3 visuels non annotés dans ce document.
Annoter →
Auteur
IFS
Langue
en
Fragments
314
Embedding
—
314 fragments
## **IFS Product and Food Defence Guideline**
p.1
## **IFS Product and Food Defence Guideline**
p.2
IFS would like to thank all participants who contributed to the review process for the IFS Product and Food Defence Gui…
p.2
This guideline is a supporting document related to the topic of product defence. It is not a normative document, and it…
p.2
Food defence requirements are subject to different regulations in different countries and regions, which must be taken …
## **TABLE OF CONTENTS**
p.3
## **TABLE OF CONTENTS**
p.3
|**1**|**Introduction**|**3**|
|---|---|---|
|**2**|**Definitions and general aspects**|**5**|
||2.1 General aspects|6…
p.5
Product defence – including food defence – has become a relevant topic for many industries to counteract intentional ta…
p.5
The guideline addresses suppliers of food and non-food products (non-food products as detailed in the Standards IFS HPC…
p.5
There is currently no comprehensive or explicit regulation of product defence at EU level, but since the manufacturer i…
p.5
This guideline has been adapted to the product defence requirements of the current version of IFS Food – IFS Food versi…
p.5
Furthermore, a chapter on cybersecurity has been added, as all external threats related to product defence should be ad…
p.6
2 Definitions and general aspects
p.7
Product and food defence does not have an international harmonised definition but you can find some descriptions and de…
p.7
Product defence in this document comprises all measures by which a product can be protected against tampering or other …
p.7
The aim should be to “prevent food products from intentional adulteration from acts intended to cause wide-scale harm t…
## **IFS Definition of product and food defence**
p.7
## **IFS Definition of product and food defence**
p.7
Procedures implemented to assure the protection of food and non-food products and their supply chain from malicious and…
p.7
The purpose of a product defence procedure and plan is to identify, prevent or mitigate and monitor possible sources of…
## **2.1 General aspects**
p.8
## **2.1 General aspects**
p.8
As specified in the IFS Product Fraud Mitigation Guideline, product fraud mitigation and product defence have the same …
p.8
Nonetheless, similarities can be seen within the approach to address product/food defence and fraud (see Figure 3).
## **Food safety, food defence and food fraud – differences and common assessment method**
p.8
## **Food safety, food defence and food fraud – differences and common assessment method**
p.8
Source: TQCS International
## FIGURE 3 **Similarities within the approach of food fraud and food defence**
p.9
## FIGURE 3 **Similarities within the approach of food fraud and food defence**
p.9
IFS recommends the TACCP method for product and food defence (while VACCP applies to food fraud mitigation). This appro…
p.9
Detailed explanations concerning IFS Food Fraud Requirements can be found in the IFS Product Fraud Mitigation Guideline.
p.9
**TACCP:** “Threat Assessment and Critical Control Points” analyses threats such as deliberate contamination of food, s…
p.9
**VACCP: “** Vulnerability Assessment and Critical Control Points” to identify vulnerabilities for a food business due …
## Example of a product defence assessment 3
p.10
## Example of a product defence assessment 3
## **3 EXAMPLE OF A PRODUCT DEFENCE ASSESSMENT**
p.11
## **3 EXAMPLE OF A PRODUCT DEFENCE ASSESSMENT**
p.11
IFS does not define what the product defence procedure and plan should entail. The company is free to develop its own t…
p.11
Figures 4–8 show the TACCP method **as an example** for a product/food defence assessment. (Adapted from Source: TACCP/…
p.11
FIGURE 4 **Approach of TACCP method**
p.11
**1. Who might Review current Define risk levels Develop and want to attack TACCP measures (normal/high/ evaluate your…
p.11
- **Audit and review**
p.12
FIGURE 5 **Examples for impact assessment criteria**
p.12
FIGURE 6 **Examples for likelihood assessment criteria**
p.13
FIGURE 7 **Example for risk scoring matrix for personnel**
p.13
FIGURE 8 **Example for development of mitigation measures for potential attackers**
p.14
Once the organisation identifies product/food defence threats and vulnerabilities, appropriate control measures shall b…
p.14
Records are evidence of effective implementation and provide information about the extent to which the product defence …
p.14
In some cases, a site registration is mandatory in different countries (e. g. Bioterrorism Act and the FDA registration…
p.14
While conducting the product defence assessment, different factors should be considered. These may include:
p.14
- **Accessibility to the production site:**
p.14
- Surroundings and construction/design of the production site
p.14
- Contract and temporary employees may be a major risk
p.14
- Accessibility to Information Technology (IT), Operational Technology (OT), (manipulability of production settings and…
p.14
- **The characteristics of some products and processes may make them more vulnerable to intentional adulteration than o…
p.14
- Production batch size
p.14
- Variety of products and processes
p.14
- Accessibility to the product.
