Purpose of Stage 1 Audit
We all know the purpose of Stage 1 initial audit under ISO22000 including other standards is to determine if the adequacy of the respective system justifies the readiness of the company for Stage 2 conformity audit.
In the event of inadequacies that have been identified during stage 1 audit, can FSMS auditors please share with us should these inadequacies be classified as concerns (observations) or as NCs bearing in mind the objectives of ISO 17021.
I may be wrong but I have a feeling that a high number of auditors and CBs out there are doing it wrong. It will be good to have your views on this.
Classification of findings may vary depending on your certification body. Within Bureau Veritas Certification, we use the followings:
- minor: has no impact on food safety or is a requirement of the standard that is partially met. Example: the maintenance department hasn't been subject to internal audit
- major: is likely tto have an impact on food safety or is a requirment of the standard that is not met at all. Example: no internal audit has been performed so far.
I hope it's clearer.
Regards
Dear all,
We all know the purpose of Stage 1 initial audit under ISO22000 including other standards is to determine if the adequacy of the respective system justifies the readiness of the company for Stage 2 conformity audit.
In the event of inadequacies that have been identified during stage 1 audit, can FSMS auditors please share with us should these inadequacies be classified as concerns (observations) or as NCs bearing in mind the objectives of ISO 17021.
I may be wrong but I have a feeling that a high number of auditors and CBs out there are doing it wrong. It will be good to have your views on this.
Hi Charles,
Inadequacies is basically minor and major NC's. But you can have several Major NC's and you still can be ready for the ST2 visit (ISO/TS-22003 ask for an interval of six months between ST1 and ST2) if you exceed that interval you need to re-schedule ST1 assessment again.
Sometimes, an organization has only 1 or 2 major NC's and the auditor has the authority to tell the Company to repeat the ST1 visit because the FSMS has big failures...
Other purpuses of the ST1 visit is the contract review (calculation of the No. of days for certification, Codes, etc.) also the Auditor needs to issue the agenda for the ST2 visit, make an assessment of the Hazard Analysis, make an assessment of the Validation records (This is so important!!! - Validation records has to be reviewed also in the ST1 visit). During the ST1 visit, the auditor has to review if the organization has included in their system the appropriate Code of Practices, Food Safety Regulations, etc. etc. etc.
Remote ST1 audits are not permited in ISO-22000.
... And you know what...? ... You are totally right!!! - A lot of auditors are doing it wrong.
This are the requirements (ISO-TS-22003):
9.2.3.1.2
The objectives of the stage 1 audit are to provide a focus for planning the stage 2 audit by gainingan understanding of the FSMS in the context of the organization’s food safety hazard identification, analysis,
HACCP plan and PRPs, policy and objectives, and, in particular, the organization’s state of preparedness for
audit by reviewing the extent to which
a) the organization has identified PRPs that are appropriate to the business (e.g. regulatory and statutory
requirements),
b) the FSMS includes adequate processes and methods for the identification and assessment of the
organization’s food safety hazards, and subsequent selection and categorization of control measures
(combinations),
c) food safety legislation is in place for the relevant sector(s) of the organization,
d) the FSMS is designed to achieve the organization’s food safety policy,
e) the FSMS implementation programme justifies proceeding to the audit (stage 2),
f) the validation, verification and improvement programmes conform to the requirements of the FSMS
standard,
g) the FSMS documents and arrangements are in place to communicate internally and with relevant
suppliers, customers and interested parties, and
h) additional documentation needs to be reviewed and/or what knowledge needs to be obtained in advance.