11 replies to this topic

[madrigaljuliusivan]

Hi All,


Good day. Does anyone can give me their INTERNAL QUALITY AUDIT for FOOD SAFETY ISO 22000? Thank you





Thank you and regards,
Ivan

[Tony-C]

Hi All,

Good day. Does anyone can give me their INTERNAL QUALITY AUDIT for FOOD SAFETY ISO 22000? Thank you

Thank you and regards,
Ivan

Hi Ivan,

What are you looking for? Record? Procedure? Gap Analysis Checklist?

Kind regards,

Tony

[Mr. Zulhilmi]

Hi Ivan,

What are you looking for? Record? Procedure? Gap Analysis Checklist?

Kind regards,

Tony

record,procedure and checklist

[madrigaljuliusivan]

Procedures Sir.

[madrigaljuliusivan]

Hi Sir Tony,

I've been looking for Internal Quality Audit Procedure for ISO 22000

Thank you and regards,
Ivan

[Charles.C]

Hi Sir Tony,

I've been looking for Internal Quality Audit Procedure for ISO 22000

Thank you and regards,
Ivan

Dear Ivan (The Te?),

Basically the lists below = the procedure / form. Didn't notice any actual records, sorry. There are at least 2 ways to generate a list -

(1) The quick way is to take the standard, group the requirements, make the inspection then "act accordingly". This is essentially a gaplist procedure + corrective action combined. Strictly, IMO, this is a system audit but auditors seem to be quite happy to identify it as an internal audit. The segments can be divided to people and time if preferred, eg whole system is spread over 1 year (I prefer not but can then be a lot of compressed work). Some typical formats –

http://www.ifsqn.com...dpost__p__39991
http://www.ifsqn.com...dpost__p__38796
http://www.ifsqn.com...dpost__p__43600 (SQF but same idea)
http://www.ifsqn.com...dpost__p__39206
http://www.ifsqn.com...dpost__p__40659

No doubt there are many others within SQF, BRC forums.

It is convenient IMO to add a corrective actions form to the end of the IA sheet since will almost certainly be used. This is usually generic and there are plenty of examples of these on this forum also.

(2) A second ( more like a true internal audit?) option is to risk analyse yr specific setup within the context of the standard and create a personal internal audit prioritised to the standards content. This is obviously more work but should give a smaller final result + is self-educational/meaningful. Sub-division into people/time can be done in same way as 1.
Perhaps not surprisingly I could not find any examples of this here although I think there are some on the forum somewhere.

Rgds / Charles.C

[Zeeshan]

Dear Ivan (The Te?),

Basically the lists below = the procedure / form. Didn't notice any actual records, sorry. There are at least 2 ways to generate a list -

(1) The quick way is to take the standard, group the requirements, make the inspection then "act accordingly". This is essentially a gaplist procedure + corrective action combined. Strictly, IMO, this is a system audit but auditors seem to be quite happy to identify it as an internal audit. The segments can be divided to people and time if preferred, eg whole system is spread over 1 year (I prefer not but can then be a lot of compressed work). Some typical formats –

http://www.ifsqn.com...dpost__p__39991
http://www.ifsqn.com...dpost__p__38796
http://www.ifsqn.com...dpost__p__43600 (SQF but same idea)
http://www.ifsqn.com...dpost__p__39206
http://www.ifsqn.com...dpost__p__40659

No doubt there are many others within SQF, BRC forums.

It is convenient IMO to add a corrective actions form to the end of the IA sheet since will almost certainly be used. This is usually generic and there are plenty of examples of these on this forum also.

(2) A second ( more like a true internal audit?) option is to risk analyse yr specific setup within the context of the standard and create a personal internal audit prioritised to the standards content. This is obviously more work but should give a smaller final result + is self-educational/meaningful. Sub-division into people/time can be done in same way as 1.
Perhaps not surprisingly I could not find any examples of this here although I think there are some on the forum somewhere.

Rgds / Charles.C

Dear Charles!

Would you please elaborate what you do mean by "Personal" internal audit.

Definitely a person like me who had seen countless examples of "1" eagerly want to see the even a single example of "2".

Regards:
M.Zeeshan.

[Charles.C]

Dear Zeeshan,

Sorry for non-reply, I missed yr post. By “personal” I meant “minimising” the (ultimate) work involved. My comment was initially thinking of direct methods like (A) below but, after some more thought, maybe the indirect approach as in (B) is more "rigorous". Other opinions welcome.

The implementation of internal audit (IA) in most FS standards mainly requires a decision on 2 aspects –

1. Actual No. clauses to include from standard, ie scope and perhaps also a grouping, eg into “departments”, "processes" ?.
2. The frequency of the internal audit as assessed via “risk-based methods”.

