Jump to content

  • Quick Navigation

Search Results

There were 4 results tagged with SQF

By content type

By section

Sort by                Order  
  1. SQF from Scratch: 2.1.3 Management Review

    2.1.3 Management Review

     

    These first few elements established the relationship site management needs to have with the food safety system. SQF is not just an exercise for the practitioner.

     

    First, we had management identify that food safety is part of our business mission, not just something we have to do.

     

    Then, we made them put their money where their mouth is by designating an SQF practitioner and showing employees how the top levels of the company are ultimately responsible for that mission.

     

    Now, we need to make sure that long after we’ve created these policies, the people in charge are going to receive the information needed to uphold that responsibility every day, long after we’ve attained certification. We’re also going to make sure that this system stays alive, and doesn’t become a binder on the shelf that just gets whipped out when the auditor arrives, and no one at the company has any idea what’s inside.

     

    Posted Image

     

     

    The code:

     

    2.1.3 Management Review

     

    2.1.3.1 The senior site management shall be responsible for reviewing the SQF system and documenting the review procedure. Reviews shall include:

     

    i. The policy manual;

     

    ii. Internal and external audit findings;

     

    iii. Corrective actions and their investigations and resolution;

     

    iv. Customer complaints and their resolution and investigation;

     

    v. Hazard and risk management system; and

     

    vi. Follow-up action items from previous management review.
    2.1.3.2 The SQF practitioner(s) shall update senior site management on a (minimum) monthly basis on matters impacting the implementation and maintenance of the SQF system. The updates and management responses shall be documented. The SQF system in its entirety shall be reviewed at least annually.

     

    2.1.3.3 Food safety plans, good manufacturing practices, and other aspects of the SQF system shall be reviewed and updated as needed when any potential changes implemented have an impact on the site’s ability to deliver safe food.

     

    2.1.3.4 Records of all management reviews and updates shall be maintained.

     

    What’s the point? How is this making our product safer?

     

    “Oh my goodness”, you may think, “we have to review EVERYTHING at least once a YEAR?”

     

    Yes.

     

    I spend a lot of my time working with QA departments on making their systems more flexible, easier to maintain, and reduce overall paperwork because unnecessary clerical work hurts our ability to make safe food (even if it makes it look like we are).

     

    But that’s just it, we want to make systems that follow our golden rule, which means we use them and we integrate them. We review them constantly to make sure that nothing has become obsolete.

     

    We review them to make sure that they still make sense to our business.
    We review them to make sure the science is still holding up.

     

    We loosen requirements for things that are no longer an issue and tighten them for things that are affecting our customers.

     

    And an SQF practitioner who is ready to demonstrate how they attain food safety, not just provide a bunch of forms that say they do, needs to be an expert in their own policy manual.

     

    What’s the point of an SQF practitioner, not to mention a company point person for audits, if they don’t know their own systems backwards and forwards? Knowing how all of the pieces of the system connect together not only helps avoid creating redundant waste, it also shows where there are gaps.

     

    What am I being asked to do?

     

    So, what’s a review? It depends.

     

    Policy Manual and Hazard and risk management system (food safety plan)

     

    For a “policy manual”, a.k.a. the “register” of controlled policies, procedures, and food safety plan that make up the system; the review is of the system rather than its outputs.

     

    The review of a policy manual document (SOP, Policy, Procedure, Food Safety Plan) should entail:

    • A complete read-through by the SQF practitioner
    • The opportunity for stakeholders in the procedure to review or request any revisions
      • Note: Stakeholders change, not everyone needs to see the waste management SOP, but top levels do need to see the food safety plan
    • If no changes, documentation that the review actually took place.
    Note that if we’re talking about the food safety plan or product specifications, reviews aren’t going to just be scheduled annually; they’ll be prompted by new products, ingredients, suppliers, equipment, and facilities. “Annually” does not mean “once per year”, it means “no less than once per year”. This is specified in 2.1.3.3 but should be obvious to any company actually using its system. A food safety plan that doesn’t include the newest product line is a big red flag indicating that it isn’t used. This would be reflected as a non-conformance to 2.1.3 or 2.1.2 (if it didn’t just fall under the plan requirements).

     

    Depending on the company’s level of integration and support in the SQF system, those other stakeholders in the policy may not actually thoroughly review things. That’s not ideal but does not stop a practitioner from making helpful documents. As long as their own review is thorough and they audit whether those policies and procedures are actually followed, the documents stay alive and relevant.

    Posted Image

    Companies should never have something written down in the policy manual that doesn’t happen. Either it’s important enough that it actually needs to be done, or it doesn’t and it has no business being in the manual. Keeping something there just because an auditor may want to see it violates our golden rule:

     

    Never make systems to “pass audits”. Make systems that work for your company that help it make safer/higher quality products more efficiently.

     

    This can be very tough for some quality personnel to grasp, as they may have been in a quality environment where their performance is based on auditing or “making sure we follow the code”. That’s a management error. If there is a company issue where a policy requirement does not have good follow through or buy-in from other departments, it needs to be adopted or dropped. It turns out that when quality personnel spend time doing those tasks (usually by spending time in production), not just asking for them to be done, or when they have to actually draw lines in the sand for everything they specify in an SOP, those “auditable” things in documents tend to go away, making them better documents that support the most critical components.

