Food Fraud Vulnerability Assessment (VACCP): A Step-by-Step Guide 

A food fraud vulnerability assessment — often called VACCP (Vulnerability Assessment and Critical Control Points) — is the structured process of identifying where your supply chain is most exposed to food fraud and deciding which controls reduce that risk. It is now an expectation of most GFSI-benchmarked standards, and a practical defence against the financial and safety damage that fraud causes.

What Is VACCP?

VACCP is a fraud-focused counterpart to HACCP. Where HACCP manages accidental safety hazards, VACCP manages the risk of intentional, economically motivated adulteration — assessing each raw material and supplier for how vulnerable it is to fraud and what would reduce that vulnerability.

Why Carry Out a Vulnerability Assessment?

Food fraud is deliberate and concealed, so it rarely shows up in routine safety testing. A vulnerability assessment forces a structured look at where fraud is most likely and most damaging, which lets teams focus testing, supplier checks and documentation where they matter — instead of spreading effort evenly across materials that don't need it.

Step 1 — Map Your Raw Materials and Supply Chain

List every raw material and ingredient, and trace each back through its suppliers and origins. Fraud risk often hides in the upstream tiers you don't deal with directly.

Step 2 — Assess Vulnerability for Each Material

For each material, weigh the factors that drive fraud: history of adulteration, economic pressure and price volatility, supply scarcity, complexity of the supply chain, and how easily fraud could be detected. High economic incentive plus low detectability equals high vulnerability.

Step 3 — Score and Prioritise

Combine likelihood and impact into a risk score so materials can be ranked. This turns a long list into a focused set of priorities and supports defensible, evidence-based decisions.

Step 4 — Define Controls

For high-vulnerability materials, strengthen controls: targeted authenticity testing, tighter supplier approval and audits, mass-balance checks, and stronger documentation requirements.

Step 5 — Keep It Live

The biggest weakness of most VACCP programmes is that they are reviewed once a year and go stale. Fraud risk shifts constantly with prices, harvests and trade conditions, so the assessment should be updated continuously as conditions change.

From Static Assessment to Continuous Monitoring

This is where most teams struggle: maintaining a live view of fraud risk by hand is impractical. Continuously monitoring the external signals that precede fraud — price spikes, supply disruption, climate stress — keeps a VACCP programme current and evidence-based.
For more, see iComplai's Food Fraud Risk Prediction and the Food Fraud hub.

iComplai supports food fraud teams by continuously scoring these external risk signals, so vulnerability assessments reflect today's risk rather than last year's. Request a demo to see how.