Supply Chain Certification Frameworks

🔎 Understanding HACCP, TACCP, and VACCP: A Comprehensive Approach to Food Safety, Defense & Integrity In today's dynamic food industry, focusing solely on preventing unintentional contamination is not enough. Companies must also prepare for intentional threats and economically motivated fraud. That’s where HACCP, TACCP, and VACCP come into play—each serving a unique and essential purpose in a robust Food Safety Management System (FSMS). 📌 HACCP (Hazard Analysis and Critical Control Points) is the cornerstone of food safety, designed to identify and control unintentional hazards—such as microbial, chemical, or physical contaminants—through preventive measures at key points in production. 📌 TACCP (Threat Assessment and Critical Control Points) shifts the focus to intentional harm—such as sabotage, bioterrorism, or malicious contamination. It's a proactive food defense tool, ensuring that vulnerabilities in the supply chain are assessed and mitigated. 📌 VACCP (Vulnerability Assessment and Critical Control Points) addresses economically motivated food fraud, including adulteration, substitution, and mislabeling. It helps companies assess vulnerabilities where fraud might occur and build traceability, transparency, and authenticity into their processes. Together, these three frameworks provide a 360° approach to food protection—from farm to fork. ✅ Implementing all three not only ensures compliance with global standards (e.g., BRC, SQF, IFS, FSMA, Codex) but also builds consumer trust, strengthens brand reputation, and fosters a culture of food integrity. 📊 The visual below offers a simplified comparison to help teams and stakeholders understand the key differences and how each system complements the other. #HACCP #TACCP #VACCP #FoodSafety #FoodDefense #FoodFraud #FSMS #GMP #RiskManagement #FoodIndustry #SupplyChainIntegrity #SafeFood #BRCGS #SQF #IFS #Codex #FSSC22000 #Compliance #FoodQuality #QualityAssurance #FoodSecurity

📊 CSRD, TCFD, GRI, SASB, ISSB, CDP, SDGs... The ESG landscape is full of acronyms — and most companies I work with ask the same thing: “Do we need to choose one… or use them all?” 💡 The good news: You don’t need to choose. These frameworks are not competitors — they’re complementary. Each one helps you see a different part of your impact : Here’s how I often explain it: 🔍 CSRD sets the regulatory baseline in Europe.But to comply with it — and go beyond — you can draw on other frameworks: ✅ Use TCFD to structure your climate risk & scenario analysis (required in ESRS E1) ✅ Use GRI to strengthen your impact materiality and stakeholder engagement ✅ Use CDP for data collection and transparency, especially in supply chains ✅ Use SASB to identify what’s financially material by sector ✅ Use ISSB (IFRS S2) to align with global investor expectations ✅ Use the SDGs to frame your purpose and strategic narrative 🌍 Together, they form the puzzle pieces of a credible, complete sustainability strategy. 📚 To make it easier, I’ve built a side-by-side comparison table with: ➡️ Scope ➡️ Focus ➡️ Legal status ➡️ Use case ➡️ How each complements CSRD 🧠 Whether you're just starting with ESG reporting or refining your disclosures, this can help you map where each framework fits in your journey. 💬 Let me know which ones you’re using — and what’s still unclear. 👇 I’m happy to explore one of them in more detail in a future post. #Sustainability #CSRD #TCFD #GRI #SASB #ISSB #CDP #SDGs #ESGReporting #DoubleMateriality #ClimateDisclosure #ESGStrategy #Consulting #Gamma

The latest Catena-X PCF data exchange model just delayed mandatory attributes on Data Quality Rating and Primary Data Share by 2 years. More important than this deadline shift are the newly added possibilities to use the PCF exchange to create insights in the share of the PCF that have been verified, or that have been calculated by companies with a third-party certified PCF program. Originally, attributes like data quality rating and primary data share were supposed to become mandatory by end of this year. That's now pushed to end of 2027. The delay makes sense. Full rollout hasn't happened yet across the automotive supply chain, so companies get more time to adapt their systems. But here's what's actually interesting about this update. They've introduced new optional attributes: verification share and certification share. These become operational through what is called an "attestation provider" structure. Here's how it works in practice: Let's say you're calculating a product carbon footprint. With the new model, you can now show exactly how much of that footprint has been verified, reflecting both the supply chain and the gate-to-gate contribution or how much of the footprint comes from suppliers with certified PCF programs. You might report: "60% of this component’s product carbon footprint has been calculated by companies that have gone through a third-party PCF program certification." For third-party PCF verification, which is the highest level of trust you can get, as it checks the trustworthiness of a specific PCF result, you can use the separate 3rd-party verification share metric. In a digital ecosystem, not only for PCF, the topic of improving trust in the content that is shared across the supply chain becomes more important. The smart part is how Catena-X has structured this. Instead of building separate systems for verification and certification for PCF and other use cases, they created a generic "attestation provider" framework with "attestation line items." This future-proofs the model. As new types of certifications emerge in IT, Sustainability, and other areas, the same structure can handle them without rebuilding the data exchange format and the semantics used to describe attestation. Right now, these fields are optional because the attestation infrastructure isn't fully deployed yet. But they're enabling the foundation for supply chain trust signals that can propagate from tier-n suppliers all the way to OEMs. The real question is whether OEMs will start to request PCF program certification or PCF verification from their suppliers, even while the attributes remain optional, or if the industry is waiting for regulators to make PCF and its verification mandatory, which is expected to be the case at least for Battery Passport PCFs. What's your take on building an attestation infrastructure before it's required?