     

    As each document is reviewed, the practitioner should ask and answer these questions:

    • Does this document still support it’s intended purpose?
    • Do we actually practice this document as written without exceptions?
    • Are any of the requirements/procedures obsolete?
    • Are any of the justifications obsolete?
    • Is new information available that should change how we do things (e.g. complaint trending, internal audits, industry changes)?
    Nothing in that review process is oriented around “meeting the code”. Reviewing is used to make sure that our documentation supports a system that produces safe food in the most efficient manner possible.

     

    Some auditors may disagree. That’s okay, their responsibilities are different than ours.

     

    Posted Image

     

    This doesn’t eliminate the reality that we need to make sure the SQF code is supported by our policy manual. Heck, that’s the entire point of this article series! So how to we get this taken care of?

     

    My recommendation is that practitioners conduct a separate, annual review using the SQF checklist. This review is the one everyone is more familiar with, but it’s less important than what we discussed above, where we review the efficacy of our systems rather than conformance to code.

     

    For this review, examine each individual clause in the code, and make sure it’s supported within all of the various documentation in the policy manual and records. This review does not need to include anyone but the audit team, and should be used as an opportunity to prepare for the audit. The intent is to make sure all of the elements are actually covered somewhere in the system. Not by copying and pasting them, but by showing that the company has incorporated them into their own policies and procedures.

     

    This review has the secondary benefit of documenting itself in an auditor friendly way (using the checklist). I like to use it as a training opportunity for backup auditors or folks wanting to learn the code better, and it can be run like a mock/practice audit.

     

    Documenting policy manual reviews

     

    Documentation can be extremely varied, but it’s important to make sure that time is only spent recording information that may be helpful in the future, avoiding documentation for documentation’s sake.

     

    Proof of review of a policy can be accomplished in several common ways:

     

    1. The classic revision table at the end of the document

     

    Posted Image

     

    Simple, to prove things are reviewed, just put it in the document itself. This is super common, but somewhat cumbersome. In this setup, in order to verify that every document has been reviewed, every document needs to be inspected. Further, this table is just one more place where errors can occur when new revisions are created (woops, forgot to add the changes!).

     

    2. The review coversheet

     

    Posted Image

     

    Some organizations get a step closer and think, “Our pest control policy is good to go, so why go through the effort of issuing a new revision? Let’s document that everyone took a look at it and keep that on file instead!”. It’s not bad, but if we’re documenting something with everyone’s signature on it already, all we’ve done is created two documents that need to be archived, the SOP’s and the reviews. Plus, if changes WERE made, the same amount of work needs to be done, but now it requires two sets of signatures instead of one. Seasoned document controllers know that the time it takes to issue new revisions is not consumed by the editing time, but trying to get all of the approvals.

     

    3. New revisions & the review database

     

    Posted Image

     

     

     

    Posted Image

    A lean solution to making sure you keep your documents clean and recently reviewed is to simply have your SOP’s make the rounds for signatures annually, even if they contain no changes. The same stakeholders need to approve them again, no problems there, you don’t need to update the revision number if you don’t want or need to, since the signatures will have dates indicating a recent review. To document changes made (if needed), keep a separate database or file where you can sort for any document and pull up the history of changes at any time. Boom, documentation that’s organized for your use. We can also be detailed and keep all old revision information without taking up additional pages on each policy.

     

    This is going to cover most of our review documentation needs. As far as timing, going by previous approval dates reviews should naturally happen on a rolling schedule. This makes sense from a business practicality stand point, but occasionally auditors will get fixated on the statement in 2.1.3.2, “The SQF system in its entirety shall be reviewed at least annually,” and expect some sort of master review that happens once a year. This is worth arguing over since a simultaneous review of everything is both impractical and supports the idea that we shouldn’t ALWAYS be reviewing these policies. However, if you did do the SQF checklist review with your audit team, you can show it to the auditor and be done with it.

     

    Audit findings, corrective actions, complaints, investigations, follow up items

     

    This group of materials to review are the outputs of your system. Like we discussed above, the point of this clause is to make sure that management has the information necessary to support the food safety mission and allocate resources accordingly. This means that critical information from the QA teams needs to be presented to them, at a minimum monthly.

     

    Often management teams meet more often, which is excellent! The tricky non-conformance catch here tends to be due to the lack of documentation of these meetings. Not every meeting has or needs minutes, especially if your QA update is something as simple as “no complaints or issues this week”. Taking the time to write up minutes that cover every word of 2.1.3 is tedious and cumbersome.

     

    Any time we use our scarce minutes or hours to put something together, just so it can be reviewed in seconds by an auditor, it had better be useful to the company and its food safety systems. AKA it should follow our golden rule.
    Instead of documenting every individual meeting with management) where multiple topics are discussed and actions are often delegated to other levels), put together a monthly digest of pertinent QA information and distribute it to ANY stakeholder that would be interested. Here’s an example of what such a review could look like:

     

    Posted Image

     

    Compared to how I usually coach documentation, this one does take some time to put together, especially if individual programs don’t have a lot of automated or simple reporting built in. However, it’s a crazy valuable tool to meet a TON of documentation/communication requirements in the code (across multiple elements, thus consolidating paperwork), and it’s very helpful to communicate not only what’s going on in quality to multiple teams, but also the value the quality team is adding to the company.

