I've no idea Charles, I'm not the BRC auditor. I just presented to him what I had. He might have been satisfied with packaging not on there. I'm not the expert on BRC V7, I just do what I can to protect my products.
As for a database, again I have no idea, I did my research and looked at areas of vulnerability (or what I thought were areas of vulnerability). There may be something out there (or an opportunity for someone)
Appreciate the feedback. I daresay the folks reading the parallel Packaging thread may also be interested,