Since the initial launch of the Safefood 360 platform we have always had a staunch and steadfast commitment to security and privacy.
This commitment has taken many shapes over the years and has been realised in many different ways in the SF360 platform.
Indeed, for more than 180 years, security has also been at the heart of our parent company, LGC, which was founded to test the authenticity of, initially tobacco, and later food imports into the United Kingdom.
Knowing the authenticity of a product, and validation of that claim, is itself a form of security as it gives peace of mind that things are as they should be.
To an external eye, some of these benefits and changes are more evident than others.
Behind the scenes, however, one of these synergies has been access to the deep and expansive knowledge that exists across the LGC group from PCQI’s and QA to business analysts, data engineers, and great minds in legal and corporate governance.
To this end, over the last 4 years we have been vigorously and continuously refining and improving our platform to ensure we offer an optimum product that suits a vast array of needs and gives peace of mind where it is needed.
During this time we introduced a new Microsoft customer identity access management platform (CIAM) into Safefood – called ADB2C. This is a safe and scalable authentication system solution capable of supporting millions of users and automatically handles cyber threats such as denial of service, password spray and brute force attacks.
This has proven very popular since we integrated it several years ago but it’s not the only choice for our customers. We also have another option that is more favourable for some of our clients – called Single Sign On.
What is Single Sign On?
Single Sign On, or SSO, as its typically called, is an important part of cloud security that very simply, makes life easier for your administrators by reducing various user logins across systems to one master username and password.
Essentially, it is a universal key that can be used to open all platforms a user needs, while allowing your administrators greater control of all the accounts and user roles in your organization.
Using this, you, as the user, only need to log in once at the beginning of your day, and you will instantly have access to Safefood 360 and any other systems you configure through SSO to work.
That means no more password resets or frustration when you make a mistake – just direct access so you can focus all your attention to the task at hand.
If you are unfamiliar with this, you may be thinking what’s the catch, or in a growing world of importance on security, data protection and privacy, why would you not want your systems air-gapped from each other?
The answer is quite simple, and we’ll go into the complex later, but essentially SSO provides your IT business partners with peace of mind that every user account is genuine as it provides greater traceability of accounts over the system, so no old accounts remain active long after the business need for it has ceased.
It also gives your administrator team direct control over access criteria, so you can eliminate dependencies on a specific vendor, and enable a zero-trust security policy as well.
In short, think of SSO like a bouncer to a nightclub – where the ID only needs to get checked once at the door and then the customer is free to order drinks – without SSO, the customer would need to verify their age each time they are at the bar, slowing up service, increasing the risk that someone may be underage or be refused, ultimately and decreasing the quality of service for everyone.
Benefits of SSO
For the reasons already listed above – SSO is more convenient and creates a better experience for everyone.
As people only need to be concerned with remembering one form of ID, you can make this stronger as it does not need to be repeated.
Think of a hall pass in school versus a passport.
Hallpasses can be issued frequently in line with changing demands, and typically are just a piece of paper with a stamp that can be forged versus a passport which has holograms, barcodes, serial numbers, signatures and other devices.
While a passport is difficult to forge, access is more immediate as being in possession of it, means the document is more trusted – and no additional verification is needed.
Both control your ability to travel, but one needs to be reissued constantly and checked, while the other is more durable, trusted, and can be used for a longer period of time without maintenance.
Although it is always advised to not use specific words or patterns in passwords, people are human and sometimes cut corners. By cutting down on the number of passwords in use – it’s less likely that a specific one may be spoofed or guessed – and as such, another security measure is present.
When your team do need to log on – they don’t need to think about it; and neither do your administrators.
Lastly, your IT team can benefit from one master list which they can deploy and modify systems access in real time with – this means like the rest your Safefood 360 system, that you will benefit from a singular version of the truth where all information flows across the different verticals of the business where it is needed, but most importantly, that this information correlates and matches when there is duplication.
Talk to us to learn more
If you are an existing customer we would be happy to talk to you or your technical teams about your SSO environment and what supports you need from us to enable this in your environment.
If you are not a customer though, we’re also happy to speak with you about how this is just one small piece of a much larger digital transformation project that we can help with you.
We offer off-the-shelf and custom solutions to food manufacturers of all sizes from single site manufacturers to some of the larger brands you may be familiar with such as Carlsberg, Publix, DSM-Firmenich, Upfield, Wegmans, Royal FrieslandCampina, Jacobs Douwe Egberts and much more.
Whether you are looking to fully digitally transform your food safety, compliance or operational data, our platform has customizable solutions which can fit your need.
If you would like to see how and have your questions answered, simply click the button below and get in touch where a member of our team will explain more.
https://safefood360.com/wp-content/uploads/SSO.jpg9241640/wp-content/uploads/2015/04/sf360-logo.png2024-05-17 10:24:142024-05-17 15:48:16What is Single Sign On and why do we offer it?
No matter where you are based, the global food manufacturing industry must comply with strict regulatory requirements, retailer demands and legal frameworks.
While the nuances of each of these asks may vary, compliance to their principles and quality standards to mitigate risk are at the heart of every action in food safety.
In this regulated landscape, maintaining data integrity is paramount, not just from a business perspective, but more importantly, ethically, it is needed to ensure that manufactured products do not cause any threat to life.
From the creation of HACCP in the 1960’s up to the modern day, the industry has grappled with evolving demands and how best to demonstrate compliance with them.
It is evident that having a standard and complying with a standard are two different demands, and the fallacy of audits to these requirements are that they present a moment frozen in time, rather than a holistic view of the real-world application of any management system.
Where records are created, they are often paper-based and islands unto themselves, presenting a microcosm of what happened on that specific day, at that specific time, and too often, do not help us determine greater learnings.
GFSI compliant schemes like BRCGS, SQF (Safe Quality Food), FSSC and IFS allow us to standardize the questions we ask of our data and uncover learnings, however, as these are ultimately industry-led, is the question worth asking, do these ask enough, or rather to be more specific, do their outputs of complying with them enable us to ask the right questions?
To answer this, this blog proposes a thought-experiment of looking at what learnings we can derive from another highly regulated industry, specifically the pharmaceutical industry.
What is ALCOA+
ALCOA+ is a set of principles designed to ensure data integrity in the pharmaceutical industry but has also become commonplace in other related healthcare and bioscience related spaces.
Originally introduced by the US Food and Drug Administration with a condensed scope of ‘ALCOA’, it has since expanded to include the ‘+’ and its principles can be applied to manufacturing, clinical research, testing, validation, and supply chain compliance.
In addition to evolving, the use of ALCOA+ principles have also spread and impacts how these sectors approach GMP (Good Manufacturing Practices) as well.
ALCOA is an acronym which means that a document should be something which is:
Attributable
Legible
Contemporaneous
Original
Accurate
Further to this, the ‘+’ refers to documents that are also:
Complete
Consistent
Enduring
Available
To ensure we have a fuller understanding of each point before we consider what learnings the food industry can take from this framework, we must briefly provide an explanation for each:
Attributable
While anonymous data can be used, such as in instances of whistleblowing, to apply learnings, we must understand the context in which the data was generated.
When we say that something is attributable, therefore, we are meaning that the origin of the data itself, be it manually created by a person or automatically generated by a sensor or machine reading, is identified as well as the time and date that the measurement was taken.
While the idea of this is nothing that will be new to any reader, there are vulnerabilities that we may not consider if the necessary security provisions are not applied.
Systems that allow anonymous access, or password sharing between members of a team can expose a business to falling at the first hurdle here and disqualifying the data from being attributable.
Legible
If your company is still using manual systems, it likely is still doing so with printed forms and checklists.
While this will structure the data, it is still potentially illegible depending on the cursive skills of the person who completed the record, or indeed, the type of paper being used.
Today, in many factories around the world, paper-based records are still commonplace and in use, so it is wise to take precaution and consider the type of materials we use.
Simple things like pen thickness can impact legibility, and if your factory deploys carbon paper to improve record keeping, the thickness of sheets should be considered as simple things like the digits ‘8’ and ‘3’ can easily be confused with the degradation of each copy.
Naturally, digital systems negate many of these potential pitfalls from the off and ensure that data can be read, however, even these systems must consider their place against other ALCOA considerations.
Contemporaneous
It is critical that the records you are keeping are reflective of the moment that they are pertaining to capture.
This means data should strive to be caught when it was generated or as close to the observation as possible, so that they reflect an accurate and complete picture of circumstance.
If a record is retroactively ascribed, it is possible that details may be forgotten or neglected to be included.
While one detail may be trivial and matter in the total picture of things, if left unchecked, these can quickly compound and create an issue.
This then means that future comparisons of current data against past data may be at odds and not able to be reconciled.
Further compounding this can be a potential risk of unchecked or unknown bias, where data being sampled retroactively may skew results if the individual happens to pick samples that are less onerous to test.
Again, software systems help mitigate against this risk with complete record keeping captured at source and random sampling to prevent against bias.
Original
‘Original’ data can also be considered ‘raw’ or ‘source’ data and refers to the data in its purest form at the point of capture.
This data represents a true picture and should be preserved in its original form before any assessment or application is made to the data.
