The on-line VAPor (vulnerability assessment portal) works on three levels – me, my and your.
‘Me’ involves inputting information about your company to assess intrinsic vulnerability to food fraud.
‘My’ is entering information about your products or ingredients to assess the attractiveness to food fraudsters.
‘Your’ enables the firm and the supplier to input information to assess their vulnerability.
FoodChain Europe reviews submitted data against set criteria, allocates a score based on expectation and gives a percentage of risk that the raw material, supplier and business poses.
The British Retail Consortium (BRC) Global Standard on Food Safety, Issue 7 which was published in January, includes measures on fraud vulnerability analysis and the Global Food Safety Initiative (GFSI) is working on something similar.
Red, green or amber
Jerry Houseago, business development director at FoodChain Europe, said the three areas reveal a red, amber or green sign giving an indication of where a company stands.
“It was launched in January to coincide with BRC issue 7 and one significant change in that was the requirement of vulnerability assessment,” he told FoodQualityNews.
“We have about 80 people using it so far and results vary from some producing high vulnerability to others that have low vulnerability so the results are a bit skewed to the medium.”
Intrinsic or extrinsic vulnerability
VAPor assesses ‘intrinsic vulnerability’ (vulnerability from within the business) and ‘extrinsic vulnerability’ (vulnerability due to external impacts such as supply base and raw materials used).
Participants can risk assess their own materials, suppliers and own internal systems.
Examples of intrinsic vulnerability are lax purchasing policies and IT security and extrinsic vulnerabilities can be price of raw materials rising and increasing the motivation for criminals to substitute alternatives.
Houseago said the system has been created to identify potential weak spots in the supply chain so food companies can build defences against criminals.
“Intrinsic vulnerability is looking at your own organisation and asking are we attractive to food fraud and where are the vulnerabilities? For example, you might not have double sign off on contracts and it is easier for a fraudster to manipulate one person than if you have two or a team to check contracts,” he said.
“Extrinsic vulnerability is to do with suppliers, outside of the organisation. What control do you have of suppliers and do you know who they are, have you been to see them and how would you know if production moved from one area to another which could change the risk.
“Risk depends on different things such as where you buy products from, the corruptibility index ranks countries in the world and if that place has historically been subject to abuse in the past it is likely it will happen again.
“For the BRC 7 certification everyone must do a vulnerability assessment and we can help firms do that. It shows areas they do can more and controls they can take.
“Even people who are not covered by BRC they would still want to protect their business from a brand protection point of view.”