Food Fraud Advisors

You are here: Home / Archives for audit

by

FSSC 22000 and IFS Food Standards (Updated)

FSSC 22000 and IFS Food Standard have been updated recently, with FSSC 22000 Version 6 to be enforced from April 2024, and IFS Food Version 8 enforced from October 2023.

You can get (free) copies of the newly updated standards from the standards owners:

FSSC 22000 Version 6

IFS Food Version 8

Changes to Food Fraud Requirements in the Standards

FSSC 22000

There have been minor changes to the food fraud requirements in FSSC 22000 for Version 6.  The clause numbers remain the same: 2.5.4.1 and 2.5.4.2.

  • The biggest change is that this standard now explicitly requires that the methodology for the vulnerability assessment process be defined.
  • Version 6 does not make any mention of the “documented procedure” for vulnerability assessments that was part of the previous version (Version 5.1).
  • The definition for food fraud in FSSC 22000 (Appendix 1) has had “feed” added to its scope.
  • For businesses within the FSSC category FII (food brokering, trading and e-commerce), they must also ensure that their suppliers have a food fraud mitigation plan.

 

Food Fraud Requirements of FSSC 22000, Version 6 (with new wording in blue)

2.5.4 Food Fraud Mitigation

2.5.4.1 Vulnerability Assessment

The organization shall:

    • Conduct a food fraud vulnerability assessment based on a defined methodology, to identify and assess potential vulnerabilities; and
    • Develop and implement appropriate mitigation measures for significant vulnerabilities.

The assessment shall cover the processes and products within the scope of the Organization.

2.5.4.2 Plan

    1. a) The organization shall have a documented food fraud mitigation plan, based on the output
      of the vulnerability assessment      , specifying the mitigation measures and verification procedures. 

      b) The food fraud mitigation plan shall be implemented and supported by the organization’s
      FSMS.
      c) The plan shall comply with the applicable legislation, cover the processes and products
      within the scope of the organization and be kept up to date.
      d) For food chain category FII*, in addition to the above, the organization shall ensure that
      their suppliers have a food fraud mitigation plan in place.

*FII = Food brokering, trading, and E-commerce activities

⭐⭐⭐

IFS Food

The new version of IFS Food, Version 8, has had its requirements significantly re-worded.  The clause numbers remain the same: 4.20.1 to 4.20.4.

The new wording is easier to understand and makes the requirements more easily enforced for auditing.  But does not change what a food business must do to comply.  For example, while the previous version required that food fraud vulnerability assessments be reviewed “at least annually and/or in the event of increased risks”, the new version says they should be reviewed “at least once within a 12-month period or whenever significant changes occur.”

The only notable change to meaning is that the phrase “full commitment from the senior management” has been removed from clause 4.20.1, presumably because it is not easily auditable.

Food Fraud Requirements of IFS Food, Version 8 (with new wording in blue)

4.20 Food Fraud

4.20.1 The responsibilities for a food fraud vulnerability assessment and mitigation plan shall be clearly defined. The responsible person(s) shall have the appropriate specific knowledge and full commitment from the senior management.

4.20.2 A documented food fraud vulnerability assessment, including assessment criteria, shall be documented, implemented and maintained.  The scope of the assessment shall cover all shall be undertaken on all raw materials, ingredients, packaging materials and outsourced processes, to determine the risks of fraudulent activity in relation to substitution, mislabelling, adulteration or counterfeiting. The criteria considered within the vulnerability assessment shall be defined.

4.20.3 A documented food fraud mitigation plan shall be documented, implemented and maintained developed, with reference to the vulnerability assessment, and shall include the testing and monitoring methods.  and implemented to control any identified risks. The methods of control and monitoring shall be defined and implemented.

4.20.4 The food fraud vulnerability assessment shall be reviewed, at least once within a 12-month period or whenever significant changes occur. regularly reviewed, at least annually, and/or in the event of increased risks. If necessary, the food fraud mitigation plan shall be revised/updated accordingly.

⭐⭐⭐

Takeaways

There are no big surprises in these two updates, but it pays to read all clauses carefully.

The good news is that if you have to stay up to date with multiple standards we’ve got you covered – at least when it comes to staying on top of food fraud requirements 😊

We’ve just released Edition 3 of our authoritative guide to current food fraud requirements in all major food safety standards, for auditors, consultants and food fraud specialists, with updates for the amended FSSC and IFS requirements.

