Food fraud vulnerability assessment

Good day members,

My name is Esther and i work as a food safety team leader in a paper packaging company in Kenya.

Can someone guide me on how to do food fraud vulnerability assesment and food fraud mitigation plan.

Esther.

This is a good place to start

https://www.pwc.nl/n...-assessment.pdf

They have a nice spreadsheet that I have used in the past. Follow it and you will determine your vulnerabilities. 

Sincerely,

Wally.

Good Morning Esther,

In our case(fruit and fruit juices processing factory) we started off by training and forming food defence and fraud teams. 

Each team identified all the raw materials,ingridients,packaging and outsourced services in the processing facility and conducted a food fraud vulnerability assessment using a VACCP risk assesment table.

To identify the risk, we factored in the likelihood of deliberate and intentional substitution,mislabelling,adulteration and counterfeiting to occur for economical gains against likehood of detection.

A plan to control/mitigate all the identified risks is then put in place and reviewed annually.

Kind regards,

D.KAMAU

Hello Esther,

Food fraud (VACCP) assessment is identifying the vulnerable points from the raw materials until it reaches in you plant. Then you have to identify the likelihood of ocurrence and and likelihood of detection. That would also based on the history, the demand and the price of your raw materials. Then ask the food safety team, how you can mitigate the fraud. Put it in matrix. Make it simple.

regards,

redfox

Dear Kamau,

Since we are from the same region kindly do inbox me which company trained you and if possible if i can get their contacts .We are due for suveillance audit next month and yet i have not done the VACCP.

Regards,

Esther.

Good Morning Esther,

 

In our case(fruit and fruit juices processing factory) we started off by training and forming food defence and fraud teams. 

 

Each team identified all the raw materials,ingridients,packaging and outsourced services in the processing facility and conducted a food fraud vulnerability assessment using a VACCP risk assesment table.

 

To identify the risk, we factored in the likelihood of deliberate and intentional substitution,mislabelling,adulteration and counterfeiting to occur for economical gains against likehood of detection.

 

A plan to control/mitigate all the identified risks is then put in place and reviewed annually.

 

Kind regards,

 

D.KAMAU

we couldn't get our head around the TACCP/VACCP approach. You are creating CCP's that you then need to control.... but you cant its completely out of you hands. We used a pack from techni-K. There were spread sheets and a guide book called "Assessing threats and vulnerability for food defence". (I have tweaked the plans a little but that's just me!) and the auditors have been especially impressed. Last year it was also commented on that it will get through BRC issue 8 without any changes needed! 

The Techni-K team are always on hand to help and very knowledgeable as well. 

https://techni-k.co....bility-articles  These free articles were very helpful as well x

Esther,

We trained on food defense and fraud as part of additional requirements for food safety system certification version 4.1(FSSC 22000)

The two day course was conducted by SGS.For more info.you can contact them.(sgs.co.ke)

Regards,

D.KAMAU.

Good day members,

My name is Esther and i work as a food safety team leader in a paper packaging company in Kenya.

Can someone guide me on how to do food fraud vulnerability assesment and food fraud mitigation plan.

Esther.

Hi esther,

You omitted to mention what Standard involved. They can have different requirements.

Where would I find an example of a food fraud vulnerability assessment with ratings? Any help?

What do you mean by ratings?

For example, I have found that we have to conduct a food fraud vulnerability assessment including susceptibility to substitution, mislabeling, dilution etc and I have seen a few people rank the probability of these things for each.  

This from a post from a while ago.
It's not really possible to do a RA/VA/HA whatever.....with a simple 3x3 or 5x5 matrix. You really have to determine actual questions with actual answers and reasons for those answers.
I'm not saying this is the way to do it, but It's the way of the future, I think.

I do a Raw Material Vulnerability Assessment that asks some questions and assigns a point value based on the answer. The final point value indicates the level of risk for IA/EMA.

Point values are subjective, but should be meaningful and logical to come up with a realistic risk level. (That's the complicated part).

It takes a bit of tweaking, but if you run the model on an ingredient that has a well documented history of IA/EMA, you should come up with a result of at least a Medium, and probably High level of risk.

