4.2 Site Security and Food Defence BRC version 8
Hi,
With the new version of BRC (version 8) a lot about security has been added.
I'm trying to have a more complete plan.
How do you elaborate your risk assessment?
Did you analyse your site by room and all the access to identify the room where a threat to your product can occur? office, dock, storage, etc.
It's kind of difficult to establish a clear method to identify the risk and classify them.
Do you list a series of threat possible and you only classify them by low risk, medium, high? green, yellow, red?
The interpretation guide is kind of blurry... 😕
How did you manage to cover the 4.2.1, 4.2.2 and 4.2.3?
Do you have some example of what is sufficient for BRC?
Thank you!
I use the attached Self assessment and a plan to reduce the risks encountered during the assessment.
Attached Files
Hi anyone used the parameter Vulnerability and Accessibility to do a threat assessment?
The parameter used in the Food Defense Plan Builder of the FDA.
https://www.accessda...er/download.cfm
Thank you
Used it in the past. FDA programs tend to be a little wonky, but if you are alright with that, it is fine.
Hi anyone used the parameter Vulnerability and Accessibility to do a threat assessment?
The parameter used in the Food Defense Plan Builder of the FDA.
https://www.accessda...er/download.cfm
Thank you
You may want to have a look at the PAS96:2017 document: Guide to protecting and defending food and drink from deliberate attack.
We've used this and it's predecessor, PAS96:2014, as the basis for our security and food defence systems for several years. It does also include a bit on EMA that we've excluded (we have a separate system for that), but is probably an interesting reference even if you don't end up using it.
Available for free here: https://www.food.gov...t/pas962017.pdf
Hi ,I have a question on Vulnerable risk assessment section 4.2.2 BRC do i need to do the assessment on each and every ingredient and process step or it shall be by the category ?
I wanted to touch a bit on these a bit further for you both.
1.
Hi anyone used the parameter Vulnerability and Accessibility to do a threat assessment?
The parameter used in the Food Defense Plan Builder of the FDA.
https://www.accessda...er/download.cfm
Thank you
The FDA has conducted many vulnerability assessments and has introduced the Key Activity Type Method for conducting these Food Defense Assessments. It is a good method for many businesses because the FDA has done most of the work for you. They conducted threat assessments across multiple industries and concluded that these 4 processes are the most vulnerable no matter the industry.
- bulk liquid receiving and loading
- liquid storage and handling
- secondary ingredient handling
- mixing and similar activities (grinding, homogenization...)
If you have any of those 4 processes, you would mark them as Key Activity Types and look at mitigation strategies from there. I think that would be an appropriate method to use if you currently do not have a threat assessment yet. https://www.fda.gov/...13684/downloadÂ
So that would be for 4.2.1 - your threat assessment - Is it a KAT? yes/no.
Then 4.2.2 and 4.2.3 will take those KATs (your significant vulnerabilities) and you'll write them out and decide control measures to put in place. The FDA's mitigation strategy database is very helpful.
2.
Hi ,I have a question on Vulnerable risk assessment section 4.2.2 BRC do i need to do the assessment on each and every ingredient and process step or it shall be by the category ?
No you do not need to conduct this based on every ingredient. You can group them together for like processes.
For example, you may have semi-bulk liquids in totes and then dry ingredients (oats, flours, spices) in bags. You may find that you do not have any threats with the semi-bulk totes but have risks when you are staging your dry ingredients because they sit in open containers for long periods of time before use. The auditor wants to see that you identified that threat with staging your dry ingredients and have a plan in place to mitigate the potential risk. So you don't have to write the same thing for 20 ingredients, you can simply group them together for having the same process.