TACCP & VACCP Demystified!
I get asked all the time by manufacturers to help them complete their TACCP/VACCP. The understanding in the industry of what TACCP and VACCP is, is very confused right now. There have been many mixed messages on this subject and many explanations as to what TACCP and VACCP are and which should be applied to what situation. I’m going to explain them and demystify them both and to do this, I’m going to review the Campden Guideline 72 TACCP book. While I’m doing this I’ll refer back to the actual requirements in the BRC V7 standard, so you know how they link together.
TACCP is ‘Threat Assessment & Critical Control Point’
VACCP is ‘Vulnerability Assessment & Critical Control Point’
It’s unclear how long the terms TACCP and VACCP have been around. The standard which drives the requirement is called PAS 96:2014 (PAS stands for Publicly Available Specification) and it refers to a TACCP approach.
As a specialist in HACCP, when the Campden Guideline 72 TACCP book was published I was keen to get a copy to understand how TACCP should be done. I expected the guideline to give me step by step instructions on how the assessment should be completed, like the Campden Guideline on HACCP. I also expected it to link clearly with what was required in the BRC V7 (which was in draft at the time). In my opinion the TACCP book did not provide me with the information I was expecting, as:
- The main aim of TACCP guideline was to assess threats mainly from within the manufacturing environment and not from food fraud threats of ingredients prior to delivery at the manufacturing site.
- BRC required a vulnerability assessment and the guideline only covered threat assessment (with the exception of one small paragraph which didn’t really tell me much).
- TACCP stands for Threat Assessment and Critical Control Point and no where in the guideline did it tell me how to pinpoint what a CCP was or how too control it.
- The focus of the book was about carrying out an assessment but there didn’t seem to be much guidance on what to do when the assessment had been completed – I expected an output with controls around the issues highlighted.
- There wasn’t a clear methodology I could pick up and use.
So, all in all I personally found the guideline very confusing. After spending time searching for other methods I could use, Adele Adams and I then decided we needed to fill this gap and provide the industry with some clear methodology that could be used, which is why we wrote the book “Assessing Threats & Vulnerabilities for Food Defence”. You’ll note that the book title has both the words threats (TACCP) and vulnerabilities (VACCP) in it. That’s very intentional, because the two things are fundamentally linked. The definition of a threat is “A deliberate act by someone to cause harm to the consumer or loss to the business due to the effect on the consumer” The definition of a vulnerability is “How exposed the business is to the threat having an impact on the consumer” Therefore what we really should be asking is:
“How vulnerable are we to the threat occurring and having an impact on the consumer/on our business?”
When BRC are asking you to complete a raw material vulnerability assessment, they are asking you to establish what threats are your ingredients vulnerable to? Let’s take the horse meat issue as an example:
- The threat – horse meat being delivered to your site instead of beef due to fraudulent activity in the supply chain.
- If the meat is delivered minced, then you can’t tell by looking at it if it’s beef or horse meat – so you’re vulnerable.
- If the meat is delivered as a joint, you are less vulnerable as you can probably tell that the joint doesn’t look like beef.
- If the meat is delivered to you as a carcass, you’re definitely going to be able to tell it’s not a cow and so you’re not vulnerable.
So I believe the term should be ‘Threat & Vulnerability Assessment’. A threat and vulnerability assessment can be carried on on both raw materials prior to delivery or on the manufacturing process – both assess threats (a deliberate act) and the vulnerabilities of the threats having an impact on the consumer, which has a subsequent impact on the business.
What is the point of using the term TACCP (Threat Assessment & Critical Control Point) when it does not include any mention of CCPs?
We’ve come up with the term TVA (Threat & Vulnerability Assessment) as we think this makes it much clearer that both threats and the vulnerabilities to those threats should be covered. It also doesn’t mention CCPs as this term is a HACCP food safety term and has nothing to do with threat and vulnerability assessment. Within the book we have provided an alternative to CCPs, which we call VTPs (vulnerable threat points) and we also provide guidance on how these should be managed.
I hope this has been of help to you and makes things a little clearer. If you have any questions please get in touch using the comments section below. I’d also love to hear your thoughts or challenges in this subject – does my explanation make sense to you? Do you agree/ disagree?