Jump to content

  • Quick Navigation
Photo

BRC Issue 6, Clause 3.8. Vulnerability Assessment guidance sought

Share this

  • You cannot start a new topic
  • Please log in to reply
4 replies to this topic
- - - - -

Polin

    Grade - AIFSQN

  • IFSQN Associate
  • 40 posts
  • 9 thanks
0
Neutral

  • Greece
    Greece

Posted 03 April 2020 - 07:59 AM

Hi, does it require specifically in FSSC 22000 (Packaging) a vulnerability assessment to be conducted? Or are you being asked by a customer?

I think if you have an established business and operate a certfied GFSI Food Safety Management System you should have control of most if not all of any vulnerabilities, which in a packaging company are already significantly lower than in a food business. Do you use approved and monitored suppliers for your raw materials, what is the potential for substitution or fraud without you knowing? Are you transport chains to you and from you to customers know and secure? Do you have control of your premises, processes, personnel and visitors? Is your site secure?

Simply map it out in an excel.

The step, what is the potential vulnerability and what controls you have.

Keep it very simple.

At least if it is documented you can show you have considered it and it's a basis for customer/auditor scrutiny and discussion.

Good luck.

Regards,
Simon

 

Hello to you all!

 

Following the new clause 3.8 of BRC Packaging Issue 6 and your usefull instructions above, I would like to ask if the assessement should be documented as a new plan or in our general risk assessment file? Should we do the vulnerability assessment for both for our raw materials as well as for our each supplier? Would be enough to identify and assess the above mentioned risks in order to cover the requirement? 

We are flexible packaging converters for food contact and we have ISO 9001, ISO 22000 & BRC/IoP 6 cerification. Last week we have had our annual audit. The auditor had documented a non conformity in the clause 3.8.2 : 

"Although a vulnerability assessment has been made for all raw materials, to assess the potential risk of substitution,  nature of raw material and ease of access and economic factors were not taken into consideration"

 However as I have been confused, I would appreciate if someone could forward an example?


Edited by Charles.C, 03 April 2020 - 08:45 AM.
split from food fraud,2-year old thread


Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5662 thanks
1,544
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 03 April 2020 - 09:05 AM

Hello to you all!

 

Following the new clause 3.8 of BRC Packaging Issue 6 and your usefull instructions above, I would like to ask if the assessement should be documented as a new plan or in our general risk assessment file? Should we do the vulnerability assessment for both for our raw materials as well as for our each supplier? Would be enough to identify and assess the above mentioned risks in order to cover the requirement? 

We are flexible packaging converters for food contact and we have ISO 9001, ISO 22000 & BRC/IoP 6 cerification. Last week we have had our annual audit. The auditor had documented a non conformity in the clause 3.8.2 : 

"Although a vulnerability assessment has been made for all raw materials, to assess the potential risk of substitution,  nature of raw material and ease of access and economic factors were not taken into consideration"

 However as I have been confused, I would appreciate if someone could forward an example?

 

Hi Polin,

 

I presume you refer to this -

 

A documented vulnerability assessment shall be carried out on all raw materials or groups of raw materials to assess the potential risk of substitution. This shall take into account:

  • historical evidence of substitution
  • economic factors which may make substitution more attractive
  • ease of access to raw materials through the supply chain
  • sophistication of routine and upstream testing to identify substitution
  • nature of the raw material.

The output from this assessment shall be a documented vulnerability assessment plan.

This plan shall be kept under review to reflect changing economic circumstances and market intelligence which may alter the potential risks. It shall be formally reviewed annually.

 

 

Not my area but seems you simply omitted 3 of the 5 mandated items for all raw materials. Hence NC. Grouping option presumably depends on the specifics.

 

IIRC there is an Interpretation Guideline ?


Kind Regards,

 

Charles.C


Thanked by 1 Member:

pHruit

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,071 posts
  • 849 thanks
536
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 03 April 2020 - 10:09 AM

To answer your first question - I'd suggest that a vulnerability assessment covering the areas in 3.8.2 is compiled as a stand-alone item. The focus is generally likely to be slightly different to other risk assessments you've already got in place for the rest of the standard, and having it as its own document always makes it a bit clearer for the auditor that you've done it ;)

There is some discussion on it in the Interpretation Guide (which you can access for free via BRC Participate, if you don't already have a copy), although it's a bit sparse!
Worth looking at information on the same section in the food standards (section 5.4 in Issue 8) as the structure / requirements are very similar.



Thanked by 1 Member:

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5662 thanks
1,544
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 03 April 2020 - 03:35 PM

Hello to you all!

 

Following the new clause 3.8 of BRC Packaging Issue 6 and your usefull instructions above, I would like to ask if the assessement should be documented as a new plan or in our general risk assessment file? Should we do the vulnerability assessment for both for our raw materials as well as for our each supplier? Would be enough to identify and assess the above mentioned risks in order to cover the requirement? 

We are flexible packaging converters for food contact and we have ISO 9001, ISO 22000 & BRC/IoP 6 cerification. Last week we have had our annual audit. The auditor had documented a non conformity in the clause 3.8.2 : 

"Although a vulnerability assessment has been made for all raw materials, to assess the potential risk of substitution,  nature of raw material and ease of access and economic factors were not taken into consideration"

 However as I have been confused, I would appreciate if someone could forward an example?

 

Hi Polin,

 

JFI, BRC Food have published a detailed document (Understanding Vulnerability Assessment) for food which I anticipate is available via BRC Participate. As noted Post 3 this uses similar criteria to that in BRC Packaging.

 

There are many posted approaches on this Forum for food vulnerability assessments. For example see the BRC excel linked below which includes the same criteria as you have mentioned -

 

https://www.ifsqn.co...542/#entry95690

 

Another analogous but probably simpler BRC food format which, IIRC, also includes suggestions for scoring the various categories is here - 

 

https://www.ifsqn.co...ed/#entry121799

 

Thirdly IFS Food  offers a detailed methodology modified (increased. quantitatively) from that proposed by BRC Food and includes a specific Packaging Example -

 

Attached File  IFS,FoodFraud-Guide_1805.pdf   3.18MB   174 downloads


Kind Regards,

 

Charles.C


Thanked by 1 Member:

Polin

    Grade - AIFSQN

  • IFSQN Associate
  • 40 posts
  • 9 thanks
0
Neutral

  • Greece
    Greece

Posted 03 April 2020 - 10:36 PM

Hi Polin,

 

I presume you refer to this -

 

 

Not my area but seems you simply omitted 3 of the 5 mandated items for all raw materials. Hence NC. Grouping option presumably depends on the specifics.

 

IIRC there is an Interpretation Guideline ?

 

To answer your first question - I'd suggest that a vulnerability assessment covering the areas in 3.8.2 is compiled as a stand-alone item. The focus is generally likely to be slightly different to other risk assessments you've already got in place for the rest of the standard, and having it as its own document always makes it a bit clearer for the auditor that you've done it ;)

There is some discussion on it in the Interpretation Guide (which you can access for free via BRC Participate, if you don't already have a copy), although it's a bit sparse!
Worth looking at information on the same section in the food standards (section 5.4 in Issue 8) as the structure / requirements are very similar.

 

Thank you guys very much!

 

I have a copy of interpretation that the auditor forward but I didn't know about the discussion or that we could have a free copy.





Share this

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users