For (1), most of the (current) standards IMO are ambiguous. The interpretive guideline for BRC probably answers this at a price.
For (2) equal ambiguity seems to exist.

Three proposals already posted are –

(A) An example of a risk matrix method directly applied to grouped clauses so as to select a frequency is here –
http://www.ifsqn.com...dpost__p__23869
This is neat format IMO but lacks detail of the actual method of risk assessment. Some of the PRP data looks questionable (PRPs are not readily risk-assessed? ). Nonetheless, the simplicity and compactness is attractive.

(B) Another, sort of reverse, approach which effectively defines a current frequency and then (risk) verifies it is here –
http://www.ifsqn.com...dpost__p__56043
It looks ok except perhaps for my comment below.

© Another method which is more straightforward (always a good feature) albeit somewhat arbitrary is here –
http://www.ifsqn.com...dpost__p__27594
Very arbitrary but maybe just as good.

All the (A-C) above avoid any consideration of what to do if various NCs do appear ? Nonetheless, all may well be equally acceptable in a stable situation.

I can understand the tendency to opt for a straight use of the standard so as to avoid hassle.
As an additional risk-based add-on (if required), I suggest the ANZFA method proposed in (2 attachments) in this post - -
http://www.ifsqn.com...dpost__p__23592

This was designed for external audit but seems flexible to me although the NC tolerances should probably be tightened.

An even more comprehensive, UK risk-based methodology is here, primarily designed for meat control but again flexible –

 fsa manual official controls, ch4 audit,haccp based procedures.pdf   559.1KB   734 downloads

Rgds / Charles.C

[Lexter Cruz]

Hi to all,

Please see our internal audit procedure according to auditor Authorities is lacking in the procedure...please help me on this.
Does anyone form the group can explain what is difference between Responsibilities and Authority as mention in ISO 22000:2005 clause of Internal Audit?
I'm very glad if you share sample of internal audit procedure.

Again thanks in advance to receive a copy.

Thanks,
Factory Hygienist

[Charles.C]

Hi to all,

Please see our internal audit procedure according to auditor Authorities is lacking in the procedure...please help me on this.
Does anyone form the group can explain what is difference between Responsibilities and Authority as mention in ISO 22000:2005 clause of Internal Audit?
I'm very glad if you share sample of internal audit procedure.

Again thanks in advance to receive a copy.

Thanks,
Factory Hygienist

Dear Factory Hygienist,

I expect yr auditor is referring to the general ISO terminologies in para. 5.4.

There are many opnions on difference between RES/AUT by ISO experts but I suggest a simple one is –

Responsibility means - stating who has been assigned to undertake a certain job.
Authority means - the ability to make decisions without having to ask someone else's permission.

Example - one primary complaint of QA managers is assignment to them of responsibility by Top Management without delegation by Top Management of the authority needed to fulfill the responsibility.

Example - A QA operative has the responsibility to check the accuracy of a balance. If not correct he has the responsibility to report the finding to the QA manager.
The QA manager has the authority to reject the balance, ie have it removed from use.

In case of para 8.4.1, “Authority” may refer to the part of yr procedure detailing the personnel mentioned in last paragraph of 8.4.1, ie “The management ....results”.

It may also be simpler to ask yr auditor ? (After all, it's yr money)

Rgds / Charles.C

[Lexter Cruz]

Dear Factory Hygienist,

I expect yr auditor is referring to the general ISO terminologies in para. 5.4.

There are many opnions on difference between RES/AUT by ISO experts but I suggest a simple one is –

Responsibility means - stating who has been assigned to undertake a certain job.
Authority means - the ability to make decisions without having to ask someone else's permission.

Example - one primary complaint of QA managers is assignment to them of responsibility by Top Management without delegation by Top Management of the authority needed to fulfill the responsibility.

Example - A QA operative has the responsibility to check the accuracy of a balance. If not correct he has the responsibility to report the finding to the QA manager.
The QA manager has the authority to reject the balance, ie have it removed from use.

In case of para 8.4.1, “Authority” may refer to the part of yr procedure detailing the personnel mentioned in last paragraph of 8.4.1, ie “The management ....results”.

It may also be simpler to ask yr auditor ? (After all, it's yr money)

Rgds / Charles.C

[Anish]

Your checklist should cover all the clauses of ISO 22K requirements. And your report should detail the findings. I think your checklist did not cover the requirement and the auditor might have mentioned that. Pls share in detail about your auditor comments. If you are still having doubt about his questions, its better to clarify from him directly.
Rgds