Grade - Active
Posted 07 November 2015 - 04:09 AM
Hi all, 
I need advise for my draft product zone & vulnerability assessment according to clause 5.4.2 which really confusing 
, do I in the right line?
Thank you in advance
Boedi
PROD ZONE 1_CHILFROZ.pdf 15.2KB
210 downloads
PROD ZONE 2_AMBIENT.pdf 14.27KB
178 downloads
VARM 151103_01.xls 959KB
266 downloads
Grade - FIFSQN
Posted 07 November 2015 - 06:49 AM
Hi boedi,
Thks for yr attachments. Interesting material.
Regarding zones, It may be relevant to know what the product / process actually is/are.
Regarding VA, a few comments -
(1) The logic of adding 6 individual risk assessments together to yield a total "risk" is, afaik, so far unvalidated albeit intuitively attractive.**(See PPS)
(2) The grading/meaning of the terminology "Impact" was unclear to me. I wondered how you quantitated it ?
(3) As a corollary to (1,2) above I assume the individual risk assessments as shown can be validated.
(4) It could be argued that if any individual risk assessments were assessed as "critical", they would individually need direct action. Some supply chain evaluations adjust for this via weighting factors.
(5) AFAIK, it is unclear if the 6 criteria which you have used are adequate from BRC's POV (or even excessive )
(6)(a) The criterion for "Critical" may be regarded as too "High" albeit a subjective choice.
(6)(b) <18 should maybe be <=18 ? .
(7) The "actions" mentioned need to be more specific IMO.
BRC's expected minimal requirements for VA are, afaik, currently unknown. This is likely one reason why it's apparently No.2 in the top7 for NCs at this time
BRC7-NCs.pdf 108.62KB
239 downloads
Regardless, I suspect that BRC are going to be forced to exercise considerable flexibility over this VA issue so yr basic approach may well be acceptable. I hope so.
PS - I recently saw this comment on 5.4.1 -
Vulnerability Assessment.png 43.7KB
0 downloads
PPS - After some researching, I think the basic logic should be generically validatable. Whether agreeable to BRC is a slightly different question.
Kind Regards,
Charles.C
Grade - Active
Posted 09 November 2015 - 12:58 AM
Hi Charles,
Regarding the product zone=> of course it should be based on the products it self
Regarding the VA
Thank you for your advise/correction and post in http://www.ifsqn.com...ity-assessment/
which very be inspired me.
The other, for terminology "Impact", I just take from PAS 96
BTW, according to yours when the vulnerability rating as shown as Low, Medium & High what should be done? 
* I will share to you the VA after review of mine
Warmly regards,
Boedi
Grade - FIFSQN
Posted 09 November 2015 - 04:48 AM
Hi Charles,
Regarding the product zone=> of course it should be based on the products it self
Regarding the VA
Thank you for your advise/correction and post in http://www.ifsqn.com...ity-assessment/
which very be inspired me.
The other, for terminology "Impact", I just take from PAS 96
BTW, according to yours when the vulnerability rating as shown as Low, Medium & High what should be done?
* I will share to you the VA after review of mine
Warmly regards,
Boedi
Hi Boedi,
Thks for reply.
Apologies that my comment regarding "zones" was unclear. I meant that in order to answer yr query, can you first post a little info. as to what yr product/process is ?
Regarding Low/Medium/High zones/actions, there has been some discussion on this earlier (somewhere). The specifics are obviously likely to depend on the particular case since one reason for doing the VA is to (theoretically) prioritize/rank the vulnerabilities. This likely focuses on the individual contributions to the overall rating of course. Some VA approaches have initial specific additional criteria for these components.
I suggest you initially have a look at table5 et seq in the risk matrix/mitigation strategy portion of the USP document, eg file vul1 here -
http://www.ifsqn.com...res/#entry91369
(pg 45 et seq) (the basis of table is different to mine but zonal interpretation is probably similar, "strongly recommended" might be IMO usefully replaced by "necessary" )
An earlier attachment in same thread had some generic comments -
“Output from the vulnerability assessment"
Where raw materials are identified as being of particular risk then appropriate assurance controls need to be in place to ensure that only genuine materials are purchased.
Depending on the perceived risk assurance controls may include:
• Certificates of analysis from raw material suppliers
• Raw material testing
• Supply chain audits
• Use of tamper evidence or seals on incoming raw materials
• Enhanced supplier approval checks
• Mass balance exercises at the raw material supplier
• Changes to the supply chain eg a change of supplier or a move to a shorter supply chain”
I noted you have already included some of the above in yr assessment.
I believe the BRC Guidance document has some useful comments on this also.
PS - I only used a 3x3 matrix for convenience. Many people prefer a 5x5 since it enables finer distinctions between items. It's subjective as usual.
Kind Regards,
Charles.C
Grade - Active
Posted 09 November 2015 - 06:21 AM
Hi Charles,
A> For product zone
FYI, my company produce acidified cherry peppers (stuffed and cored), so be catagorized as ambient products (see attachment). For my product zone before, I just prepare if later on somebody ask me about product zone for chilled & frozen too.
B> For VA
Warmly regards,
Boedi
My ZONING ASSESSMENT .pdf 9.65KB
267 downloads
Grade - FIFSQN
Posted 12 November 2015 - 08:20 AM
Hi Charles,
A> For product zone
FYI, my company produce acidified cherry peppers (stuffed and cored), so be catagorized as ambient products (see attachment). For my product zone before, I just prepare if later on somebody ask me about product zone for chilled & frozen
B> For VA
- Once again thank you for your references and after finish of mine, I will share again
- I still convenience with matrix 3x3 too
Warmly regards,
Boedi
Hi Boedi,
Regarding ambient Zoning queries, I'm a little confused as per (2) below.
I don't think you can readily combine chilled/frozen into one analysis + process(es) unclear to me so I have "delayed".
Comments
(1) Yr Table steps are number-misaligned to brc7. Confusing.
(2) Yr 2 tables for ambient seem to have completely changed in respect to customer usage??. is it RTE or non-RTE ? labelling ?
Maybe you need to define the actual "ambient" process a little more exactly ??
Kind Regards,
Charles.C
Grade - Active
Posted 13 November 2015 - 02:08 AM
Hi Charles,
Thank you for your comment, let me review it.
Warmly regards,
Boedi
0 members, 0 guests, 0 anonymous users
