You are here: Home / Archives for Vulnerability Assessments

by

Vulnerability Assessments

What is a vulnerability assessment?

In the food industry, the term vulnerability assessment refers to a risk-assessment-style evaluation of a food’s vulnerability to food fraud.  Food fraud is deception, using food, for economic gain (Food Fraud Initiative, Michigan State University 2016).  Some organisations, particularly in the United States of America, use the phrase vulnerability assessment when referring to malicious attacks on food, such as those conducted for extortion, ideological reasons or terrorism. However those types of risks are issues of food defense rather than food fraud and those risks are not considered here.  To learn more about vulnerability assessments for food defense (intentional adulteration), click here.

A food fraud vulnerability assessment is a documented assessment that identifies vulnerabilities to food fraud and explains how those vulnerabilities were identified.

 

Why ‘vulnerability’ and not ‘risk’? 

A vulnerability assessment is slightly different to a risk assessment; risk is something that has occurred before and will occur again, it can be quantified using existing data.  A vulnerability is a weakness that can be exploited by someone or something who wishes to profit or intends harm.  A vulnerability can lead to a risk.  Because food fraud is difficult to estimate and quantify, we use the word vulnerability rather than risk.  In addition, using the word ‘vulnerability’ helps to minimise confusion in the food industry where risk assessments for food safety are commonly performed and well understood.

Why do a vulnerability assessment?

  1. To protect consumers: Food that is vulnerable to food fraud presents significant risks to consumers.  Food that is adulterated or diluted   [Read more…]

by

Investigating susceptibility to food fraud

This page contains information and links to help you investigate, understand and summarise incidences of food fraud that have occurred or may occur within a food or food ingredient.  Some foods are more susceptible than others to economically motivated adulteration, substitution and dilution.  Understanding the susceptibility of an ingredient or raw material type is an important part of every vulnerability assessment process.

Susceptibility is investigated in two parts.  The first part is the general susceptibility of the food and is irrespective of  where it is purchased or sold; this can be determined using publicly available information.  The second part is specific to an individual food business.  The specific susceptibility of a food or ingredient is dependent on the characteristics of the supply chain, management of the supply chain and testing and auditing activities.

GENERAL SUSCEPTIBILITY

To investigate the general susceptibility of a food or ingredient to food fraud, use publicly available information about incidences of fraud that have occurred in the past and that might occur in the future.

There are a few different ways to access information about previous incidences and emerging issues with a raw material type, as shown below.

how to investigate info graphic

1. Online databases – access to historical data:

  • Decernis has an extremely comprehensive database of food fraud incidents which can be searched by food type and by adulterant type.  This database was developed and formerly operated by the US Pharmacopeial Convention (UPS). It also contains information about analytical methods.   https://decernis.com/solutions/food-fraud-database/.
  • Food Fraud Advisors’ Food Fraud Risk Information Database is a free and open-access online database of food fraud incidences and emerging threats, organised by food type.  No log-in required.
  • HorizonScan contains historical data about both commodities and suppliers.  Users can set up email alerts for issues relevant to them.
  • FoodSHIELD was created by The Food Protection and Defense Institute, which is part of the University of Minnesota and partially funded by the USA Department of Homeland Security.  FoodSHIELD resources, including a database of economically motivated adulteration incidences are available to members.  Unfortunately membership is limited to representatives from local, state, and federal governments, the military and laboratories that perform analyses.  Members must first pass a membership checking process to ensure they are eligible to access the information. https://www.foodshield.org and https://www.foodshield.org/index.cfm/discover-tools-links/what-is-foodshield/foodshield-brochure/
  • The Food Protection and Defense Institute also operates a Food Adulteration Incidents Registry.
  • EMAlert is software that helps USA businesses with commodity scanning and assessing vulnerabilities for USA regulatory compliance.  Subscriptions start at US$2,500 per year.
  • The Rapid Alert System for Food and Feed (RASFF) is managed by a group of European national food safety authorities and alerts its member states to incidences of food and feed safety and integrity.  RASFF publishes a searchable database for investigating incidences of food fraud.  To learn more about RASFF click here.  For direct access to the database, open the RASFF Portal.
  • The US FDA has a searchable list of food recalls and food safety alerts, including those related to food fraud.  http://www.fda.gov/Safety/Recalls/

