13 replies to this topic

[cocoabean123]

Hello all!

I am writing this post, partly out of despair and partly because I need to vent my frustrations on this sunny Monday morning!

 

With the new BRC 7 clause regarding vulnerability risk assessments, it is my understanding that your vulnerability assessment must be personal and unique to the products you manufacture and the ingredients you use. I also understand that it is how you as a site determine which raw material you use are high risk and then you take the actions you deem necessary depending on the outcome of your assessment.

Since the version 7 has gone live, I have since been inundated with requests from customers including questionnaires asking us as raw material suppliers to complete their vulnerability assessment for them!

I work for a chocolate manufacturer, and the questionnaires are being designed to include all of the component ingredients that make up chocolate - which would go against the whole idea of the vulnerability assessment surely?

 

E.g. as a site I am conducting a vulnerability assessment for all raw materials we use in the manufacture of chocolate e.g. cocoa, sugar, milk, soya, flavourings etc. I have designed the assessment to cover those ingredients as a whole, with additional particular attention to ingredients which have a provenance claim. I am not including in my assessment for example the components which make up some of the flavourings we use which appears what some customers are asking.

 

It is taking a lot of additional resource in regards to explaining this to customers each time they ask.

I think it's just a typical kneejerk reaction to a new standard, without reading into the standard fully before drawing up a questionnaire. Sometimes, as I'm sure everyone can understand a questionnaire is not always the answer!

 

I always reply politely to customers  and will gladly provide specific questions regarding chocolate as a whole to help them conduct their assessments, however it is crazy to expect suppliers to conduct the full assessments for customers and goes against the whole point of conducting a vulnerability assessment!

 

Would love to hear if anyone else is facing a similar situation!

 

[Sim Fallible]

Cocoabean,

 

I can appreciate where you are coming from on the matter, and like you say, suspect that your customers are trying to do a big sweep of suppliers to obtain everything that they can and concerning over every last detail.

I am in the process now of addressing this assessment for our operation and am very conscious that I need to make the assessment as opposed to asking suppliers every thing, and I want to keep it simple.

May I ask how you have gone about obtaining your data and doing your own assessment of your ingredients, as it seems to me that it could be a simplistic approach of asking the questions as set out in clause 5.4.2 ie. is it economically viable to substitute, has there been historical etc. plus other considerations such as a specific claim like you mention. Or have you gone more in depth with related series of questions that supplements a specification or supplier questionnaire. Or have you done this as an add on to other risk assessments such as allergen?

 

Just really gauging my simplistic approach being sufficient based on relatively basic raw materials, such as fresh herbs, milk, butter, pepper, salt?

[Charles.C]

Hi Cocoa Bean,

 

This post is a little OT and more of an extension of previous post.

 

I have done a mini search for this topic, here and IT, which is summarized below. Would be interesting to know how yr approach to VACCP compares.

 

I assume we are particularly talking about 5.4.(1-3) whose specified components are –

 

(1) In place processes for information on historical and developing threats to the supply chain which may present a risk of adulteration or substitution of raw materials, eg •  trade associations •  government sources •  private resource centres.

(2) A documented vulnerability assessment shall be carried out on all food raw materials or groups of raw materials to assess the potential risk of adulteration or substitution. This shall take into account:

•  historical evidence of substitution or adulteration

•  economic factors which may make adulteration or substitution more attractive

•  ease of access to raw materials through the supply chain

•  sophistication of routine testing to identify adulterants

•  nature of the raw material.

(3) Where raw materials are identified as being at particular risk of adulteration or substitution appropriate assurance and/or testing processes shall be in place to reduce the risk.

(some possible options are noted in later links)

 

IMO BRC have inserted a potentially extremely wide-scoped topic with VACCP. It’s not yet clear (to me) how much condensing of that scope is acceptable.

 

There are (will be) probably a variety of possible approaches to satisfy BRC. Some textual / pictorial examples of the latter’s thinking are here –

 

http://www.ifsqn.com...ure/#entry88656

http://www.ifsqn.com...ach/#entry85910

 

The above plus some background context is also noted  in these documents –

 Responding to Food Fraud.pdf   1.49MB   1502 downloads

(esp. pgs 13–17)

 Campden, vulnerability assessment.pdf   1.1MB   1803 downloads

(esp. pgs 8-13)

 

A draft presentation is posted here –

http://www.ifsqn.com...ccp/#entry87286

This has similarities to the above examples although not exhibiting all the factors in (2) or demarcating the (1,2,3). The risk formula is also somewhat unconventional albeit occasionally seen.

