Evaluate the non-compliance
Step 2: Determine the level of harm introduced by the non-compliance
Table 1: Descriptions of the levels of harm
Level Harm characterization Description
1
  • Unlikely to occur with low severity of consequences
  • Non-compliance that does not result or is unlikely to impact on health (human, animal or plant), the environment, economy or trade
2
  • Likely or very likely to occur with low severity of consequences; or
  • Unlikely to occur with medium to high severity of consequences
  • Non-compliance resulting in a minor, temporary impact on health (human, animal or plant), the environment, economy or trade
3
  • Likely to occur with medium severity of consequences
  • Non-compliance resulting in a moderate, temporary impact on health (human, animal or plant), the environment, economy or trade
4
  • Likely to occur with high severity of consequences; or
  • Very likely to occur with medium severity of consequences
  • Non-compliance resulting in a moderate but significant impact on health (human, animal or plant), the environment, economy or trade
5
  • Very likely to occur with high severity of consequences
  • Non-compliance has or may have a severe impact on health (human, animal or plant), the environment, economy or trade
Step 3: Determine the history and Intent of the regulated party
Table 2: Determination of compliance history / intent
History / intent level Description of compliance history / intent
A
  • No previous occurrences of non-compliance which resulted in enforcement actions taken by CFIA in the past 5 years; and
  • Demonstrated awareness of and capacity to meet regulatory requirement; and
  • Regulated party has a reasonable and cooperative attitude.
B
  • No more than two previous occurrences of non-compliance where enforcement actions were taken by CFIA in the past 5 years; or
  • Questionable awareness of or capacity to meet regulatory requirement.
C
  • Three or more previous occurrences of non-compliance where enforcement actions were taken by CFIA in the past 5 years; or
  • Little or no awareness of or capacity to meet regulatory requirement.
D
  • Willful violation of regulatory requirement; or
  • Little or no demonstrated effort to meet regulatory requirement.
E
  • Hindering or obstructing a CFIA official;
  • Refusing to furnish required information; or
  • Intentionally including false or misleading information.
Step 4: Identify the options for enforcement response
Table 3: Enforcement decision matrix
Compliance history and intent Level of harm
Level 1 Level 2 Level 3 Level 4 Level 5

A

(Highest level of compliance history and/or lowest level of intent)

LoNC Table Note 1 LoNC Table Note 1

LoNC Table Note 1
or
MwtRP Table Note 2

MwtRP * Table Note 3 / AMP Table Note 4 EIS investigation Table Note 5
B LoNC Table Note 1

LoNC Table Note 1
or
MwtRP Table Note 2

MwtRP * Table Note 3 / AMP Table Note 4 MwtRP * Table Note 3 / AMP Table Note 4 EIS investigation Table Note 5
C

LoNC Table Note 1
or
MwtRP Table Note 2

MwtRP * Table Note 3 / AMP Table Note 4 MwtRP * Table Note 3 / AMP Table Note 4 EIS investigation Table Note 5 EIS investigation Table Note 5
D MwtRP * Table Note 3 / AMP Table Note 4 MwtRP * Table Note 3 / AMP Table Note 4 EIS investigation Table Note 5 EIS investigation Table Note 5 EIS investigation Table Note 5

E

(Lowest level of compliance history and/or highest level of intent)

EIS investigation Table Note 5 EIS investigation Table Note 5 EIS investigation Table Note 5 EIS investigation Table Note 5 EIS investigation Table Note 5

Table Notes

Table note 1

LoNC – letter of non-compliance

Return to table note 1  referrer

Table note 2

MwtRP – meeting with the regulated party

Return to table note 2  referrer

Table note 3

MwtRP * – meeting with the regulated party for inspection programs that do not have access to administrative monetary penalties (AMP) as an enforcement response

Return to table note 3  referrer

Table note 4

AMP – administrative monetary penalty – may be issued as a notice of violation (NOV) warning or penalty

Return to table note 4  referrer

Table note 5

EIS investigation – may result in a recommendation for prosecution or other enforcement actions

Return to table note 5  referrer

Note

Actions against permissions (for example, suspension of licenses) may be taken concurrent to the above actions.