For instance, temperature or sample readings in a monitoring record refer to the original data, and readings that refer to Mass Balance or Weight Averages would be considered additional or meta data.
In a paper-based process, this data can easily be skewed, misinterpreted, or truncated as it is copied from one form or format to another.
A digital system which can capture a higher quantity of digits and thus, more of the “original data” so it avoids things like rounding, resulting in a more complete picture that more accurately represents the true circumstances of output.
Accurate
There is a quote often attributed to Grace Hopper that “one accurate measurement is worth a thousand expert opinions.”
Accuracy is implied across all facets of quality management and underpins every reading we capture.
Over the years as the sophistication of machines, sensors, and indeed our ability to record information has grown – our ability to be more accurate has become pronounced.
The benefits of electronic systems compared to paper in this regard are unparalleled.
Fueled by the acceleration of systems like Hadoop, Data Lakes, Warehouses and indeed, Data Lakehouses, we are now able to capture a large quantum of data and recall it faster than ever.
This means that we can be more precise with machine calibration, maintenance, and proactively predict wear and tear.
The result is that Accurate systems striving for Total Data Quality deliver fundamental value to the bottom line of the business across Statistical Process Controls, Thorough Put, Yield, Waste, Rework, Scrap and knowing our Takt Time.
While the above considerations provide a solid baseline for data principles, they are further complimented and enhanced by the ‘+’ which includes four more areas which can be applied to create a more robust data strategy.
Complete
There is a theory that it is not just the data for product spec that we wish to capture that we should – but rather all original data and metadata should be collected as well.
This means that the ‘golden thread’ of data covers as absolute a picture as possible and can be reconciled against one another.
This includes retests, environmental data, batching details from lot number to time of goods-forward, audit logs, sensor readings, etc.
Consistent
Record keeping must be equal in its application.
Where possible, readings should occur to a defined and rigorous schedule, recorded in the moment and any deviations from the process monitored so that its effect on the captured data can be considered.
This is a principle that is quite tricky for humans and manual systems to adhere too, as variation is all but inevitable as front-line employees work at different speeds or have ad hoc tasks to perform in any given day.
As such, outsourcing, and capturing this at source in an electronic record, can give additional peace of mind.
Enduring
Retention of records and their availability to be accessed upon demand is ital.
A strong history of data capture that is archived and inaccessible is of no use as it cannot stand the test of time.
Vendors who provide systems must also ensure that access is uninterruptable, and the right redundancies are in place.
This is why Safefood like many vendors, includes automated daily data backup, multiple records across dispersed geographical servers and best practice disaster/recall recovery support.
Available
Last, but certainly not least, data must be available to all – or at least those that are in position to use it to drive continuous improvement.
It is of little merit or value to execute the above principles only to have the data locked in an environment where it cannot be used to help enhance processes.
If the data is available to everyone, it may overwhelm, cause confusion, or indeed, potentially compromise intellectual property or competitive edge.
Putting appropriate safeguards in place that protect the extent to which this data can be accessed and retrieved can be easier with software systems rather than needing to have manual security in place to protect or monitor specific areas of your facility.
How to apply ALCOA+?
Depending on where your facility and personnel are starting from, the best way to apply the above principles is likely to divide them amongst the relevant stakeholders with separate projects for each.
A GAP assessment of current status can be a good starting point, as it will reveal gaps from your ‘as-is’ to its ‘should-be.’
Once the assessment and these potential pitfalls are known to you, you could couple this with a Failure Mode Effects Analysis to quantify the potential risk to the business, and indeed, what costs could be incurred.
The good news is operating and adhering to ALCOA+ with manual systems can be done, however, it does require ongoing maintenance, drive, oversight, and cross department co-operation.
As such, it can often be burdensome on resources and while projects typically start strong, they may decrease in effectiveness as employee churn occurs or manual creep in systems takes place.
The better news is that there are ready-made solutions in the market available today which can help, Safefood 360 is one such system.
Our software combines more than 35+ modules which are purpose built for global legislation and technical standards such as GFSI, BRCGS, SQF, FSSC, and ISO22000.
Each of these modules can replace your current systems and brings the different elements of ALCOA+ together so you can remain in step with best practices.
All of our projects are supported by a team of Food Safety Professionals who will take the pain out of a digital transformation and be more than a support to you.
These services include full set up and deployment of all records, programmes, data, and tasks, so your team can remain focused on value added activities and contributing to your company’s bottom line.
Still not sure? Click the button below and contact us to see how.
https://safefood360.com/wp-content/uploads/Alcoa-Principles-What-can-the-food-industry-learn-from-life-sciences.jpg12542400/wp-content/uploads/2015/04/sf360-logo.png2024-04-15 13:07:472024-04-18 10:21:43Alcoa+ Principles: What can the food industry learn from life sciences
We are delighted to announce Audit Management 360, an enhanced version of the existing Safefood 360 Audit Management Solution.
The solution is relevant to food manufacturers and distributors of all sizes and will help them to simplify their audit processes and securely report findings.
For the first time, the solution will enable native offline functionality, allowing users to complete audits anywhere, and upload the results later, using our new mobile app.
Fully compliant with all retailer and technical standards like BRCGS, SQF and FSSC 22000, the app delivers a new and enhanced User Experience which delivers a simpler interface and streamlined workflows for mobile devices.
Until now, the Safefood 360 platform has always been browser agnostic, however, this new development is designed to address some of the expanding needs that our customers have articulated and provides a simpler, more user-friendly experience.
What is Audit Management 360?
Audit Management is a new solution designed for stakeholders across the supply chain at all levels who are involved in the audit process.
At its core, the solution is designed to assist Quality, Compliance and Technical Managers that the full FSMS already caters for, but will provide them the option of priming management to transition to a full digital solution at a lower entry cost point and with minimal demand on resources.
Transition to a full digital solution at a lower entry cost point with minimal demand on resources.
Audit Management 360 brings together the existing Auditing, Corrective Action and Management Review programs and workflows, supported by Safefood 360’s backbone functionality of master data management, document management, the reporting centre, and alert management.
In addition, Audit Management 360 is the first Safefood 360 solution to have its workflows available on the new Safefood 360 mobile app which gives users the option to conduct internal audits online or offline using their devices.
Conduct internal audits online or offline
We have developed the solution in response from our user base to evolving mark need to utilize hybrid working while maintaining compliance and oversight of facilities in accordance with GFSI and retailer technical standards.
Easier than ever to use and remove barriers in adoption
The solution will allow users to maintain oversight with retailer and technical standards to the same extent as when all resources are available on site with significantly less labour resources needed to be physically present.
New workflows designed specifically for mobile audits, will make it easier than ever to use and remove barriers in adoption across the wider work force.
What’s included (Features)
Focused auditing functionality delivering internal audit, site audit and site self-assessment programs and workflows.
Ability to configure your own customizable checklists, and also have access to our checklist library of globally recognized standards, large international retailers & other compliant bodies.
Build your own ratings and scoring for your checklists to align with your own compliance regime or pull from our libraries.
Access to our brand new mobile app, which gives users the option to fill out and complete their internal audits and raise corrective actions online or offline on the app with real-time data synching.
Ability to raise corrective actions automatically or manually during your audit, or log corrective actions independently, and then track, manage and close these corrective actions with enhanced reporting and follow-up workflows.
Ability to write Audit Reports, including customizing approval and review workflows.
Ability to add files and photos while carrying out your audit to respond to checklist questions or support audit findings.
Add guides and procedures to your audits, including on or offline on the mobile app, so your auditors always have access to the right information when they conduct the audit.
Access to our Management Review module to build your own Management Review workflows for scheduled or targeted management reviews to take actions and submit reporting on non-conformances.
Access to our Document Management module to build and configure document review and document control workflows for the storage, management, approval, versioning, and control of documents, including files uploaded during the audit workflow. Never lose a document again!
Ability to maintain employee records to manage their information & build employee review workflows to monitor performance.
Use the Reports center to access our library of reports, schedule and configure reports to land in your team’s or your leaders’ inboxes in the format and frequency that suits you best.
Use our alert and notification functionality to keep teams and managers in the loop on all auditing activity and corrective action management.
Build and customize user roles relevant to your organization or use our out-of-the-box user roles to manage access and permissions to your data and workflows.
Our audit log feature tracks all activity across the solution, creating audit log entries for processes like creating, saving, printing, deleting, editing records and data, so you always know who carried out an activity & when.
Access to Safefood 360’s high performing support team and comprehensive user guide to advise and support you while using Audit Management 360.
How to get the solution?
Getting to grips with understanding where to start with Safefood 360° has never been easier.
Our team of professionals are standing by to discuss your requirements and see if this is the right fit for you.
If it is, they will arrange a live demonstration which takes place on a 1-to-1 basis for you and your stakeholders to look at the system.
During this session they will advise you of what the next steps in your digital transformation will look like, or, if we’re not a fit, were other parts of our LGC ASSURE network can assist you.
Don’t miss out and to speak to our team today, to find out more.
What was clear with both of these themes was that the pandemic has had a massive effect on the industry.
