Jump to content

  • Quick Navigation

Search Results

There were 6 results tagged with SQF

By content type

By section

Sort by                Order  
  1. SQF from Scratch: 2.1.5 Crisis Management Planning

    2.1.5 Crisis Management Planning

     

    Well…this sure got relevant in the past few months.

     

    SQF understands that businesses aren’t just going to sign yearbooks and close the doors if a disaster happens. In the most philanthropic mindset, food businesses play an important infrastructure role, but if we’re honest, the common motivation is that owners and employees care about the business they have. If there’s still a way to operate, we won’t be ready to just call it quits when faced with a disaster.

    Posted Image

     

    “If the sour cream line still works we can make it through this, let’s start digging.”

     

    With customer loyalty, cashflow needs, and employee job security at stake, companies will try and find a way to get products out the door as quickly as possible. What SQF wants to see is that they aren’t just going to throw food safety out the window due to “extenuating circumstances”, even if they’re legitimate.

     

    HACCP plans include corrective actions so that we determine the right course of action before knowing what the cost will be. Similarly, a crisis management plan made in “peacetime” will ensure we had the time and capacity to commit to sound food safety decisions before the sewage hit the fan.

     

    The code:

     

    2.1.5 Crisis Management Planning

     

    2.1.5.1 A crisis management plan that is based on the understanding of known potential dangers (e.g., flood, drought, fire, tsunami, or other severe weather or regional events such as warfare or civil unrest) that can impact the site’s ability to deliver safe food, shall be documented by senior management outlining the methods and responsibility the site shall implement to cope with such a business crisis.

     

    2.1.5.2 The crisis management plan shall include as a minimum:

     

    i. A senior manager responsible for decision making, oversight and initiating actions arising from a crisis management incident;

    ii. The nomination and training of a crisis management team;

    iii. The controls implemented to ensure a response does not compromise product safety;

    iv. The measures to isolate and identify product affected by a response to a crisis;

    v.The measures taken to verify the acceptability of food prior to release;

    vi. The preparation and maintenance of a current crisis alert contact list, including supply chain customers;

    vii. Sources of legal and expert advice; and

    viii. The responsibility for internal communications and communicating with authorities, external organizations and media.

     

    2.1.5.3 The crisis management plan shall be reviewed, tested and verified at least annually.

     

    2.1.5.4 Records of reviews of the crisis management plan shall be maintained.

     

    What’s the point? How is this making our product safer?

     

    This element can feel out of place if we get swept up with focusing on the business and personal safety aspects of the crisis. SQF didn’t help with previous language in the code which used to reference “business continuity”, which read as business oriented versus food safety.

     

    The current language of the code does a much better job of making clear that the point of this element is to make sure the site doesn’t just start pitching out unsafe product in order to keep the business alive. We know from previous outbreaks and litigation that, when faced with significant financial impacts, companies will feel pressure to make poor food safety decisions.

     

    We see these events and start to think, if a company is willing to release unsafe food just to avoid losing a single customer…what would they be willing to release to keep the business from closing?
    In the same way a starving person will eat from the trash, a business crippled by natural disaster will have immense pressure to sell anything, and its personnel won’t feel like they have the time or resources to find a better solution.

     

    Posted Image

     

    Imagine being a local meat distributor, and a massive blackout hits the city one week before thanksgiving. The 6 team members on site are staring at a warehouse holding 3000 turkeys that are now warming up. They have 4 hours to figure out a solution that maintains all of their various requirements….or play it by ear and hope the power goes back on. I mean, are we really prepared to toss everything on inventory the week before a holiday just because it got a little warmer than it should? It’s not like there was a sewage leak all over it and the turkeys will be cooked for hours!

     

    Even if the best solution was to get a block of ice for every single turkey, who sells that? Do they have the capacity? How will it be transported? Figuring out the logistics will also take time, maybe so much time that the company will be in the same situation anyway, less the effort.

     

    Rather than wait until the moment the building loses power, this is a reasonably foreseeable event that SQF states suppliers should already have planned for. So that when through no fault of their own they face a crisis, there is a plan in place that puts food safety as a priority.

     

    What am I being asked to do?

     

    Making the Plan

     

    The practitioner needs to develop a policy/procedure document that includes all of the elements outlined in the code. Some of these feel silly, like identifying a “senior decision maker” (isn’t that why we have an organization chart and job descriptions already?), and some of them can be very burdensome for the QA team if we aren’t taking steps to keep the documentation lean. Let’s look at how we can include these point by point.

     

    2.1.5.1 A crisis management plan that is based on the understanding of known potential dangers (e.g., flood, drought, fire, tsunami, or other severe weather or regional events such as warfare or civil unrest) that can impact the site’s ability to deliver safe food, shall be documented by senior management outlining the methods and responsibility the site shall implement to cope with such a business crisis.

     

    The plan needs to give consideration to specific crisis that are reasonably foreseeable. Frankly, outside of some site or region-specific natural disasters (such as tsunami, tornado, ammonia leak), most of these will be the same for any company. I recommend identifying the following at minimum:

     

    • Fire

    • Structural failure from weather, flood, sabotage, accident.

    • Prolonged Power Loss

    • Food-based or biological terror attack

    • Epidemic

    • Civil Unrest or Domestic Terrorism

    • Source water contamination, boil notice, or no longer available

     

    These are all reasonably foreseeable in any location, and do a decent job of providing some categorical planning (e.g. prolonged power loss could be a secondary crisis to any of the above) to allow for the unforeseen stuff.

     

    i. A senior manager responsible for decision making, oversight and initiating actions arising from a crisis management incident;

     

    ii. The nomination and training of a crisis management team;

     

    viii. The responsibility for internal communications and communicating with authorities, external organizations and media.

     

    These sections of the code are more relevant to larger companies, which may have rotating “task forces” for these things like the HACCP Team, Recall Team, and Crisis team. In a small company, the final decision maker in all of these situations is generally going to be the lead person at the site (based on the organizational chart). The SQF practitioner is still going to be on all of the teams.

     

    As with all employee lists in documentation, I encourage the use of job descriptions rather than names so that they remain relevant with regular turnover. For this list, we can outline the responsibilities required in the code as well and knock out a few other requirements. For example:

     

    Crisis Management Team

     

    Posted Image

     

     

    In the event any of the above individuals is incapacitated or unavailable, their successor in the Job description or organizational chart will be trained on this procedure to stand in that role temporarily.

     

    SQF does not specify any particular training this team requires, so make sure they are trained on the procedure itself or that they participated in creating/modifying the plan (make sure to document).

     

    iii. The controls implemented to ensure a response does not compromise product safety;

     

    This is why the plan exists. Looking at the “foreseeable events” we identified above, think about the last one, “Source water contamination, boil notice, or no longer available”. If I was farming hydroponically in greenhouses and happened to be using municipal water, I may be immediately willing to use nearby irrigation sources in the event of a boil notice. However, without having ever investigated that water or ensured it didn’t present any new hazards in my food safety plan, that rapid response could compromise food safety.

     

    If, however, I had determined that the water source was acceptable with appropriate filtration in place, I could have those details outlined in my plan! For everything identified as reasonably foreseeable, determine what hazards are created, what actions would be needed to address them, and fleece them out to make sure there is a feasible plan in place in the event of a crisis.

     

    Posted Image

    So, if the response to a crisis changes our process flows or procedures, the crisis team needs to make sure the product remains safe in the new setup. Luckily, the SQF practitioner already has a method for evaluating hazards in a process, our hazard analysis. As part of the plan procedure, reference using the HACCP method to ensure response actions don’t compromise safety:

     

     

    “Before resuming production, conduct a hazard analysis for any response/recovery/repair that resulted in a process flow change and/or any new hazards that have been introduced to the facility due to the crisis to ensure safety of product.”

     

     

    iv. The measures to isolate and identify product affected by a response to a crisis;

     

     

    v.The measures taken to verify the acceptability of food prior to release;

     

    To keep this document under control, we need to use our golden rule and rely on systems we already put in place. Therefore, this document should reference the existing recall plan, corrective action procedures, product hold procedures, product release procedures, and hazard analysis, rather than rewrite them all.

