Jump to content

  • Quick Navigation
Photo

BRC 1.1.6 Confidential reporting system

Share this

  • You cannot start a new topic
  • Please log in to reply
44 replies to this topic

pieczyk

    Grade - Active

  • IFSQN Active
  • 1 posts
  • 0 thanks
0
Neutral

  • United Kingdom
    United Kingdom

Posted 17 April 2019 - 09:49 AM

I am still not sure, whether it should be a formal whistleblowing policy; or rather more informal mechanism to enable confidential reporting of food

 

safety and quality concerns by employees and to provide (positive/negative)  feedback that the company can act on. 


Edited by pieczyk, 17 April 2019 - 09:51 AM.


pHruit

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,071 posts
  • 849 thanks
536
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 17 April 2019 - 10:18 AM

I'd say somewhere between the two - you want a formal mechanism to enable confidential reporting by employees, but exactly what you call it will depend partly on your interpretation/application of the term "whistleblowing" - this could potentially apply to a broader range of reporting, including relating to raising a concern with a party external to your company, where either an internal response has been ineffective or there are genuine reasons that it needs to be raised directly with someone else.

The Interpretation Guide mentions retailers' whistleblowing systems but notes that your own system is required in addition to these. Other potential legitimate whistleblowing activities could involve direct contact with external bodies such as regulators, although this doesn't seem to be as frequently used (at least in the UK) as the equivalents for either the financial services sector or healthcare (see e.g. the wonderful treatment that various doctors and nurses have received for raising entirely legitimate and very significant concerns that the NHS has refused to properly acknowledge/deal with).

 

Personally I'd call it a confidential reporting policy / system, solely on the basis that being audited is usually easiest when you're able to hand the auditor documents that exactly match what the standard says, and just make sure that it covers the details discussed in the interpretation guide for clause 1.1.6.



Thanked by 1 Member:

karina.j

    Grade - MIFSQN

  • IFSQN Member
  • 70 posts
  • 26 thanks
6
Neutral

  • United Kingdom
    United Kingdom
  • Gender:Female
  • Location:South Wales

Posted 17 April 2019 - 01:33 PM

this is what I have written

(we have suggestion/reporting box in canteen)

 

 

 

(Company) is committed to adhere to the highest standards of ethical, moral and legal conduct of business operations. To maintain these standards, the Company encourages its employees who have concerns about suspected misconduct to come forward and express these concerns without fear of punishment or unfair treatment.

The Whistleblowing policy intends to cover serious concerns that could have grave impact on the operations and performance of the business of the Company. The policy neither releases employees from their duty of confidentiality in the course of their work, nor is it a route for taking up a grievance about a personal situation.

This policy and procedure manual outline the Company’s Policy on whistle blowing and the procedure for investigating and dealing with all reported cases of illegal and unethical conduct and any other misconduct.

 

Specific objectives of the policy are:

  1. To ensure all employees feel supported in speaking up in confidence and reporting matters they suspect may involve improper, unethical or inappropriate conduct within the Company;
  2. To encourage all improper, unethical or inappropriate behaviour to be identified and challenged at all levels of the organization;
  3. To provide clear procedures for reporting and handling such concern(s);
  4. To proactively prevent and deter misconduct which could impact the financial performance and damage Company`s reputation;
  5. To provide assurance that all disclosures will be handled seriously, treated as confidential and managed without fear of reprisal of any form; and
  6. To help promote and develop a culture of openness, accountability and integrity.

 

Reportable misconducts covered under this policy include:

  1. All forms of financial malpractices or impropriety such as fraud, corruption, bribery, theft and concealment;
  2. Failure to comply with legal obligations, statutes, and regulatory directives;
  3. Actions detrimental to Health and Safety or the work environment;
  4. Any form of criminal activity;
  5. Improper conduct or unethical behaviour that undermines universal and core ethical values such as integrity, respect, honesty, accountability and fairness.

 

The above listed reportable misconducts or concerns are not exhaustive. However, judgement and discretion is required to determine misconduct that should be reported under this policy.

 

WHISTLE BLOWING PROCEDURE

 

The whistleblowing procedure involves steps that should be taken by the whistleblower in reporting misconduct, and steps required for the investigation of the reported misconduct.