Step 5: Identify options for actions on permissions to operate

In the case of regulated parties that hold a permission to operate, actions in addition to those described in Table 3 are also available. Actions on permissions may be taken alone or in combination with the enforcement actions in Table 3 and are enabled by provisions of legislation under which the permissions were issued.

Figure 4: Permissions Action Process Flow
Figure 4: Permissions Action Process Flow. Description follows.
Description of Figure 4: Permissions Action Process Flow

This process flow illustrates the permission action process. Text version below.

If a permission holder is non-compliant, they are, depending on the inspection, given the opportunity to return to compliance before an action is taken on their permission.

If the permission holder does not return to compliance, refer to commodity or business line guidance to see if the criteria for cancellation of the permission have been met.

If the criteria have been met, recommend suspension. If they have not, refer to commodity or business line guidance to see if the criteria for suspension of the permission have been met.

If the criteria for suspension have been met, recommend suspension of the permission, if not recommend a letter of non-compliance.

If the permission holder operates while suspended or does not return to compliance within required timeframe, recommend cancellation of the permission.

If the permission holder does not operate while suspended and returns to compliance within required timeframe, recommend reinstatement of the permission.

Step 6: Determine which enforcement response(s) to recommend
Step 7: Confirm authority to perform the recommended enforcement response
Type of enforcement response Performed by Recommended oversight
Issuing a LoNC Administrative action – inspector Supervisory
Meeting with the regulated party Administrative action – manager Manager
Issuing a notice of violation (AMP warning or with penalty) Inspector designated under AAAMP Act RD or delegate
EIS Investigation EIS Management oversight body
Suspension of Permission to Operate Delegated to RD Management oversight body
Cancellation of a Permission to Operate Delegated to RD Management oversight body
Step 8: Recommend the enforcement response

AMPs, EIS investigation and suspension or cancellation of a permission to operate require management oversight. It is recommended that, as a minimum, supervisory oversight be applied to the issuance a LoNC and meeting with the regulated party.

Step 9: Supervisory or management oversight review and approval

The responsible oversight body (supervisor or management oversight) reviews the details of the enforcement response recommendation to ensure the enforcement response will be objective, fair, effective, predictable and transparent. To do so, the oversight body:

Step 10: Perform the enforcement response

After the Oversight Body approves an enforcement response, the inspectorate initiates the process to carry it out.

Step 11: Record the analysis and decisions for the enforcement response

All documents or records associated with the enforcement response must be created and maintained in the manner approved by the CFIA (for example, a database, electronic document management system, hard copy records, etc.). The records must also be retained in accordance with the CFIA policy on record management.

The following types of information concerning the enforcement response must be maintained:

The specific procedural document for each enforcement response provides the Inspectorate with more detailed guidance on how and where to record relevant information.

6. Appendices

Appendix 1 – Guideline for developing a control response plan

Purpose

This guideline describes the steps to consider in the development of a control response plan. This guideline is used by CFIA staff responsible for providing control response guidance to the Inspectorate.

Background

The management of contamination events (food and feed), animal or plant diseases and/or pest incursions is a key responsibility of the Canadian Food Inspection Agency (CFIA). When these events occur, the inspectorate uses business line or commodity specific guidance to apply the control response and carry out any required control actions. When guidance to respond to a particular event has not previously been established, CFIA employees, particularly those responsible for providing guidance to the inspectorate, are required to develop a control response plan consistent with this guideline. When developing a control response plan, the responsible employees must ensure, often at short notice, the application of rigorous scientific methods and the implementation of sound control procedures, sometimes under the spotlight of intense public attention.

Guideline

The CFIA responds to risks in the following two ways:

  1. Initial control response
    The CFIA determines the scope of regulatory control actions and the appropriate response to mitigate the risk. Control actions may include quarantine, seizure and detention, recall, disposal, etc.
  2. Long term management response
    When eradication or elimination of a risk is not possible or may take several months or years, the control actions may be prolonged, for example, to establish regulated areas and control movement or production. Long term responses are most often taken up by other CFIA functions such as implementing new import controls, improving enforcement strategies for some regulatory requirements, enhancing guidance for field operations, etc.