     

    There is absolutely NO REASON to create a special, duplicated, or different corrective action procedure here. The quality team deals with non-conforming products and hazards every day, they should be approached using the same methods and documentation already in place.

     

    Make sure these references are clear, obvious, and appropriately notated so that procedures only need to be updated in one location whenever possible! It can be helpful to include a general statement regarding product disposition in the policy section prior to mentioning it in the step-by-step procedure (should be the first thing that happens after we made sure everyone is safe and we can all communicate). The reference can look something like this:

     

    “Product Evaluation and Disposition

     

    Any product either already produced or in production in the event of a crisis shall be identified, isolated, and evaluated for disposition using Corrective and Preventative action investigation procedures and the food safety plan. Product for which safety cannot be reasonably assured shall be isolated and recall procedures initiated as necessary.

     

     

    Product produced or released after a crisis response has been initiated shall be evaluated for disposition using corrective and preventative action investigation procedures. Product for which safety cannot be reasonably assured shall be isolated and recall procedures initiated as necessary. Should crisis response result in a process flow change, a new hazard analysis will be performed to evaluate the controls necessary to maintain product safety.”

     

     

    vi. The preparation and maintenance of a current crisis alert contact list, including supply chain customers

     

     

    vii. Sources of legal and expert advice; and

     

    This is a tricky one, again, the goal is to avoid duplicating anything in this plan that’s going to be reviewed annually anyway, but we really should make sure we know who to call when disaster strikes (the recall plan has similar needs).

     

    These lists may be in different locations, so make sure the plan explains how to access them as well as the employee/department responsible for maintaining them.

     

    For customers, we can use the contact lists the sales and customer service teams maintain. However, these lists to be producible during an audit. Grabbing the sales manager’s cell phone and explaining that “Dave J.” is the contact for a major grocery chain is not going to fly. This is a good one to aggressively test annually, especially if computer systems or key personnel are unavailable during the crisis. Where are the phone numbers/email addresses, can they be produced, are we pretty sure they all still work, and what will we do if they don’t?

     

    There needs to be similar contact lists for company staff, but those tend to be maintained by HR or office administration.

     

    The final contacts that need to be available are providers of essential services. This is a really helpful component of the plan, and one that’s very testable. Identify “essential functions” of the business and the appropriate contacts. Common ones are utilities, communications (phone and internet), government resources (police, FBI, USDA/FDA), insurance providers, legal advisors (this is in the code, put someone down, insurers usually have recommendations), and distribution partners; additional helpful contacts would be contract service providers for things like emergency refrigeration (maybe bring diesel refrigerated trucks on site), contractors for emergency building repair, and equipment maintenance.

     

    Here's an example of some essential function providers:

     

    Posted Image

     

    2.1.5.3 The crisis management plan shall be reviewed, tested and verified at least annually.

     

    2.1.5.4 Records of reviews of the crisis management plan shall be maintained.

     

    Just like with other major elements, it’s often the plan review that trips folks up. Unlike other policies that just need an “annual review” (a.k.a. read, modify, sign), this plan needs to be exercised using a mock scenario like the recall or food defense plans.

     

    Not going to lie. These are awkward. There are simple and helpful portions of the test, like making sure that all of the contacts are still current/relevant and the planned responses are still feasible. Detail those checks in the test documentation as it provides evidence a thorough review was conducted.

     

    However, auditors want a test with a mock incident. This entails coming up with a scenario, going through the procedure, using the contact lists, and basically conducting a roleplaying game of an incident. It can be fun…or it can feel silly. Depends on the group.

     

    My recommendation, pick a disaster that is very likely (no reason to do something crazy like volcanic eruption or pandemic…wait) and talk through the plan with the team. See if everything makes sense and do a hazard analysis on any changes that would need to take place. Structural damage is a good candidate. It’s easy to think about the existing facility and how to get up and running again while shielding product from the elements, having to evaluate the disposition of items that were in the building at the time, etc.

     

    (bonus, you can also highlight some needed maintenance and use it to demonstrate what the impact will be if that structure fails)

     

    Document the review by writing down a hazard analysis formatted like the food safety plan, the team’s ideas, and what resources would be need to be available (e.g. if the phones don’t work how to we contact our senior decision maker?). Use the crisis procedure as a guide and write down the team’s mock responses to each step.

     

    How will this be audited?

     

    This section of the code has been revised a lot, and will have various opinions attached to how it should look, so be prepared to explain the documentation and rationale at length. Once the specific elements of the code are checked off, the meat of the auditing fall most heavily under the management commitment and review umbrella. Auditors want to see that the team took it seriously and thought about how they will make sure food safety is maintained in a crisis, not just when it’s easy.

     

    Auditor red flags will go up if presented a plan that only has vague, generic crises like floods or fire, and that the tests are similarly non-specific (what part of the building was the fire in?). Other red flags will be any statements, both in the plan and spoken during the audit, that claim “we just wouldn’t produce” or “we would shut down”.

     

    Those aren’t appropriate responses because everyone knows better! If every crisis was so catastrophic that the business was immediately destroyed no one would need this plan. “We wouldn’t run” plans imply that the practitioner threw together a document to meet the requirement and didn’t use it as a tool for food safety or hazard analysis.

     

    The testing document needs to reflect a real consideration of an event, not just reading the procedure and signing. It’s not a hard and fast rule, but testing documentation that doesn’t include any plan revisions, corrective actions, or updates of any kind is going to be assumed to have been on paper only. If indeed the team found nothing to update or improve about the plan, document the crew’s thoughts and that conclusion, leaving no doubt that the test was thorough.

     

    The more the test documentation demonstrates that a group came together to fully consider a crisis, the better. While it can be done with a checklist (and at minimum the SQF elements should be reviewed), it will read much better as a narrative during the audit.

     

    Posted Image

     

    If an all-star team is 5 years in and stuck in a rut on a well-prepared plan, throw additional wrenches in the works! Make sure that flood takes out one of the raw material suppliers so that the team needs to find and approve a backup. Or select disasters that provide no government guidance (e.g. structural failures that affect specific areas of the building or transportation/logistics concerns from a strike). Remember that disasters that don’t happen INSIDE the facility will still affect it.

     

    2.1.5 is an extension of the food safety plan, an opportunity to take hazard analysis skills and make sure they can still be applied when things get crazy. Putting time and thought into these scenarios is a demonstration of management commitment; that the SQF system is not just “fair weather” guidance that goes out the window when times get tough, but that we’ve incorporated them into our company’s priorities and that they will remain so, even when everything is at risk.

     

    Right now, around the world, food manufacturers are learning to work within the new normal, a set of hazard considerations that they’ve probably never thought of that are affecting every single part of their business model.

     

    But here and there, there were trained SQF suppliers that were able to take a deep breath and say, “okay then, let’s execute the plan and get these products moving.”

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

    • Jun 29 2020 05:39 PM
    • by Simon
  2. SQF from Scratch: 2.1.4 Complaint Management

    2.1.4 Complaint Management

     

    Complaints happen. No matter how close to perfect a system may be, if the quantities are large enough, even the smallest of mistakes will ultimately reach customers. Thankfully, some of them will take the time to let us know.

     

    While it’s easy to see complaints as just a customer service issue, they also reveal the best opportunities to improve our quality system, both by showing where the problems are happening, and how much the customer cares about the defect. Our best systems will look for metrics while we still have control of the product, but when someone takes the time to pick up the phone or write an email, we need to make sure those individuals aren’t revealing larger problems that have escaped our attention.

     

    Posted Image

     

    The code:

     

    2.1.4 Complaint Management

     

    2.1.4.1 The methods and responsibility for handling and investigating the cause and resolution of complaints from customers and authorities, arising from products manufactured or handled on site, shall be documented and implemented.

     

    2.1.4.2 Trends of customer complaint data shall be investigated and analyzed by personnel knowledgeable about the incidents.

     

    2.1.4.3 Corrective action shall be implemented based on the seriousness of the incident and as outlined in 2.5.3.

     

    2.1.4.4 Records of customer complaints and their investigations shall be implemented.

     

    What’s the point? How is this making our product safer?

