Vulnerability Assessments
Background, Elliott, PAS 96 and TACCP
Elliott Review into the Integrity and Assurance of Food Supply Networks – Final Report
“The British Standards Institute has worked with Defra and industry, to develop a Publicly Available Specification ‘Defending Food and Drink’ (PAS 96).............elements such as the use of the threats analysis and critical control points, or ‘TACCP’ approach, are relevant in the prevention of food crime.
BSI and Defra should continue to focus on the TACCP approach, and to consider the overlap and avoid duplication between malicious contamination and food crime. This approach will provide the building blocks of any future standards that could be developed on preventing food crime.”
Food Quality, Safety, Fraud and Defence Overlaps
Food Fraud
Food Quality
Food Defence
Food Safety
Accidental Acts
Deliberate Actions
Elliott’s Eight Pillars 1. 2. 3. 4. 5. 6. 7. 8.
Consumers First Zero Tolerance Intelligence Gathering Laboratory Services Audit Government Support Leadership Crisis Management
GUIDELINE 72 - APPLICATION ROUTE TACCP TEAM SELECTION DEFINING THE SCOPE OF THE STUDY / PROCESS FLOW REVIEW CURRENT TACCP MEASURES IN PLACE THREAT CHARACTERISATION •Personnel •Premises •Process •Services •Logistics •Cybercrime
MITIGATION STRATEGY DEVELOPMENT HORIZON SCANNING IMPLIMENTATION RECORDING / DOCUMENTATION AUDIT / REVIEW
• TACCP, or Threat Assessment and Critical Control Point, is a system that was developed in accordance with the PAS96:2010. • Title for the revised PAS96:2014 is, “Guide to protecting and defending food and drink from deliberate attack”,
Updated from PAS96:2010, “Defending food and drink. Guidance for the deterrence, detection and defeat of ideologically motivated and other forms of malicious attack on food and drink and their supply arrangements”
Seven Sources of Food Fraud •UNAPPROVED ENHANCEMENTS
Melamine added to enhance protein value Use of unauthorized additives (Sudan dyes in spices)
•COUNTERFEITING
Copies of popular foods – not produced with acceptable safety assurances.
•DILUTION
Watered down products (Also, potentially using non-potable / unsafe water) Olive oil diluted with cheaper substitutes
•SUBSTITUTION
Sunflower oil partially substituted with mineral oil Hydrolyzed leather protein in milk
•CONCEALMENT
Poultry injected with hormones to conceal disease Harmful food colouring applied to fresh fruit to cover defects
•MISLABELLING
Expiry of dates, provenance (unsafe origin) Toxic Japanese star anise labelled as Chinese star anise Mislabelled recycled cooking oil
•GREY MARKET PRODUCTION / THEFT / DIVERSION Sale of excess unreported product
BRC V7 New Clause 5.4.2 “A documented Vulnerability Assessment shall be carried out of all raw materials to assess the potential risk of adulteration or substitution. This shall take into account:
•Historical evidence of substitution or adulteration •Economic factors •Ease of access to raw materials through the supply chain •Sophistication of routine testing to identify adulterants •Nature of the raw material”
BRC V7 Interpretation Guide “A number risk assessment tools have been published including some specialist vulnerability assessment tools, for example CARVER+Shock and TACCP (Threat Assessment Critical Control Points), which may be used to achieve a structured approach to the assessment process.”
BRC V7 Interpretation Guide “A vulnerability assessment is a search for potential weaknesses in the supply chain in order to prevent food fraud i.e. to prevent the adulteration or substitution of raw materials before they arrive at the site. The aim of the assessment is not to assess the potential for fraud at the site, but to examine the supply chain for potential concerns or weaknesses to identify those raw materials which are of particular risk of adulteration or substitution, such that appropriate controls need to be put in place.”
