Completing a supply chain vulnerability assessment is a requirement of the majority of GFSI recognised food Standards. Vulnerability assessments and hazard analysis are also required by FSMA. This process can be challenging for many food safety and QA professionals. Keep reading to get a handle on the basics so you can correctly complete and implement this type of assessment in your business.
What is a supply chain vulnerability assessment?
Let’s start with the absolute basics – defining a supply chain vulnerability assessment. A vulnerability assessment is a search for potential weaknesses in the supply chain to prevent food fraud or deliberate threats. It is focussed on preventing the adulteration or substitution of raw materials before they arrive at your site. It is a specialised form of risk assessment.
What is the purpose of a vulnerability assessment?
The aim of the supply chain assessment is not to assess the potential for fraud or adulteration at your site, but to examine the supply chain for potential concerns or weaknesses. This process can then identify those raw materials that are at particular risk of deliberate threats including adulteration or substitution. This identification will then allow appropriate controls to be developed and put in place.
Assessment of Ingredient or ingredient group
One question that I often get asked is “Do I have to do my vulnerability assessment on all of my raw materials?”. The supply chain vulnerability assessment needs to consider information relating to each ingredient to assess whether there is a potential food defence or food fraud threat.
Where a site purchases many similar raw materials, it may be possible to consider these as a group rather than each raw material individually, providing the risks are identical. Please confirm with your own legal and/or third-party certification requirements if this is allowed. Keep in mind that a potential threat may be supplier based and not ingredient-based.
Vulnerability assessment process
The major GFSI standards do not define the exact process that the site must follow when completing the vulnerability assessment. However, it should at least incorporate the following steps:
- Documenting a list of raw materials (or groups of raw materials) and the controls that are already in place. Control measures may include activities such as product testing, traceability systems or supply chain audits.
- Consider any information obtained for each ingredient. Information about a raw material may be sourced from the supplier, media, internal knowledge, government or third-party databases.
- After the previous steps are done, you will be able to then complete a risk assessment on the vulnerability of each ingredient.
The output of vulnerability assessment
The output of the vulnerability assessment must include a documented vulnerability assessment plan which ranks or scores the materials to identify those which need additional controls. The ranking required could, for example, be:
- Very high – A high-profile raw material with recent reports of adulteration published by regulatory authorities. Action or monitoring is necessary to ensure only genuine materials are purchased.
- High – A high-profile material that provides an attractive target for potential adulteration. Some action and/or monitoring is required to ensure only genuine materials are purchased
- Low – This material is unlikely to be a target for substitution or adulteration; however a re-assessment may be necessary if new information becomes available.
- Negligible – No further action required as the material is extremely unlikely to be a target for food fraud or food defense.
Whichever method or rankings you choose, just make sure you document it and use the method consistently across all raw materials assessed.
Update and Review
It is essential that the vulnerability assessment is up to date and reviewed at least annually or when there is a significant change to the ingredient. As a guide, a review may be triggered by the following, although this is not an exhaustive list:
- a change in the country of origin or the supplier of raw materials
- a change in the financial situation of raw material suppliers or countries of origin
- a change in the cost of raw materials, either upwards or downwards
- a change in the supply chain, logistics and delivery of materials
- a change in material availability (e.g. because of seasonal shortages)
- the emergence of a new risk (e.g. known adulteration of an ingredient)
- developments in scientific information associated with ingredients, process or product
- information received as part of a supplier approval or raw material risk assessment
Risk Assessment Tools
Several different risk assessment tools are available for use. These include some specialist vulnerability assessment tools such as CARVER + Shock and TACCP (threat assessment and critical control points). PwC also publishes a free tool called SSAFE Food Fraud. These tools may be used to achieve a structured approach to the assessment process.
FSMA Requirements
The FDA Food Safety Modernization Act requires vulnerability assessments to be conducted for both ‘Economically Motivated Hazards’ (which have the potential to result in illness or injury) and ‘Intentional Adulteration or Attacks on our Food Supply’. Economically motivated hazards generally get documented within your Food Safety Plan. Intentional adulteration or the requirements of the IA Rule should be covered in your Food Defense Program.
Training in completing Vulnerability Assessments
If you are interested in completing accredited training in Supply Chain Vulnerability Assessments, Food Defense or Food Fraud, HACCP Mentor facilitates both on-demand and virtual courses. Please click here to learn more.