Hi Hadtoregister,
I am trying to interpret clause 3.5.1.2 and 3.5.1.3.
- How do we evaluate supplier's legality?
I can't see any mention of assessing the legality of the supplier in 3.5.1.1 / 3.5.1.2 / 3.5.1.3 in Issue 8 - the "fundamental" requirement for section 3.5.1 mentions legality with regard to the raw materials and products.
- The validation process of the supplier's BRC certification status???
You're expected to check that the certificate is valid for any supplier GFSI certification.
For BRC you can use: https://brcdirectory.co.uk/
There are equivalent online resources for FSSC22000 (https://portal.fssc22000.com/dashboard) and SQF (https://www.sqfi.com.../public-search/). IFS is a bit of an oddity but has now put a system in where you scan a QR code on the certificate, but this has only been put in place very recently. Otherwise you can email the certification body / scheme owner and ask them to confirm a certificate's validity.
- What is the main difference between 3.5.1.2 and 3.5.1.3 ?
3.5.1.2 is really concerned with approval of the supplier, whereas 3.5.1.3 is about ongoing monitoring and performance review.
We'd follow our supplier approval procedure for 3.5.1.2 for any new supplier, and generally every three years thereafter to renew/reapprove each supplier.
For 3.5.1.3 we do an annual performance review of every supplier, where we look at performance indicators such as complaints, general service and support levels etc and sscore them all based on this. The scoring then feeds back into the supplier risk ratings and approval status, so e.g. if we've had significant issues with a supplier then their risk score will increase and this might then corresponding have an effect on reassessment frequency or requirement for full audit rather than relying on their GFSI certification.
-When we conduct supplier risk assessment, how do you define if the supplier is low risk in your case? If the supplier did not have any fraud and recall history, would it be a low risk?
We use a scoring matrix for this, the same as we use for all suppliers irrespective of certification.
Ours considers GFSI certification, other certification (we assign a value to ISO9001, ISO22000, HACCP etc), annual performance review score, geographical location, product type, value/volume of business we put through them, length of successful trading relationship, transparency index rating and a final adjustment factor based on audit results where we've audited them. This generates a numerical score and we set risk bandings based on this.
It's been enough to keep multiple auditors for both BRC Food and BRC Agents & Brokers standards happy, but if you look around the forum here you'll find that there are probably as many different interpretations of the requirement for the "low risk" clause as there are BRC auditors.
Our overriding impression is that it is in part intended to apply pressure along the supply chain to encourage everyone to go for GFSI certification, as it's become gradually harder to justify use of non-GFSI sources unless you audit them...