Great guide released by Unilever to guide the transformation of agricultural supply chains through a structured, principles based sustainability framework. The 2026 Sustainable Agricultural Principles mark a shift away from internal codes toward a model built on third party standards, benchmarking, and alignment across suppliers operating in different contexts. The framework is built around six core areas that define how agriculture is managed across environmental, social, and governance dimensions: • Integrity and responsible business practices • Protection and regeneration of nature • Climate action and resilience • Human rights and social impact • Animal welfare • Continuous improvement across all areas Implementation is structured around external standards: • Suppliers adopt recognized third party certifications • Unilever benchmarks those standards against its principles • Verification relies on existing third party systems Traceability is treated as a core capability: • Chain of custody from origin to delivery • Supply chain mapping to identify risks • Use of geolocation data to improve visibility On the environmental side, the direction is clear: • Soil management, biodiversity protection, and water stewardship • Zero deforestation requirements for key commodities • Stronger controls on pollution and waste Climate is integrated into operations through: • GHG reduction plans and energy management • Adoption of practices such as agroforestry and climate smart agriculture The social dimension focuses on how conditions are implemented: • Elimination of forced and child labor • Fair wages, contracts, and working conditions • Inclusion of smallholders through access to training and markets A key feature is the progression model: • Expected requirements as the baseline • Leading practices to drive continuous improvement For companies sourcing agricultural inputs, this translates into clearer expectations on traceability, standard alignment, and measurable performance across supply chains.

🌟 GFSI-Recognized Certifications: Ensuring Global Food Safety 🌟 The Global Food Safety Initiative (GFSI) benchmarks food safety standards to ensure trust and consistency across the global food supply chain. Here’s a quick look at the total GFSI-recognized certifications and their key details: 1. FSSC 22000 - Focus: Combines ISO 22000 with additional food safety requirements. - Scope: Applicable to the entire food supply chain, from farming to retail. - Recognition: Widely adopted for its comprehensive approach to food safety management. 2. BRCGS (Brand Reputation through Compliance Global Standards) - Focus: Food safety, quality, and operational criteria. - Scope: Primarily for food manufacturers, packaging, and storage/distribution. - Recognition: Known for its rigorous standards and global acceptance. 3. IFS (International Featured Standards) - Focus: Food safety and quality for retailers and brand owners. - Scope: Covers food processing, packaging, and logistics. - Recognition: Popular in Europe, especially for supplier audits. 4. SQF (Safe Quality Food) - Focus: Food safety and quality management. - Scope: Applicable to all sectors of the food supply chain. - Recognition: Flexible and scalable, suitable for small to large businesses. 5. GlobalG.A.P. - Focus: Good Agricultural Practices (G.A.P.) for farming. - Scope: Covers fresh produce, aquaculture, and livestock. - Recognition: Emphasizes sustainable and safe farming practices. 6. CanadaGAP - Focus: Food safety for fruits and vegetables. - Scope: Designed for Canadian producers and packers. - Recognition: Aligns with GFSI requirements for fresh produce. 7. PrimusGFS - Focus: Food safety for fresh produce and supply chains. - Scope: Covers farming, harvesting, and post-harvest handling. - Recognition: Popular in North and South America. 8. MSC/ASC (Marine Stewardship Council / Aquaculture Stewardship Council) - Focus: Sustainable seafood sourcing. - Scope: Fisheries and aquaculture operations. - Recognition: Ensures environmentally responsible seafood production. 9. HACCP-Based Certifications - Focus: Hazard Analysis and Critical Control Points (HACCP). - Scope: Widely used in food processing and manufacturing. - Recognition: A foundational standard for many GFSI benchmarks. 10. Other GFSI-Recognized Schemes - Examples: China HACCP, Japan GAP, and Thailand Q-Mark. - Focus: Regional food safety standards aligned with GFSI requirements. These certifications are critical for building consumer trust, ensuring regulatory compliance, and promoting global food safety. By adopting GFSI-recognized standards, businesses can demonstrate their commitment to quality and safety while accessing international markets. #GFSI #FoodSafety #FSSC22000 #BRCGS #IFS #SQF #GlobalGAP #CanadaGAP #PrimusGFS #MSC #ASC #HACCP #FoodIndustry #Sustainability #QualityAssurance #GlobalStandards #ConsumerTrust #LetsLearnTogether Let’s continue to raise the bar for food safety and quality worldwide! 🌍