 

  1. Step One - Raising concern(s) by whistleblower

 

Whistleblowers are expected to act in good faith and should refrain from making false accusations when reporting his/her concern(s), and also provide further evidence at his/her disposal to aid investigation of the issues reported.

Whistleblower may raise concern through any of the following media (this can be done either by declaration or in confidence/ anonymously):

  • Formal letter to the Group Managing Director
  • Declaration placed in designated reporting box located in the staff canteen

 

  1. Step Two - Investigation of Concerns and update on progress of investigation

 

All concerns are collected and reviewed monthly at Management’s Monthly Meetings.

If preliminary investigation conducted by Management Team shows that the concern falls within the whistleblowing reportable concerns, then further investigation shall be carried out.

Investigations should be handled promptly and as fairly as possible.

If the concern raised by the whistleblower is frivolous or unwarranted, the Management Team shall ignore such concern, if necessary disciplinary measure in line with Human Resources policy shall apply to staff that raise concern out of malice.

A whistleblower has the right to protection from retaliation. But this does not extend to immunity for involvement in the matters that are the subject of the allegations and investigation.

 

  1. Step Three - Report of Investigation and action on report

 

Upon conclusion of investigation, the representative of Management Team shall submit his/her report to the Human Resources.

Quarterly report to keep the Managing Director abreast of developments in whistleblowing shall be submitted by representative of the Management Team.

All disciplinary action relating to the report shall follow the Company`s disciplinary procedure as contained in the staff handbook.



Thanked by 1 Member:

Ubox

    Grade - Active

  • IFSQN Active
  • 1 posts
  • 0 thanks
0
Neutral

  • Sweden
    Sweden

Posted 24 April 2019 - 10:26 AM

Clause 1.1.6 of the BRC Global Standard for Food Safety leaves room for interpretation (see relevant clause text below). I share the analysis of the clause we made internally and how we dealt with it.

 

1. reporting system: confidentiality

There must be a reporting system in place. Theoretically, this can be anything ranging from the traditional telephone number, physical mail box or email address to a web-based external solution such as offered by professional third parties (look for "whistleblowing system" and you will find EQS, BKMS, WhistleB, etc), as long as such system guarantees confidentiality of the person reporting the concern. With the strict requirements for data processing (GDPR) and applicable national laws, we decided to go for a professional solution. We asked four whistleblowing system providers for a price quotation and chose the offer by WhistleB (from Sweden). We considered anonymous telephone reporting (they offer interactive voice response, so instead of a voice recording an automatically generated written report is provided) but decided to start with web-based reporting only.

 

2. clear communication

We have a Code of Conduct, which is published on our intranet. Below the text we included a short explanation that staff has the opportunity to report breaches of the Code of Conduct in various ways: contact direct manager, through regular phone number or email address to our trust person or through the external web-based solution. The external solution is a URL that leads to a dedicated reporting channel, available in all our languages. We organised a two-hour awareness training during which all participants received a plastic whistle with our company logo and a board member encouraged the staff to report any concerns, by "blowing the whistle".

 

3. assessment process

We established an "ethics team", consisting of trust person, HR, legal and supervisory board members. Only they have access to the CMS of the external whistleblowing solution and can read the messages received. Any reports received through different channels (regular phone or email) must be shared with the ethics team. They discuss incoming reports and decide how to deal with them.

 

4. documentation

The GDPR made it clear that the documentation requirement was our weak point. It was a burden to document all data processing actions and anonymise reports. Basically, we couldn't guarantee confidentiality. Our external solution comes with a CMS that has all GDPR requirements included. For example, all assessment and actions taken are automatically documented and all processing takes place within the external environment, not on our own servers.

 

So far, this set-up works well and we received various valuable reports. We also received positive reactions from employees about the way our board encouraged them to report concerns. We are monitoring the ISO37002 draft process, which should include helpful guidelines.

