Maybe yes, maybe no. If you base your vulnerability assessment on whether or not your supplier is certified to a GFSI scheme, you are assuming a couple of things:
1) The certification scheme ensures that there is NO way that the supplier will source or provide fraudulent or substituted raw materials
2) Your supplier is completely above board and in no way faked any documentation to be certified to a GFSI scheme
3) The CB that audits your supplier completely checks all raw materials that the supplier supplies, to ensure that the supplier is above board.
While I have not spent a huge time on the VA required by the latest issue of the BRC Standard, I have done enough to create a fairly simple spreadsheet that seems to meet the intent of the clause.
1) Are there historical instances of fraud or substitution for x raw material?
2) Are there significant (many) historical instances of fraud or substitution for x raw material?
If the answers are yes, you need to dig further.
If the answers are no, VA complete. Raw material is low risk.
Marshall