Updated 30th December 2022
What is a vulnerability assessment?
A vulnerability assessment is a risk-assessment-style evaluation of a food’s vulnerability to food fraud.
A food fraud vulnerability assessment is a documented assessment that identifies vulnerabilities to food fraud and explains how those vulnerabilities were identified.
Vulnerability assessments are also done to assess the threat of a malicious attack on food. Malicious attacks include attacks conducted for extortion, ideological reasons or terrorism. We call these issues of food defense. To learn more about vulnerability assessments for food defense (intentional adulteration), click here.
Why ‘vulnerability’ and not ‘risk’?
- A risk is something that has occurred before and will occur again. A risk can be quantified using existing data.
- A vulnerability is a weakness that can be exploited. A vulnerability can lead to a risk.
Food fraud is difficult to estimate and quantify, so we use the word vulnerability rather than risk.
Why do a vulnerability assessment?
- To protect consumers: Food that is vulnerable to food fraud presents significant risks to consumers. Food that is adulterated or diluted causes direct risks to consumers from microbial contaminants, chemical contaminants, allergens or unhygienic handling of the food during any adulteration or substitution. There are also indirect risks from adulterants that cause chronic disease, or are carcinogenic and from fraudulent foods that are lacking in nutrients that would be present in an authentic product.
- To protect your brand: Any problem with your food products can cause loss of consumer trust which can be catastrophic for your brand.
- To meet regulatory requirements: adulteration, substitution or dilution of an ingredient indicates a flaw in the traceability of your product, which means non-compliance with the requirements of food safety regulations.
- To prevent financial losses: product withdrawals, recalls, prosecutions and civil lawsuits commonly arise from fraudulent adulteration. These can be financially crippling. How much does a recall cost?
- To meet the requirements of FSMA and GFSI food safety standards, including BRC, FSSC 22000 and SQF. What are these acronyms?
As a food safety professional you have probably already asked yourself about the vulnerabilities of the ingredients and products you work with. You may already have implemented some food fraud prevention and mitigation measures.
A vulnerability assessment is simply a record of what you have considered and how you have estimated the vulnerabilities of your raw materials or finished products..
What is the Aim of a Vulnerability Assessment?
The aim of a vulnerability assessment is to
- Understand the likelihood of food fraud affecting a food product or ingredient
- Understand the impacts of food fraud on consumers and the food brand
- Provide a framework to prioritise strategies to prevent food fraud occurring and mitigate the risks if fraud does occur.
Who should do a vulnerability assessment?
Food fraud vulnerability assessments are recommended for all businesses that make, handle and sell food, including those operating to GFSI Food Safety Standards, including British Retail Consortium Global Safety (BRCGS) Food Safety Standard Issue 9 (clause 5.4.2), FSSC 22000 Version 5 (clause 184.108.40.206) and SQF Version 9 (clause 2.7.2).
Follow the steps below to conduct a vulnerability assessment.
How to conduct a food fraud vulnerability assessment
1 Check for previous incidences of food fraud
First, check whether this food or ingredient has been affected by food fraud in the past. To do this, use food fraud databases. See our detailed guide for more information and links.
2 Investigate new or emerging issues
Find out whether there are new or emerging issues that could affect the food.
New or emerging issues include price rises and supply-demand imbalances. These may increase the risk of food fraud for this material in future.
3 Investigate your supply chain
Find out where the material comes from. Is the supply chain short or long?
Longer supply chains and supply chains with many ‘touch’ points can provide more opportunities for fraudulent activities. See our detailed guide for more information about what to look for.
4 Record your findings
As you investigate the material, document your findings from steps 1, 2 and 3. These form an important part of a vulnerability assessment report.
5 Estimate the likelihood
Use the knowledge you have gained in steps 1 -3 to estimate the likelihood that the material will be affected by food fraud.
Need more help with this? Try our online training, which includes downloadable templates and everything you need to prepare for audits.
6 Estimate the consequences
Next, consider the consequences if food fraud occurs. Would there be danger to consumers? Would the product have to be recalled? Are there serious economic consequences for food fraud in this material?
Make a record of how you reached your conclusions about the impact of food fraud on your consumers, brand and business.
7 Calculate overall vulnerability
The most straight-forward way to obtain the overall vulnerability is to plot your results on a risk matrix.
Numerical scoring systems can get complicated and imply a precision that isn’t usually possible with food fraud assessments. In a numerical scoring system, errors are significantly compounded when numbers are multiplied.
Here is an example of a risk matrix for food fraud vulnerability. If the product or material falls into a red square, it should be considered very vulnerable and actions must be taken to prevent, detect and mitigate food fraud for the material.
8 Create a report
A completed food fraud vulnerability assessment should include:
- the name of the material: food product or ingredient
- the date of the assessment,
- the date that the assessment should be reviewed (usually one year from the assessment date),
- the name of the person(s) who performed the assessment,
- page numbers and other document control features,
- scope information that reflects the requirements of your food safety management system standard
- the estimate of the likelihood that food fraud will affect the material
- the estimate of the consequences of food fraud on the material
- a risk matrix with results marked in the relevant box
- a conclusion about the overall vulnerability of the material
- information showing how the estimates of likelihood and consequences were reached.
Need templates? Check out our online training. It includes detailed, easy-to-use downloadable templates that meet the requirements of SQF Edition 9, BRC Issue 9, FSSC 22000 ver 5 and other major food safety standards.
What comes next?
Now you have a vulnerability assessment, find out what to do next.