Professional Documents
Culture Documents
PAS 96:2008
Defending food
and drink
Guidance for the deterrence, detection and defeat of
ideologically motivated and other forms of malicious
attack on food and drink and their supply arrangements
Contents
Page
ii .......................... Foreword
iii .......................... Rationale and purpose
iv .......................... Introduction
1 .......................... 1 Scope
5 .......................... 5 Presumptions
16 .......................... Annexes
16 .......................... Annex A (informative) Organization of the key sources of advice and information
18 .......................... Annex B (informative) Guidance for specific parts of the food and drink supply chain
20 .......................... Annex C (informative) Defending Food: A food and drink defence checklist
22 .......................... Bibliography
Foreword
This Publicly Available Specification (PAS) has been developed by the Centre for the
Protection of National Infrastructure (CPNI) in collaboration with The British Standards
Institution (BSI).
Acknowledgement is given to the following Wider comments from other parties were invited by
organizations that were consulted in the development BSI. The expert contributions made from organizations
of this specification: and individuals consulted in the development of this
• Arla Foods PAS are gratefully acknowledged.
• Associated British Foods
This PAS has been prepared and published by BSI,
• Baxters Food Group which retains its ownership and copyright. BSI reserves
• Cranfield University the right to withdraw or amend this PAS on receipt
• Dairy UK of authoritative advice that it is appropriate to do so.
This PAS will be reviewed at intervals not exceeding
• Defra
two years, and any amendments arising from the
• Food and Drink Federation review will be published as an amended PAS and
• Food Standards Agency publicized in Update Standards.
• Gate Gourmet
This PAS does not purport to include all the necessary
• J Sainsbury
provisions of a contract. Users are responsible for its
• Kellogg correct application.
• London South Bank University
• Marks and Spencer Compliance with this Publicly Available Specification
does not of itself confer immunity from legal
• Muller Dairy
obligations.
• National Farmers Union
• Scottish Food and Drink Federation This Publicly Available Specification is not to be
• Waitrose regarded as a British Standard.
The food and drink industry in the UK – the food existing protocols. PAS 96 recommends a team
sector of the national infrastructure – could be under approach, as that is typically the best way of bringing
threat from ideologically motivated groups. The threat relevant expertise together; however it is recognized
extends that from criminals who use extortion and that for many, particularly small enterprises, this may
from individuals with a grudge. It is different in nature have to be a team of one person.
from the (natural) hazards which the industry is well
versed in handling. The threat is unlikely to decline In contrast to many standards, PAS 96 is not seen as
in the foreseeable future. PAS 96 provides broad an external audit tool. The principle of proportionality
guidelines to industry operators which should help means that different operations within even a single
them assess (see Clauses 6 and 7) and reduce (see business may come to very different assessments of
Clauses 8 to 13 and Annex B) the risk to their its implications. It may be reasonable for a customer
businesses and to mitigate (see Clause 14) the to ask its supplier if it is familiar with the guidelines
consequences of an attack. of PAS 96, and to ask if it has implemented the
(proportionate) steps which it judges necessary, but not
Broad guidelines should be interpreted as precisely to require specific action on each individual paragraph.
that. They are broad because managers will have
specific knowledge of the specialist detail of their PAS 96 is written in a UK context and invites operators
businesses which would not be appropriate for a to view the guidelines in the context of the legislative
document such as this, and because specific requirements of the UK. It does not consider
information may be of help to an intending criminal. application internationally, but operations may find
They are guidelines and not requirements because a some of the approaches helpful and are welcome to
key feature of PAS 96 is ‘proportionality’. The risk make whatever use they feel appropriate.
is different for different businesses, for different
operations, and for different products. It is therefore In summary, PAS 96 provides some approaches to
implicit that different risk assessments will result in the developing problem of malicious attack on the
different action plans proportionate to an individual food and drink industry. Its provisions should be
situation, and indeed in some cases to a legitimate both practical and proportionate, and should help
decision to take no specific action. businesses deter potential attackers. BSI and CPNI
welcome feedback on the structure, format and
To make the guidelines as sensible and as accessible as provisions of PAS 96, and especially of omissions which
possible, PAS 96 is deliberately written to integrate the readers perceive or revisions which they feel necessary.
reasoning behind a provision with the provision itself.
It tries to use language familiar to the industry without
continual definition, and it tries to balance conciseness
and comprehensiveness by making sensible references
to other sources of information. Some repetition has
been accepted where emphasis has been needed or to
improve readability.
Introduction
Businesses within the food and drink industry are well versed in the processes needed
to make safe, wholesome, nutritious and palatable food available to customers.