     

    Sometimes QA works in the background and has a hard time demonstrating that work is being done, this report is a communication tool to show the value QA personnel are adding to the facility in a real way. This leads to better buy in and understanding from other departments. Heck, paper copies can be provided to the entire production floor or have portions shown in a breakroom posting for anyone interested.

     

    How this form is constructed is entirely up to each company, as the focus areas are going to change based on challenges and product categories. If other system outputs (like complaint tracking) already have good databases for trending and reporting, it can be incredibly quick to put together. The key is to keep it simple for a lay audience. It isn’t an internal QA document, it’s for the CEO, plant manager, marketing manager, or whomever to understand what QA is currently doing to make the products safer and higher quality.

     

    The review procedure

     

    We do need to document how these reviews are intended to be performed. But it doesn’t need to be extremely explicit as long as we can, as always, demonstrate that it’s happening. I’ll typically have an SOP called “internal audit” which is intended to cover the policy portions of 2.5.5. In that SOP, I’ll specify the creation of the monthly report outlined above.

     

    Example:

     

    1. Management Updates

     

    a. Every 30-40 days, senior management shall receive an “Monthly Quality Update” that covers matters impacting the implementation and maintenance of the SQF system.

     

    That’s all you need! When crafting the policy it is not necessary to copy the language of the code as long as the monthly update includes all of the information the code requires (like in the above example).

     

    For policy and procedure reviews, I’ll typically include this policy in my document organization/control SOP that supports the recordkeeping and review requirements of section 2.2. I’ll include a tidbit like this one:

     

    1. Review procedure:

     

    a. SOPs shall be routed for revisions/review at least annually.

     

    How will this be audited?

     

    At a minimum, as the auditor goes through each of the policies and procedures, they’re going to look for a document revision change or review within the last 12 months. It’s often not a big deal if one or two are “out of date” by a month or so, especially if a draft is making the rounds. However, if all of them are in that window, it demonstrates that reviews are only taking place around the audit, which doesn’t look great.

     

    Reasons for changes need to be available, but are typically only looked at critically when they are justifications for changing requirements or specifications. E.g. if you started to clean something only every 48 hours instead of 24, that’s a change that needs justification documented.

     

    Changes to process flows or other aspects of the food safety plan will need to have new validations etc. in place to justify the change. If they’re missing this, it often becomes a non-conformance in 2.4.3. But if it’s a matter of there being no record of the new product line getting an analysis at all, it technically would fall under management review. The first example is a failure to follow HACCP principals, the second is a lack of review to make sure the food safety plan stays relevant.

     

    Auditors will seek evidence that management updates turn into actions. If the monthly reports have been getting done, they should also include corrective actions and changes driven by management in response to previous versions of the report. This is a tricky auditing nuance, because auditors love lists and columns. They want to see a form that has: finding, response, who’s responsible, timeframe, time completed, issue closed.

     

    You don’t have to do this again and again on paper, and you shouldn’t. Continuous improvement is just that, continuous. The documentation exists if they’re consistently included in the reports, and the practitioner needs to be able to guide the auditor through the narrative.

     

    Have one or two solid examples ready for the audit. If there was an increase in complaints for labels falling off products, show the progression of that in the monthly updates!

    • One month showed a complaint increase and an investigation.
    • The next month a corrective action.
    • The next month shows a note that QA implemented the new supplier/quality check/machine/whatever that was needed.
    • The next month shows how the complaints trended down.
    This is a process of ongoing communication, but it is on the practitioner to demonstrate to the auditor how that works in your facility, not create yet another form to summarize it for the auditor. Again, practitioners need to know their own system well enough to demonstrate that it meets the code, not tailor it for ease of audit.

     

    If you can’t think of examples, you’re either not giving yourself enough credit for the improvements you’ve made, or your company is not continuously improving. Usually it’s the former.

     

    2.1.3 does one thing effectively. It demonstrates whether a bunch of documents were created solely to get the SQF certification and keep it, or if SQF elements were integrated into the quality system. Companies who do not meet the elements of 2.1.3 have the following characteristics:

    • Only the SQF practitioner knows where the policies are
    • Only the SQF practitioner can lead an audit
    • The food safety plan hasn’t changed since it was made
    • Management has no idea what QA does day to day
    • SOP’s contain procedures that aren’t followed and forms that aren’t used (the binder is bloated)
    • SQF practitioners don’t remember what all their procedures are during the audit, or perhaps where to find them
    If an element of the system has not changed, it should be challenged to make sure it still holds up.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

    • Jan 30 2020 06:56 PM
    • by Simon
  2. SQF from Scratch: 2.1.2 Management Responsibility

    Remember, the goal is not “Audit ready 365”, it’s to know that our facility embraces globally recognized best practices to maintain food safety. Because of this, as we dive into each element, we must always remember the quality management system golden rule: Never make systems to “pass audits”. Make systems that work for your company that help it make safer/higher quality products more efficiently.

