Book a free consultation

Ready to start learning about the benefits of going digital for better Food Safety Management

Learn More

“We’ve Always Done It This Way” Is a Risk

“We’ve Always Done It This Way” Is a Risk

It’s not shouted. It’s not dramatic. It usually arrives in a calm voice, in the middle of a busy day, as if it’s the most reasonable statement in the world:

“We’ve always done it this way.”

In food operations, those six words are often used to end a conversation. To protect a routine. To avoid disruption. To keep the line running. To dodge a bigger discussion about change.

And most of the time, the person saying it isn’t lazy. They’re experienced. They’ve survived audits. They’ve shipped product. They’ve solved problems at 3 a.m. with nothing but a pen, a clipboard, and a team that trusted them.

But here’s the truth that’s hard to swallow:

In modern Food safety, “We’ve always done it this way” isn’t a reason. It’s a blind spot.

And blind spots are where risk grows.

Why This Phrase Is So Dangerous in Food

Food businesses operate on routines. Routines are good. They create stability, consistency, and predictability.

But routines become dangerous when:

  • the environment changes,

  • the supply chain changes,

  • regulations tighten,

  • customer requirements evolve,

  • staffing changes,

  • and production pressure increases.

The problem is not the routine. The problem is the belief that the routine is automatically safe because it’s familiar.

Familiarity creates comfort. Comfort creates assumptions. Assumptions create risk.

And risk is never announced. Risk builds quietly—until one day it arrives as an event.

A complaint. A deviation. A recall. An audit finding. A retailer escalation. A regulatory hold.

That’s when leadership asks the painful question:

“How did this happen if we’ve been doing it the same way for years?”

Because the same way can slowly become the wrong way—and nobody notices until the cost is real.

The Operational Reality: “Always” Usually Means “It Worked Until It Didn’t”

In the food industry, many failures happen in systems that were “fine” for a long time.

Not because people stopped caring—but because the conditions changed.

A few examples you’ll recognize:

  • A supplier changes a formulation slightly, and a control based on the old spec becomes weak.

  • A new shift supervisor interprets an SOP differently, and compliance drifts.

  • A line is pushed harder, and shortcuts appear.

  • A new product introduces allergens, and changeover controls aren’t upgraded.

  • Paper records get backfilled because workload increases—and integrity becomes unprovable.

  • Equipment ages, metal risks increase, and verification frequency stays the same.

Each change seems small. But food safety risk is rarely one giant mistake.

It’s usually ten small drifts that finally align.

That’s why “we’ve always done it this way” is so risky: it locks the organization into yesterday’s assumptions.

The Three Ways “Always Done It” Creates Risk

1) It blocks learning

When teams defend a process with history instead of evidence, they stop improving.

A strong food safety culture doesn’t say:

  • “We’ve always done it this way.”

It says:

  • “Show me the evidence that this still works.”

2) It hides weak controls behind effort

Many operations are held together by high-performing people compensating for weak systems.

When the best people are present, things look fine.

But systems should not depend on heroics.

If your controls work only when your best people are working, your controls are not strong.

3) It creates compliance theater

This is the uncomfortable part: some routines exist mainly to pass audits.

The checklist gets filled. The binder looks clean. The records exist.

But the system isn’t truly preventing issues—it’s documenting after the fact.

Auditors are increasingly trained to detect this. Customers too.

They’re looking for proof of control, not proof of paperwork.

A Story That Plays Out Everywhere: The “Small” Shortcut

A QA manager notices that pre-op checks are being completed late—sometimes after start-up. Not always. Just sometimes.

They raise it with the team.

The response is familiar:

“We’ve always done it like that. We’re busy. It gets done.”

So the QA manager pushes gently. The team nods. Everyone moves on.

Then one morning, a sanitation failure slips through. Not because people didn’t care, but because the system had already accepted a tolerance for “close enough.”

A week later, a customer reports foreign material. A month later, the auditor asks about pre-op timing, and the records show checks completed after production began.

Now it’s not a small shortcut. It’s an exposure.

Leadership hears about it and asks:

  • “Why didn’t we catch this earlier?”

But the truth is: it was visible early. It just didn’t feel urgent until the cost arrived.

That’s what “always done it this way” does: it normalizes drift.

The C-Level Perspective: Risk Isn’t Just Food Safety—It’s Brand, Revenue, and Speed

For executives, the risk is not only whether food is safe today. It’s whether the business can respond fast and credibly when something goes wrong.

Because the game has changed.

Today, in many markets:

  • customer audits are tougher,

  • retailers demand faster traceability,

  • regulators expect proof and speed,

  • and public trust can evaporate quickly.

When a serious issue happens, leaders get judged by:

  • how quickly they can isolate affected lots,

  • how precisely they can limit scope,

  • how confident their documentation is,

  • and how clean the corrective action trail looks.

That’s why outdated routines become executive risk. They slow response, weaken proof, and expand exposure.

This is where systems like food safety software and Food traceability software stop being “nice to have” and start becoming operational insurance.

Step-by-Step: How to Replace “Always Done It” With Evidence-Based Control

Here’s a practical way to change culture without chaos.

