BRC Clause 1.1.6 Whistleblowing
We just had our BRC audit and the auditor had some problems with our whistleblowing procedure. Currently we have a paper form that can be completed deposited anonymously in a box. Senior management checks the box and raised issues are discussed in the monthly HACCP meetings. In my opinion this is completely according to the BRC guidelines but the auditor thinks employees need to report to a company outsider. We are a company of 18 people and have an open culture. Hiring outside help for such a thing seems like a waste of money. What do you think? Is the auditor overreacting?
The auditor is overstepping here, IMO.
BRC's own Interpretation Guideline even gives an example of the data from a web/phone system being collated and submitted to the production manager, who is presumably an employee of the company...
If you picked up a minor NC for this then I'd consider challenging it with your certification body.
My only potential concern with your current system is that a paper form possibly undermines the anonymity aspect IMO, as handwriting can be fairly distinctive, and this is particularly relevant in a small company. If the auditor hasn't flagged it then I wouldn't raise it with them though!
Hello.
We had this last year or the year before.
It wasn't a non-conformance, but the auditor just wanted us to display a sign in the staff facilities area with an external reporting line of contact so we just put an A4 sign on saying:
'see something? say something! tellbrcgs.com' (or whatever the link is)
You could use a retailer or other source, doesn't have to be BRC and from my experience they are not asking you to hire an external service they just want an external reporting line available to employees
I'm not sure how BRC deals with it, I've never been under BRC.
However, I've implemented the following to good success and it should satisfy an external reporting option:
- Poster in visible area
- Has options to report internally
- Has options to report externally (make sure it kind of lists this as the option you can use if the internal reporting doesn't work)
- External option listed:
- Employee Safety: Call OSHA at XXXX
- Food Safety: Call FDA Main Emergency # at XXX
- Discriminatory and Ethical
- External option listed:
I actually worked with my HR and our insurance group on that one. It was the insurance groups poster, we just had to fill in the internal reporting options for them to create it for us.
The auditor is overstepping here, IMO.
BRC's own Interpretation Guideline even gives an example of the data from a web/phone system being collated and submitted to the production manager, who is presumably an employee of the company...
If you picked up a minor NC for this then I'd consider challenging it with your certification body.
My only potential concern with your current system is that a paper form possibly undermines the anonymity aspect IMO, as handwriting can be fairly distinctive, and this is particularly relevant in a small company. If the auditor hasn't flagged it then I wouldn't raise it with them though!
thank you for the reply.
Luckily this is not a NC but will be next year.
I checked the guideline example, and it says:
The auditor sees a ‘whistleblowing’ policy which states that concerns can be reported using an online web
form or telephone number, the content of which is collated and submitted to the production manager,
technical manager and external consultant.
So the example is both internal and external.
But I agree with your opinion on the written note.
My idea is to change this to an email which anyone can use and send an email to me as Quality manager and the Financial controller.
Hello.
We had this last year or the year before.
It wasn't a non-conformance, but the auditor just wanted us to display a sign in the staff facilities area with an external reporting line of contact so we just put an A4 sign on saying:
'see something? say something! tellbrcgs.com' (or whatever the link is)
You could use a retailer or other source, doesn't have to be BRC and from my experience they are not asking you to hire an external service they just want an external reporting line available to employees
Thank you for the reply.
I checked the website and it is https://tellusbrcgs....wernetwork.net/
Sadly this is not in our language and not all employees speak English so we cannot use this as for BRC it needs to be accessable for all.
The guideline is not the standard, bringing it up is outside the scope of the audit & a good auditor will not slap you with a Non-conformity.
If you do get handed a NC, appeal to the CB. If it stands, correct and reconsider your relationship with the CB & auditor.
There's more than one way to skin a cat.
Hi there,
I think the main point here is that whistleblowing is meant to inform about "misconducts" happening in companies. In this way, persons who seek to expose such actions need to be protected, and such information must get somewhere. By proposing it internally, there is a risk that such notice gets nowhere (which is exactly the opposite of the purpose of such new rules), or even worse, that there is some retaliation against the person who "denounced" the action (for example bosses may consider employees who complain threatening).
I think this is why the auditor may not be satisfied. But providing some source where to expose such actions externally (simply BRC, FDA, or something similar, as others already commented) should suffice.
So clause 1.1.6 states:
www.foodsafereports.com is a cheap solution that will cover you against BRC clause 1.1.6. When you register your company on the website, your employees are able to make anonymous reports by using a unique company code. Once the report is made, the company will get a notification that a report has been made. The website is language enabled so this function will aid employees who's first language is not English.
I've done many BRC audits and having the box with training on how employees are to use it will work just fine. Maybe the box is out in the open and you need to find a way to make it more concealed? Honestly I think only having physical paper is the way to go, what if an employee does not have access to the internet? If this gets brought up at your next audit challenge it and change your CB.