TACCP is 'Threat Assessment & Critical Control Point'
VACCP is 'Vulnerability Assessment & Critical Control Point'
It's unclear how long the terms TACCP and VACCP have been around. The standard that drives the requirement is PAS 96:2014 (PAS stands for Publicly Available Specification) and it refers to a TACCP approach.
As a specialist in HACCP, when the Campden Guideline 72 TACCP book was published I was keen to get a copy to understand how TACCP should be carried out. I expected the guideline to give me step by step instructions on how the assessment should be completed, like the Campden Guideline on HACCP. I also expected it to link clearly with what was required in the BRC V7 (which was in draft at the time). In my opinion the TACCP book did not provide me with the information I was expecting, as:
- The main aim of the TACCP guideline was to assess threats mainly from within the manufacturing environment and not from food fraud threats of ingredients prior to delivery at the manufacturing site.
- BRC required a vulnerability assessment and the guideline only covered threat assessment (with the exception of one small paragraph which didn't really tell me much).
- TACCP stands for Threat Assessment and Critical Control Point and nowhere in the guideline did it tell me how to pinpoint what a CCP was or how to control it.
- The focus of the book was about carrying out an assessment but there didn't seem to be much guidance on what to do when the assessment had been completed - I expected an output with controls around the issues highlighted.
- There wasn't a clear methodology I could pick up and use.
You'll note that the book title has both the words threats (TACCP) and vulnerabilities (VACCP) in it. That's very intentional, because the two things are fundamentally linked.
The definition of a threat is "A deliberate act by someone to cause harm to the consumer or loss to the business due to the effect on the consumer".
The definition of a vulnerability is "How exposed the business is to the threat having an impact on the consumer".
Therefore what we really should be asking is:
"How vulnerable are we to the threat occurring and having an impact on the consumer/on our business?"
When BRC are asking you to complete a raw material vulnerability assessment, they are asking you to establish what threats are your ingredients vulnerable to? Let's take the horse meat issue as an example:
- The threat - horse meat being delivered to your site instead of beef due to fraudulent activity in the supply chain.
- If the meat is delivered minced, then you can't tell by looking at it if it's beef or horse meat - so you're vulnerable.
- If the meat is delivered as a joint, you are less vulnerable as you can probably tell that the joint doesn't look like beef.
- If the meat is delivered to you as a carcass, you're definitely going to be able to tell it's not a cow and so you're not vulnerable.
What is the point of using the term TACCP (Threat Assessment & Critical Control Point) when it does not include any mention of CCPs?
We've come up with the term TVA (Threat & Vulnerability Assessment) as we think this makes it much clearer that both threats and the vulnerabilities to those threats should be covered. It also doesn't mention CCPs as this term is a HACCP food safety term and has nothing to do with threat and vulnerability assessment.
Within the book we have provided an alternative to CCPs, which we call VTPs (vulnerable threat points) and we also provide guidance on how these should be managed.
I hope this has been of help to you and makes things a little clearer. If you have any questions please get in touch using the comments section below. I'd also love to hear your thoughts or challenges in this subject - does my explanation make sense to you? Do you agree/ disagree?
If you’d like to find out more about the methodology that we’ve developed in our book, you can go to:
Kassy Marsh, Director at Techni-K
- Aug 25 2015 06:39 PM
- by Simon