7 replies to this topic

[IKE]

Writing my crisis management plan and I am curious how others are defining a "crisis" . SQF guidance doc gives no definitions here so it is up to interpretation. I have a pretty good idea how I want to define a crisis for our company but I am really curious how other define crisis, and if your auditors ever give you feedback regarding your definitions of a crisis. my proposed criteria for initiating the crisis management protocol....

 

catastrophic event that results in damage to building - 

flood, fire, tornado, winter storm

 

prolonged shut-down - 

anything that stops production greater than 7 consecutive days. (equipment or utility failure, loss of workforce)

 

Threat to stored product integrity -

Sewage backup, major warehouse leaks or spillage incidents, (not relevant to us but loss of temp control would go here).

 

did I miss anything or is this overkill? 

 

 

 

 

[Scampi]

you may be adding overkill as your also required to "test" the crisis plan (although I really don't know how anyone would do that)

 

Look at historical records online to see what (if any) natural events are likely to happen where you are and then eliminate the others

 

My auditor said when I told them we wouldn't be "testing" the crisis plan............"well, do your customers know you don't have a back up plan?" Um, none of your business

 

So based on that statement, I would keep this clause as tight as you reasonably can..........if you are in flood/fire/tornado area, than you may need/want to keep them, if you are not do not. 

 

Crisis management---it's good to have a plan, but chances are decisions will be made without your input that you may not be aware of. Yes, product safety must come first, but if your lucky enough to be able to just pitch/condemn everything, then include that in your plan. (our product would explode in a fire, if it froze (no power in winter), if we got hit with a tornado etc so we would never pick through it, everything would be condemned. 

[Lesley.Roberts]

UK retailers, who are notoriously picky if you produce “own brand” products for them,do require that you “test” your crisis plan.  

 

Realistically it’s impossible to plan for every eventuality so you can state what a crisis may include and give examples.

 

To “test” this you would envisage a fictional scenario, for example loss of refrigeration.  You then check that the key contacts on your crisis management procedure were available & that you can complete traceability exercise to see where affected product may be located.  Noting any NCFs & proposed corrective actions.

 

I have never known an auditor – from a certification body or a customer – questioning this any further & the focus does seem to be availability of key staff (as per BRC 3.11.2) and traceability of affected product (3.11.3).

 

Combining a “mock crisis” with a traceability exercise (3.11.3) seems to satisfy every auditor requirements in my experience?.  You may also need to refer to customer protocols as sometimes they require that they are contacted in the event of a food safety issue/crisis.

 

NB. completing this out of hours is a BRC requirement (3.11.2), plus often a customer requirement too, so, if you are BRC or there is a customer specific requirement, it is worth doing this out of hours to add validity to your systems & processes.

Edited by Lesley.Roberts, 27 November 2018 - 10:58 AM.

[gracewins]

Hello Ike,

I recently went through our SQF 8 audit and this was a topic that our auditor gave us feedback on.
When it comes to manufacturing/ supplying customers with product, they want to be able to rely on you to provide that product to them. You need to show that you have a plan in place should a
"crisis" occur. They also want to see that you "test " it or "challenge" it at least annually to ensure your program works.
We used an example of one of our main pieces of production equipment being inoperable due to replacement parts being extremely hard to come by due to severe storms and power outages. (its a stretch but it worked). We were able to show that even though this occurred we could still manufacture on a small scale using other equipment that we have. We showed that we could still provide the product to the customer. Hope this helps.

[CMHeywood]

The first time we got audited for SQF, we had a nonconformance because we had not a recall/trace mock exercise which the auditor said was not correct for a crisis management mock test.

 

So what we did is combine the mock test with one of our fire drills.  When people were waiting outside we marked some mfg areas as quarantined (do not enter do unsafe building condition).  We also documented who would get involved and what we would do to get the "damaged" area and machines back into production.

 

The mock test should show:

1. If there was any confusion about who was in charge of the different recovery activities.
2. If there was any confusion as to the back-up person if primary not available.
3. If there was the proper steps taken to insure food safety and quality - cleaning, fixing, etc.
4. If there is someone authorized to talk to the media.
5. If there was clear understanding of who internally and externally needed to be notified.
6. Etc.

This first mock crisis test did show that there was confusion and poor communication of what needed to be done and who was in charge.

 

Coincidentally we had a fire in the plant about two years later which caused smoke damage to our products as well as building damage.

[susangopher]

 is this overkill? 

Definitely NOT!  Our last auditor wanted to know about likelihood of crises involving

IT communications, employee mass sickness, transportation interruptions, Riots and strikes and interruptions of services of all kinds.

It seemed pretty funny considering our small rural community where earthquakes are our big deal, but if you are near the big cities it must be considered, I guess

[Charles.C]

So what does the SQF Guidance say regarding expected detail of response ??

[Scampi]

Once again, auditors are creating issues to satisfy this element..........what does IT have to do with FOOD SAFETY!  

 

FROM SQFI

 

What do I have to do?

The supplier is required to identify a crisis management team including a senior decision maker and ensure the team is trained in crisis management procedures.

The team shall identify known threats to the business which could disrupt or impact its ability to produce and provide safe food and prepare a plan describing the methods and controls the supplier will implement to address these threats if they were to occur and how to maintain continuity of product supply during the crisis.

The plan must document in detail the controls the supplier will implement to assure that food safety are not compromised and that if the integrity of any product is compromised, how the product will be isolated and controlled.

The plan should ensure that everyone on the crisis management team is familiar with the withdrawal and recall procedures the supplier has documented under 2.6.3. The plan needs to include criteria for when controls will be implemented (e.g., numbers of hours with no power, rise in product temperature prior to moving to alternative storage locations, etc.) and how criteria will be monitored during the business threat condition. Criteria are to be product specific, as appropriate. Also included are product review and disposition criteria to determine what product is recoverable, what is salvageable and what is to be destroyed. Methods for recovery, salvage, and destruction shall be described within plan.

Communication during a crisis is important. Methods for communication with customers, stakeholders and news media must be described and the individual (s) who is/are responsible for communication (s) must be identified.

The crisis management plan shall include a crisis alert contact list, sources of legal and practitioner assistance which may counsel senior management in a crisis situation and designation of responsibilities for internal and external communication during a crisis.

The crisis management plan shall be reviewed at least annually.

All elements of the plan need to be tested. This could include a mock press release, mock incident, requirement to contact external storage locations, etc.

The key provision is to have a mock crisis identified, product identified, criteria for monitoring of affected product, actions that would be taken based on results from monitoring, and final disposition of identified product. If a mock communication is created, it is not recommended to contact customers for fear of confusion.

Records of this review are required.

 

2.1.5 Auditing Guidance

The crisis management plan shall be reviewed during the desk audit and the implementation of the plan, and its annual review (including follow-up and corrective actions) checked as part of the site audit by interview, observation and review of records.

Evidence may include:

 A crisis management team has been established, trained and includes a senior decision maker;

 A crisis management plan is in place and has been tested at least annually;

 The crisis management plan includes known business threats, controls that need to be implemented, measures to isolate affected product and a contact list of relevant authorities, legal advice and other key stakeholders;

 The crisis management plan includes identification of the individual (s) responsible for communication, including communication within the site;

 Where the annual review of the crisis management plan has identified non-compliances or areas requiring improvements, corrective actions (refer to 2.5.5) have been identified and implemented;

 Records of business continuity plan reviews and their corrective actions are available.