Food Fraud Advisors

You are here: Home / Archives for vulnerability assessment

by

HACCP, VACCP and TACCP

What do HACCP, VACCP and TACCP mean?

They are acronyms used in food safety.

HACCP has been around for decades, VACCP and TACCP were introduced in the 2010s.

VACCP and TACCP are no longer used by most food safety experts, and have been superseded by ‘food fraud programs’ and ‘food defense plans’.

 

What does HACCP stand for?

  • HACCP (Hazard Analysis Critical Control Point)  Pronounced ‘hassup’.  HACCP = keeping food safe from accidental and natural risks to food safety.

What does VACCP stand for?

  • VACCP (Vulnerability Assessment Critical Control Point) Pronounced ‘vassup’.  VACCP = prevention of food fraud.  Has been superseded by ‘food fraud prevention’.

What does TACCP stand for?

  • TACCP (Threat Assessment Critical Control Point) Pronounced ‘tassup’.  TACCP = prevention of malicious threats to food, such as sabotage, extortion or terrorism, sometimes called Intentional Adulteration within the US Food Safety Modernization Act.  Has been superseded by ‘food defense’.

What is HACCP?

  • HACCP is a set of principles designed to control and prevent food safety risks during food production.
  • HACCP is not enforced or regulated by any single organization.
  • The ideas of HACCP form the basis of every food safety management system standard that is in use today, including GFSI food safety standards.
  • The principles of HACCP are codified (written down) by the Food and Agriculture Organization of the United Nations (FAO), in a set of documents called the Codex Alimentarius , a latin phrase which translates to “Book of Food”.
  • FAO’s General Principles of Food Hygiene CXC 1-1969 contains the HACCP principles (sometimes called HACCP Codex).  Download the 2020 revision of the HACCP Code here: http://www.fao.org/fao-who-codexalimentarius/codex-texts/codes-of-practice/ (click the green check/tick mark on the right side of the page to download).

What is VACCP and TACCP?

  • VACCP and TACCP are terms that emerged during the 2010s as standards agencies, government regulators and industry groups started considering methods to prevent food fraud and malicious tampering.
  • VACCP is for food fraud.
  • TACCP is for food defense.
  • The acronyms VACCP and TACCP are designed to leverage the food industry’s familiarity with HACCP.  But they are unhelpful terms.  The controls in food fraud and food defense plans are nothing like the ‘critical control points’ in a HACCP plan.  The control points in a HACCP plan are operational steps in a food manufacturing process over which the food manufacturer has direct control.  Food fraud and food defense controls are different and they do not work the same way as ‘critical control points’ in HACCP.
  • The terms VACCP and TACCP are falling out of favor within the food safety industry.  They are not referenced specifically within any of the GFSI food safety standards, nor within the USA’s FSMA.

 

What to say instead of VACCP and TACCP?

  • Instead of ‘”VACCP” it is better to say food fraud prevention program.
  • Instead of “TACCP” it is better to say food defense plan.

Learn more

food safety food fraud

by

Investigating Susceptibility to Food Fraud

Updated 9 Feb 2026

Some foods are more susceptible than others to economically motivated adulteration, substitution and dilution.  Understanding the susceptibility of an ingredient or raw material type is an important part of every food fraud vulnerability assessment process.

A TWO-PART PROCESS

Susceptibility is investigated in two parts.

(1) General Susceptibility (is this type of food often affected by food fraud or not?)

You can estimate a food’s general susceptibility using publicly available information.

(2) Specific Susceptibility (is the food we purchase likely to be affected by food fraud?)

The specific food fraud attributes depend on your supply chain, management of the supply chain and testing and auditing activities.

STEP 1. GENERAL SUSCEPTIBILITY

To investigate the general susceptibility of a food or ingredient to food fraud, use publicly available information about incidences of fraud that have occurred in the past and that might occur in the future.

There are a few different ways to access information about previous incidents and emerging issues with a raw material type, as shown below.

1. Online databases – access to historical data:

A food fraud database provides a way to access historical information about food fraud.

A food fraud database is a collection of information about food fraud incidents and food fraud risks. There are a number of free and paid databases operated by governments, not-for-profits and private companies available worldwide.  The type of data varies from database to database, as does the cost and the features.  For a current list of food fraud databases, check out our post Food Fraud Databases Compared.

