Module 3, Lesson 2techni-kimages.s3-eu-central-1.amazonaws.com/wp-content/... · 2017-03-24 ·...
Transcript of Module 3, Lesson 2techni-kimages.s3-eu-central-1.amazonaws.com/wp-content/... · 2017-03-24 ·...
Module 3, Lesson 2:
Protection measures
Lesson Guide
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
What we’ll learn
In this lesson, we’re going to cover:
• How to apply protection measures
• Management techniques
• Risk register
• VTPs
Apply protection measures
In HACCP, we apply controls to hazards.
We don’t apply controls for threats, in our vulnerability assessment, because the term control doesn’t fit with this system. There is an important reason for this. Here is the definition for control, from Code Alimentarius:
“A control is an action or activity to prevent, eliminate or reduce a hazard to an acceptable level.”
Note that a control prevents, eliminates or reduces.
That means monitoring activities are not a control; because monitoring doesn’t prevent, eliminate or reduce the hazard from happening. Monitoring merely highlights that the hazard has occurred.
For threats; we can’t state that we can control a threat, because we can’t always prevent it from occurring. For this reason, we have to use monitoring as a form of protection. Therefore; we cannot apply controls to threats in the purest term, as we have to use monitoring.
For threats, we use the term ‘protection measures’ instead of controls. The definition for protection measure is slightly amended from the control definition:
“A protection measure is an action, activity or monitoring technique to prevent, detect or reduce a threat to an acceptable level. “
Note; that ‘monitoring technique’ has been added to the definition, as monitoring is an acceptable way of protecting ourselves from threats.
Prevent, eliminate or reduce has also been changed to, prevent, detect or reduce because, we can’t eliminate a threat. Therefore; we’ve removed the term ‘eliminate’ and replaced it with ‘detect’, because we can detect, through monitoring.
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
Example threats – addition of protection measures
Here are our example threats, on our vulnerability assessment template. Protection measures have been applied to each. Egg has been greyed out, as this threat is not significant.
Confidence in protection measures
When applying protection measures, we need to be confident that they will actually provide adequate protection.
To do this, we must ask:
Will this protection measure really protect us?
Does it add value?
Would we feel comfortable in court defending this?
Imagine the threat has actually happened and one of your customer’s brands was implicated in it. If you were sitting in a meeting room with that customer, would you feel comfortable being able to explain why you felt this protection measure was sufficient?
Management techniques
Once the protection measures have been applied, they need to be assessed, to establish what technique is needed to manage them.
Decision tree
To work out which management technique we should be using, we use a decision tree. The decision tree on the next page is based on HACCP principles, to make it familiar.
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
The decision tree determines which of the four following management techniques should be used to manage the protection measure:
• The risk register
• As an existing CCP
• Supplier management procedures
• As a VTP (vulnerable threat point)
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
Let’s go through each question, step-by-step. To be clear here; we’re not putting the threat through the decision, we’re putting the protection measure for the threat through the decision tree.
Question 1: Can the threat be eliminated?
We must always ask ourselves if the overall threat that the protection measure is for, can be eliminated. For example; can we reduce the length and complexity of the supply-chain, if the threat is a supply-chain threat?
If we can; we follow the ‘yes’ arrow, which says that we should implement the necessary changes to eliminate the threat. If we can’t eliminate the threat, we follow the ‘no’ arrow and go to question 2.
Question 2: Is there a protection measure in place?
If we say ‘no’, we go to question 2a.
Question 2a: Can an immediate protection measure be added?
Note, here, that is says ‘immediate’. If you know the protection measure you need to put in place, but you can’t implement it immediately, then you would have to say ‘no’ to this question.
For example, if you needed to change suppliers, to reduce the length or complexity of a supply-chain, but this couldn’t be done immediately, you would need to say ‘no’ to this question.
If you say ‘no’ this takes you to the risk register management technique. We’ll go through the risk register in more detail, later in this lesson.
If you say ‘yes’ to question 2a, the decision tree asks you to implement a protection measure and then re-assess it.
So, we’re back up to question 2. If we say ‘yes’ to question 2, that yes, there is a protection measure in place, the decision tree takes us to question 3.
Question 3: Is this protection measure specifically designed to protect against this specific threat?
Note here, ‘specifically designed’. What this is asking is:
• Is this protection measure in place, for other reasons as well? • Is the protection measure, already in use for other purposes? • Is it generic, or is it ‘specific’ to this threat?
