Jump to content

  • Quick Navigation
Photo
- - - - -

Closing NC on clause 3.5.1.2 - Supplier Approval and Monitoring

moderate risk foreign suppliers

  • You cannot start a new topic
  • Please log in to reply
24 replies to this topic

#1 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 09 July 2018 - 10:20 PM

Hello everyone,

 

We can't close our NC on Supplier Approval procedure and on-going monitoring BRC7 clause 3.5.1.2. Our foreign suppliers of plastic cups is from US and pouches is from Thailand. Both are not GFSI certified. In our risk assessment, since they are not GFSI certified they are identified as moderate risk suppliers. SAQ can't be used because you can only sent SAQ to low risk, therefore we are required to do the on site audit. But on our side, it is very costly to to go there and audit ourselves.

 

How can we get away with this situation? Is there anyone here that had they same situation with ours? I need your help.

 

 

regards,

redfox



#2 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 09 July 2018 - 11:35 PM

Hello everyone,

 

We can't close our NC on Supplier Approval procedure and on-going monitoring BRC7 clause 3.5.1.2. Our foreign suppliers of plastic cups is from US and pouches is from Thailand. Both are not GFSI certified. In our risk assessment, since they are not GFSI certified they are identified as moderate risk suppliers. SAQ can't be used because you can only sent SAQ to low risk, therefore we are required to do the on site audit. But on our side, it is very costly to to go there and audit ourselves.

 

How can we get away with this situation? Is there anyone here that had they same situation with ours? I need your help.

 

 

regards,

redfox

 

Hi redfox,

 

It is documented in the literature that for the clause referred above, a 3rd Party audit can be accepted when implemented according to a defined format.


Kind Regards,

 

Charles.C


Thanked by 1 Member:

#3 mgourley

mgourley

    Grade - PIFSQN

  • IFSQN Principal
  • 929 posts
  • 753 thanks
98
Excellent

  • United States
    United States
  • Gender:Male
  • Location:Plant City, FL
  • Interests:Cooking, golf, firearms, food safety and sanitation.

Posted 09 July 2018 - 11:40 PM

Why is a foreign supplier (especially in the USA) a moderate risk supplier?

Even though they may not be certificated to a GFSI approved auditing scheme, do they have other 3rd party audits?
Do they have a history of bad performance as a supplier?

Do they supply you with Letters of Guarantee for their products?
Are there any other historical evidence or assurances they could provide to make them low risk?

This is a case where you need to modify your supplier acceptance and monitoring criteria.

 

Marshall



Thanked by 1 Member:

#4 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 12:05 AM

Hi redfox,

 

I agree Marshall's comment although one would obviously need to see yr input/risk assessment,etc to know if "manouevrable".

 

I attach 2016 relevant comments regarding supplier audit -

 

Attached File  BRC acceptable supplier audit.pdf   967.83KB   57 downloads


Kind Regards,

 

Charles.C


Thanked by 1 Member:

#5 beautiophile

beautiophile

    Grade - AIFSQN

  • IFSQN Associate
  • 45 posts
  • 14 thanks
2
Neutral

  • Vietnam
    Vietnam

Posted 10 July 2018 - 01:58 AM

Hi fox.

I don't understand this "SAQ can't be used because you can only sent SAQ to low risk.".

My company is certified with BRC/IoP and still receives SAQ by customers and site-audits annually.

BTW, here are some tips from a BRC Auditor:

 

- The programme must be comprehensive and include all suppliers.

- You have three options for your supplier monitoring: (1) carrying out audits yourself, (2) relying on third-party audits or (3) using questionnaires.
- Whatever method of approval and ongoing assessment that you have set out, there is a need to have a programme and to demonstrate that you are adhering to it.
- Some companies audit suppliers, others rely on questionnaire-type systems and some use third, party certification. The important thing is to have something in place that is working.
- Finally note that if you go the questionnaire route they must be renewed every 3 years at least and such suppliers must be instructed to inform you of any significant changes.
It means method (3) can be used to any suppliers. But for suppliers other than low-risk, at least one of (1) and (2) is a must.