Get all the food fraud requirements of all the major standards in one convenient e-book (updated)

Download it instantly, print or save it and keep it as a handy reference.

It costs USD27, which includes all future updates.  Learn more about it here.

⭐⭐⭐

by

Food Safety Standards Compared (2023)

 

food vulnerability assessment

There are many different food safety management system standards (FSMS), and they all have different requirements.  So how do you know which standard is the best one for your food company?

When it comes to food fraud, the food safety standards have minor differences in their requirements. For example, some standards require food businesses to include counterfeiting in their vulnerability assessments, while others don’t; some standards specify that vulnerability assessments must be performed on ingredients, while others state they should be done on finished products.  Some explicitly require training in food fraud awareness, while others do not.

Confused? We are here to help.  Read on to find out which standards have what requirements, and get recommendations for creating a great food fraud prevention (VACCP) program.

Background

Food safety standards are standards that describe requirements for food and related businesses.  The requirements aim to ensure that food and food-related goods are safe for consumers and customers.  The correct term for such standards is food safety management systems standards (FSMS).

There are food safety standards for all types of operations within the food supply chain, including:

  • growing and packing fresh produce;
  • manufacture of food and food ingredients;
  • buying and selling food (“brokers”);
  • storage and transport of food;
  • manufacture or converting of packaging materials;
  • manufacture of animal feed or pet food;
  • services such as cleaning, laundry, or pest control for food businesses.

The over-arching aim of all food safety standards is to keep consumers safe, but most standards also have secondary aims. Some of the most popular food safety standards were developed by food retailing groups, and these standards were written to protect the retailers’ brands as well as keep consumers safe. Other standards were developed to help food businesses understand best practices and gain a way to demonstrate their excellence through independent certifications.  Some standards include quality parameters, while others only address food safety issues.

There are dozens of internationally accepted food safety management system standards, each with slightly different requirements.  This can make it difficult to know which standards are ‘better’ or more suitable for your food company.

To solve this problem, a standard for food safety standards was created by the GFSI (Global Food Safety Initiative).  The GFSI assesses and approves food safety standards using a process called benchmarking. The aim of GFSI benchmarking is to define best practices for food safety standards and provide a way to compare and align different food safety standards.

Among the dozens of food safety standards, some are benchmarked by the GFSI (Global Food Safety Initiative), while others are not.  Benchmarked standards usually have more requirements and more rigorous expectations than non-benchmarked standards.  The auditing and certification processes for benchmarked standards are typically more time-consuming and more expensive than for non-benchmarked standards.

Food Fraud in Food Safety Standards

Food fraud prevention activities are an important part of all food safety management systems because food fraud can pose a risk to food safety.  Some food safety standards have separate, stand-alone requirements for food fraud prevention activities, while others do not.  Standards that are GFSI-benchmarked all include explicit, separate food-fraud-related requirements. Other standards rely on the hazard analysis elements of the food safety system to identify and control hazards from food fraud.

The GFSI requires all benchmarked standards to require food companies to do a vulnerability assessment for food fraud and create a mitigation plan for food fraud prevention.  Most GFSI-benchmarked standards also include details about which materials should be assessed and which types of food fraud need to be managed.

Non-GFSI standards vary in how they require a food company to approach food fraud.  Some specify or recommend a VACCP program, which is based on food fraud vulnerability assessment activities. Others, like AIB, require that food fraud risks be considered in the supplier approvals processes.  The regulations of the USA Food Safety Modernization Act (FSMA) require that food businesses identify hazards from economically motivated adulteration-type food fraud (EMA) and implement preventive controls to minimise the risks.

Among the most well-known standards, there are some notable differences. For example, the SQF Food Safety Code requires food businesses to assess and manage risks from counterfeit-type food fraud, while the BRC Food Safety Standard only requires businesses to assess the risks from adulteration or substitution activities. BRC requires horizon scanning activities, while the SQF and IFS standards explicitly mention food fraud training.

Below you will find a table that compares the current food fraud requirements of each of the major food safety standards.

Table 1.  Food fraud requirements of major food safety standards, 2023. 

