What's New Unreplied Topics Membership About Us Contact Us Privacy Policy
[Ad]
Forums Blogs Store Members Gallery Directory

Sign In Register

Preventative Action plan for an SQF Corrective Action

Started by , Jul 15 2021 12:52 PM
Reply to this Topic
10 Replies

Hello all, we recently went through our edition 9 SQF audit. We have a CA for not including a cyber attack in our crisis management program that I have submitted corrective and preventative action steps for. I thought what I included was very thorough but the comment is saying there is no documents uploaded to support preventive action. I included the crisis management plan document that includes we have assessed the potential for a cyber attacked and a walk through scenario of how we would handle this. I then included looking at other unlikely but potential scenarios like civil unrest or an epidemic which were also not previously included. What other preventative action can be submitted? Are they looking for more preventative action regarding the cyber attack? Or for the CA itself? I am just very confused at what else I can show to prove preventative action. Thanks! 

Share this Topic
Topics you might be interested in
Should you list your preventative controls on your HACCP process flow chart? Does the freezer need to be on the flow chart as a preventative control Verification of Corrective and Preventative action efficacy Can anyone please help me with the response Corrective, Preventative and Root Cause BRCGS recognised by the FDA for FSMA Preventative Controls for Human Food Rule
[Ad]

do you mind including actual quotes from your CB with the identifying info blacked out or removed?

2 Likes

Sure, 

 

Reviewer comments:

There is no documentation uploaded to support your preventive action. Also, recommend using 5 why system to determine the correct preventive action.

 

 

 

I completed a lengthy root cause which really goes in depth as to why it wasn't included originally. Corrective action was an explanation of adding the scenario into the existing program after assessing the scenario and potential outcomes. Preventative action was additionally assessing the program and adding in other unlikely but potential scenarios. I included the updated program with the submission. 

 

I can include my exact responses if that would help more than the summary provided above. 

 

Thanks!

A) I would reach out to the CB (not the auditor) for clarification

 

B)  They cannot tell you what root cause method(s) to use so I would argue that comment   Here's the guidance   https://www.sqfi.com...ce-Document.pdf              it only says "such as...........5 whys"...........

 

C)  it sounds like they want to see the actual mock crisis record for a cyber attack---but that wasn't what the non conformance was issued for so I'd argue that as well

 

Is your business actually susceptible to a cyber attack?  Or are they just using the term de jour because of the recent cyber attack at the meat plant???

 

Sounds like your auditor is uninformed and under educated----------speak directly to the technical manager at your CB for a resolution

4 Likes1 Thank

Scampi nailed it completely! I would do the same.

1 Like

I appreciate all of the input. This really helps me because I thought everything I submitted was accurate and enough to have this accepted and I was just really stumped when I read that comment.. 

 

I would say that it is highly unlikely. We are a very small business (30 employees total) that repacks food and non food items for a few select customers. Our internal systems aren't anything crazy and are pretty old school. We have everything in place to handle a cyber attack if it were to happen, just didn't have it written out in the plan specifically. Which is what I explained in our root cause analysis. 

 

It was brought up in the audit because of all of the recent cyber attacks happening. 

 

Thanks again for the input!! 

This whole thing seems odd to me.  Just today the President of the United States offered 10 million dollars for info leading to those committing cyber attacks.  

If the federal government can't do anything, what on earth are we supposed to do?!?!?!?!   Lol.....

3 Likes

Hahahah valid point. 

Update for anyone who is interested: 

 

I contacted the reviewer and what they are looking for is that we will review the list of scenarios annually and determine if there are any others that should be added. 

 

I had in the program already that the whole program would be reviewed, tested, etc. but not specifically calling out the list of scenarios to be reviewed

 

 

 

Thank you all for your help and a boost to my self-esteem when you were all on the same page I was! 

WOW!!!!!!!!!!  

 

They be crazy...........we review the entire plan every year and then choose one as a mock crisis..........we do not list which will be reviewed when

 

 

Glad you were able to get clarity on what they were after!

Yeah same here. 

 

Just one more thing to add to the program...  :hypocrite:

Reply to this Topic

Similar Discussion Topics
Should you list your preventative controls on your HACCP process flow chart? Does the freezer need to be on the flow chart as a preventative control Verification of Corrective and Preventative action efficacy Can anyone please help me with the response Corrective, Preventative and Root Cause BRCGS recognised by the FDA for FSMA Preventative Controls for Human Food Rule Preventative Maintenance Program Preventative Controls vs Controls Supplier Preventative Controls Correction and Preventative Action Plan for not being up to date with regulations Corrective and Preventative Action Policy help
About us

IFSQN is an international networking group for food safety professionals. We connect those interested in food safety to information and to each other. The purpose of the website is to share knowledge, experiences and ideas to make food safer.

All content © Copyright 2021 IFSQN