You are here: Home / Archives for audit

by

Vulnerability Assessments

What is a vulnerability assessment?

 

A vulnerability assessment is a risk-assessment-style evaluation of a food’s vulnerability to food fraud.

A food fraud vulnerability assessment is a documented assessment that identifies vulnerabilities to food fraud and explains how those vulnerabilities were identified.

Vulnerability assessments are also done to assess the threat of a malicious attack on food.  Malicious attacks include attacks conducted for extortion, ideological reasons or terrorism. We call these issues of food defense. To learn more about vulnerability assessments for food defense (intentional adulteration), click here.

Why ‘vulnerability’ and not ‘risk’? 

 

  • A risk is something that has occurred before and will occur again. A risk can be quantified using existing data.
  • A vulnerability is a weakness that can be exploited.  A vulnerability can lead to a risk.

Food fraud is difficult to estimate and quantify, so we use the word vulnerability rather than risk.

Why do a vulnerability assessment?

 

  1. To protect consumers: Food that is vulnerable to food fraud presents significant risks to consumers.  Food that is adulterated or diluted   [Read more…]

by

HACCP, VACCP and TACCP

  1. HACCP (Hazard Analysis Critical Control Point)  Pronounced ‘hassup’.  HACCP = keeping food safe from accidental and natural risks to food safety.
  2. VACCP (Vulnerability Assessment Critical Control Point) Pronounced ‘vassup’.  VACCP = prevention of economically motivated food fraud.
  3. TACCP (Threat Assessment Critical Control Point) Pronounced ‘tassup’.  TACCP = prevention of malicious threats to food, such as sabotage, extortion or terrorism.  This type of malicious threat is also referred to as Intentional Adulteration within the US Food Safety Modernization Act.  Outside of the US, TACCP is more often called ‘food defense’.

HACCP

  • HACCP is a set of principles designed to control and prevent food safety risks during food production.
  • HACCP is not enforced or regulated by any single organization.
  • The ideas of HACCP form the basis of every food safety management system standard that is in use today, including GFSI food safety standards.
  • The principles of HACCP are codified (written down) by the Food and Agriculture Organization of the United Nations (FAO), in a set of documents called the Codex Alimentarius , a latin phrase which translates to “Book of Food”.
  • FAO’s General Principles of Food Hygiene CXC 1-1969 contains the HACCP principles (sometimes called HACCP Codex).  Download the 2020 revision of the HACCP Code here: http://www.fao.org/fao-who-codexalimentarius/codex-texts/codes-of-practice/ (click the green check/tick mark on the right side of the page to download).

VACCP and TACCP

  • VACCP and TACCP are terms that emerged during the 2010s as standards agencies, government regulators and industry groups started considering methods to prevent food fraud and malicious tampering.
  • VACCP is for food fraud.
  • TACCP is for food defense.
  • The acronymns VACCP and TACCP are designed to leverage the food industry’s familiarity with HACCP.  However, the critical control ‘points’ in a VACCP and TACCP plan are nothing like the ‘critical control points’ in a HACCP plan.
  • The control points in a HACCP plan are operational steps in a food manufacturing process.  The points are connected to processes over which the food manufacturer can exercise direct control.
  • For deliberate tampering (food fraud and food defense) the controls do not fit onto a linear set of processes, they do not fit the definition of ‘critical control points’ in HACCP.
  • The terms VACCP and TACCP are falling out of favor within the food safety industry.  They are not referenced specifically within any of the GFSI food safety standards, nor within the USA’s FSMA.
  • Instead of ‘”VACCP” and “TACCP”, it is much better to say “Vulnerabilities to food fraud” or “threats of malicious tampering (=food defense)”.

More acronyms demystified here.

Take a free short course on food fraud here.

food safety food fraud

by

Food Fraud Online Training Course

Food fraud requirements of BRC, SQF, FSSC and other food safety standards

How to meet the food fraud prevention requirements of major food safety standards

This course will make audit preparation a breeze.  It contains step-by-step instructions, worked examples and downloadable templates to help you meet the food fraud requirements of all major food safety standards.

sqf edition 8 food fraud

 

  • Learn about food fraud and how it can put your brand and your consumers at risk
  • Hear food fraud stories that will surprise you and learn ways to protect your business
  • Get step-by-step instructions for food fraud vulnerability assessments and food fraud mitigation plans, using real life examples
  • Download templates for vulnerability assessments, mitigation plans and food fraud prevention procedures
  • Proceed at your own pace; skip forward and back through the lessons, start and stop at your convenience*

The content is a mix of written words and short video clips, plus downloadable worked examples.

