Metal detection is a physical-hazard control that screens food for ferrous, non-ferrous, and stainless-steel fragments and automatically rejects contaminated product. When it is the only step that removes metal from the food, it is a critical control point, with a defined critical limit, monitoring, corrective action, and validation.
A metal detector that runs but was never validated, or whose reject flap has been zip-tied open "to keep the line moving," is theater. This post covers how detection actually works, what test pieces and sphere sizes to use, the difference between validation and verification, when metal detection is a CCP, and how to handle rejects so a failure never reaches a customer.
How does metal detection work?
Most food metal detectors use a balanced-coil design: a transmit coil in the center and two receive coils on either side, wired so their signals cancel when nothing metallic passes. When a metal fragment enters the aperture, it disturbs the electromagnetic field and unbalances the coils, and the detector fires a reject. The detector reads two properties of the metal, its magnetic effect and its electrical conductivity, which is why different metals are harder or easier to find.
- Ferrous metals (iron, steel) are the easiest to detect: they are both magnetic and conductive, so they disturb the field strongly.
- Non-ferrous metals (aluminum, copper, brass) are non-magnetic but good conductors, so they are detectable but need a slightly larger fragment than ferrous.
- Stainless steel (especially austenitic grades like 316) is the hardest: non-magnetic and a poor conductor, so it produces the weakest signal and requires the largest fragment to detect reliably.
What sphere sizes and test pieces do you use?
You set and prove sensitivity with certified test pieces: small spheres of a known metal type and diameter embedded in a food-safe carrier. Spheres are used because a sphere presents the same profile from every angle, so the result doesn't depend on orientation. Each detector is characterized by the smallest sphere it reliably detects for each of the three metal types, for example, 1.5 mm ferrous, 2.0 mm non-ferrous, 2.5 mm stainless steel. The stainless number is always the largest because stainless is the hardest to see.
How you test matters as much as what you test with. Pass each test piece through the aperture in the worst-case position, usually the geometric center, where sensitivity is lowest, and at production line speed. Run it at the leading edge, middle, and trailing edge of a pack, three passes, because detection can vary along the pack. Record the smallest sphere detected for each metal type. The critical limit for your CCP is the sphere size you can reliably detect and reject, not the best number the salesperson quoted in an empty lab.
What's the difference between validation and verification?
These two words get used interchangeably and mean very different things. Validation answers "can this system reliably detect and reject the defined contaminant under real production conditions?", done once at setup and after any change, using certified test pieces run through actual product at line speed to prove the critical limit is achievable. Verification answers "is it still working right now?", the routine checks, run at a defined frequency during production, that confirm the validated performance is holding.
Verification frequency is a risk decision: many plants check at start-up, at defined intervals (every 30 or 60 minutes, or every hour), at product changeover, and at end of run. The frequency sets your worst-case exposure, if you check hourly, a failed check means holding up to an hour of product. This mirrors how statistical process control treats sampling frequency versus risk.
When is metal detection a CCP?
Metal detection is a critical control point when it is the last or only step that eliminates or reduces a physical metal hazard to an acceptable level. In your HACCP plan, that makes it a CCP with the full apparatus: a critical limit (the maximum sphere size that must be detected and rejected for each metal type), monitoring (verification test frequency), corrective action (what happens on a failed test), verification (that monitoring and the detector work), and validation records.
If metal detection is not the final control, if a downstream step also removes metal, or if the hazard is not reasonably likely to occur, it may be a prerequisite program instead of a CCP. That is a hazard-analysis decision, not a default. But when the metal detector is the last line before the customer, treating it as anything less than a CCP is a gap an auditor will find, and a hazard a consumer might.
How should rejects be handled?
Detecting metal is worthless if the contaminated product rejoins good product. Reject handling is where many metal-detection programs quietly fail. The reject system must be fail-safe and secure:
- Automatic reject. The detector triggers a reject device, an air blast, pusher, or diverter, that removes the flagged product without an operator decision.
- Fail-safe design. If the reject device fails, or air pressure drops, the system alarms and stops the line rather than passing product. A detector that "detects" but can't reject must not run.
- Secure, lockable reject bin. Rejected product goes into a locked container only authorized staff can open, so it cannot be casually returned to the line.
- Investigate every reject. A genuine metal reject is a signal, find the source (broken blade, worn sieve, equipment wear) before it makes more contaminated product.
- Quarantine on a failed check. If a verification test fails, stop, and hold all product back to the last passing check for inspection or re-processing.
That last rule is the one that saves you. Because you can't know exactly when the detector stopped working, a failed check condemns everything since the last good one, which is why tighter check frequency and a documented corrective action tie directly into your corrective action and recall processes.
What makes detection harder?
Real product isn't an empty aperture. The "product effect", signal from the food itself, is the biggest challenge. Wet, salty, or warm products are conductive and generate their own signal that can mask a small metal fragment, forcing a less sensitive setting. Foil packaging defeats conventional detection entirely (X-ray or foil-compatible detectors are used instead). And aperture size matters: the smaller the opening relative to the product, the better the sensitivity, so right-sizing the aperture is a real sensitivity decision, not just a fit question.
All of this is why the validated number for your product on your line is the only number that counts. It also explains why metal detection lives on paper checks that fail quietly: a verification log with identical entries all shift, a test done "later," a reject bin no one reconciled. Moving verification checks onto tablets with timestamps, required test-piece results, and a forced corrective-action workflow on any fail makes the record trustworthy by construction and ties the CCP into the rest of the quality system, the same digitize-the-paper move Harmony ran for CLS's production and quality logs (see how CLS did it).
Facts worth pinning:
- Food metal detectors are tested with certified ferrous, non-ferrous, and stainless-steel spheres; stainless steel requires the largest sphere because it is non-magnetic and poorly conductive (industry standard practice per detector manufacturers and GFSI foreign-material guidance).
- When metal detection is the final step controlling a physical hazard, HACCP principles make it a CCP with a critical limit, monitoring, corrective action, verification, and validation (FDA HACCP principles).
- On a failed verification check, product back to the last passing check must be held, because the exact failure time is unknown, a core HACCP corrective-action principle (9 CFR 417.3).
A metal detector is only as good as its weakest link, validation, verification, or reject handling. Validate the capability on your real product, verify it on a frequency your risk can tolerate, treat it as a CCP when it is the last defense, and build a reject system that fails safe. Do that, and metal detection stops being theater and starts being control. It sits alongside your FSIS or FDA HACCP program and your lot coding so a genuine reject maps to a contained, traceable response (see the platform).