Removal of contamination from raw food sources, processing to make them
consumable, and managing distribution to avoid recontamination and spoilage are at
the heart of the modern food industry. Hazard Analysis Critical Control Point (HACCP)
methodology has proved invaluable in controlling adventitious hazards which are
based on the environmental and biological nature of food and which are essentially
random in character.
The public and businesses within the food and drink management and traceability. In the interests of
sector now face a different threat – that of malicious conciseness, their content is outlined in this PAS
attack, especially by ideologically motivated individuals and references are given for further reading in
and groups. This threat will manifest in a way which the bibliography. Food and drink supply requires
reflects the motivation and capability of these people. appropriate energy and water services and an effective
It will not follow the statistically random, and telecommunications and transport infrastructure,
therefore predictable patterns of familiar ‘hazards’ therefore reference is given to authoritative guidance
so the established HACCP approach might not work to protective security in these areas.
without modification.
Food safety legislation plays a key part in protecting
This document seeks to inform all those involved in consumers from unsafe or unfit food. Food businesses
the food and drink industry of the nature of this are responsible for ensuring that the food meets food
threat, to suggest ways of deterring attack and to safety requirements. Full adoption of the guidance
recommend approaches that will mitigate the effect given in this PAS cannot prevent a malicious attack;
of an attack should it happen. The interpretation of but it should make such an attack less likely and the
the guidance depends on the individual judgement impact less traumatic.
of business managers. Action taken by any business
should be proportionate to the threat faced by that
business and the document points to approaches to
assess this threat. The provisions of this PAS are not
designed to be used as an audit tool as different
organizations will make different assessments of
threat, vulnerability and impact, and will implement
different practices to defend the food they handle
and the supply arrangements which they use.
1 Scope
This PAS provides guidance to food businesses of all 2.3 product security
sizes and at all points in the food supply chain – from techniques used to make food products resistant to
farm to fork and beyond (see Figure 1). It provides contamination or misuse including tamper evident
guidance on approaches to the protection of their closures and lot marking
business from all forms of malicious attack including
ideologically motivated attack and to procedures to 2.4 personnel security
mitigate and minimize the impact of such an attack.
procedures used to confirm an individual’s identity,
It is intended to be of particular use to managers of
qualifications, experience and right to work, and to
small and medium sized food enterprises who may
monitor conduct as an employee or contractor
not have easy access to specialist advice.
NOTE Not to be confused with ‘personal security’.
Food businesses will be able to use the guidance in the
context of an effective Hazard Analysis Critical Control 2.5 electronic security
Point (HACCP) based food safety management regime. procedures used to protect electronic systems from
This PAS assumes and builds on effective operation of sources of threat, such as malware and hackers, intent
HACCP protocols. on misusing them, corrupting them or putting them
out of use
Tamper-evident closure
Upstream
Water Distribution
Product
assembly
Storage
Agri-Chemicals
Retail
Seed-Crops
Farming
Artificial
Primary
insemination Customer Food Service
ingredients
manufacture
Materials
Fishing
Waste
Consumer
disposal
Packaging
Downstream
5 Presumptions
Successful attacks on operations ‘downstream’ (food Good product security builds on sound food safety
service outlets or retail stores) are likely to have limited practices to remove, prevent and detect adventitious
scope in terms of geographical area, number of cases contamination. Further information on good practice
or product type but could have traumatic impact in this area can be found in Assured Food Standards
(illness or even death). The Oregon State attack [2], in Good Manufacturing Practice: A Guide to its
illustrates such an incident (see Clause 3 Case Study A). Responsible Management [3] and the FSA’s Preventing
and Responding to Food Incidents [4]. Businesses
‘Upstream’ businesses such as farms would be damaged should have hygienic operations and use HACCP as
economically by an effective attack that made large an integral part of quality management systems.
tracts of land unproductive. Manufacturers could suffer They should operate in line with recognized industry
significant damage to brand reputation and there is standards such as the British Retail Consortium’s Global
also the potential for casualties to occur although such Standard for Food [5] or BS EN ISO 22000:2005, Food
an attack may prove more difficult than ‘downstream’ safety management systems. Requirements for any
scenarios. The Sudan 1 incident in 2005 (see Case Study organization in the food chain. Smaller companies
C) illustrates the point of economic loss. may find The Safe and Local Supplier Approval Scheme
(SALSA) [6] useful.
NOTE Details of other industry standards are given in
Case Study C: the bibliography.