 

PS - just for a little more context, here is a very recent extract -

 

With supply chains becoming increasingly complicated and food scares very much at the forefront of consumer and retailer consciousness, BRC have moved to introduce Vulnerability Assessments to Version 7 of the standard. The aim is simple, food manufacturers must demonstrate that they have evaluated their supply chain to minimise vulnerability to food fraud.

While increasing efforts to protect the public from the potentially dangerous results of food fraud is a fundamentally good move, the way BRC have defined how best to conduct successful Vulnerability Assessments is at best vague, and at worst currently unachievable for most manufacturers.  Put simply, nobody seems to know what good looks like and until there is a clearer definition of best practice for Vulnerability Assessments, many food manufacturers will be leaving themselves open to the risk of non-conformance.

 

http://acoura.com/ne...s/?cid=1&id=305

 

PPS - I appreciate that FDA's food defense builder may satisfy BRC (and perhaps a lot more) via its "vulnerability assessment" component but i was put off using it by the "busyness" of the opening page.

[cocoabean123]

Hi Sim Fallible,

 

I have designed a basic excel spreadsheet, in one column I have the ingredient categories we use on site, with headers across the top covering specific areas which help to focus on specific risks for food fraud. These have been developed from attending training seminars and free online webinars.

 

In order to explain how this works, I have taken the example of Madagascan Vanilla Extract which is a raw material we use.

 

• Historic Incidents - Specific cases of historical fraud relating to the raw material

So, for this section a quick google search into the history of vanilla and food safety/fraud cases brought up the fact that coumarin, which is banned in the USA since 1954 because of high levels of toxicity. Coumarin has a very similar profile to Vanilla, and is often used to scam tourists in Mexico as it smells and tastes like real vanilla.  http://www.fda.gov/ForConsumers/ConsumerUpdates/ucm048613.htm

• Current/Emerging Trends - New and emerging fraud trends relating to the raw material

I used the https://www.foodfraud.org/node Food Fraud database and found a case in 2008 in which the FDA released an alert in regards to coumarin found in vanilla extracts on US supermarket shelves.

• Georgraphic Origin/Supply Chain - Geographic and supply chain issues that could result in the greater likelihood of fraud occurring

The fact that there is an origin claim ‘Madagascan’ Vanilla Extract already flags up straight away that this raw material could be at a very high risk to fraud – how do you prove the extract is truly from Madagascar?

A quick google search reveals that tropical cyclones in Madagascar and bad weather greatly affects the pricing of Vanilla, and the fact that vanilla can only be pollinated by a specific insect or more commonly hand pollinated tells me that the likelihood of fraud occurring could be quite high.

• East of Access

This covers how easily it is to gain access to adulterants, is the gain greater than the benefits of committing the fraud?

• Availability of the raw material

So this is looking at whether the raw material is widley available or is it a niche product with high value? In this case, Madgascan Vanilla Extract is high value and I would say widely available. Obviously, Madagascan origin can only be claimed if it originates from Madagascar. It is the same with Bourbon vanilla as this can only be grown in the Indian Ocean Islands.

• Availability of adulterants/complexity and cost of committing fraud

Artificial flavourings are widely available, relatively cheap. No vanilla containing coumarin has been identified in the UK (according to my research anyway!)

• Economic risks

Vanilla is the 2^nd most expensive spice in the world. It is very labour intensive in regards to the production process. It is 3 to 5 times more expensive than artificial flavouring.

I have then added a final column at the end which details control measures in place to reduce the likelihood of fraud happening. Some controls would be asking the supplier to conduct regular traceability tests to prove Madagascan origin , and some of the various analytical tests out there e.g. mass spectrometry testing  (not likely an option due to expense).

 

After reading through my assessment it's making me think I've gone too far, but it really didn't take that long to complete, and in fact it was quite interesting.

I think BRC auditors will be lenient with the first audit as they have not set out how they expect the assessment to be completed, so it is a massive learning curve for the industry and best practice will take a while to be developed.

 

Some resources which I have found very helpful:

 

https://www.foodfraud.org/node -> USA Food Fraud Database, is a great tool, our FSA does have a food fraud database which is not publicly accessible which is a shame!

 

https://webgate.ec.e...m&cleanSearch=1

 

I hope this helps/makes sense!

