This article is written to meet the following sections of the Standards:

BRCGS Food Safety Issue 84.2.1 Documented assessment of security
5.4.1 Provision of knowledge and information
BRCGS Packaging Issue 64.4.1 Risk assessment of security
3.8.1 Obtaining information
BRCGS Agents & Brokers Issue 34.3.1 Product security/ food defence
4.8.1 Provision of knowledge and information
BRCGS Storage & Distribution Issue 45.2.1 XS Vehicle security risk assessment Information
FSSC 22000 Version Identify food defence threats Identify food fraud threats
IFS Food Version 74.20.2* Fraud assessment scope
4.20.3* Monitoring of food fraud
6.2* Food defence scope
6.3 Monitoring of food defence
SQF Edition i) and ii) Methods, responsibilities and criteria Food fraud mitigation plan

The requirements


The assessment must consider threats and vulnerabilities downstream in the supply-chain, due to fraud, sabotage, and terrorism.

Protection measures

The assessment must consider the security measures that the contractor must have in place, and these must be specified in contracts.

Horizon scanning

Horizon scanning must be used to identify any future potential threats and vulnerabilities downstream. Where a new or increased threat is identified, this must be fed into the assessment.

Downstream scope of custody

The scope of custody for the downstream piece of the assessment must consider fraud, sabotage and terrorism, where your business is accountable for contractors.

The downstream piece is one which is relatively ‘hidden’ within the standard. But it’s there and segregating it this way helps to provide clarity.

Downstream scope

The scope of the downstream assessment looks at all the business activities that employ contractors to carry out on your behalf. This can be manufacturing of product or storing and distributing.

The downstream aspect isn’t widely understood and currently sits within the supplier management section of the standard. The only food-related standard which defines it clearly, is the agents and brokers standard – as it’s such a fundamental part of their business model. However, contractors are used by businesses which work to the food safety, packaging, and storage and distribution standard. This means management of product defence through contractors is critical for product defence of all standards.

Threats and vulnerabilities

Contractors pose a vulnerability to your business and therefore, it’s your responsibility to ensure that they have a robust product defence plan in place.


The members of the team which are essential for identifying vulnerable threats downstream are the logistics and contract management roles, as they have the necessary knowledge and experience.

Learn more about identifying downstream vulnerabilities

This article is an overview of the subject of identifying downstream vulnerabilities. If you’re looking to gain in-depth knowledge on this subject, we’d recommend you purchase our eLearning course.

Product defence

Identifying downstream vulnerabilities

On completion of this course, you’ll be able to identify the business activities downstream which need to be assessed for the relevant threats, to identify the vulnerabilities ready for assessment.

This course will teach you the specifics of the downstream supply-chain, so that you can create a focused threat and vulnerability assessment, which is compliant to the standards.

Buy the identifying vulnerabilities downstream mini training now

Have your say…

Share your thoughts…

Your email address will not be published.