What changes in Food Defense with IFS Food v8
IFS Food v8 folds Food Defense into clause 4.21: what it requires, what auditors look for, and the mistakes that trigger the most non-conformities.

The IFS auditor asks for the Food Defense plan and the quality manager retrieves a folder from the office. Inside, a document that a consulting firm wrote three years ago, a half-filled visit sheet, and a threat assessment that no one has touched since the last certification. Until now that file, with luck, made the cut. With IFS Food v8, less and less.
The change is not cosmetic. Version 8 takes Food Defense to the field where it really plays: the plant's operational processes. The auditor no longer reviews it as a separate documentary block; contrasts it as he tours docks, warehouses and production rooms. And there a copied plan does not even survive the first question.
From own chapter to integrated requirement
In IFS Food v7, Food Defense had its own chapter, and many plants treated it as such: a dossier that was prepared separately. In v8 that chapter disappears and the requirements are integrated into the operational processes, concentrated in clause 4.21. The consequence is that the auditor evaluates it together with access, receipt of goods or contract management. If you are also working with BRCGS Issue 9, the equivalent is in its site security clause 4.2; FSSC 22000 addresses this with its additional Food Defense and food fraud requirements, the TACCP/VACCP tandem.
What clause 4.21 requires
The basis remains the same: protect the product against intentional contamination. What v8 makes clear is how to demonstrate it.
- A documented assessment of threats and vulnerabilities, with a TACCP approach: who could attack, where and with what impact.
- A Food Defense plan derived from that evaluation, with measures proportional to the real risk of your plant.
- Defined responsibilities and trained staff, including new hires and night shifts.
- Review at least annually, and whenever there is an incident or a relevant change: a new line, a work, a shift that did not exist before.
Access, visits and contracts: where the audit is decided
Most Food Defense diversions start at the door. Clause 4.21 expects that you have identified critical areas (water tanks, chemical storage, rooms with open product) and that access is restricted to authorized personnel. Visitors and contractors need registration, identification and accompaniment; Carriers should not move around the dock alone. In v8 the auditor checks it on site: see who walks through each door and ask how you would know.
What evidence does the auditor ask for in practice?
The document is only the starting point. In the audit they will ask you for proof that the plan works on a day-to-day basis.
- Access records to critical areas with date and time.
- Complete and signed visit sheets, including those for the night shift.
- Registered Food Defense training, with attendees and content.
- Minutes of the annual review of the threat assessment.
- Result of some simulation or real test of the plan.
The most repeated errors
The errors are almost always the same. And here the usual motto applies: if it is not written, it has not happened. But if it is written and the door that should be closed appears open, your own plan becomes a non-conformity.
- The generic plan: a document copied from another company or from an unadapted template. The auditor breaks it down into two questions.
- Outdated paper records: folders that no one opens until the week before the audit, half-filled sheets, missing signatures.
- The nonexistent drill: it has never been tested what happens if someone tries to enter a critical area, so no one knows if the plan holds up.
How to prepare for the next audit
The first step is simple: on the SentyHub templates page you have a free Food Defense plan template aligned with IFS Food v8. Download it and adapt it to your real plant: your critical areas, your shifts, your contracts.
The second step is to get the records off paper. That's where SentyHub fits in: access control and visitor management with automatic registration, digital forms for checklists and reviews, and VideoProof, which links each control to the camera clip of the exact moment, on the IP cameras that your plant already has, without new work or hardware. When the auditor asks for evidence, you will not open a folder: you will open a record with date, time and video.