A new version of PAS 96 has been published on 28th of May 2026, replacing PAS 96:2017. RQA experts were invited to comment on the draft of the new version. The TACCP approach is widely used by food businesses around the world to improve their resilience and response mechanisms to malicious and deliberate attack. The new guide is 71 pages in length compared to the previous edition’s 48 pages showing the increased emphasis on these threats to food businesses.
Here are a few highlights of the new edition:
- There is a revised definition of food defence that changes “…procedures adopted to assure the security of food and drink…” to “…procedures adopted to protect food and drink…”. This is a subtle change, but focuses on the more pro-active “protect”.
- Food protection – a more comprehensive definition covering the global food system from a range of threats.
- Food supply chain is now referred to as the “food supply network”, better representing the reality of interconnected supply
- A more comprehensive definition of “threat” relating to malicious acts
- The definition of TACCP has been broadened by being less specific about the business areas it addresses.
There are also new definitions for “insider threat”, “mitigation measure”, “product tampering”, “risk”, “seal numbers”, “vulnerability”
Types of threats:
Whilst the 2017 issue had economically motivated adulteration listed as the first threat type, the 2026 document lists intentional adulteration to cause harm (food terrorism) first, followed by cybercrime. Nine years ago, cybercrime was listed 7th on the list of threats – it is now second reflecting the changing nature of threats to food businesses.
Understanding threat actors
“Cyber criminals” are now listed first on the list of threat actors, followed by “the opportunist”, “the extremist”, “the irrational individual” and others.
TACCP process
The TACCP process itself follows a Plan, Do, Check, Act approach. This is a way of presenting the guidance using a well-known management approach. It means that the Application of TACCP is described in a clearer and more intuitive way than the previous edition. Each application and implementation step is briefly described.
Risk assessment
The risk assessment section is presented in a new way explaining approach more than providing a list of possible questions to consider. This requires the TACCP team to think more about threat, risk and impact and therefore should result in a more robust and accurate assessment of risk in the different areas. Tables in the Appendices then provide specific check-based guidance for identifying vulnerabilities and assessing risk.
There are more details linking business continuity plans to the response to a food terrorism incident.
Review
The Review section has greatly expanded to include more factors. For example considering near miss incidents – a very good way of predicting future incidents. As well as consideration of geopolitics, wars and conflicts on food threat levels. Plus details on horizon scanning, food protection culture and continual improvement.
Training
The training requirement has been made much more explicit: “Robust, ongoing food defence training should be provided to all personnel within food businesses.”
Case studies
Finally, real examples of cyber incidents, food fraud and counterfeiting are presented along with fictitious case-study examples to show how the TACCP approach can be followed.
Support with implementation
Please contact RQA to discuss how we can assist you in implementing this updated TACCP and food defence approach as well as for Food Defence training and exercises. Contact us.
Download
PAS 96:2026 is freely available from the British Standards Institute website. It is a bit “clunky” to download but worth it and a very good resource for food businesses and others interested in food business risks. https://knowledge.bsigroup.com/products/food-defence-protection-and-prevention-from-deliberate-acts-guide