2 replies to this topic

[Sarahr78]

Hello all,

 

We are reviewing our current site security process/procedures and we have a number of scenarios with which we are unclear would satisfy the BRC Storage and Distribution requirements, in particular to food vulnerability. 

 

1. A courier delivery driver arrives on site not to collect or deliver a customer’s products but is to deliver supplies.  With the complexity of the site (we share the site with 2 other sister companies and the roadways on site can be a little confusing if not familiar!) the driver gets lost, parks up and enters the first visible door that they see. This takes them into a food warehouse to seek assistance. Would this be deemed a breach against the standard?

1. A third party driver who we are expecting arrives on site, checks in at our goods in desk. They are then told to go back to their vehicle on the transport yard and await collection. However, the driver walks to our canteen area via a covered operational area where goods are stored awaiting receipt into the warehouse. Would this breach the standard?

1. 3^rd party driver who is new to the site has been booked in to collect goods. We have no record he been made aware of our Gastric Upsets and infectious disease policy but the company who he is working fore are aware of this requirement. Because he was pre booked in for collection and his paperwork matched what was expected at the gate house, the security team let them through without further checks. He has to drive into our enclosed canopy area for the collection, goods are located in this area awaiting loading and awaiting put away into the warehouse. Would this be deemed as a breach against the standard?

 

I'm not sure if any other S&D sites are seeing changes in how they are being audited? I've certainly noticed, certainly in the last three years the interpretation of a clause seems to be stretching more and more and year on year I find myself challenging the thought process of an auditor. I want to try and pre empt any further stretching.......

 

As ever all your thoughts wisdom and support are ever appreciated 

 

 

[pHruit]

The challenge with these types of question is that it's often difficult to give a more solid answer than "maybe" or "probably", and I fear that's the case with all three of your specific queries.

My primary concern would be around the bit in the guidance notes on clause 4.2.2 - broadly the requirement to ensure that people don't have unsupervised access to products. For your questions (1) and (2) you might be able to justify this via your risk assessment, but in addition to ensuring that you meet the requirements of the standard / IG (even though the guide itself isn't auditable...), you need to be able to justify and defend your position.
For all the BRC risk assessment requirements one can find that some auditors lean towards the view that having a risk assessment is most of what is required, whereas others will really probe and challenge it, and thus the only sensible option is to plan assuming the latter!

 

For your third example, it's perhaps going to depend on what your procedure says and what your supplier arrangements / controls are - for example, if your procedure says he should be checked by your site then that's been missed and it's a problem, whereas if you have a formal arrangement with provider of the driver, and verify that they adhere to it, then it's potentially less of an issue. With situations like this it's always worth pausing to ask what the simplest way you can structure your approach is - if one party is likely to assume that the other is doing something but it's not clear that it's really the case, then try to formalise that if it is practical and efficient

[Hoosiersmoker]

In the first scenario, if anyone can gain unobstructed entrance directly into a food storage area without a key or other pass I would think it is a security breach. My suggestion is to make a small investment into some signs and self-locking door handles and closers. Your risk assessment and resulting corrective action and preventive measures should identify and respond to these to reduce the risk to an acceptable level.

Number two is similar to one, unobstructed access between what should be secure areas shouldn't be allowed, nor should unaccompanied "visitors". All of this should be communicated and agreed to by your carriers with a requirement for them to train their drivers. Again, signage stating all drivers must wait outside or at their vehicle when loading / unloading could take care of a lot of this. Most transport companies and drivers are already used to this type of requirements and the rest are learning.

Number three I'm less familiar with but I would ask: If the drivers are signing in it should be part of the sign in process whether they're booked or not. "By signing this log I understand and agree to comply with this company's Gastric Upsets and infectious disease policy " or something like it. I would think the access policy would be evenly applied whether it's a person that has picked up for years or a new one.