This article is written to meet the following sections of the Standards:

BRCGS Food Safety Issue 84.2.1, 5.4.1 (Issue 9) training of product defence team
5.4.3 Output from the vulnerability assessment
4.2.3 Authorised access (protection measures)
5.4.1 Provision of knowledge and information
BRCGS Packaging Issue 63.8.2 Vulnerability assessment
4.4.1 Risk assessment of security
3.8.1 Obtaining information
BRCGS Agents & Brokers Issue 34.8.2 Vulnerability assessments
4.8.1 Provision of knowledge and information
BRCGS Storage & Distribution Issue 410.3.3.2 Vulnerability assessment Vulnerability assessment review
4.2.1 Threat assessment Information
FSSC 22000 Version Documented threat assessment procedure Documented food fraud mitigation procedure and c) Food defence plan and c) Food fraud plan
IFS Food Version 76.1, 4.20.1 Roles, responsibilities and training
6.2* Methodology and review
6.3 Monitoring
4.20.3* Documented food fraud mitigation plan
4.20.4* Review
SQF Edition,, Roles, responsibilities and training

The requirements

Roles and responsibilities

Members of the product defence team and those accountable for the product defence plan, must be documented.

The roles and responsibilities must be clearly defined.


The product defence team and those accountable for the plan, must understand the potential threats from fraud, sabotage, and terrorism.  This must include knowledge of the business’s supply-chain, materials used by the business, the methodology for threat and vulnerability assessment and the principles of product defence.


There must be a procedure including a method for managing the product defence plan, which covers:

  • Fraud.
  • Sabotage.
  • Terrorism.

The procedure must include a scope and method for assessing threat and vulnerability as part of the product defence plan.


The product defence plan must be kept under constant review and a reactive team review must take place where:

  • Horizon scanning identifies a new vulnerability.
  • There’s significant change in cost of materials, either upstream or downstream.
  • There are shortages in materials.
  • Market intelligence identifies a possible vulnerability.
  • A product defence incident occurs.

A proactive team review must take place where there’s a change which may impact product defence, such as:

  • A change to the country of origin or manufacture.
  • A change in the upstream or downstream supply-chain.
  • There’s a business change, for example moving the security contract to another contractor.
  • Developments in scientific information, which may allow protection measures to be improved.

The plan must be tested and reviewed annually.

Reviews must be documented.

Horizon scanning

The procedure for horizon scanning must include:

  • A systematic process of checking for new information.
  • How information is reviewed and transferred for action where necessary.
  • A system of filing or recording evidence of horizon scanning.


The effectiveness of the product defence plan and the related protection measures must be monitored, this must include internal audit and GMP inspections.


The product defence plan must be developed to meet a set methodology. The methodology must include:

  • The scope of the assessment.
  • How threats will be identified.
  • How the threats will be assessed for vulnerability.
  • How significant vulnerabilities are determined.
  • That protection measures must be applied, for all significant vulnerabilities.
  • How the system will be reviewed and monitored.

Horizon scanning

Horizon scanning is a process of constantly looking out for new information. The idea being, that you then use the information to improve your systems and pre-empt any issues that might be coming your way. A good horizon scanning system will be managed using a well thought out process, which includes information sources and agreed responsibilities for receiving, reviewing, and highlighting information for further action.

Information sources

Having information sources that are set up and continuously sending new information to you is key. You don’t have to pay for expensive memberships or systems to do this. Just simple alerts from local authorities and industry bodies are fine.

Twitter is also an amazing source of information if you pick the right sources. Our favourite is Prof Chris Elliott OBE (who wrote the foreword for our book Assessing Threat Vulnerability for Food Defence).


Training of the product defence team is now a requirement in BRCGS Food Safety Issue 9. This build to the standard has been expected for a while so that it’s in line with the requirements of HACCP. It’s expected that this requirement will be included in all of the other standards as they’re updated.

Any staff who are involved in the development and maintenance of the product defence plan, for fraud (vulnerability assessment) and sabotage and terrorism (threat assessment) – must be trained.

The training must provide a background of fraud, sabotage, and terrorism, so that the learner understands what they’re looking for, along with a comprehensive level of training for the methods and procedures.

Want to know more about managing your product defence system?

This article is an overview of the subject of managing your product defence system. If you’re looking to gain in-depth knowledge on this subject, we’d recommend you purchase our eLearning course.

Product defence

Managing the product defence system

Upon completion of this course, you’ll know what’s required to manage, develop and implement an effective product defence system.

This course explains how the product defence system must protect the supply-chain, so that you understand the key aspects of the supply-chain and how they must be managed.

Buy the managing the product defence system mini training now

Have your say…

Share your thoughts…

Your email address will not be published.