2. Email alerts via subscription service:

Email services provide near-to-real-time information about food fraud incidents as they occur. This can be a good way to keep on top of developing food fraud risks.   Below is a list of email subscriptions that can provide information about food fraud.

  • Food Forensics, a laboratory located in United Kingdom, offer a monthly horizon scanning risk newsletter to members in the United Kingdom.
  • FoodChainID Horizon Scan is a paid subscription service that provides alerts on adulteration and fraud, as well as food safety contamination events (global).
  • Some trade associations provide email services to members.
  • The Rotten Apple, by Karen Constable (of Food Fraud Advisors), is a weekly newsletter that includes trends and analysis as well as weekly food fraud incident reports.
  • Government-run food safety and food regulatory bodies in some jurisdictions send emails to interested parties.  Contact your local authority for more information.

3.  Direct intelligence:

Direct intelligence is another means of gathering information about the occurrence of food fraud for a given food or ingredient.

  • Information can be obtained by asking law enforcement officials and government departments.
  • Suppliers can provide information about their material types.
  • Trade associations can be approached for information on food fraud and emerging issues.
  • Conferences and webinars about food fraud and food defence are held regularly and these can be a good source of information.

STEP 2. SPECIFIC SUSCEPTIBILITY

In step one you considered the general likelihood of food fraud occurring for the food or ingredient you are assessing.

In step two you must consider the characteristics of your specific material as it is purchased by your food business.

Characteristics that should be considered include those associated with your supply chain, purchasing policies and the format of the material, for example whether it is a powder or liquid or solid.

Each characteristic should be considered with regards to how it could affect the degree to which a person may be motivated to fraudulently adulterate the material and how it could allow a person to:

a) gain access to the material,

b) commit fraud by adulterating, substituting or diluting the material or

c) avoid detection.

To ensure that all relevant characteristics are considered, it is best to use a checklist

Checklists help to ensure that all relevant information has been considered.

You can create your own checklist or use a checklist prepared by experts such as those found in a proprietary Vulnerability Assessment Tool.

There are a number of fraud assessment tools available on-line, with differing degrees of usefulness (some are really annoying to use!).  The most comprehensive checklist for food fraud vulnerability assessments can be found in Food Fraud Advisors’ Vulnerability Assessment Tools.

Need more help?  Get easy-to-use, comprehensive downloadable templates in our online training course.

Visit our training academy today

by

Food Fraud Online Training Course

Food fraud requirements of BRC, SQF, FSSC and other food safety standards

How to meet the food fraud prevention requirements of major food safety standards

This course will make audit preparation a breeze.  It contains step-by-step instructions, worked examples and downloadable templates to help you meet the food fraud requirements of all major food safety standards.

sqf edition 8 food fraud

 

  • Learn about food fraud and how it can put your brand and your consumers at risk
  • Hear food fraud stories that will surprise you and learn ways to protect your business
  • Get step-by-step instructions for food fraud vulnerability assessments and food fraud mitigation plans, using real life examples
  • Download templates for vulnerability assessments, mitigation plans and food fraud prevention procedures
  • Proceed at your own pace; skip forward and back through the lessons, start and stop at your convenience*

The content is a mix of written words and short video clips, plus downloadable worked examples.

Ask the trainer a question at any time.

What’s included?

  • Food Fraud Commonly Affected Foods Ebook
  • Food Fraud Vulnerability Assessment template
  • Food Fraud Prevention Procedure template
  • Food Fraud Mitigation Plan template
  • Vulnerability assessment document – worked example
  • Raw Material Specification template
  • Food Fraud Team Job Descriptions
  • Top tips for audit preparation
  • Special 40% discount code for use on www.foodfraudadvisors.com
  • Optional exam and Certificate of Competency

Duration: 3.5 hours

Visit our training academy today

* course is available for 6 months after commencement

by

Beyond vulnerability assessments

How to verify a food defense plan

The USA FSMA Intentional Adulteration Rule deadline is fast approaching, with implementation required by 26th July.  Food defense plans are our most requested service this month, and not just for companies in the United States.  Businesses that export to the US are also affected.

