[AIB Plant Oversight] A Full Menu of Audit Schemes

The expansion of the global marketplace and the ingredients and finished products that are outsourced around the world, have led to an explosion in audit types and customer requirements. But what exactly are customers requesting when they ask for BRC or ISO22000 audits for your facility? Food facility audits typically fall into one of the following categories: GMP/food safety, certification, general program/food safety overview, customer specific, ISO based and program specific. 

GMP/Food Safety Inspections. GMP and food safety inspections typically are based on standards developed from regulatory requirements and other sources such as the Codex Alimentarius. These inspections specifically assess the condition of the facility and relate this to the critical programs that directly impact food safety. They are inspection focused. Program review must not only indicate that documentation is available and current, but also that conditions in the facility are reflective of what is observed in the plant.

These inspections focus on program execution and documentation as it relates to the food safety requirements of the facility, including the prerequisite programs that support Hazard Analysis Critical Control Point (HACCP). Program requirements may include, but are not limited to:

• Organizational charts
• Registration under bioterrorism regulations
• Food defense programs
• A current quality manual that includes a quality mission statement, work instructions and procedures, job descriptions, and policies outlining the company’s commitment to produce safe and legal products
• Self-inspection programs and records
• Budgeting for food safety related programs and equipment
• Master Cleaning Schedules (MCS) that are current and complete
• Cleaning SOPs
• Allergen identification and control programs
• Incoming and outbound inspection criteria and records that are specific to the type of product being received
• Raw material, work-in-progress, and finished product specs
• COAs and letters of guarantee
• HACCP programs
• Food safety training programs and records
• Customer complaint programs
• Recall and traceability programs
• Regulatory inspector and visitor guidelines
• Processing records (as applicable)
• Supplier approval and evaluation
• Glass and brittle plastic policies
• Preventive Maintenance (PM) Program
• Calibration records
• Microbiological testing programs and records (as applicable)
• Approval documentation for food-contact chemicals
• A formalized pest control program that includes appropriate documentation of pesticide usage, maps and inspection records of pest control devices

These inspection-focused evaluations provide a snapshot of the plant on the days that the inspection is completed. Programs and records then are reviewed in relation to the findings to determine a root-cause analysis of identified issues. For example, if an insect infestation is noted in ceiling structures over the product zone, the inspector would investigate to determine the cause. She might ask the following questions: Are ceiling structures on the Master Cleaning Schedule? Has an appropriate cleaning frequency been assigned to break the insect life cycle? Does the sanitation crew meet the assigned frequencies? Are the written procedures provided and adequate? Are they being followed? Once the source of the issue is identified, the inspector can help the plant correct the issue and take action to prevent it from reoccurring.

Certification Audits. Certification audits are compliance audits that are performed by audit bodies that are accredited to either EN45011/ISO guide 65 (for product certification audits) or EN45012/ISO guide 62 (for program certification audits). Accreditation, as it relates these programs, is a third-party verification to convey formal demonstration of the participating company’s competence to carry out specific conformity assessment tasks. Accreditation bodies that accredit audit bodies include, but are not limited to, UKAS in the United Kingdom and ANSI in the United States.

Certification, as it relates to these audit schemes, is a third-party verification related to products, processes, systems or persons. The audit body certifies systems and processes of food manufacturing facilities against the audit criteria. Certification audits are European-driven and most have been benchmarked against the Global Food Safety Initiative (GFSI). The GFSI was established by CIES-The Food Business Forum in June 2000. GFSI is a retailer-driven initiative that was established to address key food safety issues and challenges within food business. Its purpose is to create a simple set of rules to promote harmony among countries and cost efficiency for suppliers. The audit criteria have been developed to ensure that due diligence requirements are being met in regard to food safety. These audits focus heavily on programs and documentation, and place less emphasis on the physical inspection of the facility.

Examples of certification audits include audits conducted against the BRC (British Retail Consortium), Global Standard-Food, IFS (International Food Standard), SQF (Safe Quality Food) and Dutch HACCP.

General Program/Food Safety Overview Audits. General program and food safety overview audits provide a summary of food safety, quality systems and regulatory compliance programs coupled with an audit of conditions observed in the facility. These audits differ from GMP/food safety inspections because they require the auditor to look at the site-defined program and conduct an evaluation to identify whether the site is following their programs as defined. For example, if the auditor was conducting the audit on behalf of a customer then she would select the product specification for the customer and evaluate the documentation associated with it to ensure that the plant was in compliance. If the documentation review indicated that the plant is not in compliance with the product specification, documentation of corrective action or appropriate product holds, as defined by the program, would be evaluated.

Additional criteria that may be evaluated could include:

• Quality systems programs
• Document control
• Continuous improvement
• Corrective and preventive actions
• Labeling approval
• Good Laboratory Practices
• Packaging and material control

Evaluation also could include demonstrations or interviews with personnel on the floor to assess their understanding of these programs.

Customer-Specific Audits. Some companies are audited on food safety and quality criteria that their customers have defined as necessary in order to do business with them. Customer-specific audits evaluate food safety and quality attributes and programs as required by the company for which the product or ingredient is manufactured. The audit requirements may change based on food safety issues identified with a specific product or process, elimination of customer complaints, or in order to address quality or food safety program elements as determined by the customer. Some customer-specific audits may evaluate:

• If the test pieces used to challenge the metal detector when the customer’s product is being run are the correct size defined by the customer
• If the site has the most current product specification for the customer’s product
• If the customer’s product specifications are being met

Customer-specific audits generally are proprietary and are only shared between the customer and supplier.

ISO-Based Audits. ISO22000 is a food safety management system that incorporates HACCP. Audit bodies that are accredited to ISO Guide 62 can perform these audits. The ISO22000 audit is a program-based system that conforms to ISO principles and guidelines for program evaluation as based on HACCP.

ISO22000 harmonizes the requirements for systematically managing safety in food supply chains and offers a unique solution for evaluation of good practice on a worldwide basis. In addition, food safety management systems that conform to ISO22000 answer the growing demand in the food sector for certification of suppliers. The standard can be implemented without certification of conformity, solely for the benefits that it provides.

ISO22000 is another type of certification audit that is slowly gaining acceptance in Europe and is becoming widely accepted in Japan. It is not benchmarked against the GFSI criteria at this time.

Program-Specific Audits. Program-specific audits are intense audits of specific programs. Audit criteria are defined and the program is evaluated based on the defined criteria. Examples of these programs include HACCP program evaluation, allergen evaluation, quality systems evaluation and food defense inspections. The scope of these audits is limited to the specified program and would not include evaluations outside of the scope of the elements of the program being assessed.

The author is director of product development, AIB International.