#6 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 03:00 AM

Hi beautiophile,

 

This is not referring to BRC/IoP.

 

It's quite clearly stated.

Here is the FS7 Standard's text 3.5.1.2 -
 

 

The company shall have a documented supplier approval and ongoing monitoring procedure to ensure that all suppliers of raw materials, including packaging, effectively manage risks to raw material quality and safety and are operating effective traceability processes. The approval and monitoring procedure shall be based on risk and include one or a combination of:
•  certification (e.g. to BRC Global Standards or other GFSI-recognised scheme)
•  supplier audits, with a scope to include product safety, traceability, HACCP review and good manufacturing practices, undertaken by an experienced and demonstrably competent product safety auditor
or, for suppliers assessed as low risk only, supplier questionnaires.
Where approval is based on questionnaires, these shall be reissued at least every 3 years and suppliers will be required to notify the site of any significant changes in the interim.
The site shall have an up-to-date list of approved suppliers.

 


Kind Regards,

 

Charles.C


#7 beautiophile

beautiophile

    Grade - AIFSQN

  • IFSQN Associate
  • 45 posts
  • 14 thanks
2
Neutral

  • Vietnam
    Vietnam

Posted 10 July 2018 - 03:23 AM

Hi Charles C.,

I was referring BRC FS.

In my understanding, sole questionnaire method is enough for low-risk suppliers. Higher-risk ones need audits or certificates but SAQ is still useful to them.

Did I misinterpret?

P/S: I am giving points of view from the other side (i.e. packaging supplier).



#8 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 10 July 2018 - 03:33 AM

Thank you Charles and Marshall,

 

During our audit, when the auditor declare it as NC, he did not accept is low risk since both supplier are not GFSI scheme certified. Our supplier from US and Thailand both have no food safety certification even non-GFSI scheme.

 

They can only provide COA. We will arrange a third party audit for our foreign supplier if we can't persuade auditor to close this NC.

 

regards,

redfox



#9 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 04:30 AM

Hi redfox,

 

Yr auditor is probably bewildered by the meandering structure of the BRC Clauses. Just like the rest of Us. :smile:


Kind Regards,

 

Charles.C


#10 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 04:47 AM

Hi Charles C.,

I was referring BRC FS.

In my understanding, sole questionnaire method is enough for low-risk suppliers. Higher-risk ones need audits or certificates but SAQ is still useful to them.

Did I misinterpret?

P/S: I am giving points of view from the other side (i.e. packaging supplier).

 

Hi beautiophile,

 

IMHO the BRC clauses 3.5.1.1 and 3.5.1.2 are a Masterpiece of Cryptic Logic. BRC are simply obsessed with Risk Assessment.

 

As you say, SAQ's are likely always useful but, except for Low Risk (totally undefined by BRC !!) Suppliers, are afaik supplemental rather than a Priority.

 

I sincerely hope that the BRC Packaging Standard is less demanding in respect to the English language.


Kind Regards,

 

Charles.C


#11 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 10 July 2018 - 05:58 AM

Hello beautiophile,

 

Thank you for the insights.

 

As Charles posted, for low risk only-suppliers questionnaire. Actually that what we did, we sent SAQ to our foreign suppliers, US and Thailand since we are in the Philippines, very costly for us to send our FS auditor there. But the auditor said it is lacking since they are not low risk supplier. And we can't declare those 2 suppliers as low risk because as per auditor they don't have GFSI scheme certification.

 

We have to hire TPA there to audit our suppliers in our behalf.

 

regards,

redfox



#12 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 10 July 2018 - 06:16 AM

Hello Charles,

 

I agree, there might be some misconception that result to confusion to the sites. Actually this is our 4th audit, on those three audits, those 2 foreign suppliers though we only sent SAQ was not noticed. Maybe we are just lucky then, but now we ran out of luck.