In both cases, inspectors tasked with performing control actions require guidance that provides the necessary information to ensure an appropriate response to the risk. Control response plans are documents that provide inspectors with the step by step process to follow when an event occurs that may require the implementation of control actions. They exist in various forms including hazard specific plans, the Food Investigation Response Manual or other commodity or business line specific guidance. Control response plans may be highly detailed and thoroughly completed documents or they may be very basic directions. The latter is particularly true when a plan does not already exist and the inspectorate requires urgent guidance on the appropriate control response during an event. Regardless, all control response plans are developed by considering the topics described in Steps 1 to 6 below.

Figure 5: Steps in a control response plan
Figure 5: Steps in a control response plan. Description follows.
Description of Figure 5: Steps in a control response plan

A control response plan consists of 6 steps:

  • conduct the preliminary assessment
  • conduct a source and risk factor investigation
  • assess risk
  • make a decision
  • mitigate the risk
  • close control case

Figure 5 describes a linear process. However, in some situations the process steps will repeat, they will be postponed and revised, and many of them will be done simultaneously.

Step 1: Conduct preliminary assessment

Step 1: Conduct the preliminary assessment has 3 sub-steps. Description follows.
Description of Step 1: Conduct preliminary assessment

Step 1 – conduct the preliminary assessment has 3 sub-steps. Text version below.

The first step in a control response plan includes initial information that should be reviewed by the inspectorate in order to make a preliminary determination regarding the jurisdiction, validity and potential significance of an event. The plan may also provide guidance on assigning a priority and whether any immediate control actions should be implemented prior to continuing to step 2.

Step 1.1: Determine jurisdiction and validity

When an event occurs, the inspectorate must determine whether the event is one that requires the initiation of control activities. To enable this, a control response plan identifies when a specific event would trigger the plan to be put into action. Specifically, the plan guides the inspectorate on how to assess the following:

If necessary, the plan informs the inspectorate on how to redirect the file to the appropriate authority if the CFIA is not the responsible authority.

Step 1.2: Determine priority

When a control response plan includes guidance on how to prioritize work, this guidance is based on factors such as:

Including guidance on assigning a priority level during the preliminary assessment will help to inform the inspectorate on the urgency of the issue so that they may prioritize the response in consideration of other duties. This step in the plan differs from a formal risk assessment, as described in Step 3 – Assess Risk.

Step 1.3: Determine next steps

A control response plan identifies whether immediate actions are required to contain or mitigate a real or potential risk. If immediate actions are required, the plan indicates the appropriate action(s) to perform and direct the inspectorate to any supplemental guidance needed to perform the task (eg: refers the inspectorate to operational guidance on how to perform a product seizure and detention).

Step 2: Source and risk factor (SRF) investigation

Step 2: Source and risk factor (SRF) investigation has 5 sub-steps. Description follows.
Description of Step 2: Source and risk factor (SRF) investigation

Step 2 – source and risk factor investigation (SRF) has 5 sub-steps. Text version below.

A source and risk factor (SRF) investigationFootnote 1 is conducted to verify if the incident represents a risk. The SRF investigation determines the nature and extent of the event. Investigations may involve inspection, epidemiologic, environmental and laboratory components. These elements complement each other to characterize the event, potential causes and risk factors, thus allowing decisions to be made regarding risk and appropriate control measures.

In this step, a control response plan guides the inspectorate on the type of information to gather to ensure that an accurate and complete SRF investigation can be conducted.

The SRF investigation guidance contained in a control response plan is based on the following principles:

Step 2.1: Develop an SRF investigation plan

A control response plan guides the inspectorate on how to plan the SRF investigation when required. This includes information on:

The extent of guidance in a control response plan on SRF investigations is dependent on the size and/or complexity of the event for which the plan was developed. Routine events that are investigated in a short period of time may require relatively simple guidance on how to perform the SRF investigation with supervisory approval. More complex or high profile events may require more detailed guidance on how to perform the SRF investigation. In those scenarios, the guidance may indicate the need for a higher level of approval.

Step 2.2: Prepare for the SRF investigation

A control response plan identifies resource material or contacts needed in preparation for the SRF investigation such as:

Step 2.3: Collect information

Gathering information means to carry out the SRF investigation. A control response plan specifies how the information obtained during the SRF investigation will be gathered, whether by inspection, testing, epidemiological and environmental survey or other methodsFootnote 2. During the course of the SRF investigation, information collected may lead to new investigation avenues. When these new avenues are reasonably foreseeable, a control response plan provides guidance on how to investigate those avenues as well.

