SQF Requirements for Annual Vendor Audits
I am a newly hired QA Manager, preparing for a SQF Level 2 Desk Audit next month. Because of the short time frame, vendor audits are the last thing on my to-do list. I've been through a Level 2 Audit in a previous position, and I think I remember the auditor saying that if a food production facility had vendors/suppliers that had GFSI certification, the annual vendor audit by the food production facility was not required. I've tried looking this up multiple ways online, but am coming up empty. Has anyone heard of this? And if you have, could you post the "chapter and verse" where it can be found? Thanks!
I am a newly hired QA Manager, preparing for a SQF Level 2 Desk Audit next month. Because of the short time frame, vendor audits are the last thing on my to-do list. I've been through a Level 2 Audit in a previous position, and I think I remember the auditor saying that if a food production facility had vendors/suppliers that had GFSI certification, the annual vendor audit by the food production facility was not required. I've tried looking this up multiple ways online, but am coming up empty. Has anyone heard of this? And if you have, could you post the "chapter and verse" where it can be found? Thanks!
This topic was mentioned in another forum. You are good if they have a GFSI audit.
It will be under 2.4.5.5 A register of approved supplier and records of inspections and audits of approved suppliers shall be maintained.
Make a general check off list for your supplier (Do you have a GMP Program? Do you have a traceability program? Do you have a GFSI certificate? etc. etc. etc.) as part of your approval process and send it to them. Then make a register of your approved suppliers and make a column for Audit certified have a check mark for yes and have a copy of that certificate on file.
Thanks RG3! I will add that question to the Vendor Form we send out. We've gotten several BRC and SQF Certificates from our vendors, most likely after they passed their Certification Audit. Phew, a few less gray hairs for me! :)
RG3 provided some great advice. The only thing I have to add is that you need to verify that your company program or policy on approving your suppliers does not state that you must perform an audit yearly. If you program states that you can accept 3rd Party Audits or you can audit the supplier then you should be good. You have to meet the SQF Code but the auditor will also look at your company program to make sure you are "saying what you do and doing what you say".
Dear jweiman,
No mention yet of product or process so comments somewhat speculative.
SQF Code 7.2 (july 2014)
2.4.5.1 Raw materials, ingredients, packaging materials, and services that impact on finished product safety shall be supplied by an approved supplier.
2.4.5.4 The approved supplier program shall be based on the prior performance of a supplier and the risk level of the raw materials ingredients, packaging materials, and services supplied, and shall contain as a minimum:
i. Agreed specifications;
ii. Reference to the rating of the level of risk applied to a raw material ingredients, packaging materials and services and the approved supplier;
iii. A summary of the food safety controls implemented by the approved supplier;
iv. Methods for granting approved supplier status;
v. Methods and frequency of monitoring approved suppliers;
vi. Details of the certificates of conformance if required, and
vii. Methods and frequency of reviewing approved supplier performance and status.
2.4.5.5 A register of approved supplier and records of inspections and audits of approved suppliers shall be maintained.
(Note - bold / Ul from myself)
-----------------------------------------------------------------------------------
SQF Guidance 7.2 (dated as per Standard above)
(Extracts Only)
2.4.5 Implementation Guidance
An approved supplier program is a set of procedures implemented by the supplier to assure the safety and quality of incoming goods and services. It may be based on the safety risk presented by the raw material, or based on historical performance or prior history of the supplier.
What do I have to do?
The supplier must be able to provide documented evidence that incoming materials have either been inspected or that they come from an approved supplier. The methods for selecting, evaluating, approving and monitoring an approved supplier must be documented. This will be risk-based and may be as simple as a good supply history, sourcing from certified suppliers (e.g. SQF certified suppliers) or personally auditing/inspecting the material supplier’s operations, depending on risk, supplier knowledge and past history.
The supplier must require their material suppliers to verify they are complying with specifications for the products supplied. The methods of analyses must conform to recognized industry standards (refer 2.5.6). The job functions responsible within the supplier business for material inspections and supplier approval must be included in the job descriptions outlined in 2.1.3.2
The approved supplier program shall be reviewed at least annually (refer 2.1.4.3) or more frequently, based on supplier performance.
2.4.5 Auditing Guidance
Evidence may include:
• Review of the documented approved supplier program to ensure all materials and services that
may impact on product safety and quality are included;
• The risk rating applied to suppliers is identified and controls implemented;
• There is a register of approved suppliers;
• All materials or services in-use are included on the supplier register or listed as a non-approved supplier;
• Approval methods test for compliance with agreed specifications (refer 2.3.2, 2.3.3);
• The program specifies actions to be taken when non-compliance is identified;
• Documented test/inspection methods and corrective actions have been followed;
• Relevant staff are aware of their responsibilities and duties with regard to inspection and receiving
of incoming goods;
• The approved supplier program is modified based on supplier performance;
• Where non-approved suppliers have been used, goods have been inspected and a record kept;
• The approved supplier program is reviewed at least annually (refer 2.1.4).
Not an SQF user but seems that yr specific query would be related to Code item (iv) above.