p.14
- **Situational factors could increase the risk of intentional adulteration. Such factors include:**
p.14
- Disgruntled employees
p.14
- National, political, business, personal, or other differences
p.14
- Changes in organisational culture
p.14
- Economic disruption / financial gain
p.14
Tests of the effectiveness of the existing product defence measures can be performed internally or with the help of ext…
## **Checklist for internal use on site**
p.15
## **Checklist for internal use on site**
p.15
Are doors, windows and roof areas kept secure (e. g. security doors or access with chip cards in critical areas)?
p.15
- Is a perimeter fence or wall necessary? If a perimeter fence or wall exists, is it in good condition?
p.15
Is the access of people and vehicles controlled?
p.15
Are there backup sources of critical utilities, such as electrical, water, information technology (computer data), and …
p.15
How are bulk receiving and storage areas secured (a responsible person from the receiving party should be present durin…
p.15
Are surveillance methods utilised — such as cameras, staff supervision, or security services?
p.15
Are hazardous materials or controlled substances managed (e. g. chemicals like cleaning agents, acids, lye, flammable l…
p.15
Is staff access limited to appropriate work location, job function and working hours?
## **Shipping and Receiving**
p.15
## **Shipping and Receiving**
p.15
Are transportation vessels sealed/locked properly and are seals traceable?
p.15
Do drivers provide appropriate credentials and documentation (e. g. plot number)?
p.15
Are transportation service providers part of the supplier approval program?
p.15
Are water, ice and steam sources secure and monitored?
p.15
Are all raw materials secured and monitored when not in use?
p.15
Are packaging materials and product labels and seals (if applicable) controlled?
p.15
Are personal background checks necessary or performed, if allowed by law?
p.15
Has the potential for retaliatory actions by terminated/previous employees been assessed?
p.15
Are personnel supervised? Are cameras allowed?
p.15
Are employees trained in food/product defence awareness and identifying/reporting unusual or suspicious behaviour?
p.15
Is there a policy addressing personal items/legal or illegal weapons and drugs?
p.15
Are cyberthreats continously identified?
p.15
Are these threats effectively controlled?
p.16
4 Food and product defence requirements in IFS Standards
## **4 FOOD AND PRODUCT DEFENCE REQUIREMENTS IN IFS STANDARDS**
p.17
## **4 FOOD AND PRODUCT DEFENCE REQUIREMENTS IN IFS STANDARDS**
## **4.1 Explanation of IFS Food Defence Requirements**
p.17
## **4.1 Explanation of IFS Food Defence Requirements**
p.17
This chapter contains background information and suggestions for implementing certain requirements of the IFS Food Stan…
## **4.1.1 Responsibilities and training**
p.17
## **4.1.1 Responsibilities and training**
## **Requirement 4.21.1, IFS Food version 8**
p.17
## **Requirement 4.21.1, IFS Food version 8**
p.17
The responsibilities for food defence shall be defined. The responsible person(s) shall have the appropriate specific k…
p.17
It is essential that the product/food defence team has a solid knowledge about potential threats in all areas and how t…
p.17
If applicable (if food defence is legally required in the production and destination countries of products), there shou…
p.17
“The responsible person(s)” could be a team or one person.