Step 1 — Identify your “always done it” processes

Don’t start by arguing. Start by listing.

Look for processes where:

  • “it’s in someone’s head,”

  • documentation is inconsistent,

  • the same task is done differently across shifts,

  • you rely on one key person,

  • data is hard to retrieve under pressure.

Typical candidates:

  • receiving lot capture

  • allergen changeovers

  • pre-op inspections

  • CCP/CP monitoring

  • label verification

  • rework handling

  • hold/release

  • corrective action follow-up

Step 2 — Define what “good” looks like (in measurable terms)

Every process needs acceptance criteria.

Not “do the check.”
But:

  • what is acceptable?

  • what is not?

  • what triggers action?

Example (label verification):

  • Correct SKU, correct allergen declaration, correct nutrition panel, correct date code, correct lot code.

  • Verified at start-up, changeover, hourly, and after downtime.

  • If wrong: stop line, hold product since last good check, investigate, document corrective action.

This removes ambiguity—which is where risk hides.

Step 3 — Test the process under pressure (traceability drill)

Pick one finished lot from the last 30 days.

Ask your team to produce, fast:

  • one-step back (input lots, supplier records)

  • one-step forward (shipments/customers)

  • relevant CCP/CP records

  • sanitation verification for the window

  • any deviations and corrective actions

Time it.

If it takes hours, the process isn’t resilient. If it depends on one person, the process isn’t stable. If records don’t link cleanly, the process isn’t defensible.

Step 4 — Look for “drift points”

Drift points are where routines break in real life:

  • shift change

  • weekend production

  • high-volume days

  • staffing shortages

  • late deliveries

  • urgent orders

  • rework usage

  • equipment downtime

Don’t design procedures for perfect days. Design them for your worst days.

Step 5 — Standardize the workflow

This is where many teams struggle because paper and spreadsheets can’t enforce consistency.

A strong workflow:

  • forces required fields,

  • time-stamps actions,

  • assigns accountability,

  • triggers corrective actions automatically,

  • and creates a clean audit trail.

This is exactly what modern food safety software is built to do: make the right behavior the default behavior.

Step 6 — Make deviations visible and unavoidable

If a deviation can be hidden, it eventually will be—especially under pressure.

You need a system where:

  • out-of-spec triggers an alert,

  • the product is flagged for hold,

  • corrective action is required before closure,

  • verification is documented,

  • and leadership can see recurring failures.

Visibility is not punishment. Visibility is control.

Step 7 — Create a weekly leadership rhythm

This is how culture shifts: leadership attention.

Every week, review:

  • top 3 recurring deviations

  • missed checks (if any)

  • corrective actions open past due date

  • audit readiness gaps

  • traceability performance (time-to-trace)

If executives see this weekly, the organization stops treating food safety as “QA’s job” and starts treating it as operational performance.

Examples: “Always Done It” vs Modern Control

Example 1: Receiving lot capture

Old routine: lot written by hand, sometimes abbreviated, sometimes missing.
Risk: traceability breaks during an incident.
Modern control: structured lot capture with required fields, standardized format, internal lot assignment, link to supplier documentation.

Example 2: Allergen changeover

Old routine: cleaning checklist completed, but verification inconsistent.
Risk: cross-contact exposure, undeclared allergen risk, customer trust loss.
Modern control: validated cleaning + verification steps (ATP/allergen swabs), forced documentation, escalation if verification fails, hold/release logic.

Example 3: Corrective actions

Old routine: issue fixed in the moment, documentation later (if at all).
Risk: repeat issues, weak audit trail, “same NC every audit.”
Modern control: CAPA workflow with root cause, action owner, due dates, verification of effectiveness, trend review.

Example 4: Traceability

Old routine: “we can figure it out” by checking binders, Excel, and talking to people.
Risk: slow response, oversized recalls, regulator escalation.
Modern control: linked records across receiving → production → shipping, searchable by lot, with proof of who did what and when.

That’s the difference between “we can do it” and “we can prove it.”

The Straight Truth: Tradition Is Not Validation

In food, you don’t win because you’ve done something for 10 years.

You win because:

  • your controls are designed,

  • your records are defensible,

  • your response is fast,

  • and your culture doesn’t rely on hope.

So if you hear “we’ve always done it this way,” don’t treat it as resistance.

Treat it as a signal:

This is a process that needs evidence.

Because tradition doesn’t prevent hazards. Systems do.

Want to See What Evidence-Based Control Looks Like in Practice?

If you want to see how modern Food safety systems can replace “always done it” routines with real control—clean workflows, audit trails, faster traceability, and fewer repeat issues—book a demo here:

https://normex.ca/demo

Bring one routine you know is “held together by experience” (receiving lots, allergen changeover, label checks, CAPA). The most valuable demos aren’t generic—they show exactly how to turn a fragile routine into a defensible system.

author

Tanguy ETOGA

Mr.

Tanguy Etoga, CEO & Founder at NORMEX inc. NORMEX Inc is a food safety software company that will make the expected bridge to overcome the problem of limited resources and help companies automate their Quality, Food Safety and Health & Safety tasks and operations. Today, several companies in North America have adopted NORMEX to maintain their food safety systems.