I cannot see any specific mention regarding GFSI. Or, FWIW, that a vendor audit is even mandatory (although it is certainly highly recommended by myself).
Maybe the necessity is mentioned somewhere else in the Standard and similarly with regard to any possible exclusion clauses ?
Or perhaps compliance with the above Guidance-mentioned "sourcing from certified suppliers (e.g. SQF certified suppliers)" is enough, ie a GFSI benchmarked supplier >equiv. to "SQF certified"?.
Clarifications welcomed.
As per Code/2.4.5.4 above, other additional requirements are also required.
Rgds / Charles.C
Thanks to you all for your input! Charles, 2.4.5.5 is more specific to my question. I have been through a SQF Level 2 Audit before, and am trying to reduce the amount of stress, and deductions that we will encounter.
Thanks to you all for your input! Charles, 2.4.5.5 is more specific to my question. I have been through a SQF Level 2 Audit before, and am trying to reduce the amount of stress, and deductions that we will encounter.
Dear jweiman,
As i understood it, yr OP queried the benefit (or not) of using suppliers possessing certification to a GFSI recognized standard, particularly so as to eliminate the necessity of your carrying out an annual audit.
para. 2.4.5.5 appears to require you to maintain a register of approved suppliers/related data. ??
So, does a supplier complying with the first paragraph deliver the mentioned objective ? i daresay other posters might like to know. :smile:
Rgds / Charles.C
Charles, as I am not an SQF auditor, I will leave interpretation of the current SQF Code to the professionals. In my original question I asked if anyone knew of the "chapter and verse" in the SQF Code where the use of a GFSI Scheme Audit in place of a third party audit would be acceptable. The reason for my question was that many of my establishment's vendors have sent us their current GFSI scheme certification with the annual paperwork we requested, and due to time constraints, I do not have the luxury of traveling around to all of them if in-person audits were required. I am aware of what documentation is required for a facility's Vendor Audit program, as detailed in 2.4.5.4. However, 2.4.5.5. states, "A register of approved suppliers and records of inspections and audits of approved suppliers shall be maintained". As a GFSI scheme audit or a third part GMP Audit fulfills the "records of inspections and audits of approved suppliers shall be maintained" part of 2.4.5.5, I was simply looking for clarification if one could be used in place of the other. Since I heard this from a certified SQF Auditor earlier this year, I would believe it to be true. RG3 and LeeAnn have answered my question with the specifics I need, and I have already corrected my establishment's program to reflect the information and confirmation they provided.
Dear jweiman,
Thks for yr detailed post.
i understand that yr, anecdotally-based, opinion to previous post is Yes, and that yr experience has so far not disproven such.
But please correct me if i misinterpret.
Rgds / Charles.C
Dear jweiman,
As i understood it, yr OP queried the benefit (or not) of using suppliers possessing certification to a GFSI recognized standard, particularly so as to eliminate the necessity of your carrying out an annual audit.
para. 2.4.5.5 appears to require you to maintain a register of approved suppliers/related data. ??
So, does a supplier complying with the first paragraph deliver the mentioned objective ? i daresay other posters might like to know. :smile:
Rgds / Charles.C
Dear jweiman,
Thks for yr detailed post.
i understand that yr, anecdotally-based, opinion to previous post is Yes, and that yr experience has so far not disproven such.
But please correct me if i misinterpret.
Rgds / Charles.C
Charles,
My answer to your first post is MAYBE. If I knew the answer for sure, I wouldn't have asked the question on this forum. I am not an SQF Consultant or Auditor, therefore I do not interpret the code, I try to figure out how to get maximum points and make sure my establishment passes the SQF Audit with a score of 86 or above.
I was not asking the benefit of using (or not using) a GFSI certified scheme audit over a third party GMP audit to satisfy the Vendor Audit requirements in
2.4.5.5, I was asking the legality of using a GFSI audit, so as not to incur a Minor or Major nonconformance on the SQF Audit forthcoming at my establishment.
2.4.5.4 itself mentions all the components of a vendor audit performed by a representative of an establishment on its suppliers, in person. The conundrum comes with the GFSI audit, as all the same requirements in 2.4.5.4 are performed on the supplier, but by a GFSI Scheme Certified Auditor, not by a representative of the receiving company. So if I use the GFSI Scheme Audit as the annual audit for that supplier, I'm trusting that the GFSI Scheme Auditor knows how to correctly and legally perform the audit in accordance with the SQF Code. Common sense would tell you that if your suppliers have the certification your own establishment is striving for, they are being held to the same high standards, and the results of the GFSI Scheme Audit should be sufficient to meet the SQF Code requirements.
However, each GFSI Scheme Consultant and Auditor is different, and focuses on different things during the pre-assessment or Certification Audit. So my question was to find out if the practice of using a GFSI Scheme Audit for suppliers was a Standard Operating Procedure for other food production facilities. As I have gotten 2 confirmations of it, I will tailor my Vendor Audit program to include the suggested information.
For any further questions about the SQF Code, and how it is used to audit food production facilities, I suggest you go to the SQFI website, and contact one of the many Certification Bodies listed there.
