Lessons from the Pandemic: How BRCGS audits adapted
The COVID-19 pandemic has disrupted our lives and changed so much.
It created new challenges, which were immediate, rapid, unknown and constantly changing.
The level of disruption was unprecedented, as was the response of the remote audit, with platforms such as Safefood 360° being used at an increased scale.
That is because the importance of food safety to manufacturing sites did not change.
Food safety is a number one concern for customers, specifiers, brand owners, and most importantly, for consumers.
Why the remote audit grew in importance
It’s important for us to analyse how the pandemic affected food safety and the lessons learned.
In this three-part series, I am going to outline what BRCGS has observed over the last 12 months of the pandemic and how businesses adapted to ensure they maintained food safety standards, plus their certification.
Whilst there are many lessons to be learnt, I will focus on three main areas across an equal number of articles:
- How BRCGS adapted auditing to ensure all sites had options to maintain their certification, including the remote audit
- Best practice tips for sites on how to successfully implement a remote audit
- The use of ICT and digital platforms to help make the audit process feasible for both sites and auditors
Adapting audits to maintain certification
BRCGS quickly realised that the pandemic was going to seriously effect audits and the obvious risk to consumers was top of mind.
To mitigate this risk, BRCGS quickly adapted its approach for audits to ensure all sites had options to maintain their certification.
As a result, we launched a suite of audit options taking into account the following:
- GFSI position and their requirements
- Brand and Retailer feedback
- Changing and evolving local restrictions
- Delivery Partner and Auditor availability
- Maturity and history of site certification
Suspension of unannounced audits
A lesson we learned early in the pandemic was that unannounced audits created additional challenges for sites, certification bodies and auditors.
Therefore, BRCGS took the decision to temporarily suspend the unannounced audit programme until at least 31st December, 2021.
Where this is the case, the Certification Body will contact the site to arrange an announced or blended audit.
We will keep this temporary suspension under review and hope to restart unannounced audits as soon as possible.
And once we do relaunch unannounced audits, the industry will be given at least 3 months’ notice.
In addition to this, if a site really needs an unannounced audit, then these can be carried out by exception.
For example, if a customer requirement insists on it or it is as part of a combined audit with another standard, the unannounced audit can go ahead.
Blended Audits for increasing flexibility
The Blended Audit can occur where an onsite visit is possible but applicable only for existing sites.
The audit takes place in two parts:
- Part 1: remote online assessment of some or all of the documentation
- Part 2: shorter on-site audit
The main benefit of a blended audit is that it provides the opportunity for a rigorous audit but with a reduction in time spent on site by the auditor.
This has worked well where travel restrictions allowed auditors to visit a region or a country for a few days without having to quarantine.
a blended audit provides the opportunity for a rigorous audit but with a reduction in time spent on site by the auditor
So, if an audit takes 5 days but restrictions allowed an auditor to visit a country for a maximum of 2 days without having to quarantine, that’s where the blended audit option worked well.
The auditor would perform a 3-day remote assessment followed by 2 days on-site.
Due to the introduction of these audits and their impact on sites, auditors and Certification Bodies, they are likely to remain an element of the option for announced audits.
Certificate Extension
Where it is not possible to carry out an onsite audit of an existing certificated site, then this option allowed the certificate to be extended for up to 6 months.
Granting of the extension is based upon a risk assessment and a review between the site and the Certification Body of the controls in place at the site.
Certificate extensions are applicable for existing sites only.
Fully Remote Audit
The remote audit option is not GFSI Benchmarked.
It is available for sites when the certificate extension has expired, and it is still not possible for an audit to take place onsite due to COVID-19 restrictions – or where a site does not need a GFSI recognised certificate.
The remote audit includes a review of internal audit results, a documentation review and video audit of production and storage facilities.
The COVID -19 Additional Module
BRCGS have also published a separate assessment standard which may be used at any time to provide assurance around the management of COVID-19 risks.
It’s done like a remote audit and focuses on areas of the food safety system which are potentially at greater risk as a result of the changes enforced to address COVID-19, for example, changes to supply chains.
Getting the most out of the remote audit – the BRCGS 9 point check list
BRCGS offered plenty of options to allow sites and Certification Bodies to work together and ensure food safety assurances were still in place during the pandemic.
However, in order for those options to be successful – especially the remote audit and blended audit options – sites had to adapt their approach to the audit.
Therefore, we offered a 9-point checklist for sites, Certification Bodies and auditors to help them with or to conduct the most efficient and successful remote audit experience.
Step 1: Process
Engage you staff in the planning of the remote audit, have training and practice in advance. Ensure designated personnel are available throughout the audit, including leadership.
Step 2: Access Support Information
Make sure best practice information is reviewed for the remote audit from your Certification Bodies, Information Security Officer and International Standards Organisation – there is lots of good information available on ICT and virtual activities and sites are advised to make use of this information, and ensure that relevant staff are therefore prepared.
Step 3 – Planning
This step is absolutely essential – identify the role of audit assistants to support the smooth running of the remote audit.
Who will hold the camera? Who will do the evidence gathering.
Don’t forget to plan in time for screen breaks and natural breaks for both the auditor and the site operators.
We have found the remote audit to be very different and more intense in some ways.
Step 4 – IT Considerations
Test and map out your Wi-Fi signal, have an IT person available throughout, plan in advance how to share documents, and set up a separate remote audit room if possible.
Step 5 – Preparation
Perform a mock test of the equipment, with internal and external people.
Identify weak Wi-Fi signals and test that the lighting on site is good enough for the auditor to be able to see clearly from their remote screen.
It may also be a good idea to send them a map of the site.
Step 6 – Planning
Plan the visit with the auditor in advance of the audit day.
Identify what documents need to be ready or can be sent in advance.
Step 7 – Process and Procedures
It is extremely important to ensure your site security policies and that of the auditor and Certification Body allow for information to be shared or accessed remotely.
This issue came up several times in the feedback from auditors.
Steps 8 & 9 – Outcomes and Learning
Ensure that the outcome of the remote audit is followed through.
Take the learnings from the audit experience and use them next time.
Part two: how to implement a remote audit
The theory and planning is an important part to implementing a remote audit.
It helped us successfully launch and manage sites through remote audits during the pandemic.
However, there is nothing like experience and we are certainly learning a great deal about how to perform a remote audit and the things sites need to consider beforehand.
I will cover this in part two, Remote Auditing Techniques for Sites.
This article was written by Angela O’Donovan, Head of Standards Certification Programmes and is part of a series of guest blogs provided by the BRCGS. For more information on the BRCGS, please visit: https://www.brcgs.com/.