What is food defence and vulnerability assessment?

Introducing John Husband

When you’ve been doing something for over 25 years, you get a good idea of how to do it well. Since 1998, I’ve helped hundreds of food and manufacturing businesses and their employees work smarter, stay compliant and help develop their management systems.

Essentially, my work as a Consultant, BRCGS Principle Training Partner (Traditional and Virtual), Third Party Auditor and Royal Society of Public Health (RSPH) approved trainer is about helping companies and people improve. And there’s nothing more rewarding than that.

What is food defence and vulnerability assessment?

1. Background

As we know BRCGS Global Standard Food Safety Issue 9 has requirements for sites to undertake food defence and vulnerability assessments. These requirements are not new but what is new is that those personnel undertaking food defence and vulnerability assessments have to be trained and have knowledge of both the site and the principles of food defence and vulnerability assessment.

To start we can look at the definitions for food defence and vulnerability assessment:

Food Defence – Also known as Threat Analysis Critical Control Points (TACCP)
Procedures adopted to protect products, premises and brands from malicious actions while under the control of the site

Vulnerability assessment – Also known as Vulnerability Analysis Critical Control Points (VACCP)
Techniques used to identify and mitigate risks associated with raw materials in the supply chain.

HACCP (Hazard Analysis Critical Control Point)
Keeping food safe from accidental and natural risks to food safety.

We can see from the different definitions that food defence and vulnerability assessment are about intentional malicious contamination which can be ideologically motivated e.g. A person or group motivated by extremist views including religious, political, racist, and single-issue ideologies or for economic gain. Whereas HACCP is to prevent accidental risks to food safety.

2. Types of threats

PAS 96:2017 provides examples of the type of treats that sites need to be aware of covering:

3. Key Terms and definitions

It’s important when undertaking food defence and vulnerability assessment that we understand the differences between the different definitions e.g substitution and adulteration. The definition for substitution is straight forward; “Replacing a high value ingredient with a low value ingredient”. This is generally done for financial gain and a good example is substituting milk with water. There are other reasons why substitution could take place which may revolve around a site not being able to purchase an ingredient and substituting it for a low value ingredient.

Adulteration is a little more complex and is where a fraudster enhances an ingredient or product to make it appear to be higher quality than it actually is. For example adulterating seafood that is going off by spraying it with sanitiser to remove the smell.

Another example is saffron, one of the most frequently adulterated foods. Powdered saffron is more at risk than whole saffron where synthetic dyes are used to boost the colour to a more vibrant yellow.

When setting up a team to undertake food defence or vulnerability assessments it’s important to have people who understand the type of substitutions and adulteration associated with the ingredients and products the site handles.

4. Tools and techniques to undertake food defence and vulnerability assessments

The following details some of the tools and techniques that sites can apply when undertaking a food defence and or vulnerability assessment:

Horizon Scanning

Is where a company has systems in place for a systematic examination of different information sources to identify potential threats, risks, emerging issues and opportunities.
Typical information may cover:

Trade associations
Government sources
Independent consultants
Customers

Risk Maps

A risk map (risk heat map) is a data visualisation tool for communicating specific risks an organisation faces. A risk map helps companies identify and prioritise the risks associated with their business.

Example of Risk Map

5. Supply chain maps

Supply chain mapping (SCM) is the process of documenting information across companies, suppliers, and individuals who are involved in the company’s supply chain, to create a global map of their supply network. For example, documenting the source of material and the different steps it takes to get to site. This allows for the identification of potential substitution and or adulteration at each step in the supply chain.

6. Threat Identification

Information collected from the horizon scanning can then be used to identify potential and actual threats covering:
Adulteration and substitution to purchased raw material and packaging:

Malicious contamination of ingredients, products and packaging held on site
Cyber attack
Counterfeiting
Extortion

Once the threat analysis has been undertaken then a quantitative risk assessment should be undertaken to allow identified threats to be quantified. Consideration should also be given to the type of risk assessment used e.g Priority Risk Numbers (PRN) where the criteria used to identify threats covers:

Once the identified risks have been quantified they can then be prioritised allowing the appropriate resources to be allocated.

Mitigation and controls

The food defence and vulnerability assessments then need to review the hierarchy of controls e.g. prevented, eliminated or reduced to acceptable levels. The types of controls a site could apply are:

Certificates of analysis from raw material suppliers
Raw material testing
Supply chain audits
Use of tamper evidence or seals on incoming raw materials
Enhance supplier approval checks
Mass balance exercises at the raw material supplier
Changes to the supply chain, e.g. a change of supplier or a move to a shorter supply chain

7. Review

The food defence and vulnerability assessment needs to be reviewed annually as a minimum to determine its effectiveness and suitability. In addition the food defence and vulnerability assessment also needs to reviewed when:

Emergence of a new risk (e.g. publication of information relating to the adulteration of an ingredient).
Developments in scientific information associated with ingredients, process or product.
Information received as part of supplier approval or raw material risk assessment which highlights a new or evolving risk
New raw materials being considered for purchase
A change in the country of origin or the supplier of raw materials
A change in the financial situation of the raw material supplier or country of origin
A change in the cost of raw materials, either upwards or downwards
A change in the supply chain, logistics and delivery of materials
A change in availability of the material (e.g. due to seasonal shortages)

If you would like to learn more about food defence and vulnerability assessment and the tools and techniques to undertake assessments then totrain offer a 1 day food defence and vulnerability assessment course. Click here for more information.

Written by John Husband

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	past	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_36130860_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
ep201	30 minutes	This cookie is set by the provider Surveymonkey. This cookie is used for statistical analysis and website optmization. It gathers information on user's interaction with the SurveyMonkey- Widget on thewebsite.
ep203	3 months	No description available.
wp-resetpass-ab16250fe658a29e99b4c80a7a6cb0e6	past	No description

What is food defence and vulnerability assessment?

Share