 

Below is the BRC clause text:

 

The company shall have a confidential reporting system to enable staff to report concerns relating to product safety, integrity, quality and legality.
The mechanism (e.g. the relevant telephone number) for reporting concerns must be clearly communicated to staff.
The company’s senior management shall have a process for assessing any concerns raised. Records of the assessment and, where appropriate, actions taken, shall be documented.


zanorias

    Grade - PIFSQN

  • IFSQN Principal
  • 811 posts
  • 245 thanks
167
Excellent

  • Wales
    Wales
  • Gender:Male
  • Location:UK
  • Interests:Motorcycling, Food Safety, Science, Paddleboarding, Space

Posted 24 April 2019 - 01:04 PM

I hope there have been sufficient posts to satisfy the question of the OP, so I'd like to ask the question if I may:

 

Has anyone found particular success since implementing whistleblowing? I.e. do staff use the confidential system? Has anything been flagged up that would have previously remained hidden? Just curious, as I've recently opened the reporting boxes, collated data from the food safety culture questionnaires but haven't had anything else reported yet (always the chance the has been nothing to report of course but I remain sceptical).



pHruit

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,071 posts
  • 849 thanks
536
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 24 April 2019 - 01:41 PM

Has anyone found particular success since implementing whistleblowing? I.e. do staff use the confidential system? Has anything been flagged up that would have previously remained hidden? Just curious, as I've recently opened the reporting boxes, collated data from the food safety culture questionnaires but haven't had anything else reported yet (always the chance the has been nothing to report of course but I remain sceptical).

 

"Success" may be a difficult concept to measure in this context?
That no reports have been made using the new system may mean that it's not working / people are scared or distrusting of it, but it could also mean that existing systems, management ethos and employee relations are working well, and people don't feel the need to make use of anonymity.

Obviously managers can be misguided, over-optimistic or outright deluded about such things, so having the extra safety net makes sense even in the best of companies.

We've had nothing reported as yet either, but experience to date suggests that if people are concerned about things then they'll send me an email or if they feel it's a bit more sensitive they'll ask me to meet them somewhere for a quieter discussion.

 

How long have you been running your system? If I was expecting to get multiple weekly confidential reports about food safety violations that people were scared to raise in person then I'd be wondering what sort of company I was working for! ;)

 

(Although what constitutes a reasonable vs. worrying number/frequency would obviously be expected to correlate with business size, to some degree)



zanorias

    Grade - PIFSQN

  • IFSQN Principal
  • 811 posts
  • 245 thanks
167
Excellent

  • Wales
    Wales
  • Gender:Male
  • Location:UK
  • Interests:Motorcycling, Food Safety, Science, Paddleboarding, Space

Posted 24 April 2019 - 02:11 PM

"Success" may be a difficult concept to measure in this context?
 

 

Or "results" may be a better word. Basically any whistleblowing or reports.

 

Our system has been running only two months so far.  I'll review after a few months and perhaps there is something that needs changing. My own experiences QAing the site make me sceptical that there is nothing worth reporting, though perhaps something in the system will need amending. Even with a system to satisfy the BRC auditor, I would like to genuinely improve the food safety culture and build on that.



pHruit

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,071 posts
  • 849 thanks
536
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 24 April 2019 - 02:26 PM

Or "results" may be a better word. Basically any whistleblowing or reports.

 

Our system has been running only two months so far.  I'll review after a few months and perhaps there is something that needs changing. My own experiences QAing the site make me sceptical that there is nothing worth reporting, though perhaps something in the system will need amending. Even with a system to satisfy the BRC auditor, I would like to genuinely improve the food safety culture and build on that.

 

This is a good point - as a QA you'll get a good feel for the actual culture on site, so whilst it's perhaps less easy to report on for audit purposes, you will be able to get an idea as to whether there is a significant disparity between your own gut feel for what is right/wrong, and what you're actually seeing in the reporting box / confidential answerphone / top secret morse code device.

Have you talked to your TM about it? Could it be the case that people are reporting informally/verbally, and it's being fed back to them? Obviously they'll probably need to respect confidentiality even if issues are raised outside of the confidential system*, but they should be able to give you a bit of an inkling as to whether they're aware of / working on some of the sorts of things that you're expecting to see in the box.

 

*As a TM I'd much rather people came and talked to me, and in doing so I'll do everything I can to maintain their confidentiality. In general this is how I'd prefer to find out about problems, and go out of my way to encourage it - I get a better feel for the true nature of the issue, and can look people in the eyes so they know I mean it when I tell them that I'm going to do something about it.