p.17
In the case of a team, this team should include cross functional employees from all levels within the organisation. The…
## **Requirement 3.3.4, IFS Food Version 8**
p.18
## **Requirement 3.3.4, IFS Food Version 8**
p.18
The contents of training and/or instruction shall be reviewed and updated when necessary. Special consideration shall b…
p.18
- product authenticity, including food fraud
p.18
- food related legal requirements
p.18
- product/process modifications
p.18
- feedback from the previous documented training/instruction programs.
p.18
If specific food defence legislation is applicable in the production and destination countries of products, there shoul…
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.18
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.18
- **1** Who is accountable for the food defence procedure and plan?
p.18
- **2** What are the competence and qualifications demonstrated by the person(s) responsible for the food defence proce…
p.18
- **3** Was this communicated to the members of the company? How?
p.18
- **4** Is food defence included in trainings and instructions?
## **4.1.2 Food defence procedure and plan**
p.18
## **4.1.2 Food defence procedure and plan**
## **Requirement 4.21.2, IFS Food version 8**
p.18
## **Requirement 4.21.2, IFS Food version 8**
p.18
A food defence procedure and plan shall be documented, implemented and maintained to identify potential threats and def…
p.18
- identification of critical areas and/or practices and policy of access by employees
p.18
- visitors and contractors
p.18
- how to manage external inspections and regulatory visits
p.18
- any other appropriate control measures.
p.19
It is essential to gain a broad overview of all applicable threats to develop an effective food defence procedure and p…
p.19
All measures should aim to control the identified threats to minimise the probability of adverse effects to the product…
## **HOW / WHAT THREATS?**
p.19
## **HOW / WHAT THREATS?**
p.19
The following four step approach can be considered the backbone of a structured threat analysis:
p.19
- **1** threat identification,
p.19
- **2** threat characterisation,
p.19
- **3** exposure assessment, and
p.19
- **4** characterisation of occurrence probability.
p.19
All threats should be compared with historical and anticipated events, to evaluate the forementioned four iterative ste…
p.19
It is recommended to use checklists and/or software to map the threats and determine the level of risk for each threat.…
p.19
- People who oversee processes, packaging, transportation and warehousing, and therefore **gain access to critical info…
p.19
- People who have access to the premises and are able to **adulterate the product without being discovered** . If there…
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.19
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.19
- **1** What legal/customer food defence requirements are applicable to the company?
p.19
- **2** How can the company demonstrate compliance with such requirements?
p.19
- **3** How are external visits managed?
p.19
- **4** Which details were recorded during the last official visit?
## **4.1.3 Site security**
p.20
## **4.1.3 Site security**
p.20
There are many ways to manage threats and many types of situations that create a risk of unauthorised access. Examples …
p.20
Specific attention should be paid to easily accessible raw materials, intermediate and finished products, chemicals (cl…
p.20
Controls for incoming and outgoing goods such as seals and labels can provide additional security. The seals should be …
p.20
According to requirement 4.21.2 the **identification of critical areas/practices, access policies for employees, visito…
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.20
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.20
- **1** Based on the food defence procedure and plan, what areas have been identified as critical?
p.20
- **2** What control measures are in place in order to control access to those areas and other premises?
p.20
- **3** Does the policy of access include the following people?
p.20
- Temporary employees
p.20
- 4 Are records available which provide evidence that all visitors and contractors have received the necessary introdu…
## **4.1.4 Review and test of effectiveness**
p.20
## **4.1.4 Review and test of effectiveness**
## **Requirement 4.21.3, IFS Food Version 8**
p.20
## **Requirement 4.21.3, IFS Food Version 8**
p.20
The food defence plan shall be tested for effectiveness and reviewed at least once within a 12-month period or whenever…
p.21
Due to the nature of products and the high volatility of potential threats, it is essential to review the food defence …
p.21
A food defence plan for the implementation of the identified control measures will help the organisation in defining th…
p.21
The food defence plan should be an established part of the internal audit process.