ISO 59000 is the new global framework for the circular economy, published in 2024, and connects to #procurement and #supply chain professionals as it establishes the first internationally agreed definitions, principles, and implementation guidance for transitioning from linear to #circular value chains. In essence it enables and creates; 🌏 Creates a shared global definition of circularity — reducing ambiguity when engaging suppliers across markets. 🌉 Supports compliance with emerging regulations (e.g., EU ecodesign, packaging, resource traceability). 📍 Enables circular procurement by defining principles such as systems thinking, value creation, value sharing, resource management, and traceability. 🧑💻 Improves supplier evaluation through consistent terminology and performance expectations. 💱 Supports redesign of value networks, including remanufacturing, reuse, repair, and industrial symbiosis. ISO 59004: Establishes the six circular principles and a four‑stage implementation framework—useful for policy, category strategies, and supplier requirements. ISO 59010: Helps procurement reshape supply chains toward circular models (e.g., product‑as‑a‑service, reverse logistics). ISO 59014: Provides metrics and assessment approaches for supplier performance, tenders, and contract management. KEY SUGGESTED ACTIONS: ➖ Align procurement policies with the six circular principles. ➖ Update specifications to include durability, repairability, reusability, and traceability requirements. ➖ Engage suppliers using the shared vocabulary and frameworks in ISO 59004. ➖ Integrate circularity metrics (ISO 59020) into evaluation and contract management. ➖ Map value networks to identify opportunities for reuse, remanufacturing, and reverse flows (ISO 59010). FEEL FREE TO SHARE AND COMMENT: Kelly Barner Kelly Hobson Ben Farrell MBE Dr Adam Read MBE Chris McCann MSc MCIPS (Chrtd.) FRSA NSc Jyoti Mishra Annalisha Noel Anthony Hanley MBA Anthony Greig BSc MBA Iván-Alonzo Gaviria M. ∴ Karl Green Anthony Flynn Tom Mills Inma V. Regine PAHMER Dr Howard Price PhD FRSA MSc DMS MCIPS Chartered Phil Broughton Ankit Aggarwal Dr. Raji Sivaraman, PMI-ACP, PMP, PMO-CP™, GPM-b™ Ben Stamp Dr Deepak Arunachalam Eirini Etoimou, MSc, MBA LS, FISEP, MICW Melissa Demartini, PhD Marc Hutchinson FCIPS CEng EMBA Jim Goodhead, FCIPS, Supply Chain, CPO, Procurement Director, Interim Sarah-Jane Ellis BA(Hons) MBA FCIPS Chartered Nina Bomberg

FSSC 22000??? FSSC 22000 (Food Safety System Certification 22000) is a globally recognized certification standard for food safety management systems. It is designed to ensure that food products are safe for consumption throughout the food supply chain, from production to final delivery to consumers. FSSC 22000 is based on the principles of Hazard Analysis and Critical Control Points (HACCP) and integrates other management systems like ISO 9001 (Quality Management) and ISO 22000 (Food Safety Management System). The certification involves the following key elements: 1. ISO 22000:2018: This standard provides the framework for establishing a food safety management system, covering hazard analysis, critical control points, and risk management throughout the entire food production process. 2. Pre-Requisite Programs (PRPs): These are the basic conditions necessary for food safety, like hygiene practices, cleaning, pest control, etc., which support the HACCP plan. 3. HACCP Principles: These are the scientific methods used to assess and manage food safety risks by identifying hazards, setting critical limits, and establishing corrective actions. FSSC 22000 is widely adopted in the food industry and provides organizations with the tools to proactively manage food safety risks, improve operational efficiency, and demonstrate compliance with international food safety standards. It can be applied to all organizations in the food supply chain, including food producers, processors, and service providers.