     

    Food manufacturing is different than making food at home. If you’re reading this article, you probably already know this. However, it’s not because it’s a business, is subject to regulations, or the products aren’t meals that are eaten immediately.

     

    It’s different because food manufacturers make so much more food than any individual is ever going to make in their lifetime. That means a mistake that might be rare in the home, such as breaking a glass, can become a common occurrence when handling thousands of glasses every day instead of one or two, even if we’re extra careful.

     

    It’s similar to thinking about the lottery. Buying the winning ticket is an uncommon thing, and no one should expect it to happen to them. However, one of the millions of tickets sold winning the lottery is a common occurrence, and should be expected.

     

    Responding to complaint feedback and recording it appropriately allows companies to identify trends that can be traced back to a specific issue.

     

    Posted Image

     

    In the worst-case scenario, practitioners play the role of epidemiologist, identifying a potential outbreak related to the product based on reported illness. Much more commonly, complaint analysis identifies a gap in the system or malfunctioning equipment. Maybe a piece of rubber gasket material that’s been slowing falling apart or a transport issue in the cold supply chain.

     

    Regardless of size or product, every company enjoys the benefit of 100% inspection when the products are finally opened and eaten by the consumer. Complaint management is how we can use that inspection step to verify that our intermittent sampling and inspection activities are doing their job.

     

    What am I being asked to do?

     

    Policy document

     

    To start, there needs to be a policy document in place that identifies the who and how the company responds to complaints and how to determine whether more action is needed. Generally, this will identify the SQF practitioner (or designee) as the one responsible for determining the seriousness of the complaint, and thus the seriousness of the response. This policy/procedure will also define what documentation is used and where it will be kept.

     

    Policy Example:

     

    I. POLICY

    • All complaints from customers or authorities that suggest or reflect a failure of product safety shall be entered into the complaint management system.
    • Any employee may log a complaint into the system, but only the SQF practitioner or designee can review and close a complaint investigation.
    • The SQF Practitioner or designee will use the complaint management system to analyze complaint data for trends, investigate potential root causes, and present data to management.
    • Complaints shall be considered valid and initiate investigations/corrective actions if:
      • There is enough information to determine where/how the defect may have occurred (e.g. what product, specific descriptions).
      • The customer can provide pictures of the affected products or ship them back.
      • A food safety or medical authority is involved.
      • The complaint is part of a trend or known issue.
      • The available information demonstrates the complaint is not a matter of consumer preference or incorrect handling of the product.
    • Complaint investigation and corrective actions shall be carried out in response to observed trends and seriousness of the complaint according to our corrective action procedure.
    Complaints need to be taken seriously…but what does that mean?

     

    Depending on the product, consumer suspicion can swing wildly from deeply distrustful to “that wouldn’t get me sick in a million years”. The code says the response should be proportionate to the complaint, and that evaluation criteria needs to be defined in the procedure (like in the above example).

     

    No matter what, make sure every complaint is logged for trending, but complaints alleging illness or injury require a more detailed response proportionate to the validity of the complaint. “My stomach hurt after eating your bacon” will demand a different quality of investigation than “my physician believes that this is salmonella, and your product (pictured here) appeared undercooked when I ate it 3 days prior.”

     

    The complaint record

     

    After creating a policy document defining who and how, we also need to include the what. Complaint documentation is going to be used by anyone at the company who might answer the phone and be subject to the wrath of the upset customer, so the form should be intuitive and flexible. Sometimes the only information available is an angry voicemail!

     

    Complaint record example:

     

    Posted Image

    This record includes all the information we might want to get regarding the product, it’s origins, contact info from the customer, and a way to show the review actions taken by the SQF practitioner (or designee). Keep in mind that the only action taken may have been to determine whether the complaint was valid and logged for trending, or that no other information was available.

     

    Keeping these forms will meet the requirements to have records of customer complaints and the review/actions taken (combined with corrective action records as needed).

     

    Trending

     

    Most public health agencies don’t consider something an outbreak until there are at least two unrelated cases (there are exceptions). So, when a complaint is received, how do we identify if it’s part of a trend or not? This is where the record created above is NOT useful, because a file cabinet full of complaint records does no good.

     

    Create a database of some kind that has the critical product information, so that the nature of the complaints can be categorized and presented to management.

     

    This database can be as simple as the date the complaint was received, the product and traceability info, and categorically what the issue was. Complaints of illness or injury should also be called out, as those are going to require more complete investigations.

     

    Posted Image

     

    For a video with detailed instructions on how to create a database like this in excel, click here.

     

    Once a database is made, use graphs and other reporting tools to watch for trends, or simply look at the data and document a narrative of relevant/actionable observations.

     

    Example graph trending by product:

     

    Posted Image

     

    Example trending by narrative:

     

    January 2020

     

    We received 12 complaints in January, most were feedback on the change in almond supplier (more loose skin pieces). However, there was one complaint of a found screw in the product that was determined to be valid. A brief search of our records shows one other screw found in November that looked the same. I have alerted maintenance and sent them the picture and they are examining the trail mix line to determine where the screws are coming from. Will update when we have closed the CAPA.

     

    After reviewing complaints for trends, include the graphs or narrative in a management report and document any observations/corrective actions/investigations that were initiated. Make sure to also close the loop on previous issues and document whether previous investigations/corrections were successful.

     

    For more on how to present complaint trends to management, see SQF From Scratch 2.1.3 Management Review.

     

    How will this be audited?

     

    This and similar programs tend to be audited in this order:

     

    1. Show the policy
    2. Show the records
    3. Show the management review
    4. Show the follow up

     

    The policy review is the strict code audit, is everything there represented in the procedure? Does it have the criteria for “validity” and “seriousness” of the complaint? Who reviews and how?

     

    Next are the records, are they complete, are they readily available, and do they provide useful information. Here it is still helpful to make sure the complaint database doesn’t get polluted with “customer service” type complaints (e.g. billing) as it makes it hard to review for problematic trends.

     

    Auditors will also typically ask for any complaints from authorities (e.g. public health) or complaints of illness specifically, as those will definitely need complete investigations and corrective actions attached. If those investigations are missing, it gives the impression that complaints are just recorded and brushed off as irrelevant or random, which is no good.

     

    Finally, the trending and management communication portion tends to trip up a lot of companies. Many of us cover these items in weekly or monthly meetings verbally, but there needs to be written documentation that these trends were reviewed and it was determined if action was necessary or not. If action was necessary, additional documentation needs to be readily available showing the corrective actions taken. This should fall under the corrective action procedures and be neatly summarized in the management review records.

     

    For a known issue, it can be easy to forget the follow up, or forget to tie it back to the original complaint. Make sure that the CA documentation is duplicated and attached to the complaint, or cross-references it in some other way (e.g. complaint number).

     

    For a smooth audit, identify in advance some recent complaints or complaint trends that were valid, have a complete investigation, and a happy ending. Don’t let an auditor go fishing through the entire complaint history looking for the one they think deserved more attention. Find one that’s relatively harmless, for example a packaging defect, and demonstrate the complete history of the investigation, resolution, and follow up. The goal is to give the auditor confidence that they can “check the box” and think, “yep, I saw all of these code elements in action from start to finish on a complaint that mattered.”

     

    Trivial documentation issues in other complaints will be less of a big deal if the company can demonstrate real and actionable response and follow through on an important one. As with any program audit, if the practitioner can demonstrate that the intent of the requirement is achieved and documented, it is much easier to glide through disagreements in language used or auditor documentation preferences.

     

    2.1.4 is a unique challenge because every facility is going to have a very different “portfolio” of customer complaints. Some are going to have complaints from industry customers in the know, reporting back specification failures and micro results; others will have complaints from concerned parents who report the product is a different color or clumping unusually. They key is to make sure this feedback is seen as valuable, and that we use trending tools to evaluate our system.

     

    Because while the odds of a winner are small, we sell a lot of lottery tickets every day.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

    • Jun 29 2020 05:42 PM
    • by Simon
  3. SQF from Scratch: 2.1.3 Management Review

    2.1.3 Management Review

     

    These first few elements established the relationship site management needs to have with the food safety system. SQF is not just an exercise for the practitioner.

