Q&A from Food Safety Fridays: Vulnerability Assessment for Food Facilities

Earl Arnold, Food Defense and FSMA Global Manager, AIB International

Earl Arnold, Food Defense and FSMA Global Manager, AIB International

AIB International’s Earl Arnold, Food Defense and FSMA Global Manager, answers webinar participants' most pressing food defense questions in a post-webinar Q&A format.

1.       What are the fundamental differences between TACCP and Vulnerability Assessment methodologies?

The fundamentals are the same. The style of assessment is different if you are required to comply with the FDA regulation. I have read this document and before this new regulation was written, food facilities in the US were following most of this document as a best practice. In my opinion, the only thing that TACCP doesn't focus on enough is inside operations.

2.       After the assessment is complete what is the consequence for the conclusion? Who takes responsibility?

The conclusion of the assessment is to help the facility identify significant vulnerabilities and develop ways to reduce the potential for those things to happen. Once these vulnerabilities are identified, it is up to the owner or agent in charge of the facility to significantly reduce or prevent the identified hazards from occurring.

3.       How is the vulnerability assessment different from the HACCP plan? How do you correlate both so it doesn't seem to be the same thing?

Great question. The main difference is that the vulnerability assessment focuses on intentional adulteration, not accidental. Meaning how can someone do something bad to my products, facility, or brand on purpose. The style of assessment is similar, however, you focus the assessment on how product can be intentionally contaminated at processing steps or in raw materials/ingredients.

4.       Can you merge the HACCP plan with the vulnerability assessment?

Yes. How you manage this program is up to you. Some facilities are conducting an assessment and including food defense and HACCP together, some separate it. This will depend on how your company wants to move forward. My recommendation would be to keep them separate. You might have confidential information that you include in your food defense plan that you do not want to share with visitors.

5.       Is there a difference between food defense plans for packaging and non-packaging?

Not really. There will be a difference in the end result of the vulnerability assessment and how you mitigate the risk based on the products produced and potential contaminants.

6.       Has AIB's Food Defense Coordinator course been revamped?

Yes, this course has been completely redesigned to be more FSMA-focused.

7.       What about using tamper-proof packaging?

This technique can be an excellent mitigation strategy for identified vulnerabilities, depending on the outcome of your vulnerability assessment.

8.       Can food defense procedures be managed as a PRP?

You can manage this program as a PRP, but if you are required to follow a regulatory requirement you must ensure that it meets all of those requirements.

9.       Is food defense necessary for food container producers?

If you produce food contact packaging it is a great idea to develop a food defense program. If you export products to the U.S. it will be required.

10.   What resources are available for food defense?

The FDA website offers a great resource for basic employee training. http://www.fda.gov/food/fooddefense/


No, CTPAT mainly focuses on transportation, not the whole facility.

12.   Although sifters may take out the foreign material, what about micros or dirt that may have gotten on the ingredient?

You are absolutely correct. That is why it is very important to conduct a facility-specific vulnerability assessment, and capture potential contaminants of concern for the ingredients and process, and mitigate those risks if they are significant.

13.   Do operational personnel need to be trained on food defense basics?

It is best practice to train all employees, regardless of where they work, to have a basic understanding of food defense and what it means for your facility and company. Additionally, you want to have a higher level of food defense training for individuals that will be controlling identified vulnerabilities as well as who will be conducting the vulnerability assessment.

14.   If we have C-TPAT, can we say that we implement food defense?

C-TPAT does have elements of food defense, and is beneficial for the transportation of your products, but does not meet all the requirements of the FDA intentional adulteration rule. Additionally, it does not have you look at all processes inside the facility.

15.   Is food defense the same as ISO 3100?

ISO 31000 is a great tool in developing a risk assessment. It is not specifically developed for food defense/intentional adulteration prevention, but some of the concepts can be used in developing a good risk assessment. It does not cover all the requirements for the FDA regulation and would need to be adjusted if you like this style of assessment.

To view the entire webinar, click here.