In addition to this, we’ve identified that remote and blended audits have contributed to ensuring audits continued despite the pandemic.
Key to this was planning and preparation to ensure the audit went smoothly.
The importance of Information Communication Technology
The role of Information Communication Technology (ICT) cannot be underplayed in this regard.
Technology has a vital role to play in our food supply chains.
Businesses are increasingly turning to digital tools and platforms to support their challenges, using the power of data and automation to problem solve, improve processes and help decision making.
It also increases productivity, enhances transparency, and creates added value from operations right through to the customer experience.
Businesses are increasingly turning to digital tools and… using the power of data automation to problem solve
The pandemic has certainly led to a dramatic increase in the use of some digital tools, and they have been essential to the food industry throughout.
We know that remote auditing would not have been possible without it.
It has been used to demonstrate food safety compliance to auditors and thereby helped maintain certification for hundreds of sites across the globe.
However, it is not without its challenges.
Additional steps such as Confidentiality agreements or Non Disclosure Agreements may need to be signed, and the IAF ID3 and IAF MD4 documents understood and agreed with the Certification Body – they will talk you through this process if you are unsure.
Sites had to learn where their Wi-Fi hot spots and black spots were in advance of the audits – something most technical managers had never done before (a topic we covered in the second part of this series where we focused on remote audit techniques to help prepare for these type of issues).
We did hear about some extremely remote sites having no Wi-Fi at all – making it impossible to conduct a live remote audit.
Sites and auditors used a wide variety of hardware and software during the remote audits to demonstrate compliance and share information.
ICT however does not in any way constitute ‘digitalisation’ which is usually an enterprise-wide project requiring investment and detailed projects.
The pandemic has not necessarily accelerated digitalisation in that respect and may in fact have slowed the process down in certain businesses – we have heard of cases where companies that may have started the rollout of digitalisation have delayed it due to the pandemic taking priority.
On the other hand, companies that already had digital food safety platforms in place had a 3-fold increase in their use by existing customers.
those with digitial food safety platforms in place had a 3-fold increase in their use by existing customers
This is because they realised they could effectively manage their compliance systems remotely using the full set of features their digital platforms already offered.
In other words, the pandemic encouraged digital users to exploit a digitally based compliance solution they already had.
This supports feedback that those using remote technologies to perform internal audits enhanced their control to mitigate food safety risks during the pandemic.
This reiterates the importance of strong internal audit programs, especially when third-party audits were not possible.
Another example of a rapidly evolving digital tool used in the food industry is digital pest monitors.
Tools – such as rodent monitoring sensors – can protect operations from pest infestations and the related risks of disease, product loss, and recalls, and they can help ensure your site is audit-ready and compliant with complex regulations such as FSMA and Food Safety Standards.
Training
Digitalisation not only helped with compliance but it also enabled education and enhancement of knowledge.
One of the key lessons we learned is that remote working thrust Virtual Learning into the limelight, which had a huge impact in breaking down the geographical boundaries that have been traditionally associated with classroom learning.
Redesigning Learning
BRCGS made an early commitment to find ways of adapting to support our certificated sites and allow them to continue to develop their teams and to maintain technical competence levels.
This is essential as sites that are more agile, and more people-centric, will be better positioned to bounce back stronger.
By adapting our content and approach we have redeveloped our courses to make sure they are providing an even better online experience.
We reframed the content to improve online engagement and we also adapted our teaching methods, so our learners are getting the best out of the virtual classroom environment.
Redesigning training so that it can be delivered through virtual platforms has been critical to providing brands and specifiers what they seek.
Mobile Microlearning
By developing our mobile-friendly learning option, we’ve made it easy for people to train on the go.
The platform allows learners to target specific skill areas and meet their CPD requirements around their business and personal schedules.
Virtual Events
We have switched from traditional learning conferences to virtual events, which have been extremely successful.
We look forward to continuing to support our global network with virtual, in person and hybrid events throughout the year.
BRCGS Professional
With BRCGS Professional, we have learning programmes which will give you international recognition for the key skills and knowledge essential for product safety management.
And even with the pandemic, we have seen this programme continue to go from strength-to-strength.
In 2020, we welcomed new enrolments from a record-breaking number of new countries around the world and saw the highest number of new graduates from the scheme since it began.
There were 2,900 new enrolments in 2020, 104 professionals graduated, and we had enrolments from 13 new countries.
This demonstrates how virtual training is increasing and the pandemic encouraged people to continue their training during lockdown.
How the pandemic affected Non-Conformities
With all of the techniques described, the digitalisation of audits, and additional training, what was the net result?
Or put another way, did we see a change in non-conformities reported?
This is a tricky question to answer, further complicated by the fact that we are comparing two untypical years.
For most sites, 2019 was their first Issue 8 audit, which was published in August 2018.
So, their first audits were in 2019, which always affects the patterns of non-conformities as sites tend to get non-conformities against new clauses, due to the fact they need to adapt or understand how to apply them to their facility.
Then, in the following year, we had the pandemic.
This means we have two consecutive years of potentially ‘untypical’ data to try to trend.
Looking at the left-hand side graph above, clause 1.1.2 in Food Safety Culture was new in Issue 8 and immediately was the top non-conformity.
Food culture is also relatively new for our industry, as well as clause 2.7.1.
The radiological hazards bullet point was new to sites and this caused more non-conformities in positions three and five.
Looking at the right-hand side graph, the top non-conformity was clause 4.11.1 – which has been the top non-conformity for many years.
This shows that in reality that the top non-conformities are not changing that much at the moment.
Another way to analyse this is by total non-conformities by volume of audits.
Looking at the graph above comparing 2019 to 2020, we can see that the overall number of minor non-conformances allocated were slightly down year-on-year but still fairly consistent.
This suggests that despite all the challenges sites are maintaining all the food safety clauses in their sites.
It’s important to note that we do not have all of the data compiled on the remote audits yet nor do we have a statistically significant number of audits completed to make any analysis truly meaningful.
Whilst these trends do point towards a minimal impact, we will need to continue to monitor this dataset as the pandemic continues.
But regardless of what the data shows, to provide assurance to brands and maintain consumer confidence, sites have had to maintain their food safety standards during the pandemic.
Ultimately, this meant they have had to make lots of changes to sites and operations to comply with the new COVID-19 rules.
Therefore, a key learning is that the standard gives them flexibility to change systems in a controlled way to maintain food safety and the associated risks.
This reinforces how the standard is designed to help sites to manage changes in unexpected events such as a pandemic and gives us confidence that the BRCGS standards can achieve their goals in challenging times.
The pandemic has had a big effect but we have responded
In summary, the key lesson we learned from the pandemic was that we had to adapt our ways of working to ensure we continued to provide brand protection for our customers.
Although there are still many learnings to be realised, the remote audit process is working well.
Although there are learnings to be realised, the remote audit process is working well.
It has increased our reliance on virtual training, and with the success of this, it is clear online training is here to stay.
ICT is fundamental to allow the audit function to continue.
Again, test all devices, test access, and communication methods well in advance of the audit.
Perform at least one internal mock audit and then another with the auditor.
This will reduce stress levels on the day.
I hope you have found these articles useful and that they will establish a framework for your very own successful remote or blended audit in the future.
https://safefood360.com/wp-content/uploads/2021/07/BRCGS-Lessons-from-the-Pandemic-Part-3-Non-conformities-and-Training.png6671333/wp-content/uploads/2015/04/sf360-logo.png2021-07-22 15:09:552022-11-01 12:15:45BRCGS’ Lessons from the pandemic: Non-Conformities and Training
January 2021 was an important month in the United States.
With all the chaotic events that occurred in Washington D. C., it might have been easy to miss the fact that January 2021 was the 10 year anniversary of President Obama signing FMSA into law.
When FSMA was signed into law, its intention was to provide the FDA the necessary teeth it required to be more effective, however, after a decade of being in existence a fair question to ask now seems to be “is FSMA all that it was cracked up to be?”
Surely, all of the hoops the industry jumped through for FSMA weren’t for nothing?
Surely, all of the hoops that the industry jumped through weren’t for nothing, right?
The current status of FSMA
Last year, Frank Yiannas, the Deputy Commissioner for Food Policy for the FDA, introduced the New Era for Smarter Food Safety Blueprint (which I discussed here).
We dissected the “Blueprint” and concluded that it was becoming apparent that FSMA really was just the foundation, whereas the New Era Blueprint was likely becoming the rest of the building.
FSMA was the foundation, … with the Blueprint likely becoming the rest of the building
More than a decade ago Foodborne illnesses were at an all-time high, recalls were getting out of control, food manufacturers were seemingly skirting regulatory requirements and customer confidence in the food supply chain was diminishing.
The FDA aimed to fix that, and FSMA was their tool of choice.
After FSMA was formally signed into law by President Obama and the subsequent rules began rolling out over the next few years (i.e., FSVP, Sanitary Transportation – Human and Animal Food, and Preventive Controls), some improvements were made in the way that industry approached the new regulatory “burden”, but it can be argued that FSMA was not that silver bullet that it was hyped to be.