 

regards,

redfox



#13 pHruit

pHruit

    Grade - Active

  • IFSQN Active
  • 16 posts
  • 4 thanks
0
Neutral

  • United Kingdom
    United Kingdom

Posted 10 July 2018 - 08:54 AM

Can you come up with a risk-assessment method that would justify applying a low-risk status for the suppliers?

It's unusual for BRC to be so forthright about your risk assessment, as whilst auditors always have their own view it is your business and your suppliers so as long as you can justify what you're doing it should be sufficient. Obviously life would be easier for all concerned if they were GFSI certified, but it's not always possible in the real world.

What currently factors into your risk assessment for the suppliers?
If it's just certification standards then absence of GFSI will obviously be a challenge, but for example we also use the following in the supplier risk assessment process:
Other certification (e.g. ISO9001 - not much help from a food safety perspective, but it does at least show some commitment to management of systems)

Size of supply - if you buy a lot then the risk/exposure is potentially greater

Transparency index for the country in which the supplier is located - based on Transparency International's Corruption Perceptions Index

Location weighting

Historical relationship - a long trading history with no problems should reasonably be assumed to indicate a lower risk

 

Maybe you can use something like these to come up with a more substantial justification for the low risk status? (assuming you genuinely think they are low risk sources!)

 

It looks like clause 3.5.1.2 is going to be modified in Issue 8 (at least based on the last draft consultation I saw) but still has the option for SAQ for low risk - just makes it a bit clearer what is required in terms of justification via risk assessment, but still very much up to the individual business to determine what "low risk" means.



#14 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 09:23 AM

Hi pHruit,

 

You seem to have missed something -

 

The [raw material(s)] risk assessment shall form the basis for the raw material acceptance and testing procedure and for the processes adopted for supplier approval and monitoring.

Kind Regards,

 

Charles.C


#15 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 10 July 2018 - 09:32 AM

Hello pHruit,

 

Thanks for your opinion and suggestion. The auditor said, as long as the suppliers is not GFSI scheme certified he can't consider it as low risk. We did not argue him anymore. We have risk assessment, but sad to say our 2 foreign suppliers can only show to us is only the COA.

 

regards,

redfox



#16 pHruit

pHruit

    Grade - Active

  • IFSQN Active
  • 16 posts
  • 4 thanks
0
Neutral

  • United Kingdom
    United Kingdom

Posted 10 July 2018 - 09:39 AM

Hi Charles,

Sorry, the dangers of writing quickly in shorthand on a forum...

 

 

Hi Redfox,

Fair enough - it's always difficult disagreeing with an auditor, particularly for something like BRC where the outcome can have such a big impact on your business.

It does sound like the suppliers are a bit lacking in what they can provide for you though.

Do you know any other businesses in your region that use these same suppliers?
We have started receiving shared audits from some of our customers, where two of them will split the cost of hiring an auditor and then both share the resulting report. Is this something you could look at to help reduce the expense?



#17 QAGB

QAGB

    Grade - SIFSQN

  • IFSQN Senior
  • 277 posts
  • 107 thanks
15
Good

  • Earth
    Earth

Posted 10 July 2018 - 02:22 PM

Hello pHruit,

 

Thanks for your opinion and suggestion. The auditor said, as long as the suppliers is not GFSI scheme certified he can't consider it as low risk. We did not argue him anymore. We have risk assessment, but sad to say our 2 foreign suppliers can only show to us is only the COA.

 

regards,

redfox

 

Hi Redfox,

 

It sounds like quite the situation. Like pHruit said, it's troubling that your suppliers are not going through any kind of certifications at all. However, if you haven't had any performance issues or trouble getting documentation, then I don't see why you couldn't treat them as low risk suppliers. As I understand, this is in relation to your packaging suppliers; and based on what I've dealt with, not all packaging suppliers have caught up to the certification levels of those of us that make food. In many cases, packaging suppliers are headed towards GFSI level standards, but it's not quite the rule yet. It's interesting that your auditor says that your packaging suppliers have to be GFSI to be considered low risk, when some packaging suppliers have yet to even get near this level of certification. We have a supplier of drums that had no traceability to their products, and we had to request they put lot codes on their drums (at least paperwork wise) for us to use. 