 

 

Cocoabean,

 

I can appreciate where you are coming from on the matter, and like you say, suspect that your customers are trying to do a big sweep of suppliers to obtain everything that they can and concerning over every last detail.

I am in the process now of addressing this assessment for our operation and am very conscious that I need to make the assessment as opposed to asking suppliers every thing, and I want to keep it simple.

May I ask how you have gone about obtaining your data and doing your own assessment of your ingredients, as it seems to me that it could be a simplistic approach of asking the questions as set out in clause 5.4.2 ie. is it economically viable to substitute, has there been historical etc. plus other considerations such as a specific claim like you mention. Or have you gone more in depth with related series of questions that supplements a specification or supplier questionnaire. Or have you done this as an add on to other risk assessments such as allergen?

 

Just really gauging my simplistic approach being sufficient based on relatively basic raw materials, such as fresh herbs, milk, butter, pepper, salt?

[Sim Fallible]

Cocoabean,

 

Many thanks for the input, very useful and has backed up my thoughts on how to go about this, I had a similar process in mind and had the initials of starting out looking at foodfraud and the such, but then hit a wall of terror! Yes the look up of ingredients within an ingredient, and then trying to get a supplier to provide country of origins, then to look up those origins for concerns and log all that........................ well it needs to be done.

 

So as an example, we source a blend of spices from a supplier, food service type supplier who has products manufactured under their brand name, they have more than one site that produces this product, okay done to a recipe and specification, but those two sites use different suppliers of different origins. I was very much okay, er, no, oh, hang on,its, oh, er, well, ah, now, er, no, ok, well if, no, well, ok, right, yes, no, er, aaaaahhhhhh.  Well it is only the initial stages and the supplier direct to us are going though their processes and so hopefully things will fall into place, and certainly the simple ingredient, fresh herbs, milk etc, yes quite straight forward, and it is good to know how other people are approaching this. I shall keep on smiling and keep doing!

[Charles.C]

Hi Sim Fallible,

 

It would seem to me that the crunch step is –

 

(a) how to arrive at a risk-based decision for (minimally?) the overall significance of the supply-chain criteria stated in  BRC7.

 

It appears the OP has passed thru the above by a mainly intuitive route. BRC will possibly expect a more "risk-centric" solution but good luck anyway.  Other than investing in BRC, the only semi-explicit published  methodology I have so far seen is the (tortuously) ingenious supply-chain elements of this document -

 

 vul1 - USP guidance on food fraud mitigation.pdf   1.08MB   886 downloads

 

This recent comment appears fairly apt –

 

http://www.qadex.com...in-a-long-time/

 

The comments in link are analogous to those on risk matrices in HACCP so the auditors are maybe going to have to accept the auditees’ subjective (logical) opinions on vulnerability unless visibly contrary to “fact”.

The potential necessity to “average” a large number of risk opinions reminds me of OPRP determination for ISO22000. A question of choosing a priority list (BRC?) or summing/dividing for an unweighted average.

With respect to “fact”, in addition to previously indicated databases such as USP, this compilation to 2012  has a wealth of cross-linked lists-pie charts on food fraud rankings for  products /  locations / fraudulent mechanisms –

 

 vul2 - food fraud and EMA, 2014.pdf   697.02KB   831 downloads

 

PS - a forthcoming, free, on-line tool for doing the VA has been advertised (seeing will be believing) -

 

http://www.ssafe-foo...g/our-projects/

[Lelouch_rayne]

Hai guys,

 

Your input help me a lot and i'm having trouble of reading all of them. I have a question regarding the questionnaire, does the standard really state to have questionnaire for the vulnerability test? or it is just a one way to make things simpler for us who conduct the assessment? I cant comprehend the importance of it, since they can lie by using false data.

 

Our Supplier for raw materials are based on abroad/overseas, in which we directly import from them (direct from the supplier), Do you think the likelihood of occurrence would be high since its out of the country and we never really did some on site visit to authenticate their production process?

 

Thanks,

 

Joan

[Charles.C]

Hai guys,

 

Your input help me a lot and i'm having trouble of reading all of them. I have a question regarding the questionnaire, does the standard really state to have questionnaire for the vulnerability test? or it is just a one way to make things simpler for us who conduct the assessment? I cant comprehend the importance of it, since they can lie by using false data.

 

Our Supplier for raw materials are based on abroad/overseas, in which we directly import from them (direct from the supplier), Do you think the likelihood of occurrence would be high since its out of the country and we never really did some on site visit to authenticate their production process?