2. Email alerts via subscription service:

  • Food Forensics, a laboratory located in United Kingdom, offer a monthly horizon scanning risk newsletter to members.
  • FoodChainID Horizon Scan is a paid subscription service that provides alerts on adulteration and fraud, as well as food safety contamination events.
  • Some trade associations provide email services to members.
  • Government-run food safety and food regulatory bodies in some jurisdictions send emails to interested parties.  Contact your local authority for more information.

3.  Direct intelligence:

  • Information can be obtained by asking law enforcement officials and government departments.
  • Suppliers can provide information about their material types.
  • Trade associations can be approached for information on food fraud and emerging issues.
  • Conferences and webinars about food fraud and food defence are held regularly and these can be a good source of information.

SPECIFIC SUSCEPTIBILITY

Specific susceptibility is investigated by considering all the characteristics of a specific material as it is purchased by an individual food business.  Characteristics that should be considered include those associated with the supply chain, purchasing policies and the format of the material.   Each characteristic should be considered with regards to how it could affect the degree to which a person may be motivated to fraudulently adulterate the material and how it could allow a person to:

a) gain access to the material,

b) commit fraud by adulterating, substituting or diluting the material or

c) avoid detection.

To ensure that all relevant characteristics are considered it is best to use a checklist and record observations against each item in the checklist.  Create your own checklist or use a checklist prepared by experts such as those found in a proprietary Vulnerability Assessment Tool.  There are a number of fraud assessment tools available on-line, with differing degrees of usefulness to anyone conducting a food fraud assessment.  The most comprehensive checklist for food fraud vulnerability assessments can be found in Food Fraud Advisors’ Vulnerability Assessment Tools which are available here.

Need more help?  Get easy-to-use, comprehensive downloadable templates in our online training course.

Visit our training academy today

by

Future food fraud threats; an introduction to horizon scanning

What is horizon scanning?

Horizon scanning is the act of looking for and analysing threats and opportunities that will emerge in the medium to long term.  It is used across many industries, including the financial and health care industries.  Within the food industry, horizon scanning refers to the act of collecting information about current trends in food production and predicted incidences that could increase the likelihood of food fraud for a particular food material.  For example, climate change is likely to reduce coffee production which could drive up prices and increase fraudulent activity in that sector.

Horizon scanning is integral to the understanding of risks to food authenticity.  Horizon scanning is an implicit requirement of all GFSI-approved foods safety management system standards and an explicit requirement of BRC Issue 7 and BRC Issue 8, although the words ‘horizon scanning’ themselves do not appear in the standard.   The relevant clause is 5.4.1: “The company shall have processes in place to access information on historical and developing threats to the supply chain which may present a risk of adulteration or substitution of raw materials. Such information may come from trade associations, government sources, private resource centres.”   Horizon scanning refers to developing threats.  To learn how to access data about historical threats, click here.

Food fraud horizon scan brc 5.4.1

How to do horizon scanning:

The British Retail Consortium (BRC) makes the following recommendations in its guidance document Understanding Vulnerability Assessment (2015):

“It is important to note that information relating to the potential adulteration and food fraud of raw materials is constantly changing as new threats are identified and existing ones are managed. The [food] company must therefore ensure that it remains up to date with relevant scientific and technical developments, emerging issues and known threats. Mechanisms to achieve this include:

  • membership of a trade association that provides this service
  • subscription to a service provider supplying updates on food fraud
  • help from government officials or local enforcement officers (in countries where the authorities publish useful information on known incidents or emerging threats or are prepared to discuss these issues with the industry).

It should be noted that the most valuable resources are often those that proactively provide updates, as this avoids the potential for busy staff to forget to access the updated information. During the audit [to BRC Food Safety Standard Issue 7] the auditor will look for evidence of systematic checking and the process for ensuring that information is transferred into action as necessary.”