BRC V7 Interpretation Guide “Typical information to incorporate into the assessment includes: • Any emerging issues and information identified • Historical evidence of substitution or adulteration of the ingredient • Cost/value of material • Availability - for example, a poor harvest may restrict availability and may increase the potential for adulteration • Sophistication of routine testing to identify adulterants – if testing within the supply chain is comprehensive and specifically focused on potential fraud issues, then the likelihood of adulteration is reduced. • Country of origin • Length and complexity of the supply chain • The nature of raw material may change the potential for food fraud”
BRC V7 Interpretation Guide “Output from the vulnerability assessment Where raw materials are identified as being of particular risk then appropriate assurance controls need to be in place to ensure that only genuine materials are purchased. Depending on the perceived risk assurance controls may include: • Certificates of analysis from raw material suppliers • Raw material testing • Supply chain audits • Use of tamper evidence or seals on incoming raw materials • Enhanced supplier approval checks • Mass balance exercises at the raw material supplier • Changes to the supply chain eg a change of supplier or a move to a shorter supply chain”
CARVER + shock A method from the FDA that puts a scoring system on attributes of: • Criticality - measure of public health and economic impacts of an attack • Accessibility - ability to physically access and egress from target • Recuperability - ability of system to recover from an attack • Vulnerability - ease of accomplishing attack • Effect - amount of direct loss from an attack as measured by loss of production • Recognizability - ease of identifying target • shock - the combined health, economic, and psychological impacts of an attack
Vulnerability Assessment Section 106 of the Food Safety Modernization Act (FSMA) • requires the FDA, among other things, to conduct a Vulnerability Assessment (VA) of the food system • A VA is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system
FSMA - What is a Vulnerability Assessment? • In food safety there are "hazards" to accidental contamination • In food defense there are "vulnerabilities" to intentional contamination.
• In calculating risk of intentional threat, the common measure of vulnerability is the likelihood that an attack succeeds, if it is attempted
• By conducting a vulnerability assessment of a food production facility or process, you can determine the most vulnerable points in the infrastructure and focus resources on the most susceptible points
TACCP & HACCP Differences and Integrating the Systems
A Quote….. “There are known known's. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.” Donald Rumsfeld, US Secretary of Defense - February 2002
It could be said that HACCP is perhaps a study of the “known known's” and the “known unknowns”. TACCP is an analysis of some “known unknowns” and “unknown unknowns”.
Key Differences •
The team may cover the need for slightly different or additional disciplines
•
The Process Flow Diagram (PFD) will be written to capture the entire process, not just that which takes place at the manufacturer’s site
•
As a result of the requirements, the potential hazards may detail not only Chemical, Physical and Biological hazards, but also cover the elements of radiological hazards and of adulteration.
•
Potential contaminants within the TACCP study may not be confined to those which are pertinent to the process involved (e.g. Metal swarf from stirrer blade)
•
At times with TACCP, the specific hazard at each process step might not be listed.
•
TACCP suggests implementing response levels of ‘Normal’, ‘Heightened’ and ‘Exceptional’, in parallel with Prerequisite programmes and Critical Control Points.
Flow diagram - Meatball manufacture Primal Intake of Beef
Primal Intake of Pork
Store in Freezer
Store in Freezer Store in Chill
Thaw
Thaw
Weigh Primals
Store in Chill
Mince through 5mm plate
Weigh batch Quantity Minced Beef
Weigh batch Quantity Minced Pork
Blend minced Beef, minced Pork and other ingredients Discharge into tote bins Form meatballs on forming machine Place in containers / trays / packaging Chill or Freeze Load Vehicle
Storage
Weigh Primals
Mince through 5mm plate
Store in Chill
Intake of other ingredients
Dispatch
Central delivery Depot Deliver to meatball in sauce manufacturer
Weigh batch seasonings and other ingredients