     

    2.1.2 Management Responsibility

     

    Following right up on commitment. In addition to identifying our mission of food safety, we also need to determine who will be held accountable for that mission. Where does the buck stop? How are we going to make sure that our new commitment to food safety isn’t just a plaque on the wall, but is a living, breathing (and costly) endeavor?
    Some things will be a paperwork exercise, sure, after all everything important happens on paper. But we also need evidence that we have used the time and resources necessary to make sure that competent people, with the right expertise, are making our food safety plan a reality.

     

    The code:

     

    2.1.2 Management Responsibility

     

    2.1.2.1 The reporting structure describing those who have responsibility for food safety shall be identified and communicated within the site.

     

    2.1.2.2 The senior site management shall make provision to ensure food safety practices and all applicable requirements of the SQF System are adopted and maintained.

     

    2.1.2.3 The senior site management shall ensure adequate resources are available to achieve food safety objectives and support the development, implementation, maintenance, and ongoing improvement of the SQF System.

     

    2.1.2.4 Senior site management shall designate an SQF practitioner for each site with responsibility and authority to:

     

    i. Oversee the development, implementation, review, and maintenance of the SQF System, including food safety fundamentals outlined in 2.4.2, and the food safety plan outlined in 2.4.3.

    ii. Take appropriate action to ensure the integrity of the SQF system; and

    iii. Communicate to relevant personnel all information essential to ensure the effective implementation and maintenance of the SQF System.

     

    2.1.2.5 The SQF practitioner shall:

     

    i. Be employed by the site as a company employee on a full-time basis;

    ii. Hold a position of responsibility in relation to the management of the site’s SQF System;
    iii. Have completed a HACCP training course;
    iv. Be competent to implement and maintain HACCP based food safety plans; and
    v. Have an understanding of the SQF Food Safety Code and the requirements to implement and maintain SQF System relevant to the site’s scope of certification.

     

    2.1.2.6 Senior site management shall ensure the training needs of the site are resourced, implemented, and meet the requirements outlined in system elements, 2.9, and that site personnel have met the required competencies to carry out those functions affecting the legality and safety of food products.

     

    2.1.2.7 Senior site management shall ensure that all staff are informed of their food safety and regulatory responsibilities, are aware of their role in meeting the requirements of the SQF food safety code, and are informed of their responsibility to report food safety problems to personnel with authority to initiate action.

     

    2.1.2.8 Job descriptions for those responsible for food safety shall be documented and include provision to cover for the absence of key personnel.

     

    2.1.2.9 Senior site management shall establish processes to improve the effectiveness of the SQF System to demonstrate continuous improvement

     

    2.1.2.10 Senior site management shall ensure the integrity and continued operation of the food safety system in the event of organizational or personnel changes within the company or associated facilities.

     

    2.1.2.11 Senior site management shall designate defined blackout periods that prevent unannounced re-certification audits from occurring out of season or when the site is not operating for legitimate business reasons. The list of blackout dates and their justification shall be submitted to the certification body a minimum of one (1) month before the sixty (60) day re-certification window for the agreed up on unannounced audit.

     

    What’s the point? How is this making our product safer?
    If you follow companies who either have large outbreaks or legal action, a common thread tends to be that company representatives blame a lack of information or appreciation for the details necessary to make good food safety risk management decisions. They respond to regulators with their hands up in the air saying things like:

    This stuff is hard to do, and just as important as being willing and capable to learn the details is knowing when you may not have them all. In smaller companies, where capable people in other roles are moved into food safety roles, there can be issues with knowledge gaps. 2.1.2 establishes the need to make sure you have proper expertise on site, and that everyone is made aware of the decisions being made so that accountability is shared.

     

    What am I being asked to do?

     

    This one’s a pretty stout element with a lot of details, so let’s break it down line by line.

     

    2.1.2.1 The reporting structure describing those who have responsibility for food safety shall be identified and communicated within the site.

     

    Your business probably already has an organizational chart showing reporting structure, so this one is nearly done! What SQF wants to see is that you know who is responsible for food safety.

     

    It’s not just the Manager or SQF practitioner!

     

    Food safety responsibility mostly falls on the production floor. Floor employees need to know they are the first and most important element in this system. After that, they need to know who’s head to go over when they have a food safety concern. Identifying this in your reporting structure can happen in a variety of ways. My favorite is placing it directly in the org chart.

     

    If you need an org chart, there are a million different tools to make one. I typically recommend one in particular, since most employers already have it on site and it’s a surprisingly powerful tool, Microsoft PowerPoint.

     

    Despite there being a dedicated flowchart tool in Microsoft Visio, that’s another license to buy for every user that needs access. Dynamic flowchart shapes are available in PowerPoint with many of the same controls, and PowerPoint generates vector images that can be printed clearly in any size.

     

    You can find the flowchart tools when you go to “shapes” on the insert ribbon.

     

    Posted Image

     

    The connector arrows once connected to flowchart shapes will stay connected when moved around or resized, just like Visio, all you need to do now is fill in the names and titles like this example below:

     

    Posted Image

    Now how can we identify those with responsibility for food safety? Simply add a qualifier of some kind, like a color or a code to the applicable portions of the chart. I’ve used both in the example below (remember you only need one!):

     

    Posted Image

    There, now it exists, but still must be “communicated throughout the site”. You can post it somewhere like an employee notice/safety board, or make it a controlled document and include it with your regular training and employee resources. The end goal being that your employees know where to find it in case they need to run something up the ladder.