     

    First, we had management identify that food safety is part of our business mission, not just something we have to do.

     

    Then, we made them put their money where their mouth is by designating an SQF practitioner and showing employees how the top levels of the company are ultimately responsible for that mission.

     

    Now, we need to make sure that long after we’ve created these policies, the people in charge are going to receive the information needed to uphold that responsibility every day, long after we’ve attained certification. We’re also going to make sure that this system stays alive, and doesn’t become a binder on the shelf that just gets whipped out when the auditor arrives, and no one at the company has any idea what’s inside.

     

    Posted Image

     

     

    The code:

     

    2.1.3 Management Review

     

    2.1.3.1 The senior site management shall be responsible for reviewing the SQF system and documenting the review procedure. Reviews shall include:

     

    i. The policy manual;

     

    ii. Internal and external audit findings;

     

    iii. Corrective actions and their investigations and resolution;

     

    iv. Customer complaints and their resolution and investigation;

     

    v. Hazard and risk management system; and

     

    vi. Follow-up action items from previous management review.
    2.1.3.2 The SQF practitioner(s) shall update senior site management on a (minimum) monthly basis on matters impacting the implementation and maintenance of the SQF system. The updates and management responses shall be documented. The SQF system in its entirety shall be reviewed at least annually.

     

    2.1.3.3 Food safety plans, good manufacturing practices, and other aspects of the SQF system shall be reviewed and updated as needed when any potential changes implemented have an impact on the site’s ability to deliver safe food.

     

    2.1.3.4 Records of all management reviews and updates shall be maintained.

     

    What’s the point? How is this making our product safer?

     

    “Oh my goodness”, you may think, “we have to review EVERYTHING at least once a YEAR?”

     

    Yes.

     

    I spend a lot of my time working with QA departments on making their systems more flexible, easier to maintain, and reduce overall paperwork because unnecessary clerical work hurts our ability to make safe food (even if it makes it look like we are).

     

    But that’s just it, we want to make systems that follow our golden rule, which means we use them and we integrate them. We review them constantly to make sure that nothing has become obsolete.

     

    We review them to make sure that they still make sense to our business.
    We review them to make sure the science is still holding up.

     

    We loosen requirements for things that are no longer an issue and tighten them for things that are affecting our customers.

     

    And an SQF practitioner who is ready to demonstrate how they attain food safety, not just provide a bunch of forms that say they do, needs to be an expert in their own policy manual.

     

    What’s the point of an SQF practitioner, not to mention a company point person for audits, if they don’t know their own systems backwards and forwards? Knowing how all of the pieces of the system connect together not only helps avoid creating redundant waste, it also shows where there are gaps.

     

    What am I being asked to do?

     

    So, what’s a review? It depends.

     

    Policy Manual and Hazard and risk management system (food safety plan)

     

    For a “policy manual”, a.k.a. the “register” of controlled policies, procedures, and food safety plan that make up the system; the review is of the system rather than its outputs.

     

    The review of a policy manual document (SOP, Policy, Procedure, Food Safety Plan) should entail:

    • A complete read-through by the SQF practitioner
    • The opportunity for stakeholders in the procedure to review or request any revisions
      • Note: Stakeholders change, not everyone needs to see the waste management SOP, but top levels do need to see the food safety plan
    • If no changes, documentation that the review actually took place.
    Note that if we’re talking about the food safety plan or product specifications, reviews aren’t going to just be scheduled annually; they’ll be prompted by new products, ingredients, suppliers, equipment, and facilities. “Annually” does not mean “once per year”, it means “no less than once per year”. This is specified in 2.1.3.3 but should be obvious to any company actually using its system. A food safety plan that doesn’t include the newest product line is a big red flag indicating that it isn’t used. This would be reflected as a non-conformance to 2.1.3 or 2.1.2 (if it didn’t just fall under the plan requirements).

     

    Depending on the company’s level of integration and support in the SQF system, those other stakeholders in the policy may not actually thoroughly review things. That’s not ideal but does not stop a practitioner from making helpful documents. As long as their own review is thorough and they audit whether those policies and procedures are actually followed, the documents stay alive and relevant.

    Posted Image

    Companies should never have something written down in the policy manual that doesn’t happen. Either it’s important enough that it actually needs to be done, or it doesn’t and it has no business being in the manual. Keeping something there just because an auditor may want to see it violates our golden rule:

     

    Never make systems to “pass audits”. Make systems that work for your company that help it make safer/higher quality products more efficiently.

     

    This can be very tough for some quality personnel to grasp, as they may have been in a quality environment where their performance is based on auditing or “making sure we follow the code”. That’s a management error. If there is a company issue where a policy requirement does not have good follow through or buy-in from other departments, it needs to be adopted or dropped. It turns out that when quality personnel spend time doing those tasks (usually by spending time in production), not just asking for them to be done, or when they have to actually draw lines in the sand for everything they specify in an SOP, those “auditable” things in documents tend to go away, making them better documents that support the most critical components.

     

    As each document is reviewed, the practitioner should ask and answer these questions:

    • Does this document still support it’s intended purpose?
    • Do we actually practice this document as written without exceptions?
    • Are any of the requirements/procedures obsolete?
    • Are any of the justifications obsolete?
    • Is new information available that should change how we do things (e.g. complaint trending, internal audits, industry changes)?
    Nothing in that review process is oriented around “meeting the code”. Reviewing is used to make sure that our documentation supports a system that produces safe food in the most efficient manner possible.

     

    Some auditors may disagree. That’s okay, their responsibilities are different than ours.

     

    Posted Image

     

    This doesn’t eliminate the reality that we need to make sure the SQF code is supported by our policy manual. Heck, that’s the entire point of this article series! So how to we get this taken care of?

     

    My recommendation is that practitioners conduct a separate, annual review using the SQF checklist. This review is the one everyone is more familiar with, but it’s less important than what we discussed above, where we review the efficacy of our systems rather than conformance to code.

     

    For this review, examine each individual clause in the code, and make sure it’s supported within all of the various documentation in the policy manual and records. This review does not need to include anyone but the audit team, and should be used as an opportunity to prepare for the audit. The intent is to make sure all of the elements are actually covered somewhere in the system. Not by copying and pasting them, but by showing that the company has incorporated them into their own policies and procedures.

     

    This review has the secondary benefit of documenting itself in an auditor friendly way (using the checklist). I like to use it as a training opportunity for backup auditors or folks wanting to learn the code better, and it can be run like a mock/practice audit.

     

    Documenting policy manual reviews

     

    Documentation can be extremely varied, but it’s important to make sure that time is only spent recording information that may be helpful in the future, avoiding documentation for documentation’s sake.

     

    Proof of review of a policy can be accomplished in several common ways:

     

    1. The classic revision table at the end of the document

     

    Posted Image

     

    Simple, to prove things are reviewed, just put it in the document itself. This is super common, but somewhat cumbersome. In this setup, in order to verify that every document has been reviewed, every document needs to be inspected. Further, this table is just one more place where errors can occur when new revisions are created (woops, forgot to add the changes!).

     

    2. The review coversheet

     

    Posted Image

     

    Some organizations get a step closer and think, “Our pest control policy is good to go, so why go through the effort of issuing a new revision? Let’s document that everyone took a look at it and keep that on file instead!”. It’s not bad, but if we’re documenting something with everyone’s signature on it already, all we’ve done is created two documents that need to be archived, the SOP’s and the reviews. Plus, if changes WERE made, the same amount of work needs to be done, but now it requires two sets of signatures instead of one. Seasoned document controllers know that the time it takes to issue new revisions is not consumed by the editing time, but trying to get all of the approvals.

     

    3. New revisions & the review database

     

    Posted Image

     

     

     

     

     

    Posted Image

    A lean solution to making sure you keep your documents clean and recently reviewed is to simply have your SOP’s make the rounds for signatures annually, even if they contain no changes. The same stakeholders need to approve them again, no problems there, you don’t need to update the revision number if you don’t want or need to, since the signatures will have dates indicating a recent review. To document changes made (if needed), keep a separate database or file where you can sort for any document and pull up the history of changes at any time. Boom, documentation that’s organized for your use. We can also be detailed and keep all old revision information without taking up additional pages on each policy.