Click here to open or download a pdf version of this table

  AIB* BRC* FSSC* GlobalGAP* IFS* SQF*
Food types to include in food fraud prevention activities Ingredients (implied)

 

 

 Raw materials

 

 

 Products and processes

 

 

 Unclear

 

 

 Raw materials,

ingredients,

packaging,

outsourced processes

 Raw materials,

Ingredients,

finished products

 
Food fraud types

 

 

 

 Economically motivated adulteration (only)

 

 

 Adulteration,

substitution

(only)

 

 

 Any type where consumer health is at risk (in definition, Appendix A)

 

 Unclear, however counterfeit or non-foodgrade packaging or propagation materials are included as examples

 

 Substitution, mislabelling, adulteration, counterfeiting

 

 

 Substitution, mislabelling, dilution, counterfeiting

 

 
Vulnerability assessments explicitly required? Risk assessment (implied, Appendix A) Yes Yes Risk assessment Yes Implied (Edition 9)
Mitigation plan required?

 

 

 Mitigation activities are to be included in the vulnerability assessment Yes Yes Yes Yes
Does packaging need to be included in the vulnerability assessment? Yes

(implied)

 

 Yes

(see 3.5.1.1)

 

 Yes

(as per food fraud definition, Appendix A)

 Yes

 

 

 Yes

 

 

 Implied

(primary packaging is a ‘raw material’)
Is a separate food fraud procedure explicitly required? Implied (“method shall be defined”) Implied

(“responsibilities shall be defined”)

 Implied

(“methods and responsibilities shall be documented”)
Is training in food fraud explicitly mentioned? Implied

(Clause 5.4.1)

 Yes

(Clause 3.3.4)

 Yes
Is an annual review explicitly required? Yes Yes Yes
Other

 

 

 Horizon scanning for developing threats must be done (Clause 5.4.1) Criteria for vulnerability assessments must be defined

(4.20.2)

 Food safety risks from food fraud must be specified (2.7.2.2)

*  The full names of the standards are as follows:

AIB International Consolidated Standards for Inspection of Prerequisite and Food Safety Programs, 2023

BRCGS Food Safety, Issue 9

FSSC 22000, Version 6 (NEW!)

GlobalG.A.P. Integrated Farm Assurance (IFA), Version 5.4-1

IFS Food, Version 8 (NEW!)

SQF Food Safety Code, Edition 9

Takeaways

Among the major food safety management system standards, there are small but significant differences between food fraud prevention requirements.  Key differences include whether finished products or ingredients are to be assessed, which types of food fraud must be included and the presence/absence of requirements related to horizon scanning and training.

If that all seems confusing, don’t despair…

Recommendations for a robust and compliant food fraud prevention program (VACCP)

At Food Fraud Advisors we have been working at the intersection of food fraud and food safety since the very first days of food fraud requirements in food safety standards… and we’ve been helping businesses since day one.

Creating a robust and compliant food fraud program can take time and effort but it isn’t complicated.  Follow the steps below to get started:

  1. Carefully read the food fraud clauses of the standard you are/will be certified to. Pay attention to the food types and the food fraud types that are mentioned in your standard.  HINT: you may need to check the definitions or glossary. Carefully read the food fraud clauses of the standard you are/will be certified to.
  2. Pay attention to the food types and the food fraud types that are mentioned in your standard. HINT: you may need to check the definitions or glossary.
  3. Create a robust vulnerability assessment (here’s how) and a mitigation plan for identified vulnerabilities.
  4. Create a food fraud prevention procedure that defines the methods, responsibilities and criteria for food fraud prevention.
  5. You should also conduct training for all relevant staff and ensure that the food fraud system is reviewed at least annually.

Get a complete guide to the food fraud requirements of all the major food safety standards from us, the food fraud experts, here.

by

How To Do a Vulnerability Assessment for Food Fraud

Updated 30th December 2022

What is a vulnerability assessment?

 

A vulnerability assessment is a risk-assessment-style evaluation of a food’s vulnerability to food fraud.

A food fraud vulnerability assessment is a documented assessment that identifies vulnerabilities to food fraud and explains how those vulnerabilities were identified.

Vulnerability assessments are also done to assess the threat of a malicious attack on food.  Malicious attacks include attacks conducted for extortion, ideological reasons or terrorism. We call these issues of food defense. To learn more about vulnerability assessments for food defense (intentional adulteration), click here.

Why ‘vulnerability’ and not ‘risk’? 

 

  • A risk is something that has occurred before and will occur again. A risk can be quantified using existing data.
  • A vulnerability is a weakness that can be exploited.  A vulnerability can lead to a risk.

