Jump to content

  • Quick Navigation
Photo
- - - - -

SQF 2.3.3 - is there a requirement for information technology professionals as contract service providers?

information technology computer SQF contract service provider

  • You cannot start a new topic
  • Please log in to reply
6 replies to this topic

matthewcc

    Grade - MIFSQN

  • IFSQN Member
  • 102 posts
  • 13 thanks
8
Neutral

  • United States
    United States
  • Gender:Male

Posted 05 October 2020 - 08:16 PM

Hello all,

 

We are getting ready for our first SQF audit, and there was some question about whether we really needed to include information technology professionals among our contract service providers for SQF 2.3.3.  I had originally included them, and there are now questions about whether this is necessary--the reason being it was difficult to see how these companies could influence food safety.

 

My stance is that I included them because their actions ensure integrity of electronic data, including electronic records, formulas, specifications, etc. and whether those are trustworthy and reliable.  Computer systems, including hardware and software controls & associated documentation maintained for electronic records, etc. are subject to FDA inspection.  However, mostly this requirement is for SQF, where they don’t necessarily make such a sharp distinction between those controls that are for product quality and those that are for food safety.  Though not explicitly listed in SQF Module 2 general guidance, contracted service in the form of information technology could indirectly affect product quality or food safety, and even though they might not geographically come onsite, they should be included.

 

Please let me know your thoughts.  We manufacture dietary supplements in the United States and are under regulations in the form of 21 CFR Parts 111, 117, 121, and 1 Subpart L.

 

Thank you,

Matthew



SQFconsultant

    SQFconsultant

  • IFSQN Fellow
  • 3,821 posts
  • 960 thanks
852
Excellent

  • United States
    United States
  • Gender:Male
  • Interests:American Patriot
    WWG1WGA
    Never give up, never give in - always win!
    Martha's Vineyard Island, Massachusetts

Posted 05 October 2020 - 10:50 PM

Yes. Put them in.


Kind regards,
Glenn Oster
 
GOC BUSINESS GROUP | SQF System Development, Implementation & Certification Consultants
Internal Auditor Training - eConsultant - Pre & Post SQF-GAP Audits - Consultant Training
Visit us @ http://www.GlennOster.com  or call us @ 772.646.4115 US-EST 8am-4pm Anyday except Thursday
 
 

Thanked by 1 Member:

Ieatcookies

    Grade - MIFSQN

  • IFSQN Member
  • 59 posts
  • 4 thanks
3
Neutral

  • United Kingdom
    United Kingdom

Posted 07 June 2021 - 01:20 PM

Hi, 

 

is there any minimum requirement for the approval of IT company. what, from food safety perspective would you include in the contract? 

the obvious ones would be the regular back - ups (BRC requirement - i think daily), any other points worth including? 



Agrumeambu

    Grade - AIFSQN

  • IFSQN Associate
  • 36 posts
  • 10 thanks
8
Neutral

  • Canada
    Canada

Posted 07 June 2021 - 02:58 PM

Hello !

 

I would put them in. Don't forget to put your CB as well. Our auditor told us one year that since they had a contract with us they should be put into our Register. 

 

From what I understand, anyone that has a contract with your company that has an impact or could have an impact (Security company, Outside maintenance, etc.) should be in your list.

 

Have a good one ! :)



Ieatcookies

    Grade - MIFSQN

  • IFSQN Member
  • 59 posts
  • 4 thanks
3
Neutral

  • United Kingdom
    United Kingdom

Posted 09 June 2021 - 11:02 AM

Hello !

 

I would put them in. Don't forget to put your CB as well. Our auditor told us one year that since they had a contract with us they should be put into our Register. 

 

From what I understand, anyone that has a contract with your company that has an impact or could have an impact (Security company, Outside maintenance, etc.) should be in your list.

 

Have a good one ! :)

how would you risk assess the IT company? 



Agrumeambu

    Grade - AIFSQN

  • IFSQN Associate
  • 36 posts
  • 10 thanks
8
Neutral

  • Canada
    Canada

Posted 09 June 2021 - 11:08 AM

Hello !

 

I would do the same than other companies. Depending what you have on your network. In our case, we have pretty much everything (we are about 90% paperless). So our risk is pretty high. However, with all the back-ups and security, the probability would be low.

 

Hope it helps !



kingstudruler1

    Grade - SIFSQN

  • IFSQN Senior
  • 291 posts
  • 103 thanks
64
Excellent

  • United States
    United States

Posted 09 June 2021 - 03:57 PM

From someone who has lost a crap ton of info over the years.   (i was assured of backup, retrieval, etc).   its probably more important than most think.  







Also tagged with one or more of these keywords: information technology, computer, SQF, contract service provider

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users