For example;

1. Ingredient Fraud History 

Yes (10)

Possible (5)

No (0)

2. Economic Factors

Likely to Occur (5)

May Occur (2)

Not Likely to Occur (0)

3. Geographic Origins

Foreign Supplier (3)

Domestic Supplier (0)

4. Complexity of Supply Chain

Complex (2)

Simple (0)

5. Ease of Access to Material

Ready Access - Materials are unprotected (5)

Minimal Access - Manufacturer may not have a robust Food Defense Program (3)

Unlikely Access - Nature of material or manufacturing. Manufacturer has a robust Food Defense Program (0)

6. Nature of the Material

Liquid/Powder - requires blending (1)

Natural/Bulk (0)

7. Cost of Materials

High (2)

Medium (1)

Low(0)

8. Supply Chain Confidence

Low (1)

High (0)

9. Supplier History

Bad (1)

Good(0)

10. Ingredient Testing Methods

None (3)

Occasional (1)

Robust (0)

11. Existing Controls

Weak (1)

Strong (0)

There are 34 possible points here. This is how I have my risk levels broken down:

Low 1-12

Medium 13-20

High 21-34

Let's look at how this would work for cinnamon. It has a fraud history (10), it is from a foreign supplier (3) so it's already Medium risk.

You can certainly make this as complicated as you wish, but the FDA guy was fine with my approach.

HTH,

Marshall

Ah ha! Thank you , Marshall.  Should I also add in "substitution, mislabeling, Dilution, and counterfeiting and stolen goods" to that as well?  Isn't that part of it or am I thinking of something else??

Absolutely you should.

You should also include that you consult these websites for information:

https://trello.com/b...isk-information

http://foodfraud.msu.edu/

This one charges - used to be free when it was only BRC doing the whole food fraud thing.  Now they charge up the wazoo, but they have a lot of info:  https://decernis.com...fraud-database/

Ah ha! Thank you , Marshall.  Should I also add in "substitution, mislabeling, Dilution, and counterfeiting and stolen goods" to that as well?  Isn't that part of it or am I thinking of something else??

That used to be USP.

Thank you so much! Do you think I should note the websites in my SOP for the assessment or ON the assessment somewhere?

IMO on the assessment, and then do the vulnerability for each ingredient separately.

Here is a sample of an ingredient assessment

Okay, so I am wondering , if I use the system that Marshall suggested in the thread above, what would I use as the numeric risk for substitution, mislabeling, Dilution, and counterfeiting and stolen goods?  His highest risk is at a 10 for fraud history category (number 1)

Well, that's why you do the risk assessment referencing those sites... you and your team basically have to come to an agreement regarding whatever ingredients you are using.

I actually prefer my risk assessment table a bit more.

It's completely up to you.

You can use as many contributing factors as you like.

The hard part, as I mentioned in my post, is to determine the numeric risk for each factor.

You can just use 0 for NO 5 for MAYBE and 10 for YES.

But then you have to determine at what point you want your final risk levels to be when you add everything up.

You certainly don't want something to come out as a MEDIUM risk, when it is't.

Marshall

Should I do 1 as yes. 2 as possible and 3 as no do you think for those?

The whole idea of this model is to not necessarily use "Yes" "No" or "Possible". There may be contributing factors that do not fit in those boxes.

The purpose is to be "dynamic" in your questions and answers, not "static". 

For BRC, (Issue 8), in Clause 5.4.2, they require the assessment be based on 5 things.

1. Historical evidence of substitution or adulteration 

2. Economic factors which may make adulteration or substitution more attractive

3. Ease of access to materials through the supply chain

4. Sophistication of routine testing to identify adulterants

5. The nature of the raw material.

IMO, the problem with using a "static" traditional 3x3 or 5x5 model is that it does not work for things like vulnerability assessments, supplier assessments, etc.

If we look at the 5 items above, # 1 could be a Yes/No/Maybe answer....but that all depends on where you get that information from.

#2 is clearly not a Yes/No/Maybe answer. What economic factors are there? Foreign country with bad reputation? High cost material? Is it Identity Preserved (organic, etc)?

#3 is not a Yes/No/Maybe answer. You have to understand things like the process for the material, does the supplier have a good Food Defense Program, etc.

#4 is probably a Yes/No/Maybe answer. Does your facility routinely test raw materials? Do you sometimes test raw materials? Do you not test raw materials?

#5 is not a Yes/No/Maybe answer. Some materials may be blends, some may be bulk materials with little processing, some may be processed and blended, etc.

TACCP/VACCP has been an ongoing topic of discussion here and several people have come up with some really great Excel documents. The problem with many of them (my earlier ones included), is that many of them require an input of an arbitrary number for a particular hazard or a mitigation strategy.

Let's take #2 above:
 

"Economic factors which may make adulteration or substitution more attractive." How do you quantify that with a number from 1-5 without actually defining what the economic factor is? And how do you justify that number that you have assigned?

This is exactly why vulnerability assessments, supplier assessments etc, are so difficult to do with the traditional 3x3 or 5x5 (or whatever) matrix.

I'm sure I have made this as clear as mud.

Marshall

Sarah,

Seems you are manouevring 2 threads in parallel.