p.21
Once the plan is implemented, identified vulnerabilities controlled and deficiencies rectified, it is time for the revi…
p.21
Tests of effectiveness can be performed internally or with an external service provider. FDA provides the Food Related …
p.21
**The exercise process as a P-D-C-A cycle (plan – do – check – act)**
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.22
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.22
- **1** How often is a review of the food defence plan performed?
p.22
- **2** What criteria does the company consider when determining the frequency of the assessment of threats and their l…
p.22
- **3** When was the last test of effectiveness carried out? Internally or externally?
p.22
- **4** Has any incident or attack taken place since the last audit? How was it managed?
p.22
- **5** How is recurrence prevented?
## **4.1.5 Commitment of the senior management**
p.22
## **4.1.5 Commitment of the senior management**
## **Requirement 1.2.5, IFS Food Version 8**
p.22
## **Requirement 1.2.5, IFS Food Version 8**
p.22
The senior management shall maintain a system to ensure that the company is kept informed of all relevant legislation, …
## **Requirement 1.3.1, IFS Food Version 8**
p.22
## **Requirement 1.3.1, IFS Food Version 8**
p.22
The senior management shall ensure that the food safety and quality management system is reviewed. This activity shall …
p.22
- a review of objectives and policies including elements of food safety culture
p.22
- results of audits and site inspections
p.22
- positive and negative customer feedback
p.22
- food fraud assessment outcome
p.22
- food defence assessment outcome
p.22
- status of corrections and corrective actions
p.22
- notifications from authorities.
p.22
The senior management is committed to include product defence into the existing management system because product defen…
p.23
The company should be kept up to date with the current risks in the area of product defence at all times. Furthermore, …
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.23
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.23
- **1** How is the company kept up to date with regard to product defence risks?
p.23
- **2** Did the last management review identify a need for investment in product defence?
## **4.2 Explanations of the IFS HPC Product Defence Requirements**
p.23
## **4.2 Explanations of the IFS HPC Product Defence Requirements**
p.23
In this chapter the IFS HPC Product Defence Requirements are explained. The interpretation is exemplarily and can be tr…
## **4.2.1 Responsibilities**
p.23
## **4.2.1 Responsibilities**
## **Requirement 4.18.2, IFS HPC version 3**
p.23
## **Requirement 4.18.2, IFS HPC version 3**
p.23
The responsibilities for product defence shall be defined. The responsible person(s) shall have full commitment from th…
p.23
A product defence team (it could be a person or a team) shall be established, which is accountable to the facility mana…
p.23
The team should be interdisciplinary within the organisation (if applicable). The members/person should have appropriat…
p.23
It is recommended to include the review of the product defence plan in the annual senior management review.
p.24
**Questions that the auditor should ask and the company should be able to provide an answer to:**
p.24
- **1** Who is accountable for the product defence procedure and plan?
p.24
- **2** What competences and qualifications are demonstrated by the person(s) responsible for product defence?
p.24
- **3** What is the position of the person(s) responsible for product defence with respect to the senior management tea…
p.24
- **4** How does senior management support the person(s) responsible for product defence?
p.24
- **5** Where are the responsibilities clearly defined?
p.24
- **6** Was this communicated to the members of the company? How?
