27 Jan 2023

“The best defence is a good offence“

“The best defence is a good offence“ is a strategy that has been adopted across many fields of endeavour, from military combat to sports and medical science.

This maxim has become increasingly applicable to the food industry in recent years too, in the context of food safety incidents such as the horse meat scandal and the Italian olive oil fraud. To mitigate the risk of such deeply damaging events from occurring, proactive action rather than passive reactivity is the best defence. But what does proactive action look like and how can food businesses anticipate emerging threats to protect themselves against food fraud, contamination, and adulteration?

Risk management through HACCP (Hazard analysis Crititcal Control points) has long been established to manage food safety, however the relatively new concepts of TACCP (Threat Assessment and Critical Control Points) and VACCP (Vulnerability Assessment and Critical Control Points) look at specific potential adulteration opportunities within the supply chain.

Although both VACCP and TACCP are concerned with intentional adulteration, they are often confused.

  • VACCP – Prevention of economically motivated food fraud
  • TACCP – Prevention of malicious threats to food, such as sabotage, extortion or terrorism

How to Make TACCP Workplace Practice

  1. Build a team: Establish a multi-disciplinary team that brings together a broad range of knowledge and skills from different areas of the business. A TACCP team should also include someone who is responsible for security, ideally with IT experience, as cyber hacking has become a major threat.

  2. Conduct a review: Review your process from start to finish and understand any weak points such as open product areas and goods-in, where there is a high risk of someone contaminating your products. You should also consider items such as keys (which can be stolen), computers (viruses present a risk) or documents and records that could be tampered with. One area that is often overlooked is off-site storage; if a delivery arrives and there is no space to store it, it might be left in the yard or put in off-site storage, which doesn’t always have the same level of security as the main site. The review should also look at any previous incidents.

  3. Create a TACCP plan: For each process step, outline the threat and its impact. Rate the threat and the likelihood of it occurring quantitatively (on a number scale) or qualitatively (high medium low), and list protection measures, monitoring methods and corrective action.

  4. Review your plan: You should review your TACCP plan whenever there is an emerging threat or following an incident. If neither of the above happens you should still review it annually, and minute the meeting for auditing purposes.

How to make VACCP Workplace Practice

  1. Build a team: As with TACCP, the starting point for VACCP is to build a multi-disciplinary team.

  2. Complete a raw material risk assessment: This should include considerations like how the material is stored and distributed, the availability of testing to identify adulterants, the availability of the material (seasonality and shortages could increase the risk of fraud) and economic factors – what would be the return on committing fraud? If the potential financial gains are small, the risk is probably fairly low.

  3. Create a VACCP plan: For each raw material, outline the potential hazards and award them a risk rating, then identify the control measures that will be implemented to mitigate the risk. The most important control mechanisms are: to implement rigorous goods-in procedures, to source exclusively from approved, GFSI (Global Food Safety Initiative) certified suppliers and to conduct supplier audits. The minute you buy ad hoc because of a cheap price, you expose your business to risk. Other controls include obtaining COAs (Certificates Of Analysis) for incoming materials. COAs are preferred over COCs (Certificates of Conformance) because they generally come from ISO 17025 certified labs. You may also need to conduct mass balance, laboratory and organoleptic testing. The number one rule when a risk assessment identifies a material as high risk is to buy from a short supply chain from a certified company that has been established for some time.

  4. Scan the horizon: Horizon scanning involves looking for and analysing threats that will emerge in the medium to long term. Regular horizon scanning is key to an effective VACCP plan as it ensures you are up to speed on what macro trends and events might increase the likelihood of food fraud for a particular raw material. For example, the breakdown of a trade deal with Spain might result in tomatoes from other origins purporting to be Spanish. There are a number of resources food businesses can consult for horizon scanning, including the Food Industry Intelligence Network, the Food Authenticity Network and the RASFF (Rapid Alert System for Food and Feed) portal.

  5. Review the plan: You should conduct a full review if and when a new risk emerges, for example whenever there are shortages in the market, food fraud incidents or price increases. If none of these happen you should review the plan annually (as a minimum). Key to successful identification of new risks in this area is communication with the procurement teams who may hear about issues in advance of more public notifications


VACCP and TACCP are not just another box ticking exercise or layer of food safety bureaucracy – they are the best available defences against food fraud and contamination incidents. Ultimately, though, their success is dependent on a happy workforce. If staff are motivated, trained and well looked after, they are highly unlikely to engage in malicious activities and highly likely to engage in prevention programmes, so your business is best placed to catch any potential threats.

You may be interested in...