Youre probably right about auditors not knowing the requirements in this area.
As to the feedback comment, I treated the areas of threats and vulnerabilities as one large project. In my mind, the two are interconnected and I don't see how you can look at threats without looking at vulnerabilities as well... they are different but sill closely related. Food Defence, is actually probably, in my opinion, the best name for it. However you look at it though, and there are many different ways, the important thing is to protect both the product and the business.
Hi Kehlan,
I totally agree that there is an amazing variety of terminological interpretations in this area.
Anyone is of course entitled to define their own terms and methods.
As previously noted, IMO it is unfortunate that VA was omitted from the BRC7 Glossary. Unlike Food Defence. .
BRC's Interpretation Guidance (IG) does define VA and its interpretation therein appears conceptually aligned to that proposed by GFSI. The latter's viewpoint is, i think, somewhat different to presentations such as in PAS96 / Campden. One feature of the IG's approach (and perhaps GFSI also) may be that the term "threat" appears in the introduction to VA but nowhere in its detailed evaluation.
Nonetheless, afaik the IG is not an auditable document so that other approaches are presumably also viable, and acceptable to BRC auditors (some are in fact mentioned in the IG). I can sympathise that this may generate some difficulties for auditors.