## **4.2.2 Product defence procedure and plan and review**
p.24
## **4.2.2 Product defence procedure and plan and review**
## **Requirement 4.18.1, IFS HPC version 3**
p.24
## **Requirement 4.18.1, IFS HPC version 3**
p.24
A product defence procedure and plan shall be implemented in relation to assessed threats. This shall encompass a minim…
p.24
- identification of critical areas and/or practices and policy of access by employees, visitors and contractors,
p.24
- transport vehicles,
p.24
- legal requirements, if applicable,
p.24
- any other appropriate control measure.
p.24
The product defence plan shall be well known and established in the company and shall be reviewed annually and upon cha…
p.24
The company shall perform an assessment of the relevant threats and implement a product defence procedure and plan, wit…
p.24
IFS does not define what kind of assessment/procedure should be chosen. The company is free to develop its own tools/pr…
p.24
Regardless of the applied procedure and plan, all relevant security aspects of the location shall be taken into account…
p.24
As a result of this product defence assessment with regard to threats and their likelihood, the conditions under which …
p.25
Furthermore, it is important that the senior management has identified which personnel have access to certain areas and…
p.25
Reviewing and verifying, at least annually or upon changes is necessary to ensure the effectiveness of the site securit…
p.25
The procedure and plan should be revised accordingly and detailed information should be kept confidential.
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.25
## **Questions that the auditor should ask and the company should be able to provide an answer to:**
p.25
- **1** Based on the product defence assessment of threats and their likelihood, what areas have been identified as cri…
p.25
- **2** What control measures are in place to control access to those areas?
p.25
- **3** How does the company maintain control over who enters the premises and critical areas?
p.25
- **4** What access controls are applicable to the following groups of people?
p.25
- Temporary employees
p.25
- **5** Are visitors and contractors informed of the product defence rules and their scope while on company premises?
p.25
- **6** Does the company have the defined means to ensure that contractors who will spend a long time inside the plant …
p.25
- **7** Are there controls to ensure that truck drivers who load or unload products/materials are restricted to defined…
p.25
- **8** If contractors and visitors are provided with access keys, are those keys programmed to limit access to specifi…
p.25
- **9** Are access controls updated at the time of termination of an employee or when work is finished on the part of a…
p.25
- **10** What legal/customer product defence requirements are applicable to the company?
p.25
- **11** When was the last review, what was checked and what had to be adapted?
## **4.3 Overview on product defence in further IFS Standards and Programs**
p.26
## **4.3 Overview on product defence in further IFS Standards and Programs**
p.26
The requirements for product defence are most comprehensively addressed in IFS Food due to the handling of open product…
p.26
The requirements for product defence in IFS Logistics are similar to those of IFS Food version 8. The focus of product …
p.26
The IFS Broker Standard has very basic requirements related to product defence since there is no physical handling of t…
## **IFS Wholesale/Cash & Carry**
p.26
## **IFS Wholesale/Cash & Carry**
p.26
The IFS Wholesale/Cash & Carry version 2 also relates to food processing and handling.
p.26
The requirements are therefore similar to those in the IFS Food Standard and the interpretation can be transferred.
## **// Overview on product defence in further IFS Standards and Programs**
p.27
## **// Overview on product defence in further IFS Standards and Programs**
p.27
The requirements for product defence in IFS PACsecure version 3 are similar to IFS HPC and the interpretation can be tr…
## **IFS Progress Food**
p.27
## **IFS Progress Food**
p.27
The IFS Progress Food Program helps food suppliers to gradually establish comprehensive processes for food safety and q…
p.27
Please find an overview of the detailed product defence requirements of IFS Standards in annex.