 

Thanks,

 

Joan

Hi Joan,

 

There are apparently a variety of (BRC-acceptable) approaches to carrying out a VA.

 

The major difficulty IMO is that, afaik, it is as yet  unclear how much detail is expected by BRC.

 

For example you can compare the highly minimalist formula due to Ulrich with the more, in-depth  procedure of mgourley (Marshall) in this thread –

 

http://www.ifsqn.com...ate/#entry94149

 

One answer to yr supplier query could be in the picture on pg5 of the vul1 attachment in post6 of this thread. Unfortunately the answer is multi-faceted.

 

Not sure what you meant about the questionnaire ? As in Post 2 ? Only speculation i think.

[aps]

HI

 

Has anybody got any examples they can share as this is frying my head

 

Cheers

[aps]

What do i need to cover off.

 

We are an abattoir and cutting plant of beef (1 species) we do not take boxed meat just slaughter our own.

 

Will I need to cover of in my assessment

 

• Packaging
• People
• Chemicals

Please help

[IzzyP]

I think some people are getting their proverbial knickers in a twist regarding the Vulnerability Risk Assessments.

 

The are two dangers; 1 that it is over complicated, and 2 that it is too simplistic. Examples of both have been posted on here, you have to find your own happy medium, because your the one who is going to have to explain it to an auditor. My advise is to stick to the same risk assessment template for everything on your site, whether you opt for a 3x3 or a 5x5, do it for FS, H&S and ES. Too complicated and you'll just lose yourself, too simple and it will look like you've made no effort. 

There are a number of (repeated) posts regarding vulnerability risk assessments over the last 12 months or so.  What I find incredulous is that it is only now that some people are addressing this!

 

I'm sure that the BRC  will want to see that you have THOUGHT about the risks, and that these thoughts are documented. I think they'll accept that we are not experts in the field of some of the ingredients we are buying, but that as the person carrying out the assessment, you have taken a little bit of time to find out about your ingredient (try google or Wikipedia, you'll be surprised what you'll learn from there). As a Technical person, I would expect to know a little bit about my ingredients; how can you carry out your HACCP or pathogen rationale if you didn't?  And not only should you have documented your findings but you review them at a pre defined interval or on an ad hoc basis the same as you would for HACCP. If you think of it as the same as HACCP, you shouldn't go far wrong. THAT IS THE CLUE , TREAT IT LIKE HACCP, Instead of having your 4 risk groups, you will probably have 7 or 8. (Quota evasion / Counterfeiting etc etc)

 

My assessments sits in with a number of other documents in my QMS. It is not a stand alone document. I don't think the BRC intends it to be there on its own. The fact that its in the clause that deals with product claims and authenticity should tell you that its an elaboration on this.

 

For those who are getting SAQ's, I don't fill in SQA's. They get a copy of my BRC (seeing as I wasted 3 days sitting in an audit to obtain it) and I have a précis vulnerability document that I send out. outlines my study in a rather vague manner. Why should somebody plagiarize all of your hard work?

 

And yes, packaging and services should be included.

[Simon]

Thanks Izzy for your wise words. I think many people are getting their knickers in a twist and many are going from not having any assessment at all to assessing everything to the most minute of detail as if the end of the world is nigh.  I agree there is a happy medium based upon risk and facts.  I can see the risk of buying an ingredient from a spurious country that is easy and worth adulterating and I can see their is also some risk from deliberate malicious tampering, so you have to go and get the facts and control what you can and see if you can live with the residual risk or not.  What annoys me is when silly food producers treat packaging the same as an ingredient.  It isn't easy, possible or worth doing anything to...there are bigger fish to fry.  Get things into perspective food producers and make specific and relevant RFI's to your supply base.  Nobody is going to tamper with your sellotape...likelihood ZERO!!!

 

 

Regards,

Simon

[Charles.C]

Hi Izzy,

 

I don't disagree with most of yr comments but might note that VA is apparently (end October) No.2 for BRC NCs.

 

Possibly because BRC don't know how to handle it either. Blame it on Due Diligence.

 

FS ?   

[Kehlan]

  Nobody is going to tamper with your sellotape...likelihood ZERO!!!

 

 

ah but you've considered it!  While there's no point  in hassling your sellotape supplier for tonnes of details, doesn't hurt to have a page listing items like this (probably more the primary packaging that is in food contact) and writing down that you have risk assessed and there is no risk.  Job done!