Hi, does it require specifically in FSSC 22000 (Packaging) a vulnerability assessment to be conducted? Or are you being asked by a customer?
I think if you have an established business and operate a certfied GFSI Food Safety Management System you should have control of most if not all of any vulnerabilities, which in a packaging company are already significantly lower than in a food business. Do you use approved and monitored suppliers for your raw materials, what is the potential for substitution or fraud without you knowing? Are you transport chains to you and from you to customers know and secure? Do you have control of your premises, processes, personnel and visitors? Is your site secure?
Simply map it out in an excel.
The step, what is the potential vulnerability and what controls you have.
Keep it very simple.
At least if it is documented you can show you have considered it and it's a basis for customer/auditor scrutiny and discussion.
Hello to you all!
Following the new clause 3.8 of BRC Packaging Issue 6 and your usefull instructions above, I would like to ask if the assessement should be documented as a new plan or in our general risk assessment file? Should we do the vulnerability assessment for both for our raw materials as well as for our each supplier? Would be enough to identify and assess the above mentioned risks in order to cover the requirement?
We are flexible packaging converters for food contact and we have ISO 9001, ISO 22000 & BRC/IoP 6 cerification. Last week we have had our annual audit. The auditor had documented a non conformity in the clause 3.8.2 :
"Although a vulnerability assessment has been made for all raw materials, to assess the potential risk of substitution, nature of raw material and ease of access and economic factors were not taken into consideration"
However as I have been confused, I would appreciate if someone could forward an example?
Edited by Charles.C, 03 April 2020 - 08:45 AM.
split from food fraud,2-year old thread