Hi Thanhtien,
In TS/ISO 22002-1 9.2 Selection and management of suppliers it states:
There shall be a defined process for the selection, approval and monitoring of suppliers. The process used shall be justified by hazard assessment, including the potential risk to the final product, and shall include:
a) assessment of the supplier’s ability to meet quality and food safety expectations, requirements and specifications;
b) description of how suppliers are assessed;
NOTE Examples of a description of how suppliers are assessed include: 1) audit of the supplying site prior to accepting materials for production; 2) appropriate third party certification.
So it isn't completely clear that it is a must but implies certification or audit is required, particularly for high risk suppliers.
It is clearer in BRC for example and maybe the auditor is used to auditing to BRC, however, personally I would expect high risk suppliers to be audited or be certified to a GFSI benchmarked standard.
Kind regards,
Tony
Hi Tony,
Thanks for the nice ISO quotation.
However i somewhat disagree yr comment that BRC7 is more clear than ISO. IMO both are "obscure" as to their specific criteria for rating a Low/High Risk Supplier.
IMO one can easily end up with risk rating conundrums, eg -
(a) The supplied "ingredient" is (haccp) rated as "high" risk due to its risk impact on the final production process/final product safety.
(b) The supplier's facility/process is rated as "low" risk if focused on (eg BRC7) "traceability, HACCP review and GMP"(excluded "product safety" since meaning unclear to myself. Perhaps they meant (a)?).
So which one prioritises for the overall Supplier Risk Status ? eg is H/L equivalent to L/H ?
I previously on the Forum decided to use (a) only for BRC while noting the lack of BRC textual clarity (IMO).
(Logically one might argue that "high risk" (b) suppliers should not be "approveable" anyway ?).