Food safety audit paperwork

How to get a subscription that meets the requirements of BRC Issue 7 and Issue 8

Food Forensics, also in the United Kingdom, publishes a monthly newsletter for members.  The newsletter can be used for horizon scanning.

FoodChainID Horizon Scan is a subscription service that provides alerts on adulteration and fraud, as well as food safety contamination events.

Fera HorizonScan monitors global food integrity issues and also operates as a paid subscription service.

 

Want to learn more about horizon scanning for food fraud?

Send us an email, we love to help.

 

by

Vulnerability assessment methods

There are two general approaches to performing a vulnerability assessment for food fraud.

But first…. for the purposes of this page, a vulnerability assessment is a risk-assessment-style evaluation of a food product or ingredient’s vulnerability to food fraud.  For information about food defense vulnerability assessments (intentional adulteration vulnerabilities), click here.

The two approaches are (1) a conventional risk assessment model or (2) based on the recommendations of the British Retail Consortium (BRC) in their guidance document Understanding Vulnerability Assessment (2015)

Food fraud vulnerability assessment Food fraud vulnerability assessment BRC

The conventional method is a combination of the likelihood of something occurring versus consequences if that thing occurs.  This method is recommended for all types of food businesses.  It allows businesses to identify their most vulnerable ingredients, products and brands and provides an excellent framework to prioritise mitigation strategies.

The second method is recommended for businesses wishing to meet the requirements of British Retail Consortium (BRC) Food Safety Standard Issue 7 and Issue 8 (clause 5.4.2).  The BRC method does not address the risks from all types of food fraud; it only addresses the risk from adulteration and substitution of raw materials and ingredients.  Therefore it is not recommended for businesses that need to meet the requirements of other GFSI food safety standards such as FSSC 22000 Version 4 (clause 2.1.4.6) or SQF Edition 8.  What are these acronymns?

For more information about how to conduct a vulnerability assessment, take a look at Vulnerability Assessments; What? Why? How?

by

Vulnerability assessments are a waste of time according to this investigator

Vulnerability assessments are a hot topic in food safety at the moment, with Global Food Safety Initiative (GFSI) food safety standards set to include requirements for documented food fraud vulnerability assessments in the near future.  Most food safety and food integrity experts believe that vulnerability assessments are an important first step towards preventing fraudulent foods from reaching consumers.   However, in an interview with Food Safety News, Mitchell Weinberg, food fraud investigator and CEO of Inscatech describes food fraud vulnerability assessments as “frankly… a little bit of a waste of time.”  Mr Weinberg says that a food fraud vulnerability assessment is essentially about recording what you already know.  He explains that if a business is sourcing a food ingredient from a developing country, they should already know that it is more likely to be affected by fraud than if sourced locally.  Likewise, high value and high volume materials are more attractive to fraudsters.  Weinberg tells the interviewer:

Just use common sense, figure out where the problem is, check it out… trust but verify.

Weinberg is right; creating documented risk assessments of any kind is simply an exercise in writing down what we already know.  And common sense should be at the core of any risk assessment.  So is there any value in a documented vulnerability assessment?  

Absolutely!

  • A documented assessment is a record of who thought of what and when they thought of it.  It is evidence that fraud has been considered; it can be used to check that common sense was used in that consideration.  It can be audited, reviewed and updated.  It can be shared.
  • The process of creating a documented assessment can serve as a prompt to identify gaps in knowledge and provide an incentive to ‘fill in the gaps’.
  • A documented vulnerability assessment can be used to transfer knowledge.  Weinberg says creating a written assessment is making a record of what you already know; that is exactly what is needed when the person who made the assessment changes jobs or has to explain supply chain risks to a stubborn Purchasing Manager.
  • Most food businesses manufacture hundreds of food products and many more hundreds of ingredients; comparing the vulnerability assessments of different products and materials is an effective way to prioritise fraud prevention actions.  While the ultimate aim is for no product to be compromised ever, we all have to start somewhere.

Read more about Vulnerability Assessments here.

To view the interview with Mitchell Weinberg, click here.