In GFSI standards is it mandatory to do TACCP & VACCP with CCP’s
According IFS6.1 and BRC8 it is mandatory (requirement) to do TACCP (food defense) and VACCP (Food fraud) with CCP and critic limit or just we create vulnerability mitigation plan after doing evaluation of vulnerability
It may depend on what you mean by "vulnerability mitigation plan".
One of the problems with VACCP, TACCP, threat, food defence etc is that unlike HACCP there is no specific definition, so the terms mean different things to different people...
BRC Issue 8 does require a documented risk assessment for site security / food defence and a documented vulnerability assessment for food fraud, but these could take several different forms and approaches. Certainly there would be no necessity for the systems to have CCPs as such.
It may depend on what you mean by "vulnerability mitigation plan".
One of the problems with VACCP, TACCP, threat, food defence etc is that unlike HACCP there is no specific definition, so the terms mean different things to different people...BRC Issue 8 does require a documented risk assessment for site security / food defence and a documented vulnerability assessment for food fraud, but these could take several different forms and approaches. Certainly there would be no necessity for the systems to have CCPs as such.
This is my opinion and others may disagree:
A CCP in a HACCP plan is a point in your process where you know you are going to have contamination normally present and you have adequate, documented and recorded controls to remove the contamination or reduce it to an acceptable level.
The confusion about CCP's applying to all control programs, I think, is that people mean "important" or "required" when they use the word "critical".
Food Defense and Food Fraud are important prerequisite programs. They cover a lot of different operations and locations. There is not just one activity (control) at one location that removes contamination or reduces the risk.