We are getting ready for our first SQF audit, and there was some question about whether we really needed to include information technology professionals among our contract service providers for SQF 2.3.3. I had originally included them, and there are now questions about whether this is necessary--the reason being it was difficult to see how these companies could influence food safety.
My stance is that I included them because their actions ensure integrity of electronic data, including electronic records, formulas, specifications, etc. and whether those are trustworthy and reliable. Computer systems, including hardware and software controls & associated documentation maintained for electronic records, etc. are subject to FDA inspection. However, mostly this requirement is for SQF, where they don’t necessarily make such a sharp distinction between those controls that are for product quality and those that are for food safety. Though not explicitly listed in SQF Module 2 general guidance, contracted service in the form of information technology could indirectly affect product quality or food safety, and even though they might not geographically come onsite, they should be included.
Please let me know your thoughts. We manufacture dietary supplements in the United States and are under regulations in the form of 21 CFR Parts 111, 117, 121, and 1 Subpart L.