BRCGS Product Defence and Vulnerability Assessment: TACCP and VACCP Basics

3 minute read

BRCGS

By Robert Low, Lead Management System Specialist and BRCGS Approved Trainer

Two risk disciplines that food manufacturers have lived with for a decade are now firmly on the consumer products agenda: product defence, protecting products and sites against deliberate attack, and vulnerability assessment, protecting your supply chain against fraud. The Issue 5 draft strengthens expectations on both, so here are the basics, translated for non-food manufacturers.

Product Defence, or TACCP

Food safety people call this TACCP, threat assessment and critical control points. Strip the acronym away and it is a structured question: who might deliberately contaminate, sabotage or otherwise attack our products or site, how could they do it, and what stops them? The assessment covers external threats, intruders, activists, malicious actors in the supply chain, and the harder conversation, internal threats from people with legitimate access. The output is a product defence plan: the security arrangements, access controls, monitoring and procedures that mitigate the risks you have identified, monitored to confirm it is actually implemented and reviewed at least annually or when a new threat emerges.

The practical starting points are unglamorous. Who can access your production and storage areas, and would anyone notice a stranger? Are tanks, silos and transfer points sealed and secured? Do contractors get supervised? Is there a way for staff to raise concerns confidentially? Answer those honestly and your first product defence plan is half written.

Vulnerability Assessment, or VACCP

Vulnerability assessment looks the other way, out into your supply chain, and asks where fraud could enter: substitution of materials with cheaper alternatives, adulteration, misrepresentation of origin or certification claims. For each material or material group you weigh factors such as fraud history, economic incentive, supply chain complexity, how detectable fraud would be through your routine testing, and your confidence in the supplier. High scoring materials get mitigation: tighter specifications, targeted testing, supply chain mapping, more demanding supplier approval. The assessment stays live, reviewed annually and whenever market conditions shift, because fraud follows economics and economics move.

Doing It Proportionately

The mistake I see most is sites producing enormous scoring matrices that nobody uses. A good assessment for a mid-size consumer products manufacturer fits the business: honest, documented, focused on the handful of genuinely vulnerable materials and threats, with mitigation that actually happens. Both disciplines slot naturally alongside your wider risk methodology, which I cover in my HARA explainer, and both are areas where the expectations in the final Issue 5 text deserve close reading when it publishes, as my Issue 5 draft breakdown sets out.


BRCGS Consumer Products Issue 5

Get Ready for Issue 5 Before Your Competitors Do

Official ATP training for certification bodies and sites from launch, plus remote Issue 4 to Issue 5 gap analysis and transition consultancy, delivered by a BRCGS Principal Trainer for Issue 5. Pick the button that fits you and it opens a pre-filled email to me.

The buttons open your email client with a short template. Nothing is sent until you press send.

Need More Help?
We'd Love To Hear From You

Cornerstone Logo White