 

My thought as others have said is that you are responsible for your own risk assessments and what you can consider to be low risk. I've always interpreted the clause (as well as our auditors) to mean that you risk assess your suppliers from low to high. If supplier is GFSI, great! If supplier is not GFSI but you consider it low risk, then you must have a supplier questionnaire you create completed by the supplier. If supplier is considered moderate to high risk, then you have to have an onsite audit. I've never had an auditor tell us our risk assessment was wrong because the supplier isn't GFSI and we marked them as low risk. Is it possible for you to appeal that finding by discussing with the certifying body? 

 

QAGB



#18 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 03:28 PM

Hi QAGB,

 

IMO the blame for, i suspect, mutual auditor and auditee confusion lays squarely on BRC's shoulders due (a) the highly convoluted text within clauses 3.5.1.1 and 3.5.1.2 plus (b) BRC's usage of the totally undefined terminology of "low risk supplier" in clause 3.5.1.2.

           

Textually there appear to be 2 potentially contributing portions of BRC text related to the supplier's risk rating, namely -
 

3.5.1.1

The risk assessment [of the raw materials/packaging] shall form the basis for the raw material acceptance and testing procedure and for the processes adopted for supplier approval and monitoring

 

and
 

3.5.1.2

 The [supplier] approval and monitoring procedure shall be based on risk [of what?] and include one or a combination of:

 

•  certification (e.g. to BRC Global Standards or other GFSI-recognised scheme)
•  supplier audits, with a scope to include product safety, traceability, HACCP review and good manufacturing practices, undertaken by an experienced and demonstrably competent product safety auditor
or, for suppliers assessed as low risk [??!] only, supplier questionnaires.

 

 

I believe that the BRC Guideline document implies that BRC intended that the overall supplier risk rating was to [somehow] involve both the above "factors". Such an  approach is not unreasonable IMO  but offers an opportunity for a variety of subjective conclusions.

 

I speculate that redfox's auditor  "combined" a "Low" from 1st portion with a "non-Low" (ie zero audit) from 2nd portion to yield an overall "non-Low" rating. This then voided the option of a SAQ.

 

Pure speculation of course. :smile:

 

PS - Personally, based solely on the text of the FS Code, i myself interpreted the supplier risk rating to be totally determined from 1st portion above with the result then being transferred into the 2nd portion with appropriate final consequences as laid out in 3.5.1.2. redfox's auditor would presumably not have accepted this procedure either if the 1st result was a "Low". :smile:


Kind Regards,

 

Charles.C


#19 QAGB

QAGB

    Grade - SIFSQN

  • IFSQN Senior
  • 277 posts
  • 107 thanks
15
Good

  • Earth
    Earth

Posted 10 July 2018 - 03:47 PM

Hi QAGB,

 

IMO the blame for, i suspect, mutual auditor and auditee confusion lays squarely on BRC's shoulders due (a) the highly convoluted text within clauses 3.5.1.1 and 3.5.1.2 plus (b) BRC's usage of the totally undefined terminology of "low risk supplier" in clause 3.5.1.2.

           

Textually there appear to be 2 potentially contributing portions of BRC text related to the supplier's risk rating, namely -
 

 

and
 

 

I believe that the BRC Guideline document implies that BRC intended that the overall supplier risk rating was to [somehow] involve both the above "factors". Such an  approach is not unreasonable IMO  but offers an opportunity for a variety of subjective conclusions.

 

I speculate that redfox's auditor  "combined" a "Low" from 1st portion with a "non-Low" (ie zero audit) from 2nd portion to yield an overall "non-Low" rating. This then voided the option of a SAQ.

