TACCP & VACCP Demystified!

I get asked all the time by manufacturers to help them complete their TACCP/VACCP.  The understanding in the industry of what TACCP and VACCP is, is very confused right now. There have been many mixed messages on this subject and many explanations as to what TACCP and VACCP are and which should be applied to what situation. 

I’m going to explain them and demystify them both and to do this, I’m going to review the Campden Guideline 72 TACCP book. While I’m doing this I’ll refer back to the actual requirements in the BRC V7 standard, so you know how they link together.

TACCP is ‘Threat Assessment & Critical Control Point’
VACCP is ‘Vulnerability Assessment & Critical Control Point’

It’s unclear how long the terms TACCP and VACCP have been around. The standard which drives the requirement is called PAS 96:2014 (PAS stands for Publicly Available Specification) and it refers to a TACCP approach.

As a specialist in HACCP, when the Campden Guideline 72 TACCP book was published I was keen to get a copy to understand how TACCP should be done. I expected the guideline to give me step by step instructions on how the assessment should be completed, like the Campden Guideline on HACCP. I also expected it to link clearly with what was required in the BRC V7 (which was in draft at the time). In my opinion the TACCP book did not provide me with the information I was expecting, as:

  1. The main aim of TACCP guideline was to assess threats mainly from within the manufacturing environment and not from food fraud threats of ingredients prior to delivery at the manufacturing site.
  2. BRC required a vulnerability assessment and the guideline only covered threat assessment (with the exception of one small paragraph which didn’t really tell me much).
  3. TACCP stands for Threat Assessment and Critical Control Point and no where in the guideline did it tell me how to pinpoint what a CCP was or how too control it.
  4. The focus of the book was about carrying out an assessment but there didn’t seem to be much guidance on what to do when the assessment had been completed – I expected an output with controls around the issues highlighted.
  5. There wasn’t a clear methodology I could pick up and use.

TACCPSo, all in all I personally found the guideline very confusing. After spending time searching for other methods I could use, Adele Adams and I then decided we needed to fill this gap and provide the industry with some clear methodology that could be used, which is why we wrote the book “Assessing Threats & Vulnerabilities for Food Defence”. You’ll note that the book title has both the words threats (TACCP) and vulnerabilities (VACCP) in it. That’s very intentional, because the two things are fundamentally linked. The definition of a threat is “A deliberate act by someone to cause harm to the consumer or loss to the business due to the effect on the consumer”  The definition of a vulnerability is “How exposed the business is to the threat having an impact on the consumer”  Therefore what we really should be asking is:

“How vulnerable are we to the threat occurring and having an impact on the consumer/on our business?”

When BRC are asking you to complete a raw material vulnerability assessment, they are asking you to establish what threats are your ingredients vulnerable to? Let’s take the horse meat issue as an example:

  • The threat – horse meat being delivered to your site instead of beef due to fraudulent activity in the supply chain.
  • If the meat is delivered minced, then you can’t tell by looking at it if it’s beef or horse meat – so you’re vulnerable.
  • If the meat is delivered as a joint, you are less vulnerable as you can probably tell that the joint doesn’t look like beef.
  • If the meat is delivered to you as a carcass, you’re definitely going to be able to tell it’s not a cow and so you’re not vulnerable.

So I believe the term should be ‘Threat & Vulnerability Assessment’.  A threat and vulnerability assessment can be carried on on both raw materials prior to delivery or on the manufacturing process – both assess threats (a deliberate act) and the vulnerabilities of the threats having an impact on the consumer, which has a subsequent impact on the business.

What is the point of using the term TACCP (Threat Assessment & Critical Control Point) when it does not include any mention of CCPs?

We’ve come up with the term TVA (Threat & Vulnerability Assessment) as we think this makes it much clearer that both threats and the vulnerabilities to those threats should be covered. It also doesn’t mention CCPs as this term is a HACCP food safety term and has nothing to do with threat and vulnerability assessment. Within the book we have provided an alternative to CCPs, which we call VTPs (vulnerable threat points) and we also provide guidance on how these should be managed.

I hope this has been of help to you and makes things a little clearer. If you have any questions please get in touch using the comments section below. I’d also love to hear your thoughts or challenges in this subject – does my explanation make sense to you? Do you agree/ disagree?

Have your say…

12 thoughts on “TACCP & VACCP Demystified!

  1. I must agree you have produced what a lot of people are looking for and like you say there is not much detailed information in version 7 in this area.

    keep up the excellent work.