Guidance on recording and organizing information ensures the information is collected in a manner that facilitates analysis, risk assessment, decision making and risk management strategy development.

Step 2.4: Verify and analyze data/information

A control response plan provides guidance to the inspectorate, as needed, on how to:

A control response plan provides the necessary guidance on how to analyse the information so that the inspectorate can:

A control response plan also identifies when subject matter expert advice should be sought.

Step 2.5: Scope the event

When performing the SRF Investigation, the inspectorate attempt to identify the full extent of the potential risk to public, animal or plant health, on economy or trade in commodities regulated by the Agency or on the environment.

Guidance on how to determine the scope of an event is an important part of a control response plan and is based on the level of potential risks or impacts. Guidance to help the inspectorate answer the following questions is included:

Determining the scope of an event may involve sampling and testing and analysis of supporting information to determine the possible presence of a hazard.

Step 3: Assess risk

Step 3: Assess risk has 4 sub-steps. Description follows.
Description of Step 3: Assess risk

Step 3 – Assess risk has 4 sub-steps. Text version below.

The SRF investigation may confirm that the situation represents a potential risk which needs to be assessed for the purpose of making risk management decisions. Assessing risk involves making a quantitative or qualitative assessment of the probability of the occurrence of an adverse event and the potential severity of its impact on humans, plants, animals, on economy or trade in commodities regulated by the Agency or on the environment.

When necessary, a control response plan provides guidance on how to access or conduct a risk assessment based on the following steps:

Step 3.1: Evaluate need for a risk assessment

A control response plan identifies the whether there is an existing risk assessment that addresses the present situation. A risk assessment may not be required if one of the following exists:

In these circumstances, the guidance could direct the inspector to apply the principles or pre-existing risk assessment of to implement specific procedures.

Step 3.2: Request risk assessment

A control response plan indicates when and how an inspector should request a risk assessment for the specific event.

The CFIA either conducts the assessment internally (this may require engagement of units outside of the Operations Branch) or makes a request (through PPB) to an external agency or party. The determination to proceed internally or externally is dependent on the roles and responsibilities that the CFIA shares with other government departments, by mandate or through existing Memoranda of Understanding.

Regardless of where the assessment is performed, a formal written request will be required. Specific information collected during the SRF investigation may be required in an accessible and understandable format by those conducting the risk assessment. A control response plan indicates the type of information needed for the risk assessment and any details on how and to whom that information is to be provided.

Step 3.3: Conduct risk assessment

If a control response plan provides information on conducting a risk assessment, it is based on the following:

Step 3.4: Receive risk assessment

When the risk assessment is received, it is reviewed by the requester to ensure all information is correct and that it addresses the request. The risk assessment is to be compared with existing documents pertaining to similar situations for consistency purposes.

If any clarifications are needed or discrepancies identified, they will be brought to the attention of the assessors for explanation and resolution. The risk assessment will be documented in the appropriate inspection system and used for making risk management decisions. The risk assessment will be considered final once the assessors are satisfied that it is concise, complete, and accurate and that no further clarification is needed.

Step 4: Make decision

Step 4: Make decision has 4 sub-steps. Description follows.
Description of Step 4: Make decision

Step 4 – make a decision has 4 sub-steps. Text version below.

The purpose of this section of a control response plan is to guide the inspectorate on how to identify and assess the appropriate actions to be taken to mitigate the risk based on the risk assessment and other relevant information. Some of the steps may be omitted or performed in less detail depending on the situation. The process described in a control response plan allows decisions to be made in a timely manner and according to established accountabilities and processes (that is, made by the right people with the right advice according to established processes).

Step 4.1: Analyze risk assessment

A control response plan guides the inspectorate on how to respond to the possible outcomes of the risk assessment and any additional information provided by the assessors. For example, if the risk assessment indicates a specific risk is present, the control response plan directs the inspectorate to any existing guidance or procedures to respond to the specific risk.

Step 4.2: Determine scope of the required mitigation

Control response plan guidance on implementing mitigation actions in response to an even are developed in consideration of the following factors:

Development of this step might require significant consultation depending on the cost or time it would need for the inspectorate to implement the guidance.

Guidance suggesting that no further control action is required also indicates how the inspectorate is to close the file (see Section 6 – Close Control Case) or transfer it for another type of activity (for example, compliance verification, enforcement).

Step 4.3: Identify and assess risk mitigation

A control response plan indicates the mitigation options available to the inspectorate for responding to the event. If guidance on how to perform the mitigation option are described in an existing procedure, a control response plan refers the inspectorate to that guidance document so that the option can be conducted without delay. Where an operational procedure does not exist, the control response plan provides the inspectorate with guidance on how to implement immediate or long-term actions which may be necessary to control the risk.

When developing the mitigation options to include in a control response plan, the following assessments are conducted to ensure the guidance will be deliverable. Consultation with key stakeholders may be required prior to finalizing the control response plan.

Assess the Benefits and Challenges of the Mitigation Options – Consider the positive and negative aspects of the implementation of the proposed option, including but not limited to:

Assess the Feasibility and Financial/Human Resource Implications of Each Proposed Mitigation Option – In addition to the previous elements, assess each proposed option for:

Step 4.4: Develop the risk mitigation plan

The Risk mitigation plan is the part of a control response plan that describes the risk mitigation decision as well as immediate and long-term actions to be implemented.

Risk mitigation plans can be scaled appropriately based on the size and/or complexity of the event for which a control response plan is being developed. They may be modified or enhanced as necessary as new information becomes available. In these situations, the decision and the rationale for these modifications will be documented appropriately.

When describing the risk mitigation plan in a control response plan, the following content is included:

Step 5: Mitigate risk

Step 5: Mitigate risk has 4 sub-steps. Description follows.
Description of Step 5: Mitigate risk

Step 5 – mitigate risk has 4 sub-steps. Text version below.

The purpose of this step in a control response plan is to communicate, implement and verify the effectiveness of the control actions and decisions identified in the risk mitigation plan.

Step 5.1: Communicate risk mitigation plan

The inspectorate will be required to communicate the plan to internal and external stakeholders, as appropriate, in order to solicit input, clarify roles and responsibilities/partnerships and facilitate logistics for implementation.

Step 5.2: Implement risk mitigation plan

A control response plan indicates how to:

The guidance also indicates how records are to be maintained to ensure that, as each task is completed, the appropriate inspection / information management system is used to record the following:

Step 5.3: Verify completeness and effectiveness of actions

The effective implementation of all elements of the risk mitigation plan with the specified timeframe must be verified and documented.

A control response plan provides the inspectorate with guidance on how to verify the effectiveness of actions to ensure that control actions were taken by the regulated party to mitigate the risk. This may include activities such as inspection, sampling, data analysis, etc.

Once the verification requirements are met and the risk is controlled, it can be determined that the plan was implemented and effective. If this determination is made, the guidance should direct the inspectorate to proceeds to Step 6 – Close Control Case.

A control response plan also guides the inspectorate on how to respond should the verification indicate that the risk mitigation plan was not effective. This guidance considers the possible causes including:

Step 5.4: Conduct follow-up activities

Follow-up activities are important to evaluate the potential of re-occurrence of the event. They can include short and long term activities such as; conducting a follow-up inspection, sampling, etc. If a root cause analysis was conducted by the industry, this information can help determine the source of the event, reduce the possibility of reoccurrence of the event and helps direct the follow-up activities.

A control response plan directs the inspectorate on the follow-up activities to be implemented, such as compliance verification activities or application of the enforcement response.

Step 6: Close Control Case

Step 6: Close control case has 5 sub-steps. Description follows.
Description of Step 6: Close Control Case

Step 6 – close control case has 5 sub-steps. Text version below.

This step in a control response plan describes the steps to be implemented when closing the control case. In order to close the case, the inspectorate verifies that all relevant information, including the rationale for closing the case, has been appropriately documented and that all of the steps have been followed.