Understanding the key differences between 𝗜𝗦𝗢 𝟮𝟳𝟬𝟬𝟭, 𝗡𝗜𝗦𝗧, 𝗖𝗜𝗦 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝘀, 𝗮𝗻𝗱 𝗦𝗢𝗖 𝟮 is crucial for organizations aiming to strengthen their security posture. 🔐 Each framework offers unique benefits and serves different purposes. 𝗜𝗦𝗢 𝟮𝟳𝟬𝟬𝟭 is a certifiable standard that provides a comprehensive management system for information security. With 93 controls, it's ideal for organizations seeking formal certification and international trust. 🌍 𝗡𝗜𝗦𝗧 𝗖𝗦𝗙 𝟮.𝟬 is a flexible, risk-based framework focused on strategic governance and maturity. It's widely used for aligning security with business objectives and improving overall resilience. 🔄 𝗖𝗜𝗦 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝘀 𝘃𝟴.1 offers a practical, prioritized set of 18 controls designed for quick wins. It's especially helpful for technical teams looking to harden their defenses efficiently. ⚙️ 𝗦𝗢𝗖 𝟮 is an attestation framework focused on internal controls related to security, availability, processing integrity, confidentiality, and privacy. It is particularly valuable for service organizations that need to demonstrate trustworthiness to clients. ✅ Here's what organizations should know: - ISO 27001 provides formal certification for comprehensive management. - NIST offers a risk-based, flexible approach suitable for strategic planning. - CIS Controls deliver quick, actionable security improvements. - SOC 2 assures client trust through attestation of controls specific to service providers. They are not mutually exclusive. Combining them can give your organization a layered security approach, ensuring compliance, operational effectiveness, and client confidence. If you want to understand how to implement or integrate these frameworks effectively, QRC CCF can help. Let's build a tailored security strategy for your organization. 🚀

⚠️ What appears to be abundantly clear to me in the wake of the JLR, M&S and Co-op breaches recently is that there will be increased scrutiny around supply chains. I personally believe that the days of choosing the cheapest option are long gone. 👋🏻 Supplier questions won't be "How cheap is your service?" Instead you will be asked: "Do you have Cyber Essentials Plus?" 🤔 "Are you audited against the CAF (Cyber Assessment Framework) standards?" 👀 "Do you hold ISO 27001 certification?"🧐 Maintaining these standards requires additional resources and costs, but not having them will gradually reduce the pool of opportunities to work with other serious businesses & public sector services such as the NHS. Nobody wants to be taken out by a supplier that isn't appropriately identifying and mitigating risks through continuous monitoring, controls and actions to improve. 💣 #CyberEssentialsPlus #ISO27001 #CyberAssessmentFramework

🚀 ISO 9001:2026 – Supply Chain Resilience (Post 6) The upcoming revision of ISO 9001 places a much stronger emphasis on resilient supply chains. Organizations are expected to go beyond transactional supplier control and build sustainable, risk-aware, and collaborative networks. Here’s how the key clauses address Supply Chain Resilience: 📖 Clause 4.1 – Understanding the organization and its context Organizations must evaluate internal and external factors that affect business objectives. ➡️ In supply chains → consider geopolitical risks, climate impacts, logistics challenges, and digital vulnerabilities. 📖 Clause 4.2 – Understanding the needs and expectations of interested parties Suppliers, subcontractors, logistics partners, and regulators are recognized as critical stakeholders. ➡️ Their needs (continuity, transparency, ethical sourcing) must shape the QMS. 📖 Clause 6.1 – Actions to address risks and opportunities Risks include supplier bankruptcy, disruptions, and raw material shortages. Opportunities include dual sourcing, local partnerships, traceability, and circular economy practices. ➡️ ISO 9001:2026 strengthens this with separate sub-clauses 6.1.1 (Risks) and 6.1.2 (Opportunities), with guidance in Annex A. 📖 Clause 8.4 – Control of externally provided processes, products, and services Moves beyond audits to collaboration and resilience planning. ➡️ Practical steps: supplier evaluation, ethical practices, continuity agreements, and diversification strategies. 📖 Clause 9.1 – Monitoring, measurement, analysis, and evaluation Organizations must track supplier performance, early warning indicators, and resilience KPIs. ➡️ Helps avoid dependency and boosts agility. 📖 Clause 10.2 – Nonconformity and corrective action Failures in the supply chain must be analyzed and corrected. ➡️ Lessons learned feed back into resilience planning, strengthening future supply stability. 💡 Key Insight: ISO 9001:2026 transforms supplier control into supply chain resilience. Organizations must not just buy from suppliers but also build trusted, risk-aware, and sustainable partnerships. 📌 Disclaimer This interpretation is based on the Draft International Standard (DIS) of ISO 9001:2026. Final publication is expected in September 2026. ✍️ By Subramanian Shanmugam