     

    2.1.2.2 The senior site management shall make provision to ensure food safety practices and all applicable requirements of the SQF System are adopted and maintained.

     

    This one feels a bit redundant; it’s going to be supported by later portions of the code, particularly training and internal audits. There’s no specific action here other than showing evidence of implementing and enforcing food safety practices. We can move on.

    2.1.2.3 The senior site management shall ensure adequate resources are available to achieve food safety objectives and support the development, implementation, maintenance, and ongoing improvement of the SQF System.

     

    Again, this portion of the code doesn’t require a specific form or policy to be in place. It’s going to be audited throughout the entire system. If things are out of repair, not being improved, or otherwise not happening due to time or cost constraints, it becomes evidence that 2.1.2.3 has not been supported.

     

    2.1.2.4 Senior site management shall designate an SQF practitioner for each site with responsibility and authority to:


    i. Oversee the development, implementation, review, and maintenance of the SQF System, including food safety fundamentals outlined in 2.4.2, and the food safety plan outlined in 2.4.3.
    ii. Take appropriate action to ensure the integrity of the SQF system; and
    iii. Communicate to relevant personnel all information essential to ensure the effective implementation and maintenance of the SQF System.

     

    Here we are, the SQF practitioner. You must designate, either on your organization chart or in a job description, the individual(s) who is(are) ultimately responsible for the effective implementation of the system. This can be the CEO, a dedicated quality role, or anyone that makes sense for the company size and structure, but they need in their job description both the assigned role of SQF practitioner, and the authority to do it effectively.

     

    Here’s an example of how to integrate assignment of a practitioner into a job description, my preferred method since these descriptions need to be made regardless:

     

    Posted Image

     

    Other ways to designate are to include the designee in the management commitment statement, or identify them on the organization chart similarly to how we selected individuals responsible for food safety. The point is that a specified individual was chosen, they have sufficient authority, and other employees know who they are.

     

    2.1.2.5 The SQF practitioner shall:


    i. Be employed by the site as a company employee on a full-time basis;
    ii. Hold a position of responsibility in relation to the management of the site’s SQF System;
    iii. Have completed a HACCP training course;
    iv. Be competent to implement and maintain HACCP based food safety plans; and
    v. Have an understanding of the SQF Food Safety Code and the requirements to implement and maintain SQF System relevant to the site’s scope of certification.

     

    Here we’ve reiterated the basic requirements of a practitioner, but also provided some additional detail on what needs to be on file. As above, first and foremost the SQF Practitioner needs to be a paid employee with sufficient authority to get things done in the production areas. No interns, no offsite sales representatives, no lawyers on retainer.

     

    A HACCP training course is required (specifically CODEX HACCP, not an FDA juice HACCP, seafood HACCP, and NOT Preventive Controls Qualified Individuals classes, though if you’re in the US those will be required for regulatory compliance reasons). Note that no where in the code or guidance does SQF use the term “certified”.

     

    A personal pet peeve of mine is inappropriate use of the word certified. Certified means that some sort of organization determined that you met their standards and said you can call yourself certified. Therefore, if you want to take my class about HACCP under Fur, Farm, and Fork’s standards, I can call you “certified” under the FF&F standard for HACCP.

    Posted Image

    Certifications are only meaningful based on the granting organization, if someone claims they’re “certified” anything, the key question to ask is “according to whom?” It’s similar to saying something was “published”. As much as I’d like to claim everything “published” on furfarmandfork.com holds the same weight as something published in “science”, unfortunately that’s not the case.
    SQF makes no requirements what “standard” of HACCP training is needed, other than training needs to exist on paper. Therefore, as an example you could take IFSQN’s compact, inexpensive, 4 hour class. By doing so, you’ve met the written requirements of the code and you even have a certificate to show an auditor when they ask. Done and done.

     

    Anything demanded other than “HACCP training was provided and documented” is not code but auditor preference. However, when preference becomes a fight it may not be worth starting to argue early in the audit. Besides, additional training isn’t a bad thing. One industry gold standard for HACCP training is a workshop type HACCP class that incorporates at least 16 hours of classroom time, and is accredited by an organization with some recognized weight such as the international HACCP alliance.

     

    Many certifying bodies sell HACCP training/certification services, feel free to take advantage, but remember that the code does not require anyone’s specific training (despite what salespeople say). Of course, you won’t be able to support the efficacy of the training you received if your HACCP plan isn’t up to snuff, which is why the code follows up the training requirement with “Be competent to implement and maintain HACCP based food safety plans”.

     

    The evidence that the training was effective will be in the plan. If the plan does not include monitoring and verification of critical control points, and you have no idea that it’s incomplete, that’s nonconformance with 2.1.2.5. You demonstrated that the practitioner does not have the required competency to make a functional plan, and it may have been because they didn’t have effective HACCP training.

