What is Food Defense? Threat Risk/Vulnerability Assessment

Dilek Çelik

Food defense; It covers all processes from raw material purchase to final product shipment in order to reduce the risk of intentional contamination of the food and food packaging facilities. It is necessary for the companies in question to determine the control measures for food defense, evaluate the process steps where the threat of intentional contamination / security vulnerability is high, and determine the appropriate mitigation strategies / measures for these steps, monitor and verify these measures and initiate corrective action when necessary.

Food defense is addressed as a separate requirement in GFSI approved standards. If we look at the definition of food defense, there are different definitions in GFSI (Global Food Safety Initiative), PAS 96:2017 (Guideline on food and beverage protection and food defense from deliberate attacks) and FSMA (Food Safety Modernization Act).

GFSI 2017:

Food defense; The process of ensuring the safety of food and drink from any form of deliberate malicious attack, including ideologically motivated attack that leads to pollution.

PAS 96: 2017:

Food defense; procedures to ensure food and beverage safety and supply chains against malicious and ideologically motivated attacks leading to contamination or supply disruption.


Food defense; It is an effort to protect food and its food supply from intentional contamination and from acts intended to cause widespread harm to public health, including terrorist acts targeting the food supply.

The main starting point of the issue of food defense is the terrorist attack of September 11, 2001. After the September 11, 2001 terrorist attacks in the United States, the Bioterrorism Act was issued in 2002. In 2004, Presidential Directive 9 on Homeland Security was issued to set a national policy for the defense of food and agriculture against terrorism, major disasters and other emergencies.

Subsequently, the Food Safety Modernization Act (FSMA) was signed by President Barrack Obama on January 4, 2011 to prevent intentional and unintentional contamination. Food defense (21 CFR Part 121) is included as a separate legal requirement within the FSMA. The FDA (Food and Drug Administration) is authorized by the FSMA law to regulate the way food is grown, harvested and processed.

If we look at the GFSI approved BRCGS-Food, IFS-Food and FSSC 22000 Standards; The standards include the requirement to conduct a food defense threat risk/vulnerability assessment and establish a food defense plan that outlines mitigation strategies (measures taken to protect food from intentional contamination in a food facility).

There are two widely used methodologies for food defense threat risk/vulnerability assessment. One of them is the TACCP methodology and the other is the food defense plan software program published by the FDA and compliant with the FSMA.

The Threat Assessment Critical Control Points (TACCP) methodology is described in PAS 96:2017 (Guidelines on the protection and defense of food and beverage from deliberate attacks).

If we look at the FDA Food Defense Vulnerability Assessment, there are three methods recommended by the FDA for conducting a vulnerability assessment:

Important Types of Activity

3 Basic Parameters

Mixed Approach

In particular, food facilities that export products to the United States are required to conduct a food defense security vulnerability assessment and create a food defense plan in accordance with the FSMA law.

You can reach the Food defense Guide document, where both TACCP and FDA FSMA methodologies are explained in detail and application examples of methodologies for 4 different food production processes are included, by clicking the link below;


Prepared by: Dilek Kurt, Quality and Food Safety Management Systems Auditor and Trainer, BRCGS-Food, FSSC 22000, ISO 22000 and ISO 9001