This article is written to meet the following sections of the Standards:
|BRCGS Food Safety Issue 8||4.2.1, 5.4.1 (Issue 9) training of product defence team|
5.4.3 Output from the vulnerability assessment
4.2.3 Authorised access (protection measures)
5.4.1 Provision of knowledge and information
|BRCGS Packaging Issue 6||3.8.2 Vulnerability assessment|
4.4.1 Risk assessment of security
3.8.1 Obtaining information
|BRCGS Agents & Brokers Issue 3||4.8.2 Vulnerability assessments|
4.8.1 Provision of knowledge and information
|BRCGS Storage & Distribution Issue 4||10.3.3.2 Vulnerability assessment|
22.214.171.124 Vulnerability assessment review
4.2.1 Threat assessment
|FSSC 22000 Version 5.1||126.96.36.199 Documented threat assessment procedure|
188.8.131.52 Documented food fraud mitigation procedure
184.108.40.206b) and c) Food defence plan
220.127.116.11b) and c) Food fraud plan
|IFS Food Version 7||6.1, 4.20.1 Roles, responsibilities and training|
6.2* Methodology and review
4.20.3* Documented food fraud mitigation plan
|SQF Edition 9||18.104.22.168, 22.214.171.124, 126.96.36.199 Roles, responsibilities and training|
Roles and responsibilities
Members of the product defence team and those accountable for the product defence plan, must be documented.
The roles and responsibilities must be clearly defined.
The product defence team and those accountable for the plan, must understand the potential threats from fraud, sabotage, and terrorism. This must include knowledge of the business’s supply-chain, materials used by the business, the methodology for threat and vulnerability assessment and the principles of product defence.
There must be a procedure including a method for managing the product defence plan, which covers:
The procedure must include a scope and method for assessing threat and vulnerability as part of the product defence plan.
The product defence plan must be kept under constant review and a reactive team review must take place where:
- Horizon scanning identifies a new vulnerability.
- There’s significant change in cost of materials, either upstream or downstream.
- There are shortages in materials.
- Market intelligence identifies a possible vulnerability.
- A product defence incident occurs.
A proactive team review must take place where there’s a change which may impact product defence, such as:
- A change to the country of origin or manufacture.
- A change in the upstream or downstream supply-chain.
- There’s a business change, for example moving the security contract to another contractor.
- Developments in scientific information, which may allow protection measures to be improved.
The plan must be tested and reviewed annually.
Reviews must be documented.
The procedure for horizon scanning must include:
- A systematic process of checking for new information.
- How information is reviewed and transferred for action where necessary.
- A system of filing or recording evidence of horizon scanning.
The effectiveness of the product defence plan and the related protection measures must be monitored, this must include internal audit and GMP inspections.
The product defence plan must be developed to meet a set methodology. The methodology must include:
- The scope of the assessment.
- How threats will be identified.
- How the threats will be assessed for vulnerability.
- How significant vulnerabilities are determined.
- That protection measures must be applied, for all significant vulnerabilities.
- How the system will be reviewed and monitored.
Horizon scanning is a process of constantly looking out for new information. The idea being, that you then use the information to improve your systems and pre-empt any issues that might be coming your way. A good horizon scanning system will be managed using a well thought out process, which includes information sources and agreed responsibilities for receiving, reviewing, and highlighting information for further action.
Having information sources that are set up and continuously sending new information to you is key. You don’t have to pay for expensive memberships or systems to do this. Just simple alerts from local authorities and industry bodies are fine.
Twitter is also an amazing source of information if you pick the right sources. Our favourite is Prof Chris Elliott OBE (who wrote the foreword for our book Assessing Threat Vulnerability for Food Defence).
Training of the product defence team is now a requirement in BRCGS Food Safety Issue 9. This build to the standard has been expected for a while so that it’s in line with the requirements of HACCP. It’s expected that this requirement will be included in all of the other standards as they’re updated.
Any staff who are involved in the development and maintenance of the product defence plan, for fraud (vulnerability assessment) and sabotage and terrorism (threat assessment) – must be trained.
The training must provide a background of fraud, sabotage, and terrorism, so that the learner understands what they’re looking for, along with a comprehensive level of training for the methods and procedures.