Step 6.1: Develop rationale for control case closure

A control response plan indicates the conditions that must be met before a control case can be closed. Those conditions should align with one of the following:

A control response plan indicates how information on closing the control case should be documented to ensure the following information is retained:

Step 6.2: Approve closure of control case

For more complicated events, closure of the control case is approved by individuals with authority to make the decision (inherent to their position or delegated). In these instances, a control response plan identifies who is responsible for approving the closure of the control case. When key elements are complete or documented, the decision maker provides the rationale for closing the case.

Step 6.3: Demobilize control resources

Some cases may involve a demobilization plan which requires approval as described in Step 6.2. Once approval is granted, demobilization can proceed. The demobilization plan is part of risk mitigation plan and is often needed when Emergency Operation Centres or the Incident Command Structure has been mobilized.

Guidance on demobilizing the response considers the following factors:

Step 6.4: Conduct lessons learned exercise

If a control response plan is being developed for more complex situations, it should include guidance on the expectation or lessons learned exercises or similar review mechanisms. These activities provide valuable feedback on the completeness and effectiveness of the control response plan and contribute to continuous improvement of the guidance for the inspectorate. The Lessons Learned exercise may also be used to determine the effectiveness of the CFIA's general preparedness for a control response as well as its response to a particular event. Lessoned learned activities consist of a debriefing session conducted in a timely manner following response to an event and identify strengths and weaknesses of plans, policies and procedures.

In the case of extended response efforts, it may be beneficial if the guidance indicates a timeframe for periodic, interim Lessons Learned exercise to identify any issues that need to be addressed and resolved immediately.

Step 6.5: Communicate control case details

A control response plan indicates how the inspectorate should record all inspection documents related to the case in the appropriate system. The information can then be transferred within CFIA (for example, Program Management, Risk-Based Oversight, Enforcement etc.) for appropriate actions.

Some situations may require communicating with external partners/stakeholders for an update on the results of the implementation of the risk mitigation plan. Stakeholders may include:

The expectations for communication are included in a control response plan, as appropriate.

Appendix 2 – Description of enforcement responses

Enforcement response Details
LoNC
  • The letter of non-compliance (LoNC) is not specified in legislation. It is an administrative action in response to non-compliance
  • Follow operational guidance on Issuing a letter of non-compliance
MwtRP
  • The meeting with the regulated party (MwtRP) is not specified in legislation. It is an administrative action in response to non-compliance
  • The MwtRP provides the regulated party with an opportunity to meet face-to-face with CFIA officials to discuss issues of non-compliance and may be appropriate where a regulated party is resisting taking voluntary corrective actions, or if previous action(s), such as a LoNC, have been ineffective
  • Follow operational guidance on Conducting a meeting with the regulated party
  • Please Note – A regulated party cannot be compelled to attend a MwtRP. A regulated party who refuses to participate in a MwtRP does not obstruct a CFIA inspector
MwtRP *
  • This instance of meeting with the regulated party (MwtRP) should only be used by inspection programs that do not have access to Administrative monetary penalties (AMPs), such as those operating under authority of the Feeds Act, Fertilizers Act, Seeds Act and their associated regulations
  • The purpose and conditions surrounding the MwtRP * remain the same
  • Follow operational guidance on Conducting a meeting with the regulated party
AMP
  • Non-compliance that may be addressed through the issuance of an administrative monetary penalty (AMP), issued as a notice of violation (NOV) with warning or penalty
  • An AMP may only be issued for a violation to a provision listed in Schedule 1 of the Agriculture and Agri-food Administrative Monetary Penalties Regulations
  • An AMP may only be issued by CFIA officials who have been designated by the Minister under the Agriculture and Agri-food Administrative Monetary Penalties Act
  • CFIA inspectors not designated to issue AMPs may refer a recommendation that an AMP be considered using an inspector non-compliance report (INCR) referral package following area enforcement file referral protocols
  • Contact your area Enforcement and investigation services (EIS) office if unsure how to refer an INCR referral package for evaluation
EIS investigation
  • Non-compliance requiring referral to area Enforcement and investigation services (EIS) for evaluation and potential investigation
  • Referral to EIS is to be made through an inspector non-compliance report (INCR) referral package following area enforcement file referral protocols
  • Depending on the outcome, an EIS investigation may result in a recommendation for prosecution or other enforcement actions
Date modified: