14 replies to this topic

[Hank Major]

Is it my imagination, or is the new BRC 8 Clause 3.5.1.2 more explicitly stating that all it takes to approve a supplier is a "valid certificate to the applicable BRC Global Standard or GFSI-benchmarked standard"? That is, you don't need to demand that the supplier show documentation that they have all the preventive controls and prerequisite programs in place?

[mgourley]

Technically, yes.

It also says the approval procedure will be based upon risk. 

If you have done a proper risk assessment of the supplier and the materials they provide, and come up with anything other than low, you are of course going to want some more documentation.

 

Even if the supplier is low risk, as are the materials we purchase from them, I still want these documents as a minimum:

1. Letter of Continuing Guarantee

2. Certificate of Insurance

3. A document that describes their traceability system. (Even though having one is assumed as a requirement in a GFSI approved audit scheme).

4. Proof of registration with FDA (if applicable).

5. Proof of compliance with regulatory legislation (FSMA, etc,) (Even though this is assumed because it's a requirement in GFSI approved audit schemes).

6. An allergen matrix that shows what allergens are in the facility and how they prevent cross-contamination (even though this is a requirement in GFSI approved audit schemes).

 

I subscribe the lofty goal of GFSI as one audit accepted by all. 

Our suppliers are generally top tier, well known companies that we have had a long relationship with.

We don't buy stuff from "Bob's Flour Mill".

 

Due diligence is the key. If your company has the resources to send qualified people out to do supplier audits all over the place, obviously that would be a good thing. Many companies do not.

 

Marshall

[Charles.C]

Afai can see, the BRC8 Standard has maintained its total lack of specific criteria for defining what BRC themselves refer to as a "Low Risk Supplier".

 

I conclude that the criteria are (somehow) intended to be "User-defined".

 

 

 

[Hank Major]

My BRC auditor said that the raw materials are what get called low risk or high risk, and that the suppliers don't get assigned a risk level.

[mgourley]

Then your BRC auditor is sadly mistaken. 
Is the supplier foreign or domestic? If foreign, is the supplier in a country that is generally deemed "safe" or not? Do they have a food safety "standard' or legislation that is equal to the USA?

What is the allergen matrix of the supplier? Do they have allergens in the facility that are NOT in your product? Do they produce your product on a shared line that MAY have allergens that are not in your product?

It's entirely possible that your auditor is basing the supplier risk on a standard 3x3 or 5x5 matrix. That's not the way to risk assess a supplier. There are far too many variables to assess a supplier on that do not fit neatly into one of those matrices. Has your supplier ever had a recall? Even for a product that you do not purchase?

 

Marshall

[mgourley]

And of course, your BRC auditor is completely disregarding the BRC standard which specifically states in 3.5.1.2 that "The approval procedure shall be based on risk and shall include either one or a combination of:"

 

Marshall

[mgourley]

Afai can see, the BRC8 Standard has maintained its total lack of specific criteria for defining what BRC themselves refer to as a "Low Risk Supplier".

 

I conclude that the criteria are (somehow) intended to be "User-defined".

 

Charles,

They do. Probably because to do otherwise would be prescriptive, which is not what BRC is about.
 

Marshall

[Charles.C]

Hi Marshall,

 

The basic confusion IMO is caused by BRC and their insertion of the term "Low Risk Supplier" without any context/specific decision criteria.

 

For example, do BRC really  wish for a "High Risk" Supplier to be "approvable" ?. Without correction ? This seems conceptually  illogical ?

(I appreciate the get-out is via increased sampling, etc but this is more like pragmatism ?)

 

I guess, after 4-5 years, the question(s) is already answered however I can offer some (conceptual) support to Post4's auditor also.

 

PS - overlapped previous post

 

PPS - And yet, I think, BRC is categorised as a Prescriptive FS Standard.

[mgourley]

Charles,

 

I appreciate the concern, but since "risk assessment" is the go to phrase with BRC (and others), by nature it has to be left up to the site.

Would it be better to have a fantastic risk assessment questionnaire and decision tree model that all people could use?
Of course, but I just don't see that as logical or possible.

 

A "High Risk" supplier (depending on how you determine risk), could of course be "approved", depending on what decision tree is in place to ensure that risk is mitigated to an acceptable level.

Again, unless the desire is to have a one size fits all template for this, it has to be up to the professionalism of the site "risk assessor" to determine whether or not the mitigation strategies are sufficient or not.

