Jump to content

  • Quick Navigation
Photo
- - - - -

BRC V8 3.5.1.2 Supplier Approval with non-gfsi

supplier approval gfsi nsf iso

  • You cannot start a new topic
  • Please log in to reply
3 replies to this topic

#1 Stevedurham

Stevedurham

    Grade - Active

  • IFSQN Active
  • 2 posts
  • 0 thanks
0
Neutral

  • United States
    United States

Posted 16 August 2019 - 04:19 PM

We are are small poultry processing facility revising our supplier approval procedure to comply with version 8. Unfortunately, most of our suppliers do not have a third party audit and if they do they will not share the audit report. But if a packaging supplier shares a certificate to an ISO or NSF standard that covers the requirements for the scope of a supplier audit why do i still need a full audit report. If the standard is available and I have certification they were compliant with said standard then what value could be gained from the full audit report.

My second issue is how in this case would I demonstrate competence of the auditor. Wouldn't that be implied if he was sent by the certifying agency or am I going to need a certificate of the person that did the audit?



#2 pHruit

pHruit

    Grade - PIFSQN

  • IFSQN Principal
  • 547 posts
  • 208 thanks
105
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Interests:Composing/listening to classical music, electronics, mountain biking, science, sarcasm

Posted 18 August 2019 - 08:59 AM

But if a packaging supplier shares a certificate to an ISO or NSF standard that covers the requirements for the scope of a supplier audit why do i still need a full audit report.

 

Short answer: because clause 3.5.1.2 says you do ;)

 

The full report will allow you to understand what was actually covered in the audit.
If you have a copy of the standard and can show that it covers all of the requirements detailed in the clause then just having the certificate might work in theory (but obviously isn't permitted by the standard), but broadly it is expecting the audit to cover the equivalent to the GFSI-schemes, so one has to wonder - how many schemes are their that aren't GFSI benchmarked but do meet the full requirements? (At least in terms of publicly available certification standards)

 

My second issue is how in this case would I demonstrate competence of the auditor. Wouldn't that be implied if he was sent by the certifying agency or am I going to need a certificate of the person that did the audit?

 

I've always read this clause as being written primarily with your own auditing in mind, so for example a supplier audit by you, one of your colleagues, an external party you've commissioned, where it would be feasible and indeed necessary to verify/demonstrate competence and relatively easy to obtain evidence.

Whether you can obtain this from your suppliers for the relevant auditors is a question you'd have to pick up with them. I've no idea what the position is in the US, but in Europe I could imagine this being viewed as a potential data protection issue and the audit bodies not being able to release training details for individual auditors. They may be able to provide some sort of general statement on auditor training/experience requirements though?

 

 But if a packaging supplier shares a certificate to an ISO or NSF standard that covers the requirements for the scope of a supplier audit why do i still need a full audit report.

 

Just a thought, but what risk status have you assessed these suppliers as?

If they're low risk then why not go down the questionnaire route instead?

Worth remembering that for determination of risk status you can take into account trading history and nature of the materials, so if this is longstanding suppliers etc then it might be possible to build up a defendable position on this. Similarly whilst e.g. ISO9001 alone isn't sufficient, that doesn't mean that you can't take it (without needing the full audit report, the auditor's inside leg measurement and social security number etc...) into account as a mitigating factor in your risk assessment calculation. In fact we do exactly this - ISO22k, ISO9001, HACCP, SALSA etc may not be GFSI benchmarked, but they're certainly better than nothing so our overall supplier risk score includes weightings for these.

 



Thanked by 3 Members:

#3 Stevedurham

Stevedurham

    Grade - Active

  • IFSQN Active
  • 2 posts
  • 0 thanks
0
Neutral

  • United States
    United States

Posted 19 August 2019 - 04:43 PM

I'm thinking about having all my suppliers do the questionnaire just to be safe. I have one plastic bag supplier and a CO2 pellet supplier that are product contact. I could probably justify them as low risk due to the nature of the products, I receive LOG from them, and long trading history; we've been using their products for 20 years with no issues. 



#4 QAGB

QAGB

    Grade - SIFSQN

  • IFSQN Senior
  • 440 posts
  • 164 thanks
58
Excellent

  • Earth
    Earth

Posted 19 August 2019 - 08:18 PM

Aside from the fact that it is necessary, I also like full audit reports because I can see non-conformances. There have been times where we have had a complaint on the supplied product which were definitely related to the supplier's previous audit non-conformances. We will point that out sometimes (at least internally) to validate the issues we're currently seeing. It also helps us push a little harder to get real preventive actions put in place from the supplier.







Also tagged with one or more of these keywords: supplier, approval, gfsi, nsf, iso

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

EV SSL Certificate