Food fraud is difficult to estimate and quantify, so we use the word vulnerability rather than risk.

Why do a vulnerability assessment?

 

  1. To protect consumers: Food that is vulnerable to food fraud presents significant risks to consumers.  Food that is adulterated or diluted   [Read more…]

by

HACCP, VACCP and TACCP

  1. HACCP (Hazard Analysis Critical Control Point)  Pronounced ‘hassup’.  HACCP = keeping food safe from accidental and natural risks to food safety.
  2. VACCP (Vulnerability Assessment Critical Control Point) Pronounced ‘vassup’.  VACCP = prevention of economically motivated food fraud.
  3. TACCP (Threat Assessment Critical Control Point) Pronounced ‘tassup’.  TACCP = prevention of malicious threats to food, such as sabotage, extortion or terrorism.  This type of malicious threat is also referred to as Intentional Adulteration within the US Food Safety Modernization Act.  Outside of the US, TACCP is more often called ‘food defense’.

HACCP

  • HACCP is a set of principles designed to control and prevent food safety risks during food production.
  • HACCP is not enforced or regulated by any single organization.
  • The ideas of HACCP form the basis of every food safety management system standard that is in use today, including GFSI food safety standards.
  • The principles of HACCP are codified (written down) by the Food and Agriculture Organization of the United Nations (FAO), in a set of documents called the Codex Alimentarius , a latin phrase which translates to “Book of Food”.
  • FAO’s General Principles of Food Hygiene CXC 1-1969 contains the HACCP principles (sometimes called HACCP Codex).  Download the 2020 revision of the HACCP Code here: http://www.fao.org/fao-who-codexalimentarius/codex-texts/codes-of-practice/ (click the green check/tick mark on the right side of the page to download).

VACCP and TACCP

  • VACCP and TACCP are terms that emerged during the 2010s as standards agencies, government regulators and industry groups started considering methods to prevent food fraud and malicious tampering.
  • VACCP is for food fraud.
  • TACCP is for food defense.
  • The acronymns VACCP and TACCP are designed to leverage the food industry’s familiarity with HACCP.  However, the critical control ‘points’ in a VACCP and TACCP plan are nothing like the ‘critical control points’ in a HACCP plan.
  • The control points in a HACCP plan are operational steps in a food manufacturing process.  The points are connected to processes over which the food manufacturer can exercise direct control.
  • For deliberate tampering (food fraud and food defense) the controls do not fit onto a linear set of processes, they do not fit the definition of ‘critical control points’ in HACCP.
  • The terms VACCP and TACCP are falling out of favor within the food safety industry.  They are not referenced specifically within any of the GFSI food safety standards, nor within the USA’s FSMA.
  • Instead of ‘”VACCP” and “TACCP”, it is much better to say “Vulnerabilities to food fraud” or “threats of malicious tampering (=food defense)”.

More acronyms demystified here.

Take a free short course on food fraud here.

food safety food fraud

by

Food Fraud Online Training Course

Food fraud requirements of BRC, SQF, FSSC and other food safety standards

How to meet the food fraud prevention requirements of major food safety standards

This course will make audit preparation a breeze.  It contains step-by-step instructions, worked examples and downloadable templates to help you meet the food fraud requirements of all major food safety standards.

sqf edition 8 food fraud

 

  • Learn about food fraud and how it can put your brand and your consumers at risk
  • Hear food fraud stories that will surprise you and learn ways to protect your business
  • Get step-by-step instructions for food fraud vulnerability assessments and food fraud mitigation plans, using real life examples
  • Download templates for vulnerability assessments, mitigation plans and food fraud prevention procedures
  • Proceed at your own pace; skip forward and back through the lessons, start and stop at your convenience*

The content is a mix of written words and short video clips, plus downloadable worked examples.

Ask the trainer a question at any time.

What’s included?

  • Food Fraud Commonly Affected Foods Ebook
  • Food Fraud Vulnerability Assessment template
  • Food Fraud Prevention Procedure template
  • Food Fraud Mitigation Plan template
  • Vulnerability assessment document – worked example
  • Raw Material Specification template
  • Food Fraud Team Job Descriptions
  • Top tips for audit preparation
  • Special 40% discount code for use on www.foodfraudadvisors.com
  • Optional exam and Certificate of Competency

Duration: 3.5 hours

Visit our training academy today

* course is available for 6 months after commencement