Ask the trainer a question at any time.

What’s included?

  • Food Fraud Commonly Affected Foods Ebook
  • Food Fraud Vulnerability Assessment template
  • Food Fraud Prevention Procedure template
  • Food Fraud Mitigation Plan template
  • Vulnerability assessment document – worked example
  • Raw Material Specification template
  • Food Fraud Team Job Descriptions
  • Top tips for audit preparation
  • Special 40% discount code for use on www.foodfraudadvisors.com
  • Optional exam and Certificate of Competency

Duration: 3.5 hours

Visit our training academy today

* course is available for 6 months after commencement

by

Beyond vulnerability assessments

How to verify a food defense plan

The USA FSMA Intentional Adulteration Rule deadline is fast approaching, with implementation required by 26th July.  Food defense plans are our most requested service this month, and not just for companies in the United States.  Businesses that export to the US are also affected.

The Intentional Adulteration (IA) rule

The Intentional Adulteration (IA) rule requires food businesses to identify vulnerable parts of their food manufacturing processes, implement strategies to reduce the vulnerabilities and monitor and verify that those strategies are working.  As part of the verification processes, some experts are recommending that food businesses challenge their food defense system on a regular basis.  Food safety management system standards, including SQF Edition 8, also require that manufacturing facilities challenge their food defense system.  What exactly does it mean to ‘challenge’ a food defense system, and how is that different to monitoring and verification of the system?

Monitoring vs verification vs challenge testing

Monitoring, verification and challenge testing are different, but the terminology can be confusing when used with food defense plans.  Some commentators and trainers are using the three words almost interchangeably; however, the three words actually refer to different elements of a food defense plan.

Monitoring means, at its most basic level, to check that procedures are being followed and that processes are happening as they should.  The checking process must be documented.  So, the act of monitoring is documenting in real time the actions taken to follow a given procedure or the measured outputs of a specific process.

Within a food safety plan, an example of monitoring would be checking the internal temperature of three pies from each batch after a cooling step and recording the temperature on a form.  Within a food defense system, a mitigation strategy might be the implementation of a procedure to lock all external doors, or to leave all external doors locked.  For this procedure, the monitoring activity could be a once-per-shift process of checking and recording the lock/unlock status of each door.

Verification is the process of making sure that monitoring has been done properly.  When cooling pies, for example, verification could include a once-per-shift check by a supervisor or manager that the cooled pie temperatures are being recorded AND that appropriate action has been taken if the temperature has exceeded critical limits.  Verification also includes internal audits; the internal auditor checks that the managers have been signing off the monitoring records, that the records are complete and available for all shifts and that corrective actions have been properly recorded.

In our food defense example, verification could include a check of the door lock monitoring records by a manager or supervisor.  The manager would review the records to see that they were completed on time, at the correct frequency and that any deviations, such as a broken lock, have been identified and actioned correctly.  Verification of door lock status could also be included in a weekly plant walk-through by a manager.  Internal audits would check that all these activities were being done and recorded properly.

Challenge testing is real-world scenario testing of a system’s efficacy.  A challenge test aims to validate whether procedures are effective when implemented as expected, as well as highlighting any failures in implementation.  A challenge test is different to a verification process because it would usually test the implementation and effectiveness of many food defense mitigation strategies rather than focussing on one element such as door locks.

What is the weakest link in your food defense plan?

 

How to conduct a food defense challenge

  1. Decide on a challenge action. For example, a common food defense challenge test is a penetration test, in which an unauthorised person attempts to gain access to a sensitive area.
  2. Create a food defense challenge report. In the report document exactly what you plan to do in the challenge test.  Include what, when, how, who and next steps.

For example: A person unknown to staff (Ms Jane Doe, of Acme Services) will attempt to get from the main reception area into ingredient weighing area A.  She will be wearing a business suit covered by a lab coat.  Once there, she will remain for up to twenty minutes unless challenged by an employee.  She will then leave.

If the intruder is challenged, she will claim to be a new food safety consultant/pest control account manager/new human resources manager and attempt to remain in the area.

