IMO the blame for, i suspect, mutual auditor and auditee confusion lays squarely on BRC's shoulders due (a) the highly convoluted text within clauses 126.96.36.199 and 188.8.131.52 plus (b) BRC's usage of the totally undefined terminology of "low risk supplier" in clause 184.108.40.206.
Textually there appear to be 2 potentially contributing portions of BRC text related to the supplier's risk rating, namely -
The risk assessment [of the raw materials/packaging] shall form the basis for the raw material acceptance and testing procedure and for the processes adopted for supplier approval and monitoring
The [supplier] approval and monitoring procedure shall be based on risk [of what?] and include one or a combination of:
• certification (e.g. to BRC Global Standards or other GFSI-recognised scheme)
• supplier audits, with a scope to include product safety, traceability, HACCP review and good manufacturing practices, undertaken by an experienced and demonstrably competent product safety auditor
or, for suppliers assessed as low risk [??!] only, supplier questionnaires.
I believe that the BRC Guideline document implies that BRC intended that the overall supplier risk rating was to [somehow] involve both the above "factors". Such an approach is not unreasonable IMO but offers an opportunity for a variety of subjective conclusions.
I speculate that redfox's auditor "combined" a "Low" from 1st portion with a "non-Low" (ie zero audit) from 2nd portion to yield an overall "non-Low" rating. This then voided the option of a SAQ.
Pure speculation of course.
PS - Personally, based solely on the text of the FS Code, i myself interpreted the supplier risk rating to be totally determined from 1st portion above with the result then being transferred into the 2nd portion with appropriate final consequences as laid out in 220.127.116.11. redfox's auditor would presumably not have accepted this procedure either if the 1st result was a "Low".