Welcome to part 5 of the FSSC 22000 additional requirements series, where we will cover Food Defence as outlined in Requirement 2.5.3 of FSSC 22000 Version 6. We hope you find this article informative and valuable.
We also highly recommend watching the video.
This series is designed to be your one-stop shop for understanding the FSSC 22000 V6 additional requirements. Stay tuned for future parts that will delve deeper into each requirement.
Before we begin, let us introduce our most popular FSSC 22000 V6 DIY services:
- Complete document templates toolkit for Food Manufacturing / Processing / Packing
- Complete document templates toolkit for Packaging Manufacturing
- Introduction to FSSC 22000 V6 online self-paced course
- Transition to FSSC 22000 V6 online self-paced course (from V5.1 to V6)
Table of Contents
FSSC 22000 V6 Requirement 2.5.3 in a Nutshell – Food Defence Explained
Now let’s break down the two key elements within this requirement. Requirement 2.5.3 has 2 sub-requirements:
2.5.3.1: Threat Assessment with 2 Clauses numbered a and b.
2.5.3.2: Plan with 4 Clauses numbered from a to d.
Refer to page 19 of the FSSC 22000 V6 scheme document. Do you have a copy? CLICK HERE
Requirement 2.5.3.1: Threat Assessment
A threat assessment is a process used to identify and evaluate potential threats that could harm an organisation’s processes and products. It involves systematically examining different factors and scenarios to understand where vulnerabilities might lie.
The goal is to pinpoint areas that could be targeted by malicious acts and then determine how to mitigate or control those threats. In the context of Food Defence, this means protecting food products from intentional contamination or tampering.
(a) Conduct and Document a Threat Assessment
(All Food Chain Categories)
Organisations must carry out and record a thorough Food Defence threat assessment. This assessment should be based on a well-defined methodology, which helps identify and evaluate potential threats that could impact the processes and products within the organisation’s scope. The findings must be meticulously documented to maintain a clear record and reference point for future assessments and reviews.
It is important to identify possible aggressors and the threats they may pose. Below are examples of potential aggressors and the kinds of threats they may pose.
Examples of Aggressors:
- The Opportunist
- The Disgruntled Individual
- The Irrational Person
- The Extremist
- The Cyber Criminal
- The Professional Criminal
Examples of Threats:
- Malicious Contamination
- Counterfeiting
- Cybercrime
- Extortion
- Espionage
- Theft
(b) Develop and Implement Mitigation Measures (Strategies)
(All Food Chain Categories)
Organisations must develop and implement suitable mitigation measures once significant threats have been identified through the threat assessment. These measures should bring significant threats under control, ensuring the safety and security of food products.
Examples of Mitigation Measures:
- Physical
- Managerial
- Collaborative
- Procedural
- Human resources
- Technological
Visit our online, self-paced Food Fraud and Food Defence training HERE
Requirement 2.5.3.2: Plan
The Food Defence plan is an overall assessment that you have conducted and put in place as an organisation, taking into account the threats that could potentially affect your organisation. This involves looking at the different areas that could be affected and also identifying the possible aggressors who would be the perpetrators of those specific threats.
Then, you would implement actions to mitigate those threats. These include actions, control measures, and mitigation measures. Once you have done all that and formulated a mitigation strategy that addresses the threats, including the risk profile of each one, it is then considered a Food Defence plan. This plan will guide the organisation on mitigating measures and ensuring that these threats do not affect the organisation.
So, the entire system of your Food Defence will be considered a plan because it provides a way forward that will inform the organisation, including the Food Defence team and their employees, on what needs to be done to prevent possible threats from affecting the organisation.
a) Documented Food Defence Plan
(All Food Chain Categories)
The organisation must have a documented Food Defence plan based on the threat assessment. This plan should detail the mitigation measures and verification procedures that have been identified to protect against potential threats.
b) Supported by the FSMS
(All Food Chain Categories)
The Food Defence plan must be implemented and supported by the organisation’s Food Safety Management System (FSMS). This integration ensures that Food Defence measures are an active part of daily operations and management practices.
c) Comply with Legislation, Up to Date and Cover all Processes and Products
(All Food Chain Categories)
The plan should comply with applicable legislation and cover all processes and products within the organisation’s scope, and it should be kept up to date to reflect any changes in threats and processes.
Not many countries have legislation that specifically stipulates the requirements for Food Defence but here are a few examples:
- U.S. – FDA Food Safety Modernization Act (FSMA)
- U.S. – Bioterrorism Act (BTA)
- E.U. – General Food Law – Regulation 178
d) Suppliers of Brokers, Agents and E-commerce
(Food Chain Category FII)
For food chain category FII, the organisation must ensure that its suppliers also have a Food Defence plan in place. This ensures that the entire supply chain is secured and that all parties involved are committed to maintaining Food Defence standards.