p.28
Cybersecurity and 5 product defence
## **5 CYBERSECURITY AND PRODUCT DEFENCE**
p.29
## **5 CYBERSECURITY AND PRODUCT DEFENCE**
## **5.1 Introduction**
p.29
## **5.1 Introduction**
p.29
Given the tendency of food companies to introduce digital technologies throughout the food supply chain and the importa…
p.29
In the EU, Directive (EU) 2022/2555, also called NIS2 Directive, takes account of the fact that a common cybersecurity …
p.29
Also, ISO 22000 gives cybersecurity relevance within the food/product safety management system. According to this gener…
p.29
**Industry 4.0 refers to the intelligent networking of machines and processes for industry with the help of information…
p.29
Due to the ever-increasing importance of IT/ICT solutions and the complicated geopolitical situation that increases the…
p.29
- What should be protected? (5.3)
p.29
- What are the dangers and possible risks? (5.4)
p.29
- Implementation of Incident Response Management (5.5)
p.29
- Role of the product safety management (5.6)
p.29
The chapter “Cybersecurity and product defence” is intended to provide basic knowledge on the topic and is aimed both a…
## **5.2 Definitions**
p.30
## **5.2 Definitions**
p.30
The term cybersecurity is defined in this chapter as follows: “Cybersecurity is the stable environment that ensures and…
p.30
The aim is to raise awareness and help companies integrate cybersecurity measures, for example through incident respons…
p.30
- **Cybersecurity:** Preservation of confidentiality, integrity, and availability of information in the cyberspace. (IS…
p.30
- The ISO 27001 defines cybersecurity as the art to protect networks, devices, and data from unauthorised access or cri…
p.30
(Source: CISA – American Cybersecurity and Infrastructure Security Agency).
p.30
- **Information technology (IT)** focuses on data and communication. IT comprises the use of hardware and software to m…
p.30
(Source: GARTNER DEUTSCHLAND GMBH [online]: Operational Technology. 2022).
p.30
- **Operational technology (OT)** focuses on the management and control of physical devices existing and operating in t…
p.30
- **Information and communication technology (ICT)** is defined as a diverse set of technological tools and resources u…
p.30
(Source: (UNESCO’s International Institute for Educational Planning, learningportal.iiep.unesco.org, 2009)
## **5.3 What should be protected?**
p.31
## **5.3 What should be protected?**
p.31
This question is crucial as the relevance and sensitivity of the data and what it should be protected against must be c…
p.31
To have an overview, it is recommended to develop an up-to-date list of all assets, including details on device connect…
p.31
After completing the inventory and identifying the assets, a risk assessment can be performed for specific assets to id…
p.31
Applying current standards like ISO 27001, ISO 22301 and IEC 62443 (IEC – International Electrotechnical Commission) he…
## **5.4 What are the dangers and possible risks?**
p.31
## **5.4 What are the dangers and possible risks?**
p.31
With increasing possibilities and growing technical dependency on digital networks, the number of cyberattacks is also …
p.31
Convergence (merging) of IT and OT networks can make it more difficult to control them efficiently and can lead to majo…
p.32
Although external threats to OT are rare, internal threats should not be neglected. Food and non-food product safety ca…
p.32
FIGURE 10 **Connection of IT, OT, IoT, IIoT and the respective devices**
p.33
Industry-safe and -secure cybersecurity respects the differences between IT and OT environments, and thus the use of pr…
p.33
European Union Agency for Cybersecurity (ENISA) has sorted threats into eight groups (Source: ENISA, October 2022). The…
p.33
- Social engineering / Phishing
p.33
- Threats against data
p.33
- Threats against availability
p.33
- Disinformation – misinformation (AI-enabled disinformation, deepfakes and disinformation-as-a-service)
p.33
- Supply chain targeting (third-party incidents)
p.33
While the company’s internal cybersecurity system is crucial for the first 5 threats, the key actions against disinform…
p.33
To complete the list of possible threats, Paragraph 79 of Directive (EU) 2022/2555 recommends “to protect network and i…
## **5.5 Implementation of Incident Response Management**
p.33
## **5.5 Implementation of Incident Response Management**
p.33
Incident Response Management is one of the most effective ways to minimise the damage of a cyberattack. It not only pre…
p.34
In addition, conducting exercises and tests (e. g. security tests, attack scenarios) is of great importance, as further…
p.34
FIGURE 11 **Approach of Incident Response Management**
p.34
- **1 PREPARATION 2 IDENTIFICATION 3 CONTAINMENT 4 EXTINCTION 5 POST-INCIDENT** • List of all assets Origin and target …
p.34
Source: based on BOSCH CyberCompare Whitepaper: Schnell und entschieden auf Cyberattacken reagieren: So gelingt das Inc…
p.34
The application of common risk management practices is useful to identify the weakness in product safety related system…
## **5.6 Role of the product safety management**
p.35
## **5.6 Role of the product safety management**
p.35
The responsibility for implementing an effective cybersecurity system does not lie primarily with the product safety ma…
