6 mins read

VACCP and TACCP: The Best Line of Food Defense

Topics: Food Safety

“The best defense is a good offence” is a strategy that has been adopted across many fields of endeavor, from military combat to sports and medical science.

This has become increasingly applicable to the food industry in recent years too, in the context of food safety incidents such as the horse meat scandal and the Italian olive oil fraud. To mitigate the risk of such deeply damaging events from occurring, proactive action rather than passive reactivity is the best defense.  But what does proactive action look like and how can food businesses anticipate emerging threats to protect themselves against food fraud, contamination, and adulteration?

Risk management through HACCP (Hazard Analysis Critical Control Points) has long been established to manage food safety, however the relatively new concepts of  TACCP (Threat Assessment and Critical Control Points) and VACCP (Vulnerability Assessment and Critical Control Points) look at specific potential adulteration opportunities within the supply chain.

Crisis Management and Recalls – How to Prepare before it happens
Watch Now

What’s the difference between VACCP and TACCP? 

Although both TACCP and VACCP are concerned with intentional adulteration, they are often confused. 

  • VACCP – Prevention of economically motivated food fraud 
  • TACCP – Prevention of malicious threats to food, such as sabotage, extortion or terrorism. 

How to Make TACCP Workplace Practice

  1. Build a team: Establishing a multi-disciplinary team brings together a broad range of knowledge and skills from different areas of the business. A TACCP team should also include someone who is responsible for security, ideally with IT experience, as cyber hacking has become a major threat.
  2. Conduct a review:  Review your process from start to finish and understand any weak points such as open product areas and goods-in, where there is a high risk of someone contaminating your products. You should also consider items such as keys (which can be stolen), computers (viruses present a risk) or documents and records that could be tampered with. One area that is often overlooked is off-site storage; if a delivery arrives and there is no space to store it, it might be left in the yard or put in off-site storage, which doesn’t always have the same level of security as the main site. The review should also look at any previous incidents.
  3. Create a TACCP plan: For each process step, outline the threat and its impact. Rate the threat and the likelihood of occurring quantitatively (on a number scale) or qualitatively (high-medium-low), and list protection measures, monitoring methods and corrective action.
  4. Review your plan: You should review your TACCP plan whenever there is an emerging threat or following an incident. If neither of the above happens you should still review it annually and meeting minutes for auditing purposes.


How to Make VACCP Workplace Practice

  1. Build a team: As with TACCP, the starting point for VACCP is to build a multi-disciplinary team.
  2. Complete a raw material risk assessment: This should include considerations like how the material is stored and distributed, the availability of testing to identify adulterants, the availability of the material (seasonality and shortages could increase the risk of fraud) and economic factors – what would be the return on committing fraud? If the potential financial gains are small, the risk is probably low.
  3. Create a VACCP plan: For each raw material, outline the potential hazards and award them a risk rating, then identify the control measures that will be implemented to mitigate the risk. The most important control mechanisms are: implement rigorous goods-in procedures, source exclusively from approved GFSI (Global Food Safety Initiative) certified suppliers and conduct supplier audits. The minute you buy ad hoc because of a cheap price, you expose your business
    to risk. Other controls include obtaining COAs (Certificates Of Analysis) for incoming materials. COAs are preferred over COCs (Certificates of Conformance) because they generally come from ISO 17025 certified labs. You may also need to conduct mass balance, laboratory and organoleptic testing. The number one rule when a risk assessment identifies a material as high risk is to buy from a short supply chain from a certified company that has been established for some time.
  4. Scan the horizon: Horizon scanning involves looking for and analyzing threats that will emerge in the medium to long term. Regular horizon scanning is key to an effective VACCP plan as it ensures you are up to speed on what macro trends and events might increase the likelihood of food fraud for a specific raw material. There are different resources food businesses can consult for horizon scanning, including the Food Industry Intelligence Network, the Food Authenticity Network, and the RASFF (Rapid Alert System for Food and Feed) portal.
  5. Review the plan: You should conduct a full review if a new risk emerges. For example, whenever there are shortages in the market, food fraud incidents, or price increases. If none of these happen, you should review the plan annually (as a minimum). The key to successful identification of new risks in this area is  communication with the procurement teams who may hear about issues
    in advance of more public notifications.


VACCP and TACCP are not just another box ticking exercise or layer of food safety bureaucracy – they are the best available defenses against food fraud and contamination incidents. Ultimately, though, their success is dependent on a happy workforce. If staff are motivated, trained and well looked after, they are highly unlikely to engage in malicious activities and highly likely to engage in prevention programs, so your business is best placed to catch any potential threats.

Still have questions? We’re here to help.

Speak to an expert to find out more.

Building trust, integrity and profit through our comprehensive range of solutions to match your business needs. Benefit from our expertise and experience in providing superior audit, certification and training services.