Unlike FSMA which focuses on EMA with a likely threat of public health harm, VACCP applies to all possible occurrences of food fraud or EMA—such as that of inferior oils added to olive oil.

By Lisa Lupo

Hazard Analysis and Critical Control Point (HACCP) programs are a standard of the food processing industry. Originally developed for NASA food safety in the 50s, HACCP has become the foundation of today’s food safety regulations — including those of the Food Safety Modernization Act (FSMA) — and standards — including those of the certification programs for the Global Food Safety Initiative (GFSI).

But counter to the widespread awareness and application of HACCP is the relative unfamiliarity, at least within the borders of the U.S., of the food industry with the Threat Assessment and Critical Control Point (TACCP) and Vulnerability Assessment and Critical Control Point (VACCP) programs. This is, in large part, because neither the federal food regulatory bodies nor their regulations implement these programs which focus on food defense (TACCP) and food fraud/authenticity (VACCP). That’s not to say that threats and vulnerabilities are not addressed by the agencies or regulations, they are simply addressed in a different way. But understanding and integrating aspects of TACCP and VACCP can add value to food facilities’ food defense and authentication programs, just as HACCP adds value to food safety.

To explain the fundamentals of these programs; explore the differences between TACCP, VACCP, HACCP, and FSMA; and expound on how they can benefit food facilities, QA spoke with Food Safety Academy President and Consultant Steven Sklare.


QA. We all know of HACCP, but what are TACCP and VACCP?

Sklare. TACCP is defined as a management process, a systematic method, to defend a food supply chain from intentional contamination. The act of contamination is behaviorally or ideologically motivated with the intent to cause harm to people.

VACCP is defined as a management process, a systematic method, to defend a food supply chain from any form of dishonest conduct that impacts negatively on the quality, integrity, or authenticity of food and drink. The “dishonest conduct” is motivated by economic gain.

GFSI’s Food Safety Management Umbrella defines HACCP (hazard/food safety), TACCP (threat/food defense), and VACCP (vulnerability/food fraud) as three separate pillars to be individually addressed.

QA. Why were they developed — and how are they primarily used?

Sklare. HACCP is a systematic approach to food safety that is designed to prevent or minimize the risk of unintentional contamination of food. It is a linear process that is able to address known risks within the realm of food safety. It is not designed for, nor is it effective in, addressing intentional acts of contamination. It has been recognized that there are significant food safety and food quality concerns that are outside the functionality of HACCP. This is why TACCP and VACCP were developed. Intentional acts of contamination represent “vulnerabilities” as opposed to “risks.” This is a non-linear process.

While HACCP, TACCP, and VACCP sound alike and have similarities, there are significant differences. TACCP is used in the food industry to address food defense-type issues, and VACCP is used in the food industry to address food fraud/food authenticity-type issues.


QA. Why have they not been widely implemented in the U.S.?

Sklare. The issues of food defense and food fraud are more narrowly defined within the food regulations of the U.S. TACCP and VACCP can be used to address food defense and food fraud issues as they are defined within U.S. food safety regulations, but they are significantly broader and more comprehensive than is needed for compliance.


QA. GFSI defined the Food Safety Management Umbrella (above) to include HACCP, TACCP, and VACCP. Can you discuss this? 

Sklare. GFSI, which is a non-governmental, voluntary system of standards, represents an approach to food safety that encompasses food quality as well as food safety. TACCP and VACCP address issues of both food safety and food quality. They are two additional pillars that were needed to support GFSI’s broader and more comprehensive approach to protecting consumers’ health on a global basis. They have been endorsed by GFSI as methods to accomplish certain goals.


QA. How does a TACCP program differ from the FSMA Food Defense (IA) rule?

Sklare. Both a TACCP program and the FSMA Food Defense (IA) rule address the issue of intentional adulteration of food for the purpose of causing harm to people’s health. The FSMA IA rule is more narrowly defined than what a TACCP program would address. The purpose of the IA rule is to prevent or significantly minimize intentional acts of food adulteration intended to cause wide-scale public-health harm. In addition to this, through FSMA, Congress directed FDA to apply the requirements of the IA Rule only to those points, steps, or procedures in the food system that are at the highest risk for intentional adulteration.

A TACCP program would take into account a much broader range of intentional adulteration considerations.


QA. How does VACCP differ from the economically motivated adulteration (EMA) of FSMA’s Preventive Controls rule?

Sklare. VACCP is a method of addressing EMA, which is a sub-set of the broader category of food fraud. EMA is committed for economic gain. The criminal’s intent is to cheat you, not to make you sick.

However, there have been many incidents of EMA where a significant threat to public health resulted from a criminal act to make money. Take, for example, the adulteration of chili powder with Sudan dye. The chili powder was diluted with Sudan dye to lower the production cost of the powder. The use of the dye introduced an unlabeled toxin into the food. VACCP is designed to mitigate the vulnerability of this type of EMA as well as one where the act of adulteration produced an inferior product that was not a threat to human health. An example of this would be the dilution of a fruit drink with water.

VACCP applies to all ingredients and all possible occurrences of food fraud or EMA, whether it is a food safety or food quality issue. FSMA’s Preventive Controls Rule focuses on those instances of EMA that have a likely threat of harm to public health.

In other words, FSMA is primarily concerned about whether or not someone’s act of fraud (cheating you) is likely to make someone sick. If it is a question of only being cheated — well, FSMA isn’t so concerned. The problem is that it is not always cut and dry whether an act of food fraud will lead to a public-health issue or not.


QA. How can TACCP and VACCP integrate with FSMA to add value?

Sklare. It’s not really a question of integrating with FSMA any more than HACCP integrating with FSMA. They are tools to help to support a FSMA compliance program. TACCP and VACCP complement HACCP. TACCP and VACCP are designed to mitigate the vulnerabilities involved in acts of intentional contamination which HACCP is not.

As far as FSMA is concerned, they are tools that can be used to satisfy requirements of FSMA such as food defense and intentional adulteration. The additional value they could provide is that they will help satisfy the requirements of FSMA and go beyond them.


QA. What else should the food industry know about TACCP and VACCP programs?

Sklare. It is important that the food industry understand that the food safety management procedures and practices that have been designed to guard against unintentional contamination do not provide the tools to deal with intentional contamination.

TACCP and VACCP can provide those tools. That doesn’t mean that TACCP and VACCP are the only ways to deal with issues of intentional contamination. If you are building a program to address your “vulnerabilities to food fraud” or “threats of malicious adulteration or contamination” you will be addressing the same concerns as a TACCP or VACCP program.

The author is Editor of QA magazine. She can be reached at llupo@gie.net.