I prefer this, because everyone's situation is different.

 

Marshall

 

[Charles.C]

Charles,

 

I appreciate the concern, but since "risk assessment" is the go to phrase with BRC (and others), by nature it has to be left up to the site.

Would it be better to have a fantastic risk assessment questionnaire and decision tree model that all people could use?
Of course, but I just don't see that as logical or possible.

 

A "High Risk" supplier (depending on how you determine risk), could of course be "approved", depending on what decision tree is in place to ensure that risk is mitigated to an acceptable level.

Again, unless the desire is to have a one size fits all template for this, it has to be up to the professionalism of the site "risk assessor" to determine whether or not the mitigation strategies are sufficient or not.

I prefer this, because everyone's situation is different.

 

Marshall

 

 

Hi Marshall,

 

I agree with you that the complexities are not minor.

 

The possibilities can be discussed via X = Risk of Raw Material, Y = Risk of Supplier (contextually, unavoidably interwoven to X)

 

So, taking risk options as H, L only,  the "qualitative" combinations, in order of XY are = LL. LH, HL, HH

 

From a "Supplier Approvability"  POV,  [1/3] are obvious YES, [4], IMO,an obvious NO (until correction), and [2], IMO, amenable to "compromise", eg sampling intensity/correction

 

I  wonder how typical BRC auditors handle it.

[mgourley]

Charles,

 

Since the Standard does not say "how" you have to do the risk assessment, a typical auditor would just look to see whether or not you have done a risk assessment.

 

IMO, you would want to as thorough as possible though.

 

Marshall

[trubertq]

I think the interpretation guidelines explain it clearly. Clause 3.5.1.1 generates a risk assessment for each raw material in use on a site. I use a matrix to generate this assessment. Then you assess your suppliers based on the risk score of your raw material. 

 

F ex. Salt would be a high risk raw material for my client because it is in direct contact with the product ( used in cooking), so the quality of the salt is paramount, it must be food grade. Therefore  all the suppliers of salt must have GFSI certification and must confirm food grade compliance with each load which is checked on arrival. Certainly the location of suppliers may be an area worth investigation but that could come under your  TACCP/VACCP plan as .

 

Suppliers need to be assessed with respect to their ability to supply materials to your specification so they are not "high risk suppliers" rather they are "suppliers of a high risk material".

[Charles.C]

I think the interpretation guidelines explain it clearly. Clause 3.5.1.1 generates a risk assessment for each raw material in use on a site. I use a matrix to generate this assessment. Then you assess your suppliers based on the risk score of your raw material. 

 

F ex. Salt would be a high risk raw material for my client because it is in direct contact with the product ( used in cooking), so the quality of the salt is paramount, it must be food grade. Therefore  all the suppliers of salt must have GFSI certification and must confirm food grade compliance with each load which is checked on arrival. Certainly the location of suppliers may be an area worth investigation but that could come under your  TACCP/VACCP plan as .

 

Suppliers need to be assessed with respect to their ability to supply materials to your specification so they are not "high risk suppliers" rather they are "suppliers of a high risk material".

 

Hi trubertq,

 

As I understand yr definition of a high risk raw material is one which may contact the "product".

I agree that this vastly simplifies the risk assessment.

IMEX a unique approach.

 

I also totally agree with yr final paragraph and used such an assumption in my own analysis. The Code as written seems ambiguous however from an older quotation of BRC's Interp Guidelines, BRC  seemed to opt for the former interpretation. Not an auditable preference of course.

[trubertq]

Hi trubertq,

 

As I understand yr definition of a high risk raw material is one which may contact the "product".

I agree that this vastly simplifies the risk assessment.

IMEX a unique approach.

 

I also totally agree with yr final paragraph and used such an assumption in my own analysis. The Code as written seems ambiguous however from an older quotation of BRC's Interp Guidelines, BRC  seemed to opt for the former interpretation. Not an auditable preference of course.

 

 

I just used product contact as an example, obviously there may be other high risk criteria depending on your product.

 

 

Sometimes the simple approach is the best, don't knock it till you've tried it.

[Charles.C]

I just used product contact as an example, obviously there may be other high risk criteria depending on your product.

 

 

Sometimes the simple approach is the best, don't knock it till you've tried it.

 

Hi trubertq,

 

Thks yr clarification however, as I understand, for you, contact is sufficient in itself.

 

I agree that it is an extremely simple criterion.