4 replies to this topic

[jorgeoaleman]

Hello all, I know this topic has come up before but I was needing to know what all of the possible risk assessment are by Code Section. I believe I was informed that there were 26 but I don't have near that many in my Risk Assessment Book. Your help with this would be greatly appreciated.

Jorge

[DocGra]

Hello Jorge,

I don't think there is a 'prescribed number' of riskassessments required in BRC6. I think it's more a case of 'document every riskassessment to show you've thought about the situation and have an argument todefend your position'

We're in the midst of our QMS / HACCP review to defend ourGrade A in September, we've gone through 96 HARAs (Hazard Analysis RiskAssessment) so far and have 14 or 15 categories left to analyse, I'd besurprised if we didn't pass the 150 HARAs before we finish.

We have considered physical, chemical, microbial andallergenic contamination and cross contamination in every situation we'vereviewed in the course of our CP / CCP / PR study and use HARAs to measure theefficacy of control measures (via a likelihood / severity matrix) and validateour CPs and CCPs and to review alternate control measures (do they produce alower score?).

We use HARAs to assess the risks our products pose tovarious consumer groups in different situations and at different times, the risksour suppliers pose to our products when they fail to provide certificates of complianceor screw up deliveries (eg cross contaminate allergens during delivery), therisks our processes and staff pose to our products, that our engineers pose toour machines and hence our products and so on …

Every HARA ends up with a method of mitigating risk - reducingit to an acceptable level or eliminating it completely, either by way of a 'rootcause cure' or a 'corrective action'.

Seems to me BRC6 is risk-based and auditors need to see thethinking behind every decision. Documenting HARAs is our way of demonstratingour thought processes. I don't think auditors intend to challenge (too many!)decisions - they want to see evidence that some thought was given to the risks identifiedin your situation analysis.

We've tabulated our HARAs in a spreadsheet that usespull-down lists to keep responses consistent and automates the decision tree sowe can get quickly to the CP / CCP / PR decision and focus on the controlmeasures, limits and corrective actions more that arguing about the tree.

We include assessment dates too - so the list becomes acarry-forward schedule, those with greater HARA scores (more significant risks)come up for review more often than those in the very low risk group.

Having all the detail in a straight line in a spread sheetmakes verifying the assessment easier too . when we 'walk the HARA' through thefactory while we're 'walking the flow diagram'.

I don't think there is a prescribed list of risk assessments- I think you have to document all your risk based thinking in a formalised wayso you can demonstrate due diligence and - if you include your assessors name -you'll also know who to fire if the auditor spots a bloomer (just kidding!).

Good luck extending your HARA collection Jorge.

Maybe we should start a poll in here - how many HARAs do you have in your collection? Perhaps calculate HARAs divided by processes to get a scalar index to compare different situations …I'll start we have 18 processes and 23 pre-requisites - and I think we'll have 150 HARAs so our index is 150/(18+23)=3.65

Cheers,

Graham

[Charles.C]

Dear jorgeoaleman,

I don't recall if BRC have ever offered a definitive statement as to "must haves", probably not. If so, I suggest one is sort of (a) faced with those clauses containing the specific 2 magic words plus (b) others where one or the other of the 2 words +/- an implied evaluation occurs, plus ©some "intangibles".

I assume you have already seen these 2 recent threads which seem to fairly typically reflect (recent) past and present user views.? I suppose the lists shown were attempts at minimal responses, presumably there is no maximum.

http://www.ifsqn.com...dpost__p__52949

http://www.ifsqn.com...dpost__p__51561

If you are interested in a generic approach to compiling / doing all the RAs in one go, you might find this, slightly older (BRC5), spreadsheet approach interesting –

http://www.ifsqn.com...dpost__p__51561
(the surrounding posts are quite informative also )

Rgds / Charles.C

PS slightly OT but here is another (mainly dialog) thread for (perhaps) excel intangible handling -

http://www.ifsqn.com...dpost__p__38882

[DocGra]

Hello Mr Charles,

Thank you for pointing to the sections where risk assessments are 'required by the standard', that's a new way of looking at our
QMS so guess what I'll be doing in the morning!

Hmmm .. maybe I missed the point of the question … hope I didn't mislead you Jorge, I think Charles has it covered.

Regards,

Graham

Edited by DocGra, 07 May 2012 - 12:48 PM.

[DocGra]

Hello again,

Just made a text search through BRC6 and find 'risk assessment' in the following clauses:
3.5.1.1

3.5.2.1

3.5.4.4

4.4.13

4.8.1

4.10.3.1

4.10.6.1

4.13.1

4.14.1

5.2.3

6.3.2

The word 'assess' appears qite a few times too so the following clauses need a look at to see if Risk Assessment is a way to 'assess' the situation:
3.4.4

3.7.1

4.2.1

4.10.1.1

4.13.9

4.15.6

5.1.2

5.2.1

5.5.1.3

7.1.2


Hope this helps,

Regards,

Graham

Edited by DocGra, 07 May 2012 - 12:54 PM.