The Intentional Adulteration (IA) rule

The Intentional Adulteration (IA) rule requires food businesses to identify vulnerable parts of their food manufacturing processes, implement strategies to reduce the vulnerabilities and monitor and verify that those strategies are working.  As part of the verification processes, some experts are recommending that food businesses challenge their food defense system on a regular basis.  Food safety management system standards, including SQF Edition 8, also require that manufacturing facilities challenge their food defense system.  What exactly does it mean to ‘challenge’ a food defense system, and how is that different to monitoring and verification of the system?

Monitoring vs verification vs challenge testing

Monitoring, verification and challenge testing are different, but the terminology can be confusing when used with food defense plans.  Some commentators and trainers are using the three words almost interchangeably; however, the three words actually refer to different elements of a food defense plan.

Monitoring means, at its most basic level, to check that procedures are being followed and that processes are happening as they should.  The checking process must be documented.  So, the act of monitoring is documenting in real time the actions taken to follow a given procedure or the measured outputs of a specific process.

Within a food safety plan, an example of monitoring would be checking the internal temperature of three pies from each batch after a cooling step and recording the temperature on a form.  Within a food defense system, a mitigation strategy might be the implementation of a procedure to lock all external doors, or to leave all external doors locked.  For this procedure, the monitoring activity could be a once-per-shift process of checking and recording the lock/unlock status of each door.

Verification is the process of making sure that monitoring has been done properly.  When cooling pies, for example, verification could include a once-per-shift check by a supervisor or manager that the cooled pie temperatures are being recorded AND that appropriate action has been taken if the temperature has exceeded critical limits.  Verification also includes internal audits; the internal auditor checks that the managers have been signing off the monitoring records, that the records are complete and available for all shifts and that corrective actions have been properly recorded.

In our food defense example, verification could include a check of the door lock monitoring records by a manager or supervisor.  The manager would review the records to see that they were completed on time, at the correct frequency and that any deviations, such as a broken lock, have been identified and actioned correctly.  Verification of door lock status could also be included in a weekly plant walk-through by a manager.  Internal audits would check that all these activities were being done and recorded properly.

Challenge testing is real-world scenario testing of a system’s efficacy.  A challenge test aims to validate whether procedures are effective when implemented as expected, as well as highlighting any failures in implementation.  A challenge test is different to a verification process because it would usually test the implementation and effectiveness of many food defense mitigation strategies rather than focussing on one element such as door locks.

What is the weakest link in your food defense plan?

 

How to conduct a food defense challenge

  1. Decide on a challenge action. For example, a common food defense challenge test is a penetration test, in which an unauthorised person attempts to gain access to a sensitive area.
  2. Create a food defense challenge report. In the report document exactly what you plan to do in the challenge test.  Include what, when, how, who and next steps.

For example: A person unknown to staff (Ms Jane Doe, of Acme Services) will attempt to get from the main reception area into ingredient weighing area A.  She will be wearing a business suit covered by a lab coat.  Once there, she will remain for up to twenty minutes unless challenged by an employee.  She will then leave.

If the intruder is challenged, she will claim to be a new food safety consultant/pest control account manager/new human resources manager and attempt to remain in the area.

  1. Include written contingency plans in case of escalation, for example, what will be done if police are called.
  2. Get approval for the plan from senior management.
  3. In the report record the following:
    • Name of Senior manager who has signed off on this plan.
    • Names of people who have been informed of the challenge test
    • Names of people who will be working in the affected areas at the time of the challenge, have they been trained in food defense?
    • A description of what staff are supposed to do in this scenario; what procedures should be followed.
  4. Define and document the criteria for failure and success; what will happen if the food defense procedures are working 100% correctly; what will happen if the food defense procedures are working only partially; and finally, how might the scenario progress if there is a complete fail of procedures and systems?

For example, if the ‘intruder’ is able to remain in the ingredient weighing area for 20 minutes without being challenged by an employee this could be considered a complete fail of the food defense system.  If the intruder is challenged but can convince the employee to allow them to remain in the area unattended, this could be considered a partial fail; if the employee chooses to remain with the intruder to ‘keep an eye on them’ this could be considered a better outcome than leaving the intruder unattended.