Examples of Documents to Use for Food Defence
Here is a list of documents to consider:
- Food Defence Procedure
- Food Defence Risk Assessment
- Annual Security Assessment Checklist
- Food Defence Checklist
View an index of all documents HERE
Video Explaining Food Defence
Watch the video for more in-depth information: We highly recommend watching the accompanying video for a more detailed explanation of the requirements. The video includes examples and scenarios showcasing the recommended documentation for Food Defence.
Frequently Asked Questions
Here are some of the most frequently asked questions relating to Food Defence.
1. Do You Need a Threat Assessment Team?
The short answer is no, but it is advisable to have a Food Defence or Threat Assessment Team where you incorporate all the relevant parties, especially security, production, quality, possibly marketing, and logistics since they’re involved in the supply chain.
This ensures that you get input from all the relevant people who would contribute to ensuring that your food is protected throughout the supply chain, from receiving right until it is delivered to the customer. Generally, the practice would be to also incorporate the HACCP team as part of the threat assessment team.
So, it is advisable to have one, but according to the standard, there is no explicit requirement under Requirement 2.5.3 that stipulates there must be a threat assessment team.
2. Who needs Food Defence training?
The Threat Assessment Team or anyone responsible for Food Defence need to understand at least the following:
- What Food Defence is.
- What are the principles of Food Defence?
- What are the different methodologies that one could use to implement a Food Defence system?
You also need to ensure that your staff is aware of the Food Defence practices that the organisation has in place. Also, what should they look out for to ensure that your food is protected from threats you have identified?
In summary: More in-depth training should be offered to the Food Defence team, and awareness training should be provided to other staff members.
Visit our online, self-paced Food Fraud and Food Defence training HERE
3. Does FSSC 22000 Version 6 provide guidance regarding Food Defence?
Yes. You can find the guidance documents for Food Defence on the FSSC 22000 website for download.
4. Is Food Defence the same as Site Security?
No. Food Defence focuses on protecting food products from intentional contamination or tampering, ensuring safety throughout the food chain. It involves implementing measures to prevent malicious acts that could harm consumers or disrupt food safety.
On the other hand, site security focuses on the overall protection of a facility or location, including physical security measures, surveillance, and access control to safeguard against various threats like theft, vandalism, or unauthorized access.
While part of Food Defence involves site security, these terms cannot be used interchangeably. They are two distinct concepts.
Audit Tips
Our auditors flagged a few Food Defence weaknesses during recent audits which we would like to share with you:
- No Clearly Defined Methodology for Threat Assessments: Ensure your threat assessment follows a precise and well-documented methodology. This structured approach will help you consistently identify and evaluate potential risks.
- No Holistic Integration for All Sites: Incorporate all processes and products from all sites as part of your Food Defence plan. Leaving out any aspect could create vulnerability gaps in your overall Food Defence strategy.
- No Effective Mitigation Measures for Significant Threats Identified: Show that significant threats identified are brought under control by your mitigation measures. This proves your defences are effective and reliable.
- Considering Legislation Relating to Food Defence: Where applicable, make sure your Food Defence measures comply with the legislation of the country where your products will be sold. This helps avoid legal issues and ensures your Food Defence strategies meet all regulatory requirements.
- Suppliers to Brokers and Agents Have No Food Defence Plan in Place: Agents and brokers must ensure their suppliers have a robust Food Defence Plan. It’s not enough for just your organisation to be prepared; your entire supply chain needs to be secure.
- The Food Defence Plan is not Reviewed and Updated After Changes: Regularly review and update your Food Defence Plan, especially when there are changes in your processes, products, or external factors.
- CCTVs are not Properly Manned or Monitored: If you rely on CCTV as part of your Food Defence strategy, ensure it is regularly monitored.
Conclusion
In conclusion, implementing an effective Food Defence strategy is crucial for compliance with FSSC 22000 Version 6 Regulation 2.5.3 additional requirements relating to Food Defence. By addressing the requirements in this article, your organisation can ensure protection against intentional contamination threats and maintain a secure food chain.
Get the tools you need: ASC Consultants offers a variety of FSSC 22000 V6 resources to help you achieve and maintain certification. Explore our document template toolkits and online self-paced courses to streamline the implementation process:
- Complete document templates toolkit for Food Manufacturing / Processing / Packing
- Complete document templates toolkit for Packaging Manufacturing
- Introduction to FSSC 22000 V6 online self-paced course
- Transition to FSSC 22000 V6 online self-paced course (from V5.1 to V6)
If you have any questions about FSSC 22000 or these additional requirements, please don’t hesitate to leave a comment in the comment section at the end of the article. We’re here to help!
How can we Help?
We offer a variety of FSSC 22000 V6 services. Let us know HERE and we will direct you to the relevant department or services.
FSSC 22000 V6 Series-related Articles
Check out our other related articles for more tips!
We are currently building this series and hope you will find it useful. Bookmark this page to check for regular updates.
Comments
If you have any questions about FSSC 22000 or these additional requirements, please don’t hesitate to leave a comment below. We’re here to help!