If you say ‘no’ it’s not specifically designed to protect us against this threat, then it says that we should manage the protection measure through supplier management procedures.
A good example of this would be where a supplier audit is applied as a protection measure. A supplier audit is a generic measure, which is applied for other reasons, such as supplier assurance. It’s not specifically designed to protect us against a threat. Therefore, you would answer ‘no’ to this question.
However; if you were applying a protection measure of a mass balance for a particular claim, such as organic- you would answer ‘yes’ to this question. This is because an organic mass balance is a very specific protection measure for that specific threat, it’s not something you do for everything. Unless of course, you’re an organic only site, which would be different.
If you answer ‘yes’ to question 3, because the protection measure is specifically designed, to protect us against that specific threat, it takes you to question 4.
Question 4: Is this protection measure managed by an existing CCP?
Food safety and therefore HACCP, must always take precedence, so this question is designed to ensure that it does.
If the protection measure is already managed by a CCP, you would answer ‘yes’ to this question. You can see that, the decision tree tells you to continue managing the protection measure through the existing CCP.
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
However; if the protection measure is not managed by an existing CCP, then we would say ‘no’ to question 4 and that would lead you to the VTP management technique.
VTP stands for vulnerable threat point. A VTP is a threat equivalent to a CCP in HACCP.
Management techniques
Protection measures are managed by one of four management techniques:
1. Risk register
2. CCP
3. Supplier management procedures
4. VTP
The risk register is used, where we cannot apply an immediate protection measure.
If the protection measure is already managed using an existing CCP, HACCP takes precedence and we continue managing it as a CCP. It is advisable to make a note on your CCP summary in your HACCP plan, that this CCP also manages a protection measure for your vulnerability assessment.
There are also protection measures that are managed using our supplier management procedures. For these, review the relevant procedure and make sure it covers all the requirements to effectively manage the threat.
A VTP (vulnerable threat point) is the threat equivalent of the CCP.
Example threats – assessment through the decision tree
Here are our example threats, that have been assessed through the decision tree. You can see how this can be documented on the vulnerability assessment template.
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
Risk register
A template has been provided, which shows how a protection measure that needs to be managed through the risk register can be handled.
The risk register template looks like this:
The template encourages the right level of detail to be documented about the threat, and why a protection measure cannot be immediately applied.
The rationale section is an explanation of the current situation and why there is no immediate risk to the product.
Then, the mitigation sections should provide details of what the short, medium and long term plans are, to either remove the threat, or to apply a protection measure.
Example threats – risk register
Here is the example threat for spices, which needs to be managed through the risk register.
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
VTPs
A template has been provided, which shows how a protection measure that needs to be managed as a VTP can be handled.
The VTP summary is based on a CCP summary and should provide all the detail, as to how the protection measure is going to managed. It should detail the procedure, the critical limits or criteria, the frequency of the monitoring and corrective action.
Note, that either critical limits or criteria should be applied. For protection measures, critical limits – of a clear pass or fail cannot always be applied. In some cases, a more subjective set of criteria has to be applied.
Example threats - VTPs
Here is an example VTP summary completed for our examples.
Copyright © 2017 Techni-K Training Academy
Module 3, Lesson 2: Protection measures
What we’ve learnt
• A protection measure is an action, activity or monitoring technique to prevent, detect or reduce a threat to
an acceptable level
• We only apply protection measure to significant threats
• A protection measure must add value and we must feel comfortable that it will protect us
• We use a decision tree to determine how each protection measure should be managed:
o Risk register
o CCP
o Supplier management procedures
o VTP
• A risk register is used to manage a threat where an immediate protection measure cannot be applied
• A VTP – vulnerable threat point
• A VTP is a threat equivalent of a CCP
It’s now your turn to complete your protection measures for your significant threats.
And then, work out how each one should be managed.
Once you’ve constructed your protection measures and completed the necessary documentation, the protection measures then need implementing.
You’ll see that there’s a quiz at the bottom of this lesson. If you successfully complete this quiz you’ll be rewarded with a certificate for this course.
Techni-K Consulting Ltd | The Old Booking Hall, 2a Station Road, Clowne, Derbyshire, S43 4RW Tel: 01246 589609 | Email: [email protected] | Web: www.techni-k.co.uk
Food fraud and vulnerability
Quiz