 

Pure speculation of course. :smile:

 

Hi Charles, 

I see what you are saying. We have combined both clauses in our supplier monitoring program. However, the way I've always seen it is that the risk assessment is basically up to the customer (of course within reason to justify assessment). If you're getting all the documentation you need and supplied item performs well, why would it be considered a non-low even if not GFSI? BRC has always been very vague and leaves way too much room for interpretation. We shouldn't need an interpretation guide to explain standards (and then to find out that the interpretation guide is not an auditable document). If we've assessed supplier as a low risk supplier, and they aren't GFSI, we have the option of either auditing ourselves or having them supply us with a questionnaire that meets standards.

 

If it was intended to combine both clauses together and have basically a separate risk assessment for both to make a final assessment, then why would they even offer the option for supplier questionnaire? Under that interpretation, if a supplier is low risk on risk assessment from 3.5.1.1, but they have no GFSI certification, then they can never be assessed as anything but moderate risk under 3.5.1.2; and then the company could never use a supplier questionnaire. If supplier is mid to high risk on assessment from 3.5.1.1, then they couldn't be assessed at low risk under 3.5.1.2, and still could not use a supplier questionnaire. If supplier is low risk under 3.5.1.1, and GFSI certified or audited by the company itself, then they still don't need supplier questionnaire. 

 

Your speculation could be right as far as the auditor's interpretation, but it still leaves me confused and I would personally question that finding.

 

QAGB



#20 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 10 July 2018 - 04:19 PM

Hi QAGB,

 

Yes, I previously encountered some of the reservations you mention when i posted a risk assessment for 1st portion some time ago. At that time I interpreted BRC's intentions as per my PS in Post 18. However I later understood that BRC's I.G. proposed a more combined approach although not detailing any particular method of implementation.

Additionally IIRC, one intended feature of BRC7 was a reduction in the usage of SAQs as compared to BRC6.

I still find it remarkable that BRC have not been obliged to explain precisely what they mean by "Low Risk" Supplier.


Kind Regards,

 

Charles.C


Thanked by 1 Member:

#21 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 11 July 2018 - 11:00 PM

Hello,

 

The company shall have a documented supplier approval and ongoing monitoring procedure to ensure that all suppliers of raw materials, including packaging, effectively manage risks to raw material quality and safety and are operating effective traceability processes. The approval and monitoring procedure shall be based on risk and include one or a combination of:
1•  certification (e.g. to BRC Global Standards or other GFSI-recognised scheme)
2•  supplier audits, with a scope to include product safety, traceability, HACCP review and good manufacturing practices, undertaken by an experienced and demonstrably competent product safety auditor
or, for suppliers assessed as low risk only, supplier questionnaires.

 

Where approval is based on questionnaires, these shall be reissued at least every 3 years and suppliers will be required to notify the site of any significant changes in the interim.
The site shall have an up-to-date list of approved suppliers

 

The risk assessment should be based on the two statements, one or combination of. If it is GFSI scheme certified, automatically low risk. Actually our raw materials and suppliers are all low risk even they are not GFSI scheme certified. But can we send only SAQ? Answer is NO...why? because they fall on statement number 2.

 

2•  supplier audits, with a scope to include product safety, traceability, HACCP review and good manufacturing practices, undertaken by an experienced and demonstrably competent product safety auditor

 

We should have to audit suppliers even if we identified them as "low risk".

 

The development of closing our NC on packaging suppliers is that we send letter of intent  to our 2 foreign suppliers that we have to conduct suppliers audit on their facility. Furnishing copy to auditor. We have friend that also suffered findings like this.

 

Hope this kind of confusion would be rectified/clarified on BRC8.

 

regards,

redfox



#22 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 13 July 2018 - 12:23 AM

Hi redfox,

 

I think yr problem is maybe that yr auditor has insuffient comprehension of the BRC7 standard.

And the reason for the latter is particularly due to BRC7's textual presentation/subtleties.


Kind Regards,

 

Charles.C


#23 redfox

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 428 posts
  • 121 thanks
12
Good

  • Philippines
    Philippines

Posted 13 July 2018 - 01:31 AM

Hello Charles,

 

I could be Charles I agree. Until now we did not receive any feedback from him on our latest submission of CA. Thank you guys for all the support. I will post on the development. This case could be a reference in the future.

