8 replies to this topic

[BenjaminJolt]

Good day my fair ladies, gentlemen, and interesting miscellanea! I come to you with a question from my SQF audit that has left me utterly confused. 

( I'm still pretty new to audits and the like, and this is the first one I've been a real part of, but I'm eager, willing to learn, and in charge of fixing these non conformities. So please bear with me!)

Here is the finding:

 

The approved supplier program shall be 

based on the past performance of a 

supplier and the risk level of the raw 

materials, ingredients, processing aids, 

packaging, and services supplied, and 

shall contain at a minimum:

i. Agreed specifications (refer to 2.3.2);

ii. Reference to the level of risk applied to 

raw materials, ingredients, packaging, and

services from the approved supplier;

iii. A summary of the food safety controls 

implemented by the approved supplier;

iv. Methods for granting approved supplier

status;

v. Methods and frequency of monitoring 

approved suppliers;

vi. Details of the certificates of 

conformance, if required; and

vii. Methods and frequency of reviewing 

approved supplier performance and 

status

The evidence is: "2.3.4.2-Minor: The site has not assigned a risk level of the suppliers and has not performed a supplier evaluation for their performance"

 

I am so confused by this. We have certifications (SQF or equivalent) for these suppliers. This wasn't enough. 

Do I need to go to each of our suppliers and check them out? Do I need to contact each one of suppliers? We have a LOT of suppliers, from dairy, inclusions, boxes, jugs, chemicals, etc, along with buying supplies from retail stores. 

 

I am just so confused by this finding and what I need to do to fix this non conformance.

 

Do I need to make a sheet for each supplier that says 'does this customer have safe products/.3rd party certifications, has there been any issues with their deliveries (late or incomplete), any issues with the company that could arise in the future, etc? Do you, my fellow code comrades, have any examples of how you pull this off?

 

Help me, IFSQN forms, you're my only hope.

 

Thank you so much for all your help! 

[kingstudruler1]

What you need to have is a way to MONITOR suppliers on a ongoing frequency.    The idea is just becuse a a supplier has a certificate and has passed approval procedures, does not mean that they will meet continually your needs.   For example, If for some reason or another you had to reject every other shipment, would you still use them?   

 

You could create a form (like the one attached) that has some key points that are improtant to you and grade and rate them on "X' freqency.    Items like missing or late coas, other documents supplied on time, out of compliance product found after receipt, trailer conditions, rejections, on time delivery, damaged product, etc could be evaluated.   

 

Again, the goal is some kind of continual monitoring.   the clause is vague, so you have a lot of room to do whatever you think makes sense for your operation.    

Attached Files

•  Approved Suppliers Performance Monitoring Form.xlsx   23.78KB   307 downloads

[Scampi]

You also need a risk assessment where you assign a risk rating (low/med/high)  or (1/2/3/4/5) based on a set of parameters

 

The code specifically states you need a risk assessment

 

 

FYI food safety cats, there is also a new requirement for a risk assessment if you use overhead conduit for ingredients or steam/water

 

"ii. Reference to the level of risk applied to 

raw materials, ingredients, packaging, and

services from the approved supplier;"

[Scampi]

You should also have an approved supplier registry/listing where you record all the information YOU ASK FOR and log it for each vendor

 

Then assign a level of risk based on the information you have + past performance of said vendor

[kingstudruler1]

 

You also need a risk assessment where you assign a risk rating (low/med/high)  or (1/2/3/4/5) based on a set of parameters

 

The code specifically states you need a risk assessment

 

 

FYI food safety cats, there is also a new requirement for a risk assessment if you use overhead conduit for ingredients or steam/water

 

"ii. Reference to the level of risk applied to 

raw materials, ingredients, packaging, and

services from the approved supplier;"

 

 

yes.   I overlooked that part of the stated non-conformance.   the risk level needs to be established and adjusted a needed based on monitoring.    

[SQFconsultant]

you are confusing conducting an audit on your suppliers with this one.

 

We worked up a listing of risk based questions and then interviews each supplier. Assigning a numbering system of 1-10 which just happened to equal the number of questions on the analysis.

 

We did the same for the material supplied as well.

 

SQFI guidance will come in handy for this one, check it out.

[mgourley]

For the risk assessment part, you should ask a series of questions and assign a point total for each question. Risk assessing a supplier really does not effectively work with a 3x3 or a 5x5 matrix. For example:

Is the supplier certified to a GFSI approved Standard? Yes: 0 No: 10

Does the supplier provide COA's with every shipment? Yes: 0 No:10

Is the supplier facility in a High Risk country according to the Global Governance Indicators? Yes: 10 No: 0

Has the suppler had any food safety recalls/alerts/notifications in the past 24 months? Yes: 10 No: 0

Has the supplier been implicated in instances of food fraud? Yes: 10 No: 0

Does the supplier have a Food Defense Plan? Yes: 0 No: 10

What is the annual volume (pounds) of materials purchased from the supplier? Arbitrary number (low): 0 Medium: 5 High: 10

Does the supplier have multiple allergens in their facility: Yes: 10 No: 0

 

This gives you a total "risk" score of 80 points. You then determine the levels for Low, Medium and High risk.

 

As far as monitoring of suppliers, make up a score card for each supplier. If they deliver late, trailer is dirty, bags are ripped, they did not send a COA, whatever you currently use for incoming ingredient/trailer inspections/acceptance, transfer that info to the scorecard.

Make sure that when a shipment arrives with problems that you raise a non-conformance against the supplier and request from them a root cause analysis and corrective action to ensure the problem does not happen again.

 

Marshall

Edited by mgourley, 24 March 2022 - 10:05 PM.

[BenjaminJolt]

What you need to have is a way to MONITOR suppliers on a ongoing frequency.    The idea is just becuse a a supplier has a certificate and has passed approval procedures, does not mean that they will meet continually your needs.   For example, If for some reason or another you had to reject every other shipment, would you still use them?   

 

You could create a form (like the one attached) that has some key points that are improtant to you and grade and rate them on "X' freqency.    Items like missing or late coas, other documents supplied on time, out of compliance product found after receipt, trailer conditions, rejections, on time delivery, damaged product, etc could be evaluated.   

 

Again, the goal is some kind of continual monitoring.   the clause is vague, so you have a lot of room to do whatever you think makes sense for your operation.    

 

The file you sent along is so so so helpful in helping me visualize what I need to do. This is one of the last parts of our corrective actions and one of the biggest ones, so this has really come in handy. I hope we don't have to go back in time, but just write down our suppliers, assign a risk, and then start tracking information going forward. (I hope that is acceptable for the corrective actions.)

Thanks again, everyone, for all the suggestions and ideas! :)

[YNA QA]

If you're new to this and still gaining knowledge and understanding about it, just make sure that the method you choose is doable, and reasonable.  I inherited from a past QAM a supplier program risk assessment which was so in-depth, and had so many parameters that the past QAMs couldn't keep up with the risk levels they assigned 1-5 (think low, medium-low, medium, medium-high, and high)  They had built in  so many safe guards and checks into the system, that it made it impossible to deal with 5 different risk levels and the different requirements at each level.

 

A program can be the best most comprehensive one you can make it, but it's useless unless it works for you!!

 

Good luck :)

 

 

Edited by YNA QA, 06 April 2022 - 07:55 PM.