Protecting the Food System from Hazards, Threats, and Vulnerabilities
As consumers drive food safety expectations, risk assessment has become more stringent. Consumers demand that food manufacturers and retailers provide safe, quality foods. International standards and legal requirements mandate risk assessments as part of the implementation of a holistic Food Safety Management System.
Food safety risk assessment has been historically associated with the identification of hazards in food using Hazard Analysis and Critical Control Point (HACCP), and food defense, now identified as Threat Analysis/Critical Control Points (TACCP) by the Global Food Safety Initiative (GFSI.) An additional risk assessment, Vulnerability Analysis/Critical Control Points (VACCP), has been added to the mix to assess the risk of vulnerability to food fraud, following international incidents of intentional adulteration. For instance, in 2008, melamine was added to infant formula to artificially increase the protein content, resulting in infant deaths and serious illness, and leading to massive recalls. (Melamine added to animal feed and pet food caused similar deadly consequences worldwide in 2007.)
The goal of these three complementary risk assessments is to support risk management by identifying risks and applying appropriate preventive measures to protect public health. This article highlights the similarities and differences among the three assessments.
Hazard Analysis and Critical Control Point (HACCP)
HACCP is a systematic approach developed by NASA with the cooperation of Pillsbury and the US Army in the 1960s to prevent astronauts from contracting foodborne illnesses while in space. HACCP allows a multidisciplinary team to evaluate a food manufacturing process to identify potential hazards present that need to be controlled to ensure the safety of the food and prevent foodborne illness in consumers. These hazards are biological, chemical, radiological and physical. The team conducts a risk-based assessment for each step of the process, and identifies those points that are critical to control, reduce, or eliminate the hazard. Once these “critical control points” are identified, the team establishes monitoring procedures, corrective actions to be followed if there is a failure in the plan, verification processes and a record keeping process.
The Codex Alimentarius provides a 12-step process, as shown here, with five preliminary steps and seven principles. Completion of these steps results in the development of the HACCP Plan. In addition, the HACCP plan must be supported by Pre-Requisite Programs for basic compliance with regulatory and/or industry food safety standards, or it will fail to control the hazards.
Threat Assessment Critical Control Point (TACCP)
Formerly known as "food defense," TACCP has been recently introduced through the GFSI, and has become a requirement for some of the standards approved by this institution. TACCP is a management process, the main purpose of which is to identify threats within the food manufacturing process that could potentially result in an intentional, malicious contamination of the food by perpetrators attacking from the outside (external) or inside (internal).
TACCP applies HACCP Principles to protect food and beverage products from attack. The Publicly Available Specification (PAS 96:2017) describes TACCP as a systematic approach to manage risk “through the evaluation of threats, identification of vulnerabilities and implementation of controls to materials and products, purchasing, processes, premises, distribution, networks and business systems by a knowledgeable and trusted team with the authority to implement changes to procedures.” Several threats need to be taken into consideration when performing a TACCP risk assessment.
Just as in HACCP, the TACCP team is a multidisciplinary group of people that perform the risk assessment, identify threats, implement controls to eliminate or minimize the threats, develop corrective actions in case the plan fails, and establish verification and record-keeping processes. Once a TACCP team is formed, the TACCP process involves 15 steps.
The Critical Control Points (CCPs) identified under TACCP are a moving target, and rely heavily on well written Pre-Requisite Programs that provide guidance on how to control the identified threats.
Vulnerability Assessment Critical Control Point (VACCP)
VACCP is a risk-assessment based approach to food fraud. Food fraud is the act deliberately deceiving the consumer about a specific food item placed on the market. The GFSI describes food fraud, including the subcategory of economically motivated adulteration, as “the deception of consumers using food products, ingredients and packaging for economic gain and includes substitution, unapproved enhancements, misbranding, counterfeiting, stolen goods or others.”
The GFSI Food Fraud Think Tank was establish in 2012. The Think Tank is a group of experts in analytical testing, certification, supply chain security, criminology, manufacturing and retailing companies. The Think Tank’s goal is establish systems that can prevent fraud from occurring in the supply chain. The Think Tank suggests two approaches to food fraud:
1) To carry out a vulnerability assessment during “which information is collected at the appropriate points along the supply chain (including raw materials, ingredients, products, packaging) and evaluated to identify and prioritize significant vulnerabilities for food fraud.”
2) Put in place appropriate control measures to reduce the risks from the identified vulnerabilities. “These control measures can include a monitoring strategy, a testing strategy, origin verification, specification management, supplier audits and anti-counterfeit technologies. A clearly documented control plan outlines when, where and how to mitigate fraudulent activities.”
Moreover, the GFSI Board of Directors now requires that all Standards approved shall include the following requirements to certify food manufacturers: 1) a vulnerability assessment performed; and 2) control plans in place.
The entire Supply Chain must be considered during HACCP, TACCP and VACCP risk assessments. This includes, but is not limited to, agricultural activities, transportation, receiving materials, processing, manufacturing, storage, distribution, and retail market activities. Together, this trio of risk assessments provides the tools for building a food safety culture from farm to fork.
1. TACCP: HACCP for threat assessments. Wayne Labs. Food Engineering. March 11, 2016.
2. VACCP: HACCP for vulnerability assessments. Wayne Labs. Food Engineering. February 17, 2016.
3. PAS 96:2017 Guide to protecting and defending food and drink from deliberate attack. The British Standard Institute (BSI)
4. GFSI Direction on Food Fraud Vulnerability Assessment (VACCP) John Spink. Food Fraud Initiative Blog. May 8, 2014.
5. GFSI Position on Mitigating the Public Health Risk of Food Fraud. July, 2014.