FSMA was not the silver bullet that it was hyped to be
What FSMA did, however, is change the way the industry approached their food safety system by looking at it as a holistic framework essential for the entire business group structure as opposed to simply being a necessary evil present only due to regulatory requirements.
Over the past decade, more and more companies began taking on the task of ensuring their entire company culture adopted food-safe-centric values, and the ideals of quality did not just land on one department head’s lap.
Gone were the days of a simple 5 x 5 risk assessment matrix as companies started adopting detailed, criteria-based risk assessment models which could be used throughout their entire program from their food safety plan to supplier approvals.
Gone were the days of a simple 5 x 5 risk assessment matrix
Improvements were made along the way, but FSMA has not solved all of our problems. We can take a quick look at the numbers and see that we aren’t out of the woods just yet.
10 years after FSMA was written into law and it seems the CDC has still not been able to update these numbers on their website:
It can be argued that the reason for certain spiked numbers is due to increased testing in certain areas, however, the counterargument to that is always that the positive results do not discount the fact that they were there all along.
Perhaps they were simply hidden in years past?
Such argument can become very speculative and is best reserved for the halls of academia, but, at least to me, it seems clear that change was needed and overdue.
The future of Food Safety in Modern America (and beyond)
There is that tired old cliché often misattributed to Albert Einstein that the definition of madness is repeating the same thing over and expecting different results.
One does not need the IQ of Einstein to see that the FDA’s approach with FSMA has not delivered the land of milk and honey that it was envisioned to do so and that something else was needed.
FSMA has not delivered the land of milk and honey
To be clear, I am not attempting to be pessimistic for pessimism’s sake, there are many positives that have occurred within the last 10 years, and FSMA has certainly had significant positives to how we perceive and approach food safety.
FSMA has created an atmosphere in the food industry where food processors have become increasingly proactive and alert to issues, and consumers have become hypervigilant – and at the same time educated.
The food industry responded not just to consumer’s needs but their demands for an increased focus on food safety, and the FDA responded by launching FSMA.
Consumers demanded an increased focus on food safety … and the FDA responded by launching FSMA
In response, GFSI schemes also stepped up and enhanced their offerings over the past years.
Some of those changes can be attributed to the advancements of best practices and individual schemes attempting to stay ahead of the curve, and of course, COVID-19 has been a major catalyst of change, but we’ve also seen more focused changes along the way, with the likes of SQF adopting more formal practices regarding SPC before rolling back to just process controls, as well as BRCGS’ tightened requirements for labeling control and supplier management.
For food manufacturers, FSMA has brought about an appreciable increase in the use of food safety and supply chain management solutions.
FSMA has brought about an appreciable increase in the use of food safety and supply chain management solutions
Managing food safety programs prior to FSMA was a cumbersome task, but very quickly spiral-bound notebooks and excel spreadsheets were no longer adequate even for SMEs.
The resulting shift left food safety manager’s clamoring for the assistance of an electronic solution where all of their programs and data could be housed, and one that would deliver the timely reports their company leadership would require.
Is food safety utopia achievable?
Make no mistake about it, the FDA is just as ambitious as private industry is.
Nobody wants to do a bad job, and aside from the very rare bad actors and outliers, I like to think most in our line of work appreciate the importance and severity their actions carry.
I look at the current state of the industry now compared to when I started my career and it is almost unrecognizable.
Having spent the last decade working with most of North America’s leading food businesses to implement electronic quality management systems I have had the immense privilege and fortune to hear many different stories and see professionals of all walks of life rally around a singular cause – to do better.
The rate of technological advances in the last few years brings almost unlimited potentiality, even if some like blockchain may propose a false dawn.
These solutions however are only as strong as the companies or individuals using them, and no man is an island.
Our world and our supply chains are more interconnected than ever, and from all indications, they will continue to grow more elaborate and dependent.
We need strong leadership and examples from those that united industry and the New Era for Smarter Food Safety Blueprint can very well be the flag around which we rally.
I began this blog by acknowledging that consumers are becoming more educated than ever.
Our interdependency and access to information also come at a higher cost at which we need to ensure we can deliver satisfaction and peace of mind.
In publishing the Blueprint, the FDA has acknowledged its role as a standard-bearer and accepted that it needs to move at a faster pace and be more agile, less monolithic, and more in-tune with the requirements of industry.
We work with our customers to help them enhance and bolster their systems, ensuring they can eliminate non-value-adding activities and use these time savings on more productive tasks.
Not only is industry putting its best food forward, but they are running with it
In short, what this means is that we’re trying to give them time back in their day that they can spend to continuously improve, enhance, and bolster their systems, ensuring not only are they putting their best foot forward, but they are running with it.
In the same vein, FSMA was not a failure, nor was it the foundation on which we can build, but it seems clear now that it was the initial excavation, preparing the ground for what was to come.
Yes, the floors are not down and the roof may not be on the house just yet, but that just means the possibilities and potential are limitless.
The floors are not down and the roof may not be on, but that just means the possibilities and potential are limitless
Here at Safefood 360°, we’re looking forward to helping food manufacturers rise to the challenges that not just the blueprint itself will have, but also the next evolution of legislation, standards, and schemes.
We will continue to offer innovative solutions that address traceability, supplier confidence, and predictive tools, change how industry perceives food safety, and always bring the best culture and solution fit we can that works with your needs.
These are not just the pillars of the blueprint, but goals that we strive to deliver on.
Right now, many of us are still in lockdown, so this metaphor has a stronger meaning than usual, but we are all going to be in this house together, so let’s build the best one we can live in.
https://safefood360.com/wp-content/uploads/2021/02/Was-FSMA-a-Failure-Blog.png6971368/wp-content/uploads/2015/04/sf360-logo.png2021-02-19 18:38:432023-07-05 15:09:25Was FSMA a failure?
The release of SQF Code Edition 9 will align the code with the latest GFSI benchmarking criteria when audits begin in May 2021.
Taking pride of place at the recent SQF Global Conference, the freshly debuted Edition 9 unites the global SQF community of more than 10,000 sites in 40 countries to serve as an integral part of the world’s food supply chain.
The changes in its release arrive at a time of unprecedented challenge for the industry worldwide and are designed to propel SQF further into being an accessible and implementable solution that works for the global food safety community.
Having attended multiple sessions throughout the conference, what follows below is a high-level introduction of what food manufacturers can expect in the changing compliance landscape of 2021 and beyond.
From a very high level, changes to the code can largely be categorized between structural and technical changes.
Changes to the code can be categorized between structural and technical changes
Change or adjustment to any standard can often cause concern or worry to a food manufacturer that may be unfamiliar with what is required and conscious that they may not be adequately prepared.
This blog presents a detailed summary of the core changes and key areas of concern that you may need to know of what is occurring to the standard and what food businesses are obligated to do to ensure their compliance remains unaffected between the transition of Code Edition 8.1 to Edition 9.
Before continuing, it must be pointed out that what this blog is not is a comprehensive framework or roadmap for compliance to the standard, but rather it is designed to introduce the topic to those who may be unaware and help them in their path to familiarization.
Structural changes
Starting from an extremely high level, the aesthetic of the code itself has changed with a new look cover, font, and spacing immediately evident.
On the surface, while such changes might seem pedantic or trivial, they are indicative of larger changes within the code itself where the architecture and structure of the codes has been improved, and it could be considered that a new aesthetic supposes the code is now designed to be more accessible to stakeholders.
A new look and aesthetic appeal of the code are indicative of larger changes
Arguably, one of the most prominent criticisms of the code from detractors in the past has been with regards to unnecessary duplication and the problems associated with it.
For example, in previous iterations handwashing was mentioned in several areas of the code which it could be argued might create confusion for businesses who were starting their SQF-journey and might find it difficult to determine where to begin.
To address these critiques, Edition 9 prioritizes consolidation to make it easier to locate requirements and indeed to make them more understandable for would-be sites new to SQF as well.
At the risk of oversimplifying the changes, and on a very simple and pragmatic level, the Primary Production and Manufacturing Codes have been divided into sections to streamline and improve synergies across the road
Primary Production and Manufacturing Codes have been divided into sections to streamline and improve synergies across the code
The Primary Production code has now been divided into three different codes: Primary Livestock (Animal) Production, Primary Plant Production, and Aquaculture.
Each of these industry scopes will now be represented by its own dedicated code and system elements.
While I will focus on the specifics of these later in this piece it is important to note that the parameters of these scopes have also increased in parts and it is not a case that they are simply a copy-and-paste of the previous iterations.
For example, Pre-packing of produce (module 10 in SQF 8.1) has been removed and is now with Primary Plant products.
The subdivision of the Primary Production code also increases their parameters and it is not they are a simply a ‘copy-and-paste’ of the previous iterations.
The Manufacturing Code has also seen changes with Processing of Animal Products, Pet Food, and Animal Feed also being removed into separate codes as well.
The purpose of these adjustments is to streamline the code and create synergies that bring elements together for more effective adherence, such as slaughtering, which is now included with processing.
One change to the Quality Code is that it is now applicable to any GFSI standard whereas before it was just applicable to SQF.
