9 replies to this topic

[IFSQN1]

hELLO, 

I just completed my GFSI audit and has a non-compliance stating food fraud program does not include the identification of food fraud vulnerabilities and control measures for all ingredients. FF program has been revised and accepted but additional info is requested, "it is expected that vulnerability program be submitted wiht full list of ingredients assessed individually with mitigation noted for controls" Does this mean i have to run a vulnerability assessment of all ingredients to be submitted inorder to be approved my noncompliance. It is fine to ask some clarification wiht the reviewer regarding this additional information requested? 

 

Any comments will be greatly appreciated. Thank you.

 

[Charles.C]

hELLO, 

I just completed my GFSI audit and has a non-compliance stating food fraud program does not include the identification of food fraud vulnerabilities and control measures for all ingredients. FF program has been revised and accepted but additional info is requested, "it is expected that vulnerability program be submitted wiht full list of ingredients assessed individually with mitigation noted for controls" Does this mean i have to run a vulnerability assessment of all ingredients to be submitted inorder to be approved my noncompliance. It is fine to ask some clarification wiht the reviewer regarding this additional information requested? 

 

Any comments will be greatly appreciated. Thank you.

Hi IFSQN1,

 

The specific requirements often vary based on "for whom ", eg SQF, ISO22000 and the kind of Products.

 

The possibility of grouping (ie similar characteristics from fraud POV) usually exists but depending on the specifics.

[IFSQN1]

Hi IFSQN1,

 

The specific requirements often vary based on "for whom ", eg SQF, ISO22000 and the kind of Products.

 

The possibility of grouping (ie similar characteristics from fraud POV) usually exists but depending on the specifics.

 Hello Charles C, 

 

Thanks for your feedback on my enquiry. This is SQF audit, basically the revised SOP has been accepted but additional information is being requested for review and approval of the NC. 
I'm just trying to figure it out how to address the request information incated on the reviewer comments. I'm still doing some research and kind of confused if do i have to run a VA with all the ingredients we have, because  what we have is, we selected the most highest riks ingredients based on history, online food fraud refences and run that but got that NC. 

[Charles.C]

 Hello Charles C, 

 

Thanks for your feedback on my enquiry. This is SQF audit, basically the revised SOP has been accepted but additional information is being requested for review and approval of the NC. 
I'm just trying to figure it out how to address the request information incated on the reviewer comments. I'm still doing some research and kind of confused if do i have to run a VA with all the ingredients we have, because  what we have is, we selected the most highest riks ingredients based on history, online food fraud refences and run that but got that NC. 

Hi IFSQN1,

 

There are a lot of SQF users here (not myself) and a lot of SQF posts relating to Food fraud.

Usually SQF offer a little more information regarding the precise lack which has been found otherwise it's sort of "needle in the haystack".

It sounds like yr "coverage" was (somehow) deemed insufficient but IMO difficult to say much more without further details. However SQF users may be directly familiar with this specific comment and its response.

[kingstudruler1]

It definitely sounds like you dont have an assessment for every ingredient or groups of ingredients and that is the issue.   It is ok to ask questions.   

 

it sounds like you might have mentally done this by only choosing the highest risk products.  I think you just need to document the risk assessment for everything (not just those that you have mitigating strategies for)   they just want to see proof that you have evaluated all ingredients.  

 

It is ok to group these as much as possible.  for instance, if you purchase coarse salt, fine salt, dendritic salt, and table salt you could list them all together on one vulnerability assessment.  

 

have attached an example of what a VA might look like.   there are tons on this forum.   

Attached Files

•  5.4.2.docx   34.35KB   151 downloads

[Charles.C]

It definitely sounds like you dont have an assessment for every ingredient or groups of ingredients and that is the issue.   It is ok to ask questions.   

 

it sounds like you might have mentally done this by only choosing the highest risk products.  I think you just need to document the risk assessment for everything (not just those that you have mitigating strategies for)   they just want to see proof that you have evaluated all ingredients.  

 

It is ok to group these as much as possible.  for instance, if you purchase coarse salt, fine salt, dendritic salt, and table salt you could list them all together on one vulnerability assessment.  

 

have attached an example of what a VA might look like.   there are tons on this forum.   

Hi Kingstudruler1,

 

Thanks for the conceptually nice VA methodology.

 

Two queries -

 

I appreciate the multiple elements are inevitably subjective but am curious how you decide a "final" result for likelihood and severity from the 23/7 individual, qualitative, components of the 2 respective features ?

