since the poster has a EM program I assumed that they have a map, equipment list, etc. They were concerned about documenting the risk assessment. the cheesy template i provided would cover risk based zoning as well as demonstrating assessment /justification of the other requirements of 4.11.8.1. (assessing organisms as you stated, frequency, when to test, methods, equipment considerations, etc).
Hi KSR,
Ahh! Thks yr clarification. I thought my PC was maybe losing some OP attachments.
Indeed such info., eg regarding Product/process would be useful if initially provided..
I suspect the OP has what might be called a basic fcs sampling/testing scheme. Not unusual.
EMPG is a new element in BRC8 and, typically, feedback suggests that BRC auditors are unsure what level of data generation is required, eg with respect to micro. pathogens/indicators/others.
"Risk assessment", risk-based, etc etc are BRC's bogey-men. No other FS Standard afaik bombards the auditee with so many "risk" requests.
From BRC's FAQ -
WHAT WOULD YOU EXPECT TO SEE FOR A RISK ASSESSMENT, SINCE THE STANDARD BASES MANY OF ITS REQUIREMENTS ON THIS?
We would expect to see some sort of documentation as evidence of the thought process and conclusions made regarding the risks to products.
However, the principles and objectives behind a risk assessment are to ensure that the company has considered the issues pertinent to the requirements and can justify the reasons for its policy or procedures (and therefore respond to the challenge by an auditor).
In some instances it would be appropriate to have a detailed document (along the principles of a HACCP plan) showing those considerations; examples of this could be the risk rating for suppliers and the subsequent approval process, or an inclusion in the HACCP plan of the risks to product from physical contamination.
However, other requirements (such as the policy concerning where beard snoods must be worn) could be evidenced in other ways – these could range from a documented policy and the reasoning behind it, to the understanding by staff of the need for its implementation. This policy would include considerations of best practice within the industry and be open to challenge by an auditor. The need for a documented risk assessment would be particularly pertinent where you have decided not to adopt procedures for a particular requirement (such as not wearing beard snoods in a particular area).
Elsewhere BRC note that "Risk assessments do not need to be long, complicated documents; they must, however, demonstrate which aspects have been assessed ........"
Unfortunately, such optimistic comments are, IMO, occasionally confounded by the textual complexity of Clauses in the BRC Standard, eg in risk assessment for incoming raw materials
Indeed I think BRC auditors typically enjoy seeing detailed analytical examples such as your excel example albeit bonus points are not on offer.
I generally liked yr example (looks like a Consultant's output ?) although some of the details are, predictably, (highly) debatable. How closely it applies to the OP's process is unknown.
Regardless, appreciate yr efforts.