The Quality Code is now applicable to any GFSI standard whereas before it was just applicable to SQF
Finally, there have been no changes made to Food Retail, Foodservice, or the Fundamentals Program; although it is currently envisioned that these will be updated to Edition 9 in 2021.
Technical Changes
One of the most immediate and obvious changes is the adjustment of how scoring is determined in Part A of the code.
A major non-conformance is now scored at 5 points instead of 10, which indicates a possibility for more nonconformances to be raised which should allow for better reflection of the current site performance and hopefully lead to more effective learning opportunities for development.
Additionally, this scoring change will provide a holistic view of a facility while still identifying systemic issues.
How scoring is calculated has been changed to provide a holistic view of a facility while still identifying systemic issues.
The requirement for a stage one desk audit for initial certifications has also been removed while the option for remote activities has been included.
In simple terms, what this means is that Part A now accommodates the facilitation of a ‘hybrid audit’ which can be incorporated into the audit process.
As pre-audit activities can now be performed remotely (something Safefood 360° can assist with) the audit duration table in the section has also been removed.
Specific time frames are also now in place which are based on the GFSI duration guide.
There is also clear clarification provided for sites on what activities to do when the site fails an audit or is suspended.
An ‘IF/THEN’ table in Part A should help sites get back on track when required
In such instances, the SQF has provided an IF/THEN table in Part A which is designed to help the site get the site back on track in as efficient a way as possible.
Overall, the changes are designed to be more ‘site-friendly’, something which is reflected in how Part A is now written from a site’s perspective.
System Element Changes
One of the key changes in system elements is the requirement for Food Safety Culture has been updated (2.1.1.2).
A requirement for Food Safety Culture should bring closer alignment between the SQF and BRCGS
That said, what is required here is not necessarily anything new as it has been compulsory in other elements in past versions, e.g., adequate resources being available to ensure objectives can be met is in the requirement for senior management commitment.
Similarly, what is expected and required from the senior manager commitment section seems to be comparable to the expectations in the food safety culture requirement and quality policies should be updated to include food safety culture.
Internal labs that conduct food safety testing must ensure that sampling and testing methods are in accordance with the applicable requirements of ISO/IEC 17025 and there is an annual proficiency testing conducted for staff who perform the analysis work.
This caveat is only required for those conducting food safety testing and not quality testing such as Brix, and the internal lab doesn’t need to be accredited to ISO/IEC 17025.
Individual System Element Changes
2.1 Management Commitment
The requirements in 2.1 Management Commitment have been consolidated with duplications removed.
Food Safety Culture, as discussed above, has been added into this section and it is now required that a site has a substitute or backup SQF practitioner.
Sites are required to have a substitute or backup SQF practitioner
Sites must now be organized in order to meet food safety objectives and staff should be evaluated to ensure they have the right competency and support from management.
Finally, Crisis management, which was previously in this section, has now moved to 2.6.3 Recalls and Withdrawals.
2.2 Document Control and Records
There were no major changes to 2.2 Document Control and Records, except the addition of a requirement for retention periods of documents to consider the shelf life of the product.
This was added to meet GFSI benchmarking criteria.
2.3 Specifications, Formulations, Realization, and Supplier Approval
This section has been renamed from Specification and Product Development to a more encompassing Specifications, Formulations, and Supplier Approval.
Product formulation needs to include development by authorized persons and is required to be reviewed when changes are made in materials, ingredients, or equipment.
Process flow has been added to 2.3.1.5 and all specifications have been summarized under 2.3.2 and include service suppliers.
Suppliers must now notify the site of changes in product composition that could have an impact on product formulation and food safety, for example where a potential allergen such as soy has been added.
Suppliers must notify the site of changes in product composition that could have an impact on product formulation and food safety
It has also been added that finished product labels must be accurate, comply with the relevant legislation, and be approved by the qualified company personnel.
2.3.2.4 is now split with validation of specifications being retained in 2.3.2.4 and verification is now in 2.3.4.3 as part of Approved Supplier Requirements which has moved to 2.3.4.
If your business utilizes Co-Manufacturers the requirement now includes high and low risk, as well as third-party distributors with specific mention for the first time as it had not been defined before.
2.4 Food Safety System
Product sampling, formerly in section 2.5.4, is now in 2.4.4 in Food Safety Systems, while testing and analysis now include reference to internal as well as external laboratories (internal lab formerly 11.8.1).
Proficiency testing is now included in 2.4.4.2 (formerly 2.5.4.2) and Non-conforming equipment has moved to 11.1.7.9.
Product release should now include a procedure to confirm that product labels comply with the applicable food legislation with a positive product release procedure required in 2.4.7.3.
2.5 SQF System Verification
A record for root cause analysis is now required under 2.5.3.2 but beyond this, there have not been many changes of note to this section.
That said, the SQF has announced that they intend to provide clarification on the requirement, as well as detailing where deviations from food safety requirements may occur.
These clarifications have not been issued at the time of writing.
2.6 Product Traceability and Crisis Management
2.6 has been renamed to include ‘Crisis Management’ which can now be found under 2.6.4 (previously 2.1.5), a decision that allows for a better flow of requirements.
Crisis Management allows for a better flow of requirements
There is also a new emphasis on labeling requirements and checks during operations to ensure that the correct product is in the correct package and with the correct label.
Product changeovers will need to be inspected and approved by an authorized person, while procedures will be implemented to ensure that label use is reconciled, and any inconsistencies are investigated and resolved.
Requirements for testing the recall system are now to include products from different shifts and for materials across a range of products and customers.
2.7 Food Defense and Food Fraud
This section is a good example of how the new edition groups similar requirements as it has been consolidated to include all food defense and food fraud.
In version 8.1 food defense was mentioned in the approved supplier program but is now fully contained under 2.7.
2.8 Allergen Management
Allergen Management has seen a walk back of requirements from Edition 8.1 with regards to the labeling of gluten.
Additional requirements regarding the approval, use, verification, and reconciliations of labels has been added as labeling issues in regard to allergens has been a cause of many recalls.
2.9 Training
To reduce the number of sub-clauses in 2.9, training was consolidated into two sections – 2.9.1 Training Requirements and 2.9.2 Training Program.
The content hasn’t changed too much with just a few additional requirements being added in the cases of relevant staff for the tasks of sampling and testing methods, as well as environmental monitoring.
All relevant staff are required to have adequate training for allergen management, food defense, and food fraud.
Module 11 Changes
There have been numerous changes to Module 11, so it is important to address them separately to ensure they receive the appropriate attention.
11.1 Site Location and Premises
11.1 was renamed to Site Location and Premises and now covers 11.1.2Building Materials; 11.1.3Lighting and Light Fittings; 11.1.4Inspection/QC Area; 11.1.5 Dust, Insect, and Vermin Proofing; 11.1.6 Ventilation; 11.1.7 Equipment and Utensils; and 11.1.8 Grounds and Roadways.
While this might seem an extensive sweep of change upon initial glance, the purposes for them being consolidated follows in line with the previous ones mentioned and was to streamline the requirements by having similar reaching requirements grouped together.
One other change in 11.1.6 is the requirement for ventilation in enclosed processing and food handling areas, and where appropriate a positive air pressure system should also be put in place.
Finally, 11.1.7.9 includes non-conforming equipment, which was previously located in 2.4.5, while equipment storage rooms has been moved to 11.6 Storage.
11.2 Site Operation
11.2 was renamed to Site Operations and it now includes 11.2.1 Repairs and Maintenance; 11.2.2 Maintenance Staff and Contractors; 11.2.3 Calibration;11.2.4 Pest Prevention; and 11.2.5 Cleaning and Sanitation.
11.2.2 Maintenance Staff and Contractors has also been separated out from what was 11.2 Premises and Equipment Maintenance.
Lastly, Pest Prevention was restructured and clarified and there was a terminology change with regard to handwashing basins now being referred to handwashing stations.
11.3 Personnel Hygiene and Welfare
More restructuring and consolidating mean this section contains only one code requirement in 11.3.2.5 where references to signage for handwashing have been combined.
11.3.3 has been ‘rebranded’ from Clothing to Clothing and Personal Effects and it now includes laundering, protective clothing, and jewelry while 11.3.5Staff Amenities include change rooms, toilets, and break rooms.
11.4 Personnel Processing Practices
This section remains the same but requirements for staff personnel working in or visiting food handling areas has been differentiated.
Process flow which was previously in 11.7.1 is now captured under 11.4.1.3.
11.5 Water, Ice, and Air Supply
A business is now required to have contingency plans in place for its water supply in such instances where the potable water is deemed to have been contaminated (11.5.1.1).
Ice supply should be sourced from an approved supplier and included in the food safety risk assessment
There also now exists a new clause in 11.5.4.2 with regards to ice supply, indicating that ice should be sourced from an approved supplier, included in the site’s food safety risk assessment, and be supplied in containers that are appropriate for use.
11.6 Receipt, Storage and Transport
11.6 has been renamed to Receipt, Storage, and Transport due to an update in relation to the receipt of materials.
11.6.1.2 includes a new clause to meet GFSI GMP 4.1 which is to ensure all materials are received and stored properly to prevent cross-contamination risks.
