7 replies to this topic

[carine]

Hi all, 

 

As above mentioned, some of customer would requested documents such as flow chart, haccp plan, product description and so on.from us and my concern is due to confidential nature of the documents, should we stamp something on the documents before hand it over to customer?

 

Sometimes, some of people pretend to keen on our product  and asking Food Safety Management Certificate ahead of making purchase but end up we found our cert being abused..

 

You input on countermeasures against the issues above much more appreciated. .   

[Kibunje]

Hi all, 

 

As above mentioned, some of customer would requested documents such as flow chart, haccp plan, product description and so on.from us and my concern is due to confidential nature of the documents, should we stamp something on the documents before hand it over to customer?

 

Sometimes, some of people pretend to keen on our product  and asking Food Safety Management Certificate ahead of making purchase but end up we found our cert being abused..

 

You input on countermeasures against the issues above much more appreciated. .   

Hello Carine 

I've no much experience on this but I have a same concern on the matter,I would like to join  you  asking the honorable members over here,what are documents which am I supposed to share with customers? I am preparing some product specifications and Product materials safety data sheet,which one in these two documents I can share with customers?

Thanks

[Brendan Triplett]

Hello all,

 

Guidance that I have received on this is two-fold.  On one hand we are taught that food safety is a joint process and that we should be open to sharing our documentation.  On the other hand we have also been taught that with a business like what we do that much of the information is proprietary.  So, some time ago I reached out to SQFI and to the NSF and asked them about this and they told me that it is not necessary or recommended to hand your entire HACCP Plan to a customer or another vendor.  Instead they recommended that I give them a letter stating that we are compliant and then make the HACCP Plan, in its entirety, available for review on site.  I drafted up a letter that I send out to all of our customers and I have never had an issue with them when they come by to audit our processes.  We aren't hiding anything, we just aren't giving all of our information to every person that walks in and requests hundreds of pages of our documentation.  The spirit of what we are doing is meant to be shared, not the specifics. 

I doctored up the letter and included it here.  Hope it helps.

 

Cheers!

 

 2.1.2.2 HACCP and FSP Regulatory Letter of Compliance.docx   15.77KB   62 downloads

[pHruit]

Just to add to Brendan's comments, I think a sensible balance can be struck by turning this question around and asking yourself what you'd actually *need* to see (rather than want to see based on some arbitrary list) as part of supplier assessment and due diligence.

We don't have a particularly complex process and it doesn't contain anything proprietary, but lots of other bits of systems aren't really suitable for release - for example in addition to the usual HACCP, audit reports etc we now frequently get asked for full copies of our food defence plan, disaster recovery plan and site security plan. The latter is an interesting one as (a) much of it isn't going to mean a lot unless you know the business, and (b) releasing details of what we do about our most critical security areas rather undermines those countermeasures...

We've therefore taken a similar approach to Brendan and prepared various types of standard document that give a general overview of the system, rather than any specifics. Reception to this is about a 75/25 split between "oh, we'd never thought about the consequences of releasing details of our security systems, maybe we shouldn't do that either" and "our requirements are that we have a copy of your plan so we won't accept a statement" (it turns out that actually they will, once they've passed it on to someone with the seniority to sanction it ).

 

Carine - I don't think you can completely escape the provision of information to customers, as they need to know what the product is and to assess your business as a potential supplier. Stamps etc are of very limited use these days, given how easy it is to digitally edit such things out, so I'd suggest considering a basic set of key documents for new enquiries so you're in control of the amount of info being released, e.g.:
Specification - this could be a simpler version initially, before sharing a full copy as part of proper contractual discussions. We have what we call "product information sheets" that are a short general summary of key details that we put on our website etc and by using this name it distinguishes it from a "real" spec that you can send subsequently.

Safety Data Sheet - if your products are classed as hazardous then I don't think you can reasonably avoid sharing this. There is some flexibility to write these in a way that protects confidential formulation data though (e.g. by using recipe "bandings" rather than exact amounts for components) so that could be worth looking at.

Simplified process flow diagram - lots of people are going to request a process flow, but you don't necessarily need to share the "full" one.

Certification - obviously don't share the corresponding audit reports unless you're comfortable doing so.

Allergen / GMO / Nutritional data if not included in the spec

 

The above would be a reasonable introduction for a "real" customer but should allow you to ensure you're not releasing too much if you're worried about spurious enquiries.

[carine]

Thanks Brandan and pHruit shed light on me. Ur guys info very useful indeed. 

 

I have one more concern, what if customer request a copy of document from us when audit on-site, are we obligate to give it away?  

[pHruit]

Hi Carine,
If they're a good enough customer that you'd decided to let them audit you then I'd not be too concerned about sharing information during the audit - you can just make it clear that they are only able to review it on site, and ask them to not take any copies or photographs of documents. Similarly, you can ask that they leave out certain details when they're writing their notes. I've never yet met an auditor who hasn't respected this type of request.

Of course there is nothing actually forcing you to share anything at all - it's really a business decision in terms of balancing the desire to protect your data with the need to keep customers happy, so your company can set your own approach/policy on this.

[Brendan Triplett]

Audits are tricky.  I would allow the person, or company, to review the document but if there is any information on that document that you would determine to be sensitive then I would not necessarily allow them to take it with them.  I tend to fall back on allowing them to review the documents on site and they can ask any questions that they might need to.  Heck, they can even take notes if they like.  I just don't really allow our documentation to leave the building if it is at all possible.  No one will ever give you trouble for not allowing them to leave with your paperwork.  They might, however, knock you for points if you outright refuse to show it to them at all.

 

Cheers

[gud2ya]

letter of guarantee or any certificate will do.

 

they can see the details on site if they audit you.

Edited by gud2ya, 26 September 2018 - 09:36 AM.