In February and March 2005 more than 500 food
products were withdrawn from sale in the UK Positive management policies should be in place to
because of contamination with an illegal dye, control fire risks and health and safety issues. Crime
Sudan 1. The pigment was present in chilli powder prevention should be an on-going concern. Generic
sourced from overseas. The chilli powder had been guidance on crime prevention by design of premises
used directly as an ingredient and in compound is available from the Police [7]. It is recommended
products such as Worcestershire Sauce which were that management of food defence is the specific
themselves used as ingredients in more complex responsibility of a nominated officer with the
products. necessary authority.
The threat assessment and mitigation procedure can normally be generic to a specific production line
8.2 Systems for control of temporary staff disruptive or to overlook disruptive behaviour of
The same requirements apply to temporary staff as others. They should encourage the development of
apply to permanent employees. Temporary staff from an operational team spirit to encourage both loyalty
recognized agencies may be treated like contractors to the operation and the reporting of unusual
for security purposes. employee behaviour.
To control and monitor the use of casual and Managers should be aware that both they and trusted
sub-contract staff the company should consider staff are open to coercion or deception by those of a
adjusting contracts to give them the power to malicious disposition and should give thought to how
externally audit recruitment and screening processes unusual behaviour should be managed.
of supplier staff deployed on their contract.
At the time of publication of this PAS, CPNI was
8.3 Building employee inclusiveness formulating advice on on-going personnel security.
Visible and comprehensive perimeter fencing may act Rising bollards can control traffic
as a deterrent to intruders, and an associated alarm
system can give indication should intrusion take place.
Advice on the specification of perimeter fencing 9.2 Access for motor vehicles
depends upon operational requirements provided by Entry to vehicles on essential business should be
the threat assessment. Unauthorized access may be through monitored access points. Approach roads
monitored using CCTV and security guarding, given which minimize the speed of the vehicle and maximize
a suitable external lighting system. the opportunity for inspection and rejection would
be helpful.
Perimeter controls should also consider site situation
(roads, waterways, other buildings, planning Consideration should be exercised in site planning
constraints) as well as technological issues like pest and maintenance. Access to and from the site should
control. Perimeter controls should be viewed as a be clear and able to be surveyed. Excess foliage should
whole so that weakness in one part does not negate be regularly cleared to facilitate total surveillance.
strengths in other parts. Any business contemplating NOTE 1 Guidance on the manufacture and testing of
the development of a new site should build protective hostile vehicle restraint measures (e.g. crashproof barriers)
security considerations into the design process. can be found in PAS 68:2007 Specification for vehicle
security barriers.
NOTE 2 Guidance on traffic calming and the layout and
installation of vehicle restraint measures can be found in
PAS 69: 2006 Guidance for the selection, installation and
use of vehicle security barriers.
protocols, for example to enable remote working, seals using numbered tags assures integrity and
makes operations increasingly open to attack and contributes to product traceability. For ingredients
merits vigorous implementation of security measures. used in only small quantities and for retail packages,
CPNI offers specific advice to the national tamper evidence can initiate quarantine and
infrastructure to help mitigate threats to electronic investigation prior to use.
security [25].
Partially manufactured ‘work in progress’ should be
13.3 Assurance that sources of materials are covered and could be made tamper evident if stored.
reliable and threat aware Finished product packs for retail display should
The integrity of materials supplied to premises is normally be tamper evident.
fundamental to good practice. Operational managers,
in their vendor approval routines (especially for new 13.5 Reception arrangements for materials
suppliers) may want to assure themselves that their All foodstuffs, packaging, and business services should
suppliers are aware of security issues and have taken be treated as quarantined on arrival at Goods-In.
a proportionate approach. Staff should record vehicle details and tamper seal
numbers, and confirm there are no damaged packs
Casual purchases should be subject to strict internal in the consignment.
technical and quality control checks. Casual purchases
should be the exception rather than the norm; care Sensory examination of ingredients and other
should be taken to ensure that casual suppliers do foodstuffs for unusual odours or appearance is
not become permanent suppliers without first being recommended for positive release into materials
subject to appropriate checks and controls. storage.
13.4 Product security – tamper-evident Secure quarantine and disposal of all waste material,
consignments especially printed packaging, is needed to ensure
Where malicious contamination cannot be prevented, that it does not become a source of contamination
tamper evidence provides an important protection or misuse.
against damage and harm. For bulk supplies of
materials including packaging materials, protective 13.6 Quality control arrangements
Managers should concentrate on quality assurance
techniques to defend food and drink, and not rely
on quality control testing. When trying to spot a very
infrequent event which would have dire consequences,
quality control techniques based on sampling are not
sufficiently effective and only 100% examination is
adequate, as used for metal detection. Such
examination would need to be by non-destructive
testing which is not practicable for unpredictable
hazards. Having said that, sensory examination can
be a most useful tool, as many contaminants will
influence the colour, odour, texture or flavour of a
foodstuff at levels at which they do not cause acute
harm. Investigation of incidents can make use of
specialist analysis of hazardous materials, or research
associations that can examine materials against an
established profile and thereby identify discrepancies.