p.35
1. Identify IT intensive, vulnerable systems
p.35
2. Identify possible hazards linked to product safety and communicate them to the IT department.
p.35
3. Continuously review the cyberthreats, and the response from the IT department, to assure compliance with the product…
p.35
Conducting IT/cybersecurity assessments or managing those systems is not the task of the product safety management. Rat…
## **5.7 Conclusions**
p.35
## **5.7 Conclusions**
p.35
Cyberthreats are becoming more of a challenge and may affect all areas of production and food safety. Implementing an I…
p.35
The objectives here should be:
p.35
- To bring IT security up to a state of the art standard, for which sufficient resources are provided
p.35
- Create an inventory of assets to be protected
p.35
- Exercises and security tests
p.35
- Take into account recommendations from national authorities (e. g. BSI in Germany) on IT-OT separation
p.35
- Identify interfaces
p.35
- Develop and manage further measures.
## **Questions to be asked:**
p.36
## **Questions to be asked:**
p.36
- Is cybersecurity addressed as a risk in the management system next to product safety, product defence and product fra…
p.36
- Which vulnerable points have been identified in the process flow, where cyberattacks are possible and which could lea…
p.36
- How is it ensured that cyberthreats, which could lead to compromised product safety or quality, are under control?
p.36
- Are staff trained on cyberthreats?
p.36
- Is traceability according to legal and, if applicable, customer requirements, ensured at any time, also in case of a …
p.36
- In the event of changes in the process flow; is the risk assessment updated with regard to cybersecurity and product …
p.36
- What cyber incidents have been registered (recorded) in the organisation recently? How were they dealt with?
## **Product Defence Requirements in IFS Standards**
p.38
## **Product Defence Requirements in IFS Standards**
p.38
**IFS Food 8, IFS HPC 3, IFS Logistics 3, IFS Broker 3.2, IFS Cash & Carry 2, IFS PACsecure 3, IFS Progress Food 3**
p.38
food fraud assessment outcome • product fraud assessment<br>• food defence assessment outcome outcome<br>• compliance i…
p.40
**// Product Defence Requirements in IFS Food 8, IFS HPC 3, IFS Logistics 3, IFS Broker 3.1, IFS Progress Food 3, IFS C…
p.40
control • visitors and contractors<br>measures measure. • how external inspections and<br>The product defence plan shal…
p.41
appropriate<br>for effectiveness. control measures.<br>6.1.1.2 If legislation makes registration 4.21.3 A product defen…
p.43
The IFS publishes information, opinions and bulletins to its best knowledge, but cannot take any responsibility for any…
p.43
The owner of the present document is:
p.43
**IFS Management GmbH Am Weidendamm 1 A 10117 Berlin Germany**
p.43
Managing Director: Stephan Tromp AG Charlottenburg HRB 136333 B VAT-N°: DE278799213
p.43
Bank: Berliner Sparkasse IBAN number: DE96 1005 0000 0190 0297 65 BIC- / Swift-Code: BE LA DE BE
p.43
All rights reserved. All publications are protected under international copyright laws. Without the expressed written c…
p.43
No translation may be made without official permission by the document owner.
p.43
The English version is the original and reference document.
p.43
**The IFS Documents are available online via: www.ifs-certification.com**
## **ifs-certification.com**
p.44
## **ifs-certification.com**