     

    Finally, SQF basically says that the SQF practitioner needs to know the code well enough to implement it. Again, this can be accomplished through either training, experience, consultant help, or personal study, but it will be evaluated during the audit based on how many times you say “I didn’t know that was in the code”. So, do whatever is necessary to know this stuff; If you’re reading this blog series, you’re on the right track 😉.

     

    2.1.2.6 Senior site management shall ensure the training needs of the site are resourced, implemented, and meet the requirements outlined in system elements, 2.9, and that site personnel have met the required competencies to carry out those functions affecting the legality and safety of food products.

     

    Again, this is reiterating that the training requirements we’ll go into detail on later have evidence that they’re effective, no specific action here other than showing that the auditor is looking for competence, not just paperwork exercises.

     

    2.1.2.7 Senior site management shall ensure that all staff are informed of their food safety and regulatory responsibilities, are aware of their role in meeting the requirements of the SQF food safety code, and are informed of their responsibility to report food safety problems to personnel with authority to initiate action.

     

    The first portion of this is again going to be based on employee interview, knowledge, and demonstrated competency during the audit. However, hidden in this clause is an obvious but not always written requirement that “employees are informed of their responsibility to report food safety problems”.

     

    This can be embedded in the management commitment statements, an employee “day one” SOP, or other training tool. But an employee on the floor needs to be able to say they know that they need to report when something has gone wrong and that they have the support and authority to do so.

     

    Keeping it simple: this reporting method can be as simple as “report to supervisor as soon as condition is observed”. But this reporting method needs to be actually written down and documented in a trained policy or procedure.

     

    The culture change necessary to make consistent reporting a reality is hard, but the demonstrated training portion is easy. When training employees on the basics on day one like when to wash hands, PPE, etc., include a responsibility to report food safety problems.

     

    2.1.2.8 Job descriptions for those responsible for food safety shall be documented and include provision to cover for the absence of key personnel.

     

    Everyone identified as personnel responsible for food safety in the org chart needs a job description, and that job description specifically needs to call out that they have a responsibility to food safety. But, there’s no requirements about formatting, content, etc. except one.
    In general, when approaching required paperwork for SQF, if they’re mandatory, make them useful to your business. Work with the HR team to generate job descriptions that clarify responsibilities and competencies for employees in key roles and use it for performance accountability. I’ve got a template below of a bare bones description that I’ve found useful.
    There is that one specific requirement for “provision to cover for the absence of key personnel.” Key here is that SQF wants to make sure that food safety isn’t dependent on the practitioner being on vacation, but that the company maintains both standards and tools (e.g. can’t stop verifying thermometers just because the lab tech is out) rather than just placing it all contingent on one person’s presence.

     

    Why I don’t like this provision is that it requires it to be written into the job descriptions. Job descriptions aren’t usually very “live” documents, and making (SQF) certified suppliers document this specific provision in a specific place is burdensome. In my humble opinion, this should be audited similar to other responsibility provisions in that the proof will be in actual demonstration of the coverage. Instead it becomes a checkbox on the audit list, making this is a very common non-conformance when suppliers don’t follow the code and place it exactly where it’s supposed to be in the paperwork.

     

    So, the most audit-proof way to meet this requirement I’ve found is to take the code very literally, and add a “coverage in absence” line to your job descriptions.

    Posted Image

    Alternatively, you might be able to get away with a more general statement that relies on your org chart. Instead write “Coverage in absence: Direct supervisor (see organization chart)”. This would be pretty solid, defensible, and per the code technically written into the job description. You only run into trouble if for some reason coverage isn’t actually provided by a supervisor but by a subordinate. For example, a lab manager may do all of the micro CoA review, but when they’re out a senior technician may cover that task for a week. So be careful with that one.

     

    2.1.2.9 Senior site management shall establish processes to improve the effectiveness of the SQF System to demonstrate continuous improvement.
    Once again, this will be demonstrated through internal audit and management review systems to be discussed further.

     

    2.1.2.10 Senior site management shall ensure the integrity and continued operation of the food safety system in the event of organizational or personnel changes within the company or associated facilities.

     

    Basically, if an SQF practitioner gets laid off or goes on leave, is everything going to fall apart? This is another one that will be demonstrated via observation during the audit. If things have fallen through the cracks that are normally done (supplier review, internal auditing, reporting, verification tasks) and the excuse is that there was an organizational change, that’s a problem under this clause. Doesn’t matter if you just moved into a new building or got a new boss, the standards are supposed to continue to be met.

     

    2.1.2.11 Senior site management shall designate defined blackout periods that prevent unannounced re-certification audits from occurring out of season or when the site is not operating for legitimate business reasons. The list of blackout dates and their justification shall be submitted to the certification body a minimum of one (1) month before the sixty (60) day re-certification window for the agreed up on unannounced audit.

     

    Basically, SQF has no interest in auditing a seasonal facility that is not producing anything that month. Alternatively, if the facility only operates Mon-Thus. Then SQF doesn’t want to pop in unannounced on a Friday and find nobody there. On years with unannounced audits, communicate with the certifying body regarding what days are actually going to be worth visiting.
    As a bonus, you can also try to specify blackouts like planned vacations for key personnel or your SQF practitioner(s). While the SQF system needs to be maintained when those people are out, Audits are a different situation that does not require everyday coverage. There’s an expectation that the system is maintained, but certain folks will be able to explain the system in its entirety during an audit that others will not. I’ve had good luck with CB’s when blacking these out, provided it doesn’t defeat the purpose of an unannounced audit by blocking out the majority of the window.

