I am in the process of completing updating our SQF to edition 9 and I have noticed that there is a new requirement for doing a threat assessment under food defense. I am just confused on what this exactly is. For years we have been doing a "Food Defense Risk Assessment" annually where we assess how effective our food defense is at our facility and see if anything has changed from the previous year. Auditors never really asked us to look at this but we have been doing it. I am wondering if this will suffice? Or does it need to be something similar to a food fraud vulnerability assessment where we have listed out all of the possible vulnerabilities and how likely they are to occur? Any input or even templates would be greatly appreciated to help explain.