  1. Include written contingency plans in case of escalation, for example, what will be done if police are called.
  2. Get approval for the plan from senior management.
  3. In the report record the following:
    • Name of Senior manager who has signed off on this plan.
    • Names of people who have been informed of the challenge test
    • Names of people who will be working in the affected areas at the time of the challenge, have they been trained in food defense?
    • A description of what staff are supposed to do in this scenario; what procedures should be followed.
  4. Define and document the criteria for failure and success; what will happen if the food defense procedures are working 100% correctly; what will happen if the food defense procedures are working only partially; and finally, how might the scenario progress if there is a complete fail of procedures and systems?

For example, if the ‘intruder’ is able to remain in the ingredient weighing area for 20 minutes without being challenged by an employee this could be considered a complete fail of the food defense system.  If the intruder is challenged but can convince the employee to allow them to remain in the area unattended, this could be considered a partial fail; if the employee chooses to remain with the intruder to ‘keep an eye on them’ this could be considered a better outcome than leaving the intruder unattended.

  1. Run the challenge. Have a trusted staff member observe from a discreet distance.
  2. Describe in the report what happened.
  3. Convene a meeting of the food defense team and analyse the results of the challenge test.
  4. Perform root cause analyses and raise corrective action/s for any failures in the system.
  5. Close out corrective action/s
  6. Take action to prevent a scenario like this from reoccurring, based on the root cause analyses.

Learn more about food defense

Register your interest in learning more about food defense by entering your email address in the box below.

We will never supply your email address to anyone without your written permission. View our privacy policy.


 

by

Raw Material Specifications

Raw material specifications are an important defence against food fraud for all food businesses.  Whether you are a restaurant, a specialty grocer, delicatessen, central kitchen, hotel or manufacturer, you are susceptible to food fraud.  Robust specifications can help to protect your food business from inadvertently purchasing, using or serving fraudulent ingredients and raw materials.  They can also help to protect your business from the financial fall-out if things go wrong.

Fraudulent materials include:

Modern Dairy food-processing industry Worker On A Milk Factory

Specifications for raw materials and ingredients should contain the following information:

  1. Name of the material
  2. A description of the material, including biological, chemical and physical characteristics
  3. Composition of the material, including additives and processing aids
  4. Country of origin
  5. Method of production
  6. Packaging format/s or unit of measure
  7. Delivery method/s
  8. A description of the labelling, lot ID and coding for traceability
  9. Storage conditions and shelf life
  10. Preparation and/or handling before use
  11. Acceptance and rejection criteria
  12. Requirements for certificates of analysis for high risk materials or vulnerable materials
  13. Special requirements such as allergen information, organic status, GMO status, fair-trade and ethical sourcing policies
  14. Information about compliance with statutory and regulatory requirements, where relevant
  15. A requirement for suppliers to notify of any authenticity issues with the product
  16. A requirement for suppliers to notify of any changes to the product
  17. Formal agreement between the supplier and purchaser
  18. Document control features, such as author, date and page numbers.

Download our excellent template today

How to develop a raw material specification:

  • Create a template that suits the needs of your business.  A tabular format is easy to work with.  Include all of the sections above, even if you don’t think you will use them now, or if they are not relevant to some of your materials.  You can always leave them blank.
  • You should create a separate specification for every unique material, do not create category-level specifications.
  • Obtain product specifications from your suppliers and use them to add key criteria to your specifications.
  • Add any extra criteria that will help you to control the quality, safety and authenticity of your products.  It is useful to imagine that you are receiving the material at your door or loading dock; what would you like to know about the material before you accept it? For example: Is it at the correct temperature?  Is it properly labelled?  Is the packaging undamaged with no evidence of tampering?  Is the material free of undeclared allergens?  Does it have the fat content you expect?  Has it been aged (meat) for as long as you expect?  Is it free from salmonella?  Use these questions to check that you have included all important criteria in your specification.
  • Don’t forget to include requirements for suppliers to have a food safety certificate, licence, approval or registration, where relevant.
  • If you are purchasing materials under fixed supplier contracts (as would be the case for  food manufacturers), the draft specifications will need to be approved by your purchasing department and by the suppliers themselves before they can be formally issued and implemented.
  • Review each specification at least annually and update the issue/review date.

Need help?

Contact Us Today

Our food safety and authenticity experts can develop your purchasing specifications. Click here for a free introductory consultation.