I deduce you are relatively unfamiliar with risk matrices however i appreciate yr practical queries.

I suggest you look through some of the posted links in yr other thread. These answer so many of yr queries in this thread,

eg -

http://www.ifsqn.com...nt/#entry129996

eg the first link is Post 12 of this thread.

Marshall's method referred above is known as weighting which can enable more realistic decisions. The difficulties are such as  (a) conceptually combining apples and oranges, (b) choosing weights for weighting. Alternatively, and sort of equivalently, one can add rules for individual components (similar BCPA in hazard  analysis) which is how i did it.

All the above methods have pros/cons.Many people use an unweighted format to (hopefully) minimise arguments.

You may find this, generally applicable, VA method to yr liking -

http://www.ifsqn.com...ed/#entry121799

(obviously database accessability is still required)

@Marshenko,

Very Generous of you to post the previous VA. Thank you.

Assuming SQ8 Manufacturing Code, the currently relevant 2 clauses seem to be -

2.7.2        Food Fraud
2.7.2.1  The  methods,  responsibility  and  criteria  for  identifying  the  site's  vulnerability  to  food  fraud  shall  be documented,  implemented  and  maintained.    The  food  fraud  vulnerability  assessment  shall  include  the  site's susceptibility  to  product  substitution,  mislabeling,  dilution,  counterfeiting  or  stolen  goods  which  may  adversely impact food safety.

2.7.2.2   A food fraud mitigation plan shall be developed and implemented which specifies the methods by which the identified food fraud vulnerabilities shall be controlled.

 

I assume the VA document was intended to cover above 2 clauses.

I suspect there were a lot of other unmentioned documents/database involved. These might influence some of the following comments.

I note that SQF specify the overall result to be referenced to safety.

I have a lot of comments/queries/(implied)queries, my apologies in advance if some are (unintentionally) nitpicking however I hope yr answers may be useful to other seekers of solutions to the notorious, GFSI, food fraud mysteries.

(1) There is no mention of safety in the document. (There is mention of EMA so perhaps the document is intended to be "double edged").

(2) There is no (operational) mention of any of the 5 above "red" "vulnerabilities" in the document.

(3) I am curious as to why (a) only "prior to receipt" is stated as considered although (b) inspection is stated as done. (c)I note that "frequency/testing" are marked n/a (= not done?). I would have thought they were in fact critical. Perhaps this has something to do with (9) below.

(4) It is not apparent (to me) how the (combined) overall likelihood conclusion (=unlikely) was(/will) be  specifically reached. This IMEX is generally the most argumentative part of the whole exercise [other than finding a free database].

(5) It is not apparent (to me) how the overall consequence conclusion (=negligible)  was reached. (Unclear what the "micro" Yes actually means ?. As an extension of comment (4), from a safety POV i don't see how you could logically blend any positive/negative consequences of micro /economic etc together ?)

(6) I suggest that your mitigation response to RED is somewhat (eg "urgent", "may") of an Understatement.

(7) Re- risk matrix - It is difficult to see how a vulnerability of negligible consequence can yield a (red) high risk from a safety POV. (also compare the 2 matrixes posted)

(8) Is is indeed absolutely (ie degree of risk averseness) subjective but as per typical FDA etc logic a meanibgful  "hazard" needs initially to be of some "definitely" positive likelihood of occurrence so to be considered relevant to a haccp plan. This, perhaps, might change 2 yellows to green.

(9) As stated in document, site (internal) vulnerabilities are not covered (cf SQF clause above). i assume this aspect is done in an additional document.

I do congratulate you on condensing the myriad factors potentially involved into one document but I'm not yet sure how this fully matches SQF's stated requirements. (As just one [possible] "Con" this Word format (compared to Tabular excel) will presumably generate a hefty pack of documents).

Regardless, if this single document was indeed the complete SQF/VA submission and it readily passed SQF auditorial scrutiny, it suggests that many other processors may be wasting one heck of a lot of (probably more) valuable time.

Thanks again.

@Marshall

Yes, Risk assessment is just as much an Art as a Science IMO.

Actually one can construct a semi-continuous risk matrix using numerical Probabilities. But many would-be users tend to find it a mental strain. And the subjectivity remains of course.

Good morning, 

I am finding myself stuck on my Food Fraud Vulnerability Assessment.  Our facility manufactures dietary supplements. Some of my ingredients are flow agents such as silicone dioxide and microcrystalline cellulose. Others like Beta-Alanine, L-Tyrosine etc.  These go into our products but aren't necessarily "foods" but considered part of it because it is in fact in the supplement.  How would one go about conducting a risk assessment for such ingredients?