     

    This is going to cover most of our review documentation needs. As far as timing, going by previous approval dates reviews should naturally happen on a rolling schedule. This makes sense from a business practicality stand point, but occasionally auditors will get fixated on the statement in 2.1.3.2, “The SQF system in its entirety shall be reviewed at least annually,” and expect some sort of master review that happens once a year. This is worth arguing over since a simultaneous review of everything is both impractical and supports the idea that we shouldn’t ALWAYS be reviewing these policies. However, if you did do the SQF checklist review with your audit team, you can show it to the auditor and be done with it.

     

    Audit findings, corrective actions, complaints, investigations, follow up items

     

    This group of materials to review are the outputs of your system. Like we discussed above, the point of this clause is to make sure that management has the information necessary to support the food safety mission and allocate resources accordingly. This means that critical information from the QA teams needs to be presented to them, at a minimum monthly.

     

    Often management teams meet more often, which is excellent! The tricky non-conformance catch here tends to be due to the lack of documentation of these meetings. Not every meeting has or needs minutes, especially if your QA update is something as simple as “no complaints or issues this week”. Taking the time to write up minutes that cover every word of 2.1.3 is tedious and cumbersome.

     

    Any time we use our scarce minutes or hours to put something together, just so it can be reviewed in seconds by an auditor, it had better be useful to the company and its food safety systems. AKA it should follow our golden rule.
    Instead of documenting every individual meeting with management) where multiple topics are discussed and actions are often delegated to other levels), put together a monthly digest of pertinent QA information and distribute it to ANY stakeholder that would be interested. Here’s an example of what such a review could look like:

     

    Posted Image

     

    Compared to how I usually coach documentation, this one does take some time to put together, especially if individual programs don’t have a lot of automated or simple reporting built in. However, it’s a crazy valuable tool to meet a TON of documentation/communication requirements in the code (across multiple elements, thus consolidating paperwork), and it’s very helpful to communicate not only what’s going on in quality to multiple teams, but also the value the quality team is adding to the company.

     

    Sometimes QA works in the background and has a hard time demonstrating that work is being done, this report is a communication tool to show the value QA personnel are adding to the facility in a real way. This leads to better buy in and understanding from other departments. Heck, paper copies can be provided to the entire production floor or have portions shown in a breakroom posting for anyone interested.

     

    How this form is constructed is entirely up to each company, as the focus areas are going to change based on challenges and product categories. If other system outputs (like complaint tracking) already have good databases for trending and reporting, it can be incredibly quick to put together. The key is to keep it simple for a lay audience. It isn’t an internal QA document, it’s for the CEO, plant manager, marketing manager, or whomever to understand what QA is currently doing to make the products safer and higher quality.

     

    The review procedure

     

    We do need to document how these reviews are intended to be performed. But it doesn’t need to be extremely explicit as long as we can, as always, demonstrate that it’s happening. I’ll typically have an SOP called “internal audit” which is intended to cover the policy portions of 2.5.5. In that SOP, I’ll specify the creation of the monthly report outlined above.

     

    Example:

     

    1. Management Updates

     

    a. Every 30-40 days, senior management shall receive an “Monthly Quality Update” that covers matters impacting the implementation and maintenance of the SQF system.

     

    That’s all you need! When crafting the policy it is not necessary to copy the language of the code as long as the monthly update includes all of the information the code requires (like in the above example).

     

    For policy and procedure reviews, I’ll typically include this policy in my document organization/control SOP that supports the recordkeeping and review requirements of section 2.2. I’ll include a tidbit like this one:

     

    1. Review procedure:

     

    a. SOPs shall be routed for revisions/review at least annually.

     

    How will this be audited?

     

    At a minimum, as the auditor goes through each of the policies and procedures, they’re going to look for a document revision change or review within the last 12 months. It’s often not a big deal if one or two are “out of date” by a month or so, especially if a draft is making the rounds. However, if all of them are in that window, it demonstrates that reviews are only taking place around the audit, which doesn’t look great.

     

    Reasons for changes need to be available, but are typically only looked at critically when they are justifications for changing requirements or specifications. E.g. if you started to clean something only every 48 hours instead of 24, that’s a change that needs justification documented.

     

    Changes to process flows or other aspects of the food safety plan will need to have new validations etc. in place to justify the change. If they’re missing this, it often becomes a non-conformance in 2.4.3. But if it’s a matter of there being no record of the new product line getting an analysis at all, it technically would fall under management review. The first example is a failure to follow HACCP principals, the second is a lack of review to make sure the food safety plan stays relevant.

     

    Auditors will seek evidence that management updates turn into actions. If the monthly reports have been getting done, they should also include corrective actions and changes driven by management in response to previous versions of the report. This is a tricky auditing nuance, because auditors love lists and columns. They want to see a form that has: finding, response, who’s responsible, timeframe, time completed, issue closed.

     

    You don’t have to do this again and again on paper, and you shouldn’t. Continuous improvement is just that, continuous. The documentation exists if they’re consistently included in the reports, and the practitioner needs to be able to guide the auditor through the narrative.

     

    Have one or two solid examples ready for the audit. If there was an increase in complaints for labels falling off products, show the progression of that in the monthly updates!

    • One month showed a complaint increase and an investigation.
    • The next month a corrective action.
    • The next month shows a note that QA implemented the new supplier/quality check/machine/whatever that was needed.
    • The next month shows how the complaints trended down.
    This is a process of ongoing communication, but it is on the practitioner to demonstrate to the auditor how that works in your facility, not create yet another form to summarize it for the auditor. Again, practitioners need to know their own system well enough to demonstrate that it meets the code, not tailor it for ease of audit.

     

    If you can’t think of examples, you’re either not giving yourself enough credit for the improvements you’ve made, or your company is not continuously improving. Usually it’s the former.

     

    2.1.3 does one thing effectively. It demonstrates whether a bunch of documents were created solely to get the SQF certification and keep it, or if SQF elements were integrated into the quality system. Companies who do not meet the elements of 2.1.3 have the following characteristics:

    • Only the SQF practitioner knows where the policies are
    • Only the SQF practitioner can lead an audit
    • The food safety plan hasn’t changed since it was made
    • Management has no idea what QA does day to day
    • SOP’s contain procedures that aren’t followed and forms that aren’t used (the binder is bloated)
    • SQF practitioners don’t remember what all their procedures are during the audit, or perhaps where to find them
    If an element of the system has not changed, it should be challenged to make sure it still holds up.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

    • Jun 29 2020 05:44 PM
    • by Simon
  4. SQF from Scratch: 2.1.2 Management Responsibility

    Remember, the goal is not “Audit ready 365”, it’s to know that our facility embraces globally recognized best practices to maintain food safety. Because of this, as we dive into each element, we must always remember the quality management system golden rule: Never make systems to “pass audits”. Make systems that work for your company that help it make safer/higher quality products more efficiently.

     

    2.1.2 Management Responsibility

     

    Following right up on commitment. In addition to identifying our mission of food safety, we also need to determine who will be held accountable for that mission. Where does the buck stop? How are we going to make sure that our new commitment to food safety isn’t just a plaque on the wall, but is a living, breathing (and costly) endeavor?
    Some things will be a paperwork exercise, sure, after all everything important happens on paper. But we also need evidence that we have used the time and resources necessary to make sure that competent people, with the right expertise, are making our food safety plan a reality.

     

    The code:

     

    2.1.2 Management Responsibility

     

    2.1.2.1 The reporting structure describing those who have responsibility for food safety shall be identified and communicated within the site.

     

    2.1.2.2 The senior site management shall make provision to ensure food safety practices and all applicable requirements of the SQF System are adopted and maintained.

     

    2.1.2.3 The senior site management shall ensure adequate resources are available to achieve food safety objectives and support the development, implementation, maintenance, and ongoing improvement of the SQF System.