A new requirement exists for loading docks which should be designed to protect the product from any kind of contamination during loading and unloading.
In 11.6.5.4 there is a new requirement for loading and unloading docks, which requires them to be designed to protect the product from any kind of contamination during loading and unloading.
11.7 Separation of Functions
There is a new requirement for Ambient air in high-risk areas to be tested, at least annually, to confirm that it does not pose a risk to food safety (11.7.1.2).
Ambient air should be tested annually [at least] to confirm it does not pose a risk to food safety.
A new clause (11.7.3.11) has been added stating that “Gaskets, Rubber Impellers, and other equipment made of materials that can wear or deteriorate overtime shall be inspected on a regular frequency.”
Receipt of raw materials moved to 11.6.1.
11.8 Waste Disposal
With On-site laboratories being addressed in 2.4.4., this section is now fully dedicated to Waste Disposal.
11.8.1.3 has moved from 11.2.9.5 in Edition 8 as “Waste and overflow water from tubs, tanks and other equipment shall be discharged direct to the floor drainage system and meet local regulatory requirements.”
A new clause has been added to meet GFSI GMP 12.1 regarding the effective removal and storage (if required) of wastewater.
Primary Production Changes
As mentioned earlier the Primary Production code has now been divided into three different codes: Primary Livestock Production, Primary Plant Production and Aquaculture.
The Primary Plant Production means that grower and packers who previously would have been required to be certified to 2 codes, Primary Production and Manufacturing, now only need to be certified to one.
A new food sector category ‘Indoor Growing and Harvesting of Fresh Produce and Sprouted Seed Crops’ has been added and grain handling is now under the sector ‘Food Produce, Grain and Nut Pack House Operations’.
A new module, Module 18 – GAP for Indoor Farming of Plant Products has also been added and Packaging Module 10 has moved into Primary Plant Production.
These changes will align with GFSI and should help improve the scoping and effectiveness of audits in vertically integrated sites and multi-site certifications.
There has also been an update to the language in the code which should help remove ambiguity and provide enhanced clarity on the areas where the code is applicable.
Language in the code has been amended to remove ambiguity and provide clarity
For example, when products are grown in indoor situations they are clearly not grown in fields, so the terminology has changed to ‘growing areas’ to reflect the unique situation.
The term Good Operating Practices is also used as GMP isn’t suited to this sector.
To be in compliance with GFSI, the Primary Plant Products code now also includes licensing & a review process for plant/hybrids (for example hemp being supplied into the food industry), and a HACCP-based alternative will now be applied to Packhouses and applicable to indoor agriculture.
The Primary Plant Products code establishes a review process for plants and hybrids
This allows for corporate, brand owners or independent groups to provide food safety plans.
The word “significant” has also been added to CAPA, so if an incident occurs on a site a business can define in advance the appropriate action that needs to be taken.
A condition for Environmental monitoring has also been added for indoor agriculture and packhouses with a requirement for water quality for the Concentrated Animal Feeding Operation (CAFO) for leafy greens, as well as commodity-specific SOP’s for harvesting.
Finally, to align further with the latest GFSI criteria, new requirements for chemical label compliance, visitor cross-contamination, and waste system design have all been added.
Pet Food:
As mentioned already, Pet Food has been separated out.
The most prominent change is that allergens are no longer mandatory with the requirements having been rescinded.
The ‘Allergens’ header has changed to ‘Identify Preserved Foods’ as this better identifies the hazards to pets (i.e., such as cases where a label claims to be grain free).
Feed:
Some changes can be also seen in the domain of Animal Feed where HACCP-based programs or a risk management system can be used as a means of preventative controls.
Due to feed being separated out, a number of requirements were removed such as ice, a CIP reference, and sensory evaluation, while clarity has been provided on 3.6.2 Cold Storage and Thawing which is applicable to ingredients not feed.
Food Packaging:
Like most of the codes, the Food Packaging code has undergone consolidation by streamlining and decreasing the overall number of elements while preserving the integrity of the code.
Language has been updated to better reflect food sector packaging and pest prevention elements have been simplified.
There is now a requirement reading quarantined product (2.4.5.2) and finished product returned from a customer shall be quarantined until authorized for release for use or re-shipment.
Environmental monitoring has also been modified to be less prescriptive and to ensure it applies to all types of packaging rather than to paper-packaging.
Lastly, additional clarity has been given on the use of other materials such as recycled material in 2.3.2.4 with all raw materials, including those made with recycled, plant-based or additional additives, shall be suitable for the intended use, food contact compliance where applicable, and shall comply with the relevant legislation in the country of manufacture and country of destination, if known.
Storage & Distribution:
Storage & Distribution has followed the food manufacturing code with customized language for distribution centers.
Food safety plans can now be HACCP-based or based on preventative controls rather than their previous base which was tied to the Codex Principles.
This was amended to be compliant with a GFSI update which allowed some flexibility for US distribution centers to follow regulations.
Finally, a new requirement has been added (12.6.2.5) which requires procedures to be in place to identify the methods and responsibilities used to ensure that processes applied to materials prior to distribution (e.g., thawing, slacking, labeling) do not pose a risk to product safety or loss of traceability.
What does all this mean and how can I prepare?
Although the changes are numerous and may seem daunting, it is important to keep in mind that they are not radical and do not require a complete rethink in terms of how a business should approach the code.
Most of the changes made are actually to the benefit of the business and should help those already currently in compliance to reduce their burden of obligation and eliminate inefficiencies in their processes.
If you are already compliant with other GFSI standards as well, the inconvenience of any of this should be even less.
That said, complying with any change in the code can often be onerous and time-consuming in terms of the resources that are already being dedicated to the standard or can be spared to adjust for the change.
As such, it is always best to ensure you are as familiar with the code in advance of the changes as far out as possible and so that you can start taking the appropriate and effective action.
Of course, for existing users of our platform, SQF Code Edition 9 will be updated into the platform in due course ahead of the compliance date and the migration should be a relatively seamless switch for most.
If you would like more information about how Safefood 360° helps food businesses globally meet their compliance requirements with not just SQF but also other GFSI standards, global and retailer technical standards, please just leave a comment below or click the demo request button to start a conversation on how we can assist you with your own requirements.
Disclaimer: This blog is not legal advice and should be considered educational in nature. You may implement this advice at your own risk.
https://safefood360.com/wp-content/uploads/2020/11/SQF-Edition-9-Understanding-Changes.png6681334/wp-content/uploads/2015/04/sf360-logo.png2020-11-20 18:19:432022-11-01 12:15:25SQF Edition 9: Understanding the changes and what to expect
Initially formed to help the UK food industry meet legislative requirements of the European Union General Product Safety Directive and the UK Food Safety Act, the BRCGS has since made significant progress in harmonizing food safety standards across the supply chain overall.
As a GFSI certification scheme, part of this progress can be attributed to the requirement to regularly revise and update program specifications and publish a fresh code on a frequent basis.
The latest in this series of revisions, the eagerly anticipated Issue 8, was released in August, 2018, and first audits were conducted from 1st February 2019.
For food companies, the biggest challenge when a standard is updated is recognizing, understanding, and becoming familiar with the latest changes and what steps need to be taken to ensure you remain in alignment.
What is new under Food Issue 8
Issue 8 has seen a change moving from 7 sections to 9, with Production Risk Zones and Traded Goods joining the already defined Senior Management Commitment, HACCP, Food Safety, and QMS, Site Standards, Product Control, Process Control, and Personnel.
Collectively, there has been a pronounced focus on improving the food safety culture within the organization, which is most reflected in changes to environmental monitoring, supplier approval and monitoring, and new requirements for food defense.
With so many amendments since the previous version, it is important to give enough time to prepare fully for your next recertification audit, or indeed, your first certification attempt.
Individuals and sites may also consider BRC Conversion Training to familiarize themselves with these fresh demands. However, if time and resources are constrained, what follows below is a brief step-by-step process of what you might expect during an on-site BRC audit.
Opening Meeting
What have first audits and dates in common?
They could be both stressful and uncomfortable, however, how you set the tone at the start can affect whether you have a pleasant time or are in for a night (or several days as in the case of an audit) of discomfort.
Audits are an impartial examination of the documents, processes and procedures and systems of your business complies with the standard you are implementing, and even best practices, laws and policies.
Essentially, a successful BRC audit will demonstrate commitment to the BRC standard and show that you are doing what you say you are while also giving confidence to your customers that you are a supplier that can be trusted.
A BRCGS audit will begin with an opening session of adequate length which will:
Confirm the scope of the audit
Confirm the audit agenda including manufacturing schedule, break and meal agreements
Explain the audit assessment method
Explain staff roles (both on-site staff and those attending the audit (e.g., Auditor(s) and any witness evaluators)
The Opening Meeting is where the auditor and your team discuss the agenda and process of the audit along with introducing the key staff members who will be involved in the audit.
Site Auditing
Production processes constitute a substantial percentage of the audit.
Typically, within a manufacturing field, 50 percent of the audit will concentrate on Good Manufacturing Practices, and auditors will record the time spent on incorporation in the audit report.
These focus on productions include manufacturing, storage, dispatch, engineering, laboratory equipment on-site, and external regions such as site safety.