 

The attached VA Procedure is Economically-driven. Afaik, SQF ultimately requires a decision for "significant" Fraud based on Safety-related Risk. This will presumably demand a further Risk Assessment/Mitigation Procedure(s) in addition to the attached Procedure ?

[kingstudruler1]

Hi Kingstudruler1,

 

Thanks for the conceptually nice VA methodology.

 

Two queries -

 

I appreciate the multiple elements are inevitably subjective but am curious how you decide a "final" result for likelihood and severity from the 23/7 individual, qualitative, components of the 2 respective features ?

 

The attached VA Procedure is Economically-driven. Afaik, SQF ultimately requires a decision for "significant" Fraud based on Safety-related Risk. This will presumably demand a further Risk Assessment/Mitigation Procedure(s) in addition to the attached Procedure ?

You are correct the RA is a little subjective in the area of qualitatively.    one could add more detail in scoring if they desired.   

 

your second question - I am assuming because OP didn't state, that they are referring to sqf section 2.7.2.   this section covers fraud other than "safety".  Clause below.  

 

"The methods, responsibility, and criteria for identifying the site's vulnerability to food fraud, including susceptibility to raw material or ingredient substitution, finished product mislabeling, dilution, or counterfeiting, shall be documented, implemented, and maintained."

 

I was given the VA years ago.  It's been audited numerous times by more than a dozen SQF and BRC auditors to meet the fraud clause requirements.  I don't think it perfect.  However, it's pretty easy to use for some of less experience individuals on this site -  unlike the SSAFE I referred to last week.  LOL.  

[Karenconstable]

Hi Kingstudruler1,

 

Thanks for the conceptually nice VA methodology.

 

Two queries -

 

I appreciate the multiple elements are inevitably subjective but am curious how you decide a "final" result for likelihood and severity from the 23/7 individual, qualitative, components of the 2 respective features ?

 

The attached VA Procedure is Economically-driven. Afaik, SQF ultimately requires a decision for "significant" Fraud based on Safety-related Risk. This will presumably demand a further Risk Assessment/Mitigation Procedure(s) in addition to the attached Procedure ?

 

Charles, this methodology was developed by me, based on expert inputs from USP and BRC (guess the copyright message got lost along the way :) ). 

 

To get the "final result" for likelihood and severity you consider your previous answers (you should also add comments to each row to explain how each yes/no increases or decreaes risk) and 'guestimate'.   Note that SQF says you have to be trained to do this.  Then you combine the likelihood and severity using the coloured risk matrix to get an overall result.

 

Guestimating sucks but food fraud by nature is impossible to accurately quantify because it's (necessarily) hidden and so can't be accurately measured.  VA processes that use numerical scores might appear to be more 'scientific', but give dangerously bad results unless the formulas are carefully weighted and vetted. 

 

The problem with scoring to get 'overalls' is that when you combine individual scores you massively increase the uncertainty/error and decrease the precision....  so you start with a 'guestimate' of 3 out of 5 for an individual element, then combine it with ten other scores that are also 'guestimates' and end up with.... absolute rubbish. 

 

Unfortunately I frequently see scoring systems used to 'justify' that a food is not vulnerable to food fraud - and hence does not need mitigations - when it almost certainly is.  Such systems are accepted by auditors because the scoring makes them seem "scientific". 

 

Instead of scoring, it's better to explain in your vulnerability assessment why/how each of the elements you have considered increases or decrease the likelihood of fraud or its possible impacts. 

 

To answer the original OP question, as KingStud says, you do need to have a written vulnerability assessment for all ingredients (can be grouped), including ones that you think are low risk for food fraud.  You only need mitigation plans for the ones that are 'vulnerable'

 

Cheers!

[Charles.C]

Charles, this methodology was developed by me, based on expert inputs from USP and BRC (guess the copyright message got lost along the way :) ). 

 

To get the "final result" for likelihood and severity you consider your previous answers (you should also add comments to each row to explain how each yes/no increases or decreaes risk) and 'guestimate'.   Note that SQF says you have to be trained to do this.  Then you combine the likelihood and severity using the coloured risk matrix to get an overall result.

 

Guestimating sucks but food fraud by nature is impossible to accurately quantify because it's (necessarily) hidden and so can't be accurately measured.  VA processes that use numerical scores might appear to be more 'scientific', but give dangerously bad results unless the formulas are carefully weighted and vetted. 