    1. Hi Jimmy,
      Thanks for your comment, I’m really hoping this will help reduce the confusion and give some clarity in this area. If there’s any other queries you have on this topic now, or in the future, please let me know, I’d be happy to answer them.

  2. Hi Kassy,
    As you would expect, we have a particular interest in this area of the latest BRC version. Clearly the first step for all food businesses is to assess risk. PAS 96 has a pretty wide remit, some of which might form part of some other Business continuity planning process. Of interest to consumers, is what food businesses are doing to manage the risk of intentional fraud or in mitigating human error in their processes. Our experience is that very few businesses have got their heads around a robust due diligence surveillance plan, based on risk. Stable Isotope testing is one tool in the box. It enables businesses to demonstrate that they have assessed the risk areas and put a scientific test in place to help to mitigate that risk. It is therefore part of a framework to ensure that a business can protect their hard won reputations. We bought your book and found it helpful in developing a process from which to establish some sensible and cost effective testing. Thanks for the efforts you are making to keep food businesses engaged and informed. Kind regards, Chris

    1. Hi Chris,
      This is such a new subject to everyone, I think it would be really beneficial to do an article on the newsletter about the testing methods that are out there, such as your isotope testing – which can help establish country of origin and other aspects such as whether an ingredient is organic or not.
      I think the more information we can provide on this subject the better.

  3. Thanks for this Kassy.

    I too have found that TACCP is being misunderstood. I believe that the BRC lists TACCP as a possible system for use for Raw Material Vulnerability Assessment, but from my knowledge of this subject it simply does not fit.

    TACCP has disappointed me in this regard, as it provided virtually no information to adhere to the relevant sections of the BRC in term of the Raw Material Vulnerability Assessment.

    1. Hi Gareth,
      You’re very welcome! 🙂
      I’m not really sure why BRC have listed TACCP as a possible tool for vulnerability of raw materials. They are the first GFSI approved standard to introduce threat and vulnerability, and given that at the time of release of V7, there was a real lack of methodology that would fit exactly, perhaps there was no other option. Hopefully the methodology in our book helps this situation.
      I’d be really interested to know how the BRC auditors feel about auditing the subject, it must be a real challenge given all the confusion!

  4. Thanks for article. I also purchased the book and attended Campden course which was roughly based on the book. I had done a lot of reading on the subject prior to the course and was looking forward to learning the “how to implement TACCP”. However I came out of the course more confused than when I went in! I agree with your comments about the system and could not really see how it works. I think your approach is much better and will be applicable for small businesses as well as large. Looking forward to your course next month.

    1. Hi Karen,
      I think the Campden course is probably good for an overall introduction to threats, but like you say, it doesn’t give you the methodology you need to actually complete a threat assessment. Look forward to meeting you on the course next month!

  5. Hi Kassy,

    Appreciate the work you have put into this and I certainly agree with your comments on the campden approach however they were put under considerable pressure to release some form of course and formalised training by members due to the increased pressure from retailers and the BRC standard. I have attended the course and read the freely available PAS96 and the Camden book and found them to be confused. More worked examples are definitely helpful , everyone relates back to Horsegate as the example and this is at risk of closing the approach to threats. Scientific testing for evidence of substitution or contamination is one approach but improvements in traceability and placing a greater demand on suppliers for transparency in their supply and distribution chains is another approach to threat discovery that should be uptaken and supported by BRC. Multi ingredient manufacturers using multiple food groups do not always have the experience of the intricacies of the processing chains and knowledge of potential vulnerabilities as they may do in their own sectors and more sector-specific examples would be of great help .

    Keep up the good work


    1. Hi Joe,
      I thank you for taking the time to comment, it’s really good to hear other views.
      I can appreciate Campden’s situation, it can’t have been easy.
      I agree with you, I think we’ve all got a lot to learn on this topic (especially around supply chains, as you say) and so, that means making improvements – where it’ll add value.
      I’m glad I can be of help to the industry, please keep in touch! 🙂

    1. Hi,
      I’ve written quite a few posts on this, which you may find useful, you can find them all here: https://techni-k.co.uk/Raw-material-threat-%26-vunerability-articles
      We also have a book that provides you a step by step methodology to use, which you can find here: https://techni-k.co.uk/threat-vulnerability/, or we have an eLearning course that takes you through the process, so that by the time you complete the course, you have your own vulnerability assessment completed: https://training.techni-k.co.uk/vulnerability-assessment-training
      I hope that helps.

Share your thoughts…

Your email address will not be published. Required fields are marked *

We've tagged this article as: