What are the components of the OFPP?

What are the components of the OFPP?

OTCO has organized the OFPP into five distinct sections, each one detailed below.


The organic fraud prevention team are the persons that are responsible for: 

  • Creating and maintaining the overall fraud plan
  • Making sure it gets implemented by their team
  • Ensuring all applicable persons are trained
  • Monitoring the effectiveness of the stated plan

This may be a site manager, the quality assurance department, or designated to a single person at the operation. 


The Supply Chain Map must illustrate all received/incoming organic items. The complexity of the supply chain map depends on the complexity of the operation. Examples may include: a hand drawn flowchart, a typed spreadsheet, or a more complex illustration created through mapping software. There is no wrong way to provide this information as long as it illustrates all organic items received by the operation and all intermediary handling events, such as storage or transport. 

In the examples below, the supply chain maps are simple flow charts. Supply chain maps do not have to include every individual supplier of every organic ingredient, but must include one listing for a particular ingredient group. If the system is more complex, the suppliers must be broken into smaller groupings. 

Supply Chain Map examples by certification scope (Crop, Livestock and Handling):


  • CROP: One reference to domestic organic seed suppliers and another reference to international seed suppliers. 

Supply Chain Map - Crop


  • LIVESTOCK: One reference for organic animals received and another reference to domestic organic feed suppliers. If applicable, a separate reference to international organic feed suppliers is needed because the risks for organic fraud are increased for all imported goods. 


  • HANDLING: One reference to all domestic suppliers and another reference to international suppliers. A more complex system is broken down into smaller categories to separate out suppliers of bulk or unpackaged ingredients.


  • A comprehensive list of individual suppliers is required to be maintained as part of your OSP, but not on this map. The purpose of this map is to identify potential risk factors for organic fraud based on the type or category of ingredients or products received. 
  • The illustration includes all intermediary handling activities that occur between the last certified entity and receipt of that ingredient at the operation. 
    • Examples of intermediary handling events may include: storage locations, brokers, transportation activities, etc.

Critical Control Points (CCPs) are specific stages in a process where control measures are applied to prevent, eliminate, or reduce risk to an acceptable level, ensuring the integrity and quality of a product. Operations must evaluate their supply chain and identify areas where there is potential for fraud to occur and for a product/ingredient to lose its organic status. The supply chain map must include identification of critical control points. In the supply chain map examples above, CCPs are identified with lightning bolts.

  • Examples of CCPs may include but are not limited to: 
    • The use of any supplier – Even if a supplier is certified organic, their certification status and product details still pose a potential risk where fraud may occur. Verification that the supplier is currently certified and to the appropriate scope for the product being purchased and that the product being purchased is listed on the current organic certificate, is essential. 
      • An example would be a farm operation that purchases dehydrated apples or cinnamon from a certified orchard that does not have dehydrated apples or cinnamon listed on their certificate, but only raw apples. 
    • Intermediary handling events 
      • Examples would be any transport event from the supplier to the operation, such as by railcar or truck; the use of a broker, even when no physical custody occurs; or the use of any storage facility prior to receipt of the product at the operation.


A vulnerability assessment is a systematic evaluation that identifies and analyzes weaknesses or susceptibilities in a system, process, or organization, helping to anticipate potential risks and develop effective strategies for prevention and mitigation. 

This assessment is a critical step in an organic fraud prevention plan. The OFPP asks operations to include a description of the steps taken when evaluating risk through the vulnerability assessment, the factors that were considered when identifying the CCPs and determining the prevention and mitigation strategies that are employed.

Below are examples of possible factors that may be considered when evaluating risk of a supply chain:

  • An operation’s relationship with the supplier – e.g. suppliers used frequently by an operation may pose less of a risk for potential fraud to occur.
  • Certification status of the suppliers/service providers used – e.g. uncertified entities may pose a greater risk for fraud to occur because they do not undergo the same certifier oversight. 
  • Location of suppliers (domestic vs. international/import) – e.g. international trade and use of imports are always high risk due to the complexity of the supply chains in foreign trade.
  • Supplier practices (supplier of only one organic ingredient or supplier of multiple ingredients – some of which are organic and some of which are conventional) – e.g. suppliers that produce both organic and conventional products may pose a higher risk for potential fraud to occur.
  • Economic factors (ingredient demand or lack of availability in the organic marketplace) – e.g. products that are generally scarce in the organic market may pose a higher risk potential for fraud to occur.

The next step in the vulnerability assessment is to determine what mitigation or prevention strategies are employed to reduce the potential for fraud to occur at each identified CCP. The assessment of the supply chain components and the associated risk level of each CCP determines the complexity of the mitigation and prevention strategy and monitoring practices. Those that hold more risk need to have more robust prevention strategies and need to be monitored more stringently and more frequently.

Each CCP identified on the supply chain map must be outlined in the vulnerability assessment table of the OFPP. Specific mitigation or prevention strategies need to be outlined for each CCP based on evaluated risk. These strategies are the steps the operation takes to ensure the product/ingredient that is purchased is in fact certified organic and how an operation ensures it maintains its organic integrity and status upon arrival at the operation. The mitigation or prevention strategies need to also include the steps the operation takes to ensure only compliant suppliers are being used. 

Once those strategies have been determined, the monitoring practices need to be defined. Monitoring practices outline how an operation ensures their mitigation or prevention plan for each critical point is evaluated for effectiveness and how often monitoring takes place. Remember, higher risk CCPs may require more frequent monitoring to ensure their associated prevention strategies are working.

The full outcome of this vulnerability assessment must be outlined in the table of the OFPP module.


Please note that all operations will have a different vulnerability assessment which is determined based on risk.


  • Vulnerability Assessment examples:
    • Example 1

Vulnerability Assessment examples.

Vulnerability Assessment examples


  • Example 2

Vulnerability Assessment examples

Vulnerability Assessment examples



Each operation must outline how they train relevant employees to ensure the OFPP is followed. This plan must also include how ongoing training is achieved as updates are made to the OFPP. Employee training ensures the entire operation, whether it is 1 or 1001 employees, are aware of their role in preventing organic fraud. 

Operations must also have a plan or a process outlined for reporting suspected cases of fraud to their certifier as well as to the NOP. An operation can notify the NOP either through the NOP Online Complaint Portal located on the NOP complaints webpage or by mail to the NOP Compliance and Enforcement Branch and including relevant evidence. 

USDA AMS – How to file a Complaint on Organic Regulations


NOP Online Complaint Portal

Email: NOPCompliance@usda.gov
Phone: 202-720-3252
Fax: 202-205-7808


Mail: NOP Compliance and Enforcement Branch
Agricultural Marketing Service
United States Department of Agriculture
1400 Independence Avenue, S.W.
Mail Stop 0268, Room 2642-S
Washington, D.C. 20250-026


The OFPP, like other OSP modules, must be reviewed to ensure they remain effective at preventing fraud and updated as needed. Any changes made to an OFPP must be submitted to OTCO for review and approval. The CCPs must also be monitored on an ongoing basis and updated accordingly when there are changes to supply chains. 

Each operation must outline how they intend to monitor the effectiveness of the OFPP as a whole. Such monitoring must include: 

  • The frequency at which the plan will be evaluated,
  • How the operation is determining the plan’s effectiveness
  • Any other information to fully describe monitoring systems in place

Get Forms & Documents

Download the documents and forms you need.

Access Blank Forms

Still need help?

Our team is here to assist you.

Contact Support