 

The problem with scoring to get 'overalls' is that when you combine individual scores you massively increase the uncertainty/error and decrease the precision....  so you start with a 'guestimate' of 3 out of 5 for an individual element, then combine it with ten other scores that are also 'guestimates' and end up with.... absolute rubbish. 

 

Unfortunately I frequently see scoring systems used to 'justify' that a food is not vulnerable to food fraud - and hence does not need mitigations - when it almost certainly is.  Such systems are accepted by auditors because the scoring makes them seem "scientific". 

 

Instead of scoring, it's better to explain in your vulnerability assessment why/how each of the elements you have considered increases or decrease the likelihood of fraud or its possible impacts. 

 

To answer the original OP question, as KingStud says, you do need to have a written vulnerability assessment for all ingredients (can be grouped), including ones that you think are low risk for food fraud.  You only need mitigation plans for the ones that are 'vulnerable'

 

Cheers!

Hi Karen,

 

Thanks yr Post. I agree some points in yr Post.

 

Sadly, nowadays, the Safety aspect of Food Fraud seems generally to be added to Food Safety Standards almost as an afterthought (cf GFSI's 2 Definitions on the Subject).

 

I'm afraid "Combining" Risks (Probabilities/Consequences,etc) cannot escape Subjectivity (HACCP?). There is now a mini-Encyclopedia of Mathematical attempts to justify/evaluate/compare Risk Matrices.

 

Afaik your current Food Fraud offering for BRC employs a Quantified Scoring System on top of  BRC's (and others) original concepts. It seems a nicely envisaged/implemented methodology with subjectivity qualitatively comparable to other quantitative publications like IFS, FAO.

 

afaik SQF's definition of Food Fraud (Re-Safety) is not compliant with GFSI. (Neither is BRC).

SQF's Guidance text ver 9 no longer mentions Safety.

I notice the textual mention regarding use of PwC(SSAFE) seems to have been dropped.

 

Some offhand opinions regarding (free), "Generic", Quantitative "Food Fraud/VA" assessment for the -

 

Food Product -

For Official/Simplicity/Minimum Effort > IFS

For Unofficial/Simplicity > ChrisCC*

(* >

https://www.ifsqn.co...ed/#entry121797

(also see Post 13, same thread)

 

VA-(Packaging),(Supplier),(Product+Packaging+Supplier) -

Try IFS

 

With respect to Grouping, some possible assistance is offered here -

 

https://www.ift.org/...lity-assessment

 

and here -

 USP-food-fraud-mitigation-guidance.pdf   1.91MB   68 downloads

(see Pg 5/40)

Edited by Charles.C, 06 February 2023 - 08:45 AM.
added

[kingstudruler1]

Charles, this methodology was developed by me, based on expert inputs from USP and BRC (guess the copyright message got lost along the way :) ). 

 

To get the "final result" for likelihood and severity you consider your previous answers (you should also add comments to each row to explain how each yes/no increases or decreaes risk) and 'guestimate'.   Note that SQF says you have to be trained to do this.  Then you combine the likelihood and severity using the coloured risk matrix to get an overall result.

 

Guestimating sucks but food fraud by nature is impossible to accurately quantify because it's (necessarily) hidden and so can't be accurately measured.  VA processes that use numerical scores might appear to be more 'scientific', but give dangerously bad results unless the formulas are carefully weighted and vetted. 

 

The problem with scoring to get 'overalls' is that when you combine individual scores you massively increase the uncertainty/error and decrease the precision....  so you start with a 'guestimate' of 3 out of 5 for an individual element, then combine it with ten other scores that are also 'guestimates' and end up with.... absolute rubbish. 

 

Unfortunately I frequently see scoring systems used to 'justify' that a food is not vulnerable to food fraud - and hence does not need mitigations - when it almost certainly is.  Such systems are accepted by auditors because the scoring makes them seem "scientific". 

 

Instead of scoring, it's better to explain in your vulnerability assessment why/how each of the elements you have considered increases or decrease the likelihood of fraud or its possible impacts. 

 

To answer the original OP question, as KingStud says, you do need to have a written vulnerability assessment for all ingredients (can be grouped), including ones that you think are low risk for food fraud.  You only need mitigation plans for the ones that are 'vulnerable'

 

Cheers!

You are the one that actually created it!

 

Sorry, it's been pirated.   I won't share it anymore - I didn't realize it was copyrighted at some point in time.