Excerpt – The GFSI Food Fraud 10-Year Review: Creation of VACCP

(FREE download until September 14) This is another excerpt from my new article. This post provides background on the creation of the food fraud prevention compliance requirement. Specifically, this reviews the wide range of standards that define the Vulnerability Assessment and Critical Control Point plan (VACCP) concept.

Link to the free article (free until September 14, then requires a subscription or fee): https://authors.elsevier.com/a/1hUIS3I9F4RG28

Writing this journal article paper was a fascinating research project to review the chronology and steps that GSFI took to consider and address food fraud. There were many events and activities that came together during the development process. The first key was the recognition that there was a need to combine a wide range of compliance requirements. Next, once the requirements were identified, one common procedure could be developed.


Developing topics around the time of the GFSI food fraud think tank

From 2005 to 2012, initiated by the modern food fraud incidents mentioned above, there was a renaissance in risk and vulnerability prevention activity. (Frera et al., 2021; Kendal l et al., 2019; Lawrence et al., 2022; Onyeaka et al., 2022; Robson et al., 2021; Smith et al., 2022; Théolier et al., 2021; van Ruth et al., 2021) The GFSI Food Fraud requirements explicitly define a way to organize and review the problems through the Vulnerability Assessment and Critical Control Point Plan (VACCP) concept, providing the application of foundational concepts (Fig. 1). (Barrere et al., 2020; Cane et al., 2021; Lawrence et al., 2022; Manning et al., 2019; Rezazade et al., 2022; Roberts et al., 2022; Robson et al., 2021; Ulberth, 2020)

Fig. 1 . GFSI food fraud vulnerability assessment and critical control point plan (VACCP) foundational concepts (copyright permission granted by the rights holder) (SPINK, 2019 b).

The food industry was already more organized and formal quality management than other industries, with activities such as the HACCP plans that had been developing for 40 + years. The International Standards Organization ISO 9000 Quality Management has been developing since 1987 and became a common practice after the first significant revision in 2000. (ISO, 2015) Quality management kept maturing into rigorous systems such as Six Sigma. Another significant development was ISO 31000 Risk Management in 2009, which created harmonized definitions for terms such as risk, vulnerability, prevention, mitigation, likelihood, and consequence. (ISO, 2009) Other ISO concepts were developed, such as in Technical Committee 247 Product Fraud Countermeasures and Controls (TC 247 and now within TC 292). (ISO, 2010) This was the first-time product fraud and product fraudsters were mentioned in an ISO document. A significant update was published in 2018 on ISO 22380 Security and Resilience – Authenticity, Integrity, and Trust for Products and Documents (General Principles for Product Fraud Risk and Countermeasures). (ISO, 2018 a).

In addition to the ISO activity, there were other standards in development, such as COSO-based Enterprise Risk Management in 2004, and then continuously expanded. (COSO, 2014) COSO was developed to meet the U.S. Sarbanes-Oxley Act requirements related to financial reporting by the U.S. publicly traded companies (and also became a common requirement for all companies). (15 USC 7201, 2006) GFSI was founded to create a single set of benchmark requirements for the food safety certification scheme owners to address a wide range of food safety laws and regulations, such as the U.S. Food Safety Modernization Act (FSMA), the European Commission General Food Law, and the Chinese Food Safety Law.

The GFSI food fraud development history

 New compliance requirements or management mandates do not just magically appear. Also, preventing every type of risk or vulnerability is impractical, especially for those without high-stakes incidents yet. The start of GSFI’s focus on food fraud began with a series of related events. Food fraud incidents such as Sudan Red and melamine in infant formula and pet food were recognized as serious and costly food industry events (2004 –2007). There was an awareness that the current systems were reactionary and not focused on reducing the root cause – the then-current food fraud management was “just to catch food fraud. ” At the same time, scholarly research and publications had started to explore the quality management concept of root cause analysis from criminology, enterprise risk management, and supply chain perspectives.

Takeaway Points

  • Food fraud prevention is based on a wide range of very well-researched theories.
  • The shift of focus from risk to vulnerability, and from mitigation to prevention, helps focus on reducing the root cause of incidents.
  • The VACCP concept helps correlate food industry activities such as HACCP, but also meets other compliance requirements such as for financial reporting and management.

Scroll to Top