The audit should not focus on reading through various papers or records in an office, but on auditing processes in the manufacturing fields.
For example, receiving goods could be audited by reading a copy of the policy, but it is preferable to ask a staff member in the area about the process and how the activities are completed and look for additional evidence during the audit (e.g., physically in the receiving and storage areas).
This means that during the site audit the auditor will do a walk around the whole facility including the outside of the premises.
They will be looking for you to showcase your compliance, though they may raise any discrepancies between your documentation and actions as a non-conformance, it is important to understand that from the auditor’s perspective they want you to pass if you are demonstrating commitment to the system and have adequately prepared.
At this stage, it’s good practice to have a process owner or senior manager available to escort the auditor and make them comfortable.
The audit is a co-operative process, so having a high domain expert involved will allow you to provide support to the auditor and assist their perception of how you handle things.
The review of procedures, policies and records is completed relevant to the section of the standard being assessed.
While the document review and site audit go hand in hand, it’s important to consider that although the document review can happen as part of the desk audit, equally, it can take place in real-time on the production floor as auditors review documentation being completed as production is happening.
For example, HACCP process flow diagrams should match the real activity observed, as the CCPs and critical limits mentioned in the HACCP documentation are compared with manufacturing documents and processes, and identifying glass or difficult plastic products can be checked in the register of glass.
Moreover, the auditor will then know which training items should have been completed and the records are relevant to the members of the active staff.
Getting ahead of the audit in advance and making sure all registers and specifications are completed and available to check on the day is always good practice.
Although this may seem daunting and considerable work, the more you understand and know the products and capabilities in your business, the better prepared you will be for liaising with the auditor on the day.
Product Changeovers
You can expect that the Auditors will want to watch a product changeover happening on a running production line.
They will want to check the clean down procedure between the changeover and if staff are conducting this according to the procedure.
Witnessing this is performed effectively should demonstrate that employees have been trained correctly to carry out the changeover to eliminate potential allergens or speciation contamination between runs, providing a guarantee of sorts to the level of quality control.
They will also be keeping an eye to make sure staff (when applicable) are changing PPE during the changeover.
If any member of staff does not follow the procedure, they may observe QA/Team Leader who is supervising the changeover to check if they will notice this and fix any issue or anything that has not been done correctly.
If the auditor finds that the procedure has not been followed correctly, they may raise a Non-Conformance.
The audit plan shall include at least one item change and it is good practice to address this at the opening meeting to determine when the changes will occur.
Interviewing Senior Managers & Staff
This step can follow on from the site audit and document review.
During this period the auditor can also ask staff questions on their role, talk to them about their day to day activities and may also ask them to demonstrate an activity, e.g., carry out a metal detection check according to the way they have been trained, in order to determine if it will match what the procedure says.
When this is requested the auditor will observe the skills of the staff in order to understand the effectiveness of internal training.
An important takeaway for any audit is to remember that is not the auditor’s responsibility to ask the right questions to reveal whether a business complies or not, but rather it is the organization’s duty to prove to the auditor that it is adherent to the standard.
Interviewing the team members provides an understanding into the culture of the business and effectively navigating this step will reinforce the existence of well-informed, well-trained employees who are aware of what the standard requires of them and a commitment to its implementation and overall product safety.
Line Start Up
Similar to the product change over, an auditor may want to witness the start up phase of a production line or area.
They may want to observe activities done before start-up and check this out against the procedure to make sure it is being followed.
This will provide the auditor an opportunity to review line start up inspection, acceptance criteria and reflect the employee’s understanding of the control points and requirements.
Equipment Hygiene
The auditor will review hygiene Standard Operating Procedures and inspect some pieces of equipment. The auditor may want to witness the wash area to see what way equipment is being cleaned throughout the production run and he/she may also want to witness any equipment has been previously cleaned and inspect this.
In some cases, they may ask for equipment to be dismantled so they have a more detailed inspection.
They may want to review where the hygiene checks have been recorded and may then also then ask for swab results or ATP results of a particular piece of equipment.
At this stage, there is no substitute for hard work.
Take your time and perform your processes to the same rigors and extent that you typically would and be vigilant in its application.
Traceability and Vertical Audit
The auditor will pick a product produced on a certain day and a traceability assessment will need to be conducted, so be prepared to perform this in advance.
This means demonstrating a full understanding of the amount of units produced and their onward journey in the supply chain following production, i.e., where were they shipped too, then break it down and trace each raw material as per the batch number back to the supplier.
You also need to gather the specs for each ingredient and all production records used, essentially meaning an inclusive mastering of all processes from Intake to Dispatch.
If you are utilizing a system like Safefood 360° which brings all your food safety management systems programs and procedures together into one unified version of the truth, this is a much easier take to accomplish than if you were conducting this with a traditional paper-based, or shared drive system, or having multiple fragmented systems that do not talk to each other.
If you are beholden to the more cumbersome approaches, ensuring you are ready for this stage can arguably be the biggest requirement of any audit.
Failing to have your documentation at the ready for the auditor may be a sign that you are not committed to the system and do not have mastery over it.
Complying to the above will take time, resources, and come at a financial cost to the company to ensure you are ready, but ultimately preparing your documentation and ensuring it is in alignment at this stage should always best the cost of a re-certification and having the auditor back to review.
Mass Balance
A quantity check or mass balance can also be defined as reconciliation.
The mass balance is the quantity of incoming raw material against the quantity used in the resulting finished products, taking process waste and rework into account.
The Standard states that to account for the materials used, a volume check or mass balance should be performed in any traceability test.
Usually an auditor will select an ingredient from the traceability exercise and ask for the batch of that ingredient to be traced back to supplier and also where has that batch number been used in production, e.g., you might have a batch of Eggs and you need to trace that batch to all finished products it has been used in and account for it all, even if there is some of that batch left you need to basically state it has not been used and is in “Fridge store 1”, etc.
One final point to note is that if you are familiar with Issue 7, another change that has been made is the removal of the word ‘full’ from the traceability recovery.
You are required to perform this across the range of products each year, and in instances where the products manufactured in the site are the same or similar, a minimum of one test should be completed each year.
Lastly, if a site makes a specific product claim, traceability tests should be performed at a regular frequency that meets specific relevant scheme requirements.
Label Review
Incorrect labels being used can be a significant cause of product withdrawal and recall in several areas of the globe.
At this penultimate stage, the auditor will select a product (more than likely the one chosen for the traceability exercise) and they will then compare the label to the specification to make sure everything is compliant to the legislation (FIR), e.g., nutritional and ingredient information, as well as the allergen declaration.
At this stage, if you have demonstrated a mastery of all other elements of the audit, this should hopefully be a relatively straightforward request and hopefully not provide too much in the way of hurdles.
Closing Meeting
Finally, the team that participated in the opening session will be invited back to the closing session to complete the audit.
The auditor will briefly address their results, including favorable remarks, but also any Non-Conformance’s that have been identified.
In most cases, the results / grades will be provided, however, the Corrective Actions for the NC’s will have to be submitted and the overall report submitted to BRC before the official certificate with the grade is provided.
Hopefully, provided that all has gone well and following proper understanding of what is required at each stage and adequate preparation, this will lead to a positive affirmation that your business has met the requirements of the standard and you can confidentially put your best foot forward.
A final caveat to always consider however is that even when successful, a good audit dose not mean that you are infallible and your system will require continuous vigilance and improvement to ensure you are always offering the optimum quality and assurance to your customers.
Understand this and it should make all other audits going forward a more pleasant, and less daunting prospect.
https://safefood360.com/wp-content/uploads/2019/10/BRC-blog-graphic.jpg6671333/wp-content/uploads/2015/04/sf360-logo.png2019-10-17 14:58:032022-11-01 12:14:06BRC Auditing – What to expect under Food Issue 8
As of today, food businesses manufacturing in or exporting to Canada need to be compliant with the new Safe Food For Canadians Act (SFCA) and the Safe Food For Canadians Regulations (SFCR). These new additions to the Canadian food landscape replace 14 sets of regulations which had previously been the standard for compliance.
What are the Safe Food for Canadians Act and Safe Food for Canadians Regulations
Similar to the enforcement of the FSMA regulations in the United States, the increasing complexities of modern food production and supply chains have necessitated this demand which will see the government of Canada’s food safety focus shifting even further towards the prevention of foodborne illness.
Its effect on government sees the consolidation of the Fish Inspection Act, the Canada Agricultural Products Act, the Meat Inspection Act, and the food provisions of the Consumer Packaging and Labelling Act.
What this means for Canadian consumers, in summary, is that:
Food is as safe as possible for Canadian consumers
Consumer protection is enhanced by targeting unsafe practices
Tougher penalties will be enforced by activities that put health and safety at risk
Enhanced control over imports are now granted
Establishment of a more consistent inspection regime across all food commodities
Strengthening of food traceability
How does Safefood 360° comply with the SFCA and SFCR?
As the SFCA and SFCR bring Canada closer in line with other regulations such as FSMA in terms of its reach and enforcement, we are pleased to announce that Safefood 360° is compatible with the new changes out-of-the box.
