As we know that FAQ in BRC Food 7 become requirement in BRC Food 8.
"Where the supplier audit is completed by a second or third party, the company shall be able to
:–– demonstrate the competency of the auditor
–– confirm that the scope of the audit includes product safety, traceability , HACCP review and good manufacturing practices
–– obtain and review a copy of the full audit report "
I am thinking about general data protection regulation. Information in supplier site is very risky to be distributed as in full audit report may contain some confident commercial information. Confidential disclosure agreement between third party auditor are well aware, but full audit report is very risky to be spread out by customer site. In case of violence, it is not easy to prove that information was spread by customer or third party auditor. Information security policy between customer and supplier may need to be concerned. Third party auditor should think more on content in audit report preparation.
In term of competency of auditor, CAB which accredited by IAF AB should be recognized. Assignment of competent auditor is the must for such CB. Some personal information of auditor can be disclosed if CV or competency review information sent to customer without any control.
What do you think?
Jack.
Principal Witness Assessor
Edited by Jakkrit Vipatikom, 08 August 2018 - 10:09 AM.