     

    2.1.2.4 Senior site management shall designate an SQF practitioner for each site with responsibility and authority to:

     

    i. Oversee the development, implementation, review, and maintenance of the SQF System, including food safety fundamentals outlined in 2.4.2, and the food safety plan outlined in 2.4.3.

    ii. Take appropriate action to ensure the integrity of the SQF system; and

    iii. Communicate to relevant personnel all information essential to ensure the effective implementation and maintenance of the SQF System.

     

    2.1.2.5 The SQF practitioner shall:

     

    i. Be employed by the site as a company employee on a full-time basis;

    ii. Hold a position of responsibility in relation to the management of the site’s SQF System;
    iii. Have completed a HACCP training course;
    iv. Be competent to implement and maintain HACCP based food safety plans; and
    v. Have an understanding of the SQF Food Safety Code and the requirements to implement and maintain SQF System relevant to the site’s scope of certification.

     

    2.1.2.6 Senior site management shall ensure the training needs of the site are resourced, implemented, and meet the requirements outlined in system elements, 2.9, and that site personnel have met the required competencies to carry out those functions affecting the legality and safety of food products.

     

    2.1.2.7 Senior site management shall ensure that all staff are informed of their food safety and regulatory responsibilities, are aware of their role in meeting the requirements of the SQF food safety code, and are informed of their responsibility to report food safety problems to personnel with authority to initiate action.

     

    2.1.2.8 Job descriptions for those responsible for food safety shall be documented and include provision to cover for the absence of key personnel.

     

    2.1.2.9 Senior site management shall establish processes to improve the effectiveness of the SQF System to demonstrate continuous improvement

     

    2.1.2.10 Senior site management shall ensure the integrity and continued operation of the food safety system in the event of organizational or personnel changes within the company or associated facilities.

     

    2.1.2.11 Senior site management shall designate defined blackout periods that prevent unannounced re-certification audits from occurring out of season or when the site is not operating for legitimate business reasons. The list of blackout dates and their justification shall be submitted to the certification body a minimum of one (1) month before the sixty (60) day re-certification window for the agreed up on unannounced audit.

     

    What’s the point? How is this making our product safer?
    If you follow companies who either have large outbreaks or legal action, a common thread tends to be that company representatives blame a lack of information or appreciation for the details necessary to make good food safety risk management decisions. They respond to regulators with their hands up in the air saying things like:

    This stuff is hard to do, and just as important as being willing and capable to learn the details is knowing when you may not have them all. In smaller companies, where capable people in other roles are moved into food safety roles, there can be issues with knowledge gaps. 2.1.2 establishes the need to make sure you have proper expertise on site, and that everyone is made aware of the decisions being made so that accountability is shared.

     

    What am I being asked to do?

     

    This one’s a pretty stout element with a lot of details, so let’s break it down line by line.

     

    2.1.2.1 The reporting structure describing those who have responsibility for food safety shall be identified and communicated within the site.

     

    Your business probably already has an organizational chart showing reporting structure, so this one is nearly done! What SQF wants to see is that you know who is responsible for food safety.

     

    It’s not just the Manager or SQF practitioner!

     

    Food safety responsibility mostly falls on the production floor. Floor employees need to know they are the first and most important element in this system. After that, they need to know who’s head to go over when they have a food safety concern. Identifying this in your reporting structure can happen in a variety of ways. My favorite is placing it directly in the org chart.

     

    If you need an org chart, there are a million different tools to make one. I typically recommend one in particular, since most employers already have it on site and it’s a surprisingly powerful tool, Microsoft PowerPoint.

     

    Despite there being a dedicated flowchart tool in Microsoft Visio, that’s another license to buy for every user that needs access. Dynamic flowchart shapes are available in PowerPoint with many of the same controls, and PowerPoint generates vector images that can be printed clearly in any size.

     

    You can find the flowchart tools when you go to “shapes” on the insert ribbon.

     

    Posted Image

     

    The connector arrows once connected to flowchart shapes will stay connected when moved around or resized, just like Visio, all you need to do now is fill in the names and titles like this example below:

     

    Posted Image

    Now how can we identify those with responsibility for food safety? Simply add a qualifier of some kind, like a color or a code to the applicable portions of the chart. I’ve used both in the example below (remember you only need one!):

     

    Posted Image

    There, now it exists, but still must be “communicated throughout the site”. You can post it somewhere like an employee notice/safety board, or make it a controlled document and include it with your regular training and employee resources. The end goal being that your employees know where to find it in case they need to run something up the ladder.

     

    2.1.2.2 The senior site management shall make provision to ensure food safety practices and all applicable requirements of the SQF System are adopted and maintained.

     

    This one feels a bit redundant; it’s going to be supported by later portions of the code, particularly training and internal audits. There’s no specific action here other than showing evidence of implementing and enforcing food safety practices. We can move on.

    2.1.2.3 The senior site management shall ensure adequate resources are available to achieve food safety objectives and support the development, implementation, maintenance, and ongoing improvement of the SQF System.

     

    Again, this portion of the code doesn’t require a specific form or policy to be in place. It’s going to be audited throughout the entire system. If things are out of repair, not being improved, or otherwise not happening due to time or cost constraints, it becomes evidence that 2.1.2.3 has not been supported.

     

    2.1.2.4 Senior site management shall designate an SQF practitioner for each site with responsibility and authority to:


    i. Oversee the development, implementation, review, and maintenance of the SQF System, including food safety fundamentals outlined in 2.4.2, and the food safety plan outlined in 2.4.3.
    ii. Take appropriate action to ensure the integrity of the SQF system; and
    iii. Communicate to relevant personnel all information essential to ensure the effective implementation and maintenance of the SQF System.

     

    Here we are, the SQF practitioner. You must designate, either on your organization chart or in a job description, the individual(s) who is(are) ultimately responsible for the effective implementation of the system. This can be the CEO, a dedicated quality role, or anyone that makes sense for the company size and structure, but they need in their job description both the assigned role of SQF practitioner, and the authority to do it effectively.

     

    Here’s an example of how to integrate assignment of a practitioner into a job description, my preferred method since these descriptions need to be made regardless:

     

    Posted Image

     

    Other ways to designate are to include the designee in the management commitment statement, or identify them on the organization chart similarly to how we selected individuals responsible for food safety. The point is that a specified individual was chosen, they have sufficient authority, and other employees know who they are.

     

    2.1.2.5 The SQF practitioner shall:


    i. Be employed by the site as a company employee on a full-time basis;
    ii. Hold a position of responsibility in relation to the management of the site’s SQF System;
    iii. Have completed a HACCP training course;
    iv. Be competent to implement and maintain HACCP based food safety plans; and
    v. Have an understanding of the SQF Food Safety Code and the requirements to implement and maintain SQF System relevant to the site’s scope of certification.

     

    Here we’ve reiterated the basic requirements of a practitioner, but also provided some additional detail on what needs to be on file. As above, first and foremost the SQF Practitioner needs to be a paid employee with sufficient authority to get things done in the production areas. No interns, no offsite sales representatives, no lawyers on retainer.

     

    A HACCP training course is required (specifically CODEX HACCP, not an FDA juice HACCP, seafood HACCP, and NOT Preventive Controls Qualified Individuals classes, though if you’re in the US those will be required for regulatory compliance reasons). Note that no where in the code or guidance does SQF use the term “certified”.

     

    A personal pet peeve of mine is inappropriate use of the word certified. Certified means that some sort of organization determined that you met their standards and said you can call yourself certified. Therefore, if you want to take my class about HACCP under Fur, Farm, and Fork’s standards, I can call you “certified” under the FF&F standard for HACCP.

    Posted Image

    Certifications are only meaningful based on the granting organization, if someone claims they’re “certified” anything, the key question to ask is “according to whom?” It’s similar to saying something was “published”. As much as I’d like to claim everything “published” on furfarmandfork.com holds the same weight as something published in “science”, unfortunately that’s not the case.
    SQF makes no requirements what “standard” of HACCP training is needed, other than training needs to exist on paper. Therefore, as an example you could take IFSQN’s compact, inexpensive, 4 hour class. By doing so, you’ve met the written requirements of the code and you even have a certificate to show an auditor when they ask. Done and done.

