Spink's Food (Fraud) for Thought - Part IV

Food Fraud Prevention – Risk and Vulnerability

Welcome! In support of the Food Authenticity Network (FAN) activity, this blog series reviews key topics related to food fraud prevention. Watch here for updates that explore the definitions of food fraud terms and concepts.


This blog post builds on our previous review of the definition of food fraud, including the types of fraud plus the types of products to consider. This post shifts to the fundamental concepts of risk and vulnerability, and a later focus will be on mitigation and prevention.

Frederick Accum first defined the general food fraud concept in the 1820 publication of ‘A Treatise on Adulterations of Food and Culinary Poisons.’ It was almost 200 years until there was a holistic and all-encompassing approach to not just detection but prevention of food fraud. Over those years, one group (food scientists) completed their task of identifying and detecting the problem. The missing link was the interdisciplinary approach needed to shift from focusing on microbes and chemical contaminants to the human adversary (Social Science and Criminology). There were two paradigm shifts:

  • “The need to assess a food fraud event shifts the focus from the traditional internal process controls and human health risk assessment to prevention and vulnerability reduction.” (Reference 1)
  • “The goal is not to catch food fraud but to prevent the event from ever occurring -- food fraud prevention.” (Reference 1)

This study uses the ISO 31000 Risk Management based term “event.” The terms are reviewed in more detail, including “incident,” “threat,” and “hazard.” This does not conflict with other laws, regulations, standards, and certifications.


Event, Incident, Hazard, Crisis, and Threat

Words and concepts are situational and based on past use and related activities. While there are many casual or informal uses of these terms, it is best to use the terms as they are specifically defined to avoid confusion.

  • Event: is essentially “something” that occurs (Table 1) (ISO, 2002; CNSSI, 2010; Merriam-Webster, 2004). There is no evaluation yet of the change in the consequence.
  • Incident: a type of event that has occurred and is evaluated and could have a negative consequence (DHS, 2008; ANSI, 2009; CNSSI, 2010).
  • Hazard: an event that has not occurred and could cause harm if not addressed (ISO, 2007b; PAS 96, 2014, NRC, 1996; 21 CFR, Merriam-Webster, 2004) -- this includes damaging potential (ISO, 2007b).
  • Crisis: an event that has occurred e or is occurring -- that has confirmed harm (ANSI, 2009), and this includes imminent hazard (21 CFR), attack, emergency (ISO, 2007b; 21 CFR, FDA. 2016), disaster, etc.
  • Threat: the cause of an unwanted event that includes generally known variables or attributes of the source of the negative consequence (“threat source”) (ISO, 2012; ISO 2002; 21 CFR 121, ANSI, 2009; PAS 96, 2014, FSMA, 2016; NIST, 2002; CNSSI, 2010; UNODC, 2010; DHS, 2013) e this includes incident, hazard, damaging potential, etc.


Risk and Vulnerability

During the early food fraud prevention research, it was fascinating to find that risk and vulnerability had been formally defined as separate concepts in formal publications such as by the International Standards Organization (ISO) or the U.S. National Institute of Standards and Technology (NIST). They are related topics but explicitly and implicitly different.

  • Risk: an uncertainty of an outcome that is assessed in terms of likelihood and consequence (ISO, 2007a; NIST, 2002; CNSSI, 2010; DHS, 2013). Often, the consequence is subdivided into other factors such as onset, severity, or other. Risk is based on factors such as the threat's probability and vulnerability susceptibility (NRC, 2009). In other applications, it is an unwanted outcome (DHS, 2008; Codex Alimentarius, 2014, 21 CFR 50 (A) (.3)(k), Merriam-Webster, 2004).
  • Vulnerability: a weakness or flaw that creates opportunities for undesirable events related to the system (“system design”) (ISO, 2007a; ISO 2002; ISO, 2012; DHS, 2013; NIST, 2011; CNSSI, 2010; NRC, 2009; COSO 2014; Merriam-Webster, 2004).

The expansion from just risk to vulnerability was key in the early development of the food fraud standards – including the landmark work by the Global Food Safety Initiative (GFSI, and the related standards from BRC/BRCGS, IFS, SQF, FSSC 22000, and others). This expanded focus on vulnerability was key to enabling the early adoption of the programs. It was also efficient to focus on the root causes.

Watch out for the next blog, which will review the application of quality management and risk management to expand the focus from mitigation to prevention,

If you have any questions on this blog, we’d love to hear from you in the comments box below.



  1. Spink, John, Ortega, David, Chen, Chen, and Wu, Felicia (2017). Food Fraud Prevention Shifts Food Risk Focus to Vulnerability, Trends in Food Science and Technology Journal, Volume 62, Number 2, Pages 215-220, URL: https://www.sciencedirect.com/science/article/abs/pii/S0924224416304915
  2. Spink, J, and Moyer, DC, (2011) Defining the Public Health Threat of Food Fraud, Journal of Food Science, Volume 75 (Number 9), p. 57-63, URL: https://ift.onlinelibrary.wiley.com/doi/full/10.1111/j.1750-3841.2011.02417.x
E-mail me when people leave their comments –

You need to be a member of FoodAuthenticity to add comments!

Join FoodAuthenticity