 

regards,

redfox



#24 mgourley

mgourley

    Grade - PIFSQN

  • IFSQN Principal
  • 929 posts
  • 753 thanks
98
Excellent

  • United States
    United States
  • Gender:Male
  • Location:Plant City, FL
  • Interests:Cooking, golf, firearms, food safety and sanitation.

Posted 13 July 2018 - 09:11 AM

Hi Charles, 

I see what you are saying. We have combined both clauses in our supplier monitoring program. However, the way I've always seen it is that the risk assessment is basically up to the customer (of course within reason to justify assessment). If you're getting all the documentation you need and supplied item performs well, why would it be considered a non-low even if not GFSI? BRC has always been very vague and leaves way too much room for interpretation. We shouldn't need an interpretation guide to explain standards (and then to find out that the interpretation guide is not an auditable document). If we've assessed supplier as a low risk supplier, and they aren't GFSI, we have the option of either auditing ourselves or having them supply us with a questionnaire that meets standards.

 

If it was intended to combine both clauses together and have basically a separate risk assessment for both to make a final assessment, then why would they even offer the option for supplier questionnaire? Under that interpretation, if a supplier is low risk on risk assessment from 3.5.1.1, but they have no GFSI certification, then they can never be assessed as anything but moderate risk under 3.5.1.2; and then the company could never use a supplier questionnaire. If supplier is mid to high risk on assessment from 3.5.1.1, then they couldn't be assessed at low risk under 3.5.1.2, and still could not use a supplier questionnaire. If supplier is low risk under 3.5.1.1, and GFSI certified or audited by the company itself, then they still don't need supplier questionnaire. 

 

Your speculation could be right as far as the auditor's interpretation, but it still leaves me confused and I would personally question that finding.

 

QAGB

From the Interpretation Guide: emphasis mine

 

Approval must be based on a risk assessment of the supplier and could therefore include a range of

activities, such as the following:
A third-party certifcation scheme incorporating product safety, such as the Global Standards for
food, packaging, storage and distribution, or agents and brokers.

A successful site audit which as a minimum covers product safety, traceability, HACCP and good
manufacturing processes. This audit must be completed by an appropriately experienced and
competent auditor (i.e. someone who has completed training in auditing techniques and with
experience of auditing, and knowledge of the product, ingredient or processes being audited).
Non-conformities should be addressed (e.g. in an agreed action with timescales) unless they are
critical to product safety or legality, in which case supply should not be permited until nonconformities have been satisfactorily addressed.

Where risk assessment (completed as part of this clause) indicates that a supplier is low risk (e.g.
due to history of trading with the site, the nature of the raw materials traded etc.) the completion of a
supplier questionnaire may be sufficient.
If a supplier questionnaire is the only mechanism used to
assess a supplier (i.e. there are no additional activities such as supplier audits) then it is important
that the questionnaire (and replies from the ingredient supplier) contains all the relevant information
to allow the site to confdently make a decision on approval. To ensure they are up to date,
questionnaires must be re-issued at least every 3 years.

 

Now this still does not explain how a supplier is considered "low", "medium" or "high" risk.

Nowhere in the Standard or the guidance document does is explain "how" to do a risk assessment. BRC does define risk assessment as "The identification, evaluation and estimation of the levels of risk involved in a process to determine an appropriate control process."

 

Personally, I think the auditor is reaching for something that is not there.

 

Marshall

 

 



#25 Charles.C

Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 13,614 posts
  • 3733 thanks
411
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 13 July 2018 - 11:28 AM

Hi Marshall,

 

Thks for above.

 

It is unclear to me as to whether the "risk assessment" referred is the same "risk assessment"  as that required for 3.5.1.1.

Almost as cryptic as the Code's clauses themselves. I daresay the auditor is no wiser either.


Edited by Charles.C, 13 July 2018 - 04:07 PM.
edited

Kind Regards,

 

Charles.C





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users