     

    Anything demanded other than “HACCP training was provided and documented” is not code but auditor preference. However, when preference becomes a fight it may not be worth starting to argue early in the audit. Besides, additional training isn’t a bad thing. One industry gold standard for HACCP training is a workshop type HACCP class that incorporates at least 16 hours of classroom time, and is accredited by an organization with some recognized weight such as the international HACCP alliance.

     

    Many certifying bodies sell HACCP training/certification services, feel free to take advantage, but remember that the code does not require anyone’s specific training (despite what salespeople say). Of course, you won’t be able to support the efficacy of the training you received if your HACCP plan isn’t up to snuff, which is why the code follows up the training requirement with “Be competent to implement and maintain HACCP based food safety plans”.

     

    The evidence that the training was effective will be in the plan. If the plan does not include monitoring and verification of critical control points, and you have no idea that it’s incomplete, that’s nonconformance with 2.1.2.5. You demonstrated that the practitioner does not have the required competency to make a functional plan, and it may have been because they didn’t have effective HACCP training.

     

    Finally, SQF basically says that the SQF practitioner needs to know the code well enough to implement it. Again, this can be accomplished through either training, experience, consultant help, or personal study, but it will be evaluated during the audit based on how many times you say “I didn’t know that was in the code”. So, do whatever is necessary to know this stuff; If you’re reading this blog series, you’re on the right track 😉.

     

    2.1.2.6 Senior site management shall ensure the training needs of the site are resourced, implemented, and meet the requirements outlined in system elements, 2.9, and that site personnel have met the required competencies to carry out those functions affecting the legality and safety of food products.

     

    Again, this is reiterating that the training requirements we’ll go into detail on later have evidence that they’re effective, no specific action here other than showing that the auditor is looking for competence, not just paperwork exercises.

     

    2.1.2.7 Senior site management shall ensure that all staff are informed of their food safety and regulatory responsibilities, are aware of their role in meeting the requirements of the SQF food safety code, and are informed of their responsibility to report food safety problems to personnel with authority to initiate action.

     

    The first portion of this is again going to be based on employee interview, knowledge, and demonstrated competency during the audit. However, hidden in this clause is an obvious but not always written requirement that “employees are informed of their responsibility to report food safety problems”.

     

    This can be embedded in the management commitment statements, an employee “day one” SOP, or other training tool. But an employee on the floor needs to be able to say they know that they need to report when something has gone wrong and that they have the support and authority to do so.

     

    Keeping it simple: this reporting method can be as simple as “report to supervisor as soon as condition is observed”. But this reporting method needs to be actually written down and documented in a trained policy or procedure.

     

    The culture change necessary to make consistent reporting a reality is hard, but the demonstrated training portion is easy. When training employees on the basics on day one like when to wash hands, PPE, etc., include a responsibility to report food safety problems.

     

    2.1.2.8 Job descriptions for those responsible for food safety shall be documented and include provision to cover for the absence of key personnel.

     

    Everyone identified as personnel responsible for food safety in the org chart needs a job description, and that job description specifically needs to call out that they have a responsibility to food safety. But, there’s no requirements about formatting, content, etc. except one.
    In general, when approaching required paperwork for SQF, if they’re mandatory, make them useful to your business. Work with the HR team to generate job descriptions that clarify responsibilities and competencies for employees in key roles and use it for performance accountability. I’ve got a template below of a bare bones description that I’ve found useful.
    There is that one specific requirement for “provision to cover for the absence of key personnel.” Key here is that SQF wants to make sure that food safety isn’t dependent on the practitioner being on vacation, but that the company maintains both standards and tools (e.g. can’t stop verifying thermometers just because the lab tech is out) rather than just placing it all contingent on one person’s presence.

     

    Why I don’t like this provision is that it requires it to be written into the job descriptions. Job descriptions aren’t usually very “live” documents, and making (SQF) certified suppliers document this specific provision in a specific place is burdensome. In my humble opinion, this should be audited similar to other responsibility provisions in that the proof will be in actual demonstration of the coverage. Instead it becomes a checkbox on the audit list, making this is a very common non-conformance when suppliers don’t follow the code and place it exactly where it’s supposed to be in the paperwork.

     

    So, the most audit-proof way to meet this requirement I’ve found is to take the code very literally, and add a “coverage in absence” line to your job descriptions.

    Posted Image

    Alternatively, you might be able to get away with a more general statement that relies on your org chart. Instead write “Coverage in absence: Direct supervisor (see organization chart)”. This would be pretty solid, defensible, and per the code technically written into the job description. You only run into trouble if for some reason coverage isn’t actually provided by a supervisor but by a subordinate. For example, a lab manager may do all of the micro CoA review, but when they’re out a senior technician may cover that task for a week. So be careful with that one.

     

    2.1.2.9 Senior site management shall establish processes to improve the effectiveness of the SQF System to demonstrate continuous improvement.
    Once again, this will be demonstrated through internal audit and management review systems to be discussed further.

     

    2.1.2.10 Senior site management shall ensure the integrity and continued operation of the food safety system in the event of organizational or personnel changes within the company or associated facilities.

     

    Basically, if an SQF practitioner gets laid off or goes on leave, is everything going to fall apart? This is another one that will be demonstrated via observation during the audit. If things have fallen through the cracks that are normally done (supplier review, internal auditing, reporting, verification tasks) and the excuse is that there was an organizational change, that’s a problem under this clause. Doesn’t matter if you just moved into a new building or got a new boss, the standards are supposed to continue to be met.

     

    2.1.2.11 Senior site management shall designate defined blackout periods that prevent unannounced re-certification audits from occurring out of season or when the site is not operating for legitimate business reasons. The list of blackout dates and their justification shall be submitted to the certification body a minimum of one (1) month before the sixty (60) day re-certification window for the agreed up on unannounced audit.

     

    Basically, SQF has no interest in auditing a seasonal facility that is not producing anything that month. Alternatively, if the facility only operates Mon-Thus. Then SQF doesn’t want to pop in unannounced on a Friday and find nobody there. On years with unannounced audits, communicate with the certifying body regarding what days are actually going to be worth visiting.
    As a bonus, you can also try to specify blackouts like planned vacations for key personnel or your SQF practitioner(s). While the SQF system needs to be maintained when those people are out, Audits are a different situation that does not require everyday coverage. There’s an expectation that the system is maintained, but certain folks will be able to explain the system in its entirety during an audit that others will not. I’ve had good luck with CB’s when blacking these out, provided it doesn’t defeat the purpose of an unannounced audit by blocking out the majority of the window.

     

    How will this be audited?
    SQF guidance tells auditors to be patient when gauging compliance with 2.1.2, as it’s the proof that the system isn’t just a pile of SOP’s and verification records. It can take time to tease that out of a company that knows how to “pencil whip” an audit.
    There are some items that will be reviewed at the desk: job descriptions, HACCP training proof, maybe the resume of the SQF practitioner, and organization charts. But the majority of this clause is just saying “we made you do all of this stuff…are you actually doing it even when it’s hard?”

    • A leaky roof or broken floor that’s been there for 2 years of audits is evidence that the business has not been allocating sufficient resources to maintenance.
    • A team that has no idea that they are supposed to be monitoring a critical control point to keep the food safe is not one that was actually trained well.
    • A vacant microbiologist position combined with raw materials no longer being tested on site is evidence that the company has not provided for coverage and the system fails when individuals are absent.
    • A HACCP plan that doesn’t have a process flow for a product launched last month is not being reviewed or updated enough to support food safety in the plant.
    • Not having FSMA requirements in place is evidence that staff are not keeping up with new regulatory requirements and implementing them.
    • A sanitation schedule that says “clean once a day” but records show days are skipped when we “get busy” or too many people call in sick is evidence that the SQF practitioner does not have sufficient authority to implement the plan.
    • Microbiologists were no longer using the paddle blender because they didn’t like waiting for it to finish, signing off one procedure and doing another is evidence of ineffective training and lack of competence for the role.
    • An SQF practitioner that is expected to maintain the system while also performing all front desk, office management, freight scheduling, product testing, production scheduling, and outside sales support; didn’t update the old SOP’s potentially because they have not been allocated the time to do the job properly.
    During the paperwork review, as always be cautious of auditors who may dislike the system used, not doing “what they’ve seen at other plants” does not mean it isn’t in compliance. Always bring it back to the code and identify when a format or statement is actually required or not.