 

.



zanorias

    Grade - PIFSQN

  • IFSQN Principal
  • 811 posts
  • 245 thanks
167
Excellent

  • Wales
    Wales
  • Gender:Male
  • Location:UK
  • Interests:Motorcycling, Food Safety, Science, Paddleboarding, Space

Posted 24 April 2019 - 02:56 PM

I'd also rather people came to myself or a member of Technical too. My TM says we haven't received anything back yet other than the questionnaires, and I believe that. I think the challenge will be increasing food safety over other things i.e. "loyaty" to a friend; Jake may see Bob picking up a product from the floor and putting it back into the line, but doesn't want to get Bob in trouble. In training we've tried emphasising that everyone should be responsible, and QAs/managers will be observing and also cameras checked periodically which could potentially show someone witnessing something and keeping quiet :whistle: We've also used the example of one operative telling another if his hairnet has slipped over the ear to save it being noted on an audit so doing that operative a favour, but unfortunately this is still an issue sometimes when I'm doing an internal audit and it's not likely that no other staff noticed the PPE non-comp before I arrived there.



Lisa B

    Grade - AIFSQN

  • IFSQN Associate
  • 28 posts
  • 6 thanks
2
Neutral

  • Australia
    Australia

Posted 25 April 2019 - 02:25 AM

Hello All 

I am currently working on our confidential reporting system. I have just read through this particular thread and found all the suggestions, ideas and information of great value - thanks everyone, its much clearer as a result. 



Foodsafereports

    Grade - Active

  • IFSQN Active
  • 3 posts
  • 1 thanks
0
Neutral

  • Ireland
    Ireland

Posted 29 May 2019 - 08:36 AM

Hi all

 

Upon the introduction of this new clause in issue 8, I done a lot of reasearch into websites, phone numbers, suggestion boxes etc to try and fulfil the clause.  In the end what I done was developed my own website to help all business in the industry.  The website ensures full confidentiality and anonymity to its users.  I already have companies registered who have achieved Grade A in their audit.  One company had my website recommended by an auditor in a pre-audit as the system they had in place (suggestion box) was not sufficient.

I have attached a PDF below that shows how it all works.

The website is www.foodsafereports.com 

 

 

Attached Files


Edited by Foodsafereports, 29 May 2019 - 08:37 AM.


nkonstas

    Grade - AIFSQN

  • IFSQN Associate
  • 28 posts
  • 4 thanks
0
Neutral

  • Greece
    Greece
  • Gender:Male

Posted 02 June 2019 - 09:47 PM

Hi to all,

the problem in or business is this: on the production there is one native speaker and two immigrant who can speak & understand our native language (greek) but they cannot write or read them... How the should confidentially report an issue? how about disguss it with teir supervisor, he write it down & gie it to me (Q.A)



pHruit

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,071 posts
  • 849 thanks
536
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 03 June 2019 - 08:17 AM

Having to discuss it with the supervisor potentially undermines the confidential nature of the reporting system - what if the issue they want to report is about the supervisor, or about several of the supervisors?

How do you satisfy the language requirements of e.g. clauses 3.1.3 and 7.1.3 at present?

I think that the onus would be on your business to manage this issue, so staff could report issues confidentially in a language in which they're fluent, and then you'd need to arrange appropriate translation so you can understand and act upon the reported issue.



nkonstas

    Grade - AIFSQN

  • IFSQN Associate
  • 28 posts
  • 4 thanks
0
Neutral

  • Greece
    Greece
  • Gender:Male

Posted 03 June 2019 - 09:38 AM

Having to discuss it with the supervisor potentially undermines the confidential nature of the reporting system - what if the issue they want to report is about the supervisor, or about several of the supervisors?

How do you satisfy the language requirements of e.g. clauses 3.1.3 and 7.1.3 at present?

I think that the onus would be on your business to manage this issue, so staff could report issues confidentially in a language in which they're fluent, and then you'd need to arrange appropriate translation so you can understand and act upon the reported issue.

