Customers requesting SQF Audit Report

Hi all, we are newly SQF certified and have a few customers repeatedly asking for a copy of our audit report.  My first instinct is that it is none of their business but being new to the program, I wonder what the industry standard is... Is it common practice to share audit reports with customers? Thanks in advance! Liz

It is not uncommon.  We have customers that request the full audit and corrective action report.  We provide as long as we have a non disclosure agreement with that customer.

Thanks for the quick reply.  That's helpful!

And it depends on $$$$$$$. If this is a huge customer that you don't want to upset, then yes (non disclosure agreement first)

If the customer is small potatoes and causes your company more grief that ease, perhaps insist it is not your company policy to disclose the audit report.

Also good info!  Good point!

Also good info!  Good point!

Hi Liz,

It's indeed none of their business unless they have "Leverage".

Thanks Charles!

Hi All,

 

We are newly SQF certified and have a few customers repeatedly asking for a copy of our audit report.  My first instinct is that it is none of their business but being new to the program, I wonder what the industry standard is... 

 

Is it common practice to share audit reports with customers?

 

Thanks in advance!

Liz

We do ask for it. It depends on how the customer is controlling the hazard. If the supplier (you) is controlling it then yes, we as a food manufacturer do ask for it.

This all comes down to FDA supplier verification and how manufacturing companies are controlling the hazards. For FSMA inspections a certificate won't cut it nor a LOG.

I would ask them what they need it for. You may be able to provide them just parts of it or something else.

For us we get the audits to prove the supplier is controlling the hazards rather than a getting a CoA for every order, another option. 

If it's a cooking step - you don't have to give the exact temperature but rather say greater than a specific temp.

Also, please be aware, if the customer wants to be able to sell to Costco, it is a part of their addendum that it is required to have their vendor's SQF audit report. Which makes it fully their business. 

This forum is an awesome resource.  Thanks everyone for your input!

We send our BRC audit report and certificate to any customer that asks for it.  We have redacted proprietary information when necessary (filtration size, ingredients etc.) if they were in the audit and we tell our customers why.  We did ask our auditor to sanitize exact names of products, not put any customer/supplier names into the report and except for our process controls (specifics redacted, not verification activities) they were able to keep them out of the report.  If the customer requires the unredacted report, well we have never been asked for it, but I'm sure then we would be talking about a non-disclosure agreement.

We (both this facility and our other global facilities) do not send our inspection/audit reports to customers. The executive committee felt as you do, that it's none of their business. We provide the passing score sheet only.

Pro: I don't have random 2 pallet per year buyers asking to see proof of all abatements from findings and then arguing that even though the certifying body accepted it, they don't, and 'require' me to do X/Y/Z.

Con: I have that same random 2 pallet per year buyer now asking me to complete a 20 EXCEL tab 500+ questionnaire because we don't provide them the report.

I feel it still works out better for us this way, but we're a bit different in that we manufacture HUNDREDS of thousands of pounds per week of product and our most vocal customers are the ones that buy 2-20 pallets per year.

We made the business decision last year to no longer provide our full audit report due to the potential for proprietary information in it and who it may be shared with (even with an NDA). This decision came after the FDA requested a copy of one of our suppliers 3rd party audit report during a FSMA inspection. We are open to discussion with our customers to review our audit findings and will provide our certificate. The reality is, I feel very few people actually read through the full 40+ pages, so why do they need it other then to check the box that they have it. 

 And it's always the random 2 pallet a year companies with these 500+ word questionnaires.  I got one yesterday (and they wanted the full audit in addition to it!!)

We (both this facility and our other global facilities) do not send our inspection/audit reports to customers. The executive committee felt as you do, that it's none of their business. We provide the passing score sheet only.

 

Pro: I don't have random 2 pallet per year buyers asking to see proof of all abatements from findings and then arguing that even though the certifying body accepted it, they don't, and 'require' me to do X/Y/Z.

 

Con: I have that same random 2 pallet per year buyer now asking me to complete a 20 EXCEL tab 500+ questionnaire because we don't provide them the report.

 

I feel it still works out better for us this way, but we're a bit different in that we manufacture HUNDREDS of thousands of pounds per week of product and our most vocal customers are the ones that buy 2-20 pallets per year.

 And it's always the random 2 pallet a year companies with these 500+ word questionnaires.  I got one yesterday (and they wanted the full audit in addition to it!!)

Yeah, one of my suppliers actually had a pretty ingenious reply to my questionnaire. A 'response packet' that had a nicely worded document on letterhead which said when summed up "we ain't got time for that but we will give you a bunch of info" that came in a packet of 25 documents.

One day I'll get the time to put one together for my customers, I think it's a pretty smart way to go about it.

Many of our suppliers have that "document" of documents and will not fill out more than the cursory information and signature in our questionnaires and state "see allergen...etc" statement.  We find these documents usually give us all the information we needed on our questionnaire, and I guess that's the purpose of them, but not always.  We have to check the documents against our required information and then we accept it.  Wouldn't it be nice if our bench marked audits and a document package would be enough for all our customers?  We rarely refuse to fill out customer forms and some will take our prepared documents instead but it is on a case by case basis. 

Then there's the other "certifiers, list makers" information needy groups for marketing claims......  never ending.  

Your third-party audit reports should not have specific vendor or customer names in them.  There really shouldn't be any sensitive information in your third-party audit reports, but if so redact it.  I've never had a problem sharing ours with the corrective actions.  I can't recall a customer who received the report and corrective actions ask me follow-up questions about the content of the report or proof of corrective actions.

That's why we do these audits.....food safety should not be held closely to the vest, it should be shared whenever and wherever possible.

We felt the same way for a while and freely shared our 3rd party audit report (with an NDA). It wasn't until the FDA requested copies of our suppliers 3rd party audit reports that we changed our corporate policy. We area also very understanding of our suppliers who don't share their 3rd party audit reports. 

Your third-party audit reports should not have specific vendor or customer names in them.  There really shouldn't be any sensitive information in your third-party audit reports, but if so redact it.  I've never had a problem sharing ours with the corrective actions.  I can't recall a customer who received the report and corrective actions ask me follow-up questions about the content of the report or proof of corrective actions.

 

That's why we do these audits.....food safety should not be held closely to the vest, it should be shared whenever and wherever possible.

We felt the same way for a while and freely shared our 3rd party audit report (with an NDA). It wasn't until the FDA requested copies of our suppliers 3rd party audit reports that we changed our corporate policy. We area also very understanding of our suppliers who don't share their 3rd party audit reports.