Once again, auditors are creating issues to satisfy this element..........what does IT have to do with FOOD SAFETY!
What do I have to do?
The supplier is required to identify a crisis management team including a senior decision maker and ensure the team is trained in crisis management procedures.
The team shall identify known threats to the business which could disrupt or impact its ability to produce and provide safe food and prepare a plan describing the methods and controls the supplier will implement to address these threats if they were to occur and how to maintain continuity of product supply during the crisis.
The plan must document in detail the controls the supplier will implement to assure that food safety are not compromised and that if the integrity of any product is compromised, how the product will be isolated and controlled.
The plan should ensure that everyone on the crisis management team is familiar with the withdrawal and recall procedures the supplier has documented under 2.6.3. The plan needs to include criteria for when controls will be implemented (e.g., numbers of hours with no power, rise in product temperature prior to moving to alternative storage locations, etc.) and how criteria will be monitored during the business threat condition. Criteria are to be product specific, as appropriate. Also included are product review and disposition criteria to determine what product is recoverable, what is salvageable and what is to be destroyed. Methods for recovery, salvage, and destruction shall be described within plan.
Communication during a crisis is important. Methods for communication with customers, stakeholders and news media must be described and the individual (s) who is/are responsible for communication (s) must be identified.
The crisis management plan shall include a crisis alert contact list, sources of legal and practitioner assistance which may counsel senior management in a crisis situation and designation of responsibilities for internal and external communication during a crisis.
The crisis management plan shall be reviewed at least annually.
All elements of the plan need to be tested. This could include a mock press release, mock incident, requirement to contact external storage locations, etc.
The key provision is to have a mock crisis identified, product identified, criteria for monitoring of affected product, actions that would be taken based on results from monitoring, and final disposition of identified product. If a mock communication is created, it is not recommended to contact customers for fear of confusion.
Records of this review are required.
2.1.5 Auditing Guidance
The crisis management plan shall be reviewed during the desk audit and the implementation of the plan, and its annual review (including follow-up and corrective actions) checked as part of the site audit by interview, observation and review of records.
Evidence may include:
A crisis management team has been established, trained and includes a senior decision maker;
A crisis management plan is in place and has been tested at least annually;
The crisis management plan includes known business threats, controls that need to be implemented, measures to isolate affected product and a contact list of relevant authorities, legal advice and other key stakeholders;
The crisis management plan includes identification of the individual (s) responsible for communication, including communication within the site;
Where the annual review of the crisis management plan has identified non-compliances or areas requiring improvements, corrective actions (refer to 2.5.5) have been identified and implemented;
Records of business continuity plan reviews and their corrective actions are available.