FSMA Vulnerability Assessment The key activity types identified in the most vulnerable production environments are: • • • •
Coating / Mixing / Grinding / Rework Ingredient Staging / Prep/Addition Liquid Receiving / Loading Liquid Storage / Hold / Surge Tanks
Primal Intake of Beef
Primal Intake of Pork
Store in Freezer
Store in Freezer
Store in Chill
Thaw
Thaw
Store in Chill
Weigh Primals
Weigh Primals
Mince Through 5mm Plate
Mince Through 5mm Plate
Weigh Batch Quantity Minced Beef
Weigh Batch Quantity Minced Pork
Blend Minced UK Beef, Minced Pork / Ingredients Store in Chill
Discharge Into Tote Bins
Form Meatballs on Forming Machine
Place in Containers / Trays / Packaging
Chill or Freeze Load Vehicle
Dispatch
Central delivery Depot Deliver to Meatball in Sauce Manufacturer
TACCP Human Elements
The Centre for the Protection of National Infrastructure (CPNI's) Insider Data Collection Study indicated: • Significantly more males engaged in insider activity (82%) than females (18%) • The majority of insider acts were carried out by permanent staff (88%); only 7% of cases involved contractors and only 5% involved agency or temporary staff • 60% of cases were individuals who had worked for their organisation for less than five years • 49% of insider cases occurred within the 31-45 years age category. Instances of insider cases increased with age until they peaked within this category and then decreased beyond 45 years of age
Human factors Skill based errors Errors
Mistakes Human Factors
Slips of action
Lapses of memory
Thought the setting should be 4 when in fact it should be 6
Rule based mistakes
Used baking powder instead of baking soda
Knowledge based mistakes
Used a thermometer that wasn’t calibrated
Routine
Violations
Intended to set dial to 3 accidentally set to 6
Knows to follow steps 1 to 10 in order but always performs steps 1-5, 7-10 then step 8
Situational
When under time or other constraints, the action not carried out as per the procedure
Exceptional
Disgruntled employee received a warning that day and chose to act in a way they shouldn’t
Complacency, Incompetence, Criminality: 3 Business Threats
Subject Matter: • Complacency – “Smug self satisfaction”
• Incompetence – “Lacking the necessary skill”
• Criminality – “Tendency to illegal acts”
• Sudan dyes • Melamine
Case study I: Sudan dyes (genotoxic carcinogens, prohibited for use in food) May’03 France reports Sudan dyes as an issue in Indian chilli products Jul’03 Pan-EU controls introduced Feb’04 FSA reminds UK industry of issue Jan’05 56 Alerts issued in UK since 2003 Feb’05 Worcestershire sauce found with sudan (made with 2002 chilli) Mar’05 580 products withdrawn from the UK market
Case Study II: Melamine 2005/6 Local reports of melamine as an in issue in Chinese milk Mar’07 First US pet deaths directly attributable to melamine Aug’07 >5300 products recalled Jun’08 Linkage between baby kidney damage and Sanlu milk in Gansu province Aug’08 Melamine found by Fonterra (NZ) Sep’08 Fonterra advise NZ government who advise the Chinese govt. Significance of problem recognised Dec’08 Estimated number of cases: >250,000 babies & infants
Points to consider • Understand the historical perspective • Inevitable lag time between commencement and detection • Value of certification • Adulteration often relates to value (money) determining product attributes – Attribute quality is often measured to an indirect or subjective end-point (e.g. Colour)
•
Fraud is becoming more sophisticated – “chemically identical” substitutes (e.g. vanilla) – Commodity items (e.g. olive oil / basmati rice / tomato paste)
How To Conduct a TACCP Study
APPLICATION ROUTE / LOGIC TABLE
TEAM SELECTION DEFINING THE SCOPE OF THE STUDY / PROCESS FLOW REVIEW CURRENT TACCP MEASURES IN PLACE THREAT CHARACTERISATION •Personnel •Premises •Process •Services •Logistics •Cybercrime
MITIGATION STRATEGY DEVELOPMENT HORIZON SCANNING IMPLIMENTATION RECORDING / DOCUMENTATION AUDIT / REVIEW
Threats categorised by likelihood / impact and plotted
5
EXCEPTIONAL
4
Impact
3
HEIGHTENED
2
NORMAL 1
1
2
3 Likelihood
4
5
DOC REF: TACCP1 DATE: XX/XX/XX
EDITION: 1 VERSION: 1
TACCP ANALYSIS: FOOD SECURITY
Product / Process: No.
1
2
3
Process step description
Step No.
Threat description and job role involved
Response: Normal Heightened Exceptional
Preventative Actions / Control Measures
Severity
Likelihood
Total
Thank you Lorraine Green Quality Management Systems Specialist – Campden BRI Tel: 01386 842458 Email:
[email protected]
