6 replies to this topic

[highlind chick]

Hi all, as stated before I am in my first post as technical manager. I work for a small company so me, myself and I are the technical department. I am implementing well trying to implement version 5, updating from version4. There are a couple of questions I would like to ask if anyone can help me. they may seem pretty basic but no doubt I will have plenty more to ask.
-does everything have to be wrote in third party (no me, I, us etc)?
-I feel like im repeating myself by some things going into the quality manual and other in the procedures manual. Is it just a case of put what you do in the procedures manual? Or something else?
-there seems to be an awful lot of mentions of risk assessments, are all these necessary?
-last but not least how do i know if my manual is right and what im doing is right?
Any help would be greatly appreciated, im in desperate need. Glad to have found this website though. Thanks everyone in advance.

[Charles.C]

very quick replies -

-does everything have to be wrote in third party (no me, I, us etc)

Typically yes but i doubt very much the auditor worries about variations

-I feel like im repeating myself by some things going into the quality manual and other in the procedures manual.

This is normal

Is it just a case of put what you do in the procedures manual? Or something else?

IMEX yes, but enlargement is not forbidden although it will offer an auditor more chance of finding discrepancies. IMO brevity is best.

-there seems to be an awful lot of mentions of risk assessments, are all these necessary?

You will see this query in several threads already. I don't hv a specific answer however at least one poster Caz has I think (?) been audited on ver5 and her opinion was to mostly ignore. There are other comments on which ones to probably not ignore elsewhere here but scattered I'm afraid. some searching required.

-last but not least how do i know if my manual is right and what im doing is
right?

To be honest, if it reads right and answers the standard (eg scope / content), it probably is right. Alternatively pay for a pre-inspection, invaluable IMEX

Rgds / Charles.C

[Madam A. D-tor]

Dear Highlind Chick,


I'm not sure, if I understand all your questions, but here are my replies:

1: Why would you write in first person? A manual is mentioned to instruct people. When I 'm writing procedures or instructions I 'm not using any person (1st, second or 3td) Example: open the box, make a mix, check the temperature, etc.

2: It is not needed to have a separate quality manual and a procedure manual. If you do, make sure it is consequent.

3: Risk assessments are needed. In most requirements you also have to document these assessments. You can do that in your HACCP-analyses. For example the moustache snood.

4: You can ask a counsulting agency, to check your manual or you can do a pré-audit by your CB. Take care of your re-audit date as mentioned on your Certificate for issue 4.

[Simon]

Hi all, as stated before I am in my first post as technical manager. I work for a small company so me, myself and I are the technical department. I am implementing well trying to implement version 5, updating from version4. There are a couple of questions I would like to ask if anyone can help me. they may seem pretty basic but no doubt I will have plenty more to ask.
-does everything have to be wrote in third party (no me, I, us etc)?
-I feel like im repeating myself by some things going into the quality manual and other in the procedures manual. Is it just a case of put what you do in the procedures manual? Or something else?
-there seems to be an awful lot of mentions of risk assessments, are all these necessary?
-last but not least how do i know if my manual is right and what im doing is right?
Any help would be greatly appreciated, im in desperate need. Glad to have found this website though. Thanks everyone in advance.

To add to the good advice already provided. A management system is normally (historically) structured thus:

Level 1: Quality Manual > which references Quality Procedures
Level 2: Detailed Quality Procedures > which reference Quality Documents
Level 3: Detailed Quality Documents

On your question about risk assessments, they like to do this and in my opinion it is useful as it requires the supplier i.e. you to think about and ascertain the risks in your unique business. Also standards are generic so they cannot specify every minute detail or they would be unwieldy. A risk assessment need not always be a huge document it could just as easily be the minutes of a meeting where the issue is discussed. However undertaken a risk assessment should always be documented for reference by those pesky auditors.

Feel free to post you ideas and documents for review here.

Regards,
Simon

[PaulaB]

Hi, try not to tie yourself up in knots on the Quality manual and Procedures Manual, in smaller companies it is common that the procedures are the Quality Manual. It's just important that there is an overview at the start of it to make it clear what the scope is. Try not to repeat anything in any documents/manuals as you have to remember where they all are if you are updating and this makes Document Control a nightmare. Try and keep the documents to the point and accurate. The procedures not to be understandable and auditors don't want to read 5 pages to find the one line of relevant text.

Risk assessments - if it states in the standard that risk assessment is required then it has to be done. It doesn't have to be complex, it can be one paragraph explaining why the decision was made, or it can be included in the HACCP documentation. A good auditor should ask to see these!

Best way to get System checked out is to use a Consultant who currently audits against the standard. If you are already certificated to V4 your CB is unlikely to do apre-audit for you. If you need any help on this let me know

[Charles.C]

Dear PaulaB,

Welcome to the forum !

Many thks yr interesting input.

The procedures not to be understandable and auditors don't want to read 5 pages to find the one line of relevant text.

I guess you meant something like "procedures should be understandable". (although perhaps true if referring to BRC )

Risk assessments - if it states in the standard that risk assessment is required then it has to be done. It doesn't have to be complex, it can be one paragraph explaining why the decision was made.....

I think this is attributing an excess of neutrality to the BRC drafters who IMO are fine-tuning the standard anywhere possible particularly in the interest of maximising "due diligence". The expectation may often be what you say (or much less !) but this does not really match my understanding of a risk assessment in that even a qualitative statement surely requires some validatory basis?. It is also possible that the (audit) interest factor depends on the specific item (and perhaps also the auditor ). Perhaps you could give an example of a minimalist solution to illustrate yr suggestion. I agree with yr comment about HACCP documentation which probably (hopefully) works well for items like supplier approval / ongoings but in other cases not.

If you are already certificated to V4 your CB is unlikely to do a pre-audit for you.

Is this principle generally true ? I can appreciate the auditee (or MD) may now wish to economise but not the other way round ? (The auditor's refrain: Money is the root .......happiness. )

Rgds / Charles.C

[Simon]

Hi, try not to tie yourself up in knots on the Quality manual and Procedures Manual, in smaller companies it is common that the procedures are the Quality Manual. It's just important that there is an overview at the start of it to make it clear what the scope is. Try not to repeat anything in any documents/manuals as you have to remember where they all are if you are updating and this makes Document Control a nightmare. Try and keep the documents to the point and accurate. The procedures not to be understandable and auditors don't want to read 5 pages to find the one line of relevant text.

KISS - Keep It Simple....Stupid

Risk assessments - if it states in the standard that risk assessment is required then it has to be done. It doesn't have to be complex, it can be one paragraph explaining why the decision was made, or it can be included in the HACCP documentation. A good auditor should ask to see these!

I'm not an auditor, but I would have expected a paragraph would not be enough. Surely a risk assessment should be undertaken by the HACCP team and as such an acceptable record must at least contain relevant information such as when, who, what, why etc. A record such as minutes or similar not just a paragraph.

Welcome to the forums Paula - thanks for your input.



Regards,
Simon