  1. Run the challenge. Have a trusted staff member observe from a discreet distance.
  2. Describe in the report what happened.
  3. Convene a meeting of the food defense team and analyse the results of the challenge test.
  4. Perform root cause analyses and raise corrective action/s for any failures in the system.
  5. Close out corrective action/s
  6. Take action to prevent a scenario like this from reoccurring, based on the root cause analyses.

Learn more about food defense

Register your interest in learning more about food defense by entering your email address in the box below.

We will never supply your email address to anyone without your written permission. View our privacy policy.


 

by

What next?

Updated 30th April 2022

Now you have a food fraud vulnerability assessment, what comes next?

 

First, make a home for the vulnerability assessment documents so that they can easily be found for reviews and audits.  They should be incorporated into an existing quality manual or food safety manual, with correct document reference numbers and with review dates scheduled in the same way as other sections of the system.  If the business operates a risk register or an enterprise risk management system, talk to the owner of that register about whether it is appropriate to reference the documents in that system also.

Second: communicate!

If food fraud vulnerabilities have been identified the business will need to make a plan to

prevent deter detect

  • Prevent the purchase of fraudulent ingredients or products
  • Deter fraudsters from adulterating materials that your business is going to purchase
  • Deter counterfeiters from copying or ‘faking’ your products
  • Detect fraudulent materials before they are used to make food
  • Detect fakes in the marketplace so enforcement action can be taken

This is a job for the whole business, not just food safety or food quality personnel.  Communicating what has been found in the vulnerability assessment is the first step in engaging people from other parts of the food business.  Ideally the top levels of management of the food business are committed to preventing, deterring and detecting fraud and will be willing to implement changes to protect the business.  It may be necessary to make changes to purchasing policies, supply chain strategies and supplier contracts to help prevent fraudulent materials from reaching the doors of your factory.  Changes to sales agreements, sales channels and packaging might be needed to prevent food fraud from affecting your products after they have left your facility.  Personnel from purchasing, finance, marketing, sales and legal departments will need to be involved to implement changes within these business areas.   If the business has a Risk Officer or an Enterprise Risk Manager that person should also be involved in the prevention and mitigation planning process.  The result should be a cross-functional team with upper management support and a commitment to prevent food fraud, plus the resources to implement changes to policies, practices and programs.

That is the theory anyway; without support from upper management and a cross-functional team, any fight against food fraud is going to be tough.  However there are some things that can be done by food safety personnel that are relatively quick to implement and do not require a lot of investment from other parts of the business.  These are listed below.

Third: action!

Create and implement a food fraud prevention and detection plan (‘control plan’).

Here are some actions that can reduce your exposure to food fraud:

  1. Update your raw material specifications to include authenticity requirements.  Guidance for raw material specifications.
  2. Review your vendor approvals systems and revise questionnaires and requirements if required.  Consider implementing more stringent requirements for suppliers that provide vulnerable materials.
  3. (Re)assess vendors’ backgrounds: the financial stability of the vendor’s company, the legal status of the company (licensed? bankrupt?)
  4. Check vendors for previous prosecutions, fines and warnings from food authorities.
  5. Request certificates of analysis (CofA) from suppliers of vulnerable materials and make sure they include analyses that reflect authenticity attributes as described in your purchasing specifications.  This won’t actually prevent fraud but will help your business to enforce penalties if problems are found later.
  6. Incoming goods inspections.  Make sure they include: checking seals for evidence of tampering; verifying batch IDs on delivery documents; verifying relevant certificates.
  7. Begin analytical testing of vulnerable materials.
  8. Investigate the costs and benefits of supply chain audits, including whether ad-hoc, one-off visits to certain suppliers might be worthwhile.
  9. Request tamper-evident packaging and bulk container tamper seals for vulnerable raw materials.
  10. Ask suppliers of vulnerable materials to undertake a mass balance exercise at their facility or further upstream in the supply chain.
  11. Make a business case for switching suppliers of materials that prove to be consistently problematic and present it to your purchasing department.
  12. Make sure that senior staff in the business understand the risks posed by food fraud, by providing Food Fraud Awareness Training.
  13. Stay up to date with changes to commodity prices and supply issues (‘horizon scanning’).

Need help with your food fraud control plans?  Get easy instructions and downloadable templates from our online training course.

Check out our low-cost, self-paced, on-demand training courses