3.1.1

7.1.3

As long as they understand the verbal language we never (12 years BRC certified) have problem with this issue. and the auditors are OK with this. their supervisor gives them orders. As they are 10 years in the company they know how the work is done



pHruit

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,071 posts
  • 849 thanks
536
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 03 June 2019 - 10:26 AM

Ok, fair enough. In that case I'd go with the option of allowing the staff to report their issues in whatever language is comfortable to them, and making e.g. the forms they use to report the issue available in a suitable selection of languages.



KTSmith

    Grade - Active

  • IFSQN Active
  • 1 posts
  • 0 thanks
0
Neutral

  • United States
    United States

Posted 06 November 2020 - 09:20 PM

We are also a small company and it is very comon that comunication just happens face to face, but according to BRC it should be confidential and annonimous (this is a word used in the implementation guideline). I put in our canteen (the place where for sure all employees go), in the most used 4 languages a paper with the following information:

 

"If you have any questions, ideas of improvement or concerns regarding food safety, integrity, quality and legality, do not hesitate to contact the members of our HACCP team: X, Y, Z (their names. BRC has a requirement that the members of the HACCP team have to be known within the company. So this requirement is ticked off)

 

In case you would like to do this anonymously, go to (webpage with email address) and log in using:

username: xxxx

password:xxxx

 

Send an email to the addresses (my email address) and (the one of the secretary, also HACCP team member) in which you can write down your concern or idea of improvement. We will analyse it and see what measures we have to take. "

 

 

Additionally, in the hygiene rules they are informed about the confidential reporting system. 

 

During the monthly HACCP meeting and the annual management review, the received emails and the actions will be discussed. Even if nothing is received, it will still be noted. 

 

I really like your idea of using a website with a designate log-in, but what kind of site or program are you using? I'm with another small company so I was leaning toward just a box in the break room, but I'm trying to move us toward more digital record keeping anyway.



Ives101

    Grade - AIFSQN

  • IFSQN Associate
  • 41 posts
  • 7 thanks
7
Neutral

  • Australia
    Australia

Posted 16 November 2020 - 04:59 AM

I created a Google Form on Confidential Reporting and shared the link to all staff so they can report anything even outside of workplace. Reports are reviewed by Senior Management and actions taken when required without identifying the whistle blower.

 

Hope this helps.



Moanaorchard

    Grade - Active

  • IFSQN Active
  • 5 posts
  • 0 thanks
2
Neutral

  • New Zealand
    New Zealand

Posted 26 November 2020 - 01:33 AM

We are such a small company and was thinking about doing a suggestion box for anonymous reporting - has anyone use this before?  

Yes, we use a suggestion box for anonymous reporting.  Auditor totally happy with it.



Deniz An

    Grade - Active

  • IFSQN Active
  • 1 posts
  • 0 thanks
0
Neutral

  • Turkey
    Turkey

Posted 30 December 2020 - 05:29 AM

Hello,

 

I have written to procedure that the assistant of chairman of the board is taking concerns of employees by phone, mail or written forms in a box. Assistant have the key of that box. Would it be a problem that assistant can reach the concearns? Or it should be directly chairman of the borad?



bornyesterday

    Grade - AIFSQN

  • IFSQN Associate
  • 48 posts
  • 8 thanks
4
Neutral

  • United States
    United States
  • Gender:Male
  • Location:Michigan

Posted 09 March 2023 - 08:00 PM

There are many years of useful comments here!  My original quest here was to see whether there was crossover in Issue 9 between the expanded notion of the Culture of Safety and the Confidential Reporting (whistleblower) system. Apparently not.

 

In my case I work for a small company that has its break room at the end of a hall.  Through observation, I found that the hallway was the highest area of employee traffic short of the area around the timecard machine.   I modified a metal suggestion box to include a side acrylic window on one side of it to allow me to see whether it's empty as I walk by.  I discuss the reporting system every training session.  I stress in the training that the primary purpose is to report food safety concerns however the only contributions have been other safety concerns e.g. broken chairs in the break room.  

 

I interpret the lack of complaints as confirmation that other systems are functioning correctly in the same way when the Pest Control Operator reports no pest activity.


“Quality means doing it right when no one is looking."  - Henry Ford

 




Share this


Also tagged with one or more of these keywords: BRC, BRC Clause confidential repor, BRC 1.1.6

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users