Food

Vulnerability Assessment Software

FDA’s Vulnerability Assessment Software tool is a prioritization tool that can be used to assess the vulnerabilities within a system or infrastructure in the food industry. The software program takes companies through questions about their facilities and processes to help them identify vulnerable areas. Companies consider what type of attack is the greatest threat and whether a biological or chemical agent might be used in an attack. The questions center around the flow chart developed by the user for the specific food system to be evaluated. By conducting a vulnerability assessment of a food production facility or process, the user can then focus resources on protecting the most susceptible points in their system.

Download Manufacturing Software - NEW Version 2.4
Vulnerability Assessment Software Quick Start Guide (PDF - 852 KB)
Download Agriculture Software


Frequently Asked Questions

What is the background methodology for the Vulnerability Assessment Software Tool?
How Do Federal Agencies utilize vulnerability assessments in Food Defense?
Why use the Vulnerability Assessment Software tool rather than do face-to-face evaluations?
Who will benefit from using the Vulnerability Assessment Software tool?
What Does The Vulnerability Assessment Software Do?
System Requirements


What  is the background methodology for the Vulnerability Assessment Software Tool?

The FDA’s Vulnerability Assessment Software tool uses the CARVER + Shock methodology, a system originally developed by the U.S. Military to identify areas that may be vulnerable to an attacker. CARVER is an acronym for the following six attributes used to evaluate the attractiveness of a target for attack:

  • Criticality - measure of public health and economic impacts of an attack
  • Accessibility - ability to physically access and egress from target
  • Recuperability - ability of system to recover from an attack
  • Vulnerability - ease of accomplishing attack
  • Effect - amount of direct loss from an attack as measured by loss in production
  • Recognizability - ease of identifying target

    A seventh attribute, Shock, has been added to the original six to assess the combined health, economic and psychological impacts of an attack within the food industry.

The attractiveness of a target can then be ranked on a scale from one to ten on the basis of scales that have been developed for each of the seven attributes. Conditions that are associated with lower attractiveness (or lower vulnerability) are assigned lower values (e.g., 1 or 2), whereas, conditions associated with higher attractiveness as a target (or higher vulnerability) are assigned higher values (e.g., 9 or 10). Evaluating or scoring the various elements of the food sector infrastructure of interest for each of the attributes can help identify where an attack is most likely to occur in that infrastructure. Federal agencies, such as FDA and the Food Safety and Inspection Service (FSIS) of the United States Department of Agriculture (USDA), have used this method to evaluate the potential vulnerabilities of farm-to-table supply chains of various food commodities when conducting face-to-face assessments. The method can also be used to assess the potential vulnerabilities of individual facilities or processes.

The FDA and the USDA adapted this face-to-face assessment methodology to a software tool that can be downloaded and used by any member of the food processing industry to conduct a vulnerability assessment of their facilities and processes. The Vulnerability Assessment Software tool specifically focuses on the Criticality, Accessibility, and Vulnerability attributes. These three attributes help food industry partners identify the vulnerabilities that exist in their specific firm that could potentially be targeted by an attacker who wants to intentionally contaminate the food product with the intent of harming consumers.

How Do Federal Agencies utilize vulnerability assessments in Food Defense?

Federal agencies, such as the Food Safety and Inspection Service (FSIS) and FDA have used the CARVER + Shock method to evaluate the potential vulnerabilities of farm-to-table supply chains of various food commodities, as well as individual facilities or processes. These evaluations are carried out during face-to-face meetings of representatives from a particular segment of the food processing industry and Federal and State food safety agencies, and generally take two to three days. Using a scale from one to ten for each of the attributes, the participants score the "target attractiveness" of each segment, or "node", on a process flow diagram of the commodity or facility being evaluated. Conditions that are associated with lower attractiveness (or lower vulnerability) are assigned lower values (e.g., 1 or 2), whereas conditions associated with higher attractiveness (or higher vulnerability) are assigned higher values (e.g., 9 or 10). The individual scores for each attribute are then added together to give a total score.

Why use the Vulnerability Assessment Software tool rather than do face-to-face evaluations?

Conducting face-to-face vulnerability assessment evaluations is resource-intensive and limiting in terms of the number of evaluations that can reasonably be conducted in any given time frame. Therefore, the FDA sponsored development of the Vulnerability Assessment Software tool that can be downloaded. Having on-line Vulnerability Assessment software that produces results equivalent to those of a face-to-face session allows any member of the food processing industry to conduct a vulnerability assessment of their facilities and processes in a confidential manner.

Who will benefit from using the Vulnerability Assessment Software tool?

The software tool is expected to be used by State and local food security agencies, industrial providers, and food processors with the goal of protecting the nation’s food supply from intentional contamination by helping food firms identify possible vulnerabilities in their system and then mitigate the identified vulnerabilities. The tool is designed for use throughout the food industry and will aid companies in protecting their food products from an attack targeted at their product.

What Does The Vulnerability Assessment Software Do?

The Vulnerability Assessment Software tool mimics the thought processes in play during a face-to-face session by having the user:

  1. Build a process flow diagram for the system to be evaluated.
  2. Answer a series of questions for each process flow diagram node.

Each question has an associated score. Based on the answers given, the software calculates a score for each attribute and sums them to produce a total score for each node. Analogous to a face-to-face session, total scores range from one to ten for each attribute. The user may view the attribute scores and total for each node, the total scores for all nodes, and the attribute scores for all nodes (e.g., all the node Criticality scores, Accessibility scores, etc.)

System Requirements

CARVER software runs on hardware systems with the following minimum performance characteristics:

  • Pentium I processor
  • 256 MB RAM
  • 120 MB available hard disk space
  • CD ROM drive
  • Video card displaying 1280 x 1024 desktop area.

The software is compatible with the following operating systems:

  • Windows NT Service Pack 4
  • Windows 98
  • Windows 2000
  • Windows XP

Page Last Updated: 06/17/2014
Note: If you need help accessing information in different file formats, see Instructions for Downloading Viewers and Players.