     

    In the plant, while inspecting the line and problems are noted, if you are already aware of them with a plan in place to fix, sharing it demonstrates planned improvement and resource allocation, even if occasionally an auditor with no company responsibility may disagree with the timeline.

     

    In a real business environment, not everything can be fixed right away. But you can demonstrate management responsibility by providing a plan, with deadlines, and how you will mitigate risk until the fix happens. Continuous improvement is not immediate improvement, show what you’ve fixed so far to demonstrate your commitment, and you will give the auditor confidence that the things they see will be fixed according to plan as well.

     

    2.1.2 takes management commitment and calls the bluff. It starts with creating a system and providing resources so that the code can be upheld no matter what, and ends with a competent practitioner that keeps it on track and makes sure the company is never “surprised” by gaps in their system. SQF practitioners should demonstrate command of their own system and facility, with its weaknesses already known and highlighted for future improvements.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

    • Jan 12 2020 07:21 PM
    • by Simon
  5. SQF from Scratch: 2.1 Management Commitment, 2.1.1 Food Safety Policy

    Remember, the goal is not “Audit ready 365”, it’s to know that our facility embraces globally recognized best practices to maintain food safety. Because of this, as we dive into each element, we must always remember the quality management system golden rule: Never make systems to “pass audits”. Make systems that work for your company that help it make safer/higher quality products more efficiently.

     

    2.1 Management Commitment

     

    Management commitment is the pre-requisite to company culture. Whether talking about safety culture, lean culture, continuous improvement culture, anti-discriminatory culture, ethical business culture, or food safety culture, company direction and leadership begins with those holding the purse strings at the top.

     

    The fact that this is our FIRST element is not a mistake, it’s an acknowledgement that this process will have no legs if it is not supported by those in control of the business. SQF has taken the same approach that successful safety, lean, and corporate responsibility initiatives have, wherein you begin with missions and core values that provide a compass for company priorities, especially when you get stuck back in the day-to-day.

     

    The code:

     

    2.1 Management Commitment

     

    2.1.1 Food Safety Policy (Mandatory)

     

    2.1.1.1 Senior site management shall prepare and implement a policy statement that outlines as a minimum the:
    i. The site's commitment to supply safe food;
    ii. Methods used to comply with its customer and regulatory requirements and continually improve its food safety management system; and
    iii. The site's commitment to establish and review food safety objectives.

     

    2.1.1.2 The policy statement shall be:
    i. Signed by senior site management;
    ii. Made available in language understood by all staff;
    iii. Displayed in a prominent position; and
    iv. Effectively communicated to all staff

     

    What’s the point? How is this making our product safer?

     

    Food safety procedure is what we tend to think of when we consider GFSI certification, a.k.a. all the stuff we should/need to get done. But each element of the code begins with “policy”; we’re asked to define our values as a company, from which our actions and priorities will follow.

     

    SQF doesn’t begin the code with with any specific rule or task, but by asking us as an organization to establish food safety as part of our company’s core values. Not just a series of forms or tasks to be completed, but a wholistic view that when we strategize and determine the direction our business will take, food safety is going to be just as much a part of that discussion as finance.

     

    Accepting and committing to food safety as a senior management value empowers departments, teams, and individuals to also treat food safety as a priority in their work. It shows all levels of the organization that GFSI certification isn’t just a pile of requirements, but a representation of what leadership is going to look for when they identify high performers and reliable employees.

     

    What am I being asked to do?

     

    You need a sort of company values/mission statement style document, you need the top representatives at your company site to review and sign it, and it needs to be posted and visible to your workforce.

     

    Ideally, take some time to work with management to make something unique to your company. Maybe it’s formed on customer issues in the past, or ties into your existing mission statement. At the end of the day, there are some specifics that you, the SQF practitioner, are going to want to stick in there. Our standard approach is going to be taking the code line by line and making sure that language is represented or even mirrored in our documentation.


    Posted Image

     

    Whenever SQF asks for a policy, you have two objectives. First, that the people who are leaders supporting the policy know and embrace it. Second, that you have included language clear enough that you can defend your policy to an auditor who may just be using the code to “tick the box”. Below is an example policy that simply parrots the actual code. This will work very well in an audit but is not tailored specific to any particular company. Ideally your policy will reference your specific products and challenges.

     

    I. Policy
    a. [Company Name] is committed to manufacturing foods that are safe and compliant with both our customer and regulatory requirements. We will do this by:
    i. Ensuring that adequate resources are available to support the continuous improvement of our food safety management system.
    ii. Establishing and reviewing food safety objectives with senior site management.
    iii. Ensuring we remain informed in new regulatory updates, customer requirements, or new technologies that support the mission of safe food.

     

    To make this available, stick it into your SOP’s and maybe regular training. But it’s common (therefore expected by auditors) that it’s incorporated into signage. A simple way to do this is to build a sign in Microsoft PowerPoint (which will create a vector image that will scale indefinitely with size and still print well), then use a local print shop to print a laminated sign (or order a fancier sign if you prefer).

     

    Posted Image

     

    Get that somewhere visible for all staff and you’re good to go!

     

    How will this be audited?

     

    Auditors are going to look at the document, how it’s made available to your staff, and whether anyone on your production floor knows what it is and where to find it. If they talk to several new temps who say, “no idea, I was just put out on the line”, that’s going to be a potential issue. For the most part, effective implementation and evidence of management commitment is going to be more covered by 2.1.2 Management Responsibility.

     

    Typically points of contention will be when auditors disagree with the language in your policy, that’s fine as long as you can defend it! Make sure your policy obviously covers all the components identified in the code, and don’t worry about an auditor who wants to go after semantics. It isn’t law if an auditor claims “you didn’t say continuously improve” when your statement says, “our system is going to be flexible and achieve the highest quality possible to support our customers”. OF COURSE that means you’re going to review and improve it! Back it up with evidence that you actually do and feel free to let the auditor grouse about how they would have written something different.

     

    It’s not their company, their liability, its yours. And the opinion of a single audit should not change the way your entire facility communicates its food safety values from the top the other 364 days of the year. Modifying your mission statement based on auditor preference violates our golden rule.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

  6. GFSI Announce Consultation for SQF Scope Extension for Storage and Distribution

    GFSI are inviting stakeholders to comment on the thorough process that SQF, the Benchmark Committee Leader and the Benchmark Committee Members have been involved in over the past months.

     

    The SQF scope extension benchmarking process consisted of:

    • 2 desktop reviews and corresponding responses from SQF providing the required information.
    • A review of the SQF response by the Benchmark Committee Members.
    The extension of scope Benchmarking Application is open for a consultation until 8th December 2014.

     

    Download the benchmarking summary report and send any comments on the benchmarking form to Adria Bryan at a.bryan@theconsumergoodsforum.com.

     

    About SQF:

     

    The SQF Code is a process and product certification standard. It is a Hazard Analysis Critical Control Points (HACCP)-based food safety and quality management system that utilizes the National Advisory Committee on Microbiological Criteria for Food (NACMCF) and the CODEX Alimentarius Commission HACCP principles and guidelines, and is intended to support industry or company branded product and to offer benefits to suppliers and their customers. Certifications under the SQF Code retain a high degree of acceptance in global markets.

     

    Edition 7 of the SQF Code was redesigned in 2012 for use by all sectors of the food industry from primary production to transport and distribution. It replaced the SQF 2000 Code edition 6 and the SQF 1000 Code edition 5.

     

    About GFSI:

     

    The Global Food Safety Initiative (GFSI) is a business-driven initiative for the continuous improvement of food safety management systems to ensure confidence in the delivery of safe food to consumers worldwide. GFSI was launched in 2000 following a number of food safety crises when consumer confidence was at an all-time low. Its collaborative approach to food safety brings together international food safety experts from the entire food supply chain at technical working group and stakeholder meetings, conferences and regional events to share knowledge and promote a harmonized approach to managing food safety across the industry.

    • Jun 29 2020 06:31 PM
    • by Simon
EV SSL Certificate