     

    How will this be audited?
    SQF guidance tells auditors to be patient when gauging compliance with 2.1.2, as it’s the proof that the system isn’t just a pile of SOP’s and verification records. It can take time to tease that out of a company that knows how to “pencil whip” an audit.
    There are some items that will be reviewed at the desk: job descriptions, HACCP training proof, maybe the resume of the SQF practitioner, and organization charts. But the majority of this clause is just saying “we made you do all of this stuff…are you actually doing it even when it’s hard?”

    • A leaky roof or broken floor that’s been there for 2 years of audits is evidence that the business has not been allocating sufficient resources to maintenance.
    • A team that has no idea that they are supposed to be monitoring a critical control point to keep the food safe is not one that was actually trained well.
    • A vacant microbiologist position combined with raw materials no longer being tested on site is evidence that the company has not provided for coverage and the system fails when individuals are absent.
    • A HACCP plan that doesn’t have a process flow for a product launched last month is not being reviewed or updated enough to support food safety in the plant.
    • Not having FSMA requirements in place is evidence that staff are not keeping up with new regulatory requirements and implementing them.
    • A sanitation schedule that says “clean once a day” but records show days are skipped when we “get busy” or too many people call in sick is evidence that the SQF practitioner does not have sufficient authority to implement the plan.
    • Microbiologists were no longer using the paddle blender because they didn’t like waiting for it to finish, signing off one procedure and doing another is evidence of ineffective training and lack of competence for the role.
    • An SQF practitioner that is expected to maintain the system while also performing all front desk, office management, freight scheduling, product testing, production scheduling, and outside sales support; didn’t update the old SOP’s potentially because they have not been allocated the time to do the job properly.
    During the paperwork review, as always be cautious of auditors who may dislike the system used, not doing “what they’ve seen at other plants” does not mean it isn’t in compliance. Always bring it back to the code and identify when a format or statement is actually required or not.

     

    In the plant, while inspecting the line and problems are noted, if you are already aware of them with a plan in place to fix, sharing it demonstrates planned improvement and resource allocation, even if occasionally an auditor with no company responsibility may disagree with the timeline.

     

    In a real business environment, not everything can be fixed right away. But you can demonstrate management responsibility by providing a plan, with deadlines, and how you will mitigate risk until the fix happens. Continuous improvement is not immediate improvement, show what you’ve fixed so far to demonstrate your commitment, and you will give the auditor confidence that the things they see will be fixed according to plan as well.

     

    2.1.2 takes management commitment and calls the bluff. It starts with creating a system and providing resources so that the code can be upheld no matter what, and ends with a competent practitioner that keeps it on track and makes sure the company is never “surprised” by gaps in their system. SQF practitioners should demonstrate command of their own system and facility, with its weaknesses already known and highlighted for future improvements.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

    • Jan 12 2020 07:21 PM
    • by Simon
  3. SQF from Scratch: 2.1 Management Commitment, 2.1.1 Food Safety Policy

    Remember, the goal is not “Audit ready 365”, it’s to know that our facility embraces globally recognized best practices to maintain food safety. Because of this, as we dive into each element, we must always remember the quality management system golden rule: Never make systems to “pass audits”. Make systems that work for your company that help it make safer/higher quality products more efficiently.

     

    2.1 Management Commitment

     

    Management commitment is the pre-requisite to company culture. Whether talking about safety culture, lean culture, continuous improvement culture, anti-discriminatory culture, ethical business culture, or food safety culture, company direction and leadership begins with those holding the purse strings at the top.

     

    The fact that this is our FIRST element is not a mistake, it’s an acknowledgement that this process will have no legs if it is not supported by those in control of the business. SQF has taken the same approach that successful safety, lean, and corporate responsibility initiatives have, wherein you begin with missions and core values that provide a compass for company priorities, especially when you get stuck back in the day-to-day.

     

    The code:

     

    2.1 Management Commitment

     

    2.1.1 Food Safety Policy (Mandatory)

     

    2.1.1.1 Senior site management shall prepare and implement a policy statement that outlines as a minimum the:
    i. The site's commitment to supply safe food;
    ii. Methods used to comply with its customer and regulatory requirements and continually improve its food safety management system; and
    iii. The site's commitment to establish and review food safety objectives.

     

    2.1.1.2 The policy statement shall be:
    i. Signed by senior site management;
    ii. Made available in language understood by all staff;
    iii. Displayed in a prominent position; and
    iv. Effectively communicated to all staff

     

    What’s the point? How is this making our product safer?

     

    Food safety procedure is what we tend to think of when we consider GFSI certification, a.k.a. all the stuff we should/need to get done. But each element of the code begins with “policy”; we’re asked to define our values as a company, from which our actions and priorities will follow.

     

    SQF doesn’t begin the code with with any specific rule or task, but by asking us as an organization to establish food safety as part of our company’s core values. Not just a series of forms or tasks to be completed, but a wholistic view that when we strategize and determine the direction our business will take, food safety is going to be just as much a part of that discussion as finance.