Some routine checks such as chlorination checks of
mains water could indicate sabotage of services.
Annex A (informative)
Organization of the key sources of advice and information
Devolved
administrations
Local resilience Trade
fora associations
Distribution
operators
Food Standards
Agency
CPNI
Defra
Devolved Administrations
Manage elements of food and drink defence through:
a) the Scottish Government’s Environmental and Rural Affairs www.scotland.gov.uk
Directorate.
b) the Welsh Assembly Government www.wales.gov.uk
c) the Northern Ireland Administration. www.northernireland.gov.uk
Trade Associations:
Represent corporate members in their individual business areas and
may coordinate continuity planning advice.
Annex B (informative)
Guidance for specific parts of the food and drink supply chain
B.1 Primary producers including agriculture B.4 Food and drink processors and packers
Many of the provisions of Assured Food Standards Highly labour intensive food assembly operators
(the “Red Tractor Scheme”) for agriculture are should recognize their considerable vulnerability to
pertinent to food defence [2]. malicious, ideologically motivated attack. For example,
‘just-in-time’ supply of very short shelf life food
Farmers are strongly advised to maintain effective products can exert great pressure for casual
levels of biosecurity which minimize unnecessary recruitment of staff to fill unskilled vacancies on
contact between animals and between people and packing lines. Should adequate pre-employment
animals. It is recommended that equipment and screening be impossible, employers are advised to
premises be cleaned and disinfected as far as is appoint to lower risk jobs (e.g. handling packaged
practicable. Signs of disease should be reported as food only) under trusted supervision and limit access
early as possible. Guidance on biosecurity can be to a small strictly defined area.
found at www.defra.gov.uk/animalh/diseases/control/
biosecurity/index.htm. Processors and packers of liquid foods including
bottled water will recognize the ease with which
The Gangmasters Licensing Authority [22] aims to contaminants may be dispersed through the product.
curb the exploitation of workers in the agriculture,
horticulture, shellfish gathering and associated Handling of detergents and sanitizers, especially in
processing and packaging industries and offers advice concentrated form, is hazardous and requires skilled
on the use of casual teams of workers. Farmers should trained staff. The potential for misuse makes secure
not assume that members of regulated gangs are storage and effective stock control essential.
necessarily trustworthy.
B.6 Food and drink retailers Being close to point-of-consumption puts employees
Retail outlets are public places and individuals have in food service outlets into a position where they
ready access to food products. NaCTSO has a training could attack the food and see the impact almost
programme (Project ARGUS [29]) which helps retailers immediately
Annex C (informative)
Defending Food: A food and drink defence checklist
Business managers should select Items pertinent and proportionate to their operation, and should add other
Items as indicated by threat assessment and mitigation activity.
11 Monitored access for vehicles? 9.2 31 Unique security tags used on 13.4
consignments?
12 Surveillable perimeter and approach 9.2
roads? 32 Product packages are tamper evident? 13.4
Bibliography
For dated references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
[16] GREAT BRITAIN. The Race Relations Act 1976. [23] Secure Your Fertiliser. The National Counter-
London. The Stationery Office. Terrorism Security Office.
www.secureyourfertiliser.gov.uk
[17] GREAT BRITAIN. The Race Relations Amendment
Act 2000. London. The Stationery Office. [24] SCADA. CPNI.
www.cpni.gov.uk/protectingyourassets/scada.aspx
[18] GREAT BRITAIN. The Rehabilitation of Offenders
Act 1974. London. The Stationery Office. [25] CPNI. Products and Services.
www.cpni.gov.uk/productsservices.aspx
[19] GREAT BRITAIN. The Sex Discrimination Act
1975/86. London. The Stationery Office. [26] Current Threat Level in the UK. Security Service
MI5. www.mi5.gov.uk
[20] GREAT BRITAIN. The Sex Discrimination (Gender
Reassignment) Regulations 1999. London. The [27] The Meat Hygiene Service.
Stationery Office. www.food.gov.uk/foodindustry/meat/mhservice
[21] GREAT BRITAIN. Sex Discrimination (Indirect [28] The Road Haulage Association.
Discrimination and Burden of Proof) Regulations www.rha.org.uk/security-services/road-haulage-
2001. London. The Stationery Office. management-security-advice
[22] The Gangmasters Licensing Authority. [29] Project Argus. Protecting Against Terrorist Attack.
www.gla.gov.uk www.nactso.gov.uk/argus.php