This means that users operating Safefood 360° at their facilities can operate securely in the knowledge that their goods are compliant with the changes in Canadian law.
Safefood 360° is committed to ensuring our users are compliant with all major retailer and technical standards globally.
Please let us know your feedback and thoughts, and should you require any further assistance with complying with these changes, our support team is available through the software to assist you.
https://safefood360.com/wp-content/uploads/2019/01/Safe-Food-for-Canadians-Act-Safefood-360.jpg6671333/wp-content/uploads/2015/04/sf360-logo.png2019-01-15 21:27:492022-11-01 12:11:48How Safefood 360° helps with the changing Canadian Food Safety regulations
We are pleased to announce that the BRC Issue 8 standard has now been included into the Safefood 360° platform.
Audits from this version will commence starting in February 2019, however, customers seeking to comply with the recently released standard can benefit from its inclusion starting today.
First published in 1998, the new version is the eight iteration, and the first Food Safety Standard published from the BRC since 2015.
Originally intended for use amongst UK retailers, the BRC Food Technical Standard has evolved to be at the forefront of GFSI Standards worldwide.
The key focus areas of attention for this issue are on:
Encouraging development of product safety culture
Expanding the requirements for environmental monitoring to reflect the increasing importance of this technique
Encouraging sites to further develop systems for security and food defence
Adding clarity to the requirements for high-risk, high-case and ambient high-care production risk zones
Providing greater clarity for sites manufacturing pet food
Ensuring global applicability and benchmarking to the Global Food Safety Initiative (GFSI).
If you require assistance applying the standard to your site, please contact support through the query tool or by email ([email protected]).
If you would like to see how Safefood 360° can assist you with your BRC and other global technical and retailer standards compliance, request a demo today.
https://safefood360.com/wp-content/uploads/2018/09/BRC-blog-image.jpg6671333/wp-content/uploads/2015/04/sf360-logo.png2018-09-17 16:29:562023-06-15 13:39:22BRC Issue 8 now available
In the 90’s, the food industry was rocked by one food safety crisis after another, such as BSE, Dioxin, and Listeria. Consumer confidence was effectively in the tank, and food companies were becoming desperate for help.
The world’s leading food safety experts from manufacturing, retail, and food service, as well as service providers from within the food supply chain, engaged in a collaborative effort to improve food safety, and the Global Food Safety Initiative (GFSI) was launched in May of 2000.
At the time, I happened to be working for a large food manufacturer, and I recall hearing GFSI certification being mentioned in a few circles, but it wasn’t causing any concern or raising too many eyebrows.
GFSI wasn’t causing any concern or raising too many eyebrows. That is, until the notification had a Wal-Mart letterhead at the top of the page.
That is, until the notification had a Wal-Mart letterhead at the top of the page and required certification by a specific date.
A collective gulp echoed throughout the country’s major food manufacturers as the reality of becoming certified to a GFSI standard started to set in.
A collective gulp echoed throughout the country’s major food manufacturers as the reality of becoming certified to a GFSI standard started to set in.
The eyes of plant managers and controllers across the country began to glaze over as they started calculating the cost of compliance, because GFSI was not only a new hoop to jump through, it was bigger and higher than all the others and would be more difficult.
What is the GFSI
You might have heard it asked, or even asked the question yourself, “What is GFSI?”
The vision and mission of the GFSI is to provide safe food for consumers by continuously improving food safety management systems, as well as to restore and ensure confidence in the delivery of safe food worldwide.
The GFSI is not a tangible entity which bestows certification upon a deserving food manufacturing facility. It is appropriate to think of it as the resulting set of food safety standards from the think-tank which comprises the organization.
The GFSI has reviewed, assessed, and accredited several schemes which meet the GFSI criteria. Within food manufacturing, the main accredited schemes are the BRC Global Standards, SQF, FSSC2200, and IFS.
These accredited schemes provide 3rd-party audits to food manufacturers and issue certifications to those who pass the certification audit.
Prior to the GFSI, there were several food safety standards, along with 3rd-party auditing companies, but the objectives seemed to be as diverse as the standards themselves.
One could peel back another layer of the 3rd-party auditors and find that individual auditors, working for the same company, might interpret the standards in different ways.
Prior to the GFSI… individual auditors, working for the same company, might interpret the standards in different ways.
Sometimes, to prepare for the audit, you had to know which auditor was going to be present.
The GFSI emerged from the “Mad Cow” rubble with the hope that one audit would replace the other dozens or more a facility might be subjected to during a given year.
Although there has been a reduction in the number of standards and certifications which might be required, most companies I have spoken with over the past few years haven’t necessarily seen the reduction in audits they were hoping for.
However, the GFSI certifications have certainly become somewhat of a gold standard for companies.
GFSI certifications have certainly become somewhat of a gold standard for companies.
New kid on the block: FSMA
Less than a decade after the GFSI hit the shores of the United States, the FDA released the final rules to FSMA. If the GFSI hoop was bigger and higher than all the others, FSMA lit the hoop on fire.
If the GFSI hoop was bigger and higher than all the others, FSMA lit the hoop on fire.
When the GFSI came onto the scene, if your programs were squared with the current legislation, then the chances were good that you would only need to make some improvements to your systems to comply with GFSI requirements.
Today, if your systems were compliant with the GFSI standards, then the chances are good that you only need to make a few improvements to become compliant with FSMA.
Both the GFSI and FSMA focus on systems that recognize and prevent food safety risks and issues before they happen as opposed to simply reacting to them once they occur.
Both the GFSI and FSMA focus on systems that recognize and prevent risk and issues before they happen as opposed to reacting to them.
The scope of the GFSI certification schemes takes a holistic look at a company’s entire supply chain from ingredient receipt to final product shipment.
If a company took this approach, and could meet the GFSI requirements, they would be prepared to handle the increased demands of FSMA, which will broaden the focus of supplier compliance to include not only domestic, but foreign suppliers as well.
With the release of FSMA, the FDA now requires that companies have a Qualified Individual (QI), who has received formal training or is otherwise qualified through job experience.
The final rule for the current Good Manufacturing Practices (cGMP), and requirements for Hazard Analysis and Risk-Based Preventive Controls (HARPC) for Human Food was issued in September 2015 with some significant changes.
The definition for Qualified Individuals has a much broader implication in that it affects all personnel, including operators, supervisors, and Preventive Control Qualified Individuals (PCQI), who must attend FDA-recognized training currently provided by the Food Safety Preventive Control Alliance (FSPCA) or be otherwise qualified through job experience to develop and apply a food safety system.
So, what might FSMA mean for the GFSI in the future?
When the GFSI concept was originally sold to North American concepts back in the second half of the last decade, a GFSI certification was supposed to replace the dozens (and in some cases, even more!) audits that food manufacturers are subjected to.
This quickly proved to not always be the case, as many customers and regulatory bodies still insist that food companies pass their audit, which in many cases might include the requirement of GFSI certification.
That logic could arguably be considered circular, but the fact remains, it is a hoop that must be jumped through!
In February, I attended the GFSI conference in Houston and learned that regulators are starting to accept GFSI certifications as supplemental risk assessments as they are so intensive and full of checks and balances that they ultimately steer a company into a high level of food safety management.
Given the climate of the current political administration, this could prove to become an even more common practice should President Trump fulfill his campaign promise to reduce the size of the FDA.
Many companies found that meeting the GFSI standards was a quantum leap in terms of system and facility preparation.
Those companies, who have already taken the necessary steps to become GFSI certified, will find that they are well on their way to completing the things necessary to get ready for FSMA.
Companies who have taken the necessary steps to become GFSI certified will find they are well on their way to getting ready for FSMA.
I have the pleasure of regularly speaking with 100’s of food safety professionals around the country and many of them are welcoming the changes that accompany both the GFSI and FSMA.
There is a shared popular opinion that the elements of both have positively affected the overall food safety management practices and sharpened the focus of food company leadership teams.
In simpler terms, the GFSI and FSMA have improved businesses everywhere.
I recently spoke with Lynn Buck, SQF Practitioner at Mother Murphy’s and the winner of the 2016 SQF Practitioner of the Year award. She told me, “There are those that say [increased] regulations will ‘regulate us out of business,’ but GFSI and FSMA have shown just the opposite. Operations improvements result in more customers!”
The GFSI and FSMA make bigger, tougher food safety programs and these juggernauts are here to stay.
The GFSI and FSMA make bigger, tougher, food safety programs and these juggernauts are here to stay.
If we learn from history, we can be sure that the next hoop is going to be even bigger and tougher.My advice to companies has been and still is, if you’re not going to improve your food safety program to comply with GFSI (and now FSMA), you may want to develop a good exit strategy.
My advice to companies has been and still is, if you’re not going to improve your food safety program to comply with GFSI (and now FSMA), you may want to develop a good exit strategy.
https://safefood360.com/wp-content/uploads/2017/06/The-potential-impacts-of-FSMA-on-the-GFSI.png6501310/wp-content/uploads/2015/04/sf360-logo.png2017-06-08 15:37:302022-11-01 12:13:46The potential impacts of FSMA on the GFSI Scheme