     

    Accepting and committing to food safety as a senior management value empowers departments, teams, and individuals to also treat food safety as a priority in their work. It shows all levels of the organization that GFSI certification isn’t just a pile of requirements, but a representation of what leadership is going to look for when they identify high performers and reliable employees.

     

    What am I being asked to do?

     

    You need a sort of company values/mission statement style document, you need the top representatives at your company site to review and sign it, and it needs to be posted and visible to your workforce.

     

    Ideally, take some time to work with management to make something unique to your company. Maybe it’s formed on customer issues in the past, or ties into your existing mission statement. At the end of the day, there are some specifics that you, the SQF practitioner, are going to want to stick in there. Our standard approach is going to be taking the code line by line and making sure that language is represented or even mirrored in our documentation.


    Posted Image

     

    Whenever SQF asks for a policy, you have two objectives. First, that the people who are leaders supporting the policy know and embrace it. Second, that you have included language clear enough that you can defend your policy to an auditor who may just be using the code to “tick the box”. Below is an example policy that simply parrots the actual code. This will work very well in an audit but is not tailored specific to any particular company. Ideally your policy will reference your specific products and challenges.

     

    I. Policy
    a. [Company Name] is committed to manufacturing foods that are safe and compliant with both our customer and regulatory requirements. We will do this by:
    i. Ensuring that adequate resources are available to support the continuous improvement of our food safety management system.
    ii. Establishing and reviewing food safety objectives with senior site management.
    iii. Ensuring we remain informed in new regulatory updates, customer requirements, or new technologies that support the mission of safe food.

     

    To make this available, stick it into your SOP’s and maybe regular training. But it’s common (therefore expected by auditors) that it’s incorporated into signage. A simple way to do this is to build a sign in Microsoft PowerPoint (which will create a vector image that will scale indefinitely with size and still print well), then use a local print shop to print a laminated sign (or order a fancier sign if you prefer).

     

    Posted Image

     

    Get that somewhere visible for all staff and you’re good to go!

     

    How will this be audited?

     

    Auditors are going to look at the document, how it’s made available to your staff, and whether anyone on your production floor knows what it is and where to find it. If they talk to several new temps who say, “no idea, I was just put out on the line”, that’s going to be a potential issue. For the most part, effective implementation and evidence of management commitment is going to be more covered by 2.1.2 Management Responsibility.

     

    Typically points of contention will be when auditors disagree with the language in your policy, that’s fine as long as you can defend it! Make sure your policy obviously covers all the components identified in the code, and don’t worry about an auditor who wants to go after semantics. It isn’t law if an auditor claims “you didn’t say continuously improve” when your statement says, “our system is going to be flexible and achieve the highest quality possible to support our customers”. OF COURSE that means you’re going to review and improve it! Back it up with evidence that you actually do and feel free to let the auditor grouse about how they would have written something different.

     

    It’s not their company, their liability, its yours. And the opinion of a single audit should not change the way your entire facility communicates its food safety values from the top the other 364 days of the year. Modifying your mission statement based on auditor preference violates our golden rule.

     

    Author Biography:

     

    Posted Image

     

    Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA. You can find more food safety resources and discussion on his website, Fur, Farm, and Fork, as well as contact information for consulting services.

  4. GFSI Announce Consultation for SQF Scope Extension for Storage and Distribution

    GFSI are inviting stakeholders to comment on the thorough process that SQF, the Benchmark Committee Leader and the Benchmark Committee Members have been involved in over the past months.

    The SQF scope extension benchmarking process consisted of:

    • 2 desktop reviews and corresponding responses from SQF providing the required information.
    • A review of the SQF response by the Benchmark Committee Members.
    The extension of scope Benchmarking Application is open for a consultation until 8th December 2014.

    Download the benchmarking summary report and send any comments on the benchmarking form to Adria Bryan at a.bryan@theconsumergoodsforum.com.

    About SQF:

    The SQF Code is a process and product certification standard. It is a Hazard Analysis Critical Control Points (HACCP)-based food safety and quality management system that utilizes the National Advisory Committee on Microbiological Criteria for Food (NACMCF) and the CODEX Alimentarius Commission HACCP principles and guidelines, and is intended to support industry or company branded product and to offer benefits to suppliers and their customers. Certifications under the SQF Code retain a high degree of acceptance in global markets.

    Edition 7 of the SQF Code was redesigned in 2012 for use by all sectors of the food industry from primary production to transport and distribution. It replaced the SQF 2000 Code edition 6 and the SQF 1000 Code edition 5.

    About GFSI:

    The Global Food Safety Initiative (GFSI) is a business-driven initiative for the continuous improvement of food safety management systems to ensure confidence in the delivery of safe food to consumers worldwide. GFSI was launched in 2000 following a number of food safety crises when consumer confidence was at an all-time low. Its collaborative approach to food safety brings together international food safety experts from the entire food supply chain at technical working group and stakeholder meetings, conferences and regional events to share knowledge and promote a harmonized approach to managing food safety across the industry.

    • Nov 10 2014 07:33 PM
    • by Simon
EV SSL Certificate