BRC issue 8, clause 4.2.2, need help with threat assessment plan

Hello I don´t understand what BRC want with this clause "Where raw materials or products are identified as being at particular risk, the threat assessment plan shall include controls to mitigate these risks. Where prevention is not sufficient or possible, systems shall be in place to identify any tampering.

 

Hello I don´t understand what BRC want with this clause "Where raw materials or products are identified as being at particular risk, the threat assessment plan shall include controls to mitigate these risks. Where prevention is not sufficient or possible, systems shall be in place to identify any tampering.

These controls shall be monitored, the results documented, and the controls reviewed at least annually". 

 

 

Hello Maria,

This clause related to Food defense program into your site, as you may know food defense is a tool which prevent your product from intentional adulteration or contamination and this means that you have to secure all your ingredients and products.

This clause is asking to determine the raw materials or products that could be at risk like packaging material or raw material significant for your industry, once you select it , you have to put controls, monitoring and verification to avoid intentional adulteration like testing of raw material upon recieving and how do you store it and how could you prevent any intentional adulteration could reach to it.

If you didn't do food defense plan before, you can go to FDA website, FDA develops a tool called food defense plan builder which will facilitate your mission and will give you a full plan with actions that should be in place to have a powerful food defense program (https://www.cfsanapp...der/default.cfm) .

Hope that i could help!, if you have any other question, please don't hesitate to ask!

 

Hello I don´t understand what BRC want with this clause "Where raw materials or products are identified as being at particular risk, the threat assessment plan shall include controls to mitigate these risks. Where prevention is not sufficient or possible, systems shall be in place to identify any tampering.

These controls shall be monitored, the results documented, and the controls reviewed at least annually". 

 

 

Hi Maria,

This is an alternative approach to that in Post 2.

BRC8 added above text as part of a general section revision in Issue 8.

BRC's re-organisation of the section was probably inspired by the UK's PAS 96 document.which is linked below  although the food fraud aspect (EMA/VACCP) was separated out by BRC -

https://www.ifsqn.co...-8/#entry142027

the clause 4.2.2 is intended to follow the risk assessment in preceding  4.2.1 for which an example TACCP template is here -

https://www.ifsqn.co...ed/#entry121857

(note that the excel format is modeled on tables in the PAS96 document whose own examples may also be helpful)

(note that for BRC8, the "fraudulent" entries in template are a response to "vulnerability assessment-BRC" rather than "Food Defence -BRC")

(note also the section on "tampering" in the PAS 96 document)

Some pathways to hypothesising potential threats are exampled in the pdf file linked here -

https://www.ifsqn.co...-8/#entry141566

(eg for current clause interest -  pg 7 et seq)

(note that various useful portions of the above pdf are "borrowed" into the excel linked here -

https://www.ifsqn.co...nts/#entry66299

PS - note that the template also overlaps 4.2.3

The BRC interpretation Guidelines are moderately helpful on this section.

 

Hello I don´t understand what BRC want with this clause "Where raw materials or products are identified as being at particular risk, the threat assessment plan shall include controls to mitigate these risks. Where prevention is not sufficient or possible, systems shall be in place to identify any tampering.

These controls shall be monitored, the results documented, and the controls reviewed at least annually". 

 

 

It's reasonably well covered in the interpretation guide, so very definitely worth getting hold of a copy of that if you haven't already.

Broadly this clause is saying that where you've identified a risk from your analysis in 4.2.1 then you need to implement something to control that risk, and if that isn't possible then you will have to implement (and record ;) ) some other control so that you can at least identify if raw materials/products may be compromised. For example if you can't guarantee that product is stored securely then a security seal / tamper-evident tag of some sort could be required, so you can confirm on a scheduled basis if there has been any tampering that could indicate malicious contamination has occurred.