Charles,
My answer to your first post is MAYBE. If I knew the answer for sure, I wouldn't have asked the question on this forum. I am not an SQF Consultant or Auditor, therefore I do not interpret the code, I try to figure out how to get maximum points and make sure my establishment passes the SQF Audit with a score of 86 or above.
I was not asking the benefit of using (or not using) a GFSI certified scheme audit over a third party GMP audit to satisfy the Vendor Audit requirements in
2.4.5.5, I was asking the legality of using a GFSI audit, so as not to incur a Minor or Major nonconformance on the SQF Audit forthcoming at my establishment.
2.4.5.4 itself mentions all the components of a vendor audit performed by a representative of an establishment on its suppliers, in person. The conundrum comes with the GFSI audit, as all the same requirements in 2.4.5.4 are performed on the supplier, but by a GFSI Scheme Certified Auditor, not by a representative of the receiving company. So if I use the GFSI Scheme Audit as the annual audit for that supplier, I'm trusting that the GFSI Scheme Auditor knows how to correctly and legally perform the audit in accordance with the SQF Code. Common sense would tell you that if your suppliers have the certification your own establishment is striving for, they are being held to the same high standards, and the results of the GFSI Scheme Audit should be sufficient to meet the SQF Code requirements.
However, each GFSI Scheme Consultant and Auditor is different, and focuses on different things during the pre-assessment or Certification Audit. So my question was to find out if the practice of using a GFSI Scheme Audit for suppliers was a Standard Operating Procedure for other food production facilities. As I have gotten 2 confirmations of it, I will tailor my Vendor Audit program to include the suggested information.
For any further questions about the SQF Code, and how it is used to audit food production facilities, I suggest you go to the SQFI website, and contact one of the many Certification Bodies listed there.
Dear jweiman,
No problem. I daresay the precise relationship, if any, vis-a-vis SQF approved suppliers and suppliers which have ben audited/certified to standards which are recognised by GFSI* will eventually be confirmed.
*AFAIK this "audit" is what is referred to in American parlance as a "GFSI audit" unless the terminology has now been expanded to include other arbitrary audit schemes. It does appear that an extensive vocabulary is developing around "GFSI".
Rgds / Charles.C
Charles,
GFSI is the abbreviation for the Global Food Safety Initiative, which is the umbrella organization for the initiative for continuous improvement in all levels of food safety management. There are several schemes recognized by GFSI, which are used by food production facilities and farms. A few of these recognized schemes are: 1)BRC (British Retail Consortium), 2) FSSC 2000, and 3) SQF (Safe Quality Food). The scheme a particular establishment chooses depends on several factors: 1) the scheme that best fits the products produced at that facility, and 2) what the customer requests/requires. None of the recognized schemes need to mention GFSI, because simply by existing, they have been certified by the GFSI board.
"GFSI Audit" is shorthand for any audit performed to meet the standards of one of the recognized GFSI schemes. In the case of my establishment, in the USA, a customer has requested we attain SQF Level 2 Certification. In receiving GFSI Scheme audits from our suppliers, the majority are SQF Certified, but there are a few BRC Certified companies. We, as a company, have not placed a specific requirement on our suppliers to acquire any particular GFSI Certification. Any that choose to do so make our job easier, especially in relation to our own SQF Audit.
As the agriculture and food production industries continue to change, I'm sure all the GFSI Certified schemes will continue to evolve and cover smaller issues such as this issue in greater detail in future versions and updates.
(Somewhat :off_topic: )
Dear jweiman,
Sorry but it is possible we may have to agree to disagree regarding terminologies. :smile:
In my personal opinion, the term “GFSI Certification” is an etymological abomination, despite its popularity with the Advertising Industry, eg see Google.
.
And, IMO, tainted to equal or lesser amounts by the same brush are (1) GFSI audit, (2) GFSI Certified, (3) GFSI Scheme Certified Auditor, (4) GFSI Scheme Consultant, (5) GFSI Scheme Auditor.
BRC and SQF are Standards. GFSI is not. Nor is it a Scheme.
From the “mygfsi” website –
GFSI does not:
- Make policy for retailers, manufacturers or food safety scheme owners
- Undertake any accreditation or certification activities
- Own any food safety schemes or standards
- Undertake training
- Have any involvement outside the scope of food safety, such as animal welfare, the environment or ethical sourcing
Regardless, if you can validate that the GFSI Initiative approves of the usage of the term “GFSI Certification” then I can cheerfullly accept the (hopefully rare) encountering of terms from the above collection of jargon. :smile:
Rgds / Charles.C
PS - I am still wondering if -
(a) whether the SQF standard demands an annual audit of approved suppliers ?.
(b) whether the possession by a manufacturer of a copy of a supplier's current certification to a GFSI recognised standard is considered equivalent to a (satisfactory) manufacturer's own audit
© whether copies of 3rd party supplier audits arbitrarily stated to be "GFSI audits" are also considered equivalent to a (satisfactory) manufacturer's own audit.
(d) whether copies of 3rd party audits lacking the "GFSI" as per ( c) are also considered equivalent to a (satisfactory) manufacturer's own audit.
I am guessing the answers are no, yes, yes, yes